Sometimes I think that we will all soon be out of a job, and then I have a very boring task to do, and I wonder why I can’t just ask a machine to do it…
Over the years, I must have spent on average of about 8 hours a week searching on blogs about SAP data. I remember quitting Deloitte and starting as a freelance consultant for some global corporations that wanted analysis of SAP data…
Internal auditors can today have the power to do what external auditors try to do- but much better. This is because they can be experts in their company and their company’s data. Harnessing the power of data analytics, internal auditors can see all of the obvious problem areas in the company…
Is it possible to get all the required set of skills in your business area? The reason that most companies are not advancing quickly as they should with data analytics for audit is a human one, rather than a technical one…
Internal audit is sometimes seen as a legal necessity rather than a value-added service. However, when auditors get their hands on some data analytics, they can show-up their Big 4 external audit friends and zoom straight into the country, entity, operating unit and transaction that is fraudulent…
Data analytics is only for IT people right? Wrong! Recently I was working for a CFO of a drinks company who couldn’t master anything to do with data or Excel. Problem was, all of his figures were produced in Excel by his staff…
We were living in Shanghai for four years, and if you have lived in Shanghai, recently you have probably heard this story. A French bakery that all of us expats loved going to suddenly got closed down one day, the management put in prison and the owner fled to England What happened? Well, one of their employees complained on a government website that the flour they were using was out of date by about a week or even longer…
A CFO friend of ours was losing a lot of sleep recently and sweating a lot at work. Why? Because he had to sign off on his monthly landing that was produced by his team. The only problem was that they didn’t really speak good English and they also appeared to be in their own little world…
An audit director of a fortune 500 company recently shared with me his frustration because his audit managers could not see the point of doing any data analytics. Those managers said that they didn’t need it because they already had detailed balance sheet reports that they can print out of the system…
It’s got to be one of the most common fraud schemes in the world. Ghost employees. SO easy to do. And also, thanks to GDPR and privacy, the HR department are pretty much free to “protect” their data and be secretive about it. What’s the average number of Ghost employees in your Fortune 500 Group? Where are they? You might not know the answers to these questions, yet it is surprisingly simple to detect…
You’ve got a huge SAP system that is running in different countries. And it has over 10K customers and suppliers in the database. Everything seems to be running fine. You’ve got nothing to worry about – right? But when you visit your entity in South East Asia and run through your standard controls, you have an uneasy feeling…
A lot of you are out there are trying to analyse SAP data and come across some obstacles: you don’t know where to start; if you do know where to start, you don’t know which SAP tables to get the data from; if you do not which SAP tables to get the data from, your IT department is not letting you get it out of the system…
Have you ever been presenting your audit report and felt that the meeting went really well. The auditors were really happy. They shook your hand, beamed at your with an open smile. Took you out for lunch, and then packed you up in your car mid afternoon so that you could enjoy your weekend back home…
How much? Come on! Do you really want to spend over 10K USD on consultants that will roll out for you the same analysis that they have done for many of their other customers? We believe that you deserve better. Let’s face it, not only does it take a long time to do the Call For Tender process, get internal validation etc. but then you also have to meet with the consultants, manage them, correct them, oversee them and much more…
The army of auditors are in the audit room again. You give them access to the crappy coffee machine. You turn the heat up a bit so they feel sleepy. You get to assess that their average age is 25.0k, so all of this is good, they won’t bother you too much with any ugly findings. You are in control. But how much more in control would you feel if you were fully aware of all of your company’s issues. If you were 100% sure that you had all your bases covered.
Your internal control team have to run a lot of surveys with each country, fill in a lot of questionnaires, compile reports, and then you have to consolidate the power points and present them. Some of this work can become a little bit tiresome, let’s be honest! What if you offered your team a new way of working. Let them play with data from your SAP system in a dynamic way…
Have you ever had the experience where your management says, let’s do a Proof Of Concept and then if that works, we’ll invest. And 9 times out of 10 it doesn’t work. Let me tell you why. Problems in your company could be anywhere. In purchasing, in sales, in payroll…
If you are new to an internal audit, or if you are experienced in internal audit, but you are feeling the pressure to modernize the audit approach by introducing data analytics, you might be feeling a little under pressure. First of all, you aren’t sure where to begin. What does data analytics mean? Why should you use it? What is it for? What is the outcome? What are the skills required? How do you even start? Who should you hire?
What are the top 10 frauds? What are the top 10 frauds in your company? If only you had a framework that would help you scan for all the typical frauds.
