Gavin Steinberg Angus Gray Ian CraigenManaging Director NZ BDM Senior Consultant
The Satori Group
Started in 2002 and 23 employees in the team
Offices in Sydney, Melbourne, Wellington, Pune (India)
Territory covers Australia, New Zealand and South
Pacific Islands
Partnership with Prodigy Group (Singapore, Indo, Phil,
Malaysia)
Over 400 corporate clients in our region
Over 40 clients in New Zealand and growing
The Satori Team Structure
Gavin
BFRAndrew Bond
Manura
Matt
Assurance Account Managers
Vic, ACT, Wellington, SP
Angus
NSW1Phil
NSW2, QLDTroy
New Business
SatoriCCM MS / EnvisageRobyn
ACL GRCPat
Analytics Project Delivery
Rebecca M
Analytics
Jehan
Ian
Nancy
Noris
Support
Jeffrey
Pentana Team
Denae
Andrew T
Jeff
Admin / Mkting / Training
Rebecca N
Pat
Trainers
Denae
FinanceOlga
Envisage DevDavid
AndyT Thai
AFFCO Holdings Ltd. Airways New Zealand ANZ National Bank ASB Bank Auckland District Health Board Auckland University of Technology Audit New Zealand Bay of Plenty DHB Canterbury District Health Board Department of Conservation (NZ) Department of Corrections (NZ) Farmers Trading Company Fisher & Paykel Finance Limited Fletcher Building Limited (NZ) Fonterra Health Alliance Health Intelligence Inland Revenue Department Kiwi Bank Limited KPMG Wellington Lakes District Health
Ministry of Business, Innovation and Employment
Ministry of Education NZ Ministry of the Environment NZ Ministry of Health New Zealand Defence Force New Zealand Post New Zealand Racing Board New Zealand Trade and Enterprise New Zealand Transport Agency Nelson DHB NIWA Palmerston North City Council PGG Wrightson Southern District Health Board Talley's Group Ltd Telecom NZ Ltd Waikato District Health Board Wellington City Council …
Our solutions
Our Product Range
ACL
• ACL Analysis Desktop
• ACL Analysis Exchange (AX)
• SAP Direct Link
• ACL GRC-Risk-Project Manager-Results Manager
• EVA• AP• VM• EM• CC
Caseware Monitor
• Ver 3.3• Ver 4.0
Pentana
• PAWS 8.x• Vision 2.1• Retain
SatoriCCM
• Managed Services
• Hosted SAAS
• EVA• Specialised
Apps
BFR
• Envisage• proCube• Dundas• CDM
Satori Offering
• Support• Managed Services
• Training• Services
Analytical Solutions
Audit Management
Continuous Monitoring
Budgeting, Forecasting,
Reporting and Visualisation
Audit Dashboards
Why Dashboards
Communicate what Audit is doing effectively
Give insight to management to data they cannot get
Raise Internal Audit profile
Share Audit insight with company
Great Insight into the business
Add significant value to business
Oversight on performance
Communication
Strictly Confidential—not for distribution
Dan Zitting, CPA, CISA, GRCPVP, Product Management & Design
Email: [email protected]: (212) 202-2183Twitter: @danzittingLinkedIn: http://www.linkedin.com/in/danzitting
“INTEGRATED GRC” (100%)
ACL’s Customers: The IIA Three Lines of Defense Model
GRC FUNCTIONS (90%)
GRC STAKEHOLDERS
AUDIT (70%)
17© ACL Services Ltd.ACL | Connections 2013
ACL Vision for Audit & Risk Technology
Complete Technology Platform
Integrated RiskAssessmentIntegrated RiskAssessment
IntegratedContentIntegratedContent
Project & Controls Mgmt
Project & Controls Mgmt
Risk & ControlAnalyticsRisk & ControlAnalytics
DATA ANALYSIS
• Ad-hoc analysis of data populations designed to detect transactions that manifest the occurrence of business risk
ENTERPRISE CONTINUOUS MONITORING
• Recurring analysis of transactional data designed to prevent occurrence of risk through identification of operational deficiencies or control gaps
GRC
• Management and measurement of risks and controls against business objectives in accordance with regulations, standards, policies and business decisions.
