FREE e-learning account
You can access tons of replays and resources for FREE by creating your account for FREE on 300Academy.
Get a WhatsApp Weekly Reminder:
1/ Use your phone camera to view QR code
2/ Click the pop-up link/ yellow button
3/ Click the “Add to contacts” button
4/ Enter “Data Leaders in Internal Audit” in first name and hit Save
5/ Send a “Hi, my name is…” Whatsapp message to your new Data Leaders In Internal Audit contact
Full list of replays from our FREE WEBCLASSES, including FREE downloadable resources
What tips and tricks can we deploy to easily track duplicates. Deep-dive into ACL, SQL and QLIK code that helps us to find duplicates. Which types of duplicates are interesting and which are not important for the auditor to flag based on our understanding of SAP (Duplicate master data, duplicate transactional data – journal entries, payments, invoices and orders, duplicate expenses) – what are the risks that we are looking for in each case?
Do you have to review lots of contracts during audit fieldwork? Sometimes those reviews might be a little bit monotonous (as contracts are not always the most exciting of documents). Let’s investigate whether or not we can harness the power of AI and python NLP libraries in order to go quicker with this task. We can also revisit our Streamlit application from March and see how to plugin our contract review so that all auditors… even those non-technical can benefit. What other areas could this apply to beyond contracts?
If you work for a large industrial organization, you want to make sure that you don’t have any black-listed 3rd parties in your database. This type of task can be a fully automated check, allowing the auditor to tick the box (hopefully if no cases are found). Let’s have a look at the techniques that we can use to see if we have any 3rd parties that have similar names to those in official black-lists. Where do we get those black-lists from and which ones should we use? How can we quickly verify any matches identified? What could be the risk impact in case we have black-listed 3rd parties, or even 3rd parties working in or with black-listed geographical areas?
Examining data to uncover insights and trends for informed decision-making and adoption of Microsoft suite for data analysis, app development, automation, and chatbots without extensive coding.
Depending on how your organization is managed, you may need to audit the HR function. What types of controls should you look at and how you could you use data visualization to look at those? What are the expected internal controls in the HR department, and how does the risk consideration change based on whether or not you have contractors and timesheets?
Recently at Aufinia, we have been busy creating Artificial Intelligence applications using python and the platform Streamlit. This tool can enable us to quickly create a web-browser-accessible user interface to your python functionality. Suddenly, all that is exciting about python becomes accessible to your “non-technical” auditors.. including training of AI models, anomaly detection, asking questions of data using natural language and more. Let’s check out under the hub, how we go about doing that – and also – how long it might take your organization to do the same.
Our guest speaker Piotr Czarnas will show how to apply data quality best practices to detect discrepancies between financial systems and ensure that the data is trustworthy.
In 2014, in China, Aufinia held an audit conference with the French chamber of commerce. At that conference we had a guest speaker, a manager of a textile factory, who was explaining to us the fraud scheme that he had uncovered. It basically related to fictitious employees at the factory, that were on the payroll. The HR manager was cashing in on the salaries on a monthly basis for the last few years. This type of fraud scheme is very common in Asia, but probably elsewhere also! Let’s see what types of data analytics tests auditors can do, firstly to check if the internal controls are up-to-scratch in terms of prevention, but also to see if there is a needle in a haystack fraud operation going on in one of your entities.
When your auditors look at a set of results from data analytics, one aspect that should be on their mental checklist are strange dates. But for P2P what types of strange dates are we looking for and what might they indicate in terms of risk of fraud, internal control gaps or inefficiencies? In this webclass, we will brainstorm all the different ways of looking at dates within P2P, so that next time, when you see some data, any funny dates will jump out at you and get you asking lots of questions of the data!
Well, if they are confused, them send us to our webclass. Let’s go through some basic accounting and understand why suppliers that are debtors is an audit risk and what kinds of risks there are. Recently I was reading about how a bar chart that shows the total per month is “naive”. How embarrassed was I to admit that we often do bar charts that show the total per month. What about if we converted it to a waterfall chart or a stacked bar… would this help us to more easily see debtor transactions that are still outstanding for a supplier. But again – will the audit team understand why we want to do that? If they don’t send them to our webclass and let’s discuss the related risks and how to check for these risks.
You might be tempted to spend a lot of money on consulting in order to be sure that you are harnessing the power of Artificial Intelligence. And this is great, because we do all need to become more familiar and aware of how and whether artificial intelligence is important for audit. But let’s just take a quick breather and consider what is already out there. Did you know that we can get quite a long way already with the new capabilities in good old Microsoft PBI? Let’s have a look at what audit questions we can answer using these new capabilities.
Recently, I have been reading a book called “Les Statistiques Expliques par mon Chat” (statistics explained to my cat), that takes us through basic statistics. In this book, the free software Jamovi is introduced for doing basic statistical predictions. Let’s take out some time to have a quick look at this free tool, how to get it, install it and use it to see how we can apply statistical predictions to some audit questions.
You may have tens of thousands of third parties. It can be quite daunting to categorize them in terms of risk. However, if we harness the power of Artificial Intelligence, we can use a model that we can train in order to categorize our third-parties and pick out those that we think are most likely to be fraudulent. Using this technique, in addition to basic rules, such as whether or not the 3rd party is missing information, is found in the OFAC list, is listed as Politically Exposed Person or is based in a country other than that of the beneficiary account, can help us to get an automated scoring of third-parties prior to the audit fieldwork and sampling process. Let’s take a deep-dive into a python machine learning example and see how we can train our python model.
In this quick-win session, we will take a look at split purchase orders. This is one of the most popular data analytics that most all audit departments want to run. However, the results often throw up a lot of false positives. Let’s see how we can create the most optimum dashboard about split purchase orders that helps the user to choose the sample that is the least likely to be a false positive.
