SlideShare a Scribd company logo

Auditing ERP Applications and Cloud - TACS 2011

Ee Chuan Yoong
Ee Chuan Yoong

This presentation aims to clarify how we can make use of data analytics tools and techniques to cut through the complexity of data to focus on what we want to know. Case studies on auditing staff and medical claims as well as procurement and payments review will help illustrate the principles that one can adopt to cut through the complexity to zoom in on what is of importance to the auditor or controls professional. It aims to share how we can “make sense out of nonsense” if we understand our data, apply basic data analytical approaches to access the data and to generate the information that we need to solve business problems or to make business decisions.

BusinessTechnology
1 of 31
Download to read offline
Audit Testing ERP Application and Connecting with Cloud Yoong Ee Chuan CISA, CISM, CPA, CIA
Agenda 1. Analysing how data analytics enhances audit testing of ERP applications 2. Exploring different data analytics and computer assisted audit tools and techniques 3. Understanding the risks of hosting ERP data with cloud computing 4. Questions and answers
Audit Testing – ERP Applications What is Data Analytics? “Analysis of data is a process of inspecting, cleaning, transforming, and modeling data with the goal of highlighting useful information, suggesting conclusions, and supporting decision making. Data analysis has multiple facets and approaches, encompassing diverse techniques under a variety of names, in different business, science, and social science domains.” -- Source: http://en.wikipedia.org/wiki/Data_analysis • Some examples • Computer-assisted-audit tools/techniques • Data mining • Business intelligence • Statistical applications
Audit Testing – ERP Applications “Making sense out of nonsense!”
Analysing How Data Analytics Enhances Audit Testing of ERP Applications
Audit Testing – ERP Applications Challenges of Audit Testing ERP Applications • ERP systems provide wealth of information • If you can access it quickly, efficiently and effectively • Challenges include • Lack of IT knowledge and skills by auditor • Lack of knowledge of ERP package/module • Lack of SQL, query language • Overwhelming transaction volume from computerised records • difficult to agreggate information for meaningful analysis • cannot see the forest for the trees • Access to data usually requires help of Information Technology , Finance and Operations to obtain reports and analysis needed • Use of data analytics allows the stories behind the data to emerge based on the questions the auditor asks
Audit Testing – ERP Applications Why Use Data Analytics for Audit Testing ERP Applications? • Increasing quantity and quality of data available • Larger organisations typically have Enterprise Resource Planning (ERP) implementations • Human Resources/Payroll • Financial Accounting/Management Reporting • Accounts Payables • Accounts Receivables • Fixed Assets/Inventory • General Ledge • Project Management/Costing • Core business applications for operations • Business transactions captured in the bits and bytes of data residing in ERP systems
Audit Testing – ERP Applications • Ability to analyse the underlying data representing business transactions in meaningful ways: • Empowers auditors to understand the business risks • Use in audit planning and risk assessment • Surveying audit universe from financial and operating data • Summarisation of key fields by department, divisions, sections • Helps to flag out areas of interest, potential misstatement, non-compliance and potential fraud risks • Ascertain compliance with business policies and procedures: • Carry out detailed substantive and compliance auditing procedures • 100% testing instead of sampling • Enhanced assurance and coverage • Provides sufficient and appropriate evidence for audit reporting • Exceptions are specific transactions flagged out by the data analytics tools
Exploring Different Data Analytics and Computer Assisted Audit Tools and Techniques (CAATs)
Exploring Data Analytics & CAATs • You already have them! • Data analytics software • Key characteristics • Slice and dice to what you desire • Filter, sort, summarise, total, count, chart, pivot • E.g.s Microsoft Excel, Acccess, Open Office Calc, Google Docs etc. • IDEA, ACL, SPSS etc • There is no “perfect” tool • Match the tools to the skillsets, experience, availability
Exploring Data Analytics & CAATs Example: Interactive Data Extraction and Analysis (IDEA) • Caseware IDEA - Data analysis / generalised audit software / computer- assisted audit tool Caveats: Auditors / control professionals still need to: • Audit objectives • Need to understand business application and data residing in system • Need to know what is the audit issue/business problem. • Need to define that data needed and apply the right analysis to derive the answers • Answers may not always be 100% conclusive, still need professional judgement and other corroborating evidence
Exploring Data Analytics & CAATs Source: Caseware IDEA
Auditing ERP Applications – Case Study Audit of Staff Claims • Medical Claims • Transport Claims Why audit ERP applications using data analytics? • Data analysis approach allows detection of non-compliances and help organisation achieve value-for-money • Review ALL (100%) of transactions vs sample 30 claims How to approach audit of ERP applications • Step 1: Import data from ERP system i.e. Excel or flat files • Step 2: Define field definition (text, numeric, date) • Step 3: Run analysis i.e. exceptions, duplicates, patterns • Step 4: Report exceptions, anomalies, patterns