ACL’s 3 Core Value Propositions
Powered by…ACL Analytics Desktop
Powered by…ACL Analytics Exchange (AX)
Powered by…ACL GRC
Transformational Value in Audit & Risk
“Data-Driven GRC”(GRC + DA + ECM)
“Data-Led GRC”(GRC + DA)
Data Analysis (DA)
Enterprise Continuous Monitoring (ECM)
GRC
Complacency may be the next biggest danger companies face in FY13/14
Annual Kroll Fraud Report 2012/13
Reference: AuditNet Analytic Survey
What are the main obstacles preventing auditors from using audit analytics?
Audit Analytic Capability Model
Sophistication
Audit
Con
tribu
tion
Hindsight
Insight
Foresight
ad hoc repetitive continuous
Level 1Basic/adhoc
Level 1Basic/adhoc
Basic Sophisticated Once Off Analytics
Data Access & Acquisition
Analysis
Reporting
Challenges Data and access to data
Understanding of what to do
Time to do it properly
The software (typically last used 1 year ago)
Understanding the data and what / how to analyse the data
Typically once off
Don’t know what you are looking for until you find (need skill)
Audit Analytic Capability Model
Sophistication
Audit
Con
tribu
tion
Hindsight
Insight
Foresight
ad hoc repetitive continuous
Level 2Applied
Level 2Applied
Level 1Basic/adhoc
Level 1Basic/adhoc
A Variety of Analytic Techniques Calculation of statistical
parameters
Classifications
Stratifications
Digital analysis ie using Benford’sLaw
“Fuzzy Logic”
Duplicates testing
Gaps testing
Ageing
Control total summation
Joining and matching data fields
Ranges of a Numeric Field
Groups transactions into specified ranges or strata of values
Show me the number of contracts within various strata of the contract amount fieldAmount Count Ave$
– $0 - $1,000 16,703– $1,001 - $49,999 19,650– $45,001 - $49,000 61,203– $49,001 - $50,000 4,251– $50,001 - $100,000 58– $100,001 - $1,000,000 4
Totals by a Character field
Counts the number of unique values in a selected character field(s) and the corresponding totals of other numeric fields
Show me how many hysterectomy procedures have been performed, by gender:– Female: 127– Male: 3– [field blank]: 12
2 Ratio Analysis
Unit Prices Item High_Price High_Price2 Ratio
#198 $101.46 $98.91 1.026#773 $123.48 $57.23 2.158#861 $ 51.23 $50.84 1.008#634 $ 26.31 $11.63 2.262
#992 $124.78 $124.03 1.006
2 Ratio analysis
Apr May Jun Jul Aug Max 2Max RatioExpense 1 125 124 135 12,500 125 12,500 135 92.59 Expense 2 98 99 99 101 98 101 99 1.03 Expense 3 78.31 78.64 78.75 158.29 78.93 158.29 78.93 2.01
Realisation
• Script Tests
• Beginning of specialisation
• Acceptance of AA
• Continuous Usage of AA
• Understanding of Data and ERP
tables
• Std Data requests for IT
• Structure around AA process
• Automation Beginning
> Starts to become part of every Audit– Pre, during, post– Ability to repeat in an instant
> Yields results> Quality, trust output> Re-use and basis for extension of AA> ? What happens to output
Level 2 – Repetitive Analytics
Audit Analytic Capability Model
Sophistication
Audit
Con
tribu
tion
Hindsight
Insight
Foresight
ad hoc repetitive continuous
Level 2Applied
Level 2Applied
Level 3Managed
Level 3Managed
Level 1Basic/adhoc
Level 1Basic/adhoc
Managed AnalyticsSome subject Areas for Audit Analytics / Fraud Detection
Accounts Payable
Accounts Receivable
Bid Rigging
Credit Card Management
Deposits
General Ledger
Supplier Collusion
Loans
Inventory Control
Policy and Administration
Purchase Order Management
Retail Loss Prevention
Salaries and Payroll
Sales Analysis
Claims
Vendor Management
Purchase to Payment CycleCritical Processes & Activities
Match Standard Analytics against Payables Processes
PayrollCritical Processes & Activities
Creating Employees Manage Payroll
Payroll Calculation Payments
•Create New Employee•Entering Employee Data•Referral Awards•Maintain Records prices
•Assign salary / Rate Grade•Approve Rates•Transfers and Promotions•Retirement & Termination –Discontinue Payroll &Benefits
•Modify Time & Attendance•Modify Overtime•Statutory Holiday Calculations•Calculate Banked Time•Deduction calculations•Payroll Exceptions•Commissions & Bonuses•R/T – Calculate Final Pay
