2. Agenda
1. Project evolution
2. Establishing a Data Mart
3. An integrated approach
4. Use of CAATTs in Internal Audits
5. P2P – 20 power-packed analytics
6. Other Projects
3. Background
► Founded in 1843 and based in New Britain, CT
► Manufactures Tools and provides Security
Solutions
► 16,000 employees worldwide
► Grew revenue from $2.2B in 2003 to $4.5B in
2008
► Soon to become $9.5B with the acquisition of
Black and Decker
4. Project History Audit Exchange
- Team
Extraction collaboration
Process – Data
CAATTs Mart 150
considered as
Projections
required
95 97
Management
75
Sponsorship 68
42
29 34
27 21
19
9
Q4-08 Q1-09 Q2-09 Q3-09 Q4-09 Q1-10
Analytics Team
6. Non-SAP
-Entry
- Vendor Payments
- Goods Receipt
Batch
- Purchase Orders
- Vendor Master
Process
ACL script
Audit Server
to import data
Web
Application
Email
Notification Audit
of exceptions Manual Downloads/
Exchange
Re
Outside Systems
Exceptions su
lts
posted in Re
sharepoint to su - Payroll
lts
drive
accountability Results
ACL scripts - T&E
- Credit Card
for testing
7. 7 day filter
File name
Example of an import script
11. How do we get there?
Continuous
Entity-wide involvement Auditing
Business involvement
Business Units
Wave 3
Business involvement Mercury
for Shared Services
Access SAP tables directly
Audit Exchange
Testing cockpit
Wave 2
Design advanced analytics Leverage BI/BW
Centralized testing
Execute recorded scripts ACL Directlink
Testing of automated
Processes controls
Scheduler
SAP training
Wave 1
SharePoint
Measuring Control effectiveness Collaboration with
AutoAudit SOX and E&Y
Infopack
ACL desktop Edition
Auditors following up on certain
exception reports
Technology
Documenting Resolution
Full time project manager
Metrics Audit Team
Transformation Map
12. CONTINUOUS TESTING OF CONTROLS AND RISKS
RESULTING IN:
TIMELY NOTIFICATION OF GAPS AND WEAKNESSES
IMMEDIATE FOLLOW UP AND REMEDIATION
How Test for Benefits
Errors - Cash recovery/
Based on
exception rules Duplication cost avoidance
Design scripts to Control - Drive business
be run periodically breakdowns performance
using an audit - Immediate
software Policy violations
remediation
Extract Fraud detection
- Support
transactions and Anomalies Compliance
perform analysis of
the full universe Unusual - Fraud
patterns deterrence
13. Planning Design Implementation Execution
Project Methodology
Determine Scope
Develop a Project Plan
Design Sharepoint Site Document process under
Evaluation of review
Technology Tools Gather requirements from Develop scripts
Analysis of IT key stakeholders Testing of scripts
landscape Prepare list of scenarios Develop testing
Preliminary discussion Define electronic data cockpit
with key stakeholders Execution of test
requirements Stakeholder script
Review download Training
Follow up on
procedures with IT Status meetings exception report
with stakeholders
Document results
Business Process in Sharepoint
Procedures
Update and report
results
14. Approach
► Look for volume, money, risk and opportunities
► Exceptions researched at the Controllership Level
► Partner with a SME in each area with an
executive sponsoring the review
► Only exception testing for users – not reporting
► One year data; exceptions strategically selected
15. Approach
► Why-why analysis focusing on root-causes
► Resolution of exceptions aggressively pursued-
remediation oriented
► No formal audit reports issued
17. Continuous Auditing/Monitoring
Payroll T&E P2P
1. Payments beyond 1. Duplicate expense 1. Duplicate Payments
termination date submissions
2. Old aged trade payables
2. Multiple changes in 2. Suspicious MCCs
3. Payment terms
merit increases
3. Even amounts
4. Duplicate vendors in
3. Unusually high salary
4. High Mileage Master File
increases
5. Unusual Items 5. Invoice prior to PO Date
