Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn Steve Boyce...
-
Upload
horace-golden -
Category
Documents
-
view
213 -
download
0
Transcript of Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn Steve Boyce...
Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn
Steve Boyce VP, Alliances & Business Development
Approva CorporationNov 7, 2008
Game Plan
• The role of intelligent business controls in driving performance
• What is Controls Intelligence?
• Best practices for implementing a controls intelligence strategy
• Business benefits of controls monitoring
• Case studies & lessons learned
© 2007 Approva Corporation. All rights reserved.
Key Drivers for GRC Investments
Source: The Governance, Risk Management, and Compliance Spending Report, 2008–2009, AMR Research
• 11/18/2008
• (c) OCEG
Business Processes
A Typical Large Organization Has Hundreds or Thousands of Controls
RISKThird-Party ContractorsShould Not Have Accessto Proprietary Applications
OPERATIONALPurchasing Must Adhere to Corporate Procurement Policies
COMPLIANCEAn Employee Cannot Backdatea Journal EntryAfter the Endof a Quarter
The Cost of Poor Controls Intelligence
• Most controls are monitored manually.• Critical controls go untested.• Control breakdowns are identified long after they occur.• CFOs sign off on financials with imperfect information.
Companies today…NEC Details Major Fraud“Fake orders resulted in$4 million in kickbacks. Meanwhile, internal investigations continue.”
G.M. Says It Has Found Serious Flaws in Accounting“…performance was threatened by “ineffective” controls over financial reporting…”
GE to Adjust Accountingin Bid to End Probe“…Problems with revenue recognition have cropped up in several GE units.”
Companies Have Three Main Types of Controls
Operations & Financial ReportingTransactions, Fraud, Master Data Quality, Business Controls
Access to ApplicationsSegregation of Duties, Emergency Access, User Provisioning
Configuration of IT Systems & ProcessesChange Management, Required Fields, Tolerances and Limits
ControlsIntelligenceLifecycle
A Controls Intelligence Strategy Must Address the Entire Lifecycle of Controls
Controls Intelligence System
ReduceRisk & Fraud
Automate Compliance
Optimize Operational Controls
Approva Provides Controls Intelligence Software that enables you to:
Risk Dashboard
CaseManagement
Authoring Studios
Approva’s Risk & Controls Intelligence Platform
Approva Risk & Controls Intelligence System• Risk Analytics• Continuous
Monitoring
• Risk KPI Monitors
• Audit Repository
• Proactive Alerting
• Baselining
Approva Risk Management Solutions
Identifying & Preventing Fraud
Managing Cash Flows & Working Capital
Managing Assets & Inventory
Ensuring the Accuracy of Financial Reports
Securing & Ensuring Accuracy of Master Data
Compliant Provisioning Certifying Access Securing Sensitive Information
Ensuring Best Practice System Configuration Settings
Ensuring Best Practice Process Configuration Settings
Managing User Access & Segregation of Duties (SoD)
Risk Analytics
Risk Monitoring Certification Management
What the Analysts Say About Approva
“We rate Approva's BizRights suite as strong positive because of its breadth of capability in all categories of SOD control.”
“Approva should be on the shortlist of every organization taking a comprehensive approach that requires strong support for all three techniques, especially those organizations that need to support multiple ERP platforms or those that prefer an independent vendor.”
Source: 2008 Gartner MarketScope on Segregation of Duty Within ERP and Financial Applications by Paul E. Proctor, Neil MacDonald, 25 September 2008
Case Study 1: Automating Financial Controls
• Fortune 100 retailer• $76B in Revenue• 96,000 Employees• PeopleSoft
Financial Management System (FMS) v8.4
ProfileBusiness Challenge
Reducing Risk: • Concerned about risk in the financial close process.• Financial controls could not be cost-effectively
tested, monitored or enforced.• People were circumventing the process to make
manual journal entries & update the chart of accounts.
Reducing Compliance Costs:• Financial controls required extensive effort by
Internal Audit to manually test on an ongoing basis.• Manual queries had to be written, updated and
executed. Results had to be manually reviewed. Improving Efficiency:
• Too much time was being wasted researching financial anomalies for audits.
“Misrepresenting our financial results would have had disastrous implications but it just wasn’t feasible to continuously monitor every control.”
© 2008 Approva Corporation. All rights reserved.
• Approva is used to monitor financial configuration and transaction-related controls.
• Automatic alerts identify control exceptions so they can be addressed immediately.
Financial Controls Case Study: Approva’s Approach
© 2008 Approva Corporation. All rights reserved.
Finance /CFO
InternalAudit
CIO/ ITRiskManagement
Human Resources
External Audit
Outsourcing Partners
Reversed Transactions
Unusual Debits & Credits
Backdated Journal Entries
Revenue Entries After Period Close
Entries Avoiding Mgmt Review
Unauthorized Master Data Changes
Unusual Trending in Key Accounts
Transactions With Missing Fields
Unauthorized Transactions
Financial Controls Case Study: Benefits
Business Benefits
• Reduced time required for internal audit team to test controls and respond to external audit requests.
• Reduced travel and expense costs for internal audit team.
“We were able to design and implement our automated financial controls within 3 months of the project kickoff.”
Reduced Risk
Reduced Compliance Costs
Improved Productivity • Improved utilization & retention of internal audit and finance staff
resulting from elimination of low-value tasks.
• Reduced risk of fraud and financial misstatement due to comprehensive and continuous monitoring of key financial controls.
• Elimination of errors resulting from people circumventing existing financial controls and policies.
