Download - ISACA NY- Data Analytics March 28 2013
ISACA NY- Data Analytics
March 28 2013
Michael P. Cangemi CPA Former CFO, CEO & ISACA Journal Editor
Senior Fellow Rutgers CA Lab
Senior Advisor CA-CM software companies
A Focus on CM and Analytics
ISACA Journal Editor-in-Chief 1987-2007
Rutgers CA Lab- Ad Board; SR Fellow
Approva - Advisory Board
Oversight Systems – Senior Advisor
CaseWare - Senior Advisor
Gartner BI & Analytics Conference 3-2013
My themes – expansion of CA and
analytics and CM in business
Clarification of Related Terminology
Continuous Auditing CA
Continuous Monitoring CM, CCM-T
Big Data and Data Analytics
NOTE: Yes all can be Manual but
Automation is revolutionary
Continuous Audit
Implemented by independent auditors
Use of automation for greater coverage
lower cost! automate low value tasks,...
better, faster, cheaper
Use software independently – as well as,
modules in existing software
Emerging fields of Continuous Analytics
and Enterprise GRC
2010 EDPACS – IA’S Role in CM
selected as #16 best article in last decade
Themes: CM invented by auditors
Continuous Monitoring (CM) is a business
operational issue swirling around in the
auditing and accounting professions
Recommendations to audit:
1. CA is very valuable expand your usage
2. Recommend CM to the business
Continuous Monitoring
Implemented and managed by the business
Used to improve business operations & controls,
management of the business and to drive
bottom line impact
embed CM controls, CCM- Transactions and beyond
Improve controls but also improve data quality,
customer experience, sales, reduce costs, improve
margins, prevent fraud, recover dupe payments and
lost revenue; review J/Es; improve gross profit
Case: CM in IT Security
IT security monitoring – ie: for viruses; network
attacks: is this for internal control or business
process improvement (BPO)?
Consider; -used by management, sometimes as
part of the system on IC, or it can also be
used as part of BPO, which most times have
IC improvement aspects.
FERF 2011 research:
The Benefits of Continuous Monitoring
C-Level focus – for CFOs
Started with a Literature Search
11 company interviews: IBM, UTC, Intel,
JC Penney, Microsoft, Wells Fargo, HP...
KEY FINDING: Leading
companies recognize the
importance of and use CA&CM
Case: CM – for FCPA
DOJ looking for systems approach=CM
Morgan Stanley – MD conspired with
Chinese public official
Morgan Stanley exonerated
SEC & DOJ praised them for having a
solid compliance program in place using
CM
BIG DATA and Analytics
Advancing automation : Digital processing and storage
Everyone has lots of Data
Then the internet and social media Wow – there is a whole lot more data
Buzz word – BIG Data Natural evolution: Headlines – what are you doing
with your BIG DATA
Action with = BI & Analytics
Evolution continues
Where does CA and CM fit in the world of
technology and business ????
CA – 85% of large audit functions have tools, but
very limited usage
CM – considered part of the emerging Enterprise
GRC and Continuous transactions monitoring;
future prep for BI
Gartner Research
Magic Quadrant Enterprise GRC
Platforms Oct 2012
Only one CM vendor mentioned Oversight
Systems as SAP GRC partner
Transaction Controls Monitoring
November 2012
TCM to lower compliance and audit costs
CaseWare; ACL; Oversight Systems; Infor –
Approva …
Gartner new EGRC MQ
Did not list CA or CM vendors
Will they add a CA-CM magic Q or fold
this software in ??????
Are we beginning a new phase
CM in E-GRC? in BPI? In BI as continuous
analytics?
CA tools expansion and integration with CM
The BI and Analytics Industry
Per Gartner Magic Quadrants
Data mining 1.9 B, growing 9 %.
Data quality 1.5 B, growing 15%.
Data warehouse Part of DBMs 20B
Bus Intelligence and Analytics. 5 B
Corp performance ( &Finance)
management 2.6 B
World Class Audit –Next Steps
Former CAE: What makes a world class
audit organization?
Good people (an organization)
Following well thought out procedures
Focused on significant issues and positive
deliverables to the business
Book- Managing the Audit Function
Management, IT, Financial Governance 17 Cangemi Company, LLC
Suggestion for Audit –IT Audit
1. IA - greater coverage lower cost!
automate low value tasks,... better,
faster, cheaper 1. Continuous Audit & Monitoring
2. Analytics and automated GRC
2. Drive bottom line impact.... "advise the
business, embed CM controls in operations”
1. - Reduce costs, improve margins, prevent fraud,
recover dupe payments and lost revenue; review
J/Es etc.
IT Audit: FERF Research and IA
Many good examples of IA leading the
way with CM recommendations (page 13)
Independence issues are addressed at
AEP, HP, IBM and JCP
CM can change the scope of internal and
external audits
IBM uses bi-directional design with CM
process leading to Enhanced Audit (EA)
Barriers: FERF Research: Benefits of CM
CM programs require a focus and
commitment of resources;
Some focus on ROI
Others focus on operational effectiveness
and risk reduction- (Intel Quote; Dow SAP)
CA-CM programs need a champion
IA Evangelists – they get CA and CM
Emerging Compliance Departments & CofE
New Frontiers March Madness
Coaches Gobble UP Analytics USA Today
Synergy Sports Technology – interactive
video box scores – all 30 NBA teams
Click on a number and see video of the play
Mercedes Benz M-Class SUV
ATTENTION ASSIST system continuously
monitors over 70 different…
TV Drama – A Person of Interest – Monitors
Data and surveillance cameras
The Future and your role
Automation has been a driving force, my
entire career
Advice
step away – a portion of time for new
initiatives
be creative – take the risks of change
Show your leadership
Enjoy the rewards!!!!
The old audit model will end
Technology and real time data will force
a change
SEC Robo-COP
Real time multi company audit –Coney
Begin your expanded CA and expanded
analytics today – with ISACA NY
Metropolitan Chapter
Cangemi Company LLC
Business Advisory and Media Services
Boards; Audit Committees; Internal Audit Mgt.;
GRC:IT Governance-Continuous Monitoring &
Analytics; Strategic Planning and Business Growth
Media –Keynotes; business forums
Book -Managing the Audit Function;
available at Amazon, Wiley
[email protected] www.canco.us
Management, IT, Financial Governance 26 Cangemi Company, LLC
CA-CM is a Process
CM is a process & foundation technology
Process - it can be manual;
Technology -can use existing software tools
Like Excel – once you have it – you will
expand the usage
FEI Research -Best Practices
Continuous Audit – 100% audit
P to P (UTC);
Order to Cash (IBM)
A/P; T&E; Payroll (MSFT- JCPenny)
Health Insurance Claims (Blue
Cross/Blue Shield of North Carolina)
Financial Surveillance (CME)
Apps configurations; IT Risks- plus (HP)
More Best Practices
GL--JEs;
Retail POS for fraud - Aigner
Physical Inventory - Aigner
GP – margin optimization
Pricing – revenue recognition
Old Favorites:
Deterrents
Updated Policies
FCPA
Oversight Systems announce its FCPA &
National Security Risk solution
New modules:
Automated Risk Identification and
Tracking
Global Risk Analysis
Suspicion Index