Duplicate payments, duplicate vendors, and segregation of duties in accounts payable are still the top tests being run by auditors using analytics. They are simple, effective, and save money which always helps the business case for analytics. Further, vendor and related payments fraud is the #1 fraud (in volume) affecting all organizations – big and small, public and private, regardless of the industry and sector. Excel templates will be provided with admission to assist to complete all testing and visualizations using graphs. Further data request letters and analytic audit programs will be provided to “jump start” your audit efforts in the accounts payable and vendor management areas.
Specific learning objectives include:
o Run over 20….key, proactive error and fraud tests in the areas of the accounts payable, vendor masterfiles, and purchase order files, all in Excel.
o Map the report results to an audit program to produce an analytically-enabled audit program.
o Discover the top frauds and corruption schemes along with top cost efficiencies to enact within accounts payable reviews.
o Distinguish between the top major accounting systems used when extracting accounts payable and vendor masterfile data and obtain a standard data request to aid the extractions
o Complete a multiple perspective visualization review of your accounts payable data including time based, amount based, company/profit center based, enterer, etc.
These are the slides. If you would like the associated data files they are available for download after payment. Videos of these sessions are available for free.
Details contact Rich Lanza (rich@richlanza.com)
Implementing and Auditing General Data Protection Regulation
20150311 auditnet ap_procure_excel_rlv2
1. Leveraging Excel-Based
Analytics in Your Audit and
S-Ox Testing of Procurement
to Accounts Payable Cycle
March 11, 2015
AuditNet and AuditSoftwareVideos.com
Collaboration
Brought to you by AuditSoftwareVideos.com
and AuditNet®, working together to provide:
Practical audit software training
Resource links
Independent analysis
Tools to improve audit software usage
Today focused on providing practical data
analysis training
Page 1
2. About Jim Kaplan, CIA, CFE
President and Founder of AuditNet®,
the global resource for auditors (now
available on Apple and Android
devices)
Auditor, Web Site Guru,
Internet for Auditors Pioneer
Recipient of the IIA’s 2007 Bradford
Cadmus Memorial Award.
Author of “The Auditor’s Guide to
Internet Resources” 2nd Edition
Page 2
About AuditNet® LLC
• AuditNet®, the global resource for auditors, is available on the
Web, iPad, iPhone, Windows and Android devices and features:
• Over 2,000 Reusable Templates, Audit Programs,
Questionnaires, and Control Matrices
• Training without Travel Webinars focusing on fraud, audit
software (ACL, IDEA, Excel), IT audit, and internal audit
• Audit guides, manuals, and books on audit basics and using
audit technology
• LinkedIn Networking Groups
• Monthly Newsletters with Expert Guest Columnists
• Book Reviews
• Surveys on timely topics for internal auditors
Introductions
Page 3
4. Richard B. Lanza, CPA, CFE, CGMA
• Over two decades of ACL and Excel software usage
• Has written and spoken on the use of audit data analytics for
over 20 years.
• Received the Outstanding Achievement in Business Award by
the Association of Certified Fraud Examiners for developing
the publication Proactively Detecting Fraud Using Computer
Audit Reports as a research project for the IIA
• Assists with much of the Auditnet® research projects
• Recently was a contributing author of:
• Global Technology Audit Guide (GTAG #13) Fraud in an
Automated World – Institute of Internal Auditors.
• Data Analytics – A Practical Approach - research whitepaper
for the Information System Accountability Control
Association.
• Cost Recovery – Turning Your Accounts Payable Department
into a Profit Center – Wiley and Sons.
Please see full bio at www.richlanza.com
Learning Objectives
A/P and Procurement
Complete a multiple perspective visualization review of your accounts payable data
including time based, amount based, company/profit center based, enterer, etc.
Learn various ways, including digital, letter and word analytics, to understand over 80% of
the data population within a few minutes or hours…with the remaining 20% available for
more specific review.
Run over 20….key, proactive error and fraud tests in the areas of the accounts payable,
vendor masterfiles, and purchase order files, all in Excel.
Map the report results to an audit program to produce an analytically-enabled audit
program.
Discover the top frauds and corruption schemes along with top cost efficiencies to enact
within accounts payable reviews.
