Transcript KPMG Talkbook template

Integrating Data &
Analytics within
Internal Audit
April 2016
Restrictions on Disclosure and Use
Restriction on Disclosure and Use of Data – This document contains confidential
or proprietary information of KPMG LLP, the disclosure of which would provide a
competitive advantage to others; therefore, the recipient shall not disclose, use, or
duplicate this document, in whole or in part, for any purpose other than recipient’s
consideration.
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
1
With You Today
■ Alex Menor, Senior Specialist, Data Analytics-enabled Internal Audit (National)
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
2
Agenda
1
Importance of Data & Analytics
2
Current Trends
3
KPMG’s Point of View
Data & Analytics-enabled Internal Audit (DAeIA) Process
Analytics-based Internal Audit Maturity Model
Transformation Roadmap
4
Getting Started
Prioritizing Your Audit Plan
Analytics Development Process
5
Examples
Example Case Studies
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
3
Importance of Data &
Analytics
Importance of Data Analytics
All firms have raw data; however, companies that process raw
data into knowledge create a valuable organizational asset
A
n
a
l
y
t
i
c
s
Knowledge
Information
Raw Data
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
5
Why use Data & Analytics in Internal Audit?
■ Continued pressure to “do more with less”
■ Expectations to provide enhanced value
■ Desire to improve the effectiveness and efficiency of the audit
department through repeatable and sustainable methods
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
6
Current Trends
KPMG observations
Current Trends
■ Development of an Internal Audit Strategy and Roadmap for D&A
– Link to enterprise initiatives
– Partnering with the business, compliance, IT functions, develop joint business case
■ Drive more value to the broader enterprise
■ Leverage others’ resources, capabilities, tools, etc.
■ Enhancing risk assessment activities with quantitative information (CRA)
■ Building “repeatable and sustainable” ETL (Extract, Transform, Load process) and
analysis for meaningful reporting; not long lists of anomalies.
■ Trend toward leveraging BI and Visualization tools
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
8
KPMG’s Point of View
Data & Analytics-enabled Internal Audit Process
Business
Monitoring
Enhanced
Dynamic
Reporting
Data &
Analytics
Audit
Execution
Analytics-Driven
Continuous Risk
Assessment
Data &
Analytics-enabled
Internal Audit
Dynamic
Audit Plan
Operationalize into
repeatable and
sustainable analytics
D&A Audit
Scoping and
Planning
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
D&A enabled
Audit Workplan
10
Analytics-based Internal Audit Maturity Model
Maturity
Level I
IA Methodology
Traditional
Auditing
Maturity
Level II
Ad Hoc
Integrated
Analytics
Maturity
Level III
Continuous
Risk
Assessment &
Continuous
Auditing
Maturity
Level IV
Integrated
Continuous
Auditing &
Continuous
Monitoring
Maturity
Level V
Continuous
Assurance of
Enterprise Risk
Management
Strategic
Analysis
Enterprise Risk
Assessment
IA Plan
Development
Execution and
Reporting
Continuous
Improvement
Data analytics are
generally not used
Data analytics are partially
used but are sub-optimized
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
Data analytics are effectively
and consistently used
(optimized)
11
Data Analytics-enabled Internal Auditing Transformation Roadmap
Phase I: Develop
Strategic Plan
•
•
•
•
•
•
Understand internal audit
management’s goals, ambitions,
and vision for data and analytics
Share Point of View and Market
Drivers, which may include
facilitating a Internal Audit
team/department awareness
training session and/or sharing
thought leadership
Prepare and conduct Internal
Audit team strategy/roadmap
visioning workshop(s)
Perform current state assessment
across people, process,
technology and information
dimensions within internal audit
and across the organization, if
appropriate
Identify and understand relevant
current organizational initiatives
Identify the systems and relevant
data required for a pilot
Phase III: Radiate Across
Audit Department and
Universe
Phase II: Pilot Execution
Planning / Scoping
• Understand the audit objective(s)
• Determine what analytics are
relevant in achieving the audit
objective(s)
• Data management and analytics
• Design the analytics-enabled
audit program
• Identify relevant IT systems
and determine availability and
quality of data
• Acquire and assess data
quality
Execution
•
•
•
Refine (confirm the logic) and
develop analytics
• Run analytics and perform initial
validation of results to identify
data and/or logic flaws; modify
and re-run analytics as necessary
• Confirm the results of the
analytics support achieving the
audit objective(s)
Reporting
• Interpret results
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
Provide recommendations to
update the audit approach to
include an analytics approach for:
− Modifying (where necessary)
and radiating analytics across
all relevant business
processes and audit areas
and across organization units
− Transitioning, where
appropriate, to continuous
auditing
Assist with Change Management
within IA
− Identify key IA resources that
will drive change throughout
the department
− Identify major risks and/or
barriers to implementing data
& analytics then track the
success of mitigation
strategies
− Design and deliver trainings
focused at the different levels
of involvement (awareness,
planning, execution,
interpretation, reporting, etc.)