Auditing ERP Applications – Case Study
Use of IDEA in Audit of Staff Claims (Medical) Detecting Duplicate Claims Obtain list of staff medical claims from ERP system for period of interest ( e.g. all transactions for 1 year) Identify key fields for testing i.e. “RECEIPT NO.” , “STAFF ID” and “CLINIC/HOSPITAL” Summarise by “STAFF ID”, followed by “RECEIPT NO.” and analyse for anomalies Run duplicates test on “RECEIPT NO.”
Use of IDEA in Audit of Staff Claims (Medical) Detecting Duplicate Claims Obtain data, identify fields of interest i.e. “RECEIPT NO.”, “RECEIPT DATE”, “STAFF ID” Run duplicates test on “RECEIPT NO.” and “RECEIPT DATE” Query HR on duplicate payment
Use of IDEA in Audit of Staff Claims (Transport) Detecting Erroneous Claims Audit Observation #1 Non-deduction of Normal Travel Expenses from Office to Home for journeys Starting or Ending from Home • Obtain staff travel claims data for 1 year • Identify fields of interest i.e. “FROM”, “FROM_TO_HOME”, 1 “OFF_DAY”, “STAFF ID” • Extract FROM = “Home”, FROM_TO_HOME = “N” and OFF_DAY = “N” 2 • Do similar for TO = “Home” etc. • Flags out all transactions where staff did not deduct the cost of journeys starting or ending at “home” since reimbursement policy does not allow claims for journeys 3 made from home to workplace
Use of IDEA in Audit of Staff Claims (Transport) Detecting Erroneous Claims Audit Observation #2 Possible Duplicate Taxi Claims and Claims without Valid Taxi Receipt Numbers • Obtain staff travel claims data for 1 year • Identify fields of interest i.e. “RECEIPT_NO” 1 • Extract data where “RECEIPT_NO” is not “” and test for duplicates 2 • Extract data where “RECEIPT_NO” is “” (blank) • Flag out all exceptions to business rules and query department responsible for anomalies 3
Use of IDEA in Audit of Staff Claims (Transport) Detecting Erroneous Claims Audit Observation #3 Unusual multiple journeys within the same day by same staff • Obtain staff travel claims data for 1 year • Identify fields of interest i.e. “RECEIPT DATE”, “STAFF ID” 1 • Summarise by “RECEIPT DATE” and “STAFF ID” • Sort by “NO_OF_RECS” (no. of records) 2 • High “NO_OF_RECS” indicate multiple journeys made on same day by same staff. Unusual unless staff is doing 3 delivery
Use of IDEA in Audit of Staff Claims Using a Data Driven in Auditing ERP Understand • Walkthrough and document business process • Identify key controls for testing business process Obtain data of • Identify and understand data available • Key fields for testing interest • Do field statistics or summarise all fields to get Get big picture overall picture of data Analyse for • Run analysis for exceptions to business rules exceptions
Understanding the Risks of Hosting ERP Data with Cloud Computing
Connecting with Cloud Cloud Computing is already here: • Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software and information are provided to computers and other devices as a utility (like the electricity grid) over a network (typically the Internet). -- Wikipedia (http://en.wikipedia.org/wiki/Cloud_computing) • Cloud computing in consumer space is pervasive • Email services: e.g. Google Gmail, Microsoft Hotmail • Instant messenging: e.g. Yahoo Messenger, Microsoft Live, Gmail Gtalk • Web content management: e.g. blogger, wordpress • Cloud computing in business space is growing • Refer to OpenCloud Taxonomy
Connecting with Cloud
Connecting with Cloud
Connecting with Cloud Issues relating to Cloud Computing: • Key Issues: Security (Source: Trustworthy Computing: Privacy in the Cloud Computing Era – November 2009, Microsoft) • Are hosted data and applications within the cloud protected by suitably robust privacy policies? • Are cloud computing provider’s technical infrastructure, applications and processes secure? • Are processes in place to support appropriate action in the event of an incident that affects privacy or security?
Connecting with Cloud
Connecting with Cloud Public Sector Perspective • Government Instruction Manual No. 8 (IM8) has been in force • Policy on Infocomm Technology (ICT) Security • Recent update (vide MICA ICT Circular No. 2/2011 on 2 June 2011): Policy now applies to ICT security of systems used to store, process or access Government Data • Previously related to, “Systems owned by government agencies” • Covers new situations where data resides in commercial vendor’s systems and not systems owned by government agencies e.g. where cloud is involved
Connecting with Cloud NP Experience • Education sector – drive towards cloud adoption • Student Email serivces: • From Lotus Notes  MS Connectmail • Cost savings in infrastructure, security and administration • Mobile Student Assessment for Clinical Attachment • Health Sciences (Nursing) students • Practicums and clinical attachments to hospital big part of course curriculum • Assessment using traditional written examination enhanced • Using assessment application developed by 3rd party vendor for iPod Touch • iPod Touch  Application  Database of student assessment records for practicum on Cloud
Connecting with Cloud NP Experience • Internal Audit’s response • IT security control objectives do not change • Refer to compliance model (figure 6 – Mapping the Cloud Model to the Security Control & Compliance model) to help understand gaps • However, cloud deployment of applications and hosting of data re-raises some of the outsourcing risks where vendors are managing your information assets • Assess risks and sensitivity of data • In accordance to IM8 requirements?
Questions & Answers
THANK YOU Yoong Ee Chuan CPA CIA CISA CISM Email: yekker@gmail.com

