SlideShare a Scribd company logo

Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq

Joe Oringel
Joe Oringel
TechnologyBusiness
1 of 30
Download to read offline
Finding Money and Detecting Fraud with Transaction Monitoring A Real Wake-Up Session Kim Jones Joe Oringel SuperStrategies April 16, 2009
Visual Risk IQ Points of distinction • We do three things: data mining and analysis, continuous auditing and monitoring, and visual reporting. We help clients achieve value through: – Educating the market through rapid, low-cost, value-focused pilot projects – Facilitating understanding of how these technologies can be applied – Turnkey through to collections, if desired • Our clients’ business objectives and current state of maturity drive our recommendations and projects • People and process changes are primary, supported, as appropriate, with enabling technologies • We maintain an in depth, up-to-date knowledge of all software and process solutions within the categories • Key to our success are alliance relationships with leading software providers and a broad array of complementary professional service firms Visual Risk IQ – GRC thought leadership, practically applied 2 © 2008 Visual Risk IQ, LLC, All Rights Reserved
People Process Governance Technology 100 100 100 100 200 200 200 200 300 300 300 300
The Category – The $100 bill on the sidewalk Question #1 – Ice-Breaker Q. ________________________________ A. Because if it were real, someone else would have picked it up already. Visual Risk IQ – GRC thought leadership, practically applied 4 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The Category – The $100 bill on the sidewalk Question #1 – Ice-Breaker Q. Why didn’t the economist pick it up? A. Because if it were real, someone else would have picked it up already. Visual Risk IQ – GRC thought leadership, practically applied 5 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The Category – The $100 bill on the sidewalk Question #2 – Ice-Breaker Q. ________________________________ A. Materiality. Visual Risk IQ – GRC thought leadership, practically applied 6 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The Category – The $100 bill on the sidewalk Question #2 – Ice-Breaker Q. Why didn’t the external auditor pick it up? A. Materiality. Visual Risk IQ – GRC thought leadership, practically applied 7 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The Category – The $100 bill on the sidewalk Question #3 – Ice-Breaker A. ________________________________ Q. Why doesn’t the internal auditor pick it up? Visual Risk IQ – GRC thought leadership, practically applied 8 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The Category – The $100 bill on the sidewalk Question #3 – Ice-Breaker A. Risk? Disruption? Not fixing the root cause of losing $100 in the first place? What is it? Q. Why doesn’t the internal auditor pick it up? Let’s talk… Visual Risk IQ – GRC thought leadership, practically applied 9 © 2008 Visual Risk IQ, LLC, All Rights Reserved
Recap of 2008 SuperStrategies Wake-up Session Continuous Auditing is top of mind for today!s Chief Audit Executive** Continuous auditing / continuous Today’s continuous auditing monitoring programs frequency Continuous auditing and continuous monitoring become “right time” when the timing and frequency of evaluation matches business requirements. What frequency is right for your revenue transactions? Supply chain? ** Source: 2007 State of the Internal Auditing Profession Copyright PricewaterhouseCoopers LLP 2006 Visual Risk IQ is a leader in Continuous Auditing and Monitoring 10 © 2007 Visual Risk IQ, LLC, All Rights Reserved
Recap of 2008 SuperStrategies Wake-up Session Questions & Answers Q. ______________________________ A. Buy more software and/or send the audit staff to more ACL (or IDEA, MS-Access or…) training Visual Risk IQ – GRC thought leadership, practically applied 11 © 2008 Visual Risk IQ, LLC, All Rights Reserved
Recap of 2008 SuperStrategies Wake-up Session Questions & Answers Q. What is NOT the first step in a continuous auditing program? A. Buy more software and/or send the audit staff to more ACL (or IDEA, MS-Access or…) training Visual Risk IQ – GRC thought leadership, practically applied 12 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The audit process Implementing continuous auditing across an internal audit methodology is not just about technology… Technology Technology Visual Risk IQ – GRC thought leadership, practically applied 13 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The audit process …it!s about a model that acknowledges the impact of People, Audit Process and Governance also. People Technology Governance Audit process People Technology Governance Audit process Visual Risk IQ – GRC thought leadership, practically applied 14 