•Generate Payments•Update Accrued Leave / vacation•Balances•Calculate Final Cycle Pay•Post Payroll•Transmit to service provider
•Enter Time•Approve Overtime•Approve Contractors•T&A Interfaces
Time & Attendance
Standard Analytics against Payroll Processes
Creating Employees SOD: Enter Vs. Approve OFAC Employee Match Duplicate Employees Employee Vendor Match SOD: Update Vs. Approve Ghost Employees – PIN
Payroll Calculations SOD: Adjustment Vs. Approval Overtime Threshold Unauthorized Commissions Payroll Cut Off Dates SOD: Termination Enter Vs.
Approve Termination – New Hires
Manage Payroll Invalid Rate Terminated Employees –
Termination Date Terminated Employee –
Employee Status
Time and Attendance SOD: Time Entry Vs.
Approval Time Entry Vs. Expected
Hours Time Differentials
Payments SOD: Create Vs. Approve Duplicate Payments Suspicious Payments - Employee
Start Date Suspicious Payments – Phantom
Employees Service Providers – Two Way Match
Level 3 : Managed Analytics
Multiple Scripts “Ready to go”
Centralised Server (need server technology)
Core experts, many different user skills levels
Accepted as part of every audit (pre, during, post)
ROI Massive (values, Efficiency, Effectiveness)
Increase in Budget
Other departments wanting some
Audit Analytic Capability Model
Sophistication
Audit
Con
tribu
tion
Hindsight
Insight
Foresight
ad hoc repetitive continuous
Level 2Applied
Level 2Applied
Level 3Managed
Level 3Managed
Level 4Automated
Level 4Automated
Level 1Basic/adhoc
Level 1Basic/adhoc
Automated Analytics - “Continuous Auditing”
•Secure and central environment
•Virtually limitless server processing power
•Automate analysis
•Integrated exception review
•“Self Service”
•Focus on results / exceptions
•Get exceptions sent to you
Analytic Capability Model
Sophistication
Audit
Con
tribu
tion
Hindsight
Insight
Foresight Level 5Monitoring
Level 5Monitoring
ad hoc repetitive continuous
Level 2Applied
Level 2Applied
Level 3Managed
Level 3Managed
Level 4Automated
Level 4Automated
Level 1Basic/adhoc
Level 1Basic/adhoc
Source – Ernst and Young ISACA presentation January 2008, Virginia USA
ACL Product Updates
Growing R&D Investment
0%
5%
10%
15%
20%
25%
30%
35%
2011 2012 2013
50% increase in R&D
Expanded analytics teams
Dedicated resources
55%30%
15%
Analytics ECM GRC
GRC & Analytics Integration
ACL Desktop Audit Exchange
ACL Workpapers
ACL Analytics Analytics Exchange
ACL GRC:Project Manager
ACL GRC:Results Manager
ACL GRC:Risk Manager
ACL GRC: Risk Manager• Assess strategic risk and develop
mitigation efforts• Visualize risk in your
organizational landscape
ACL GRC: Results Manager• Receives analytic results directly
from ACL Analytics or AX• Integrate those results into the
GRC architecture, projects, and issue tracking
AX 3.1
We’ve been busy @ ACL
Analytics 10
Enterprise (AX)
Workpapers 2
iPad
Desktop 9.3
Direct Link 4GB Analytics Exchange 4
AX 4.0.2
iPhone
Risk Manager
Results Manager
Project Manager
Data Analysis (Desktop) GRC
25+ Improvements
Date & Time
ACL Desktop becomes ACL Analytics Desktop Focus on increasing Analytic Capabilities Focus on improving Ease of Use
Product Update – Analytics v10
ExecutePerformance
Multiple Tables Integration
ACL™ Analytics Releases
May 2013
v.10July 2012Fuzzy DuplicatesColour Script Editor
v.9.3Aug 2011Key field harmonization for JOINEnhanced Command LogExcel Import/Export
v.9.2Feb 2011Data Definition Wizard Improvements
v.9.1.8
April 2009
v.9.1.4May 2008
v. 9.1
May 2013
ACL Desktop 9.3
English language edition: 9.3.0 All other language editions: 9.3.1 Compatibility upgrade for AX Core 3.0, 3.0.1 and 3.1 New Script Editor Features - Line numbering, Colour
encoding, Colour encoding editing, Word Wrap Fuzzy Duplicates command (FUZZYDUP) - Used to
detect nearly identical values in a character field ISFUZZYDUP() Function - Returns a logical value
indicating whether a string is a fuzzy duplicate of a comparison string
ACL Desktop 9.3 – cont.
