1 / 27

Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn

Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn. Steve Boyce VP, Alliances & Business Development Approva Corporation Nov 7, 2008. Game Plan. The role of intelligent business controls in driving performance What is Controls Intelligence?

devin
Download Presentation

Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn Steve Boyce VP, Alliances & Business DevelopmentApprova Corporation Nov 7, 2008

  2. Game Plan • The role of intelligent business controls in driving performance • What is Controls Intelligence? • Best practices for implementing a controls intelligence strategy • Business benefits of controls monitoring • Case studies & lessons learned

  3. Key Drivers for GRC Investments • (c) OCEG Source: The Governance, Risk Management, and Compliance Spending Report, 2008–2009, AMR Research • 11/18/2008 © 2007 Approva Corporation. All rights reserved.

  4. A Typical Large Organization Has Hundreds or Thousands of Controls OPERATIONAL Purchasing Must Adhere to Corporate Procurement Policies Business Processes RISK Third-Party ContractorsShould Not Have Accessto Proprietary Applications COMPLIANCE An Employee Cannot Backdatea Journal EntryAfter the Endof a Quarter

  5. The Cost of Poor Controls Intelligence Companies today… GE to Adjust Accountingin Bid to End Probe “…Problems with revenue recognition have cropped up in several GE units.” NEC Details Major Fraud “Fake orders resulted in$4 million in kickbacks. Meanwhile, internal investigations continue.” • Most controls are monitored manually. • Critical controls go untested. • Control breakdowns are identified long after they occur. • CFOs sign off on financials with imperfect information. G.M. Says It Has Found Serious Flaws in Accounting “…performance was threatened by “ineffective” controls over financial reporting…”

  6. Companies Have Three Main Types of Controls Operations & Financial ReportingTransactions, Fraud, Master Data Quality, Business ControlsAccess to ApplicationsSegregation of Duties, Emergency Access, User ProvisioningConfiguration of IT Systems & ProcessesChange Management, Required Fields, Tolerances and Limits

  7. A Controls Intelligence Strategy Must Address the Entire Lifecycle of Controls ControlsIntelligenceLifecycle Controls Intelligence System

  8. Approva Provides Controls Intelligence Software that enables you to: Optimize Operational Controls Automate Compliance Reduce Risk & Fraud

  9. Approva’s Risk & Controls Intelligence Platform Risk Dashboard Risk Analytics CaseManagement Risk Monitoring Certification Management Approva Risk Management Solutions Identifying & Preventing Fraud Managing Cash Flows & Working Capital Managing Assets & Inventory Ensuring the Accuracy of Financial Reports Securing & Ensuring Accuracy of Master Data Managing User Access & Segregation of Duties (SoD) Compliant Provisioning Certifying Access Securing Sensitive Information Ensuring Best Practice Process Configuration Settings Ensuring Best Practice System Configuration Settings Approva Risk & Controls Intelligence System • Risk Analytics • Continuous Monitoring • Proactive Alerting • Baselining • Risk KPI Monitors • Audit Repository Authoring Studios

  10. What the Analysts Say About Approva “We rate Approva's BizRights suite as strong positive because of its breadth of capability in all categories of SOD control.” “Approva should be on the shortlist of every organization taking a comprehensive approach that requires strong support for all three techniques, especially those organizations that need to support multiple ERP platforms or those that prefer an independent vendor.” Source: 2008 Gartner MarketScope on Segregation of Duty Within ERP and Financial Applications by Paul E. Proctor, Neil MacDonald, 25 September 2008

  11. Case Studies & Best Practices

  12. Case Study 1: Automating Financial Controls Business Challenge Profile • Reducing Risk: • Concerned about risk in the financial close process. • Financial controls could not be cost-effectively tested, monitored or enforced. • People were circumventing the process to make manual journal entries & update the chart of accounts. • Reducing Compliance Costs: • Financial controls required extensive effort by Internal Audit to manually test on an ongoing basis. • Manual queries had to be written, updated and executed. Results had to be manually reviewed. • Improving Efficiency: • Too much time was being wasted researching financial anomalies for audits. • Fortune 100 retailer • $76B in Revenue • 96,000 Employees • PeopleSoft Financial Management System (FMS) v8.4 “Misrepresenting our financial results would have had disastrous implications but it just wasn’t feasible to continuously monitor every control.” © 2008 Approva Corporation. All rights reserved.

  13. Financial Controls Case Study: Approva’s Approach Finance / CFO Internal Audit Risk Management Human Resources Outsourcing Partners External Audit CIO/ IT Unauthorized Transactions Entries Avoiding Mgmt Review • Approva is used to monitor financial configuration and transaction-related controls. • Automatic alerts identify control exceptions so they can be addressed immediately. Reversed Transactions Unauthorized Master Data Changes Unusual Debits & Credits Unusual Trending in Key Accounts Backdated Journal Entries Revenue Entries After Period Close Transactions With Missing Fields © 2008 Approva Corporation. All rights reserved.

  14. Financial Controls Case Study: Benefits Business Benefits • Reduced risk of fraud and financial misstatement due to comprehensive and continuous monitoring of key financial controls. • Elimination of errors resulting from people circumventing existing financial controls and policies. Reduced Risk • Reduced time required for internal audit team to test controls and respond to external audit requests. • Reduced travel and expense costs for internal audit team. Reduced Compliance Costs Improved Productivity • Improved utilization & retention of internal audit and finance staff resulting from elimination of low-value tasks. “We were able to design and implement our automated financial controls within 3 months of the project kickoff.”

  15. Case Study 2: Controls Monitoring Across 26+ Applications Business Challenge • Identify & remediate user access violations across 26 applications. • Hold business users accountable for user access violations. • Manage controls for SAP go-live and legacy applications. • Create the capability to quickly add new applications as business needs change. © 2007 Approva Corporation. All rights reserved.

  16. Limited Brands: Complex IT Environment Brand 3 Brand 2 Brand 4 Brand 5 Brand 1 26+ Applications

  17. Case Study 2: Limited Brands Business Benefits • Established sustainable process for monitoring and remediating user access (i.e. SoD) violations for 26+ app’s • Empowered business users to independently remediate and manage access control violations • Established accountability with business users for SoD violations • Created a framework to quickly incorporate additional applications into Approva for SoD monitoring © 2007 Approva Corporation. All rights reserved.

  18. Case Study 3: P-Card Transaction Monitoring Profile Client Objectives • Monthly reconciliation activity taking too much manual time and effort • Manual audit was ineffective in meeting board oversight goals • Goal to grow the program, driving more value • One of the largest school districts in the US • ~$50 Billion annual spend • Started with $24M through P-Cards, grown to $104M • Started with ~250 cardholders, grown to 2,500 and 300K transactions • 5 full time P-Card program administrators • SAP and Legacy MainframeGL systems • Citibank Payment Card Benefits • Grew P-Card spend from $24M to $104M annually, and increased card holders from 246 to 2,500 • Increased dollar rebate (~10 Basis Points) • P-Card program is effectively enforcing corporate policies and maintaining compliance, encouraged by board to continue to grow P-Card usage • Reduced audit preparation time through automation • Automated reconciliation; reduced time and errors • Avoided retraining users when switching banks. Able to capture most advantageous rebate offers. • Caught and stopped instances of misuse and was able to document issues and resolve quickly © 2008 Approva Corporation. All rights reserved.

  19. Top Challenges With P-Card Programs Include Managing Exceptions and Administration Tasks Challenges Faced with P-Card Programs Challenge score based on survey respondents “Controls are the most pressing issue to increase spend and number of P-Card users” Source: Aberdeen Group, August 2007 © 2006 Approva Corporation. All rights reserved.

  20. Approva P-Card Insight: Key Product Features P-Card Insight Workflow & Escalation Dashboards and Reporting • Monitor and provide proactive alerts on P-Card program exceptions using complex analytics • Provide executive level dashboards on key risk and performance indicators • Sophisticated workflow with escalation for exception resolution with associated audit trail • Automatically reconcile transactions with purchases • Augment bank transactions with level II and III data Automatic Reconciliation Proactive Alerts Complex Analytics Audit Trail © 2008 Approva Corporation. All rights reserved.

  21. P-Card Insight Product Features (I) Key Product Capabilities and Highlights • Complex workflows with escalations for sophisticated management of exceptions by user, auditor, or manager • Contextual business information provided • Can interact with end user via email or BizRights interface • Ability to have transactions and purchases flagged as automatically reconciled so no manual intervention required • Force manual reconciliation based upon business rules (threshold based on dollar amount, specific type of purchases, user, manager etc.) • Customizable reporting and dashboard • Dozens of pre-built reports • Drill down and drill through to find root cause of violations • Multiple level of reports, from graphical to summary to detail Workflow& Escalation Automatic Reconciliation Dashboards& Reporting © 2007 Approva Corporation. All rights reserved.

  22. P-Card Insight Product Features (II) Key Product Capabilities and Highlights Proactive Alerts • Ability to schedule for automated and proactive report delivery • Workflow tasks proactively emailed to inbox of user • Best practice library of controls • Trending analytics to search for anomalies • Ability to analyze data from multiple systems within same rule • Complete capture of historical data • Audit trail maintained for all operations in the system • PCI DSS Level 1/SAS 70 Type II Certified • Secure platform that can be used as a control Complex Analytics Audit Trail © 2007 Approva Corporation. All rights reserved.

  23. Approva P-Card Insight Benefits • Increased procurement saving • Reduced Cost of Monitoring and audit preparation • Vendor Consolidation • Bank Neutrality • Cardholder convenience Reduced Cash Loss / Waste Improved Process Efficiency Reduced Risk • Increased Rebate • Eliminate non-preferred vendor spend • Increased Discounts • Identify leakage • Increased program assurance • Culture of Enforcement • Proactive identification of exceptions • Improve financial and budget controls © 2006 Approva Corporation. All rights reserved.

  24. Controls Intelligence Benefits Customer Benefit from Improved Controls Intelligence CATEGORY TYPE OF BENEFIT

  25. In Summary • Start With the Core Risk But Have a Plan to Expand • Capture “low hanging fruit” by automating manual controls • Focus on your top risks but ensure your solution can scale • Validate your approach and solution with your auditor 1 2 • Consider Both Financial and IT Controls • Implement both preventive and detective controls • Consider the impact of IT, access and transaction-related controls • Trust but verify controls that come with your core applications 3 • Business Users Should Own the Controls • Make sure your solution can speak to business users in their language • Empower business users to develop their own controls • Free up IT and internal audit staff to focus on value added tasks

  26. Manufacturing, Transportation & Public Sector Selected Approva Customers Technology, Telecom & Media Consumer Products & Retail Pharmaceutical & Biotech Entertainment Energy & Chemicals © 2007 Approva Corporation. All rights reserved.

  27. Contact Information Steve Boyce VP, Alliances & Business Development Approva Corporation steve.boyce@approva.net 703.956.8366 www.approva.net

More Related