The Business Assurance Professionals Page 1 Business assurance the mature phase in compliance Presentation: dr. Tim Willems Date: February 28, 2006.

The Business Assurance Professionals Page 1

Business assurance

the mature phasein

compliance

Presentation: dr. Tim WillemsDate: February 28, 2006


Who is Ba-PRO?

Ba-PRO is a Business Assurance Software provider. Headquartered in the Netherlands, development team in Romenia. Founded by dr. Tim Willems, also founder (1995) of BWise, international leading Sarbanes Oxley compliance software provider.

Business Assurance gives company management confidence by continuously

matching relevant business controls against business back office data. Automated detective & preventive controls

Ba-PRO develops dedicated Business Assurance solutions• Fraud management• Sarbanes Oxley compliance• Credit- and Risk management• …

New or existing control documentation in the control framework documents(e.g. Axentis, SAP-MIC, Word, Excell, BWise, Paisley)

Existing real time business data Information available in back office apps (e.g. SAP, Oracle, Baan, Navision, Peoplesoft, propriatary)

Ba-PRORelates documented controls to real time business data •Alert control violations•KPI cockpit•XBRL based reports

Alerts and KPI’s


Alerts

• Home page– KPI’s – Statistics– Alerts– Framework


• Control framework– Subsidaries

– Departments

– Processes

– Accounts

– Risks

– Control objectives

– Controls

– Coso

– . . .

Find relevant control info


XBRL / IFRS / GAAP

• Standards/ XBRL– US Gaap – IFRS– Accounting manual


Find the right employee

• Who?– Responsible – Accountable– Consulted– Informed


Solutions: Fraud management

Advantages:

•Fraud is a very hot topic and difficult to prevent / proove that it didn’t happen•Big 4 have admitted difficulties in fraud management•Running Ba-PRO fraud management creates awareness thus reduces risk•No complete competitive solution available•Fraud management consulting partner available (4itrust)•Predefined fraud controls (documented in the control framework)

– smurfing– over value– SOD– vendor relations– private relations– . . .

•Immediate fraud alerts (sometimes even preventive)•Cut back on related cost

– prevention– fraud loss– remediation– good will / shareholder value (> 100.000 at a snap)


Solutions: Credit management

Advantages:

•Traditional credit management – only focusses on the vendor side– only monitoring of outstanding invoices– only reactive

•Ba-PRO – includes / facilitates customer– full workflow between vendor and clients– dispute resolution– monitoring of outstanding invoices– vendor and client application (hosted)– includes business assurance rules on invoicing and payment process = proactive– ease of integration (SAP agents available)

•Runs on SAP, Oracle and Navision•Improved customer relationship•Cost reduction per invoice•Cost reduction cash managent•Web-enabled (vendor and customer)


Solutions: Compliance

Advantages:

•Traditional SOX / compliance management – focus on documentation (control framework)– control testing by control self assessment– continuous testing SOD focus

•Ba-PRO – documentation (in Ba-PRO or integrated with third party like SAP-MIC)– XBRL included (ifrs, us-gaap . . .)– continuous testing full compliance = automated and preventive– other templates integrated (Cobit, Coso, FDA, Fraud . . .)– process and data centric– KPI dashboarding (process efficiency)– Agent technology for data integration– flexible (create your own compliance app)– available for all process owners (integrated)

•Cost reduction in compliance•Automated detective and preventive controls•Full Business Assurance (does not stop at SOD or SOX) = Multiple perspective and different portfolioviews


Business assurance

ComplianceSomeMoreDetail


Current business issues

Supervisory board: Avoid risks and fraud

Board: Autonomous growth and Acquisitions (integration)

CFO: Finance ongoing operations and growth

Management: Grow revenues and profit, cut back cost

Management: Integrate (regional) business units/companies

Management: Control the business based on real time information

Controller/CFO: Comply with multiple regulations (FDA, SOX, Basel II)


State of the “Art”

• Risk and control documentation (Sarbanes)(e.g. Axentis, SAP-MIC, Open Pages, BWise, Word, Excel)

• Financial Accounts

• Processes

• Risks

• Controls (and objectives)

• Procedures / documentation

• Control self assessments

• Manual evidence collection

• Expensive reporting structure

• Off line monitoring based on reports

• Separate systems for multiple compliance

• No business assurance


What most companies miss

Most companies today• only have a partial control framework documented (e.g. Axentis, BWise, Paisley)• don’t have real time monitoring on material events (409) • don’t have real time control testing• don’t have the segregation of duties checks• don’t have Business Assurance• don’t have Risk and Fraud detection systems

In most companies• the board has control documents available but the board lacks real time control

transparancy and steering data (no cockpit)• the CFO wants to avoid mistakes and has to assure the business to create financing

possibilities/improve banking relations• the operational management has to integrate companies quickly to support corporate

transparancy and predictibility (assurance)


But what are we looking for?

