1 / 44

Use of ACL in Audits & Investigations

Use of ACL in Audits & Investigations. Lon S. Heuer, CPA, CIA Associate Vice President for Institutional Compliance and Director, Office of Internal Audits Dyan G. Hudson, CISA Associate Director, Office of Internal Audits. Agenda. Overview of Generalized Audit Software How to Get Started

issac
Download Presentation

Use of ACL in Audits & Investigations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Use of ACLin Audits & Investigations Lon S. Heuer, CPA, CIA Associate Vice President for Institutional Compliance and Director, Office of Internal Audits Dyan G. Hudson, CISA Associate Director, Office of Internal Audits

  2. Agenda • Overview of Generalized Audit Software • How to Get Started • Getting Basic File Information • Looking for Anomalies • Detailed Transaction Analysis • Example – Procurement Card Case Study

  3. OverviewWhat does it do? • Allows auditors to extract and analyze data independent of programmers and auditees • Summarizes large amounts of data • 100% testing of large populations • Increases probability of detecting errors and omissions • Increases probability of detecting fraud

  4. Getting StartedKnow Your Data! • Know where to get it • Platform (PC/mainframe/other) and format • Quantity and extract options • Knowledgeable staff • Know what it should look like • Important fields • Statistical expectations • Check key fields for validity • Numeric / alphanumeric • Blank / non-blank • Valid codes

  5. Getting Started Validity Checks Demo

  6. Get Basic Information • Generate summaries and statistics on key fields • Record count • Totals and key subtotals • Average, maximum, minimum values • Run “overview” reports (Classify, Summarize)

  7. Get Basic Information Summary statistics demo Overview reports demo

  8. Look for Anomalies • Exception reports • Statistical deviance and digital analysis • Benford’s Law • Rounding of amounts • Even dollar amounts Stuff to Read: www.utexas.edu/admin/audit/files/ Using Audit Tools Case Studies Digital Analysis

  9. Look for Anomalies

  10. Look for Anomalies

  11. Look for Anomalies Exception report demo Benford’s analysis demo

  12. Detailed Transaction Analysis • Extract “suspect” records for review • Select statistically valid sample for review and extract

  13. Detailed Transaction Analysis Extract Demo

  14. ACL Exercises Go to www.utexas.edu/admin/audit/files/ Download all files. Open CARDUSE.ACL using ACL Workbook and follow instructions in EXERCISES.DOC.

  15. ExampleProcurement Card Fraud Background • Fiscal Year 2000 Audit Plan – Spot Check • Procurement Card Program Fiscal Year 99 • Follow up to 1997 audit • Statistics • Over 300 departments and 1,680 cards • 281,000 transactions (through 5/31/2002) (78,463 in FY01, 63,559 in FY02 through 5/31) • $41.3M ($12.0M in FY01, $9.3M in FY02 through 5/31)

  16. Obtaining Data for Analysis Data from Bank of America Card Data Merged Transaction Data File in ACL Transaction Data Merchant Classes Data from UT Accounting System Accounting/Payment Data

  17. Data Analysis Using ACL Summaries & Statistics • High volume cardholders • High dollar cardholders • High volume merchants • High dollar merchants Exceptions & Anomalies • Policy violations • Other unusual transactions

  18. Policy Violations Type of Purchase Created reports based on merchant class code to identify unusual types of purchases International items Clothing stores Pets Gas Flowers Bicycle shop Gifts Charities Schools Equipment Rental Colleges Travel-related Postal Service Utilities (including telephone services) Internet Grocery stores Transportation Antiques ü ü ü ü ü ü ü ü ü ü ü

  19. Other Policy Violationsand Unusual Transactions • Transactions over $999.00 limit • Split Orders – multiple transactions to single vendor on single day with total amount over $999.00 • Even dollar amounts • Sales tax paid to Texas merchants

  20. Match Suspect Transactionsto Accounting Records • Complicated account postings and transfers between accounts • Matched dollar amounts and dates using ACL’s Duplicate function to identify movement of funds between accounts • Scrutinized electronic routing and approval of electronic payment documents to identify weaknesses in segregation of duties and/or insufficient account/transaction reviews

  21. Initial Investigation • Reviewed Existing Reports • Ran Additional Reports - Single Card Use • Collection of Receipts • Meeting with Principal Investigators • Personnel Actions • Secure Electronic Hardware/ Files/ etc. • Coordination with Police and District Attorney’s Office • Arrest of subject

  22. Compilation of Evidence • Problems • Card Use (10/97 - 4/00) • Transactions: 1,840 • Volume: $209,403 • Post 4/99 Receipts Destroyed (65%) • Complicated Account Postings • Number/Type of Vendors

  23. Compilation of Evidence • Approach • Document Each Transaction • Evaluate Source Documents: • Original receipt • Receipt copy - On request or by subpoena • Vendor web sites - order history & account info • E-mail purchase & shipping confirmations

  24. Case I Receipts Online order history Email confirmations Returns for credit on personal cards Case II Receipt with forgery Online order history Email confirmations Compilation of Evidence

  25. Case I - Receipts

  26. Case I - Receipts

  27. Case I – Online Order History

  28. Case I – Email Confirmation

  29. Case I – Returns Return Order Credit

  30. Case II – Receipt With Forgery Forged Receipt

  31. Case II – Receipt With Forgery Actual Receipt Forged Receipt

  32. Control Issues • Separation of Duties • Sharing of Passwords • Account Reconciliations • Minimal Account Reviews

  33. Corrective Steps • Letters to Deans, Directors, Principal Investigators, etc. • Follow-up Confirmations to Hierarchical Groups • Improvement of Control Structure • On-going Part of Compliance Program

  34. Improvement of Control Structure • Website Information http://www.utexas.edu/admin/purchasing/procard/pcardwelcome.html • Testing of new cardholders http://www.utexas.edu/admin/purchasing/procard/pcardmodule1.html • Tightened card use limits • Review/acknowledge voucher approval

  35. On-going Compliance Activities • Inclusion in Compliance Verification System • Approvals of monthly vouchers • Quarterly reviews using ACL

  36. Quarterly ACL Reviews • Card Use Reports • Ranks by $ amount • Ranks by # transactions

  37. Card Use Summary

  38. Quarterly ACL Reviews • Card Use Reports • Ranks by $ amount • Ranks by # transactions • Compliance/Miscellaneous Reports • Transactions > $999.00 • Potential Split Orders • Posting delays > 30 days

  39. Compliance/Misc. Summary

  40. Compliance/Misc. Summary

  41. Quarterly ACL Reviews • Card Use Reports • Ranks by $ amount • Ranks by # transactions • Compliance/Miscellaneous Reports • Transactions > $999.00 • Potential Split Orders • Posting delays > 30 days • College/Department Level Reports

  42. Quarterly ACL Reviews • Merchant Summary Reports • High $ Merchants • “Suspect” Merchants • Merchant Types • Specific Card Investigations/Watches

  43. Procard Review Procedures • Reports • Coordination with Other Departments • Internal Audits • Purchasing • Accounts Payable • Follow-up

  44. Questions? Lon Heuer l.heuer@mail.utexas.edu Dyan Hudson d.hudson@mail.utexas.edu

More Related