USING CONTINUOUS CONTROLS MONITORING TO MAXIMIZE P2P CONTROLS & RISK PREVENTION

IFO Texas Chapter

Page

WHAT WE WILL COVER TODAY

2

Continuous controls monitoring (CCM) — the use of automated tools and practices to examine business transactions as they occur — was once just the remit of Internal Audit functions.

Now CCM is accessible to Shared Service, Purchase-to-Pay (P2P) and Accounts Payable teams

to help rapidly increase their value to the wider organization.

In this session, we will examine three organizations — a fast-growing manufacturing company, top performing city government and progressive healthcare system — and look at

how continuous controls monitoring has raised the profile of P2P as proactive partners of Internal Audit.

This session is for proactive leaders in finance & P2P wanting to:

• Understand the immediate benefits of CCM to their organization

• Learn specifically how CCM works, and how it elevates P2P to a value creation function

• Find out the key steps to evaluate whether you need CCM in your organization today

Page

PRESENTER FOR THIS WEBINAR

3

David Griffiths | EVP Client Development

Worked with over 350 P2P teams

15th Year immersed in P2P/Accounts Payable

Used leading research reports

- ACFE, Paystream Advisors, and Forrester

PPN | Purchase to Pay Network®

- Annual Surveys 2009 to 2016

Page

YOUR TEXAN TEAM

4

Steve Spragens Dave Larson

PagePage

60-second FISCAL Overview

Immense change in Purchase-to-Pay

What is Continuous Controls Monitoring

The Big Idea

Three Case Studies

What We Learned

Special Offer

5

AGENDA

Page

BRIEF INTRODUCTION TO FISCAL TECHNOLOGIES

Creating

Best-In-ClassAccounts Payable

Established

200215th year

Delivering Immediate ROI for AP

Provide

Forensic Tools and Services to

Empower P2P

Over 250Customers

World-Wide

“We are not only amazed but also thrilled with the results obtained with AP Forensics®.Within the first two weeks of using the software, we more than recovered the cost of thesoftware. We strongly recommend AP Forensics® to other organizations looking to lockdown profits and tighten their internal controls.”

- Financial Shared Services Manager

Page

Safeguard Spend$

BEST-IN-CLASS STRATEGIES DELIVERED BY AP FORENSICS®

Improve Processes

Reduce Risk

Page

35%

8

Proactive data monitoring and analysis was used by only 35% of the victim

organizations in our study, but the presence of this control was correlated with frauds that were

60% less costly and 50% shorter in duration.

Source : ACFE | Global Fraud Study 2014

Page

QUESTION 1

9

Over the last 12 months which of the following types of fraud had the most cases recorded? Source | P2P Benchmarking 2016

A. Employee fraud

B. Travel & expenses over claim

C. False invoice presented by supplier

D. False invoice presented by fake supplier

E. Fake supplier attempting to change account details

Answer: E – 71%

Page 10

71%

38%

25%21% 21%

17% 17% 17%13%

FRAUD OR NON-COMPLIANCE

PagePage 11

P2P Is EvolvingFaster Than Ever Before!

Page

DRAMATIC INCREASE IN TRANSACTION COMPLEXITY

12

MANUAL INPUT

OCR E-INVOICING

P-CARD INPUT

SUPPLIER PORTALS

FEEDERS

EDI P2P

Page

WHY RISK IS ON THE INCREASE

Increasingsupplier fraud

Temporary staff & employee turnover

New systems & upgrades

Global suppliers international risk

Supplier pressure to pay

AP staff doing more with fewer

resources

Outsourcing & centralizing – less

direct controlP2P Automation

Page

NEED TO ADD VALUE

14

• Improve processes

• Drive efficiencies

• Create insights

• Provide additional services

• Reduce costs

• Save money

• Improve the bottom line

PagePage 15

CONTINUOUS CONTROLS MONITORING

Page

CONFUSING – A LOT OF BUZZ

16

GRC

BI Data

Analytics

Big Data

ERP

Reporting

Risk Analysis

Data Mining

Business Warehouse

CACompliance

Monitoring

Added dimensions of:

ERP

Disparate Systems

Vendors

Risk Considerations

Key Stakeholders

Page 17

BI/Big Data

Governance Risk Compliance

Continuous Auditing

Continuous Controls Monitoring

Page

CONTINUOUS AUDITING

18

The first application of continuous auditing was developed at AT&T Bell Labs (Austin?) in 1989.

Known as a continuous process auditing system (CPAS), the system developed by Vasarhelyi and Halper provided measurement, monitoring, and analysis of the company's billing information.

Made up of three main parts:• Continuous data assurance (CDA) • Continuous risk monitoring and assessment (CRMA)• Continuous controls monitoring (CCM)

Page

WHAT MAKES UP CCM

19

Master

Data

Split into four parts:

– Segregation of duties

– Application configuration

– Transactions

– Master data

T + M= P2P Forensics

Transactions

Segregation of Duties

Application Configuration

Page

HOW IT WORKS

20

Page

MAIN ISSUES OF ADOPTION

21

• Lack of appropriate technology

• Implementation times & expertise

• Cost upfront & running

• GRC (All singing) vs CCM (Specialist)

• Dealing with exceptions

• Leadership – Procurement or Technical or Audit or Finance?

Page 22

Page 23

PURCHASE TO PAY - SELF AUDITING

Allocate a person to become the P2P control analyst

Daily prevention

Performance insights

Drive process improvement

First line of defence for internal audit

Page

4 LAYERED APPROACH

Audit CCM

Page

100% PROTECTION

AuditCCM

Page

WHY AP/P2P & AUDIT PARTNERSHIP?