4. Excessive overtime
6. Checks issued by AMEX 6. Split Purchase Orders
5. Multiple or unusual
bonuses 7. Split transactions 7. Vendors in OFAC list
6. Duplicate employees 8. Spending trends 8. Non-preferred vendors
(name/similar names)
9. Non-preferred vendor 9. PO price differences
7. Salary employees
10. High misc expenses 10. Purchases of even
without email account
numbers
8. Same bank account
and diff clock numbers
9. Employees and
vendors with the same
address/bank account
10. Employees without the
usual earnings or
deductions
19. Audit Area Audit Test Audit Area Audit Test
Source-to-Pay Payroll
Payments Suspicious invoice sequence Payments Excessive merit increases and WIN awards
Invoices falling below approval limits More than one payment per period
Duplicate Payments - same vendor and invoice number Payments to same bank account with different names
Duplicate Payments - same invoice and amount paid to two
different vendor numbers Unusual bonuses
Duplicate Payments - same vendor, amount and invoice
date Employees without the usual deductions
Frequency analysis based on first two digits of payment
amount Pattern of continual overtime
Payments for even multiples Payments beyond termination date
Payments to employees Master File Duplicate/similar employee names
Payment runs on weekends Employees with incomplete fields
Audit sampling tool
Purchasing Purchases of unneded material (E&O inventory) Other
Purchase price unreasonably high (using price history)
Aged open Purchase Orders
Proper segregation of duties in risky financial areas (based
Payables Outstanding old debit memos System Access on GRC "rulebook")
Old open invoices Terminated employees with system access
Vendor Master Match employee and vendor bank accounts
Match employee and vendor addresses Fixed Assets Useful lives per SWK policy
Search of unusually incomplete fields in the Master File Recalculate depreciation
Payment terms not in compliance with DOA Completeness in Fixed Asset Subledger "fields"
Capitalization below threshold limits
Quote-to-Cash
Inventory Recalculate E&O analysis
Sales Sales price lower than price lists (price overrides) Recalculate usage data used for E&O
Credit analysis and trends Excessive inventory write offs (unusual trends)
AR Subledger Collectability analysis
Manual Journal Entries (rounded amounts, unusually large
Recalculate aging
General Ledger entries)
G/L and subledger reconciliation Rounded adjustments
Customer net credit balances Reversals
Excessive write-offs (unusual trends) Posting to "miscellaneous" accounts
Customer Master Customers exceeding credit limits
Match "key" words (e.g. government, General, etc.) to
Payment terms not in compliance with DOA FCPA payment and expense data
Countries or customers from government banned lists
20. CAATT
Repository
Aged for team
allows
open
payables
collaboration
ACL
Project
22. Analytic: Duplicate Payments - Same vendor and
invoice number
VENDOR_NAME VENDOR AMOUNT_IN_DC
DOC__DATE TYPE REFERENCE
NORTHEAST UTILITIES 1000244 (1,052) 03/26/2008 XR 00207-0308 Same invoice processed twice. Error by typing
NORTHEAST UTILITIES 1000244 (1,052) 03/26/2007 KR 00207-0308 Same invoice processed twice. Error by typing
shipping to diff address,two
LANCET GLASS LTD 1001707 (1,283) 02/15/2007 XR 50394 invoice
shipping to diff address,two
LANCET GLASS LTD 1001707 (186) 06/29/2007 KR 50394 invoice
AUSTIN HARDWARE & SUPPLY INC 1004581 109 08/03/2007
Typo error in
KG 650246
diff credit date and
salesman,two invoice
date diff credit date and
AUSTIN HARDWARE & SUPPLY INC 1004581 (157) 07/12/2007 RE 650246 salesman,two invoice
bill payment, one for Aug. one
NATIONAL GRID 1014380 (844) 08/30/2007 RE 93009-0907 for Sep.
bill payment, one for Aug. one
NATIONAL GRID 1014380 (816) 10/02/2007 RE 93009-0907 for Sep.