If your purchasing department is efficient, then they should be helping to reduce the pricing from suppliers, or at least limit increases. However, when purchasing and suppliers get together, then price hikes may indicate collusion. How can you see quickly on one page, the suppliers and transactions that might be indicative of over-pricing? What are the tactics that fraudsters can use to create confusion and prevent changes in prices from being seen?
Does your internal audit team ever work on compliance with tax legislation? How can you use data analytics to see if you have categories of transactions that do not follow the normal pattern for tax compliance. How could we use Artificial Intelligence to help with that? Did you know that you can use a simple python program to check?
You may think that SAP is set-up for all purchase orders to be approved, according to the purchasing approval process. But did you know that actually in SAP, there are a set of conditions can actually prevent your purchase orders for needing any approval at all!?! In this Webclass we will understand better how the system works, so that we can better understand why some purchase orders are approved and others actually do not need any approval at all.
Christmas is here.
So might the tax man be, at the end of the year.
But don’t give-up your Christmas cheer.
Because the GAPs test is near…
Your IT department got the CFO out of the sticks
With a fancy data-fix
The data was updated without a trace
And all this was done quietly so he could save face
But with a simple query in SQL
All his worst nightmares are rising from hell
But let’s stay jolly here in audit
Because all things data – SQL has a trick for it
… about 13 years’ ago, I accompanied one of the best sales people on the planet at ACL on a few sales meetings, and he often talked about the tax man and how the tax department in France would use the ACL GAPS button to detect data-fixes. Did you know that many companies use data-fixes to fraudulently update accounting entries, without any trace in the system… except for holes in the data that look like Swiss cheese!
Normally we invoice and pay. That is the normal types of transactions that go on with our third-parties. But there are lots of other types of transactions that can occur, other than the straightforward ones. If as an auditor we focus on the business process and take into consideration the usual transactions, such as invoices and payments, we may feel that we are doing thorough data analytics across the entire P2P or O2C process. However, much more is actually going on in most businesses. In fact, the fraudulent transactions are often not going through the normal process, because they want to avoid the normal internal controls. But how do we quickly see a summary of all of our more “unusual transactions”? Let’s look at some fun graphs that sum them up and categorize them for us easily, as well as showing us the patterns, that can help us to see where the risk areas are.
If we want to help our friend who is a customer, not have to pay, the easiest thing to do is to do a credit-debit refresh of their account. This should be very easy to detect in the data. And it is! But not all credit-debit refreshes are done within the same journal entry, and some of them are actually normal repostings due to partial payments. Even the system can be set-up to automatically repost a customer debit following a payment difference. So, how do we go about identifying the real cases of customer ageing balance refresh? Let’s have a look at some real life cases, different patterns and discuss the risks and recommendations relating to them.
Have you ever audited Intercompany accounts? Maybe you are wondering what actually goes on in “Consolidation”? Did you know that there are some interesting ways that organizations can fraud using Intercompany accounts… hence all of the reconciliation work that goes on every month. As an auditor, really understanding the consolidation process and the tricks that can be played can give us insights into clues in the data that may point out fraudulent transactions.
SAP separation of duties checks can be rather complicated, as can be setting up Process Mining. But what if you could do an easy sense check on the main parts of the process. Done in five minutes? Join our webclass to see.
Looking at Invoices To Be Received, some clients have said to us that we should only do the dashboard on the value per month (value of postings), whereas others are more interested in the balance over time. Which is the most useful and what are the risks that we can infer from them?
Six years ago, I was on an audit for a curtains company and we were looking at the accounting schemes for payments. The entity was posting a lot of entries that debited cost and credited bank. This was quite surprising for us, since back in my Deloitte days, that was a key red flag to look for (especially where the cost account is not bank charges but rather sundry cost or something you would expect to see a third-party vendor for). Digging a bit deeper we also discovered that the bank statement reconciliation process involved the entry of adjustments to fill the gap for any differences. Coupled with the fact that most payments were done manually on-line, … some interesting risk points arose. However, how confident did we feel discussing the topic with finance, who were adamant that there was nothing unusual? Let’s get the discussion going on how to audit the bank reconciliation process and build-up our strengths and confidence in this area.
When I was a junior auditor at Deloitte, I went to my first data analytics training. We learnt some great skills about how to play around with data in Excel and how to use ACL. Just after the training, the data analytics manager handed me a set of data and said “See what you can find in this”. At that point my mind was blank. Despite having picked up some core skills and also having a Masters in Information Technology as well as some initial audit training, I actually had no idea what I was supposed to look for. Fast Forward 23 years – let’s do the same exercise with our AR data set. What key insights can we obtain from that one data set and how easy is it to do that? We can throw in some Generative AI also, and perhaps some advice from Chat GPT. Let’s see what we can find out.
In this Webclass we will look at a Python program, hot off the press from Aufinia. We will analyze how the program works in order to up our python skills. At the same time, we will see how we can use python to automatically generate templates that can be used to download data from SAP automatically.
You will get access to a free python program and a free matrix that maps all of the 300 must-have data analytics tests to SAP tables and fields, and includes fields that need to be filtered on, how tables need to be joined together and which tables need to act as “helper tables” in order to reduce the amount of data you obtain from SAP. Join us in this exiting deep-dive into Python and SAP and up-your skills in these two areas in one-go!
According to the ACFE, construction fraud is the fourth highest median losses by industry. Forensic accounting allows business owners to engage with a professional to quantity the losses and determine who benefited. In this session, we will talk about cases that Ms. Landau has investigated as well the missing link to the fraud triangle.
