gavin steinberg angus gray ian craigen - satori group · gavin steinberg angus gray ian craigen ......

Gavin Steinberg Angus Gray Ian CraigenManaging Director NZ BDM Senior Consultant

The Satori Group

Started in 2002 and 23 employees in the team

Offices in Sydney, Melbourne, Wellington, Pune (India)

Territory covers Australia, New Zealand and South

Pacific Islands

Partnership with Prodigy Group (Singapore, Indo, Phil,

Malaysia)

Over 400 corporate clients in our region

Over 40 clients in New Zealand and growing

The Satori Team Structure

Gavin

BFRAndrew Bond

Manura

Matt

Assurance Account Managers

Vic, ACT, Wellington, SP

Angus

NSW1Phil

NSW2, QLDTroy

New Business

SatoriCCM MS / EnvisageRobyn

ACL GRCPat

Analytics Project Delivery

Rebecca M

Analytics

Jehan

Ian

Nancy

Noris

Support

Jeffrey

Pentana Team

Denae

Andrew T

Jeff

Admin / Mkting / Training

Rebecca N

Pat

Trainers

Denae

FinanceOlga

Envisage DevDavid

AndyT Thai

AFFCO Holdings Ltd. Airways New Zealand ANZ National Bank ASB Bank Auckland District Health Board Auckland University of Technology Audit New Zealand Bay of Plenty DHB Canterbury District Health Board Department of Conservation (NZ) Department of Corrections (NZ) Farmers Trading Company Fisher & Paykel Finance Limited Fletcher Building Limited (NZ) Fonterra Health Alliance Health Intelligence Inland Revenue Department Kiwi Bank Limited KPMG Wellington Lakes District Health

Ministry of Business, Innovation and Employment

Ministry of Education NZ Ministry of the Environment NZ Ministry of Health New Zealand Defence Force New Zealand Post New Zealand Racing Board New Zealand Trade and Enterprise New Zealand Transport Agency Nelson DHB NIWA Palmerston North City Council PGG Wrightson Southern District Health Board Talley's Group Ltd Telecom NZ Ltd Waikato District Health Board Wellington City Council …

Our solutions

Our Product Range

ACL

• ACL Analysis Desktop

• ACL Analysis Exchange (AX)

• SAP Direct Link

• ACL GRC-Risk-Project Manager-Results Manager

• EVA• AP• VM• EM• CC

Caseware Monitor

• Ver 3.3• Ver 4.0

Pentana

• PAWS 8.x• Vision 2.1• Retain

SatoriCCM

• Managed Services

• Hosted SAAS

• EVA• Specialised

Apps

BFR

• Envisage• proCube• Dundas• CDM

Satori Offering

• Support• Managed Services

• Training• Services

Analytical Solutions

Audit Management

Continuous Monitoring

Budgeting, Forecasting,

Reporting and Visualisation

Audit Dashboards

Why Dashboards

Communicate what Audit is doing effectively

Give insight to management to data they cannot get

Raise Internal Audit profile

Share Audit insight with company

Great Insight into the business

Add significant value to business

Oversight on performance

Communication

Strictly Confidential—not for distribution

Dan Zitting, CPA, CISA, GRCPVP, Product Management & Design

Email: dan_zitting@acl.comPhone: (212) 202-2183Twitter: @danzittingLinkedIn: http://www.linkedin.com/in/danzitting

“INTEGRATED GRC” (100%)

ACL’s Customers: The IIA Three Lines of Defense Model

GRC FUNCTIONS (90%)

GRC STAKEHOLDERS

AUDIT (70%)

17© ACL Services Ltd.ACL | Connections 2013

ACL Vision for Audit & Risk Technology

Complete Technology Platform

Integrated RiskAssessmentIntegrated RiskAssessment

IntegratedContentIntegratedContent

Project & Controls Mgmt

Project & Controls Mgmt

Risk & ControlAnalyticsRisk & ControlAnalytics

DATA ANALYSIS

• Ad-hoc analysis of data populations designed to detect transactions that manifest the occurrence of business risk

ENTERPRISE CONTINUOUS MONITORING

• Recurring analysis of transactional data designed to prevent occurrence of risk through identification of operational deficiencies or control gaps

GRC

• Management and measurement of risks and controls against business objectives in accordance with regulations, standards, policies and business decisions.

