automated controls monitoring for finance teams
TRANSCRIPT
![Page 1: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/1.jpg)
Automated Controls Monitoring for Finance Teams
Dusk LimStrategic Account Manager, ASEAN
Robert Luu, FCXP (CX-I), HCP, ACDA Advanced
Director, Client Partnership, Asia-Pacific & Japan
![Page 2: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/2.jpg)
WEGALVANIZE.COM
Housekeeping
• Today’s session will be approximately 60 minutes with 15 minutes for Q&A at the end.
• Please submit your questions through the Q&A panel on your Zoom console.
• This session will be recorded. We will send a copy of the recording and slides to all attendees.
![Page 3: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/3.jpg)
WEGALVANIZE.COM
Topics
• Defining Continuous Monitoring
• Drivers for finance teams to do proactive monitoring
• 3 myths of CCM
• Maturity model – understanding it and in use
• Moving up the maturity model – how to implement a CCM program
• Sample CCM journey
• Challenges in implementing CCM
• Benefits and ROI
![Page 4: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/4.jpg)
WEGALVANIZE.COM
What is Continuous Monitoring?
Definition by IIA GTAG:
Continuous Monitoring is a process that management puts in place to ensure that its policies, procedures, and business processes are operating effectively.
![Page 5: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/5.jpg)
WEGALVANIZE.COM
Drivers of Continuous Controls Monitoring
▪ Operational (e.g. Procurement, Sales)
▪ Compliance (e.g. SOX, Data Privacy, ICFR)
▪ Risk management (e.g. risk indicators, early warnings)
▪ Financial (e.g. accounting standards)
▪ Technology (e.g. Cybersecurity, Access Controls)
▪ Fraud detection (e.g. AML, ABAC, Embezzlement)
![Page 6: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/6.jpg)
WEGALVANIZE.COM
ACFE – Global Study on Occupational Fraud & Abuse
![Page 7: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/7.jpg)
WEGALVANIZE.COM
![Page 8: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/8.jpg)
WEGALVANIZE.COM
1
3
2
I don’t need CCM because my ERP system
has built-in automated controls and I’m
already protected.
Isn’t that the job of our auditors?
It sounds great in theory, but in reality, it’s not practical or affordable to implement
.
3 Myths of Continuous Monitoring
![Page 9: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/9.jpg)
WEGALVANIZE.COM
A d H o c T e s t i n g
A u t o m a t e d A n a l y s i s
C o n t i n u o u s
M o n i t o r i n g
I n c r e a s e C o v e r a g e
• Typically one-off and
utilizes sampling.
• Usually don’t by
auditors
• 100% testing
• Data analytics tool is
likely utilized in some
ways
• Generally still done by
auditors
• Automated monitoring
process
• Scheduled based
• Control owners given
the ability to identify
control gaps
• High ability to respond
to risks as they emerge
• Data driven metrics
• Wide reaching coverage
• Impact on strategic
risks, objectives and
relationships
• Predicting risks
Your Controls Monitoring Maturity ModelH i n d s i g h t > I n s i g h t > F o r e s i g h t
C o n t i n u o u s M o n i t o r i n g
![Page 10: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/10.jpg)
WEGALVANIZE.COM
Topics
• Defining Continuous Monitoring
• Drivers for finance teams to do proactive monitoring
• 3 myths of CCM
• Maturity model – understanding it and in use
• Moving up the maturity model – how to implement a CCM program
• Sample CCM journey
• Challenges in implementing CCM
• Benefits and ROI
![Page 11: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/11.jpg)
WEGALVANIZE.COM
A d H o c T e s t i n g
A u t o m a t e d A n a l y s i s
C o n t i n u o u s
M o n i t o r i n g
I n c r e a s e C o v e r a g e
• Typically one-off and
utilizes sampling.