Distinguish between the top major accounting systems used when extracting accounts
payable and vendor masterfile data and obtain a standard data request to aid the
extractions
How scoring can use a customized weighting system to flag suspicious journal transactions
for multiple reasons
Discover setting up a program of regular fraud risk management surrounding financial
statement frauds using a general ledger data mart.
Page 7
5. Go Bionic!
Page 8
Bionic Auditors Are Born!
Leverage technology to impress the execs
Find the next real issue or at least feel you really looked
Sounds Catchy….By Why
What the Boss Cares About
External Audit Control Testing / Financial Testing
Fraud Detection
External Audit Expectation Gap
Something stolen every day – what is a “flagrant foul”
Smart Stuff (Strategic Sourcing – in 1993)
Control Enhancement – (Adding Brakes)
Page 9
Priority
6. Analytic Value in P2P
Best Case Value Chain
Better Business Understanding = Business Risk &
Opportunity Identification
Undeterred Fraud
Compliance / Rulebook Issue
Key Control Failure
Other Control Failure
Cost Recovery
Process Inefficiencies
Page 10
Ultimately, the above all lead to people,
process and technology improvements
Priority
Top Frauds in P2P
2014 Report to the Nation – Association of Certified Fraud Examiners
11
7. Surveillance is the quickest and
lowers fraud impacts
2014 Report to the Nation – Association of Certified Fraud Examiners
12
3x less value
Getting Bionic Using Excel
> Understanding Your Data and the
Associated Business Process
> Using a 3D Analytic Model to Mine Data
8. It’s The Trends
Looking at 100%….Right?
Trend categories of spend
Trend by person and title entering and approving
Trend the trial balance for a variety of periods
Trend vendors / customers (it is possible via the G/L)
Trend before and after quarter end
But You Need the Auditor To “Blink” At The Data
Page 14
How Fraud Grows Over
Time
15
9. Or the Deviations?
Unexpected Trends or Spikes
Specific Queries
Align sub ledger to the trial balance or general ledger
• Even for reasonableness!....and to review activity trends
Above average testing and auto-extraction
Duplication testing (sales, vendors, etc.)
Employee to vendor bank account match (disparate data match)
Entries posted by employees not authorized to post transactions
Sampling Techniques
Sampling (Random / Statistical / Stratified)
Record / Transaction Scoring
Page 16
But You Still
Need the
Auditor To
“Blink” At
The Data….
We Need A 3D Analytic Model
Page 17
10. Polling Question #1
How much was fraud value reduced from
the median fraud with surveillance?
2x
3x
4x
5x
Page 18
Using the 5 Ws
Data Mining
Who (PEOPLE STILL COMMIT ERRORS AND FRAUD)
Authorized users / data / application / program object testing
What
Digital analysis / Textual analytics / Key word analysis / Stratify
By General Ledger Account (Distribution Analysis)
Where
Geomapping
When
Date grouping or difference scatter chart
Near period end to other timeframes
Page 19
And Why is
why you are
looking at
the item
such as a
transactional
score….
11. Are Your Vendors Real?
IRS TIN Matching Program
Validates U.S. Tax Identification Numbers
Can submit up to 100,000 TIN submissions at a
time
Make sure all punctuation is removed
See http://www.irs.gov/taxpros/ and enter
“TIN matching program” in the search box
Are Vendors On a Watch List
Sam.Gov
12. Are Vendors On a Watch List
CIA Chiefs of State
https://www.cia.gov/library/publications/world-leaders-1/
Combine perspectives
3 D Rotation of Enterer/Month
Page 23
13. Stratification Types
By Month
By Department
By Business Partner (Vendor / Customer)
By Account
By Enterer
Page 24
Stratify Your Data – In Excel
Page 25
14. Cost Recovery Opportunity
Accounts that are sole sourced
Accounts that have too many vendors
Categories that map to the “recovery list”
Assess to industry cost category benchmarks
Top 100 vendors
Trend analysis over time
Trend analysis by vendor (scatter graph)
26
S-Ox Benefits In Addition to
A/P is Ripe for Cost Recovery
Accurate financial statement reporting
Identifies hidden assets
Corrects overstated expenses
Detects fraud and deters fraudsters
Think of recovery projects as a proactive whistle blowing hotline
to detect fraud (mostly with vendors)
Remember that employees and vendors will ask “Will I get
caught?” so if no one is looking…..fraud has more of a chance to
happen.