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The audit process – a maturity model approach A basic continuous auditing maturity model Basic practices Level 2 practices Better practices Continuous auditing Staff has some basic Some IT- and data- Audit staff and leaders are No need for ad hoc data data literacy. Knows specific specialists are IT- and data-literate. Little acquisition - CA and CCM how to ask IT for accessible, either in- distinction between IT audit systems are well-integrated People information. house or as consultants and financial / operational into finance and operations audit people Basic data capture and Some re-usable scripts Scripts are stored, Continuous auditing and analysis using MS-Office exists and are used on- scheduled, and run at monitoring technologies or ERP Query tools. demand for relevant appropriate intervals contribute to all audit steps Heavy reliance on audit projects Technology Corporate IT Business is reactive to Audit can access data IT consults with IA prior to Data driven early warning / requests from Internal directly making system changes risk alerts include both Audit and usually helps that are known to affect IA. business and controls / Governance in a timely way. audit implications. Risk assessments are Risk assessments are Risk assessments consider Risk alerts are embedded conducted annually conducted more objective and subjective into the IA methodology Audit frequently than annually data. Gaps between and drive specific methodology objective and subjective responses real-time assessments are highlighted Visual Risk IQ – GRC thought leadership, practically applied 15 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The audit process – a maturity model approach Moving up the curve can rarely done in large steps Basic practices Level 2 practices Better practices Continuous auditing Staff has some basic Some IT- and data- Audit staff and leaders are No need for ad hoc data data literacy. Knows specific specialists are IT- and data-literate. Little acquisition - CA and CCM how to ask IT for accessible, either in- distinction between IT audit systems are well-integrated People information. house or as consultants and financial / operational into finance and operations audit people Basic data capture and Some re-usable scripts Scripts are stored, Continuous auditing and analysis using MS-Office exists and are used on- scheduled, and run at monitoring technologies or ERP Query tools. demand for relevant appropriate intervals contribute to all audit steps Heavy reliance on audit projects Technology Corporate IT Business is reactive to Audit can access data IT consults with IA prior to Data driven early warning / requests from Internal directly making system changes risk alerts include both Audit and usually helps that are known to affect IA. business and controls / Governance in a timely way. audit implications. Risk assessments are Risk assessments are Risk assessments consider Risk alerts are embedded conducted annually conducted more objective and subjective into the IA methodology Audit frequently than annually data. Gaps between and drive specific methodology objective and subjective responses real-time assessments are highlighted Visual Risk IQ – GRC thought leadership, practically applied 16 © 2008 Visual Risk IQ, LLC, All Rights Reserved
Recap of 2008 SuperStrategies Wake-up Session Risk assessment should be the new centerpiece for the audit process Planning Planning Planning Planning &&& Scoping Scoping Scoping Executio Executio Execution Risk Assessment nn Reporting Reporting Visual Risk IQ – GRC thought leadership, practically applied 17 © 2008 Visual Risk IQ, LLC, All Rights Reserved
Recap of 2008 SuperStrategies Wake-up Session Visual reporting can help with Continual Risk Assessment and Continuous Controls Monitoring Planning Planning Planning Planning &&& Scoping Scoping Scoping Corporate Execution Execution Risk Assessment Execution Data Reporting Reporting Enterprise Audit Projects Visual Risk IQ – GRC thought leadership, practically applied 18 © 2008 Visual Risk IQ, LLC, All Rights Reserved
Recap of 2008 SuperStrategies Wake-up Session Continual Auditing - Data Driven Risk Assessment Individualized per division with drill-down capability… capability… 19
Recap of 2008 SuperStrategies Wake-up Session Continual Auditing - Data Driven Risk Assessment …turning data into meaningful information. 20
Recap of 2008 Wake-up Session Some practical first steps towards continual risk assessment • Identify areas of focus and objectives for increased risk assessment and increased frequency of controls assessment? - What measures or combinations of measures best illustrate potential risk • Identify the sources for the data required to compute the measures • Inventory existing tools that can be used to obtain or represent the data - Excel / Access / ACL / IDEA • Launch a project to build out a prototype risk monitoring dashboard with 3 – 5 measures Visual Risk IQ – GRC thought leadership, practically applied 21 © 2008 Visual Risk IQ, LLC, All Rights Reserved