Unlock the power of Power Query! Learn how to automate calculations and consolidations. Power Query is part of Excel yet many users don’t know it is there or what it can do. This introduction session will demonstrate how easy and accessible Power Query is.
We are discussing ways companies can lose money in procurement through fraud, errors, and waste, and how to detect them. Examples are bogus invoices, bad payment terms, or fraudulent attempts to divert payments into other bank accounts.
This webclass will share an exciting new application of generative AI for data analysis. In order to extract meaningful insights from messy, raw data, auditors and data professionals must perform a variety of time-consuming technical tasks. Generative AI and visual methods to interact with your data dramatically speed up the tedious parts of the process and reduce barriers to technical analytics languages, like Python. This enables business professionals to analyze data, clean and organize it, build predictive models, and so much more with speed and efficiency not previously possible.
Money laundering tends to be a topic for banking. In Vietnam the new AML regulation is applicable as of March 2023, focuses mostly on the banking sector. However, with the boom in e-commerce, money laundering appears to have found a new home. If you have mass transactions in your sales ledger, who’s to say that those are not also a sign of money laundering, even if you are in the FMCG sector? What about if you are in shipping? Why would a hotel that operates at almost zero capacity be a possible sign of a money laundering haven? Should you be concerned if you have customers or vendors that are vectors for money laundering? Are you liable and what should you expect those third-parties to be doing?
In our Deloitte audit reports, we always used to have a disclaimer to say “this report does not include any issues relating to collusion between two or more parties”, which basically meant, “if Bob is helping Sheila to do the fraud, their isn’t much hope of us noticing it!” Or, “all the internal controls in the world won’t help if your employees are best friends with the suppliers”. Another problem with collusion is that it tends to be “under the table” or “off the books”… so what tips can auditors deploy if they want to identify some indications of collusion?
According to a PWC 2010 survey, 37% of fraud is committed by insiders and 20% is collusion. Meaning that 57% of fraud involves employees. Let’s have a look at some tactics that we can deploy in order to find the malicious users in the organisation.
I was reading a book about forensic data analytics a while back and one of the main aspects that was highlighed was looking at dates and how differences between dates can help us to uncover fraud scenarios. In this webclass we will go through some different data analytics graphs and discuss which types of fraud scenarios could be inferred through the analysis of date patterns and comparisons.
Why not just use the detailed ageing report by third-party? How does data analytics help? How can you drill-down to outstanding transactions and find unpaid debit/ credit notes that could help the entity you are auditing recover funds? How do we compute the due date in SAP – and do we need to?
Find out how to identify suspense accounts and get tips on looking at their trends in order to identify those that are not used appropriately or that are used to hide fraudulent transactions. Understand the cookie jar fraud case and see it in action in the data.
There is sometimes some debate as to what an open purchase order is. What are the different ways of identifying these purchase orders in the SAP system? Why might you get some discrepancies compared to what the entity is telling you? What should we do with the list of open purchase orders during the fieldwork?
In the Digital Age, all businesses/organizations face daily risks from online crime, fraud and disruption. One of the key limiters to achieving Cyber Resilience across all organizations, businesses and sectors is Adoption of cybersecurity best practices and solutions at scale, thereby providing measurable Impact. How could the Adoption of automated Cyber Risk Ratings and Reporting, enable ownership of Digital Age Risk, thereby systemically raising the resilience of all globally?
If your organization is going to moave to S4- will you need to change all of your data analytics or just a few? If you have outsourced data analytics-how much should you expect to pay for the update? What will be the impact in terms of speed of execution? What can the auditor help the entity to check when the system is switched over?
SAP seperation of duties checks can be rather complicated, as can be setting up Process Mining. But what if you could do an easy sense check on the main parts of the process. Done in five minutes? Join our webclass to see.
When we analyze the trial balance, should we be looking at the value of debit and credit transactions in the period, the net value of transactions or should we be looking at the balance. Does it depend on the account? If you are not 100% sure of these points, join our webclass and we will discuss more about analysing the trial balance as well as showing you a dynamic way to look at ratios.
Environmental Social & Governance is a new area that internal auditors may be faced to check for their organization in order to ensure compliance. However, guidelines on how to audit this area are not yet that mature. How can the internal auditor start to tackle this topic and what types of data sources are out there. Let’s discuss to see what ideas and challenges auditors face in this area. We will propose during the webclass a free DRAFT ESG audit framework.
Should you use sampling, rule-based analytics or artificial intelligence in order to decide which journal entries need to be looked at? What are the benefits of focused samples compared to the “stand-back” approach recommended by the ISA 240?
Probably the most common fraud in the supply chain is paying suppliers too much. This could happen through paying for faulty equipment or stock or just through suppliers hiking the price or charging too much. When internal controls are down and management is not continuously assessing costs and budgets, spending can go on fire! Let’s see how internal audit can quickly assess whether or not there is a risk of fraud in the supply chain within your entity.
What are the most important bank-disbursement fraud flags that internal auditors should look at? Is it easier/ quicker to do that with rule-based testing or could you also use a python program?
What are the top five checks that you can do to ensure that you don’t have fraud around closing? In this webclass we will look at different fraud scenarios for closing and how we can assess whether or not there appears to be a risk for these scenarios occurring. Which data would you need and what are the tips and tricks to getting a quick analysis for maximum assurance?
How can we make sure that our data is complete and accurate when auditing financial reporting, purchasing, sales, fixed assets, inventory or human resources? What are the SAP tables that you would need and what is the methodology that you should use? Join our webclass to pick up on all the tips and tricks to help you to go faster in this process.
This webclass will be very interactive so that you can learn from each other, how you plan your audits. Is it more based on requests, feeling, trends, resources, rotation, prior-fraud cases, risk assessments? We will look at a range of audit plan templates and methods and discuss the advantages and disadvantages of each and then vote on which audit plan methodology we feel is the most effective.
In this webclass we will take a look at some of the most popular tools out there and then do a deep-dive into some key factors that differentiate them as well as look at how we can transition between tools and how having a clear data analytics naming convention and methodology in your team can help you to be able to switch tools easily, with a focus on ACL/ SQL and PBI/ QLIK, as well as python.
You may still be spending a lot of time or resources taking screenshots for SOX ITGC testing. But some of those tests could be fully automated. What would be the financial gain and the time gain if you did that and which ones could you automate and how?
Did you know that looking at SAP GRC reports only gives you a limited amount of assurance as an auditor? Let’s challenge the practice of using these reports to see where the real risks lie!
How can you check if your customers are exceeding credit limits in SAP? What if they don’t have credit limits? Or what if they do have credit limits, but a setting in the system is enabling staff to ignore this internal control step? Let’s see how the auditor can intelligently adress this area through data.
If you have strange payments going through treasury – perhaps Artificial Intelligence could be used to help detect them. In this webclass we apply Isolation Forest, UMAP and SHAP and identify some expected strange payments (those found by our flip-flop data analytics dashboard) as well as some unexpected ones.
Why is there so much resistance to data analytics from your audit team? It could be silent resistance but it is there… so first we need to understand the reasons for using data analytics. But beyond that – if we understand the reasons and if the team shares that understanding, there is still a mountain to climb before they can become proficient at data analytics. In this webclass, we introduce a framework to help your team go through the data analytics process step-by-step for each audit. With a little help from an online system, you can guide them through the process with templates along the way and also monitor how they are doing and get their feedback.
A while back there was a whistleblower case concerning a programmer who was stealing inventory and then going into the SAP system and updating inventory records through developper access, in order to ensure that the physical inventory matched the system inventory… wait – it’s possible to update data in the system? Did you know that developpers are a huge source of risk in your organisation? Let’s have a look at all of the ways that developpers can get around controls in your SAP system.
It used to be that we would spend 100Ks dollars paying consulting firms to do investigations on email data… what – wait- you still do? Did you know that with a simple python program (that is free) you can scan email files yourself for key words and quickly drill down to the email data including the date and the sender? Suddenly, the off-the-books fraud cases relating to bribery and corruption become more within reach… at a reasonable price.
How can we isolate our cost accounts and then see what is posted in them? If your audit team are a bit asleep, they might typically look at specific cost accounts. For example, they might look at what goes into accounts relating to discounts. However, the most risky cost accounts remain the unknown “sundry” accounts. A curious auditor would ask, how much is posted to those? Where does it come from? Who is posting it? Does it remain on that account or get re-allocated? In this webclass we look at the famous Phar-Mor fraud case and see how cost accounts were used to hide huge inventory discrepancies. We then go on to look at five other more recent fraud cases concerning the misuse of cost accounts. But how can the data analyst find ALL of the data relating to these accounts?
Are you sure that you know all of your third-parties? Firstly, why do we need to know them? But secondly, how can we know them if we have more than 40K of them? Let’s take a look at a python tool that can help us to assess which of our third-parties are high-risk
One time we were doing an audit and a whistleblower gave us a tip-off that the CEO of the entity that had just been acquired was the owner of one of the customers that also happened to be a supplier… how was this CEO making free money now that his company was part of this large Group?
If your auditors do not check inside empty boxes during the physical inventory, or if they are heavily criticized or hindered by warehouse staff, what would be your suspicion? What famous inventory theft cases did not get noticed by internal auditors in the past? Where does inventory typically “leak” to?
What are the key SAP security aspects that we can automatically scan using data analytics? This webclass goes through the concepts of sensitive users, profiles, objects, programs, authorizations and transaction codes
In this webclass, we look at a few technical hurdles that we need to overcome in order to create the data structure that underpins the Purchase To Pay Process Mining dashboards. We then go through the dashboard and we comment it step by step in order to show how it can be used during an audit.
Often the data analytics task of the data analytics manager role is assigned to the IT auditor. However, in our opinion this can be a mistake. In fact, data analytics, is more about the data itself than the technology surrounding it. Let’s take the general ledger tables BSEG and BKPF in SAP ECC. These are data tables that are stored in the SAP system. That is the technology. But the information in those tables is what is interesting for the auditors. And that information is financial accounting information. Surely it would take then someone who understands financial accounting, to be able to guide the team as to what to look for in the data? Whereas the IT auditor might be expert in cybersecurity, backups, Information Technology General Computer Controls, they rarely have an understanding of how the Financial Controller is fixing the accounts through unsupported adjustments, reversals, transfers, etc. In fact, the IT auditor rarely has the understanding of what a journal entry is, why debit should be equal to credit and what the difference between the general ledger, the balance sheet and the trial balance is. In this case, the IT auditor is at a loss as to what to do with the inforamtion in the BSEG/BKPF data tables, let alone, what types of things would be interesting to look for for the audit. Shouldn’t we therefore assign the expert in finance and internal control to manage and steer the data analytics team?
In a process audit, we want to check if the process is efficient and where we can increase efficiency. In this webclass we look at key indicators that are usually used for assessing the efficiency of the Order To Cash Process and how we can create those indicators based on SAP data.
What is the difference between skimming and theft? In this webclass we look at two examples of skimming and then dive into some example dashboards that can be used to review skimming at a POS (Point Of Sales) terminal.
In this webclass we look at the DHFL loans fraud case in detail and check how it could be detected in case this situation is occurring in your own group. We also go in to the SAP data and fields that contain information relating to loans.