Collusion is the leading method for almost all of the headline frauds
and vendor audits / strategic sourcing reduces the “spread” to make
vendor conflicts less attractive
Quantifies the need for improvement and focus in future year
audits
15. Distribution Analysis
Remove subtotals for improved visibility
Focus on sole source and multi source vendors
Scroll out and drill to details as needed
GeoMapping With
Excel 2013 or Office 365
16. Polling Question #2
What Pivot Table function is used to create
a chart?
Pivot Data
Group Date
Pivot Chart
Line Chart
Page 30
Analytic Audit Programs
Integrating analytics with checklists
17. BBC Reith Lecture Series
Why Doctors Fail
http://www.bbc.co.uk/programmes/b04sv1s5
Page 32
• Doctors are not challenged…by anyone
• Disturbances – Attitudes, systems, and human behavior play
more of a role than technology
• Ignorance (failure to know) & Ineptitude (failure to apply knowledge)
• 1929 – Intern proves heart surgery can be done and is fired
• And…people are too polite to “confuse someone with facts”
• “Outliers” by Malcolm Gladwell
• Use a checklist so you don’t miss a step
• Top recommendation of the series – get a memory jogger
• 2M infections in the US alone due to not following a checklist
• Person at the time doesn’t know what they should have known
Page 33
BBC Reith Lectures
The Future of Medicine
19. Process to Report Mapping
Please note this data file
Fraud Task to Report Mapping
Mapping Fraud Tasks to Reports
20. Proactively Detecting Fraud
Using Computer Audit
Reports
IIA Research Paper / CPE
Course
See the IIA’s website at www.theiia.org
The purpose of this document is to assist
auditors, fraud examiners, and management in
implementing data analysis routines for
improved fraud prevention and detection.
A comprehensive checklist of data analysis
reports that are associated with each
occupational fraud category per the
Association of Certified Fraud Examiner’s
classification system.
Specific Queries For Building
Analytics Into Checklists
21. Some Procedures Require Inquiry
Page 40
The Process Categories
Purchase Requisition & Approval
Vendor Selection & Entry
Receiving
Invoice Processing
Payment Processing
Pcard Processing
Accounting
User Security
Information and Communication
22. Control Circumvention
What’s Hiding In the Records?
Who
Don’t confuse me with facts – I’m picking XYZ
Review the trail of bidding to see regardless of 3 bid
process…why did it always swing a vendor’s way
Person deletes user access and trail
Obtain quarterly data for testing
What
Edit the positive pay check list prior to bank upload
Same amount right under a limit
When
Weekend, late timed entries
Post the charge to a past period
Page 42
Many Can Be Made
Into Analytics
Purchase Requisition & Approval
Approver and enterer segregation of duties test
Purchase values are intently placed under approval limits
PO to non-PO spend and 2-way vs. 3-way matching
Purchase order pricing analysis over time by item
Assess your pricing to external databases – strategic sourcers
Cataloging vendors into different business lines
Excel, Outlook, Word, and Text document analysis of buyers
Post it note scavenger hunt
Vendor Selection & Entry
Sole vendors for a given category or too many
Bad vendor data (blank or inaccurate address, TIN, duplicates, etc.)
Obtain and match vendor masterfiles between periods (get it quarterly)
Geomapping or Vlookup analysis of employee to vendor information
Identify “bad” addresses or unusual locations for a business
Vendor to invoice entry segregation of duties test
Vendor entry and approval – the next step to improved control
23. Polling Question #3
What is the name of positioning address
data on a map?