So what’s new in 2009? How does it affect us? • Lowered guidance • New SG&A expense control initiatives • “Suspending our 401K match…” • “Staff reductions of 10%…” • “Hiring (travel, salary) freeze” • Think about the Fraud Triangle • Financial pressure and rationalization are on the rise • What are we doing about Opportunity 22
Question #3 - What about the Internal auditor? Risk / Materiality: - There are other areas that rated higher on the annual risk assessment / audit plan. Also - other areas are higher impact / value Disruption: - I have too few “chits” with my IT team and I hate to use any. Do I need to buy software or training. Do I need to host an army of auditors to recover the $$$. Doesn’t fix root cause: - If our environment is rich with errors, I’m concerned I will see you back in year 2, year 3, etc., finding the same issues identified in year 1. Visual Risk IQ – GRC thought leadership, practically applied 23 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The Category – Real money on the sidewalk Question #4 Q. ________________________________ A. $1,000 for each $1,000,000 in spend and $20,000 for each $1,000,000 in spend. Visual Risk IQ – GRC thought leadership, practically applied 24 © 2008 Visual Risk IQ, LLC, All Rights Reserved
The Category – Real money on the sidewalk Question #4 Q. What are the medians for duplicate- and over- payments in procurement /AP and for T&E and Purchase-cards? A. $1,000 for each $1,000,000 in spend and $20,000 for each $1,000,000 in spend. Visual Risk IQ – GRC thought leadership, practically applied 25 © 2008 Visual Risk IQ, LLC, All Rights Reserved
Real money on the sidewalk • Accounts Payable and Procurement Duplicate / Overpayments – Best in class is between .00025 and .0005, or $250 to $500 in annual purchasing spend, per million in spend – Median is .001 (0.1%), or $1,000 for every million in spend – These numbers are higher if you have multiple (especially disparate) ERP systems or if ERP configurable controls require improvement • Travel and Entertainment / Purchase-Card – Good rule of thumb is error rate of 20x the AP rate. (Your actual mileage may vary.) – These numbers are higher depending on who / how reviews T&E and when the most recent T&E audit has been performed Visual Risk IQ – GRC thought leadership, practically applied 26 © 2008 Visual Risk IQ, LLC, All Rights Reserved
What else happens when we pick it up? What else can I learn? • We are internal control and audit people first, not recovery auditors. Our findings focus on how to fix the root cause, using a mix of ERP configuration, process change, or CCM-T technology. • Part of our strategy includes helping transition queries from Audit to the Business Process Owners. A client has prevented $400,000 in duplicate payments. • Visual reporting helps tell the story. Audit reports based on data analytics tell a more powerful story than with sampling. See example slides from recent project. • Some organizations have a strong business case for CCM-T, and this approach can help support that business case. Sort of a stealth mode way to identify how data analysis and continuous auditing may work for you, despite challenging economic times. Visual Risk IQ – GRC thought leadership, practically applied 27 © 2008 Visual Risk IQ, LLC, All Rights Reserved
Continuous Auditing and Continuous Controls Monitoring for Transactions is real Open POs over 365 Days Old Duplicate / Overpayments by Region 350 300 22% 250 24% 200 India NA US 150 EMEA 4% India 100 APAC 50 0 50% 2004 2005 2006 2007 18000 16000 14000 12000 10000 8000 6000 4000 2000 Visual Risk IQ – GRC thought leadership, practically applied 28 0 © 2008 Visual Risk IQ, LLC, All Rights Reserved FY 2007 FY 2008 FY 2009
What does this look like at best in class companies? A good continuous controls monitoring platform Knowledge Maintenance Interface Systems of Record Extract Common Risk and Workflow & Mapping Data Performance & Platform Rules Models Checks Configuration Extract, Reasoning Workflow Data Map & & Analytics Engine Locker Load Engine The Platform Platform Visual Data & Logs Reporting / User Interface Visual Risk IQ is a leader in Continuous Auditing and Monitoring 29 © 2007 Visual Risk IQ, LLC, All Rights Reserved
Thank you! For more information or discussion, please contact Kim Jones (512) 692-7663 kim.jones@visualriskiq.com Joe Oringel (704) 752-6403 joe.oringel@visualriskiq.com www.visualriskiq.com continuousauditing.blogspot.com Visual Risk IQ – GRC thought leadership, practically applied 30 © 2008 Visual Risk IQ, LLC, All Rights Reserved