Recommended

Using Data Analytics To Enhance Spend Management Control In The Public Sector...
Using Data Analytics To Enhance Spend Management Control In The Public Sector...Using Data Analytics To Enhance Spend Management Control In The Public Sector...
Using Data Analytics To Enhance Spend Management Control In The Public Sector...Ee Chuan Yoong
 
IDEA 10.3 Launch Webinar
IDEA 10.3 Launch WebinarIDEA 10.3 Launch Webinar
IDEA 10.3 Launch WebinarCaseWare IDEA
 
Audit Webinar How to get the right data for your audit in 3 easy steps
Audit Webinar How to get the right data for your audit in 3 easy stepsAudit Webinar How to get the right data for your audit in 3 easy steps
Audit Webinar How to get the right data for your audit in 3 easy stepsCaseWare IDEA
 
Introduction to caat
Introduction to caatIntroduction to caat
Introduction to caatArti Parab Academics
 
Data Capture Market of 2014 - Navigating Competitive Landscape
Data Capture Market of 2014 - Navigating Competitive LandscapeData Capture Market of 2014 - Navigating Competitive Landscape
Data Capture Market of 2014 - Navigating Competitive LandscapeDmitri Khanine
 
ERP Readiness Audit Importance for ERP Project Success
ERP Readiness Audit Importance for ERP Project SuccessERP Readiness Audit Importance for ERP Project Success
ERP Readiness Audit Importance for ERP Project Successvelcomerp
 
Erp post implementation audit
Erp post implementation auditErp post implementation audit
Erp post implementation auditvelcomerp
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information SystemsAhmad Tariq Bhatti
 

Recommended

Using Data Analytics To Enhance Spend Management Control In The Public Sector...
Using Data Analytics To Enhance Spend Management Control In The Public Sector...Using Data Analytics To Enhance Spend Management Control In The Public Sector...
Using Data Analytics To Enhance Spend Management Control In The Public Sector...Ee Chuan Yoong
 
IDEA 10.3 Launch Webinar
IDEA 10.3 Launch WebinarIDEA 10.3 Launch Webinar
IDEA 10.3 Launch WebinarCaseWare IDEA
 
Audit Webinar How to get the right data for your audit in 3 easy steps
Audit Webinar How to get the right data for your audit in 3 easy stepsAudit Webinar How to get the right data for your audit in 3 easy steps
Audit Webinar How to get the right data for your audit in 3 easy stepsCaseWare IDEA
 
Introduction to caat
Introduction to caatIntroduction to caat
Introduction to caatArti Parab Academics
 
Data Capture Market of 2014 - Navigating Competitive Landscape
Data Capture Market of 2014 - Navigating Competitive LandscapeData Capture Market of 2014 - Navigating Competitive Landscape
Data Capture Market of 2014 - Navigating Competitive LandscapeDmitri Khanine
 
ERP Readiness Audit Importance for ERP Project Success
ERP Readiness Audit Importance for ERP Project SuccessERP Readiness Audit Importance for ERP Project Success
ERP Readiness Audit Importance for ERP Project Successvelcomerp
 
Erp post implementation audit
Erp post implementation auditErp post implementation audit
Erp post implementation auditvelcomerp
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information SystemsAhmad Tariq Bhatti
 
Dev Dives: Mastering AI-powered Document Understanding
Dev Dives: Mastering AI-powered Document UnderstandingDev Dives: Mastering AI-powered Document Understanding
Dev Dives: Mastering AI-powered Document UnderstandingUiPathCommunity
 
Audit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsAudit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsCaseWare IDEA
 
Why You Need to STOP Using Spreadsheets for Audit Analysis
Why You Need to STOP Using Spreadsheets for Audit AnalysisWhy You Need to STOP Using Spreadsheets for Audit Analysis
Why You Need to STOP Using Spreadsheets for Audit AnalysisCaseWare IDEA
 
When the business needs intelligence (15Oct2014)
When the business needs intelligence (15Oct2014)When the business needs intelligence (15Oct2014)
When the business needs intelligence (15Oct2014)Dipti Patil
 
ppt for idea (1).pptx
ppt for idea (1).pptxppt for idea (1).pptx
ppt for idea (1).pptxsatgup78
 
Introduction to CaseWare IDEA - Designed by Auditors for Auditors
Introduction to CaseWare IDEA - Designed by Auditors for AuditorsIntroduction to CaseWare IDEA - Designed by Auditors for Auditors
Introduction to CaseWare IDEA - Designed by Auditors for AuditorsCaseWare IDEA
 
How to find new ways to add value to your audits
How to find new ways to add value to your auditsHow to find new ways to add value to your audits
How to find new ways to add value to your auditsCaseWare IDEA
 
Introduction to Data Analytics - PPM.pptx
Introduction to Data Analytics - PPM.pptxIntroduction to Data Analytics - PPM.pptx
Introduction to Data Analytics - PPM.pptxssuser5cdaa93
 
Introduction to Data mining
Introduction to Data miningIntroduction to Data mining
Introduction to Data miningHadi Fadlallah
 
Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLJim Kaplan CIA CFE
 
Audit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data AnalyticsAudit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data AnalyticsCaseWare IDEA
 
Gather DATA to identify business requirements.pptx
Gather DATA to identify business requirements.pptxGather DATA to identify business requirements.pptx
Gather DATA to identify business requirements.pptxgashawmekonnen4
 
KIT601 Unit I.pptx
KIT601 Unit I.pptxKIT601 Unit I.pptx
KIT601 Unit I.pptxLBSIMDS, Lucknow
 
Jgordonres jan262016
Jgordonres jan262016Jgordonres jan262016
Jgordonres jan262016Juedienne Gordon
 
jgordonresJan262016
jgordonresJan262016jgordonresJan262016
jgordonresJan262016Juedienne Gordon
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldCaseWare IDEA
 
Measuring the Success of Cloud-Based Services
Measuring the Success of Cloud-Based ServicesMeasuring the Success of Cloud-Based Services
Measuring the Success of Cloud-Based ServicesVistara
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls FactoryNathan Anderson
 
Predictive Human Capital Analytics (1).pptx
Predictive Human Capital Analytics (1).pptxPredictive Human Capital Analytics (1).pptx
Predictive Human Capital Analytics (1).pptxSaminaNawaz14
 
Introduction to Big Data Analytics
Introduction to Big Data AnalyticsIntroduction to Big Data Analytics
Introduction to Big Data AnalyticsUtkarsh Sharma
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 

More Related Content

Similar to Auditing ERP Applications and Cloud - TACS 2011

Dev Dives: Mastering AI-powered Document Understanding
Dev Dives: Mastering AI-powered Document UnderstandingDev Dives: Mastering AI-powered Document Understanding
Dev Dives: Mastering AI-powered Document UnderstandingUiPathCommunity
 
Audit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsAudit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsCaseWare IDEA
 
Why You Need to STOP Using Spreadsheets for Audit Analysis
Why You Need to STOP Using Spreadsheets for Audit AnalysisWhy You Need to STOP Using Spreadsheets for Audit Analysis
Why You Need to STOP Using Spreadsheets for Audit AnalysisCaseWare IDEA
 
When the business needs intelligence (15Oct2014)
When the business needs intelligence (15Oct2014)When the business needs intelligence (15Oct2014)
When the business needs intelligence (15Oct2014)Dipti Patil
 
ppt for idea (1).pptx
ppt for idea (1).pptxppt for idea (1).pptx
ppt for idea (1).pptxsatgup78
 
Introduction to CaseWare IDEA - Designed by Auditors for Auditors
Introduction to CaseWare IDEA - Designed by Auditors for AuditorsIntroduction to CaseWare IDEA - Designed by Auditors for Auditors
Introduction to CaseWare IDEA - Designed by Auditors for AuditorsCaseWare IDEA
 
How to find new ways to add value to your audits
How to find new ways to add value to your auditsHow to find new ways to add value to your audits
How to find new ways to add value to your auditsCaseWare IDEA
 
Introduction to Data Analytics - PPM.pptx
Introduction to Data Analytics - PPM.pptxIntroduction to Data Analytics - PPM.pptx
Introduction to Data Analytics - PPM.pptxssuser5cdaa93
 
Introduction to Data mining
Introduction to Data miningIntroduction to Data mining
Introduction to Data miningHadi Fadlallah
 
Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLJim Kaplan CIA CFE
 
Audit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data AnalyticsAudit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data AnalyticsCaseWare IDEA
 
Gather DATA to identify business requirements.pptx
Gather DATA to identify business requirements.pptxGather DATA to identify business requirements.pptx
Gather DATA to identify business requirements.pptxgashawmekonnen4
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldCaseWare IDEA
 
Measuring the Success of Cloud-Based Services
Measuring the Success of Cloud-Based ServicesMeasuring the Success of Cloud-Based Services
Measuring the Success of Cloud-Based ServicesVistara
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls FactoryNathan Anderson
 
Predictive Human Capital Analytics (1).pptx
Predictive Human Capital Analytics (1).pptxPredictive Human Capital Analytics (1).pptx
Predictive Human Capital Analytics (1).pptxSaminaNawaz14
 
Introduction to Big Data Analytics
Introduction to Big Data AnalyticsIntroduction to Big Data Analytics
Introduction to Big Data AnalyticsUtkarsh Sharma
 

Similar to Auditing ERP Applications and Cloud - TACS 2011 (20)

Dev Dives: Mastering AI-powered Document Understanding
Dev Dives: Mastering AI-powered Document UnderstandingDev Dives: Mastering AI-powered Document Understanding
Dev Dives: Mastering AI-powered Document Understanding
 
Audit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsAudit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data Analytics
 
Why You Need to STOP Using Spreadsheets for Audit Analysis
Why You Need to STOP Using Spreadsheets for Audit AnalysisWhy You Need to STOP Using Spreadsheets for Audit Analysis
Why You Need to STOP Using Spreadsheets for Audit Analysis
 
When the business needs intelligence (15Oct2014)
When the business needs intelligence (15Oct2014)When the business needs intelligence (15Oct2014)
When the business needs intelligence (15Oct2014)
 
ppt for idea (1).pptx
ppt for idea (1).pptxppt for idea (1).pptx
ppt for idea (1).pptx
 
Introduction to CaseWare IDEA - Designed by Auditors for Auditors
Introduction to CaseWare IDEA - Designed by Auditors for AuditorsIntroduction to CaseWare IDEA - Designed by Auditors for Auditors
Introduction to CaseWare IDEA - Designed by Auditors for Auditors
 
How to find new ways to add value to your audits
How to find new ways to add value to your auditsHow to find new ways to add value to your audits
How to find new ways to add value to your audits
 
Introduction to Data Analytics - PPM.pptx
Introduction to Data Analytics - PPM.pptxIntroduction to Data Analytics - PPM.pptx
Introduction to Data Analytics - PPM.pptx
 
Introduction to Data mining
Introduction to Data miningIntroduction to Data mining
Introduction to Data mining
 
Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACL
 
Audit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data AnalyticsAudit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data Analytics
 
Gather DATA to identify business requirements.pptx
Gather DATA to identify business requirements.pptxGather DATA to identify business requirements.pptx
Gather DATA to identify business requirements.pptx
 
KIT601 Unit I.pptx
KIT601 Unit I.pptxKIT601 Unit I.pptx
KIT601 Unit I.pptx
 
Jgordonres jan262016
Jgordonres jan262016Jgordonres jan262016
Jgordonres jan262016
 
jgordonresJan262016
jgordonresJan262016jgordonresJan262016
jgordonresJan262016
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital world
 
Measuring the Success of Cloud-Based Services
Measuring the Success of Cloud-Based ServicesMeasuring the Success of Cloud-Based Services
Measuring the Success of Cloud-Based Services
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory
 
Predictive Human Capital Analytics (1).pptx
Predictive Human Capital Analytics (1).pptxPredictive Human Capital Analytics (1).pptx
Predictive Human Capital Analytics (1).pptx
 
Introduction to Big Data Analytics
Introduction to Big Data AnalyticsIntroduction to Big Data Analytics
Introduction to Big Data Analytics
 

Recently uploaded

9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...Suhani Kapoor
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 

Recently uploaded (20)

9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 

Auditing ERP Applications and Cloud - TACS 2011

  • 1. Audit Testing ERP Application and Connecting with Cloud Yoong Ee Chuan CISA, CISM, CPA, CIA
  • 2. Agenda 1. Analysing how data analytics enhances audit testing of ERP applications 2. Exploring different data analytics and computer assisted audit tools and techniques 3. Understanding the risks of hosting ERP data with cloud computing 4. Questions and answers
  • 3. Audit Testing – ERP Applications What is Data Analytics? “Analysis of data is a process of inspecting, cleaning, transforming, and modeling data with the goal of highlighting useful information, suggesting conclusions, and supporting decision making. Data analysis has multiple facets and approaches, encompassing diverse techniques under a variety of names, in different business, science, and social science domains.” -- Source: http://en.wikipedia.org/wiki/Data_analysis • Some examples • Computer-assisted-audit tools/techniques • Data mining • Business intelligence • Statistical applications
  • 4. Audit Testing – ERP Applications “Making sense out of nonsense!”
  • 5. Analysing How Data Analytics Enhances Audit Testing of ERP Applications
  • 6. Audit Testing – ERP Applications Challenges of Audit Testing ERP Applications • ERP systems provide wealth of information • If you can access it quickly, efficiently and effectively • Challenges include • Lack of IT knowledge and skills by auditor • Lack of knowledge of ERP package/module • Lack of SQL, query language • Overwhelming transaction volume from computerised records • difficult to agreggate information for meaningful analysis • cannot see the forest for the trees • Access to data usually requires help of Information Technology , Finance and Operations to obtain reports and analysis needed • Use of data analytics allows the stories behind the data to emerge based on the questions the auditor asks
  • 7. Audit Testing – ERP Applications Why Use Data Analytics for Audit Testing ERP Applications? • Increasing quantity and quality of data available • Larger organisations typically have Enterprise Resource Planning (ERP) implementations • Human Resources/Payroll • Financial Accounting/Management Reporting • Accounts Payables • Accounts Receivables • Fixed Assets/Inventory • General Ledge • Project Management/Costing • Core business applications for operations • Business transactions captured in the bits and bytes of data residing in ERP systems
  • 8. Audit Testing – ERP Applications • Ability to analyse the underlying data representing business transactions in meaningful ways: • Empowers auditors to understand the business risks • Use in audit planning and risk assessment • Surveying audit universe from financial and operating data • Summarisation of key fields by department, divisions, sections • Helps to flag out areas of interest, potential misstatement, non-compliance and potential fraud risks • Ascertain compliance with business policies and procedures: • Carry out detailed substantive and compliance auditing procedures • 100% testing instead of sampling • Enhanced assurance and coverage • Provides sufficient and appropriate evidence for audit reporting • Exceptions are specific transactions flagged out by the data analytics tools
  • 9. Exploring Different Data Analytics and Computer Assisted Audit Tools and Techniques (CAATs)
  • 10. Exploring Data Analytics & CAATs • You already have them! • Data analytics software • Key characteristics • Slice and dice to what you desire • Filter, sort, summarise, total, count, chart, pivot • E.g.s Microsoft Excel, Acccess, Open Office Calc, Google Docs etc. • IDEA, ACL, SPSS etc • There is no “perfect” tool • Match the tools to the skillsets, experience, availability
  • 11. Exploring Data Analytics & CAATs Example: Interactive Data Extraction and Analysis (IDEA) • Caseware IDEA - Data analysis / generalised audit software / computer- assisted audit tool Caveats: Auditors / control professionals still need to: • Audit objectives • Need to understand business application and data residing in system • Need to know what is the audit issue/business problem. • Need to define that data needed and apply the right analysis to derive the answers • Answers may not always be 100% conclusive, still need professional judgement and other corroborating evidence
  • 12. Exploring Data Analytics & CAATs Source: Caseware IDEA
  • 13. Auditing ERP Applications – Case Study Audit of Staff Claims • Medical Claims • Transport Claims Why audit ERP applications using data analytics? • Data analysis approach allows detection of non-compliances and help organisation achieve value-for-money • Review ALL (100%) of transactions vs sample 30 claims How to approach audit of ERP applications • Step 1: Import data from ERP system i.e. Excel or flat files • Step 2: Define field definition (text, numeric, date) • Step 3: Run analysis i.e. exceptions, duplicates, patterns • Step 4: Report exceptions, anomalies, patterns
  • 14. Auditing ERP Applications – Case Study
  • 15. Use of IDEA in Audit of Staff Claims (Medical) Detecting Duplicate Claims Obtain list of staff medical claims from ERP system for period of interest ( e.g. all transactions for 1 year) Identify key fields for testing i.e. “RECEIPT NO.” , “STAFF ID” and “CLINIC/HOSPITAL” Summarise by “STAFF ID”, followed by “RECEIPT NO.” and analyse for anomalies Run duplicates test on “RECEIPT NO.”
