Page
WHAT WE WILL COVER TODAY
2
Continuous controls monitoring (CCM) — the use of automated tools and practices to examine business transactions as they occur — was once just the remit of Internal Audit functions.
Now CCM is accessible to Shared Service, Purchase-to-Pay (P2P) and Accounts Payable teams
to help rapidly increase their value to the wider organization.
In this session, we will examine three organizations — a fast-growing manufacturing company, top performing city government and progressive healthcare system — and look at
how continuous controls monitoring has raised the profile of P2P as proactive partners of Internal Audit.
This session is for proactive leaders in finance & P2P wanting to:
• Understand the immediate benefits of CCM to their organization
• Learn specifically how CCM works, and how it elevates P2P to a value creation function
• Find out the key steps to evaluate whether you need CCM in your organization today
Page
PRESENTER FOR THIS WEBINAR
3
David Griffiths | EVP Client Development
Worked with over 350 P2P teams
15th Year immersed in P2P/Accounts Payable
Used leading research reports
- ACFE, Paystream Advisors, and Forrester
PPN | Purchase to Pay Network®
- Annual Surveys 2009 to 2016
PagePage
60-second FISCAL Overview
Immense change in Purchase-to-Pay
What is Continuous Controls Monitoring
The Big Idea
Three Case Studies
What We Learned
Special Offer
5
AGENDA
Page
BRIEF INTRODUCTION TO FISCAL TECHNOLOGIES
Creating
Best-In-ClassAccounts Payable
Established
200215th year
Delivering Immediate ROI for AP
Provide
Forensic Tools and Services to
Empower P2P
Over 250Customers
World-Wide
“We are not only amazed but also thrilled with the results obtained with AP Forensics®.Within the first two weeks of using the software, we more than recovered the cost of thesoftware. We strongly recommend AP Forensics® to other organizations looking to lockdown profits and tighten their internal controls.”
- Financial Shared Services Manager
Page
Safeguard Spend$
BEST-IN-CLASS STRATEGIES DELIVERED BY AP FORENSICS®
Improve Processes
Reduce Risk
Page
35%
8
Proactive data monitoring and analysis was used by only 35% of the victim
organizations in our study, but the presence of this control was correlated with frauds that were
60% less costly and 50% shorter in duration.
Source : ACFE | Global Fraud Study 2014
Page
QUESTION 1
9
Over the last 12 months which of the following types of fraud had the most cases recorded? Source | P2P Benchmarking 2016
A. Employee fraud
B. Travel & expenses over claim
C. False invoice presented by supplier
D. False invoice presented by fake supplier
E. Fake supplier attempting to change account details
Answer: E – 71%
Page
DRAMATIC INCREASE IN TRANSACTION COMPLEXITY
12
MANUAL INPUT
OCR E-INVOICING
P-CARD INPUT
SUPPLIER PORTALS
FEEDERS
EDI P2P
Page
WHY RISK IS ON THE INCREASE
Increasingsupplier fraud
Temporary staff & employee turnover
New systems & upgrades
Global suppliers international risk
Supplier pressure to pay
AP staff doing more with fewer
resources
Outsourcing & centralizing – less
direct controlP2P Automation
Page
NEED TO ADD VALUE
14
• Improve processes
• Drive efficiencies
• Create insights
• Provide additional services
• Reduce costs
• Save money
• Improve the bottom line
Page
CONFUSING – A LOT OF BUZZ
16
GRC
BI Data
Analytics
Big Data
ERP
Reporting
Risk Analysis
Data Mining
Business Warehouse
CACompliance
Monitoring
Added dimensions of:
ERP
Disparate Systems
Vendors
Risk Considerations
Key Stakeholders
Page
CONTINUOUS AUDITING
18
The first application of continuous auditing was developed at AT&T Bell Labs (Austin?) in 1989.
Known as a continuous process auditing system (CPAS), the system developed by Vasarhelyi and Halper provided measurement, monitoring, and analysis of the company's billing information.
Made up of three main parts:• Continuous data assurance (CDA) • Continuous risk monitoring and assessment (CRMA)• Continuous controls monitoring (CCM)
Page
WHAT MAKES UP CCM
19
Master
Data
Split into four parts:
– Segregation of duties
– Application configuration
– Transactions
– Master data
T + M= P2P Forensics
Transactions
Segregation of Duties
Application Configuration
Page
MAIN ISSUES OF ADOPTION
21
• Lack of appropriate technology
• Implementation times & expertise
• Cost upfront & running
• GRC (All singing) vs CCM (Specialist)
• Dealing with exceptions
• Leadership – Procurement or Technical or Audit or Finance?
Page 23
PURCHASE TO PAY - SELF AUDITING
Allocate a person to become the P2P control analyst
Daily prevention
Performance insights
Drive process improvement
First line of defence for internal audit
Page
WHY AP/P2P & AUDIT PARTNERSHIP?