Recommended

AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist, LLC
 
AdvisorAssist Compliance ROI
AdvisorAssist Compliance ROIAdvisorAssist Compliance ROI
AdvisorAssist Compliance ROIAdvisorAssist, LLC
 
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist, LLC
 
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
Merger Tech Advisors Presentation July 2012
Merger Tech Advisors Presentation July 2012Merger Tech Advisors Presentation July 2012
Merger Tech Advisors Presentation July 2012pwegner
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 

Recommended

AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist, LLC
 
AdvisorAssist Compliance ROI
AdvisorAssist Compliance ROIAdvisorAssist Compliance ROI
AdvisorAssist Compliance ROIAdvisorAssist, LLC
 
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist, LLC
 
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
Merger Tech Advisors Presentation July 2012
Merger Tech Advisors Presentation July 2012Merger Tech Advisors Presentation July 2012
Merger Tech Advisors Presentation July 2012pwegner
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Smart Meter Backlash for the Aclara Client Conference by Melanie Wemple
Smart Meter Backlash for the Aclara Client Conference by Melanie WempleSmart Meter Backlash for the Aclara Client Conference by Melanie Wemple
Smart Meter Backlash for the Aclara Client Conference by Melanie WempleE Source Companies, LLC
 
InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings Data Resolve Technologies Pvt. Ltd.
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up EMC
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
Cheque Truncation System Solution
Cheque Truncation System SolutionCheque Truncation System Solution
Cheque Truncation System SolutionNewgen Software Technologies Limited
 
A Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceA Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceInnoTech
 
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Learning from Big Data – Simplify Your Workflow Using Technology Assisted ReviewLearning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Learning from Big Data – Simplify Your Workflow Using Technology Assisted ReviewDaegis
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance SuiteNovell
 
Simplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS EnvironmentSimplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS EnvironmentEngine Yard
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...InnoTech
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Global Business Events - the Heart of your Network.
 
2011 Jun 7 IT Best Practices Audit Overview
2011 Jun 7 IT Best Practices Audit Overview2011 Jun 7 IT Best Practices Audit Overview
2011 Jun 7 IT Best Practices Audit OverviewRandy James
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
IT-AAC Roadmap for Sustainable Defense IT Reforms
IT-AAC Roadmap for Sustainable Defense IT ReformsIT-AAC Roadmap for Sustainable Defense IT Reforms
IT-AAC Roadmap for Sustainable Defense IT ReformsJohn Weiler
 
Rule Imc Records Management & Discovery Offering Q109 V2
Rule Imc Records Management & Discovery Offering Q109 V2Rule Imc Records Management & Discovery Offering Q109 V2
Rule Imc Records Management & Discovery Offering Q109 V2mikelines
 
The value of our data
The value of our dataThe value of our data
The value of our dataEnterpriseGRC Solutions, Inc.
 
Benchmark METRICS THAT MATTER October 4 2012
Benchmark METRICS THAT MATTER October 4 2012Benchmark METRICS THAT MATTER October 4 2012
Benchmark METRICS THAT MATTER October 4 2012BenchmarkQA
 
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyVisual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyJoe Oringel
 
GETEASY PPT ENGLISH
GETEASY PPT ENGLISHGETEASY PPT ENGLISH
GETEASY PPT ENGLISHPedro Alves
 

More Related Content

What's hot

System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Smart Meter Backlash for the Aclara Client Conference by Melanie Wemple
Smart Meter Backlash for the Aclara Client Conference by Melanie WempleSmart Meter Backlash for the Aclara Client Conference by Melanie Wemple
Smart Meter Backlash for the Aclara Client Conference by Melanie WempleE Source Companies, LLC
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up EMC
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
A Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceA Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceInnoTech
 
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Learning from Big Data – Simplify Your Workflow Using Technology Assisted ReviewLearning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Learning from Big Data – Simplify Your Workflow Using Technology Assisted ReviewDaegis
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance SuiteNovell
 
Simplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS EnvironmentSimplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS EnvironmentEngine Yard
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...InnoTech
 
2011 Jun 7 IT Best Practices Audit Overview
2011 Jun 7 IT Best Practices Audit Overview2011 Jun 7 IT Best Practices Audit Overview
2011 Jun 7 IT Best Practices Audit OverviewRandy James
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
IT-AAC Roadmap for Sustainable Defense IT Reforms
IT-AAC Roadmap for Sustainable Defense IT ReformsIT-AAC Roadmap for Sustainable Defense IT Reforms
IT-AAC Roadmap for Sustainable Defense IT ReformsJohn Weiler
 
Rule Imc Records Management & Discovery Offering Q109 V2
Rule Imc Records Management & Discovery Offering Q109 V2Rule Imc Records Management & Discovery Offering Q109 V2
Rule Imc Records Management & Discovery Offering Q109 V2mikelines
 
Benchmark METRICS THAT MATTER October 4 2012
Benchmark METRICS THAT MATTER October 4 2012Benchmark METRICS THAT MATTER October 4 2012
Benchmark METRICS THAT MATTER October 4 2012BenchmarkQA
 

What's hot (20)

System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRC
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
Smart Meter Backlash for the Aclara Client Conference by Melanie Wemple
Smart Meter Backlash for the Aclara Client Conference by Melanie WempleSmart Meter Backlash for the Aclara Client Conference by Melanie Wemple
Smart Meter Backlash for the Aclara Client Conference by Melanie Wemple
 
InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
Cheque Truncation System Solution
Cheque Truncation System SolutionCheque Truncation System Solution
Cheque Truncation System Solution
 
A Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceA Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & Compliance
 
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Learning from Big Data – Simplify Your Workflow Using Technology Assisted ReviewLearning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance Suite
 
Simplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS EnvironmentSimplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS Environment
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...
 
