130 likes | 275 Views
Continuous Auditing Software Project County of San Diego. Presented by Christine Nahimana. Executive Summary. The Project is part of an “Integrated Internal Controls Assurance Initiative” by the Office of the Auditor and Controller at the County of San Diego.
E N D
Continuous Auditing Software ProjectCounty of San Diego Presented by Christine Nahimana
Executive Summary • The Project is part of an “Integrated Internal Controls Assurance Initiative” by the Office of the Auditor and Controller at the County of San Diego. • Proactive approach to applying standards consistent with regulatory and compliance requirements, such as those produced by the Institute of Internal Auditors (IIA), the SEC and various Federal, State and Local Agencies • Existence of a Manual Auditing System - actual material value of audit findings that indicate fraud, waste or misuse tends to be small (typically, 1% -2% of total transactions)
Problem Statement • Manual reviews (Audits) to monitor fiscal transactions often have a high cost associated with them and only provide a “point in time” analysis, based on only a sample of all the transactions involved. • Findings from internal audit activity prove that the current system often fail to detect discrepancies, irregularities, and indicators of susceptibility of fraud in some business processes especially the P-card usage.
Project Objectives • Automating the current manual approach to monitoring the procurement process, reducing the staff, time and costs that would be required to analyze 100% of related transactions • Providing increased oversight into the County’s internal financial controls enhancing thereby their ability to attest to the effectiveness of internal controls
Justification: Reducing the material and political risk related to waste, fraud and misuse of public funds Enabling a proactive vs reactive approach to fraud Fraud Prevention vs Fraud Detection Scope limitation : The project is for the monitoring of Purchase Cards transactions not other financial transactions PROJECT SCOPE
Project Scope- CAS Technical Requirements • Web browser based operating in the following system environment: TCP/IP network, MS Server 2003 SP1, MS SQL Server 2000 database, Microsoft IIS servers and Windows XP SP2 workstations, or later versions. • Test transaction data at the source level using industry standard formats for internal controls • Compatible with current sources of data at the County such as Oracle, PeopleSoft, US Banks • Allow County administrators to easily modify exception thresholds and tolerances • provide internal data and security controls to restrict access base on specified user identification • Capability of displaying and printing customizable reports • Use of Benford’s Law, number patterns, ratios, and duplications to look for anomalous patterns, differences, matches, and anomalies
Project Scope – more – Functional Requirements • Sequences or timing anomalies • Spending limits exceeded • Restricted items • Unexpected patterns or amounts • Vendor/employee associations • Suspicious data values or formats • Suspicious adjustments, credits or refunds • Unauthorized or deactivated card numbers • Unauthorized, invalid, or inactive employees • Unauthorized, debarred, or suspicious Merchants • Improper segregation of duties • Split Transactions • Duplicates (requisitions, POs, or payments) • Mismatched quantities or dollars (requisitions, POs, or payments) • Improper authorizations • Untimely resolution of holds
Measures of Success • Meet all the functional and technical requirements • Software must be user friendly • Software should allow to analyze 100% of data • Delivery of the software should be within time estimate
Configuration Design Configuration Implementation PHASE 1 PHASE 2 PHASE 3 PHASE 3 PHASE 4 PHASE 4 • Technical and Functional Requirement Design • Vendor Selection based on specified Criteria • Confirm detailed technical requirements and configuration design • Competitive Bid Analysis • Configuration of the Software • Configure data / application / UI for each test • Format views / configure alerts • Configure application in test environment • QA and Validation • User & System Training • Test data extraction (monitor for system performance) • Test and validate functionality • User acceptance • Tech Support • Application Maintenance • Releases to User Interface Ongoing 6-8 Weeks All Skateholders at the County: Project manager- 2 Auditors – 2 IT staff, Vendors 4-6 Weeks The Program Manager as well as 1 IT representative work closely with Vendor 2-3 Weeks • All skateholders are involved in this phase Implementation and Development
Risk Management Strategy in Contracts Specifications • Quality testing and assurance at each phase of project development or implementation • Provide unlimited daytime support while under maintenance • Provide updates, upgrades, forms and workarounds while under maintenance • Provide up to date user/training manual. Updates to the user/training manuals shall be included under maintenance • Training session, or instructions, on revised and new forms and on each new version of the software
Communication Management Strategy Project Manager with Management Every week managers will receive a progress report by a meeting with the Project Manager. Daily problems and questions will be best communicated by email. Project Team and Project Manager Once tasks are assigned among team members, they will meet twice a week during the Configuration Design and implementation phase. Daily problems and questions will be best communicated by email Project Manager and Vendor’s Communication For clarity, configuration and implementation services include on-going communications with the vendor by meetings, correspondence for confirmation of requirements, emails, phones or faxes, training. Same during the Support and maintenance phase.