What is OPEX and CAPEX and how can we fraud with these two concepts? If your finance department is playing around with OPEX and CAPEX are your auditors able to see it?
If we improve our SOX auditing with data analytics, would that be a good thing or a bad thing? On the one hand, we could save time and effort from the outsourced service providers that are running our SOX controls. On the other hand, we might give them more (or at least more focused) work to do. If we improve our SOX controls, does that mean that we improve transparency for external audit and we can reduce the external audit fees, or will they charge us more for having to review our data analytics programs? It all depends where our heart lies…. in ensuring that our testing is useful, or in ticking the box!
In this webclass we look at three payment card fraud cases and then make a list of the questions that we would need to ask the data if we were going to be able to detect those cases.
In this webclass we look at a real-life wire-transfer fraud case and discuss how these cases typically occur. Often the entity will rely on controls at the bank. However, not all banks control all transactions. How can audit help internal control/ treasury to discover wire-fraud before it is too late? Only with data analytics can the cases be discovered in time, due to the volume and frequency of the transactions.
In this webclass we look at a real-life wire-transfer fraud case and discuss how these cases typically occur. Often the entity will rely on controls at the bank. However, not all banks control all transactions. How can audit help internal control/ treasury to discover wire-fraud before it is too late? Only with data analytics can the cases be discovered in time, due to the volume and frequency of the transactions.
Is your internal audit team able to respond to unexpected findings or results during the fieldwork, or will they ignore these because they don’t understand them or because they don’t have the tools to do further analysis. Often we find that the data analytics team will deliver some results to the audit fieldwork team. However, during the fieldwork, if the auditors receive explanations from the auditee that the data analytics should have been filtered, or taken into account a different rule, unknown at the time – are your auditors able to respond and refresh the analysis to dig further, or do they give up? How can we help them to be more agile?
What are the main algorithms or data analytics steps that we most often use and that your data analytics team needs to be able to master to be able to understand 90% of the data analytics programs?
What are the ratios that we can use based on the balance sheet, in order to immediately see if there is an obvious case of fraud or error in the financial accounts?
In this webclass Sam Gallagher gives us an insight into data analytics for government and a revolutionary continuous monitoring tool.
If you have dormant customers or vendors, what could be the fraud case in the event that one of those dormant accounts suddenly reactivates? What is the data analytics code and algorithm that we should deploy to detect dormant accounts?
What does the ISA240 say about the auditor’s role in detecting financial misstatements, and why did they recently update the standard? In this webclass we look at the fraud cases behind the udpate, how they could be detected thruogh journal entry review and how the approach of internal auditors needs to be updated.
A long time ago, whilst working at Deloitte, I remember that we always used to put a sentence in our presentations under the limits sections, which said something like, “This report does not cover any internal control violations due to corroboration between two or more parties”. This is becuase, if you separate the duties of say payroll and personnel, but the two people doing those duties are working together on a fraud scheme, it can be very hard to detect the scheme. Which is why, separation of duties is so important. What if you don’t even need more than one person? In this webclass we look at how the audit manager can check separation of duties issues that occured during the period to see if there is a high-level of risk of fraud at the entity, even without the need for two or more staff members to corroborate.
How do credit limits work in SAP and how can we review customer credit limits per customer?
The CFE (Certified Fraud Examiner) manual gives us some fantastic knowledge about all of the most common fraud schemes and this information is really useful to data analysts who are trying to find fraud schemes in the data. In this webclass, we take the ACFE manual and we do a mapping of the manual to data analytics tests.
Sometimes our data analytics projects die a slow death because the size of the data is so large that the user cannot get the analysis in time or you cannot get the analysis to run. Sometimes it is a case of dashbaords that are too slow to load and the end-users don’t want to wait more than five seconds. If we have the correct data structure or data model, we can usually resolve most of these issues. In this webclass we look at the key tips to creating the most optimum data model for your data visualization dashboards.
If you have a new SAP system, or your SAP system was upgraded to S4 from ECC, for example, your entity may have paid a huge amount of money to conultants to configure the new system. However, how can you be sure that they did not leave security holes behind them? In this webclass we look at all of the SAP configuration issues that the auditor can scan in order to assess the level of security of the new or updated system.
Let’s have a look at why the standard audit approach of Risk Control Test is has-been. Why can the internal auditor not content themselves to go through these checklists anymore? This webclass gives a high-level overview of how to think of the audit in a “stand-back” way – using data to see risk areas and trends before diving into the actual audit plan.
Pawan is a thought leader in the finance, risks and regulatory data management space. He gives us some insights into the types of data analytics tests that we can do in the banking sector. In this webclass you can also get a free matrix of banking audit tests as mapped to data analytics tests.
Previously we have looked at Correlation and seen how we can use correlation to be able to see straight away all of the tests that a third-party is flagged for. In this webclass, we go one step-furhter to see how we can score third-parties, in order to be able to see which ones are the most important in terms of risk.
Joseph Horrowitz joins us for an overview of Cybersecurity and what we need to look for when doing a cybersecurity audit
In this webclass we look at a recent fraud case at a South African retailer and we decorticate how the fraud case happened and what footprint it would have left in the data. Up to the auditor to then search for that footprint to ensure that it is not occuring in your own entity.
Anjana Wijegunasinghe gives us insights into how we can make our internal audits smarter, with the help of data analytics.
Salih Ahmed Islam gives us an overview of how data analytics is effecting internal audit today.
Galina Guidry joins us for this session to share with us her experience in using data analytics to detect and investigate fraud cases.