Triple paid. Same bill entered
KONICA MINOLTA BUSINESS SOLUTIONS 1029660 (1,516) 08/15/2007 KR 4590557 with different dates
Triple paid. Same bill entered
KONICA MINOLTA BUSINESS SOLUTIONS 1029660 (1,516) 07/16/2007 KR 4590557 with different dates
23. Analytic: Duplicate Payments - Same vendor, date
and amount
TYPE VENDOR VENDOR_NAM REFERENCE AMOUNT_IN_
DOC__DATE BUSA
XR 1030888 SIFY LIMITED EXPIMS069 (11,892) 7/31/2008 0700
XR 1030888 SIFY LIMITED 0212254-IN (11,892) 7/31/2008 0700
XR 1035840 K & L Kaine Enterprise 508 (7,424) 7/4/2008 0700
XR 1035840 K & L Kaine Enterprise 608 (7,424) 7/4/2008 0700
KR 1011570 DIV OF WORKERS COMPENSATI INV011508 (4,138) 1/15/2008 0700
XR 1011570 DIV OF WORKERS COMPENSATI 48860-0108 (4,138) 1/15/2008 0700
RE 1015894 ALLIED WASTE 2001786263 (3,580) 9/30/2007 0719
XR 1015894 ALLIED WASTE 0742-001786263 (3,580) 9/30/2007 0719
XR 1011534 KFORCE INC 3247099 (2,349) 10/5/2007 0700
XR 1011534 KFORCE INC 3247099A (2,349) 10/5/2007 0700
Typo or
clerical errors
24. Analytic: Suspicious Vendors using the unbroken
invoice sequence
VENDNO Vendor Name Invoice in Sequence Invoices
Total % Invoices AMOUNT
4742 Wielaard Stellingsystemen 276 324 85% 207,876
7000010 Scan Modul MEDI-MATH B.V. 11 13 85% 107,802
2196 Scan Modul System 1237 1490 83% 5,602,788
2195 ByrumLabflex SA 352 450 78% 14,524,336
60000546 Garmt Design 3 4 75% 31,190
7000011 Scan Modul MEDI-MATH B.V.B.A. 18 26 69% 282,657
4894 VDL Home Tech 10 18 56% 19,124
4714 ADP Nederland B.V. 12 33 36% 6,437
2524 Sueters Interieurbouw 30 96 Our company 169,890
31%
60000076 Athlon Car Lease 20 73 27% 190,309
4693 Etiflex Holland 3 13 is their23%
main 8,613
5783100 Projectinrichting van Leeuwen 9 46 customer20% 79,303
3609 Hendriks Techniek Flevo BV 3 16 19% 26,829
4765 Broere Vliegpassages B.V. 3 16 19% 11,785
4761 Sellox B.V. 1 7 14% 5,588
5008 Transverba-Waalex B.V. 2 14 14% 7,726
5026 Café Bar Holland b.v. 1 7 14% 3,288
30. Analytic: Employee and vendor have the same
bank account
SupplierCode SupplierName IBAN incoterms last_change SupplierAddress
C01458 A *nc 20080213 VIA RIVA
C00379 B *nc 20080415 VIALE FIUME N.5
6461 C *nc 20080627 VIA ERMINIA MAGGI 23
EMPLOYEE_NUMBERNAME IBAN TOWN ADDRESS
30077 A RANCO VIA CASTELLO INFERIORE 5
12942 B BRENTA VIA CEREDA 2
MFG C CIACCI VIA PILONE 129
Same bank
accounts
31. Analytic: Purchases of even numbers
VENDOR_NUMBER
AMOUNT_EUROCURRENCY Invoice__ DATE_MOVEMENT NUMBER_MOVIMENT
1491 (156,000) EURO 20081222 20081222 2721867
662 (108,000) EURO 20081126 20081128 2707853
5531 (72,000) EURO 20080923 20081014 2685244
6183 (50,400) EURO 20080702 20080828 2661559
1349 (43,200) EURO 20080929 20081020 2687195
6488 (42,000) EURO 20080625 20080909 2666249
4188 (40,200) EURO 20081126 20081126 2706205
5558 (36,000) EURO 20081127 20081210 2717316
2382 (36,000) EURO Multiples of 100 20081222
20081218 2721610
4398 (34,800) EURO 20080115 20080129 2552247