ACL’s 3 Core Value Propositions

Powered by…ACL Analytics Desktop

Powered by…ACL Analytics Exchange (AX)

Powered by…ACL GRC

Transformational Value in Audit & Risk

“Data-Driven GRC”(GRC + DA + ECM)

“Data-Led GRC”(GRC + DA)

Data Analysis (DA)

Enterprise Continuous Monitoring (ECM)

GRC

Complacency may be the next biggest danger companies face in FY13/14

Annual Kroll Fraud Report 2012/13

Reference: AuditNet Analytic Survey

What are the main obstacles preventing auditors from using audit analytics?

Audit Analytic Capability Model

Sophistication

Audit

Con

tribu

tion

Hindsight

Insight

Foresight

ad hoc repetitive continuous

Level 1Basic/adhoc

Level 1Basic/adhoc

Basic Sophisticated Once Off Analytics

Data Access & Acquisition

Analysis

Reporting

Challenges Data and access to data

Understanding of what to do

Time to do it properly

The software (typically last used 1 year ago)

Understanding the data and what / how to analyse the data

Typically once off

Don’t know what you are looking for until you find (need skill)

Audit Analytic Capability Model

Sophistication

Audit

Con

tribu

tion

Hindsight

Insight

Foresight

ad hoc repetitive continuous

Level 2Applied

Level 2Applied

Level 1Basic/adhoc

Level 1Basic/adhoc

A Variety of Analytic Techniques Calculation of statistical

parameters

Classifications

Stratifications

Digital analysis ie using Benford’sLaw

“Fuzzy Logic”

Duplicates testing

Gaps testing

Ageing

Control total summation

Joining and matching data fields

Ranges of a Numeric Field

Groups transactions into specified ranges or strata of values

Show me the number of contracts within various strata of the contract amount fieldAmount Count Ave$

– $0 - $1,000 16,703– $1,001 - $49,999 19,650– $45,001 - $49,000 61,203– $49,001 - $50,000 4,251– $50,001 - $100,000 58– $100,001 - $1,000,000 4

Totals by a Character field

Counts the number of unique values in a selected character field(s) and the corresponding totals of other numeric fields

Show me how many hysterectomy procedures have been performed, by gender:– Female: 127– Male: 3– [field blank]: 12

2 Ratio Analysis

Unit Prices Item High_Price High_Price2 Ratio

#198 $101.46 $98.91 1.026#773 $123.48 $57.23 2.158#861 $ 51.23 $50.84 1.008#634 $ 26.31 $11.63 2.262

#992 $124.78 $124.03 1.006

2 Ratio analysis

Apr May Jun Jul Aug Max 2Max RatioExpense 1 125            124            135            12,500         125            12,500        135           92.59       Expense 2 98              99              99              101               98              101              99              1.03         Expense 3 78.31        78.64        78.75        158.29         78.93        158.29        78.93        2.01         

Realisation

• Script Tests

• Beginning of specialisation

• Acceptance of AA

• Continuous Usage of AA

• Understanding of Data and ERP

tables

• Std Data requests for IT

• Structure around AA process

• Automation Beginning

> Starts to become part of every Audit– Pre, during, post– Ability to repeat in an instant

> Yields results> Quality, trust output> Re-use and basis for extension of AA> ? What happens to output

Level 2 – Repetitive Analytics

Audit Analytic Capability Model

Sophistication

Audit

Con

tribu

tion

Hindsight

Insight

Foresight

ad hoc repetitive continuous

Level 2Applied

Level 2Applied

Level 3Managed

Level 3Managed

Level 1Basic/adhoc

Level 1Basic/adhoc

Managed AnalyticsSome subject Areas for Audit Analytics / Fraud Detection

Accounts Payable

Accounts Receivable

Bid Rigging

Credit Card Management

Deposits

General Ledger

Supplier Collusion

Loans

Inventory Control

Policy and Administration

Purchase Order Management

Retail Loss Prevention

Salaries and Payroll

Sales Analysis

Claims

Vendor Management

Purchase to Payment CycleCritical Processes & Activities

Match Standard Analytics against Payables Processes

PayrollCritical Processes & Activities

Creating Employees Manage Payroll

Payroll Calculation Payments

•Create New Employee•Entering Employee Data•Referral Awards•Maintain Records prices