26

Partner Strengths Accounts Payable Audit

Expertise Transactions Investigation

Time Frame Prevention Historical review

Place in the Process On the frontline At the end

Supplier Relationship Close Distant

Investigative Focus Exceptions Ad hoc sample

Improvement Processes Controls

PagePage 27

CASE STUDIES

Page

THREE - CASE STUDIES

28

Page

CASE STUDY 1 – MANUFACTURER

29

Profile

- Fast growing international manufacturer

- Process 140K invoices per annum

- Multiple business units

- 40% overseas sales

- Many foreign suppliers

- 3-way matching on all goods for resale

Page 30

Issues

- Complex business structure - Large online business- Lots of drop shipments- Shared service center- Multiple currencies

Resulting Benefits

1. Return on Investment = x2.5 in 3 months2. Reduction with inter-company issues3. Highlight high risk vendors across the group4. Increased visibility and control5. Improved annual audit issues

Page

CASE STUDY 2 – CITY GOVERNMENT

31

Profile

- Aspirational city government

- Process 60K invoices per annum

- 50% 3-way matching

- High PO compliance at 80%

- Scanning and workflow only

- Good internal audit team

Page 32

Issues

- Overstretched staff resources- 80% of invoices under $1,000- Credit memos not matching- Multiple ways to receive and pay- Large master vendor file and growing- Increasing fraud & attempts

Benefits

1. Payback – under 3 months2. Pin-point issues to drive process improvement3. Reduction in exceptions & improved credit matching4. Significant time savings keeping master vendor up to date5. Essential to protect government spend

Page

CASE STUDY 3 – HEALTHCARE SYSTEM

33

Profile

- City multi-hospital system

- Process 120K invoices per annum

- High percentage same day payments

- 40% PO compliances

- Small 5 person AP team

- Increasing use of P-Cards

Page 34

Issues

- Lack of PO compliance- High staff turnover- P-cards taking up time- Some outsourced invoice input- Speed of payments makes checking difficult- Payments are made fast

Benefits

1. Payback – under 1 month2. Able to reconcile P-Cards with AP ledger3. Reduction in overpayments4. Reduce potential for fraud5. Cost reduction for internal audit time

Page

QUESTION 2

35

What percentage of organizations surveyed by ACFE use proactive data monitoring to prevent fraud?Source | ACFE 2014 & 2016

1. 26%

2. 35%

3. 42%

4. 56%

Answer: 2 - 34.8% (2014)

- 36.0% (2016)

PagePage 36

BENEFITS

Page

WHAT WE LEARNED

37

SUMMARY

Reduce Cost Generate Value Reduce Risk

• Can highlight significant overpayments.

• Reduce number of exceptions and time for AP

• Reduce audit time• Reduce time spent on

master vendor file

• Drives process improvements

• Elevates the role of AP• Creates shared insights• Increases spend

protection• Helps improve KPI’s• Supports best practise• Drives better decision

making

• Improves regulatory compliance

• Reduces the likelihood of internal and external fraud

• Ensures reliable processes

• Supports segregation of duties

Page

BENEFITS OVERALL

38

Page

NOT JUST ABOUT AUTOMATION

39

1. Leadership and partnership

2. All about the staff - define roles and responsibilities

3. Need a combination of techniques

4. Standards of internal controls

5. Delegation of authority controls

6. Segregation of duties

Page

10 STEP EVALUATION PROCESS

40

1. Scope of the solution2. Capability of the solution3. Technical support4. Data processing solution5. Support for multiple systems6. Non intrusiveness7. Usability of the solution8. Technology and architecture9. Product innovation10.Return on investment

Source | ISACA 2010 – Criteria for Evaluating & Selecting CCM

Page

EXAMPLE ROLL-OUT PROCESS

41

3. Proof of Concept- Work with vendor- Evidenced-based- Business case

4. Train & Roll Out - Define KPI’s for success- Define roles- Reports and dashboards- Process mapping and integration

2. Define Requirements- Workshop ½ day- Functional design- Narrow initial scope

1. Internal Audit- Engage IA- Carry out a self-audit

5. Three Month Review- Get vendor back in- Root cause analysis- More advanced training

6. Prevention Strategy- Report and refine- Drive process improvement

Page

FIVE MUST DO’S IN FEBRUARY

42

1. Review all your standard controls

2. Allocate one of your team to forensic analyst

3. Proactively monitor all transactions every month/daily

4. Carry out your own internal audit

5. Run a proof of concept

PagePage

AP FORENSICS® V7 – PROTECTING SPEND

AP TRANSACTIONS

SUPPLIERFILE

CONSTANT MONITORING

TAXCHECKER

REPORTING

FISCALCLOUDERP CONNECTION REMOTE ACCESS

AP FORENSICS®

ENTERPRISE SUITE

FRAUD TESTER

CONSTANT FORENSIC

MONITORING OF ERP

PREVENTATIVE –PRIOR TO PAYMENT

Page

PROTECTS EVERY INVOICE POSTED-TO-PAY

Constant Monitoring Module

Import into AP Forensics®

Emailed Hyperlink to Your Exception Report

Scheduled Query

Your ERP

PROVIDING YOU ACTIONABLE INSIGHT INTO WHAT YOU DON’T KNOW, BUT SHOULD

Page

CONSULTING SERVICES OFFER:TRANSACTIONAL RISK REVIEW

• An AP Forensics® Assessment

• 30+ Page Executive Report

- Validates Internal Controls

- Identifies High Risk Transactions,

Payments, & Suppliers

• Minimum $20,000 Value

JUST FOR YOU

PagePage 46

PagePage 47

Any Questions?Slide Deck

Agne Baneviciuteagneb@fiscaltec.com

Thank you

For more information visit: www.fiscaltec.com

Follow us on: