SlideShare una empresa de Scribd logo

AIA SOX Conference May 2009 - CCM & Data Analytics

P
prosenzw69

AIA SOX Conference - CCM & Data Analytics

TecnologíaEmpresariales
1 de 23
Descargar para leer sin conexión
Continuous Control Monitoring and Data Analytics AIA SOX Conference – May 11, 2009
Continuous Controls Monitoring (CCM)
Continuous monitoring vs. audit vs. assurance “Continuous monitoring refers to the processes that management puts in place to ensure that the policies, procedures, and business processes are operating effectively.” Continuous assurance Audit Results of continuous auditing and continuous monitoring process Audit testing of CM Continuous auditing Management Continuous monitoring Activities, transactions and events Business systems and processes Source: The IIA – Global Technology Audit Guide - Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment Page 3 May 11, 2009 CCM and Data Analytics
What is continuous control monitoring (CCM)? Continuous Controls Monitoring (CCM) is an integrated set of processes and techniques, enabled by technology, which is designed to help an organization: • Automate the monitoring of the control environment • Identify control exceptions continuously based upon pre- defined business rules • Identify process improvement opportunities and underlying root causes • Reduce risk spend Page 4 May 11, 2009 CCM and Data Analytics
Trends in the deployment of CCM Key trends: RISKS H • Many CCM deployments are focused mainly on access (SoD) and application controls – interest in Impact transaction monitoring is increasing • Budget and ownership of CCM is coming from Internal L Likelihood H Audit – long-term ownership Day-to-Day risks may be acceptable or require some resides in the business form of self assessment functions CCM—Mid-level risk areas may be suitable for automated analytics on data that is IT dependent • Software tools to extract and/or processed manually data and monitor controls Internal Audit—More judgmental risks and estimation processes may require more rigorous analytics and are maturing manually intensive assessment procedures Page 5 May 11, 2009 CCM and Data Analytics
Areas of Focus – Segregation of Duties Internal control environment Key Stakeholders Segregation Configurable Master file and of duties controls transaction data ► Detect and/or prevent user access and segregation of duties violations ► Identify and monitor users with access to sensitive areas within the application ► Facilitate user access provisioning and periodic access review process related to IT general controls Page 6 May 11, 2009 CCM and Data Analytics
Areas of Focus – Configurable Controls Internal control environment Key Stakeholders Segregation Configurable Master file and of duties controls transaction data ► Detect changes made to critical configurable controls settings ► Verify that system patches and program changes do not impact the integrity of configurable controls ► Enable comparison of configurable controls across business units and against leading practices Page 7 May 11, 2009 CCM and Data Analytics
Areas of Focus – Master File and Transaction Data Internal control environment Key Stakeholders Segregation Configurable Master file and of duties controls transaction data ► Monitor master file data and architecture for unauthorized or unusual changes ► Monitor transaction data for control exceptions based on pre-defined business rules Page 8 May 11, 2009 CCM and Data Analytics
Optimizing the value of CCM deployments To harvest the greatest value from a CCM deployment, the strategy should encompass security, controls, and process improvement objectives and sufficiently cover end-to-end processes. Business Improvement CCM capabilities are repeatable and holistic Value of CCM Initiative Process Improvement Focus: automated transactional analysis Controls Improvement Focus: automated application Current State controls testing for Many Organisations Compliance management Focus: monitoring of access controls / SoD requirements Maturity of CCM Competency Page 9 May 11, 2009 CCM and Data Analytics
CCM process flow Page 10 May 11, 2009 CCM and Data Analytics
Continuous control monitoring - exception management approach Business Process Management / Exceptions Internal Audit / Compliance / Shared Services Center Risk Management Functions Priority risk Segregation General Routine Potential Sensitive areas for of duties policy transaction fraudulent transactions monitoring conflicts violations exceptions activity activities Control owner notified Filter through of exception Blended approach: exceptions Operational SOX controls controls ► Shared ownership of exception management Review and validate process Validate exceptions exceptions with business owners ► Prioritized approach based on nature of Remediate and exceptions and sensitivity Remediate and address root cause of what is being address root cause monitored Document results of ► Increased accountability Document results of exception review and for controls exception review and remediation remediation Post review activities Monitor controls Trending analysis Process improvement dashboards Page 11 May 11, 2009 CCM and Data Analytics
The importance of a proper CCM road map A proper methodology is key to ensure that CCM objectives are properly captured, incorporated, and sustained. Executive Sponsorship Planning CCM Road Map & Design Rollout Identify Process Training on Define Perform Application Assess and Configure Reengineering Solution, Evaluate On-Going the CCM CCM & Remediate CCM & Define Reengineered Results Support Vision Diagnostic Automated Controls Solution Supporting Processes & Controls Policies Policies ROI Analysis Project Management Page 12 May 11, 2009 CCM and Data Analytics
Select CCM tools in the market Monitoring Capabilities CCM Tools Master File & Segregation of Configurable Transaction Duties Controls Data ACL (Continuous Controls Monitoring Solution) Approva Aveksa Blackline (Financial Statement Close Process) IDEA Oracle GRC (formerly Logical Apps) Oversight SAP GRC (formerly Virsa) Ernst & Young does not endorse any of these vendors or products listed above. Page 13 May 11, 2009 CCM and Data Analytics
CCM screenshot – illustrative example Page 14 May 11, 2009 CCM and Data Analytics
Data Analytics
Data analytics maturity model Optimizing Managed Defined Repeatable Initial Level 1 Level 2 Level 3 Level 4 Level 5 No formal data analytics Recognized as a value- Established data Methodology is Practices evolved in approach, procedures or add to the audit analytics methodology institutionalized level 1 through 4 are methodology Use of analytics is Management involved in used to continually Not yet institutionalized improve data Performed occasionally championed by mgmt. the on-going data Relies on a central analysis efforts analytical processes, at best group or single person Creation of data procedures and results Tools are not readily analysis models Management Tools are at a disposal, understands business Use of data analysis available Understanding of the however not applied issues and root cause for continuous controls Dependant on skills of consistently or correctly business meaning of monitoring limited number of SMR’s data analytic Re-performance of data procedures and results analytic procedures Increased proficiency in Advanced tools are used use of tools effectively Page 16 May 11, 2009 CCM and Data Analytics
Data analytics framework Business What will Predictive Data Modeling Intelligence Happen? Statistical, Econometric, Scenario-Based Why did it Modeling and Validation Knowledge happen? Revenue-Sharing Models, Root Cause Analysis, Legal Compliance What Descriptive Data Analysis Forensic Evidence , Queries, Profiling, MDA, Data/ Text Mining, Information What happened? Benchmarking, Surveys Is your Information Management Data data reliable? Data Governance, Data Conversion, Data Integrity Page 17 May 11, 2009 CCM and Data Analytics
Comparison of data analytics to traditional audit methods Traditional method ► Typically Labor-intensive manual collection / evaluation ► Limited samples / relatively infrequent tests ► Narrow time period / stressful remediation ► Test procedures are limited in scope ► Capability / benefit tends to lessen with complexity and as the organization evolves Data analytics ► Increased insight ► Typically automated collection / evaluation ► High sample sizes / decreased false positives ► Frees up resources to focus on other high-risk areas ► Frequent, faster and more accurate analysis ► Decrease in opportunity for human error ► Incremental and more extensive testing is practical Investment required Benefits earned ► Capability / benefit tends to increase with complexity and as the organization evolves Relatively higher initial costs for analytics can yield significantly more long-term benefit. Page 18 May 11, 2009 CCM and Data Analytics
Enhancing the audit process using data analytics ► Create sustainable methods for risk assessment and monitoring of the control environment ► Deploy resources effectively to accomplish audit plan objectives ► Quantify impact of identified issues in terms of dollars and frequency ► Increase focus on fraud detection procedures ► Gain valuable insight into business process and improvement opportunities ► Respond quickly to changing business needs and compliance requirements with flexible and repeatable procedures ► Forms the basis of continuous controls Page 19 May 11, 2009 CCM and Data Analytics
Applying analytics across the audit process Audit activity Example opportunities to use data analytics ► Identify risk assessment priorities by using information gathered from Risk assessment trend analysis, financial ratios and comparisons ► Assist with determining scope of audit plan activities (by size/relevance) ► Provide a preliminary “scan” of relevant audit information to drive project Audit planning scope, sampling and fieldwork procedures ► Support testing of controls in an efficient and comprehensive manner Fieldwork ► Identify anomalies, trends and potential fraud indicators procedures ► Supplement sample testing approaches with full-coverage data analytics ► Provide quantifiable, fact-based information for reportable issues and exceptions Reporting ► Supplement reporting with statistical and graphical information gathered during the audit ► Automate the ongoing monitoring of the control environment to a Monitoring and sustainable effort through timely exception notification and review trending ► Analyze trends in the company’s risk profile and identify opportunities for improvement Page 20 May 11, 2009 CCM and Data Analytics
Example data analytics Access monitoring analytics ► Segregation of duties assessment ► Key configuration changes Financial statement computer assisted audit techniques ► Journal entry analytics ► Accounts receivable analytics Contract audit analytics ► Royalty payment recalculations (incorrect sales figures, royalty rates) ► Invoicing inaccuracies (overpayments, duplicate transactions) Page 21 May 11, 2009 CCM and Data Analytics
Speakers’ Bio Peter Rosenzweig has more than 17 years of experience in the assessment, design, and implementation of complex risk management and internal control frameworks, including IT risk and control structures. Peter serves as regional subject matter resource in the application of Ernst & Young’s Enterprise Risk Management methodology and he has assisted various large organizations with the implementation or transformation of enterprise-wide risk management capabilities. Phone: 213.977.5849 peter.rosenzweig@ey.com Paul de Guzman is a Los Angeles-based Senior Manager with nine years of experience serving a variety of clients in both an assurance and advisory capacity. Services rendered by Paul to his clients include IT General Controls audit support, IT and business process and controls enhancement, SAS 70 audits, and system pre- and post- implementation reviews. In addition, Paul also provides data analytics in support of assurance services, contract risk services, fraud reviews, and continuous controls monitoring initiatives. Phone: 213.977.7692 paul.deguzman@ey.com
Thank you

Recomendados

Sym Sure Loan Portfolio
Sym Sure Loan PortfolioSym Sure Loan Portfolio
Sym Sure Loan Portfoliojjfrec07
 
Using BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldUsing BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldSchneider Electric
 
Leading US Healthcare Payer Transforms Multiple Processes with Newgen’s BPM S...
Leading US Healthcare Payer Transforms Multiple Processes with Newgen’s BPM S...Leading US Healthcare Payer Transforms Multiple Processes with Newgen’s BPM S...
Leading US Healthcare Payer Transforms Multiple Processes with Newgen’s BPM S...Newgen Software Technologies Limited
 
Newgen’s Healthcare Payer Practice
Newgen’s Healthcare Payer PracticeNewgen’s Healthcare Payer Practice
Newgen’s Healthcare Payer PracticeNewgen Software Technologies Limited
 
Advance controls 2013
Advance controls 2013Advance controls 2013
Advance controls 2013Zeeshan Khan
 
Business Rules Managment Systems; Maximizing Value
Business Rules Managment Systems; Maximizing ValueBusiness Rules Managment Systems; Maximizing Value
Business Rules Managment Systems; Maximizing ValueDavid Coleman
 
ProcessGene GRC Software Suite
ProcessGene GRC Software SuiteProcessGene GRC Software Suite
ProcessGene GRC Software SuiteProcessGene Ltd
 
Building control efficiency: Rationalization, optimization and redesign
Building control efficiency: Rationalization, optimization and redesign Building control efficiency: Rationalization, optimization and redesign
Building control efficiency: Rationalization, optimization and redesign Vladimir Matviychuk
 

Recomendados

Sym Sure Loan Portfolio
Sym Sure Loan PortfolioSym Sure Loan Portfolio
Sym Sure Loan Portfoliojjfrec07
 
Using BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldUsing BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldSchneider Electric
 
Leading US Healthcare Payer Transforms Multiple Processes with Newgen’s BPM S...
Leading US Healthcare Payer Transforms Multiple Processes with Newgen’s BPM S...Leading US Healthcare Payer Transforms Multiple Processes with Newgen’s BPM S...
Leading US Healthcare Payer Transforms Multiple Processes with Newgen’s BPM S...Newgen Software Technologies Limited
 
Newgen’s Healthcare Payer Practice
Newgen’s Healthcare Payer PracticeNewgen’s Healthcare Payer Practice
Newgen’s Healthcare Payer PracticeNewgen Software Technologies Limited
 
Advance controls 2013
Advance controls 2013Advance controls 2013
Advance controls 2013Zeeshan Khan
 
Business Rules Managment Systems; Maximizing Value
Business Rules Managment Systems; Maximizing ValueBusiness Rules Managment Systems; Maximizing Value
Business Rules Managment Systems; Maximizing ValueDavid Coleman
 
ProcessGene GRC Software Suite
ProcessGene GRC Software SuiteProcessGene GRC Software Suite
ProcessGene GRC Software SuiteProcessGene Ltd
 
Building control efficiency: Rationalization, optimization and redesign
Building control efficiency: Rationalization, optimization and redesign Building control efficiency: Rationalization, optimization and redesign
Building control efficiency: Rationalization, optimization and redesign Vladimir Matviychuk
 
Mukesh:IT Asset Management Pulse 2010
Mukesh:IT Asset Management Pulse 2010Mukesh:IT Asset Management Pulse 2010
Mukesh:IT Asset Management Pulse 2010Shanker Sareen
 
Case Studies Using Process as the Lever for Enterprise Change
Case Studies Using Process as the Lever for Enterprise ChangeCase Studies Using Process as the Lever for Enterprise Change
Case Studies Using Process as the Lever for Enterprise ChangeVincent Kwon
 
Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011Mark Ginnebaugh
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles PradeepBhanot
 
Aufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPMAufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPMDinesh Kumar P
 
Process Innovation vs. Governance, Risk and Compliance
Process Innovation vs. Governance, Risk and ComplianceProcess Innovation vs. Governance, Risk and Compliance
Process Innovation vs. Governance, Risk and ComplianceMichael zur Muehlen
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 
Enable process visbility: The Value Proposition for SAP customers
Enable process visbility: The Value Proposition for SAP customers Enable process visbility: The Value Proposition for SAP customers
Enable process visbility: The Value Proposition for SAP customers IBM WebSphereIndia
 
Managing and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's FirstManaging and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's FirstBCM Institute
 
Bpm nuts & bolts
Bpm nuts & boltsBpm nuts & bolts
Bpm nuts & boltsIncessant Technologies
 
Itil glossary
Itil glossaryItil glossary
Itil glossaryTridib Bose, PMP, CSQA, CSTE, CSM
 
BCM Roadmap
BCM RoadmapBCM Roadmap
BCM Roadmapbtrmuray
 
IBM Software Day 2013. Process innovation
IBM Software Day 2013. Process innovationIBM Software Day 2013. Process innovation
IBM Software Day 2013. Process innovationIBM (Middle East and Africa)
 
Delivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal UtilitiesDelivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal UtilitiesInfosys BPM
 
Step Fwd It
Step Fwd ItStep Fwd It
Step Fwd Itchrismannering
 
Introduction to the BPM Lifecycle
Introduction to the BPM LifecycleIntroduction to the BPM Lifecycle
Introduction to the BPM LifecycleMichael zur Muehlen
 
Selling to mid market pharmaceuticals
Selling to mid market pharmaceuticalsSelling to mid market pharmaceuticals
Selling to mid market pharmaceuticalsMerit Solutions
 
eFrame® for Insurance Solvency II Internal Model
eFrame® for Insurance Solvency II Internal ModeleFrame® for Insurance Solvency II Internal Model
eFrame® for Insurance Solvency II Internal ModelSecondFloor
 
Introduction to Business Process Management
Introduction to Business Process ManagementIntroduction to Business Process Management
Introduction to Business Process ManagementAppian
 
Predictive analytics
Predictive analytics Predictive analytics
Predictive analytics SAS Singapore Institute Pte Ltd
 
Indusrty Experience with the IBM Active Middleware Technology (AMiT)
Indusrty Experience with the IBM Active Middleware Technology (AMiT)Indusrty Experience with the IBM Active Middleware Technology (AMiT)
Indusrty Experience with the IBM Active Middleware Technology (AMiT)Ella Rabinovich
 

Más contenido relacionado

La actualidad más candente

Mukesh:IT Asset Management Pulse 2010
Mukesh:IT Asset Management Pulse 2010Mukesh:IT Asset Management Pulse 2010
Mukesh:IT Asset Management Pulse 2010Shanker Sareen
 
Case Studies Using Process as the Lever for Enterprise Change
Case Studies Using Process as the Lever for Enterprise ChangeCase Studies Using Process as the Lever for Enterprise Change
Case Studies Using Process as the Lever for Enterprise ChangeVincent Kwon
 
Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011Mark Ginnebaugh
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles PradeepBhanot
 
Aufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPMAufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPMDinesh Kumar P
 
Process Innovation vs. Governance, Risk and Compliance
Process Innovation vs. Governance, Risk and ComplianceProcess Innovation vs. Governance, Risk and Compliance
Process Innovation vs. Governance, Risk and ComplianceMichael zur Muehlen
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 
Enable process visbility: The Value Proposition for SAP customers
Enable process visbility: The Value Proposition for SAP customers Enable process visbility: The Value Proposition for SAP customers
Enable process visbility: The Value Proposition for SAP customers IBM WebSphereIndia
 
Managing and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's FirstManaging and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's FirstBCM Institute
 
BCM Roadmap
BCM RoadmapBCM Roadmap
BCM Roadmapbtrmuray
 
Delivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal UtilitiesDelivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal UtilitiesInfosys BPM
 
Introduction to the BPM Lifecycle
Introduction to the BPM LifecycleIntroduction to the BPM Lifecycle
Introduction to the BPM LifecycleMichael zur Muehlen
 
Selling to mid market pharmaceuticals
Selling to mid market pharmaceuticalsSelling to mid market pharmaceuticals
Selling to mid market pharmaceuticalsMerit Solutions
 
eFrame® for Insurance Solvency II Internal Model
eFrame® for Insurance Solvency II Internal ModeleFrame® for Insurance Solvency II Internal Model
eFrame® for Insurance Solvency II Internal ModelSecondFloor
 
Introduction to Business Process Management
Introduction to Business Process ManagementIntroduction to Business Process Management
Introduction to Business Process ManagementAppian
 

La actualidad más candente (20)

Mukesh:IT Asset Management Pulse 2010
Mukesh:IT Asset Management Pulse 2010Mukesh:IT Asset Management Pulse 2010
Mukesh:IT Asset Management Pulse 2010
 
Case Studies Using Process as the Lever for Enterprise Change
Case Studies Using Process as the Lever for Enterprise ChangeCase Studies Using Process as the Lever for Enterprise Change
Case Studies Using Process as the Lever for Enterprise Change
 
Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles
 
Aufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPMAufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPM
 
Process Innovation vs. Governance, Risk and Compliance
Process Innovation vs. Governance, Risk and ComplianceProcess Innovation vs. Governance, Risk and Compliance
Process Innovation vs. Governance, Risk and Compliance
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
 
Enable process visbility: The Value Proposition for SAP customers
Enable process visbility: The Value Proposition for SAP customers Enable process visbility: The Value Proposition for SAP customers
Enable process visbility: The Value Proposition for SAP customers
 
Managing and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's FirstManaging and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's First
 
Bpm nuts & bolts
Bpm nuts & boltsBpm nuts & bolts
Bpm nuts & bolts
 
Itil glossary
Itil glossaryItil glossary
Itil glossary
 
BCM Roadmap
BCM RoadmapBCM Roadmap
BCM Roadmap
 
IBM Software Day 2013. Process innovation
IBM Software Day 2013. Process innovationIBM Software Day 2013. Process innovation
IBM Software Day 2013. Process innovation
 
Delivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal UtilitiesDelivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal Utilities
 
Step Fwd It
Step Fwd ItStep Fwd It
Step Fwd It
 
Introduction to the BPM Lifecycle
Introduction to the BPM LifecycleIntroduction to the BPM Lifecycle
Introduction to the BPM Lifecycle
 
Selling to mid market pharmaceuticals
Selling to mid market pharmaceuticalsSelling to mid market pharmaceuticals
Selling to mid market pharmaceuticals
 
eFrame® for Insurance Solvency II Internal Model
eFrame® for Insurance Solvency II Internal ModeleFrame® for Insurance Solvency II Internal Model
eFrame® for Insurance Solvency II Internal Model
 
Introduction to Business Process Management
Introduction to Business Process ManagementIntroduction to Business Process Management
Introduction to Business Process Management
 

Destacado

Indusrty Experience with the IBM Active Middleware Technology (AMiT)
Indusrty Experience with the IBM Active Middleware Technology (AMiT)Indusrty Experience with the IBM Active Middleware Technology (AMiT)
Indusrty Experience with the IBM Active Middleware Technology (AMiT)Ella Rabinovich
 
Continuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not EnoughContinuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not EnoughFraudBusters
 
Continuous Monitoring Webinar Aviva Spectrum
Continuous Monitoring Webinar Aviva SpectrumContinuous Monitoring Webinar Aviva Spectrum
Continuous Monitoring Webinar Aviva SpectrumAviva Spectrum™
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsSmart ERP Solutions, Inc.
 
Make Better Decisions With Your Data 20080916
Make Better Decisions With Your Data 20080916Make Better Decisions With Your Data 20080916
Make Better Decisions With Your Data 20080916Dan English
 
201406 IASA: Analytics Maturity - Unlocking The Business Impact
201406 IASA: Analytics Maturity - Unlocking The Business Impact201406 IASA: Analytics Maturity - Unlocking The Business Impact
201406 IASA: Analytics Maturity - Unlocking The Business ImpactSteven Callahan
 
Audit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsAudit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsCaseWare IDEA
 
Data Analytics and the Small Audit Department: How to Implement for Big Gains
Data Analytics and the Small Audit Department: How to Implement for Big GainsData Analytics and the Small Audit Department: How to Implement for Big Gains
Data Analytics and the Small Audit Department: How to Implement for Big GainsCaseWare IDEA
 
Competing on analytics
Competing on analyticsCompeting on analytics
Competing on analyticsGreg Seltzer
 
Analyze Your Data, Transform Your Business
Analyze Your Data, Transform Your BusinessAnalyze Your Data, Transform Your Business
Analyze Your Data, Transform Your BusinessDATAVERSITY
 
The CDO Agenda: Competing with Data - Strategy and Organization
The CDO Agenda: Competing with Data - Strategy and OrganizationThe CDO Agenda: Competing with Data - Strategy and Organization
The CDO Agenda: Competing with Data - Strategy and OrganizationDATAVERSITY
 
In-Database Predictive Analytics
In-Database Predictive AnalyticsIn-Database Predictive Analytics
In-Database Predictive AnalyticsJohn De Goes
 
Post-Free: Life After Free Monads
Post-Free: Life After Free MonadsPost-Free: Life After Free Monads
Post-Free: Life After Free MonadsJohn De Goes
 
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringThe Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringCaseWare IDEA
 
Turning internal audit into the data analytics epicenter for your organization
Turning internal audit into the data analytics epicenter for your organizationTurning internal audit into the data analytics epicenter for your organization
Turning internal audit into the data analytics epicenter for your organizationACL Services
 
Advancing internal audit analytics
Advancing internal audit analytics Advancing internal audit analytics
Advancing internal audit analytics PwC
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and RemediationCarahsoft
 
BI Maturity Model ppt
BI Maturity Model pptBI Maturity Model ppt
BI Maturity Model pptYiwei Chen
 

Destacado (20)

Predictive analytics
Predictive analytics Predictive analytics
Predictive analytics
 
Indusrty Experience with the IBM Active Middleware Technology (AMiT)
Indusrty Experience with the IBM Active Middleware Technology (AMiT)Indusrty Experience with the IBM Active Middleware Technology (AMiT)
Indusrty Experience with the IBM Active Middleware Technology (AMiT)
 
Continuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not EnoughContinuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not Enough
 
Continuous Monitoring Webinar Aviva Spectrum
Continuous Monitoring Webinar Aviva SpectrumContinuous Monitoring Webinar Aviva Spectrum
Continuous Monitoring Webinar Aviva Spectrum
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
 
Make Better Decisions With Your Data 20080916
Make Better Decisions With Your Data 20080916Make Better Decisions With Your Data 20080916
Make Better Decisions With Your Data 20080916
 
201406 IASA: Analytics Maturity - Unlocking The Business Impact
201406 IASA: Analytics Maturity - Unlocking The Business Impact201406 IASA: Analytics Maturity - Unlocking The Business Impact
201406 IASA: Analytics Maturity - Unlocking The Business Impact
 
Audit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsAudit: Breaking Down Barriers to Increase the Use of Data Analytics
Audit: Breaking Down Barriers to Increase the Use of Data Analytics
 
Data Analytics and the Small Audit Department: How to Implement for Big Gains
Data Analytics and the Small Audit Department: How to Implement for Big GainsData Analytics and the Small Audit Department: How to Implement for Big Gains
Data Analytics and the Small Audit Department: How to Implement for Big Gains
 
Competing on analytics
Competing on analyticsCompeting on analytics
Competing on analytics
 
Analyze Your Data, Transform Your Business
Analyze Your Data, Transform Your BusinessAnalyze Your Data, Transform Your Business
Analyze Your Data, Transform Your Business
 
Competing on analytics
Competing on analyticsCompeting on analytics
Competing on analytics
 
The CDO Agenda: Competing with Data - Strategy and Organization
The CDO Agenda: Competing with Data - Strategy and OrganizationThe CDO Agenda: Competing with Data - Strategy and Organization
The CDO Agenda: Competing with Data - Strategy and Organization
 
In-Database Predictive Analytics
In-Database Predictive AnalyticsIn-Database Predictive Analytics
In-Database Predictive Analytics
 
Post-Free: Life After Free Monads
Post-Free: Life After Free MonadsPost-Free: Life After Free Monads
Post-Free: Life After Free Monads
 
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringThe Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls Monitoring
 
Turning internal audit into the data analytics epicenter for your organization
Turning internal audit into the data analytics epicenter for your organizationTurning internal audit into the data analytics epicenter for your organization
Turning internal audit into the data analytics epicenter for your organization
 
Advancing internal audit analytics
Advancing internal audit analytics Advancing internal audit analytics
Advancing internal audit analytics
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and Remediation
 
BI Maturity Model ppt
BI Maturity Model pptBI Maturity Model ppt
BI Maturity Model ppt
 

Similar a AIA SOX Conference May 2009 - CCM & Data Analytics

Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Continuous Auditing D.French
Continuous Auditing D.FrenchContinuous Auditing D.French
Continuous Auditing D.FrenchDan French
 
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...QAI
 
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...QAI
 
Sym Sure Loan Portfolio
Sym Sure Loan PortfolioSym Sure Loan Portfolio
Sym Sure Loan Portfoliojjfrec07
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec
 
Solvency - II Programme Setup
Solvency - II Programme SetupSolvency - II Programme Setup
Solvency - II Programme Setupgainline
 
Configuration Management Best Practices
Configuration Management Best PracticesConfiguration Management Best Practices
Configuration Management Best PracticesTechExcel
 
Itam Presentation by Cydney Davis
Itam Presentation by Cydney DavisItam Presentation by Cydney Davis
Itam Presentation by Cydney DavisCydney Davis
 
Solvency II - Programme Assurance
Solvency II - Programme AssuranceSolvency II - Programme Assurance
Solvency II - Programme Assurancegainline
 
Ajay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesAjay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesGlobal Business Events
 
How auditable is your disaster recovery program
How auditable is your disaster recovery programHow auditable is your disaster recovery program
How auditable is your disaster recovery programgeekmodeboy
 
Telecom software testing for CSPs
Telecom software testing for CSPsTelecom software testing for CSPs
Telecom software testing for CSPsHOT TELECOM
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
It's all about efficiency and cost savings
It's all about efficiency and cost savingsIt's all about efficiency and cost savings
It's all about efficiency and cost savingsStephane Haelterman
 
HP Software - The Bto Solution
HP Software - The Bto SolutionHP Software - The Bto Solution
HP Software - The Bto SolutionHPDutchWorld
 

Similar a AIA SOX Conference May 2009 - CCM & Data Analytics (20)

Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
Continuous Auditing D.French
Continuous Auditing D.FrenchContinuous Auditing D.French
Continuous Auditing D.French
 
How to implement interoperability
How to implement interoperabilityHow to implement interoperability
How to implement interoperability
 
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
 
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
 
Sym Sure Loan Portfolio
Sym Sure Loan PortfolioSym Sure Loan Portfolio
Sym Sure Loan Portfolio
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012
 
Solvency - II Programme Setup
Solvency - II Programme SetupSolvency - II Programme Setup
Solvency - II Programme Setup
 
Configuration Management Best Practices
Configuration Management Best PracticesConfiguration Management Best Practices
Configuration Management Best Practices
 
Itam Presentation by Cydney Davis
Itam Presentation by Cydney DavisItam Presentation by Cydney Davis
Itam Presentation by Cydney Davis
 
Solvency II - Programme Assurance
Solvency II - Programme AssuranceSolvency II - Programme Assurance
Solvency II - Programme Assurance
 
Scm awareness
Scm awarenessScm awareness
Scm awareness
 
Ajay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesAjay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging times
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRC
 
How auditable is your disaster recovery program
How auditable is your disaster recovery programHow auditable is your disaster recovery program
How auditable is your disaster recovery program
 
IBM GPRA
IBM GPRAIBM GPRA
IBM GPRA
 
Telecom software testing for CSPs
Telecom software testing for CSPsTelecom software testing for CSPs
Telecom software testing for CSPs
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
 
It's all about efficiency and cost savings
It's all about efficiency and cost savingsIt's all about efficiency and cost savings
It's all about efficiency and cost savings
 
HP Software - The Bto Solution
HP Software - The Bto SolutionHP Software - The Bto Solution
HP Software - The Bto Solution
 

Último

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Último (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

AIA SOX Conference May 2009 - CCM & Data Analytics

  • 1. Continuous Control Monitoring and Data Analytics AIA SOX Conference – May 11, 2009
  • 3. Continuous monitoring vs. audit vs. assurance “Continuous monitoring refers to the processes that management puts in place to ensure that the policies, procedures, and business processes are operating effectively.” Continuous assurance Audit Results of continuous auditing and continuous monitoring process Audit testing of CM Continuous auditing Management Continuous monitoring Activities, transactions and events Business systems and processes Source: The IIA – Global Technology Audit Guide - Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment Page 3 May 11, 2009 CCM and Data Analytics
  • 4. What is continuous control monitoring (CCM)? Continuous Controls Monitoring (CCM) is an integrated set of processes and techniques, enabled by technology, which is designed to help an organization: • Automate the monitoring of the control environment • Identify control exceptions continuously based upon pre- defined business rules • Identify process improvement opportunities and underlying root causes • Reduce risk spend Page 4 May 11, 2009 CCM and Data Analytics
  • 5. Trends in the deployment of CCM Key trends: RISKS H • Many CCM deployments are focused mainly on access (SoD) and application controls – interest in Impact transaction monitoring is increasing • Budget and ownership of CCM is coming from Internal L Likelihood H Audit – long-term ownership Day-to-Day risks may be acceptable or require some resides in the business form of self assessment functions CCM—Mid-level risk areas may be suitable for automated analytics on data that is IT dependent • Software tools to extract and/or processed manually data and monitor controls Internal Audit—More judgmental risks and estimation processes may require more rigorous analytics and are maturing manually intensive assessment procedures Page 5 May 11, 2009 CCM and Data Analytics
  • 6. Areas of Focus – Segregation of Duties Internal control environment Key Stakeholders Segregation Configurable Master file and of duties controls transaction data ► Detect and/or prevent user access and segregation of duties violations ► Identify and monitor users with access to sensitive areas within the application ► Facilitate user access provisioning and periodic access review process related to IT general controls Page 6 May 11, 2009 CCM and Data Analytics
  • 7. Areas of Focus – Configurable Controls Internal control environment Key Stakeholders Segregation Configurable Master file and of duties controls transaction data ► Detect changes made to critical configurable controls settings ► Verify that system patches and program changes do not impact the integrity of configurable controls ► Enable comparison of configurable controls across business units and against leading practices Page 7 May 11, 2009 CCM and Data Analytics
  • 8. Areas of Focus – Master File and Transaction Data Internal control environment Key Stakeholders Segregation Configurable Master file and of duties controls transaction data ► Monitor master file data and architecture for unauthorized or unusual changes ► Monitor transaction data for control exceptions based on pre-defined business rules Page 8 May 11, 2009 CCM and Data Analytics
  • 9. Optimizing the value of CCM deployments To harvest the greatest value from a CCM deployment, the strategy should encompass security, controls, and process improvement objectives and sufficiently cover end-to-end processes. Business Improvement CCM capabilities are repeatable and holistic Value of CCM Initiative Process Improvement Focus: automated transactional analysis Controls Improvement Focus: automated application Current State controls testing for Many Organisations Compliance management Focus: monitoring of access controls / SoD requirements Maturity of CCM Competency Page 9 May 11, 2009 CCM and Data Analytics
  • 10. CCM process flow Page 10 May 11, 2009 CCM and Data Analytics
  • 11. Continuous control monitoring - exception management approach Business Process Management / Exceptions Internal Audit / Compliance / Shared Services Center Risk Management Functions Priority risk Segregation General Routine Potential Sensitive areas for of duties policy transaction fraudulent transactions monitoring conflicts violations exceptions activity activities Control owner notified Filter through of exception Blended approach: exceptions Operational SOX controls controls ► Shared ownership of exception management Review and validate process Validate exceptions exceptions with business owners ► Prioritized approach based on nature of Remediate and exceptions and sensitivity Remediate and address root cause of what is being address root cause monitored Document results of ► Increased accountability Document results of exception review and for controls exception review and remediation remediation Post review activities Monitor controls Trending analysis Process improvement dashboards Page 11 May 11, 2009 CCM and Data Analytics
  • 12. The importance of a proper CCM road map A proper methodology is key to ensure that CCM objectives are properly captured, incorporated, and sustained. Executive Sponsorship Planning CCM Road Map & Design Rollout Identify Process Training on Define Perform Application Assess and Configure Reengineering Solution, Evaluate On-Going the CCM CCM & Remediate CCM & Define Reengineered Results Support Vision Diagnostic Automated Controls Solution Supporting Processes & Controls Policies Policies ROI Analysis Project Management Page 12 May 11, 2009 CCM and Data Analytics
  • 13. Select CCM tools in the market Monitoring Capabilities CCM Tools Master File & Segregation of Configurable Transaction Duties Controls Data ACL (Continuous Controls Monitoring Solution) Approva Aveksa Blackline (Financial Statement Close Process) IDEA Oracle GRC (formerly Logical Apps) Oversight SAP GRC (formerly Virsa) Ernst & Young does not endorse any of these vendors or products listed above. Page 13 May 11, 2009 CCM and Data Analytics