Geoflowing
MapQuesting
Geomapping
Trending
Page 44
The Power of VLookup()
Matchingvendorto
employeeaddresses
Page 45
24. Many Can Be Made
Into Analytics
Receiving
Three way match testing
Adjustment analysis by enterer, date, stratification, and time of day
Invoice Processing
Invoices by entry type (focus on manual vs. automated feeds with controls)
Duplicate invoices (and payments)
Incorrect invoice price to purchase order/contract pricing
Adjustment analysis by enterer, date, stratification, and time of day
Invoices right under an approval limit
Bad invoice data (blank or inaccurate information)
Obtain and match invoices entered between periods (get it quarterly)
Look for odd invoice average lengths and round dollar amounts
Many Can Be Made
Into Analytics
Payment Processing
Vendor paid to vendor on payment list in bank account and name
Gaps in check sequence
ACH transfers increased 11 percent per year from 2000 to 2010 – Excel issue!
Pcards are popular and have purchase management controls
Numerous payments to the same vendor
Payments = 0
Days payable outstanding averages by vendor for each quarter
Stratify each quarter by DPO and compare in a Pivot
Invoices With Entry Dates After Payment Dates
Accounting
Reconcile the subledger data to the general ledger accounting
Unrecorded liabilities
Invoices entered after with invoice dates prior to month end
Age the open invoice debits and credits
http://bit.ly/1FzYA2r - Best Audit Finding in $$$ Terms
25. Getting Over False Positives
Main Complaint of Reports
Improved duplicate testing
Check it is paid on a different check or enterer
What is the ratio of duplication for that vendor?
Match On First 10 Characters Of The Name (Wildcard Search Of
EPLS Name Throughout The Vendor Name Field ACL Script)
Utilize transactional scoring to improve hit rates
Learn over time, make it smarter, fine tune
Running the system continuously keeps you abreast of any
deviation in the system
You should get the same result every time (see letter laws later)
Why it needs to be made continuous (even semi-annual is useful)
Get the Right Data for
Your P2P Review
26. Mapping Data to Scripts
Step #1 Before Asking
Page 50
Where’s The Tables?
Invoice Header
Invoice Distribution
Vendor Masterfile
Vendor Master Log Changes
Purchase Order
Price Table
Tax Table
Page 51
27. Asking For Data
The Data Request
Polling Question #4
Which audit objective question below is most
easily automated?
Does the company have a written code of ethics?
Does the company follow approval limits prior to
invoice approval?
Do adequate written procedures exist for invoice
processing?
Is check stock safeguarded?
Page 53
28. Red Flag (Key) Word Phrases
Textual Analytics Summary
It works fast to quickly gain a perspective of the business process data:
Can work in real-time with the data while talking to the client – no prep
needed…meaningful questions in seconds
Look for deviations over a 3 year moving average to the current period
If Digital Analysis / Benford’s Law is latitude, textual analytics is
longitude
Text is far richer in business value and providing a picture than simple digit
theory
The unique word chart provides a more normalized view of activity while total
word occurrences by letter provides a more dynamic chart
The trends can be seen quickly to ask relevant questions and also to
highlight fraud
Why not use another approach, like Benford’s Law, to look at ALL data
quickly by trending on a natural law of letter usage for that business
approach
29. Lessons from WorldCom/ MCI
The fraud was accomplished primarily in
two ways:
1.Booking "line costs" (interconnection
expenses with other telecommunication
companies) as capital expenditures on
the balance sheet instead of expenses.
2.Inflating revenues with bogus
accounting entries from "corporate
unallocated revenue accounts".
In 2002, a small team of internal auditors
at WorldCom worked together, often at
night and secretly, to investigate and
reveal $3.8 billion worth of fraud….
Per Wikipedia – MCI Inc.
Red Flag Word Phrases/Words
• One could build a database of suspicious words
and then search the entire data file for these
words, looping back to the table to get the next
word:
• bribe
• fraud
• plug
• etc.
• Summaries can be done by person and
collectively for additional collusion reviews
Page 57
30. Words On The Rise / Words Equal
Page 58
Key Word Trending
Letter Analytics
Benford’s Law Of Words?
Lanza’s Letter Fingerprint?
A Law For Letters and Words?
31. Polling Question #5
What was one of the phrases used in the
MCI case?
Line management
Cost recovery
Key controls
Line costs
Page 60
Narrowing the Focus With Transaction Scoring
32. Auditors Inherent Need
To Sample
Page 62
The practice of selecting individual
items from a population to estimate
properties of that population….
given confidence levels around top
error patterns and expected errors.