One day I was talking to the head of internal audit at one of the world’s leading retail companies. We were walking through the corridor and passed by the internal control department. Inside were rows of about 100 people, busily creating spreadsheets and analysing data. So I said to the head of internal control…
Your company is investing a lot of money installing SAP around the world. Large teams are deployed. Millions are spent. In internal audit, the budget is smaller, but it seems normal to get quotations for around 100K for SAP audit dashboards –right? Actually, SAP is not as complicated as it sounds.
Quite often we hear of customers that are frustrated because they have teams working out in India that are doing their SAP dashboards for them, but the results are not quite what they are looking for. Something is up, the dashboard is showing duplicate payments but for cases that were cancelled…
Do you sometimes feel like you get “lost in translation” between your finance department and your IT department? Sometimes you request a report to be created from SAP, but IT can’t really understand what you need, and it takes a few weeks for them to get it right…
So you need some SAP dashboards, but it’s taking ages to define internally what those should be. What’smore, not everyone agrees on the output, how to make them, or who should do them. Should it be the big 4 auditors or that consulting company in India? And why do they want 6 months to do it? Why not just get SAP GRC, although even that takes the likes of Accenture at least 6 months to implement.
Have you ever felt like internal control is actually a bit boring? All those “self-assessment” questionnaires… meetings to discuss / recap on internal control levels… SOX controls, samples, folders… Were you really born for that? What if you had a dynamic way to drill down to the real issues in your entities: forward dated supplier invoices, debit-credit customer balances, massive payments in cash, customer money laundering in Moscow… the exciting stuff.
Some legislation is really hanging in the back of your mind… what if your entity in South East Asia gets hit by the FCPA… did you really help them to do everything that they are supposed to prevent getting a heavy fine. Or what about that CEO in China. Are you sure that you are protecting him from a Chinese lawsuit under the China Bribery Act? What if he goes to prison because of some fraud in the entity?
Let me let you into a secret… most people in your office are not aware of what a dashboard is. It is well known but little understood. What’s even less understood is the fact that these days it’s super easy to get dashboards on all your mobile devices…
If you are a CFO, you probably spend a lot of time messing about with Excel. Or your staff spends a lot of time messing about with Excel and then you have to try and work out what they are doing. A CFO friend of mine was showing me his Excels that he is supposed to review. He has over 2000 Excel spreadsheets, each with formulas and inputs that are used to calculate his month-end provisions.
I was in my 3rdyear at Deloitte, and my first few months in their Paris office, when I had my worst ever “big 4 moments”. If you’ve been in a Big 4 audit firm you will know what I mean! Since I’m English, the French liked to give me all the crappy small French companies to audit. The ones a few hours of traffic away in some industrial estate. So anyway, I did my report this one time.
Not many people know this, but most people change jobs, not because they don’t like their boss, or they aren’t paid enough, but because they are bored. They aren’t feeling challenged. And what about those that are bored and that don’t change jobs… those are the ones you want to get to go to anyway!
If your reports about margin per product are wrong, are you investing in the wrong products and making the company lose money? If your reports about sales performance are wrong, are you giving commissions to the wrong salespeople? If your reports about productivity are wrong, are you promoting the wrong operations managers?
It’s kinda like -this year you do good, right, but you aren’t sure what’s going to happen next year. So what we are going to do, is put some Loss in this period, by debiting the loss account and crediting a suspense account. Then next year, if our profits aren’t so great, we can debit that suspense account and credit profit, and hey presto our revenues are looking more consistent!
I mean the auditors, they ask us for the entire general ledger, right, that’s 20 million records… The usual stuff, transactions entered manually, transactions entered at the weekend, transactions after hours
It’s the document number. It’s a legal requirement. SAP has a document number that gets incremented every time you post something. So if you go and delete, say 10000 documents from your data, you get lots of gaps.
When the SEC comes to control your company’s supplier database, what treasures might they find lurking in there? Do you have any “consulting” companies that you are paying large sums to, without any real services delivered? Who set up those companies?
Our suppliers are actually usually quite happy when we pay them early, so yeah, that’s something we are proud of here in the China office… Ok, but how do you know you aren’t paying a supplier too much or two times the invoice?
Not sure, for the moment, I’m waiting to see if anyone notices, but you know what’s it like, everyone worries about customer ageing, but no one “ages” supplier balances. Besides, even if they did, the credits outweigh the debits by far, so from the totals, it looks normal.
Well you know, got to grease the hands of the powers that be. I made a consulting company and sent some invoices for it, and then the government gets their payoff and we get our flagship shop.
Well because there is an automated internal control on the pattern of the tax number. If it is not correct, then the internal control dashboard flags it for review.