  • 14. CCM screenshot – illustrative example Page 14 May 11, 2009 CCM and Data Analytics
  • 16. Data analytics maturity model Optimizing Managed Defined Repeatable Initial Level 1 Level 2 Level 3 Level 4 Level 5 No formal data analytics Recognized as a value- Established data Methodology is Practices evolved in approach, procedures or add to the audit analytics methodology institutionalized level 1 through 4 are methodology Use of analytics is Management involved in used to continually Not yet institutionalized improve data Performed occasionally championed by mgmt. the on-going data Relies on a central analysis efforts analytical processes, at best group or single person Creation of data procedures and results Tools are not readily analysis models Management Tools are at a disposal, understands business Use of data analysis available Understanding of the however not applied issues and root cause for continuous controls Dependant on skills of consistently or correctly business meaning of monitoring limited number of SMR’s data analytic Re-performance of data procedures and results analytic procedures Increased proficiency in Advanced tools are used use of tools effectively Page 16 May 11, 2009 CCM and Data Analytics
  • 17. Data analytics framework Business What will Predictive Data Modeling Intelligence Happen? Statistical, Econometric, Scenario-Based Why did it Modeling and Validation Knowledge happen? Revenue-Sharing Models, Root Cause Analysis, Legal Compliance What Descriptive Data Analysis Forensic Evidence , Queries, Profiling, MDA, Data/ Text Mining, Information What happened? Benchmarking, Surveys Is your Information Management Data data reliable? Data Governance, Data Conversion, Data Integrity Page 17 May 11, 2009 CCM and Data Analytics
  • 18. Comparison of data analytics to traditional audit methods Traditional method ► Typically Labor-intensive manual collection / evaluation ► Limited samples / relatively infrequent tests ► Narrow time period / stressful remediation ► Test procedures are limited in scope ► Capability / benefit tends to lessen with complexity and as the organization evolves Data analytics ► Increased insight ► Typically automated collection / evaluation ► High sample sizes / decreased false positives ► Frees up resources to focus on other high-risk areas ► Frequent, faster and more accurate analysis ► Decrease in opportunity for human error ► Incremental and more extensive testing is practical Investment required Benefits earned ► Capability / benefit tends to increase with complexity and as the organization evolves Relatively higher initial costs for analytics can yield significantly more long-term benefit. Page 18 May 11, 2009 CCM and Data Analytics
  • 19. Enhancing the audit process using data analytics ► Create sustainable methods for risk assessment and monitoring of the control environment ► Deploy resources effectively to accomplish audit plan objectives ► Quantify impact of identified issues in terms of dollars and frequency ► Increase focus on fraud detection procedures ► Gain valuable insight into business process and improvement opportunities ► Respond quickly to changing business needs and compliance requirements with flexible and repeatable procedures ► Forms the basis of continuous controls Page 19 May 11, 2009 CCM and Data Analytics
  • 20. Applying analytics across the audit process Audit activity Example opportunities to use data analytics ► Identify risk assessment priorities by using information gathered from Risk assessment trend analysis, financial ratios and comparisons ► Assist with determining scope of audit plan activities (by size/relevance) ► Provide a preliminary “scan” of relevant audit information to drive project Audit planning scope, sampling and fieldwork procedures ► Support testing of controls in an efficient and comprehensive manner Fieldwork ► Identify anomalies, trends and potential fraud indicators procedures ► Supplement sample testing approaches with full-coverage data analytics ► Provide quantifiable, fact-based information for reportable issues and exceptions Reporting ► Supplement reporting with statistical and graphical information gathered during the audit ► Automate the ongoing monitoring of the control environment to a Monitoring and sustainable effort through timely exception notification and review trending ► Analyze trends in the company’s risk profile and identify opportunities for improvement Page 20 May 11, 2009 CCM and Data Analytics
  • 21. Example data analytics Access monitoring analytics ► Segregation of duties assessment ► Key configuration changes Financial statement computer assisted audit techniques ► Journal entry analytics ► Accounts receivable analytics Contract audit analytics ► Royalty payment recalculations (incorrect sales figures, royalty rates) ► Invoicing inaccuracies (overpayments, duplicate transactions) Page 21 May 11, 2009 CCM and Data Analytics
  • 22. Speakers’ Bio Peter Rosenzweig has more than 17 years of experience in the assessment, design, and implementation of complex risk management and internal control frameworks, including IT risk and control structures. Peter serves as regional subject matter resource in the application of Ernst & Young’s Enterprise Risk Management methodology and he has assisted various large organizations with the implementation or transformation of enterprise-wide risk management capabilities. Phone: 213.977.5849 peter.rosenzweig@ey.com Paul de Guzman is a Los Angeles-based Senior Manager with nine years of experience serving a variety of clients in both an assurance and advisory capacity. Services rendered by Paul to his clients include IT General Controls audit support, IT and business process and controls enhancement, SAS 70 audits, and system pre- and post- implementation reviews. In addition, Paul also provides data analytics in support of assurance services, contract risk services, fraud reviews, and continuous controls monitoring initiatives. Phone: 213.977.7692 paul.deguzman@ey.com