Phase IV: Continuous
Program Evaluation
•
•
•
•
•
Regularly evaluate program for
effectiveness and refine, as
necessary
Consider additional areas for
expansion and maturity within the
internal audit and compliance
functions, including quantitativeenhanced continuous risk
assessment
Evaluate opportunities to extend
into the business, including
continuous monitoring
Include the use of data & analytics
in the employee goal-setting and
review process
Continuously evaluate the current
and future maturity of the use of
data & analytics
12
Prioritizing your Audit Plan
& Analytics Development
Process
Prioritizing Your Audit Plan for Use of Data & Analytics
Availability:
Is data available for the audited
process?
No
Yes
Comprehension:
Do your resources have the business
knowledge available to understand
the source data?
Not a likely
candidate
E.g., audit of a manually
performed control
No
Not a likely
candidate
E.g., audit of a complex
process without front end
support of process owner or IT
Yes
Data Quality:
Is the data being captured consistent
in nature and complete
No
E.g., exploratory audit
or profile of a process
Yes
Risk:
Does the audited process/area
represent a high concentration
of risk?
Complexity:
Is the data being obtained from 3
sources or less?
Is the time required to obtain and
validate the data low?
Yes
Top Priority
E.g., OTC
or P2P audit
No
Yes
No
Repeatability:
Will the audit be performed multiple
times using a similar data source (e.g.
same ERP or quarterly audit)?
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
Possible Candidate
Top Priority
E.g., T&E
audit
Yes
Top Priority
E.g., P-Card
audit
No
Possible Candidate
14
Sample Audit Plan CRA Prioritization
Candidate for DAeIA
Audit Area
Procurement &
Payables
Balance Sheet
Review
Cash Controls
Payroll
FCPA
IP Protection
Description
-Vendor analysis
-Vendor setup
-PO
-Invoice
-Payment
-3-way Match
-P-Card
-Travel and Entertainment
Journal entry analysis
Stale account postings
Unusual account pairings
Contra-account activity
Determine whether cash controls
and bank reconciliations are
performed in ERP or performed
manually.