LEVDIST() Function - Returns the LevenshteinDistance between two specified strings, which is a measurement of how much the two strings differ
OMIT() Function - Returns a string with one or more specified substrings removed
Resize all columns through right click menu Filter and command line functions in right click menu New Right Mouse click menu option-> Replace filter Current script being executed is displayed in the status
bar Addition of a ‘Run’ pushbutton in the Script Toolbar
ACL Desktop 9.3 – cont.
‘Add table’ icon in toolbar ‘Display variables’ icon in toolbar New links on welcome page (product feedback,
customer survey, What’s New) Ability to delete a field from the table layout dialog or
command even if a view is open Warning message when deleting items from log using
right click Ability to change thousands and decimal separators
from within a script Field definitions with multi-line conditional fields written
to the log file can now be saved and run in a script
Execute command New datetime data type and new functions to support Open multiple tables at the same time Export directly to Results Manager Performance improvements Defect corrections Improved user experience
ACL Analytics 10
0 25 50 75 100 125 150 175 200
DuplicatesExport CSVExport XLS
ExtractImport CSV
Import ExcelIndex
JoinSampling
SortStatistics
Summarize
DT93 AA10
ACL Analytics 10 is the fastest version yet
ACL Analytics 10 can now define and work with date and time data
Date and time data
19:20:307:20:30 PM2012-05-20T19:20:302012/05/20 7:20:30PM2012-05-20T19:20:30-08:00
CTODT() - converts character or numeric value to Date and Time
CTOT() - converts character or numeric value to a Time
STOD() - converts serial Date to Date STOT() – converts serial Date to Time STODT() - converts serial Date to Date and Time DATETIME() - converts Date and Time to character
New functions
NOW() - returns the current system time TODAY() - returns the current system date CMOY() - returns the name of the month for a specified
date EOMONTH() - returns the last day of the month GOMONTH() - returns the date X number of months
away
New functions
YEAR() - extracts the year from a specified date MONTH() - extracts the month from a specified date DAY() - extracts the day of the month from a date HOUR() - extracts the hour from a specified Date and
Time MINUTE() - extracts the minutes from a specified Date
and Time SECOND() - extracts the seconds from a specified
Date and Time
New functions
CTOD() TIME() DATE() AGE() CDOW() DOW()
Updated functions
ACL Analytics 10 uses serial Datetimes to evaluate date and time values 42004 = January 1, 2015 42004.50000 = January 1, 2015 12:00:00 0.75000 = 18:00:00New functions help convert these into recognizable date and times: STOD() – Serial to Date STODT() – Serial to Date and Time STOT() – Serial to Time
Serial date and time
Export to Results Manager
ACL Analytics 10 Results ManagerEXPORT
EXECUTE Command
Used to execute an application or process external to ACL Analytics 10
Emulates the Windows Run command
EXECUTE “Windows_Run_command_syntax” <ASYNC>
Command issued as part of a script ASYNC is Optional and specifies asynchronous
mode—the script will not pause and wait for the external process to complete
Creates a new system variable RETURN_CODE
EXECUTE Command
Examples of EXECUTE Command Open other applications and perform tasks required by
the script Open any file in its default application Perform file and folder administrative tasks Run external scripts or non-ACL batch files (.bat) Pass parameters to a batch file Run scripts in other projects Incorporate waiting periods in scripts Access data from network locations
Use FTP to access data from remote locations Zip or unzip data Encrypt or decrypt data Integrate with SQL databases Incorporate Active Directory account lists Integrate with VBScript Incorporate Windows task scheduling in scripts Open web pages
Examples of EXECUTE Command
Utilities for ACL
ABNChecker AddressChecker DirectorChecker_4_NZ DirectorChecker_4_AUS ?? Other…
Value added Utilities– free if on annual support, will only work if license is current
ACL Analytics 10 is the evolution of ACL™ Desktop Look forward to hearing your feedback Development team is already working on the next
release of ACL Analytics 10.x, due to be released in six months
Summary
Ask the Audience
Where would you like to see ACL improve?