2011 Jun 7 IT Best Practices Audit Overview
2011 Jun 7 IT Best Practices Audit Overview2011 Jun 7 IT Best Practices Audit Overview
2011 Jun 7 IT Best Practices Audit Overview
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
 
IT-AAC Roadmap for Sustainable Defense IT Reforms
IT-AAC Roadmap for Sustainable Defense IT ReformsIT-AAC Roadmap for Sustainable Defense IT Reforms
IT-AAC Roadmap for Sustainable Defense IT Reforms
 
Rule Imc Records Management & Discovery Offering Q109 V2
Rule Imc Records Management & Discovery Offering Q109 V2Rule Imc Records Management & Discovery Offering Q109 V2
Rule Imc Records Management & Discovery Offering Q109 V2
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
Benchmark METRICS THAT MATTER October 4 2012
Benchmark METRICS THAT MATTER October 4 2012Benchmark METRICS THAT MATTER October 4 2012
Benchmark METRICS THAT MATTER October 4 2012
 

Viewers also liked

Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyVisual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyJoe Oringel
 
GETEASY PPT ENGLISH
GETEASY PPT ENGLISHGETEASY PPT ENGLISH
GETEASY PPT ENGLISHPedro Alves
 
Traffic Quality Report 2009
Traffic Quality Report 2009Traffic Quality Report 2009
Traffic Quality Report 2009simrichard
 
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...Joe Oringel
 

Viewers also liked (7)

Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyVisual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
 
GETEASY PPT ENGLISH
GETEASY PPT ENGLISHGETEASY PPT ENGLISH
GETEASY PPT ENGLISH
 
David's Letter
David's LetterDavid's Letter
David's Letter
 
Traffic Quality Report 2009
Traffic Quality Report 2009Traffic Quality Report 2009
Traffic Quality Report 2009
 
Proactive moderation
Proactive moderation Proactive moderation
Proactive moderation
 
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
 
main project doument
main project doumentmain project doument
main project doument
 

Similar to Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq

Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012AT Internet
 
Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1Richard Lee
 
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...Sogeti Nederland B.V.
 
Top 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionTop 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionEnterprise Management Associates
 
Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance frameworkkaiyun7631
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceIBM Security
 
Gregs BI Presentation
Gregs BI PresentationGregs BI Presentation
Gregs BI Presentationflyjock1
 
Indranil Guha - It transformation challenges & choices...
Indranil Guha - It transformation challenges & choices...Indranil Guha - It transformation challenges & choices...
Indranil Guha - It transformation challenges & choices...Global Business Events
 
Continuous Auditing D.French
Continuous Auditing D.FrenchContinuous Auditing D.French
Continuous Auditing D.FrenchDan French
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientAccenture Operations
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
Data to Insight to Action: How Analytics can drive High Performance
Data to Insight to Action: How Analytics can drive High Performance Data to Insight to Action: How Analytics can drive High Performance
Data to Insight to Action: How Analytics can drive High Performance ruttens.com
 
The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0theonassiokas
 
How to become an Analytics-driven organization - and why bother? - IBM Smarte...
How to become an Analytics-driven organization - and why bother? - IBM Smarte...How to become an Analytics-driven organization - and why bother? - IBM Smarte...
How to become an Analytics-driven organization - and why bother? - IBM Smarte...IBM Sverige
 
Intellectual Asset Management Culture and Technology
Intellectual Asset Management Culture and TechnologyIntellectual Asset Management Culture and Technology
Intellectual Asset Management Culture and TechnologyTanja Kalezic
 

Similar to Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq (20)

Q insure
Q insure Q insure
Q insure
 
Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012
 
Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1
 
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
 
Top 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionTop 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management Solution
 
Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance framework
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
 
Mi fin financial product suite
Mi fin financial product suiteMi fin financial product suite
Mi fin financial product suite
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
 
Gregs BI Presentation
Gregs BI PresentationGregs BI Presentation
Gregs BI Presentation
 
Indranil Guha - It transformation challenges & choices...
Indranil Guha - It transformation challenges & choices...Indranil Guha - It transformation challenges & choices...
Indranil Guha - It transformation challenges & choices...
 