Determine if Payroll is performed
internally in ERP or using a provider
such as ADP
Include FCPA as part of other audits
such as procurement or revenue
cycle
Analytics Type
Frequency
Risk
Complexity (High, Medium, Low)
CRA
Scoping/
Profiling
Detailed
Testing
Repeatable/
Periodic
Risk
Coverage
Process
System
Data
Availability,
Comprehension
& Quality
9
Y
Y
Y
Y
High
Medium
Low
TBD
TBD
14
N
Y
Y
Y
Medium
Low
Low
TBD
TBD
14
N/A
N/A
N/A
N
Medium
Low
High
TBD
TBD
13
N
Y
Y
N
Medium
High
TBD
TBD
TBD
13
N
Y
Y
Y
High
High
Low
TBD
*
N
Y
Y
N
Medium
Medium
High
TBD
*
Y
Y
Y
N
Low
Medium
High
TBD
Y
Y
Y
Y
Medium
Medium
High
TBD
Y*
TBD*
TBD*
Y
High
Medium
Low
TBD
Hours
Timing
TBD
Yes
Likely
TBD
13
NA
Compliance with
Customers'
TBD
4
Requirements
NA
Inventory
TBD
9
Management
Inventory obsolescence
-Customer analysis
-Customer setup
Revenue &
-Sales orders
TBD
3
Receivables
-Shipments/Cutoff
* TBD based
on determination of availability and quality of data
-Credit and Collections
No /
TBD
*
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
15
Data Analytics enabled Internal Audit (DAeIA)
Planning
Scoping
Fieldwork
Define
Audit
Objectives
Acquire data
(see detailed
ETL process)
Business
Understanding
Analytics
scoping
Reporting
ETL (if
necessary)
Results
Validate/
Refine DAeIA
work program
Dynamic
Reporting
Develop
Refine
Draft DAeIA
work program
Interpret
results
Acquire
additional data,
if necessary
(see detailed
ETL process)
Execute
Perform
Analytics
Validate
Perform audit
work steps and
analyze results
(individually and
aggregated)
CRA
Continuous Improvement
Operationalize into repeatable and sustainable analytics
APG Builder
Tools
Exception Manager
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
16
Example Case Studies
Spend Analysis
Assessing Buying Channels for Compliance and Optimization
A financial services company made the decision to encourage more spend using P-Cards to
reduce the number of invoices processed by AP. However, transitioning spend to P-Card without
proper monitoring processes can cause inappropriate spend due to the lack of a formalized
buying process. An analysis was performed to assess the overall effectiveness of the transition to
P-Card as well as identify
Transactions
Expense
Reports
Cardholders
Merchants
Total Spend
42k
6k
355
12k
$47 M
Analysis Included:
•
P-Card Transactions including
•
Potential performance
improvement opportunities
•
Transactions indicative of
fraud, waste, and abuse
•
Non-compliance with the
established policies and
procedures.
•
Assessment of existing process
against Leading Practices
•
AP Spend
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
Key Observations:
•
P-Card Spend as a percentage of
total spend was substantially
lower than the benchmark for the
industry (2.35% vs 8%)
•
$225K in Gift Card purchases
were not included in employee
income
•
$35K in duplicate payments
made simultaneously through AP
and P-Card
18
Retail Competitive Pricing Analytics
Turning Risk into Competitive Advantage
A leading discount shoe retailer offers over 8,000 different styles of shoes via its physical and online
stores. A key management objective is to meet or beat competitors’ pricing – but monitoring their
progress against that objective was difficult. Through the use of data & analytics, these challenges
were overcome to provide a complete picture of the retailer’s pricing positions on a monthly basis.
Shoe Styles
Products
Competitors
Low Cost Retailer
8k
50K
6
56%
Analysis Included:
• Unstructured Data from 6
Websites
• Natural Language
Processing including Fuzzy
Matching
• Configurable scoring
algorithm
• Match results that included
product images to allow for
human review
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
Key Observations:
• 3 of 6 Competitors had
better pricing on more than
50% of products
• 44% of all products did not
have the lowest price among
competitors
• A portion of products
advertised as good deals
were still priced higher than
competitors
19
Questions?
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
20
Thank You
All information provided is of a general nature and is not intended to address the
circumstances of any particular individual or entity. Although we endeavor to provide
accurate and timely information, there can be no guarantee that such information is
accurate as of the date it is received or that it will continue to be accurate in the future.
No one should act upon such information without appropriate professional advice after a
thorough examination of the particular situation.
Some or all of the services described herein may not be permissible for KPMG audit
clients and their affiliates.
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of
the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559
The KPMG name, logo and “cutting through complexity” are registered trademarks or
trademarks of KPMG International.