If you are charged with setting up a fraud prevention system, then you might be wondering how that system should differ from standard data analytics for audit. The point about a fraud prevention system is that the fraud indicators that are highlighted by data analtyics, need to be reviewed and processed by individuals that have been assigned the task. However, if we rely on emails and reminders to look at dashboards, then the process will not work. How about if the team members are assigned data analtyics results automatically that they are required to process? How can we make this process smooth and automated, without spending lots of cash and putting sensitive information in the cloud of a software vendor? How can we monitor if the fraud KPIs are being reviewed on a timely basis? Let’s have a look at an alternative example that could help us to ensure interaction with fraud KPI results and review of these results.
In this session, we invite Thomas Fox, who will share with us how he believes that internal audit have a groundbreaking role to help those in compliance get into using data analytis and how these two departments can help each other to grow to become data analytics saavy, as well as introducing the ways that data analytics is helping and revolutionising compliance and governance.
If you are in charge of a data analytics project for your next audit, how can you be sure to successfully manage it? How can you avoid the situation where the data is inaccurate, not available or that the rest of the audit team ignore the analysis that you have done and continue to use manual sampling instead? In this webclass we give you the keys to success to ensuring that your data analytics project is accurate, on-time and utilized during the audit fieldwork.
What is continuous auditing and why should we use it? Neil shows us a revolutionary tool for continuously auditing your data sets, no matter what the system underneath.
When we enter an invoice into the SAP system, the SAP system will automatically check that the invoice value matches, or is within the expected value based on the goods receipts and the purchase orders – right? This might be what the auditee will tell the auditor. In reality, there are many ways to cheat the three-way-match controls in SAP. In this webclass we look at three-way-match settings in detail so that the auditor can be aware of all the different loopholes and how invoices can in fact, get entered, despite the values not matching the purchase order or the goods receipt.
Usually we call suppliers “creditors” and customers “debtors” – but why? In this webclass we refresh our knowledge of some accounting basics, so that we can be aware of unusual trends, when values are not as we would expect.
What is Day Sales Outstanding and how can we calculate it based on SAP data? In this webclass we go into the detail of how the DSO calculation works so that you can see how it could be used by internal audit and also how it is used by management as a Key Performance Indicator to monitor the performance of Accounts Receivables.
If you are going to audit an entity, you might want to look at process mining dashboards before going to that entity, in order to see what audit questions need to be asked during the fieldwork. In this webclass, we look at a step-by-step guide to creating a process mining data set and then we look at process mining graphs and see what observations we can make and what recommendations for audit we can infer from these graphs.
Do you know where all the money goes from the entity? How do we track-back from the payment transaction to the invoices/ credit notes or debit notes, in order to know the purpose of our bank-out transactions? What is the data structure in SAP and how does the clearing process work?
In this web-class we interview python expert Kyle Pott, who is here to help internal auditors to pick-up python and develop their python skills quickly for a number of different tasks, from creating links to different data sources to sorting, joining and visualizing data tables.
The trial balance is often reviewed by internal audit, but it tends to be reviewed in a rolled-up (summary) format and not usually based on the detailed data. There are advantages to recomputing the trial balance from the detailed data in order to ensure that the financial reporting is accurate. However, we need to be able to categorize automatically the accounts in order to get a macro vision of the main data sets and in order to be able to automatically run horizontal and vertical analysis.
What is a shell company and how can we detect it? Shell companies might not jump out of the data set at first-sight. However, there are indicators that we can process to help us to see which suppliers might be shell companies.
Quite often the auditors will check that there is a bank statement reconciliation occurring, as part of an internal controls review. However, one time, when I was doing an audit of a mid-sized global manufacturing company, we were reviewing the bank statement reconciliation process, and we noticed that each month, the finance department would enter adjustments to ensure that the bank statement and the general ledger matched. What were these adjustments for and were they valid? If the auditor only looks at the top figures, are they missing the obvious fraudulent process? If your entity is using SAP, how can you quickly compare the bank statement data to the general ledger data and get insights into the process operating at the entity for this vital internal control.
We will be having our Data Analytics Summit, where we will invite over 30 experts to let us know what they wuold do, if tomorrow they became head of internal audit of a new audit team and they wanted that audit team to get started with data analytics. Let’s get a sneak peak into this summit, for which you can gain access to at the end of the webclass.
What are the pros and cons of QLIK versus PBI versus SQL and ACL? Let’s compare them to see why we might choose one or other of these tools.
Did you know that it is easy for someone with too much access, such as transaction code FB01 (create document) to enter fictitious journal entries into your system, that could have an impact on your balance sheet or your P&L or that could be used to hide other fraudulent activities? Finding inappropriate journal entries can be like finding a needle in a haystack. However, with the use of some data visualization and filters, we can pick them out quickly.
How can we identify suppliers for whom the bank account is temporarily changed and during the time that it is temporarily changed, there is a payment to the temporary bank account?
How do we quickly find duplicate payments in SAP data and how can we avoid flagging cases that are already corrected by the entity (false positives)?
When managing data analytics projects, back at Deloitte, one of the most important tasks, was to ensure that the figures that got onto the audit report from the data analytics team were correct. Over time, I noticed that actually, most team members were making the same types of mistakes. Therefore, I made a checklist of these errors and gave it to the team, so that they could double-check all of their work. Simple errors, such as having duplication on a join key, when joining two tables together, can make the numbers in the audit report completely wrong. It is quite important therefore, that the team has the intelligence to recognise such errors and that the audit manager can also see where the analytics appear to be incorrect, in order to avoid embarassing moments during presentations.
Most of us have heard of Benford’s law, but not all of us have got round to using it and it can remain a bit of a mystery. But what is Benford’s law exactly, and shouldn’t we rather use something more powerful, now that we have free python programs that can help us to do Isolation Forest?