Continuous fraud detection

Real time risk management

KPI monitoring, continuous control (e.g. Sarbanes Oxley 409, real time disclosure)

Transparancy

Integrate transparent and controlled companies

Real time management cockpit

Single documentatioin platform for multiple compliance / reuse information

Platform to facilitate the growth process from detective to preventive controls


Bob, can we build this?

• 24 * 7 Risk, Fraud and SOD detection to reduce loss

• Real time control monitoring (link controls with real business data)

• Enterprise Risk management (real time risk monitoring)

• 24*7 corporate governance and disclosure (e.g. 409)

• XBRL introduction for ease of reporting & compliance

• Integrated multiple compliance control documentation frameworks (COSO, Cobit, Fraud detection, Basel II)

• Include business processes

• KPI cockpit integrated with control framework to drive control improvements

Yes: Business Assurance


Clients Return

24*7 risk, fraud and SOD control

Cut back on “remediation after the fact” cost

Offer confidence to shareholders and stakeholders

Reduce financing, auditing and reporting cost

Grow revenues and profit, cut back integration and process cost

Control the business based on real time KPI’s, management cockpit

Platform for growth to automated preventive controls

Comply with mulitple regulations (FDA, SOX, ISO, Basel II)

Maintainable transparancy, back office data integrated with control framework


Business Assurance cycle

Control Framework

•Axentis

•BWise

•SAP MIC

• . . .

• Ba-PRO

Business assurance rules

• select relevant controls

• set tresholds

• values

• reports

Back office data

• SAP

• Oracle (apps)

• Baan

• Peoplesoft

Assurance

• alerts

• KPI dashboards

• reports (XBRL based)

• email

Improve control

Automated XBRL and XML storage

Agents

Workflow automation

Back office app. improvements


Business Assurance Data-flow

Alerts & KPI’s

Improveprojects / workflow

Agents

Control framework SAP-MIC-Sarbanes Controls-Fraud detection -IFRS manual- . . .

Business Rules

Data Store Collected data from back office systems stored in

XBRL, XML, XSD

Back office appsSAPOracleNavisionBaanYour own

Ba-PRO

SAP NetweaverAlerts & KPI’s


• Control framework– Subsidaries

– Departments

– Processes

– Accounts

– Risks

– Control objectives

– Controls

– Coso

– . . .

Find relevant control info


Alerts

• Dashboards

• Alerts

• Drill down

• Web based

• Personal


Ready?

Start with available (SOX) Content•Control framework (COSO)•Accounting manual / IAS•Business Rules•Alerts and Dashboards

Integration agents available•SAP•Oracle•Navision

No license investments•Quick start implementation package•Pay per business rule


GO!Great opportunity to experience how it is feasable to balance risk and controls with business improvements

Pilot•Select Control framework (e.g. SOX, Fraud, Credit . . .)•Test Business Rules•First Control framework, risk management information, Alerts, dashboards available •Evaluate•Continue

Local consulting (Smartview)•Quick-Experienced-Efficient

No sweat•10 days•Dr. Tim Willems

Pilot now and be invited as a member of the Expert team, Amsterdam April 2006 •Amsterdam roundtable 2006 (captains of industry and government roundtable)


Stay in touch

Dr. Tim Willems

CEO of Ba-PRO

[email protected]

Phone: +31 6 54792099

Klaus Berghoffer

CEO of Smartview (Romenia)

[email protected]: +40 724550570

mailto:[email protected]

mailto:[email protected]

The Business Assurance Professionals Page 1 Business assurance the mature phase in compliance Presentation: dr. Tim Willems Date: February 28, 2006.

Documents

business assurance slide

business assurance compliance

business assurance rules

bapro fraud management

cost management

fraud management advantages

customer slide

relevant control info