•Assign salary / Rate Grade•Approve Rates•Transfers and Promotions•Retirement & Termination –Discontinue Payroll &Benefits

•Modify Time & Attendance•Modify Overtime•Statutory Holiday Calculations•Calculate Banked Time•Deduction calculations•Payroll Exceptions•Commissions & Bonuses•R/T – Calculate Final Pay

•Generate Payments•Update Accrued Leave / vacation•Balances•Calculate Final Cycle Pay•Post Payroll•Transmit to service provider

•Enter Time•Approve Overtime•Approve Contractors•T&A Interfaces

Time & Attendance

Standard Analytics against Payroll Processes

Creating Employees SOD: Enter Vs. Approve OFAC Employee Match Duplicate Employees Employee Vendor Match SOD: Update Vs. Approve Ghost Employees – PIN

Payroll Calculations SOD: Adjustment Vs. Approval Overtime Threshold Unauthorized Commissions Payroll Cut Off Dates SOD: Termination Enter Vs.

Approve Termination – New Hires

Manage Payroll Invalid Rate Terminated Employees –

Termination Date Terminated Employee –

Employee Status

Time and Attendance SOD: Time Entry Vs.

Approval Time Entry Vs. Expected

Hours Time Differentials

Payments SOD: Create Vs. Approve Duplicate Payments Suspicious Payments - Employee

Start Date Suspicious Payments – Phantom

Employees Service Providers – Two Way Match

Level 3 : Managed Analytics

Multiple Scripts “Ready to go”

Centralised Server (need server technology)

Core experts, many different user skills levels

Accepted as part of every audit (pre, during, post)

ROI Massive (values, Efficiency, Effectiveness)

Increase in Budget

Other departments wanting some

Audit Analytic Capability Model

Sophistication

Audit

Con

tribu

tion

Hindsight

Insight

Foresight

ad hoc repetitive continuous

Level 2Applied

Level 2Applied

Level 3Managed

Level 3Managed

Level 4Automated

Level 4Automated

Level 1Basic/adhoc

Level 1Basic/adhoc

Automated Analytics - “Continuous Auditing”

•Secure and central environment

•Virtually limitless server processing power

•Automate analysis

•Integrated exception review

•“Self Service”

•Focus on results / exceptions

•Get exceptions sent to you

Analytic Capability Model

Sophistication

Audit

Con

tribu

tion

Hindsight

Insight

Foresight Level 5Monitoring

Level 5Monitoring

ad hoc repetitive continuous

Level 2Applied

Level 2Applied

Level 3Managed

Level 3Managed

Level 4Automated

Level 4Automated

Level 1Basic/adhoc

Level 1Basic/adhoc

Source – Ernst and Young ISACA presentation January 2008, Virginia USA

ACL Product Updates

Growing R&D Investment

0%

5%

10%

15%

20%

25%

30%

35%

2011 2012 2013

50% increase in R&D

Expanded analytics teams

Dedicated resources

55%30%

15%

Analytics ECM GRC

GRC & Analytics Integration

ACL Desktop Audit Exchange

ACL Workpapers

ACL Analytics Analytics Exchange

ACL GRC:Project Manager

ACL GRC:Results Manager

ACL GRC:Risk Manager

ACL GRC: Risk Manager• Assess strategic risk and develop

mitigation efforts• Visualize risk in your

organizational landscape

ACL GRC: Results Manager• Receives analytic results directly

from ACL Analytics or AX• Integrate those results into the

GRC architecture, projects, and issue tracking

AX 3.1

We’ve been busy @ ACL

Analytics 10

Enterprise (AX)