© 2007 Approva Corporation. All rights reserved.
Case Study 2: Controls Monitoring Across 26+ Applications
Business Challenge
• Identify & remediate user access violations across 26 applications.
• Hold business users accountable for user access violations.
• Manage controls for SAP go-live and legacy applications.
• Create the capability to quickly add new applications as business needs change.
© 2007 Approva Corporation. All rights reserved.
Case Study 2: Limited Brands
• Established sustainable process for monitoring and remediating user access (i.e. SoD) violations for 26+ app’s
• Empowered business users to independently remediate and manage access control violations
• Established accountability with business users for SoD violations
• Created a framework to quickly incorporate additional applications into Approva for SoD monitoring
Business Benefits
Case Study 3: P-Card Transaction Monitoring
© 2008 Approva Corporation. All rights reserved.
• Monthly reconciliation activity taking too much manual time and effort
• Manual audit was ineffective in meeting board oversight goals
• Goal to grow the program, driving more value
• One of the largest school districts in the US
• ~$50 Billion annual spendo Started with $24M
through P-Cards, grown to $104M
• Started with ~250 cardholders, grown to 2,500 and 300K transactions
• 5 full time P-Card program administrators
• SAP and Legacy MainframeGL systems
• Citibank Payment Card
Client Objectives
Benefits• Grew P-Card spend from $24M to $104M annually,
and increased card holders from 246 to 2,500o Increased dollar rebate (~10 Basis Points)
• P-Card program is effectively enforcing corporate policies and maintaining compliance, encouraged by board to continue to grow P-Card usage
• Reduced audit preparation time through automation• Automated reconciliation; reduced time and errors• Avoided retraining users when switching banks. Able
to capture most advantageous rebate offers. • Caught and stopped instances of misuse and was able
to document issues and resolve quickly
Profile
Top Challenges With P-Card Programs Include Managing Exceptions and Administration Tasks
© 2006 Approva Corporation. All rights reserved.
“Controls are the most pressing issue to increase spend and number of P-Card users”
Challenges Faced with P-Card Programs
Source: Aberdeen Group, August 2007
Challenge score based on survey respondents
Approva P-Card Insight: Key Product Features
© 2008 Approva Corporation. All rights reserved.
• Monitor and provide proactive alerts on P-Card program exceptions using complex analytics
• Provide executive level dashboards on key risk and performance indicators
• Sophisticated workflow with escalation for exception resolution with associated audit trail
• Automatically reconcile transactions with purchases• Augment bank transactions with level II and III data
P-Card Insight
Workflow & Escalation
Automatic Reconciliation
Complex Analytics
Dashboards and Reporting
Proactive Alerts
Audit Trail
© 2007 Approva Corporation. All rights reserved.
P-Card Insight Product Features (I)
• Complex workflows with escalations for sophisticated management of exceptions by user, auditor, or manager
• Contextual business information provided• Can interact with end user via email or BizRights interface• Ability to have transactions and purchases flagged as
automatically reconciled so no manual intervention required• Force manual reconciliation based upon business rules
(threshold based on dollar amount, specific type of purchases, user, manager etc.)
• Customizable reporting and dashboard• Dozens of pre-built reports• Drill down and drill through to find root cause of violations• Multiple level of reports, from graphical to summary to detail
Workflow& Escalation
Automatic Reconciliation
Dashboards& Reporting
Key Product Capabilities and Highlights
© 2007 Approva Corporation. All rights reserved.
P-Card Insight Product Features (II)
• Ability to schedule for automated and proactive report delivery• Workflow tasks proactively emailed to inbox of user
• Best practice library of controls• Trending analytics to search for anomalies• Ability to analyze data from multiple systems within same rule
• Complete capture of historical data• Audit trail maintained for all operations in the system• PCI DSS Level 1/SAS 70 Type II Certified• Secure platform that can be used as a control
ComplexAnalytics
AuditTrail
Key Product Capabilities and Highlights
ProactiveAlerts
Approva P-Card Insight Benefits
© 2006 Approva Corporation. All rights reserved.
Reduced Cash Loss / Waste
Improved Process Efficiency
Reduced Risk
• Increased procurement saving• Reduced Cost of Monitoring and audit
preparation• Vendor Consolidation• Bank Neutrality• Cardholder convenience
• Increased Rebate • Eliminate non-preferred vendor spend• Increased Discounts• Identify leakage
• Increased program assurance• Culture of Enforcement• Proactive identification of exceptions• Improve financial and budget controls
Controls Intelligence Benefits
Customer Benefit from Improved Controls IntelligenceCATEGORY TYPE OF BENEFIT
In Summary
Start With the Core Risk But Have a Plan to Expand• Capture “low hanging fruit” by automating manual controls• Focus on your top risks but ensure your solution can scale• Validate your approach and solution with your auditor
Consider Both Financial and IT Controls• Implement both preventive and detective controls• Consider the impact of IT, access and transaction-related
controls• Trust but verify controls that come with your core applications
Business Users Should Own the Controls• Make sure your solution can speak to business users in their
language• Empower business users to develop their own controls• Free up IT and internal audit staff to focus on value added
tasks
1
2
3
Selected Approva Customers
© 2007 Approva Corporation. All rights reserved.
Technology, Telecom & Media Consumer Products & Retail
Energy & Chemicals Pharmaceutical & Biotech Entertainment
Manufacturing, Transportation & Public Sector
Contact Information
Steve BoyceVP, Alliances & Business Development
Approva [email protected]
703.956.8366www.approva.net