Yeah, but depends on what kind of supplier it is. You don’t expect purchase orders for rent, utilities, accountants, auditors… besides, even our big raw materials suppliers sometimes operate without purchase orders
Some internal controls are so easy, you’d be fired if you didn’t get them right… am I wrong! And this is one of them. Supplier Due Diligence. It’s so easy right. Each time, you have a new supplier, you have to get whoever it is that has access to your supplier database to check if they exist, check if they are not on any PEP list, OFAC list, check that their VAT number is correct.
It would take you too long to check 40K suppliers, and it’s not something you can ask your team to do. Besides, once you have finished checking them all, you would have to start again, in case there were any new ones or any changes.
If you contact that supplier, Martin gets annoyed. Besides, the supplier often asks to only speak to Martin.
Yeah, and then her other entity, which is part of the same group, but with a different name, buys the cable back from us, but for 20 million…. Don’t they have margin controls on that?
But let me let you into a little known secret. No-ones checking their supplier ageing balance. Yes, we are, I hear you say… But you aren’t. Most companies only check the balance per supplier. As long as it’s a creditor balance (ie you owe them, and not the other way around), most companies are happy.
During his check, he found some really juicy supplier debit notes, that were outstanding for over 3 years. Some of them worth 10% of the purchasing from those major suppliers… What if you could see the % of unpaid supplier debit notes hiding within your AP ledger?
Sure thing. … why do we need to do that?
Auditors are coming.
Well, if you are going to buy something of a significant value, then management is supposed to approve it first, otherwise, you could get people buying all kinds of things, like their own company car, or company housing, or something, and just using it for non-corporate reasons. You could even get people to buy things and using them for parallel businesses.
SAP will dutifully propose the exchange rate, the payment terms, the due date, the document type,… all kinds of useful parameters. However, with enough access, you can change these values during your input.
People often say to me, we don’t have any invoices that exceed the purchase order, because we have SAP, and you can’t do that in SAP. Really… it doesn’t take long to show them otherwise.
It’s a little-known secret that in SAP there is a setting to block or not to block invoices that are entered two times with exactly the same information. How do you know if all of your entities have set that setting to block? What if someone temporarily sets it to not blocked?
I think it’s for when you buy something that you are only going to buy once, so you don’t want to have to go through the internal control process around creating a material number… You would think so… But strangely enough we have a huge number of transactions in there! So don’t worry, no one will notice!
Senior management might brush you off concerning an area of purchasing and close the door behind them as they go into their meeting. So you think, well.. they are the boss, so never mind. But that sense of curiosity lingers.
Did you know that in France, split POs are referred to as slicing your sausage? If you don’t want the auditors to see that you are splitting your purchases then here are the top ten tricks that we have noticed over the years…
Yeah, well, that’s what I mean, as long as the debt is lower than the overall credits for the supplier, most of the time it won’t get noticed. But if he’s worried about it, he could just clear it to a fake invoice: debit loss, credit supplier.
A parallel business is also known as a side business. If you are in a catering company, it would be like your colleague ordering 10 cases too many of champagne, and then getting those additional cases delivered to their wife’s restaurant directly.
Side-businesses are everywhere. If you are in head office, it can be daunting to know where they are. One tactic can be reconciliations across your entire supply chain, purchasing process and sales operations. Another way is benchmarking of margins per product, salesperson, sales team, etc.
But aren’t you worried we might pay someone twice or pay something that isn’t invoiced yet, or pays more than what got delivered?
Sometimes your entities don’t well manage their accounts payable. Some entities are paying immediately, and they may argue that that is how they could negotiate with the supplier. This could be true, but what if your staff are getting the money out, investing it for a while and then paying your suppliers?
If you have thousands of suppliers and payments every month it is not easy to ask your SAP system which supplier you are paying too much to. First of all, SAP does not yet provide you with any comparative data analytics or AI alerts… although that might come in the future.
Often us auditors get told, “there’s some payment fraud in that entity, can you check it out”… and that’s all the information we get. This can be daunting because there are a thousand ways to fraud. And you may have millions and millions of lines of data in your SAP system. So where do you start? To lend you a hand we have devised the top 10 payment frauds, and how these tend to be hidden:
Wouldn’t it be great if you could look at a map of the world and pinpoint all the entities that are selling below margin? You could zoom in to that country and see a red dot for all of the entities within the country that are selling below the margin.
There are different ways that customers can get “special” treatment. And this special treatment can be considered by the FCPA, the UKBA, the China anti-corruption act, or other laws as being commercial bribery. Commercial bribery can land your C-level employees in the region in jail. So, unless you don’t like your colleagues, let’s see how we can protect them.
I was doing anti-fraud training for a group of CEOs of a major French group in China and the lawyer that was helping me was explaining that they should not grant customers extended payment terms. And they all started laughing. “What’s that got to do with fraud?” “This isn’t relevant”.
If you want to be the construction company that builds the new TGV railway across Kazakstan, you are going to have to do some lavish visits. So are you going to pay for these payments or gifts yourself? Unless your company is your life, probably not.
Everyone these days always starts off by asking me to do a “quick win”. Let’s look at purchasing. Because purchasing is where it is happening –right? Purchasing is where the money goes out of the company. Ok, true, but don’t you already have a huge amount of controls around purchasing.
Maybe someone in your warehouse switched your real goods with some fake goods (always easy for alcohol). Maybe someone in your warehouse packed a load of empty boxes under the full ones before the physical inventory. Maybe your sales staff added on 100s of free products for those distributors.
In other words, your outstanding customer debt (what they owe you) is not too high compared to the volume of sales that you are doing. All is well. But management is still having issues with its treasury. So something doesn’t make sense.
Incorporate HQ, we often have to go out and visit and control different subsidiaries. And we often say to them that we will do a comparison between the personnel and payroll databases. The local HR will always say, “there won’t be a problem with that, don’t worry”.
It can be difficult to identify shell companies or fictitious suppliers in your database if it looks like it’s been through the tumble dryer followed by a shredder. If you have missing information, duplicated information, incorrect information, it is harder to spot the fake information from all the surrounding noise.
What’s more, people in internal control and finance will tell you it doesn’t really matter. It’s not important that you have duplications because you need the same supplier information for different functions. It doesn’t matter that you don’t have tax numbers for European suppliers, because those are the entries that are ordering and not invoicing or being paid.
Nah, it’s not like we are giving him extra cash or anything and he did a good job of providing the services. It’s good to be able to help out a friend when they are in need of a hand with their cash flow. I’ve known them for years. Always provides a good service.
…No –silly, you don’t “actually” send it… it’s “virtual”, you just post stock OUT movements to Germany. Then the next day you post stock IN movements from Germany. And her presto, all your stock is “fresh and new”!
Of course, we put a couple of mistakes in there, to keep them happy, you know, because they need something for their report and all.
Naah, what the auditors, come on, when did they even know what an accrual was! No seriously, don’t worry about it, lots of sales in the bag, they’ll be through in the new year, then we can close it all off.
Well, you know, sometimes they like to keep the cost up, for tax and …well… ensure you justify next year’s budget and stuff. The beauty of it is, that at the end of the year, the cost stays in the cost account because it is left in the P&L and doesn’t carry over.
It’s not really fixing the accounts, it’s just making them match. Besides, you really think someone is going to notice your journal entry, we must have over 20 million journal entries a year! Besides, no one ever said anything to me before, we’ve always done it like that. Keeps them upstairs in the boardroom happy!
…So I realized that actually since I’ve been doing data analytics for 20 years it’s become second nature. We forget actually that people don’t necessarily realize what a “table” is, what’s the difference between a “record” and a “column”. I remember back to my first years’ in data audit when I was trying to figure out what a pivot table is. It sounds silly to me now, but it is not.
It’s acrazed. It will go away. Maybe that’s for the junior consultants and you are beyond it now. But actually, it’s easier than you think. Just as my mum learnt how to use her Apple Mac when she was 65, so you too can learn how to read and use data analytics dashboards. It’s actually much easier than those consultants like to make out.
Dynamic dashboards/ data analytics are well-known terms that are little understood. Let me let you into a secret, there is about a 70% chance that your neighbour in your office doesn’t really know what data analytics is…
What about if you took away the number crunching from them? Let’s think about that one for a moment. If they didn’t have any numbers to prepare if the numbers were just already prepared. Then they would start to wonder if those numbers were correct. They would start saying things like, how do I know those numbers are correct?
If they are straight out of school they could be technically savvy, but not wanting to be seen as a “programmer”. If they are extremely experienced, they might struggle even with the concept of pivot tables in Excel. How can you lead them to become data fanatics?
Wouldn’t it be great if you could navigate around dynamic dashboards during board meetings in order to make the conversations more dynamic? If people have questions for you about your sales on a particular product, or your margins, or your Day Sales Outstanding…
Our customer and my friend said to me one day that she really needed to get some data analytics done but she just didn’t have the time to go through the whole call for tender process, interviewing the consulting companies, doing the contract validation, etc. And that’s when it hit me.
Maybe they download some data from here and there and then combine it with some manual reports in Excel and do some calculations. Then they have to put it into Powerpoint. It can take them up to a couple of weeks to create nice Powerpoints that give you clear indicators of sales per person, per product, your gross margins, etc. This time delay can be a bit frustrating.
…Yeah, just post a journal entry for each one, in each journal entry you credit the customer and then debit the customer for the outstanding balance. Then when you print out your AR report for the meeting it will all look rosy.