Workpapers 2

iPad

Desktop 9.3

Direct Link 4GB Analytics Exchange 4

AX 4.0.2

iPhone

Risk Manager

Results Manager

Project Manager

Data Analysis (Desktop) GRC

25+ Improvements

Date & Time

ACL Desktop becomes ACL Analytics Desktop Focus on increasing Analytic Capabilities Focus on improving Ease of Use

Product Update – Analytics v10

ExecutePerformance

Multiple Tables Integration

ACL™ Analytics Releases

May 2013

v.10July 2012Fuzzy DuplicatesColour Script Editor

v.9.3Aug 2011Key field harmonization for JOINEnhanced Command LogExcel Import/Export

v.9.2Feb 2011Data Definition Wizard Improvements

v.9.1.8

April 2009

v.9.1.4May 2008

v. 9.1

May 2013

ACL Desktop 9.3

English language edition: 9.3.0 All other language editions: 9.3.1 Compatibility upgrade for AX Core 3.0, 3.0.1 and 3.1 New Script Editor Features - Line numbering, Colour

encoding, Colour encoding editing, Word Wrap Fuzzy Duplicates command (FUZZYDUP) - Used to

detect nearly identical values in a character field ISFUZZYDUP() Function - Returns a logical value

indicating whether a string is a fuzzy duplicate of a comparison string

ACL Desktop 9.3 – cont.

LEVDIST() Function - Returns the LevenshteinDistance between two specified strings, which is a measurement of how much the two strings differ

OMIT() Function - Returns a string with one or more specified substrings removed

Resize all columns through right click menu Filter and command line functions in right click menu New Right Mouse click menu option-> Replace filter Current script being executed is displayed in the status

bar Addition of a ‘Run’ pushbutton in the Script Toolbar

ACL Desktop 9.3 – cont.

‘Add table’ icon in toolbar ‘Display variables’ icon in toolbar New links on welcome page (product feedback,

customer survey, What’s New) Ability to delete a field from the table layout dialog or

command even if a view is open Warning message when deleting items from log using

right click Ability to change thousands and decimal separators

from within a script Field definitions with multi-line conditional fields written

to the log file can now be saved and run in a script

Execute command New datetime data type and new functions to support Open multiple tables at the same time Export directly to Results Manager Performance improvements Defect corrections Improved user experience

ACL Analytics 10

0 25 50 75 100 125 150 175 200

DuplicatesExport CSVExport XLS

ExtractImport CSV

Import ExcelIndex

JoinSampling

SortStatistics

Summarize

DT93 AA10

ACL Analytics 10 is the fastest version yet

ACL Analytics 10 can now define and work with date and time data

Date and time data

19:20:307:20:30 PM2012-05-20T19:20:302012/05/20 7:20:30PM2012-05-20T19:20:30-08:00

CTODT() - converts character or numeric value to Date and Time

CTOT() - converts character or numeric value to a Time

STOD() - converts serial Date to Date STOT() – converts serial Date to Time STODT() - converts serial Date to Date and Time DATETIME() - converts Date and Time to character

New functions

NOW() - returns the current system time TODAY() - returns the current system date CMOY() - returns the name of the month for a specified

date EOMONTH() - returns the last day of the month GOMONTH() - returns the date X number of months

away

New functions

YEAR() - extracts the year from a specified date MONTH() - extracts the month from a specified date DAY() - extracts the day of the month from a date HOUR() - extracts the hour from a specified Date and

Time MINUTE() - extracts the minutes from a specified Date

and Time SECOND() - extracts the seconds from a specified

Date and Time

New functions

CTOD() TIME() DATE() AGE() CDOW() DOW()

Updated functions

ACL Analytics 10 uses serial Datetimes to evaluate date and time values 42004 = January 1, 2015 42004.50000 = January 1, 2015 12:00:00 0.75000 = 18:00:00New functions help convert these into recognizable date and times: STOD() – Serial to Date STODT() – Serial to Date and Time STOT() – Serial to Time

