Upload
estefani-amor
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
©20
13 C
lifton
Lars
onAl
len
LLP
©20
13 C
lifton
Lars
onAl
len
LLP
cliftonlarsonallen.com
Using Data Analytics as a Management Tool to Identify Organizational RisksSean Walker, Managing PrincipalRyan Merryman, Senior Manager
©20
13 C
lifton
Lars
onAl
len
LLP
2
Objectives
• Discuss how data analytics can be used to better identify various risks in an organization.
• Encourage you to use technology to protect the organization.
• Demonstrate the power of data analytics using a case study.
©20
13 C
lifton
Lars
onAl
len
LLP
3
What and Why Data Analytics?
• Data analytics is the process of accessing, normalizing, and modeling data with the intent of discovering useful information– Often consider a forensic tool– Much more can be learned about your organization
• Large organizations such as States process very large amount of data and often in a decentralized manner– Risk of misappropriations– Risk of management override of internal controls– Risk of the unknown
©20
13 C
lifton
Lars
onAl
len
LLP
4
Misconceptions
• It’s hard.• It’s time consuming.• It’s expensive.• It’s an audit tool.
• Get it done – – Outsource it– Get trained and get coached
©20
13 C
lifton
Lars
onAl
len
LLP
5
Organizational Studies
• What is normal for my organization?• What is abnormal?• Who is working in the system?• When are they working in the system?• Who is making all those journal entries?• What systems feed information to the financial
system?
©20
13 C
lifton
Lars
onAl
len
LLP
6
Types of Risks and Areas of Analysis
Accounts Payable
Fictitious vendors
Fictitious, inflated and / or duplicate invoices
Structured payments
Conflicts of interest
Kickbacks
Bid-rigging
Purchase Cards
Duplicate purchasing and reimbursement schemes
Unauthorized and/or improper purchases
Unauthorized users
Unauthorized SIC codes
Payroll
Ghost employees
Improper supplemental payments
Improper bonus or incentive compensation payments
Inflated salaries
Inflated hours
Travel and Entertainment
Expense
False or inflated reimbursement submissions
Improper use of corporate credit card
Purchase for personal use
Duplicate purchasing and reimbursement schemes
Foreign Corrupt Practices Act
Journal Entries
Unbalanced journal entriesImproper management override
Improper expense capitalization
Improper revenue recognition
Entries to unusual or seldom used accounts
Improper or unauthorized user activity
Entries during non-business hours
©20
13 C
lifton
Lars
onAl
len
LLP
7
Types of Risks and Areas of Analysis
Accounts Receivable
Fictitious customers
Lapping
Credit balance fraud
Offsets with unauthorized or improper expenses
Improper AR aging
Inventory
Fictitious, inflated, duplicate or unnecessary purchases
Theft through improper write-off
Excessive shrinkage
Revenue
False or inflated sales
Fictitious customers
Improper commission or bonus payments
Revenue recognition abuses including channel stuffing, liberal return policies or bill and hold schemes
Non-Financial
Weblog analysis
Building access logs
Computer print reports
Client proprietary database analysis
©20
13 C
lifton
Lars
onAl
len
LLP
8
State Specific Risks
• Internal control overrides– Avoid purchase authority escalation– Journal entries
• General disbursements• Payroll• Derived revenues (sales tax, etc.)• Beneficiary payments
– Health and Human Service• Grant payments
©20
13 C
lifton
Lars
onAl
len
LLP
9
State Pension Plan
Brief Case Study
©20
13 C
lifton
Lars
onAl
len
LLP
10
Cash Disbursement Testing: Objective - Test 3.1 Million Payments Totaling $7.0 Billion
• Challenges faced by us: Each monthly report provided by the State: – Was in a massive .pdf “print report”
format, each monthly files was approximately 15,000 pages
– There were 3.1 Million payments in FY 2013
– The files were too large to print and so large they crippled laptops
123 ft360,000 pages
6 ft
©20
13 C
lifton
Lars
onAl
len
LLP
11
Cash Disbursement Testing: The Monthly Report was Over 15,000 Pages
©20
13 C
lifton
Lars
onAl
len
LLP
12
Time and Effort
Obtaining DataNormalizing DataAnalyizing Data
Most Systems Provide Data in a Usable Form
©20
13 C
lifton
Lars
onAl
len
LLP
13
Cash Disbursement Testing: Understanding the Data and Year over Year Comparisons• We were able to analyze the files and compare
activity from FY 2013 to FY 2012
©20
13 C
lifton
Lars
onAl
len
LLP
14
©20
13 C
lifton
Lars
onAl
len
LLP
15
FY 2013
FY 2012
Benford’s Analysis
©20
13 C
lifton
Lars
onAl
len
LLP
16
FY 2013
FY 2012
Stratification by Payment Amount
©20
13 C
lifton
Lars
onAl
len
LLP
17
Cash Disbursement Testing: Abnormal Payments• Specific Analysis that would be difficult/impossible
without Forensic Data Analysis:– Payees whose payments amounts varied significantly
©20
13 C
lifton
Lars
onAl
len
LLP
18
Cash Disbursement Testing: Specific Analytics • Specific Analysis that would be difficult/impossible without
Forensic Data Analysis:– Retirement Numbers that had more than one name associated
©20
13 C
lifton
Lars
onAl
len
LLP
19
Cash Disbursement –Data Analysis vs. Traditional Procedures
Data Analysis• Imported 100% of data• Reconciled totals to F/S for Completeness Testing• Summary Results that tie to F/S balances and compared
to PY• Run specific queries from which to make Risk Based
selections for test work• More efficient - Analysis FY 2013 procedure took only
about 60% of the time of FY 2012
Traditional Procedure• Random Sampling• No Completeness Testing• Less efficient
©20
13 C
lifton
Lars
onAl
len
LLP
20
Consider
• How much data is collected in your organization?• How quickly can you analyze the data for
management decisions and internal risks?• As Comptroller’s do you believe you have your hands
around all the state’s transactions?
©20
13 C
lifton
Lars
onAl
len
LLP
21
©20
13 C
lifton
Lars
onAl
len
LLP
cliftonlarsonallen.com
twitter.com/CLA_CPAs
facebook.com/cliftonlarsonallen
linkedin.com/company/cliftonlarsonallen
Sean M. Walker, CPA, CGFM, CGMSManaging PrincipalState and Local Government414-721-7521
Ryan Merryman, CPA/CFF/CITP, CFESenior ManagerForensic Services310-292-9867