How can we get auditors into data analytics? What is the framework that our teams should follow to go from not being able to use or do any data analytics to being great at doing data analytics? This webclass will give us a guide to follow for your team.
Should we be looking at who has access to what in the system today, or should we be looking at who actually did what in the system during the audited period? This webclass will help us to understand the difference so that the auditor can choose the most cost-effective approach.
Travel & Expense is one of the most common areas for low-value fraud cases (duplicated expenses/ inflated expense value, etc.). However, it is also one of the most common areas for getting money out of the company for bribes to government or government-related third-parties. This situation could set-up your organization for a hefty fine from the SEC under the FCPA. In this webclass we go through the most common Travel & Expense data analytics that you can run on your data in order to see if your entity is at risk.
If you need to audit order to cash and the entity has SAP, then you could get a lot more transparency and understanding about the entity if you follow this simple SAP Order To Cash 101 webclass.
Previously we have talked about correlation in our webclass. Correlation enables us to see all of the data analytics test results for a given third-party. But what if we went a step-further and could use an automated decision tree to get the computer to tell us what it thinks are the most risky third-parties?
If you are auditing SAP purchase to pay, you might go for some straightforward tests. But what if we bring in some python? Auditors are often wondering what Artificial Intelligence is for and how it can affect them and whether or not they should learn python. Let’s get some examples and see how they could apply to your purchase to pay audit.
If you need to audit purchasing and the entity has SAP, then you could get a lot more transparency and understanding about the entity if you follow this simple SAP Purchasing 101 webclass.
When we present the results of data analytics tests, the challenge is to present them in a way that the audience can understand. I remember one time we were preparing some data analytics for a large supermarket chain. We went to present the results to the CFO. Upon seeing a dashboard on the projector screen, the first thing that the CFO did was wave his hand in the air and say “I don’t understand all that stuff, what I need is a story!”. Auditors can come up against resistance like this, especially from more senior staff members. In order for the analytics work to not go straight into the trash-bin, the auditor therefore needs to know how to tell a story with the data so that the audience can follow and receive the message that we are communicating. Let’s see how QLIK tries to help us to do this.
What are the most common frauds that are done in financial accounting? Let’s see what they are and how we can find them by analysing the general ledger.
Nicola Osinaike is an experienced trainer for internal auditors and for Excel. Let’s see what advice she gives us about how to get our internal auditors into data analytics through training.
Auditors often go on training for data analytics, but then forget the content a few months later. The training is therefore a bit of a waste of money for them. What is the solution that can help us to overcome these wasted budgets on data analytics trainings for the “normal” internal audit population?
How can we use data analytics to analyse performance? Gary Cockins gives us some insights into his experience in this area, for which he has written a book about.
If you are running an internal audit department or you have been in charge of the data analytics team, then you want to make sure that you can manage that team effectively and avoid common pitfalls in data analytics, such as providing incorrect analysis during the audit, or not getting the data analytics results on time. How can we do this? Learn from Claire’s experienc of over 20 years of managing data analytics teams to get the top tips that we use to ensure maximum accuracy and availability of data analytics results for the audit team.
I often think that audit departments that only rely on ten or so data analytics tests are like fisherman that use a badminton net rather than a trawler fishing net. There are so many different ways to avoid internal controls and there are so many different ways to fraud in the system. Therefore, to get a complete picture of where the risks are, we need to actually run a lot of tests, even if these are data analytics tests in the background. However, if we run hundreds of tests, how can we quidkly see which third-parties are picked by the most tests or the most risk combinations of tests? For this, we can use a data analytics technique called correlation. Correlation helps the auditor to scan all of the data analtyics test results and hone in on the third-party that is posing the most risk overall.
Often when we interview new candidates at Aufinia, we ask them, how could you find the purchase order with the most unusual purchase price? Or which graph is the most useful when finding a specfic purchase order that has a very unusual purchase price, compared to all of the other purchase orders. Discover in this webclass, how scatter diagrams can be used for this purpose and many other applications.
Which tool is the best tool for data analytics? There are now thousands of data analytics tools on the market. However, they are all slightly different. It can be a daunting task for the auditor to decide which tool to use. In this webclass we look at a decision matrix that is designed to help you ask all of the right questions of the different software vendors in order to choose the correct tool for your department.
What are the main data analytics for treasury and where can we find the data in SAP that relates to treasury? Furthermore, how should we interpret this data? Find out more in this webclass.
When we created the Data Analytics Secrets book, our main objective, was to provide auditors with the full list of all of the fields from SAP that are the most useful when doing data analytics on SAP data. There are thousands of tables in SAP and each table can have up to hundreds of fields. This webclass shows us the main SAP tables and fields that are used per SAP data analytic test that is mentioned in our book and does a direct mapping between them. If you are doing data analytics on SAP data, then this webclass should therefore save you a lot of time from searching on SAP blogs for various tables and fields relating to each topic.
Should data analytics be used before the audit starts or during the audit? In this webclass we discuss the advantages of both approaches and we look at why it is important for data analytics to occur before an Order To Cash audit rather than only being done once the auditors are on the field.
Quite often the data analytics team in internal audit has a challenge to communicate effectively the results of data analytics to internal audit. Sometimes we use Powerpoint, sometimes we use Excel extractions and sometimes we give access to the dashboards themselves. However, often, the internal auditors do not interact or use the data analytics as much as they could. In order to get around this issue, our guest speaker, Angeline Corgaglia, from Inphinity, will show us a solution, whereby auditors can interact directly with the data and flag transactions that they have identified on the dashboard, so that they can be investigated by the audit team. In this way, by making the dashboard interactive, the auditors can be incited to integrate data analytics into their audit work and the audit manager can more easily see how the data analytics were used by audit for their selections.