Serial date and time

Export to Results Manager

ACL Analytics 10 Results ManagerEXPORT

EXECUTE Command

Used to execute an application or process external to ACL Analytics 10

Emulates the Windows Run command

EXECUTE “Windows_Run_command_syntax” <ASYNC>

Command issued as part of a script ASYNC is Optional and specifies asynchronous

mode—the script will not pause and wait for the external process to complete

Creates a new system variable RETURN_CODE

EXECUTE Command

Examples of EXECUTE Command Open other applications and perform tasks required by

the script Open any file in its default application Perform file and folder administrative tasks Run external scripts or non-ACL batch files (.bat) Pass parameters to a batch file Run scripts in other projects Incorporate waiting periods in scripts Access data from network locations

Use FTP to access data from remote locations Zip or unzip data Encrypt or decrypt data Integrate with SQL databases Incorporate Active Directory account lists Integrate with VBScript Incorporate Windows task scheduling in scripts Open web pages

Examples of EXECUTE Command

Utilities for ACL

ABNChecker AddressChecker DirectorChecker_4_NZ DirectorChecker_4_AUS ?? Other…

Value added Utilities– free if on annual support, will only work if license is current

ACL Analytics 10 is the evolution of ACL™ Desktop Look forward to hearing your feedback Development team is already working on the next

release of ACL Analytics 10.x, due to be released in six months

Summary

Ask the Audience

Where would you like to see ACL improve?

– 1. Improved data access– 2. Improved free training for new / infrequent users– 3. Improved script development for power users– 4. Improved reporting and visualization tools– 5. New UI

V4.0.2

File Server

DATA

DATA

DATA

Versus…

ACL AX Solution

Managed Environment

SAP

ERP

AX Server

Data

ACL Desktop

MS Excel

Browser/Excel

Secure Data Access

Secure, Managed Environment

Data

Data

ACL AX SERVER

DataVersus…

ACL

Automation – Built-in Analytic Scheduler Server Analytic Processing Power

Content Management – Any File Type

Create analytics, perform ad-hoc analysis and remote analysis

Users access via Excel / Browser to run their own Analytics

Enterprise Data

SQL

ERP

Access virtually any data source and automate data feeds

AX Server

Manage the Exceptions

Audit Exchange becomes Analytics Exchange Platform for Enterprise Continuous Monitoring Improved Organization, Reuse & Results

Product Update – Analytics Exchange v4

Archive/RestoreAPI

Analytic Results

Analytic Chains

Install / Config 25+ Improvements

Automate Risk and Control Methodology – Project Manager

Provide Executive Relevance - Risk Manager (new!) Expanding the Reach of Analytics - Results Manager

(new!)

Product Update – ACL GRC

Data-drivenCloud

Context

Mobile

Alignment Value

Benefits of AX

Automate data extraction from multiple sources Administer roles & access permissions Share all analytics & engagements Enhanced security in a server environment Schedule and automate recurring tests to detects

exceptions as they happen Assign & automate exception management workflow Report exceptions in interactive dashboards Conduct ad-hoc investigation on analytic results with

server power

EVA Standard Suite of Analytical Tests

EVA for SAP ORACLE F1 …

VM

AP

CC

EM

Payroll

Inventory

SOD

Technical Support (0800 AuditNet Online Training Audit Videos Account representative Satori Support

ACL Support

ACL GRC

• Cloud based Audit Management solution

• Central repository for all data and information

• Standardise workflow and methodology

• Increase efficiency and productivity

• Facilitates communication between team and other

stakeholders

• Low cost of Ownership / High ROI

ACL GRC

Management tool for the complete audit cycle

3 Key Modules:• Risk Manager: Enterprise Risk Management• Project Manager: Electronic Workpapers, One Touch Reporting• Results Manager: ACL Analytics Integration, Exceptions

Management

ACL GRC

Risk Manager

Create your own Audit Universe

Risk Manager

Risk Assessment

Risk Manager

Graphical Visualisation

Projects Manager

Overview for Audit Manager

Projects Manager

Audit Log

Projects Manager Time Keeping

Audit Planning

Projects Manager Electronic Workpapers

Projects Manager Customisable One Touch Reporting

– Data draws directly from ACL GRC

Projects Manager Track-able requests to stakeholders

Results Manager Integration with ACL Analytics 10, ACL Analytics Exchange

Results Manager

Manage Exceptions

Thank You!

www.satorigroup.com.au