Embed Size (px)
Citation preview
Corvelle Drives Concepts to Completion
1
Corvelle Drives Concepts to CompletionCorvelle Drives Concepts to Completion
Corvelle Drives Concepts to Completion
2
Case Study:Implementing a risk-based
continuous compliance assessment program
ISACA Fall Conference25 November 2010
Corvelle Drives Concepts to Completion
3
Yogi SchulzBiography
Partner of Corvelle Consulting Information technology related management consulting Microsoft Canada columnist & CBC Radio host PPDM Association board member Industry presenter:
– Project World - 4 years– CIPS Informatics - 7 years– PMI - Information Systems SIG - 2 years– Convergence - 4 years– PPDM Association - several years
Corvelle Drives Concepts to Completion
4
PresentationOutline
Business Context Compliance Assessment System Development description Benefits Conclusions Recommendations Discussion
Corvelle Drives Concepts to Completion
5
Business Context
Regulator publishes requirements Oil & gas industry expected to comply Some requirements relate to
measurement and reporting
Corvelle Drives Concepts to Completion
6
Business Problem
Current situation:– Challenge maintaining compliance audit coverage– Suspicion of poor compliance
Goals to:– raise level of assurance over state of compliance– raise level of compliance
Approach:– Apply CSOX audit concepts to compliance audit– Improve monitoring through data analytics
Corvelle Drives Concepts to Completion
7
Oil & Gas IndustryHigh-Level Data Flow
AlbertaEnergy
FieldProductionOperations
Alberta’soil & gas
regulator
FieldData
Capture
ProductionAccounting
RevenueAccounting
FinancialAccounting
PetroleumRegistryAlberta
Corvelle Drives Concepts to Completion
8
Compliance AuditPhilosophy
Trust Operator Declaration
Verify Compliance Assessment Process
“Trust, but verify”- Ronald Reagan
Corvelle Drives Concepts to Completion
9
Continuous auditing
A method used by auditors to perform audit-related activities on a continuous basis
Changes the audit paradigm from periodic reviews of a sample of transactions to ongoing audit procedures that test 100 % of transactions resulting in timely and comprehensive insights into risk and control issues
Corvelle Drives Concepts to Completion
10
Compliance Assessment System Overview
DataExtract
ComplianceAnalytics
NoncomplianceIndicators
InputDatastores
Corvelle Drives Concepts to Completion
11
Compliance Assessment System Data Extract
FieldInspection
System
DataExtract
ExtractA - n
Alberta’soil & gas
regulator
Corvelle Drives Concepts to Completion
12
Compliance Assessment System Data Analytics
ComplianceAnalytics
Extract A
NoncomplianceIndicators
Extract B
ComplianceAnalytics
Corvelle Drives Concepts to Completion
13
Data AnalyticsExamples
High metering difference Production rate trending up Puzzling trends in gas flare, fuel, vent, meter
difference Gas production greater than oil production
for an oil well High or low fuel consumption
Corvelle Drives Concepts to Completion
14
Compliance Assessment System Reporting
Noncompliance Indicators
Reports
OperatorReports
ProductionAudit Team
Reports
Corvelle Drives Concepts to Completion
15
Compliance Assessment System Architecture
Transform ComplianceAnalytics
DataExtract
Reports
Master
Corvelle Drives Concepts to Completion
16
Compliance Assessment System Development
Building the system - a part-time effort ACL dramatically reduces the amount of code Significant architecture, design and testing
effort
Corvelle Drives Concepts to Completion
17
Benefits of ACL forsystem development
Cost-effective and rapid development Adaptable to change as source datastores
change Adaptable to change ACL Compliance Analytics
Routines Encapsulates expert understanding of data
relationships in complex datastores Simple validation of candidate compliance
assessment indicators
Corvelle Drives Concepts to Completion
18
Benefits of ACL forsystem operation
Formal, fully auditable system Fully automated operation Scalable solution
Corvelle Drives Concepts to Completion
19
Business benefits of this Compliance Assessment activity
Assurance over the state of compliance Feedback to oil & gas operators Improved data quality for all stakeholders Comprehensive auditing Greatly increased auditor productivity Independent of skilled data analysts
Corvelle Drives Concepts to Completion
20
Conclusions
Compliance Assessment addressed our business challenge
ACL enabled development and operation of our Compliance Assessment System
Corvelle Drives Concepts to Completion
21
Recommendations
Investigate opportunities to employ Compliance Assessment within your organization
Consider ACL as the technology to implement Compliance Assessment
Consider ACL for batch Data Analytics applications
Corvelle Drives Concepts to Completion
22
Next Steps
Identify datastores to examine Experiment to identify potential data
anomalies Design, build and test a Compliance
Assessment system Collect dollars revealed
Corvelle Drives Concepts to Completion
23
Questions &Discussion
Can you help us
improve our audit work?Please
fill outevaluation
form
Corvelle Drives Concepts to Completion
24
Monitor Compliance RisksThrough Data Analytics
Corvelle Consulting300, 400 - 5 Ave. S. W.Calgary, Alberta T2P 0L6Phone: (403) 249-5255E-mail: [email protected]: www.corvelle.com
Yogi SchulzPartner of Corvelle ConsultingInformation technology related
management consultingMicrosoft Canada columnist
& CBC Radio hostIndustry presenterPPDM Association board member
Corvelle Drives Concepts to Completion
25
Bibliography
Continuous Auditing
Corvelle Drives Concepts to Completion
26
Noncompliance Indicator FileRecord Layout
Noncompliance Indicator id Production Year/Month Operator BA id Facility id Noncompliance supporting data
