continuous auditing software project county of san diego
DESCRIPTION
Continuous Auditing Software Project County of San Diego. Presented by Christine Nahimana. Executive Summary. The Project is part of an “Integrated Internal Controls Assurance Initiative” by the Office of the Auditor and Controller at the County of San Diego. - PowerPoint PPT PresentationTRANSCRIPT
Continuous Auditing Software Project
County of San Diego
Presented by Christine Nahimana
Executive Summary
The Project is part of an “Integrated Internal Controls Assurance Initiative” by the Office of the Auditor and Controller at the County of San Diego.
Proactive approach to applying standards consistent with regulatory and compliance requirements, such as those produced by the Institute of Internal Auditors (IIA), the SEC and various Federal, State and Local Agencies
Existence of a Manual Auditing System - actual material value of audit findings that indicate fraud, waste or misuse tends to be small (typically, 1% -2% of total transactions)
Problem Statement
Manual reviews (Audits) to monitor fiscal transactions often have a high cost associated with them and only provide a “point in time” analysis, based on only a sample of all the transactions involved.
Findings from internal audit activity prove that the current system often fail to detect discrepancies, irregularities, and indicators of susceptibility of fraud in some business processes especially the P-card usage.
Project Objectives
Automating the current manual approach to monitoring the procurement process, reducing the staff, time and costs that would be required to analyze 100% of related transactions
Providing increased oversight into the County’s internal financial controls enhancing thereby their ability to attest to the effectiveness of internal controls
PROJECT SCOPE
Justification: Reducing the material and
political risk related to waste, fraud and misuse of public funds
Enabling a proactive vs reactive approach to fraud
Fraud Prevention vs Fraud Detection
Scope limitation : The project is for the
monitoring of Purchase Cards transactions not other financial transactions
Project Scope- CAS Technical Requirements
Web browser based operating in the following system environment: TCP/IP network, MS Server 2003 SP1, MS SQL Server 2000 database, Microsoft IIS servers and Windows XP SP2 workstations, or later versions.
Test transaction data at the source level using industry standard formats for internal controls
Compatible with current sources of data at the County such as Oracle, PeopleSoft, US Banks
Allow County administrators to easily modify exception thresholds and tolerances
provide internal data and security controls to restrict access base on specified user identification
Capability of displaying and printing customizable reports Use of Benford’s Law, number patterns, ratios, and duplications to look for
anomalous patterns, differences, matches, and anomalies
Project Scope – more – Functional Project Scope – more – Functional RequirementsRequirements
•Unauthorized, invalid, or inactive Unauthorized, invalid, or inactive employeesemployees
•Unauthorized, debarred, or Unauthorized, debarred, or suspicious Merchantssuspicious Merchants
•Improper segregation of dutiesImproper segregation of duties
•Split TransactionsSplit Transactions
•Duplicates (requisitions, POs, or Duplicates (requisitions, POs, or payments)payments)
•Mismatched quantities or dollars Mismatched quantities or dollars (requisitions, POs, or payments)(requisitions, POs, or payments)
•Improper authorizationsImproper authorizations
•Untimely resolution of holdsUntimely resolution of holds
•Sequences or timing anomalies
•Spending limits exceeded
•Restricted items
•Unexpected patterns or amounts
•Vendor/employee associations
•Suspicious data values or formats
•Suspicious adjustments, credits or refunds
•Unauthorized or deactivated card numbers
Return on Investment Analysis – Return on Investment Analysis – Benefits EstimateBenefits Estimate
Audit Budget Hours 1 Full time Senior Auditor 60,000 1 Full time Associate Auditor 45,000
Total Audits Costs Savings 105,000 Potential Fraudulent Activity Cost Estimate 300,000
Total Fraudulent Activities Costs Savings 300,000 Total Benefits 405,000
Return on Investment – Costs Estimates
One Time Fees Licence Fees 50,000 (Includes unlimited user's access to CCM web base reporting tools) Implementation Fees 65,000
Total One Time Fees 115,000 On-Going Fees Annual Maintenance and Support (20% of Licence Fees) 10,000 Application Assurance (Optional) 5,000 (10% of Licence Fees)
Total Ongoing Fees 18,000 Total Initial Fees 133,000
Measures of Success
Meet all the functional and technical requirements Software must be user friendly Software should allow to analyze 100% of data Delivery of the software should be within time estimate
Implementation and Development
Tech Support
Application Maintenance
Releases to User Interface
Ongoing
PHASE 1 PHASE 2 PHASE 3Technical and Functional Requirement Design
Vendor Selection based on specified Criteria
Confirm detailed technical requirements and configuration design
Competitive Bid Analysis
Configuration of the Software
Configure data / application / UI for each test
Format views / configure alerts
Configure application in test environment
QA and Validation
User & System Training
Test data extraction (monitor for system performance)
Test and validate functionality
User acceptance
Configuration Design Implementation
PHASE 4PHASE 3 PHASE 4
6-8 Weeks
All Skateholders at the County: Project manager- 2 Auditors – 2 IT staff, Vendors
4-6 Weeks
The Program Manager as well as 1 IT representative work closely with Vendor
2-3 Weeks
All skateholders are involved in this phase
Configuration
Risk Management Strategy in Contracts Specifications
Quality testing and assurance at each phase of project development or implementation
Provide unlimited daytime support while under maintenance Provide updates, upgrades, forms and workarounds while under
maintenance Provide up to date user/training manual. Updates to the
user/training manuals shall be included under maintenance Training session, or instructions, on revised and new forms and
on each new version of the software
Communication Management Strategy
Project Manager with ManagementEvery week managers will receive a progress report by a meeting with the Project Manager. Daily problems and questions will be best communicated by email.
Project Team and Project ManagerOnce tasks are assigned among team members, they will meet twice a week during the Configuration Design and implementation phase. Daily problems and questions will be best communicated by email
Project Manager and Vendor’s CommunicationFor clarity, configuration and implementation services include on-going communications with the vendor by meetings, correspondence for confirmation of requirements, emails, phones or faxes, training. Same during the Support and maintenance phase.