  • 16. Use of IDEA in Audit of Staff Claims (Medical) Detecting Duplicate Claims Obtain data, identify fields of interest i.e. “RECEIPT NO.”, “RECEIPT DATE”, “STAFF ID” Run duplicates test on “RECEIPT NO.” and “RECEIPT DATE” Query HR on duplicate payment
  • 17. Use of IDEA in Audit of Staff Claims (Transport) Detecting Erroneous Claims Audit Observation #1 Non-deduction of Normal Travel Expenses from Office to Home for journeys Starting or Ending from Home • Obtain staff travel claims data for 1 year • Identify fields of interest i.e. “FROM”, “FROM_TO_HOME”, 1 “OFF_DAY”, “STAFF ID” • Extract FROM = “Home”, FROM_TO_HOME = “N” and OFF_DAY = “N” 2 • Do similar for TO = “Home” etc. • Flags out all transactions where staff did not deduct the cost of journeys starting or ending at “home” since reimbursement policy does not allow claims for journeys 3 made from home to workplace
  • 18. Use of IDEA in Audit of Staff Claims (Transport) Detecting Erroneous Claims Audit Observation #2 Possible Duplicate Taxi Claims and Claims without Valid Taxi Receipt Numbers • Obtain staff travel claims data for 1 year • Identify fields of interest i.e. “RECEIPT_NO” 1 • Extract data where “RECEIPT_NO” is not “” and test for duplicates 2 • Extract data where “RECEIPT_NO” is “” (blank) • Flag out all exceptions to business rules and query department responsible for anomalies 3
  • 19. Use of IDEA in Audit of Staff Claims (Transport) Detecting Erroneous Claims Audit Observation #3 Unusual multiple journeys within the same day by same staff • Obtain staff travel claims data for 1 year • Identify fields of interest i.e. “RECEIPT DATE”, “STAFF ID” 1 • Summarise by “RECEIPT DATE” and “STAFF ID” • Sort by “NO_OF_RECS” (no. of records) 2 • High “NO_OF_RECS” indicate multiple journeys made on same day by same staff. Unusual unless staff is doing 3 delivery
  • 20. Use of IDEA in Audit of Staff Claims Using a Data Driven in Auditing ERP Understand • Walkthrough and document business process • Identify key controls for testing business process Obtain data of • Identify and understand data available • Key fields for testing interest • Do field statistics or summarise all fields to get Get big picture overall picture of data Analyse for • Run analysis for exceptions to business rules exceptions
  • 21. Understanding the Risks of Hosting ERP Data with Cloud Computing
  • 22. Connecting with Cloud Cloud Computing is already here: • Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software and information are provided to computers and other devices as a utility (like the electricity grid) over a network (typically the Internet). -- Wikipedia (http://en.wikipedia.org/wiki/Cloud_computing) • Cloud computing in consumer space is pervasive • Email services: e.g. Google Gmail, Microsoft Hotmail • Instant messenging: e.g. Yahoo Messenger, Microsoft Live, Gmail Gtalk • Web content management: e.g. blogger, wordpress • Cloud computing in business space is growing • Refer to OpenCloud Taxonomy
  • 25. Connecting with Cloud Issues relating to Cloud Computing: • Key Issues: Security (Source: Trustworthy Computing: Privacy in the Cloud Computing Era – November 2009, Microsoft) • Are hosted data and applications within the cloud protected by suitably robust privacy policies? • Are cloud computing provider’s technical infrastructure, applications and processes secure? • Are processes in place to support appropriate action in the event of an incident that affects privacy or security?
  • 27. Connecting with Cloud Public Sector Perspective • Government Instruction Manual No. 8 (IM8) has been in force • Policy on Infocomm Technology (ICT) Security • Recent update (vide MICA ICT Circular No. 2/2011 on 2 June 2011): Policy now applies to ICT security of systems used to store, process or access Government Data • Previously related to, “Systems owned by government agencies” • Covers new situations where data resides in commercial vendor’s systems and not systems owned by government agencies e.g. where cloud is involved
  • 28. Connecting with Cloud NP Experience • Education sector – drive towards cloud adoption • Student Email serivces: • From Lotus Notes  MS Connectmail • Cost savings in infrastructure, security and administration • Mobile Student Assessment for Clinical Attachment • Health Sciences (Nursing) students • Practicums and clinical attachments to hospital big part of course curriculum • Assessment using traditional written examination enhanced • Using assessment application developed by 3rd party vendor for iPod Touch • iPod Touch  Application  Database of student assessment records for practicum on Cloud
  • 29. Connecting with Cloud NP Experience • Internal Audit’s response • IT security control objectives do not change • Refer to compliance model (figure 6 – Mapping the Cloud Model to the Security Control & Compliance model) to help understand gaps • However, cloud deployment of applications and hosting of data re-raises some of the outsourcing risks where vendors are managing your information assets • Assess risks and sensitivity of data • In accordance to IM8 requirements?
  • 31. THANK YOU Yoong Ee Chuan CPA CIA CISA CISM Email: yekker@gmail.com