1 / 17

The Road to Continuous Monitoring – Why Isn’t Everybody Doing It?

The Road to Continuous Monitoring – Why Isn’t Everybody Doing It?. Evolution of Continuous Monitoring. Automated Testing / Continuous Monitoring – No User Intervention Required (Frequent Testing for Leading Indicators of Problems).

cedric
Download Presentation

The Road to Continuous Monitoring – Why Isn’t Everybody Doing It?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Road to Continuous Monitoring – Why Isn’t Everybody Doing It?

  2. Evolution of Continuous Monitoring Automated Testing / Continuous Monitoring – No User Intervention Required (Frequent Testing for Leading Indicators of Problems) Menu Based Applications - Limited User Intervention Required (Regular Testing Of Identified Risk Areas) $ $ $ Most groups are stuck here. Individual Macros - Some User Intervention Required (Periodic Testing of Selected Areas) Most Organizations Manual Processing - Full User Intervention Required (Retrospective Testing and Sampling)

  3. Obstacles to Continuous Monitoring • Obtaining the data easily on a systematic basis • Standardizing the analysis process by identifying key risk areas and leading indicators • Identifying a “champion” to spearhead creation of custom analysis routines and allocating time to complete the work • Avoiding the use of multiple applications to produce the desired output • Moving to proactive monitoring from historic focus on periodic retrospective testing

  4. Case Study: Truliant FCU On The Road to Continuous Monitoring

  5. About the Organization • Truliant Federal Credit Union • chartered in 1952 to serve the employees of Western Electric • known as Radio Shops Credit Union • approximately 2,000 members and a little over $100,000 in assets. • name was changed in 1999 after membership was opened to other groups and companies • Truliant now has 25 member centers in five states with more than 170,000 members and over $1 billion in assets.

  6. Implementation of Data Analysis • Internal Audit Department purchased IDEA in 1999 for: • branch audits • election • fraud review • Accounting departments began using IDEA in 2000 for: • loan reconciliations • ATM reconciliations • Out of balance searches

  7. Obstacle 1: Obtaining the data Due to the size of their tables, Truliant chose to use customized SQL queries to obtain data for analysis - cumbersome and requires IT assistance - inhibits process automation

  8. Obstacle 2: Standardize the Process IDEAScript routines have been successfully developed for the analysis of the following critical areas: • File maintenance (weekly): • Due dates (bring dates back in) • Rates (changed fixed rates, variable that don’t change) • Address Changes (changes from in-state to out-of-state) • Overrides (are they proper) • Dormant accounts (what activity is going on)

  9. Obstacle 2: Standardize the Process • Branch audits (approximately 12 per year): • Analyze teller outages (highs, lows, gross, net, totals) • Cash usage versus cash levels (tellers, ATM’s, CDM’s) • Miscellaneous expense (analyze contents) • Account and loan reviews (as deemed necessary): • High/low/odd rates (unreasonable rates) • Payment amounts (unreasonable amounts) • Accrued interest (unreasonable accruals) • Negative balances

  10. Obstacle 3: Champion Needed The IA champion that developed many of the existing IDEAScript testing routines has left the credit union. The Internal Audit group is continuing with the projects underway and, when fully staffed, plan on continuing down the path of continuous auditing.

  11. Obstacle 4: Multiple Applications Currently Truliant uses multiple applications to complete single analysis processes. The applications include SQL Server, IDEA, Excel, and their email system. Parts of some processes are accomplished by using separate macros in different applications.

  12. 5. Focus on Periodic Testing The most frequent testing results are contained in the weekly reports that test for problems in specific high risk areas. All other tests performed focus on retrospective testing to identify problems or errors.

  13. Strategies for Future 1. Resolve data acquisition problems • IDEA’s recently released enhanced ODBC import can help resolve this problem • SQL statements for data acquisition can be built into analysis macros to eliminate use of multiple applications/tools for data importing

  14. Strategies for Future 2. Use full capabilities of VBA interfaces • Streamline logic and merge macros to minimize or eliminate user intervention • Combine macros from separate applications into a single script that calls on all needed applications

  15. Strategies for Future 3. Find assistance for current champions • Use outside resources for assistance in combining macros from different applications and developing additional automated tests • Create menus for audit applications to simplify the processes and user interfaces

  16. Strategies for Future 4. Shift to proactive monitoring • Automate any tests that can be run without user intervention • start with the weekly file maintenance tests • Using information from exiting audit tests, identify additional leading indicators of potential problems • Create/adapt test to search for these events on a more frequent basis • Use the results from the automated tests in the risk assessment process to help determine the focus of on-going audit activities.

  17. Conclusion Come back next year and we’ll let you know how it turns out!

More Related