What are the top-10 inventory data analytics tests for audit? IF you are going to audit inventory, check out this webclass in order to get ideas of dashboards that can be used to assess inventory.
How can we be sure that the quality of the data in our Purchase To Pay system is accurate. In this webclass we talk with Kevin, who shares with us his experience as internal auditor in a large organisation, and the ways that he uses to combat the data quality issue.
If you are pressed for time on an audit, you probably would like to see all of your Purchase To Pay audit test results quickly, so that you can scan through them and get an idea of where there are issues in the entity. In this webclass, we look at how we can do this, without wasting time on audit tests that are not covering the most risky areas for your audit.
Fixed assets are an easy loophole for a fraudster that would like to missappriate funds, vehicles or equipment from your company, perhaps for a parallel business. Surprisingly this area is often over-looked by internal audit as not a big risk area. However, with the help of some data analytics, we can easily determine if there is significant risk in this area, without doing any additional audit work.
In this webclass we answer the question as to why internal audit should audit financial reporting, meaning, why the internal auditor needs to audit the general ledger, and then we look at how that can be done easily using data analytics.
If you are going to audit the Order To Cash process, then it could be great to have access to an Order To Cash process mining dashboard in order to get an overview of the values, trends and key risks in the process. What percentage of customer billing doucments are based on sales orders? What percentage of sales orders were approved by credit management? Are there any sales orders that were modified following approval? Are there any separation of duties violations that occurred in the process during the period? Are there goods issues that exceed the sales order value? Let’s see how to answer these questions and more with a simple process mining dashboard that your audit team can set-up for themselves.
Did you know that python is an extremely versatile tool that can help internal auditors to complete many tasks, including data analytics but also checking for suspicious suppliers, scrapping data from websites or setting up other Application Programming Interfaces to different systems. Furthermore, there are hundreds of python libraries available that provide free code that can be used for a huge range of data analytics purposes. Let’s see how an auditor can quickly get into python and make the most of this completely free tool.
Users having too much access in the SAP system is an open door for many fraud cases. Therefore, separation of duties testing is an area that auditors typically look at. However, often the auditor will stop at a list of roles provided by the IT department or the SOX tester, or some sampling on some profiles using the SUIM transaction code. But what if the auditor could see all the users and all of their access? Quite often, expensive tools are used for this purpose. However, it is possible to compute user access using simple SQL and present the information in a data analytics tool. In this Webclass we will see how to do that.
What are the main data analytics tests that we can do on HR data coming out of the SAP system? This webclass gives a full overview from Ghost Employees, through to Travel & Expense and Timesheets.
Often auditors work on checklists of audit tests, and this is typical of SOX testing. But sometimes, it would be quicker if we could see all of the test results in one go. For example, what if you have a particular supplier that you think might be suspicious? It would be great to see all of the audit tests that this supplier is picked up for. Being able to quickly filter on one supplier and see all the related test results can cut down the audit time for the auditor and help them to investigate specific cases much quicker. What’s more, the auditor will be able to see if there are any relationships between test results that could indicate a fraud scheme. For example, a supplier that is in a flip-flop IBAN case, that also has high-value payments without invoices and for which the payment description text field is blank, is more compelling than only knowing that the supplier has a flip-flop IBAN case.
What is process mining and why is it important for the internal auditor? With Process Mining the auditor gets a “stand-back view” of the entire business process and can easily find issues, such as Separation Of Duties issues, Lead-time analysis, retroactive documents, cancellations, internal control gaps concerning approvals, etc. Not only can the auditor see these exceptions easily with process mining, but they can also get a quick overview of the volume and value of such exceptions overtime in order to be able to quickly determine where the main risks in the process lie.
Quite often, auditors are blocked by the fact that they cannot get the data out of SAP. In this webclass we look at the different solutions that auditors typically use to obtain data, either through SE16N, through ABAP programs or through simple SAP data download apps. In this webclass, get a free sample ABAP source code that could help you to build your own data extraction, as well as look into a simple SAP-certified Java downloader that does not require anything to be installed on the SAP system, but helps the auditor to quickly download data.
In this webclass we continue from webclass number 4, and we go into more detail about the FCPA, the UKBA and SAPIN II to look at how these regulations can impact the work that the auditor does in order to ensure that the entity is compliant.
Are you sure that you are compliant with the FCPA (Foreign Corrupt Practices Act)? In the event that a whistleblower alerts the SEC of a potential case in your organisation, you may be subjected to an audit. If there is an audit from the SEC, then the journal entries of the last few years will be submitted and scrutinised for signs of unusual values that could indicate payments to third-parties in return for an unfair advantage. How can you be sure that your general ledger file does not harbour entries that point to inappropriate Travel & Expense, inappropriate commissions, fictitious supplier invoices or ghost employees?
When auditors are reviewing the results of data analytics, they need to be able to check those results in SAP in order to confirm that the data analytics are showing the same thing as the SAP system and in order to check for any supporting documentation in the SAP system. This webclass gives a quick overview of the main transaction codes that we typically use in order to check transactional exceptions in the data.
How can you get your auditors inspired, interested and skilled-up on data analytics. In this webclass, we talk to James from AmerisourceBergen, who shares with us his experience about building the data analytics team in internal audit
What are the top 10 data analytics for fraud detection? Find out in this webclass what they are and see some example dashboards of how to review them.
Knowledge Center
Legal
-
Aufinia
Registered at: 1205 12/F TAI SANG BANK BUILDING, 130-132 DES VOEUX ROAD CENTRAL, HK
Registry of Hong Kong: 1717129
Contact us: [email protected]
© 2023 All rights reserved