5739 (33,600) EURO 20080930 20081031 2693394
6470 (33,000) EURO 20081223 20081229 2723274
1503 (30,000) EURO 20080310 20080410 2597341
1503 (30,000) EURO 20080701 20080702 2638885
5547 (25,200) EURO 20081211 20081215 2718998
3664 (24,000) EURO 20080131 20080222 2566762
3664 (24,000) EURO 20080331 20080402 2587714
32. Analytic: Open aged trade payables
Aging Amount Count
Less than 6 months 2,014,930 744
6 mo-1 yr 622,949 290
1yr - 2yr 296,229 92
2yr - 3yr 100,000 45 Aged open
3 yr - 4 yr 75,000 48 Aged AP
Multiples of 100 payables
4 yr - 5 yr 50,000 25
Greater than 5 yrs 25,000 20
Totals 3,184,108 1,264
33. Analytic: Analysis of non-electronic payments
(checks)
Payments Percent Percent
# Vendors # Payments Amount
per Year of Count of Field
0-4 10,907 70.39% 18.01% 17,212 74,505,538
5-9 1,921 12.40% 13.35% 12,753 59,573,419
10-24 1,920 12.39% 29.30% 28,001 122,172,795
25-49 517 3.34% 18.07% 17,271 119,465,712
50 - 99 172 1.11% 11.87% 11,346 42,806,722
100 - 200 50 0.32% 6.92% 6,613 45,117,170
>200 9 0.06% 2.47% 2,359 36,015,004
Totals 15,496 100% 100% 95,555 499,656,360
Aged open
Opportunities to
move to ACH
payables
35. Analytic: Duplicate Vendors in Master File
Vendor Num Status TEST1 TEST2 TEST3 TEST4
0000700184 NOT DUPLICATE
0000700185
0000700186
DUPLICATE
DUPLICATE
ADDRESS
ADDRESS
Duplicates:
0000700187 NOT DUPLICATE
1. Same name
0000700189
0000700192
NOT DUPLICATE
DUPLICATE NAME TaxID2 Aged open
2. Same
0000700196 DUPLICATE NAME
0000700198
0000700199
DUPLICATE
NOT DUPLICATE
NAME ADDRESS
payables
address
0000700200 NOT DUPLICATE
0000700202
0000700204
DUPLICATE
NOT DUPLICATE
TaxID2 3. Same Tax ID
0000700205 NOT DUPLICATE
0000700206 NOT DUPLICATE
0000700208 DUPLICATE NAME ADDRESS
0000700209 NOT DUPLICATE
0000700210 DUPLICATE NAME
0000700212 DUPLICATE NAME
0000700214 DUPLICATE TaxID2
0000700215 DUPLICATE NAME
0000700216 NOT DUPLICATE
0000700217 DUPLICATE NAME ADDRESS
0000700218 DUPLICATE NAME ADDRESS TaxID2
0000700219
0000700221
DUPLICATE
DUPLICATE
NAME
NAME ADDRESS
11 employees
0000700222
0000700223
NOT DUPLICATE
DUPLICATE NAME ADDRESS TaxID2 drive 35% of
0000700224
0000700225
NOT DUPLICATE
NOT DUPLICATE the purchases
0000700226 NOT DUPLICATE
38. Analytic: Vendors with PO Box as only address
Percent Percent
Stratification Count Amount
of Count of Field
0.00 - 9,999 100 69.24% 1.91% 500,000
10,000 - 24,999 200 9.81% 2.47% 5,000,000
25,000 - 99,999 300 11.96% 9.84% 20,000,000
100,000 - 249,999 200 4.66% 11.17% 25,000,000
250,000 - 499,999 50 1.88% 9.78% 15,000,000
500,000 - 1,000,000 250 1.55% 16.43% 30,000,000
>1,000,000 10 0.90% 48.40% 100,000,000
Totals 1,110 100% 100% 195,500,000
Aged open
Risk with mid-
volume vendors
payables
39. Analytic: Retro Purchase Orders
Invoice open
Aged date
prior to PO date
payables
COMPANY_CODE
ENTERED_BY INVOICE_DATE PO_DATE PO_NUM ITEM_DESC VENDOR_NAME ITEM_NUM