– 1. Improved data access– 2. Improved free training for new / infrequent users– 3. Improved script development for power users– 4. Improved reporting and visualization tools– 5. New UI
V4.0.2
File Server
DATA
DATA
DATA
Versus…
ACL AX Solution
Managed Environment
SAP
ERP
AX Server
Data
ACL Desktop
MS Excel
Browser/Excel
Secure Data Access
Secure, Managed Environment
Data
Data
ACL AX SERVER
DataVersus…
ACL
Automation – Built-in Analytic Scheduler Server Analytic Processing Power
Content Management – Any File Type
Create analytics, perform ad-hoc analysis and remote analysis
Users access via Excel / Browser to run their own Analytics
Enterprise Data
SQL
ERP
Access virtually any data source and automate data feeds
AX Server
Manage the Exceptions
Audit Exchange becomes Analytics Exchange Platform for Enterprise Continuous Monitoring Improved Organization, Reuse & Results
Product Update – Analytics Exchange v4
Archive/RestoreAPI
Analytic Results
Analytic Chains
Install / Config 25+ Improvements
Automate Risk and Control Methodology – Project Manager
Provide Executive Relevance - Risk Manager (new!) Expanding the Reach of Analytics - Results Manager
(new!)
Product Update – ACL GRC
Data-drivenCloud
Context
Mobile
Alignment Value
Benefits of AX
Automate data extraction from multiple sources Administer roles & access permissions Share all analytics & engagements Enhanced security in a server environment Schedule and automate recurring tests to detects
exceptions as they happen Assign & automate exception management workflow Report exceptions in interactive dashboards Conduct ad-hoc investigation on analytic results with
server power
EVA Standard Suite of Analytical Tests
EVA for SAP ORACLE F1 …
VM
AP
CC
EM
Payroll
Inventory
SOD
Technical Support (0800 AuditNet Online Training Audit Videos Account representative Satori Support
ACL Support
ACL GRC
• Cloud based Audit Management solution
• Central repository for all data and information
• Standardise workflow and methodology
• Increase efficiency and productivity
• Facilitates communication between team and other
stakeholders
• Low cost of Ownership / High ROI
ACL GRC
Management tool for the complete audit cycle
3 Key Modules:• Risk Manager: Enterprise Risk Management• Project Manager: Electronic Workpapers, One Touch Reporting• Results Manager: ACL Analytics Integration, Exceptions
Management
ACL GRC
Risk Manager
Create your own Audit Universe
Risk Manager
Risk Assessment
Risk Manager
Graphical Visualisation
Projects Manager
Overview for Audit Manager
Projects Manager
Audit Log
Projects Manager Time Keeping
Audit Planning
Projects Manager Electronic Workpapers
Projects Manager Customisable One Touch Reporting
– Data draws directly from ACL GRC
Projects Manager Track-able requests to stakeholders
Results Manager Integration with ACL Analytics 10, ACL Analytics Exchange
Results Manager
Manage Exceptions
Thank You!
www.satorigroup.com.au