• Usually don’t by
auditors
• 100% testing
• Data analytics tool is
likely utilized in some
ways
• Generally still done by
auditors
• Automated monitoring
process
• Scheduled based
• Control owners given
the ability to identify
control gaps
• High ability to respond
to risks as they emerge
• Data driven metrics
• Wide reaching coverage
• Impact on strategic
risks, objectives and
relationships
• Predicting risks
Your Controls Monitoring Maturity ModelH i n d s i g h t > I n s i g h t > F o r e s i g h t
C o n t i n u o u s M o n i t o r i n g
![Page 12: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/12.jpg)
Controls Monitoring Planning ProcessS e tt i n g u p y o u r a u t o m a t e d m o n i t o r i n g p ro g ra m
Key controls for financial reporting, IT application control dependency, manual
controls requiring special review, and preventative or detective nature
Categorize your control environment
Don’t boil the ocean – prioritize the control environment categories for
quick wins and high impact control areas for risk mitigation
Determine objectives and risk assurance
Tell the correct narrative to management and process owners
using agreed upon key performance and key control indicators
Align executive reporting and notification requirements
Involve process owners and control owners in the workflow design
to maximize adoption rate
Socialize remediation workflow process
1
2
3
4
![Page 13: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/13.jpg)
Purchase to Payment CycleI l l u m i n a t i n g t h e p r o c e s s g a p s
PROCESSES& SUGGESTIONS
BUSINESS VALUES
Vendor Management Purchase Order Validation Invoice Management Payment Monitoring
Vendor risk assessment
Due diligence & monitoring
High risk vendors
Early payment discounts
Split purchases
Approval authorizations
Dormant POs
Keyword analysis
Suspicious invoice patterns
Duplicate invoices
Contract pricing compliance
Duplicate payments
Suspicious bank accounts
Unusual dates or holidays
Onboarding
Requisitions
Potential
fraud
Review workflow
Outstanding invoices
Payment term review
Potential fraud
Ongoing
monitoring
Approval limits
Order processing
Over/under billing
Reconciliations
Offboarding
Automated Notifications, Templates,
& Action Follow-up
Automated Robotics & Analytics
Legend
Accuracy validation
Improve alignment to
Vendor Risk Team
Improve preventative
controls of purchases
Increase visibility and
accuracy over spending
Improve detective
monitoring of spending
BUSINESSVALUES
![Page 14: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/14.jpg)
WEGALVANIZE.COM
How Can Controls Monitoring Become a Preventative Control?
Detect Errors
in Sub-Ledger
Correct Errors
in Sub-Ledger
Prevent
Misstatements
to General
Ledger
Improving the controls in the Accounting Closing Process:
Daily Daily Daily
Month-End
Reduce Need
for Correcting
Journal Entries
![Page 15: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/15.jpg)
WEGALVANIZE.COM
Data-Driven Continuous Monitoring: Simplifying Big Data
ERP SAP HR X Y
“Big Data”
“Useful” Data
Objectives > Criteria > Risk > Frequency >
Data Requirements
Data extraction Analytics &
analyses
Alerts & exceptions Remediation
Data-Driven Continuous Monitoring
![Page 16: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/16.jpg)
Executive Oversight over Financial Controls
ControlsBond (Storyboards) – controlling the narrative with a compelling story and alignment to high impact areas incorporating a data-driven approach
![Page 17: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/17.jpg)
Executive Oversight over Financial Controls
ControlsBond (Frameworks) – executive alignment on reporting of control assurance and automated assessments
![Page 18: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/18.jpg)
Scheduled Control Performance
ControlsBond (Mission Control) – Minimal visibility and capabilities within the platform, primarily using Mission Control for flattened view of assigned Control Execution schedules. Responding via questionnaire upload for evidence.
![Page 19: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/19.jpg)
Manual Control Reviews
Solicit and capture qualitative assessments with controlled and open responses
ControlsBond (Results)– results management and remediation workflow with automated distribution/reconciliation
![Page 20: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/20.jpg)
Remediation and Workflow ManagementS t re a m l i n e t h e d e c i s i o n - m a k i n g p ro c e s s
Executive Visibility & Strategic Metrics
Key risk indicators top of mind for executive
management awareness and required action
Front-line Ownership & Accountability
1st/2nd Level reviewers within the processes
responsible for timely actions
Escalation & Performance Monitoring
Key performance indicators for middle
management to provide oversight and increase
productivity
![Page 21: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/21.jpg)
WEGALVANIZE.COM
Challenges in automating controls monitoring
![Page 22: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/22.jpg)
WEGALVANIZE.COM
Common Challenges
• Overlapping or redundant controls
• Control registers not accurately documented and dispersed
• IT Application controls assumed to be automated
• Lack of collaboration with application owners and key
stakeholders
• Inconsistency of data throughout ERP system(s)
![Page 23: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/23.jpg)
WEGALVANIZE.COM
Benefits and Positive Outcomes
• Reduce costs by minimizing manual work and rationalize low-risk
controls
• Increase positive collaboration with first line of defense for better
assurance
• Share real-time updates on compliance and high-risk issues
• Increase management and executive confidence in data-driven
decisions
![Page 24: Automated Controls Monitoring for Finance Teams](https://reader030.vdocuments.us/reader030/viewer/2022032402/6231f4f798a1932c685a0369/html5/thumbnails/24.jpg)
WEGALVANIZE.COM
Thank you for your
attention!
Q & A
https://www.linkedin.com/in/robert-luu/
https://www.linkedin.com/in/dusklim/