98 SMM0505 3/31/2009 11/20/2009 573041 Not inventory item FASTENAL COMPANY 8431030000
93 KML1025 10/28/2009 10/30/2009 572552 Not inventory item MAIN STREET BANK 8431019200
93 KML1025 10/28/2009 10/30/2009 572552 Not inventory item MAIN STREET BANK 8431019200
98 GDG0831 7/14/2009 10/23/2009 572330 .0685 FOR SPENAX BEKAERT CORPORATION WIRE0685
98 GDG0831 6/30/2009 10/23/2009 572330 .0685 FOR SPENAX BEKAERT CORPORATION WIRE0685
98 GDG0831 7/20/2009 10/23/2009 572330 .0685 FOR SPENAX BEKAERT CORPORATION WIRE0685
98 GDG0831 7/14/2009 10/23/2009 572330 .0685 FOR SPENAX BEKAERT CORPORATION WIRE0685
98 GDG0831 6/30/2009 10/23/2009 572330 .0685 FOR SPENAX BEKAERT CORPORATION WIRE0685
98 GDG0831 7/20/2009 10/23/2009 572330 .0685 FOR SPENAX BEKAERT CORPORATION WIRE0685
93 FJT0722 9/25/2009 9/28/2009 571701 ROD,CONSTRUCTION STAPLE,6.3MM
GERDAU AMERISTEEL 167096
93 FJT0722 9/25/2009 9/28/2009 571701 ROD,CONSTRUCTION STAPLE,6.3MM
GERDAU AMERISTEEL 167096
91 HJM1203 9/24/2009 9/25/2009 571666 Not inventory item TEKNICOTE, INC. 8431030000
91 FJT0722 9/14/2009 9/15/2009 571344 ROD,CONSTRUCTION STAPLE,6.3MM
GERDAU AMERISTEEL 167096
98 SMM0505 3/18/2009 9/10/2009 571204 Not inventory item MSC INDUSTRIAL SUPPLY CO INC 8431030000
98 SMM0505 5/6/2008 9/10/2009 571205 Not inventory item MSC INDUSTRIAL SUPPLY CO INC 8431030000
98 GDG0831 4/9/2009 8/24/2009 570598 Not inventory item AEROTEK INC 8431019100
98 GDG0831 4/9/2009 8/24/2009 570598 Not inventory item AEROTEK INC 8431019100
98 GDG0831 4/4/2009 8/24/2009 570598 Not inventory item AEROTEK INC 8431019100
98 GDG0831 5/7/2009 8/24/2009 570598 Not inventory item AEROTEK INC 8431019100
98 GDG0831 5/21/2009 8/24/2009 570598 Not inventory item AEROTEK INC 8431019100
40. Analytic: Payment date prior to invoice date
Invoice date
Aged open
prior to
payables
payment
INVOICE_NUM PAYMENT_DATEINVOICE_DATE CHECK_NUM PAY_AMT PA_JE_ CURRENCY
ED80740237 20081204 20081209 68653 621.14 PA0006400 CAN
ED80740345 20081204 20081209 68653 586.14 PA0006401 CAN
ED80740465 20081204 20081209 68653 86.24 PA0006402 CAN
ED87039683 20081204 20081209 68653 68.19 PA0006403 CAN
42. Other Projects
► Trade Compliance
► Data Conversions
► Review of employee access to restricted areas
► Review of domains (network access)
► Sales Taxes
43. PRIOR STATE CURRENT/FUTURE STATE
Retrospective Near Real Time
Review Review
Narrow scope Entity wide
Sample Approach Full Universe
44. PRIOR STATE CURRENT/FUTURE STATE
Surprises with control Rapid response to
breakdowns control breakdowns
Fraud identified by Fraud identified/deterred
Complaints / accidently by data indicators
Audit tests done
Usage of CAATTs
manually
45. Conclusions
► CAATTs uncover issues that could be missed by
auditors
► CM&A program proactively protects the company
from errors, abuse, waste, revenue leakage, fraud
► The magic is in the data but the value is in
remediation
► Audit becomes an agent of change