26
Partner Strengths Accounts Payable Audit
Expertise Transactions Investigation
Time Frame Prevention Historical review
Place in the Process On the frontline At the end
Supplier Relationship Close Distant
Investigative Focus Exceptions Ad hoc sample
Improvement Processes Controls
Page
CASE STUDY 1 – MANUFACTURER
29
Profile
- Fast growing international manufacturer
- Process 140K invoices per annum
- Multiple business units
- 40% overseas sales
- Many foreign suppliers
- 3-way matching on all goods for resale
Page 30
Issues
- Complex business structure - Large online business- Lots of drop shipments- Shared service center- Multiple currencies
Resulting Benefits
1. Return on Investment = x2.5 in 3 months2. Reduction with inter-company issues3. Highlight high risk vendors across the group4. Increased visibility and control5. Improved annual audit issues
Page
CASE STUDY 2 – CITY GOVERNMENT
31
Profile
- Aspirational city government
- Process 60K invoices per annum
- 50% 3-way matching
- High PO compliance at 80%
- Scanning and workflow only
- Good internal audit team
Page 32
Issues
- Overstretched staff resources- 80% of invoices under $1,000- Credit memos not matching- Multiple ways to receive and pay- Large master vendor file and growing- Increasing fraud & attempts
Benefits
1. Payback – under 3 months2. Pin-point issues to drive process improvement3. Reduction in exceptions & improved credit matching4. Significant time savings keeping master vendor up to date5. Essential to protect government spend
Page
CASE STUDY 3 – HEALTHCARE SYSTEM
33
Profile
- City multi-hospital system
- Process 120K invoices per annum
- High percentage same day payments
- 40% PO compliances
- Small 5 person AP team
- Increasing use of P-Cards
Page 34
Issues
- Lack of PO compliance- High staff turnover- P-cards taking up time- Some outsourced invoice input- Speed of payments makes checking difficult- Payments are made fast
Benefits
1. Payback – under 1 month2. Able to reconcile P-Cards with AP ledger3. Reduction in overpayments4. Reduce potential for fraud5. Cost reduction for internal audit time
Page
QUESTION 2
35
What percentage of organizations surveyed by ACFE use proactive data monitoring to prevent fraud?Source | ACFE 2014 & 2016
1. 26%
2. 35%
3. 42%
4. 56%
Answer: 2 - 34.8% (2014)
- 36.0% (2016)
Page
WHAT WE LEARNED
37
SUMMARY
Reduce Cost Generate Value Reduce Risk
• Can highlight significant overpayments.
• Reduce number of exceptions and time for AP
• Reduce audit time• Reduce time spent on
master vendor file
• Drives process improvements
• Elevates the role of AP• Creates shared insights• Increases spend
protection• Helps improve KPI’s• Supports best practise• Drives better decision
making
• Improves regulatory compliance
• Reduces the likelihood of internal and external fraud
• Ensures reliable processes
• Supports segregation of duties
Page
NOT JUST ABOUT AUTOMATION
39
1. Leadership and partnership
2. All about the staff - define roles and responsibilities
3. Need a combination of techniques
4. Standards of internal controls
5. Delegation of authority controls
6. Segregation of duties
Page
10 STEP EVALUATION PROCESS
40
1. Scope of the solution2. Capability of the solution3. Technical support4. Data processing solution5. Support for multiple systems6. Non intrusiveness7. Usability of the solution8. Technology and architecture9. Product innovation10.Return on investment
Source | ISACA 2010 – Criteria for Evaluating & Selecting CCM
Page
EXAMPLE ROLL-OUT PROCESS
41
3. Proof of Concept- Work with vendor- Evidenced-based- Business case
4. Train & Roll Out - Define KPI’s for success- Define roles- Reports and dashboards- Process mapping and integration
2. Define Requirements- Workshop ½ day- Functional design- Narrow initial scope
1. Internal Audit- Engage IA- Carry out a self-audit
5. Three Month Review- Get vendor back in- Root cause analysis- More advanced training
6. Prevention Strategy- Report and refine- Drive process improvement
Page
FIVE MUST DO’S IN FEBRUARY
42
1. Review all your standard controls
2. Allocate one of your team to forensic analyst
3. Proactively monitor all transactions every month/daily
4. Carry out your own internal audit
5. Run a proof of concept
PagePage
AP FORENSICS® V7 – PROTECTING SPEND
AP TRANSACTIONS
SUPPLIERFILE
CONSTANT MONITORING
TAXCHECKER
REPORTING
FISCALCLOUDERP CONNECTION REMOTE ACCESS
AP FORENSICS®
ENTERPRISE SUITE
FRAUD TESTER
CONSTANT FORENSIC
MONITORING OF ERP
PREVENTATIVE –PRIOR TO PAYMENT
Page
PROTECTS EVERY INVOICE POSTED-TO-PAY
Constant Monitoring Module
Import into AP Forensics®
Emailed Hyperlink to Your Exception Report
Scheduled Query
Your ERP
PROVIDING YOU ACTIONABLE INSIGHT INTO WHAT YOU DON’T KNOW, BUT SHOULD
Page
CONSULTING SERVICES OFFER:TRANSACTIONAL RISK REVIEW
• An AP Forensics® Assessment
• 30+ Page Executive Report
- Validates Internal Controls
- Identifies High Risk Transactions,
Payments, & Suppliers
• Minimum $20,000 Value
JUST FOR YOU
PagePage 47
Any Questions?Slide Deck
Agne [email protected]
Thank you
For more information visit: www.fiscaltec.com
Follow us on: