170 likes | 339 Views
Practical Uses of Continuous Monitoring ….and How To Drive It Forward. Presented By: Richard B. Lanza, CPA-CITP, CFE, PMP President, Cash Recovery Partners, LLC rich@auditsoftware.net 973-601-3701. Agenda. What are we seeing What is holding back CM/CA What can drive it forward.
E N D
Practical Uses of Continuous Monitoring….and How To Drive It Forward Presented By: Richard B. Lanza, CPA-CITP, CFE, PMP President, Cash Recovery Partners, LLC rich@auditsoftware.net 973-601-3701
Agenda • What are we seeing • What is holding back CM/CA • What can drive it forward
Who are the Users? • Process owners (A/P, A/R, etc.) • Recovery audit functions/firms • Trend-setting internal audit departments • Big 4 accounting firms
What Are the Applications? • Purchase-to-Pay • T&E • Procurement Card • Payroll • Order to Cash • Inventory • General Ledger Recovery / Fraud Process Managers Auditors
How Do They See the Light? • Major prior cash outflow / fraud • Have a past taste of data analysis success • Fear of audit failure
Key Inhibitors • External auditors are making large sums of cash keeping audits as manual as possible…and they still hold the pen to compliance • Internal auditors are building mini-empires and don’t want to relinquish this control to virtual auditors • Litigators give no incentive to 100% auditing as the more auditors see…the more lawyers have to base their lawsuit • IT Departments rather build it in house vs. buy it…and then they rarely do
Key Inhibitors • People are too busy to “sharpen their saw” • It is a commitment to report and manage exceptions (Ad hoc reporting is simply “dating”) • The lack of imagination...too few people “play” with data • Unlike XBRL that benefits the SEC/PCAOB, there is no perceived value to them in it....yet! • Limited lobbying is seen to these groups on the value of automated control testing • Therefore, there is no whip (regulation) requiring it
Key Inhibitors SEC Chairman William H. Donaldson said, “As I mentioned when the Commission first announced this (XBRL) initiative, this initiative is part of the Commission's broader effort to improve the quality of information available to investors and the marketplace. By working to enhance the Commission's filing and disclosure process through the use of new data formats, including tagged data, the Commission can improve how content is organized and analyzed - improvements that will benefit everyone who utilizes the SEC's public disclosure process.” …..a similar statement is needed for CA/CM
Key Inhibitors • Lack of a business case to do it continuously….once a year still works for most • No perceived middle-market solution….focus is mainly on the Big 4 and Fortune 1,000 • Control testing and management has not to date been a consistent process (with some exceptions in payroll, accounts payable, and order to cash)
Key Drivers • Working on ERP Failure • ERP systems / IT Departments do such a bad job at control, that users are looking elsewhere for control solutions • Too few people “play” with data....which is an opportunity to implement black-boxes • Process owners & senior management see the value of co-sourcing a virtual auditor • Reduced testing costs / Less auditor time • Proactive detection practically as good as prevention • Faster re-action times to potential issues • Keep skeletons safe within their closets
Key Drivers • 100% auditing is more acceptable today • Audit procedures are based on sampling standards written over 20 years ago • The best fraud to defend is the one you find • More actual users supporting the cause • Audit staff market is drying up • More resource options are needed • Auditors need not fear delegating effort to the virtual auditor….it will identify even more work for their empire
Key Drivers • Recovery firms are moving to proactive reporting models • More competitors/analysts are entering the market…..it must be a serious business • Speed = more recovered cash, detected fraud, and less downstream problems • It is trendy and cool
Build a Bridge to CA/CM • Gain an appreciation for the data…do a pilot • Turn on system audit logs • Focus on key risk area data analysis • Run reports on a “one-time” basis • Find a major event/fraud • Build a case for a fully-functional, out-of-the-box system
Conclusion • Auditors are starting to see the need for virtual auditors…as they drown in work • Management are in the best position to drive increased usage • To reduce auditors • To keep their skeletons safe • Regulatory powers need to support the audit profession in 100% auditing • Supporting it for their own use • Removing the litigation case fear