This is statistical sampling vs.
judgmental (nonstatistical)
Approach - Transactional
Score Benefits
The best sample items (to meet your attributes)
are selected based on the severity given to each
attribute. In other words, errors, as you define
them, can be mathematically calculated….so
best to tailor them
Instead of selecting samples from reports,
transactions that meet multiple report attributes are
selected (kill more birds with one stone).
Therefore a 50 unit sample can efficiently audit:
38 unbalanced entries
22 round entries
18 unique entries
….and they are the best given they are
mathematically the most “severe”.
63
33. Using Vlookup to Combine
Scores
Create a record number
Relate sheets based on VLookup
Page 64
Vendors Over $50K
To Score Ratio
34. Analytic Command Center
The Predictive and Detective
66
Analytic Audit
Command Center
1.Accounts Payable
2.Accounts Receivable
3.Financial Statement
4.General Ledger
5.Inventory
6.Payroll
7.Revenue
Data
Mart
Local
Analytic
Toolkit
Feedback
from all
locations
Recovery Auditors
Shared Services
Polling Question #6
What function is mainly used to align all
scores in a spreadsheet?
MOD()
FIND()
MID()
VLOOKUP()
Page 67
35. Questions?
Any Questions?
Don’t be Shy!
Page 68
Course Calendar and Approach
Offering 13 Training Courses / 26 CPE
8 foundational classes
5 practical courses for specific audit areas
Get More For Your Training Dollar
$20 per CPE for individual course / $17 on a subscription
Much lower rates for groups – BEST WAY TO TRAIN
Don’t forget the data files and templates to get you started
Courses Started Feb 2015 and Run Twice a Month
36. Effective Analytic Training Strategies
Don’t Be a Lone Ranger: Train the Team
Build on a Common Learning Ground - ExcelTM
Be Consistent With Bi-Weekly Learning & Discussion
Use Templates:
To Serve As Analytic Audit Programs
Get Data Files and Report Templates
Watch Videos When You Need Just In Time Reminders
Benchmark Your Department – Auditnet’s New Survey on
Training the Auditor - http://bit.ly/1aXwchm
Data Files Provided in the Course
More Available For Purchase
Additional files shown in the course but not provided
can be purchased by contacting Rich Lanza
(rich@richlanza.com / 973‐729‐3944)
37. In the Queue
March 12 - Continuous Monitoring using Advanced Statistical
Analysis
March 17 - Basic Script Writing in IDEA
March 18 - Effective Analytics to Detect T&E and P-Card Fraud
March 20 - Using advanced @Functions
March 24 - Advanced Script Writing in IDEA Part 1
March 25 - How to Request, Import and Normalize Data for a
Variety Accounting Packages
April 8 - Learning Advanced Yet Simple To Run Textual
Analytics To Better Understand “What’s the Word” in Your
Company
Bolded dates are part of the Minutes to Analytics Training
Page 72
Keywords and Textual
Analytics Offers
Free Dec 3, 2014 webinar videos are on
www.AuditSoftwareVideos.com (2 Hrs. NO CPE)
Over 250 people attended / Theory and How Tos
Keyword Data Files based on research are available:
$79 - Most comprehensive list available for public use
Over 2,000 key word / phrases and word analysis
Upcoming Research – “What’s The Word”
FREE word macro tool will complete a word summarization
Get involved! – Email rich@richlanza.com to pre-sign up!
Page 73
38. AuditSoftwareVideos.com
Many videos accessible for FREE subscriptions
Sample files, scripts, and macros in ACL™,
Excel™,
Bite-size video format (3 to 10 minutes)
Professionally produced
videos by instructors with
over 20 years experience in
ACL™, Excel™ , and more
Page 74
Thank You!
Jim Kaplan
AuditNet® LLC
1-800-385-1625
Email:info@auditnet.org
http://www.auditnet.org
Richard B. Lanza, CPA, CFE, CGMA
Cash Recovery Partners, LLC
Phone: 973-729-3944
Cell: 201-650-4150
Fax: 973-270-2428
Email: rich@richlanza.com
http://www.richlanza.com
Page 75