Continuous Auditing D.French
Continuous Auditing D.FrenchContinuous Auditing D.French
Continuous Auditing D.French
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
On Demand BI
On Demand BIOn Demand BI
On Demand BI
 
Data to Insight to Action: How Analytics can drive High Performance
Data to Insight to Action: How Analytics can drive High Performance Data to Insight to Action: How Analytics can drive High Performance
Data to Insight to Action: How Analytics can drive High Performance
 
The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0
 
How to become an Analytics-driven organization - and why bother? - IBM Smarte...
How to become an Analytics-driven organization - and why bother? - IBM Smarte...How to become an Analytics-driven organization - and why bother? - IBM Smarte...
How to become an Analytics-driven organization - and why bother? - IBM Smarte...
 
Intellectual Asset Management Culture and Technology
Intellectual Asset Management Culture and TechnologyIntellectual Asset Management Culture and Technology
Intellectual Asset Management Culture and Technology
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq

  • 1. Finding Money and Detecting Fraud with Transaction Monitoring A Real Wake-Up Session Kim Jones Joe Oringel SuperStrategies April 16, 2009
  • 2. Visual Risk IQ Points of distinction • We do three things: data mining and analysis, continuous auditing and monitoring, and visual reporting. We help clients achieve value through: – Educating the market through rapid, low-cost, value-focused pilot projects – Facilitating understanding of how these technologies can be applied – Turnkey through to collections, if desired • Our clients’ business objectives and current state of maturity drive our recommendations and projects • People and process changes are primary, supported, as appropriate, with enabling technologies • We maintain an in depth, up-to-date knowledge of all software and process solutions within the categories • Key to our success are alliance relationships with leading software providers and a broad array of complementary professional service firms Visual Risk IQ – GRC thought leadership, practically applied 2 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 3. People Process Governance Technology 100 100 100 100 200 200 200 200 300 300 300 300
  • 4. The Category – The $100 bill on the sidewalk Question #1 – Ice-Breaker Q. ________________________________ A. Because if it were real, someone else would have picked it up already. Visual Risk IQ – GRC thought leadership, practically applied 4 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 5. The Category – The $100 bill on the sidewalk Question #1 – Ice-Breaker Q. Why didn’t the economist pick it up? A. Because if it were real, someone else would have picked it up already. Visual Risk IQ – GRC thought leadership, practically applied 5 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 6. The Category – The $100 bill on the sidewalk Question #2 – Ice-Breaker Q. ________________________________ A. Materiality. Visual Risk IQ – GRC thought leadership, practically applied 6 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 7. The Category – The $100 bill on the sidewalk Question #2 – Ice-Breaker Q. Why didn’t the external auditor pick it up? A. Materiality. Visual Risk IQ – GRC thought leadership, practically applied 7 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 8. The Category – The $100 bill on the sidewalk Question #3 – Ice-Breaker A. ________________________________ Q. Why doesn’t the internal auditor pick it up? Visual Risk IQ – GRC thought leadership, practically applied 8 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 9. The Category – The $100 bill on the sidewalk Question #3 – Ice-Breaker A. Risk? Disruption? Not fixing the root cause of losing $100 in the first place? What is it? Q. Why doesn’t the internal auditor pick it up? Let’s talk… Visual Risk IQ – GRC thought leadership, practically applied 9 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 10. Recap of 2008 SuperStrategies Wake-up Session Continuous Auditing is top of mind for today!s Chief Audit Executive** Continuous auditing / continuous Today’s continuous auditing monitoring programs frequency Continuous auditing and continuous monitoring become “right time” when the timing and frequency of evaluation matches business requirements. What frequency is right for your revenue transactions? Supply chain? ** Source: 2007 State of the Internal Auditing Profession Copyright PricewaterhouseCoopers LLP 2006 Visual Risk IQ is a leader in Continuous Auditing and Monitoring 10 © 2007 Visual Risk IQ, LLC, All Rights Reserved
