colorado government finance officers association the ...introduction 3 matt bohdan, cpa, cia, mba...
TRANSCRIPT
Colorado Government Finance Officers AssociationThe Future of Internal Audit
July 23 - 24, 2020
1
Agenda
2
1) Introduction2) Key trends: Governance and Enterprise Risk Management3) Tools: Leveraging visualization, data analytics, and robotics4) Wrap-Up
Key trends: Governance and Enterprise Risk Management
4
The importance of internal control
5
• Minimize opportunities for errors and omissions• Identify small issues before they aggregate into big problems• Reduce the risk of intentional fraud
2013 COSO Internal Control Framework
6
This Framework is summarized by the COSO CUBE
COSO’s Internal Controls framework is based on three objectives and five components across the organization
COSO’s Components
COSO’s Objectives
In 1992, the Committee of Sponsoring Organizations of the Treadway Commission ("COSO") issued the original Internal Control—Integrated Framework ("1992 Framework").
Enterprise Risk Management
7
The culture, capabilities, and practices integrated with strategy-setting and performance, that
organizations rely on to manage risk in creating, preserving, and realizing value.
ERM framework foundation
8
Governance and culture
Strategy and objective setting
Performance
Review and revision
Information, communication, and reporting
Four key pillars
9
Process management around new and evolving risks
Preparedness for unexpected disasters
Staff roles and accountability
Holistic, enterprise-wide design
Tools: Leveraging visualization, data analytics, and robotics
10
Analytics and visualization
11
HEAT MAPDepicts all risks in the organization’s risk universe on a two-dimensional scale
Risks that represent the highest impact and likelihood,appear in the upper right area of the map.
Risks representing the lowestimpact and likelihood appear in the lower left area of the map.
Analytics and visualization
12
BULLET CHART
Depicts all risks in the organization’s risk universe using a multi-dimensional scale
Compares inherent risk and residual risk to show progress, gaps
Includes clear elements for risk velocity and overall appetite.
Analytics and visualization
13
General Ledger Risk Analysis
Control points analyze every transaction in the general ledger to identify transactions and/or trends that may be the result of erroneous, or potentially fraudulent, behavior.
Analysis of the risk associated with the transactions, accounts, and account groupings for a defined period.
Control points triggered and classified as high-risk by all sampled transactions.
Analytics and visualization
14
Classified transactions as low, medium, and high risk
Validated the consistency of low and medium risk transactions
highest risk transactions occurred in May and December, while there were no transactions in either July or September which rose to a high-risk status.
Risk breakdown by time period
Leveraging Robotics
15
Robotic process automation (RPA) is a business process automation technology software that utilizes specific commands in the form of robots to complete repetitive tasks
1. A software robot (bot) that automates repetitive rule-based actions performed electronically.
2. A digital worker that supplements or replicates work done by a real person.
3. A script that completes tasks quickly and with a low error rate.
Leveraging Robotics
16
Example: Internal Audit
17
Information System
ReportFilter report for unapproved
records
Export f iltered report to ResultsImports report
Auditor
Robot
Distribute email to unapproved supervisors
Review list and approve records
Import results from init ial distribution
Consolidate all unapproved records still
remaining after deadline
Send email with approved records
to robot
Client
Audit unapproved records, address
control performance improvement
Init iates audit / activates robot
Robot
18
RPA strengths and weaknesses
Significant ROI
Consistency
Increased Satisfaction
Does not Evolve with Processes
Requires Structured
Data
Major Change
Questions?
19
THANK YOU!
20