80 likes | 262 Views
Real-Time Business Assurance. Chung-Sheng Li DGM, Security, Privacy and eXtensible technologies IBM Research Division. November 8, 2006. Why Real-time Business Assurance?. Real-time business assurance allows enterprises to comply with regulations and minimize risk. Continuous
E N D
Real-Time Business Assurance Chung-Sheng Li DGM, Security, Privacy and eXtensible technologies IBM Research Division November 8, 2006
Why Real-time Business Assurance? Real-time business assurance allows enterprises to comply with regulations and minimize risk • Continuous • Allows mistakes or fraud to be detected early, rather than long after the fact. Avoids restatement of results. • Integrated • Current solutions are fragmented. • Fragmentation in solutions between partners and service providers (Ex.: IBM and Lenovo have different standards for revenue recognition) • “Organizations that choose individual solutions for each regulatory challenge they face will spend 10 times more on compliance projects than those that leverage each implementation for multiple requirements (0.9 probability).” Gartner ITxpo, 2005 • Complete • Current auditing methods only verify integrity of a sample of transactions, and does not offer a complete view of the state of the enterprise. Can miss major accounting errors. • Continuous auditing is gaining steam • 81% of companies had or plan to have continuous auditing (PwC survey), e.g. Siemens, Cisco, FDIC. • From 2005 to 2006, companies with continuous auditing jumps from 35% to 50% (PwC survey)
Shipping notice Deliver the goods or services Request payment for the goods or services Shipping system Billing system Accounts Receivable ↑ Revenue ↑ Inventory ↓ Cost of Goods Sold ↑ Sales order Sales invoice Order entry system Cash receipts system Accounts Receivable ↓ Cash ↑ Customers Receive cash in payment Receive a request for goods or services Payment Scenario: Continuous Auditing for the Revenue Cycle Major Auditing Cycles Revenue/ Collection Cycle Acquisition/ Expenditure Cycle Production Cycle Payroll Cycle Finance and Investment Cycle Credit Granting Credit files, reports Customer payments (cash receipts) Customer order Purchase order, contracts
Continuous Assurance Architecture for Revenue Collection General Ledger (Journal) Supporting Documents for A/R Reserve, Discount, Returns and Allowance Policy Repository (e.g. Accounting Practices, Revenue Recognition guidelines) Ledger System Account Receivable (Master) Dashboard 2 Order System Credit Check (Master) Alert Pending Order (Master) Policy Engine Business Integration Server (e.g. WPS) Back Order (Master) Compliance Report Information Integration Server (e.g. WII) Billing System Streaming Control Identification & Audit Engine (based on quantifiable control risk) Sales Invoice (Master) Master Data Management (e.g. WPC, WCC) 3 Inventory Control System Audit Provenance Store Transaction Provenance Store Control Provenance Store Inventory (Master) 1 1 1 Cash Receipts System Cash Receipts (Master) Isolation and segregation Isolation and segregation Isolation and segregation
Continuous Assurance Architecture for Revenue Collection General Ledger (Journal) Supporting Documents for A/R Reserve, Discount, Returns and Allowance Real time identification of “controls”:based on quantifiable risk framework for assessing the inherent risk, audit risk, control risk, and detection risk Policy Repository (e.g. Accounting Practices, Revenue Recognition guidelines) Ledger System Account Receivable (Master) Dashboard Policy for revenue recognition: e.g. IBM recognizes revenue at shipping, Lenovo recognizes revenue at delivery; gross vs. net, multi-element arrangement, etc. Policy for identification of “Controls”: e.g. any entity that has a sale price higher that $1M, or delivery latency higher than 7 days, or involving returned goods, or involving discount higher than 5%, or sales commission higher than 3%. 2 Order System Credit Check (Master) Alert Pending Order (Master) Policy Engine Business Integration Server (e.g. WPS) Back Order (Master) Compliance Report Information Integration Server (e.g. WII) Billing System Streaming Control Identification & Audit Engine (based on quantifiable control risk) Sales Invoice (Master) Master Data Management (e.g. WPC, WCC) 3 Inventory Control System Audit Provenance Store Transaction Provenance Store Control Provenance Store Inventory (Master) 1 1 1 Cash Receipts System Constructing the “entity” centric provenance: need to collect information on the entirely history of who has done what at when on the “entity” from order placement, credit check, order fulfillment, inventory verification, shipping verification (from carrier), invoicing, payment collection, account receivable, and general ledger. Potentially needing to extract provenance from supporting documents related to A/R reserve, discount, returns, and allowance. Cash Receipts (Master) Isolation and segregation Isolation and segregation Isolation and segregation
Discovery and/or Capture End-to-End Provenance General Ledger (Journal) Supporting Documents for A/R Reserve, Discount, Returns and Allowance Inference/discovery end-to-end provenance from business context and information warehouses Policy Engine Ledger System Account Receivable (Master) Policy Repository Order System Credit Check (Master) Pending Order (Master) Master Data Management (e.g. WPC, WCC) Provenance Discovery & Management (e.g. WII) Business Integration Server (e.g. WPS) Back Order (Master) Billing System Sales Invoice (Master) Inventory Control System Automatically capture provenance from execution of business processes Inventory (Master) End-to-End Provenance Store Customer, Product, and Price data Cash Receipts System Cash Receipts (Master)
Compliance Oriented Architecture Using Provenance StoreAsynchronous vs. Streaming Assurance Assurance/ compliance is performed synchronously as applications record provenance into provenance store Assurance/compliance is performed asynchronously as applications record provenance into provenance store Enterprise Application Enterprise Application Enterprise Application Enterprise Application … … Information Warehouse Information Warehouse Information Warehouse Information Warehouse Record Documentation of Execution Record Documentation of Execution Streaming Assurance Engine Streaming Query of Provenance Data End-to-end Provenance Store Assurance Engine End-to-end Provenance Store Query Provenance Data
Thank Youcsli@us.ibm.com Chung-Sheng Li DGM, Security, Privacy and eXtensible Technologies IBM Research Division