170 likes | 279 Views
The Road to Continuous Monitoring – Why Isn’t Everybody Doing It?. Evolution of Continuous Monitoring. Automated Testing / Continuous Monitoring – No User Intervention Required (Frequent Testing for Leading Indicators of Problems).
E N D
The Road to Continuous Monitoring – Why Isn’t Everybody Doing It?
Evolution of Continuous Monitoring Automated Testing / Continuous Monitoring – No User Intervention Required (Frequent Testing for Leading Indicators of Problems) Menu Based Applications - Limited User Intervention Required (Regular Testing Of Identified Risk Areas) $ $ $ Most groups are stuck here. Individual Macros - Some User Intervention Required (Periodic Testing of Selected Areas) Most Organizations Manual Processing - Full User Intervention Required (Retrospective Testing and Sampling)
Obstacles to Continuous Monitoring • Obtaining the data easily on a systematic basis • Standardizing the analysis process by identifying key risk areas and leading indicators • Identifying a “champion” to spearhead creation of custom analysis routines and allocating time to complete the work • Avoiding the use of multiple applications to produce the desired output • Moving to proactive monitoring from historic focus on periodic retrospective testing
Case Study: Truliant FCU On The Road to Continuous Monitoring
About the Organization • Truliant Federal Credit Union • chartered in 1952 to serve the employees of Western Electric • known as Radio Shops Credit Union • approximately 2,000 members and a little over $100,000 in assets. • name was changed in 1999 after membership was opened to other groups and companies • Truliant now has 25 member centers in five states with more than 170,000 members and over $1 billion in assets.
Implementation of Data Analysis • Internal Audit Department purchased IDEA in 1999 for: • branch audits • election • fraud review • Accounting departments began using IDEA in 2000 for: • loan reconciliations • ATM reconciliations • Out of balance searches
Obstacle 1: Obtaining the data Due to the size of their tables, Truliant chose to use customized SQL queries to obtain data for analysis - cumbersome and requires IT assistance - inhibits process automation
Obstacle 2: Standardize the Process IDEAScript routines have been successfully developed for the analysis of the following critical areas: • File maintenance (weekly): • Due dates (bring dates back in) • Rates (changed fixed rates, variable that don’t change) • Address Changes (changes from in-state to out-of-state) • Overrides (are they proper) • Dormant accounts (what activity is going on)
Obstacle 2: Standardize the Process • Branch audits (approximately 12 per year): • Analyze teller outages (highs, lows, gross, net, totals) • Cash usage versus cash levels (tellers, ATM’s, CDM’s) • Miscellaneous expense (analyze contents) • Account and loan reviews (as deemed necessary): • High/low/odd rates (unreasonable rates) • Payment amounts (unreasonable amounts) • Accrued interest (unreasonable accruals) • Negative balances
Obstacle 3: Champion Needed The IA champion that developed many of the existing IDEAScript testing routines has left the credit union. The Internal Audit group is continuing with the projects underway and, when fully staffed, plan on continuing down the path of continuous auditing.
Obstacle 4: Multiple Applications Currently Truliant uses multiple applications to complete single analysis processes. The applications include SQL Server, IDEA, Excel, and their email system. Parts of some processes are accomplished by using separate macros in different applications.
5. Focus on Periodic Testing The most frequent testing results are contained in the weekly reports that test for problems in specific high risk areas. All other tests performed focus on retrospective testing to identify problems or errors.
Strategies for Future 1. Resolve data acquisition problems • IDEA’s recently released enhanced ODBC import can help resolve this problem • SQL statements for data acquisition can be built into analysis macros to eliminate use of multiple applications/tools for data importing
Strategies for Future 2. Use full capabilities of VBA interfaces • Streamline logic and merge macros to minimize or eliminate user intervention • Combine macros from separate applications into a single script that calls on all needed applications
Strategies for Future 3. Find assistance for current champions • Use outside resources for assistance in combining macros from different applications and developing additional automated tests • Create menus for audit applications to simplify the processes and user interfaces
Strategies for Future 4. Shift to proactive monitoring • Automate any tests that can be run without user intervention • start with the weekly file maintenance tests • Using information from exiting audit tests, identify additional leading indicators of potential problems • Create/adapt test to search for these events on a more frequent basis • Use the results from the automated tests in the risk assessment process to help determine the focus of on-going audit activities.
Conclusion Come back next year and we’ll let you know how it turns out!