  • 11. Recap of 2008 SuperStrategies Wake-up Session Questions & Answers Q. ______________________________ A. Buy more software and/or send the audit staff to more ACL (or IDEA, MS-Access or…) training Visual Risk IQ – GRC thought leadership, practically applied 11 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 12. Recap of 2008 SuperStrategies Wake-up Session Questions & Answers Q. What is NOT the first step in a continuous auditing program? A. Buy more software and/or send the audit staff to more ACL (or IDEA, MS-Access or…) training Visual Risk IQ – GRC thought leadership, practically applied 12 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 13. The audit process Implementing continuous auditing across an internal audit methodology is not just about technology… Technology Technology Visual Risk IQ – GRC thought leadership, practically applied 13 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 14. The audit process …it!s about a model that acknowledges the impact of People, Audit Process and Governance also. People Technology Governance Audit process People Technology Governance Audit process Visual Risk IQ – GRC thought leadership, practically applied 14 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 15. The audit process – a maturity model approach A basic continuous auditing maturity model Basic practices Level 2 practices Better practices Continuous auditing Staff has some basic Some IT- and data- Audit staff and leaders are No need for ad hoc data data literacy. Knows specific specialists are IT- and data-literate. Little acquisition - CA and CCM how to ask IT for accessible, either in- distinction between IT audit systems are well-integrated People information. house or as consultants and financial / operational into finance and operations audit people Basic data capture and Some re-usable scripts Scripts are stored, Continuous auditing and analysis using MS-Office exists and are used on- scheduled, and run at monitoring technologies or ERP Query tools. demand for relevant appropriate intervals contribute to all audit steps Heavy reliance on audit projects Technology Corporate IT Business is reactive to Audit can access data IT consults with IA prior to Data driven early warning / requests from Internal directly making system changes risk alerts include both Audit and usually helps that are known to affect IA. business and controls / Governance in a timely way. audit implications. Risk assessments are Risk assessments are Risk assessments consider Risk alerts are embedded conducted annually conducted more objective and subjective into the IA methodology Audit frequently than annually data. Gaps between and drive specific methodology objective and subjective responses real-time assessments are highlighted Visual Risk IQ – GRC thought leadership, practically applied 15 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 16. The audit process – a maturity model approach Moving up the curve can rarely done in large steps Basic practices Level 2 practices Better practices Continuous auditing Staff has some basic Some IT- and data- Audit staff and leaders are No need for ad hoc data data literacy. Knows specific specialists are IT- and data-literate. Little acquisition - CA and CCM how to ask IT for accessible, either in- distinction between IT audit systems are well-integrated People information. house or as consultants and financial / operational into finance and operations audit people Basic data capture and Some re-usable scripts Scripts are stored, Continuous auditing and analysis using MS-Office exists and are used on- scheduled, and run at monitoring technologies or ERP Query tools. demand for relevant appropriate intervals contribute to all audit steps Heavy reliance on audit projects Technology Corporate IT Business is reactive to Audit can access data IT consults with IA prior to Data driven early warning / requests from Internal directly making system changes risk alerts include both Audit and usually helps that are known to affect IA. business and controls / Governance in a timely way. audit implications. Risk assessments are Risk assessments are Risk assessments consider Risk alerts are embedded conducted annually conducted more objective and subjective into the IA methodology Audit frequently than annually data. Gaps between and drive specific methodology objective and subjective responses real-time assessments are highlighted Visual Risk IQ – GRC thought leadership, practically applied 16 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 17. Recap of 2008 SuperStrategies Wake-up Session Risk assessment should be the new centerpiece for the audit process Planning Planning Planning Planning &&& Scoping Scoping Scoping Executio Executio Execution Risk Assessment nn Reporting Reporting Visual Risk IQ – GRC thought leadership, practically applied 17 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 18. Recap of 2008 SuperStrategies Wake-up Session Visual reporting can help with Continual Risk Assessment and Continuous Controls Monitoring Planning Planning Planning Planning &&& Scoping Scoping Scoping Corporate Execution Execution Risk Assessment Execution Data Reporting Reporting Enterprise Audit Projects Visual Risk IQ – GRC thought leadership, practically applied 18 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 19. Recap of 2008 SuperStrategies Wake-up Session Continual Auditing - Data Driven Risk Assessment Individualized per division with drill-down capability… capability… 19
  • 20. Recap of 2008 SuperStrategies Wake-up Session Continual Auditing - Data Driven Risk Assessment …turning data into meaningful information. 20
  • 21. Recap of 2008 Wake-up Session Some practical first steps towards continual risk assessment • Identify areas of focus and objectives for increased risk assessment and increased frequency of controls assessment? - What measures or combinations of measures best illustrate potential risk • Identify the sources for the data required to compute the measures • Inventory existing tools that can be used to obtain or represent the data - Excel / Access / ACL / IDEA • Launch a project to build out a prototype risk monitoring dashboard with 3 – 5 measures Visual Risk IQ – GRC thought leadership, practically applied 21 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 22. So what’s new in 2009? How does it affect us? • Lowered guidance • New SG&A expense control initiatives • “Suspending our 401K match…” • “Staff reductions of 10%…” • “Hiring (travel, salary) freeze” • Think about the Fraud Triangle • Financial pressure and rationalization are on the rise • What are we doing about Opportunity 22
  • 23. Question #3 - What about the Internal auditor? Risk / Materiality: - There are other areas that rated higher on the annual risk assessment / audit plan. Also - other areas are higher impact / value Disruption: - I have too few “chits” with my IT team and I hate to use any. Do I need to buy software or training. Do I need to host an army of auditors to recover the $$$. Doesn’t fix root cause: - If our environment is rich with errors, I’m concerned I will see you back in year 2, year 3, etc., finding the same issues identified in year 1. Visual Risk IQ – GRC thought leadership, practically applied 23 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 24. The Category – Real money on the sidewalk Question #4 Q. ________________________________ A. $1,000 for each $1,000,000 in spend and $20,000 for each $1,000,000 in spend. Visual Risk IQ – GRC thought leadership, practically applied 24 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 25. The Category – Real money on the sidewalk Question #4 Q. What are the medians for duplicate- and over- payments in procurement /AP and for T&E and Purchase-cards? A. $1,000 for each $1,000,000 in spend and $20,000 for each $1,000,000 in spend. Visual Risk IQ – GRC thought leadership, practically applied 25 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 26. Real money on the sidewalk • Accounts Payable and Procurement Duplicate / Overpayments – Best in class is between .00025 and .0005, or $250 to $500 in annual purchasing spend, per million in spend – Median is .001 (0.1%), or $1,000 for every million in spend – These numbers are higher if you have multiple (especially disparate) ERP systems or if ERP configurable controls require improvement • Travel and Entertainment / Purchase-Card – Good rule of thumb is error rate of 20x the AP rate. (Your actual mileage may vary.) – These numbers are higher depending on who / how reviews T&E and when the most recent T&E audit has been performed Visual Risk IQ – GRC thought leadership, practically applied 26 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 27. What else happens when we pick it up? What else can I learn? • We are internal control and audit people first, not recovery auditors. Our findings focus on how to fix the root cause, using a mix of ERP configuration, process change, or CCM-T technology. • Part of our strategy includes helping transition queries from Audit to the Business Process Owners. A client has prevented $400,000 in duplicate payments. • Visual reporting helps tell the story. Audit reports based on data analytics tell a more powerful story than with sampling. See example slides from recent project. • Some organizations have a strong business case for CCM-T, and this approach can help support that business case. Sort of a stealth mode way to identify how data analysis and continuous auditing may work for you, despite challenging economic times. Visual Risk IQ – GRC thought leadership, practically applied 27 © 2008 Visual Risk IQ, LLC, All Rights Reserved
  • 28. Continuous Auditing and Continuous Controls Monitoring for Transactions is real Open POs over 365 Days Old Duplicate / Overpayments by Region 350 300 22% 250 24% 200 India NA US 150 EMEA 4% India 100 APAC 50 0 50% 2004 2005 2006 2007 18000 16000 14000 12000 10000 8000 6000 4000 2000 Visual Risk IQ – GRC thought leadership, practically applied 28 0 © 2008 Visual Risk IQ, LLC, All Rights Reserved FY 2007 FY 2008 FY 2009
  • 29. What does this look like at best in class companies? A good continuous controls monitoring platform Knowledge Maintenance Interface Systems of Record Extract Common Risk and Workflow & Mapping Data Performance & Platform Rules Models Checks Configuration Extract, Reasoning Workflow Data Map & & Analytics Engine Locker Load Engine The Platform Platform Visual Data & Logs Reporting / User Interface Visual Risk IQ is a leader in Continuous Auditing and Monitoring 29 © 2007 Visual Risk IQ, LLC, All Rights Reserved
  • 30. Thank you! For more information or discussion, please contact Kim Jones (512) 692-7663 kim.jones@visualriskiq.com Joe Oringel (704) 752-6403 joe.oringel@visualriskiq.com www.visualriskiq.com continuousauditing.blogspot.com Visual Risk IQ – GRC thought leadership, practically applied 30 © 2008 Visual Risk IQ, LLC, All Rights Reserved