ACL Connections 2016

Posted By on September 26, 2016

Sorry, I missed posting last week as I was at ACL Connections 2016.  It was another great conference – lots of experienced users as well as new users.  The user forum folks got to together for a dinner and had a chance to meet face-to-face.  I asked each of them to describe a “cool” analysis they had done and almost everyone talked about use REGEXFIND() or REGEXREPLACE() which made me realize that I have to buckle down and learn these powerful functions.

Lesson-Learned – you can’t stop learning about new features and capabilities.

I was ask to give a short presentation on the future of analytics and decided to post my speaking notes here.  I looks back in order to look forwards – discussing what was happening in audit and analytics; and how ACL responded.

1980’s – Analytics wasteland

  • I started my audit career in the late 1980’s, but I had already been using computers for 8-10 years.  These were primarily mainframe or mini-computers.   I used punched cards to submit my programs to the computer and had to understand and use JCL, TSO and ISPF as well as the application software or program I was running.
  • My first PC cost over $10K and did not have a hard drive; but things were changing rapidly, and 6 months later we acquired an IBM XT which had a 10Mb hard drive.
  • Audit was primarily concerned about being an early warning to management that things had gone wrong.   Kind of an oxymoron – but management wanted to find out about what went wrong before anyone else did – so we were an early warning of past errors.
  • For my first audit I performed a manual review of hundreds of thousands of telephone calls – by flipping through several feet of computer reports.  In another audit, I manually entered thousands of amounts into an adding machine to verify report subtotals.  There had to be a better way.

1990’s – growth of analytics

  • Audit took on a “control” perspective.  Audits sought to determine if control were adequate and effective.
  • We were starting to see the use of computers in audit.  The concept of 100% testing rather than sampling was being explored.  However, it was usually only one or two individuals; and analysis was performed for a single purpose.
  • Data was still very much mainframe based – so you had to know how to extract and download the data.  In the early 1990’s download speeds were approaching 1Mb an hour.  But there were other roadblocks: IT felt they owned the data and getting it was difficult.  You had to address questions about: audit’s authority to access the data; security; use of personal information; and the ability to understand and analyze the data – so not much has changed in 25 years on this front.
  • ACL for DOS and MVS (Mainframe) was introduced – followed in the mid-90’s by ACL for Windows.
  • ACL also started offering training and consulting services – so auditors had analytics help for the first time.

 2000’s – analysis takes hold

  • Audit is now looking at risk rather than focusing on controls.
  • Data is stored in large integrated ERP systems with centralized data bases
  • Analysis is used in all aspects of the audit process
  • More people performing analysis and scripts are being built to re-run analysis
  • ACL responded to the increase in ERP systems by developing Direct Link for SAP
  • ACL also entered a new phase of advocating on behalf of auditors; working with the IIA and other professional organizations; producing whitepapers and technology guides.

2010-2015 – analysis established

  • Audit is adapting a more continuous approach; looking at efficiency and effectiveness of business operations; using analytics to provide not only hindsight, but also insight and foresight
  • Analysis is being used not only to examining controls, but also to perform risk assessment and monitoring
  • ACL introduces AX and GRC – expanding into non-audit areas and supporting a more structured analytics environment; improving workflow and documentation; and providing everyone with access to results.
  • ACL continues to support its users with ACL Forum, User Group, Inspirations and the ACL Academy

2016+ – analysis flourishes

  • Audit will be focused more on emerging risk and the identification and assessment of business opportunities – adding even more value to senior management.
  • We will continue to see the integration of audit, compliance and monitoring functions
  • Analysis will be more instantaneous – fully automated risk assessment and control testing
  • Data analysis will have an even larger impact and more people will be involved
  • Big Data will increasingly be used to identify emerging risk and opportunities
  • ACL will take more of an enterprise view of analytics and provide increased analysis functionality – in order to be able to handle Big Data – such as the integration with R and Python

 Analytics will be used for:

  • Continuous risk and control assessment
  • Artificial intelligence/machine learning to identify  fraud risk and anomalies
  • On demand data-mining to support management
  • Assessment of business opportunities (e.g. M&A activities, new product lines, etc.)
  • Assessment of KRIs and KPIs related to strategic objectives

There will be three tiers of analytics users:

  1. Data scientists – who build the data repository as well as the real hardcore analytics
  2. Local data analytics champions – who will be able to build impactful analytics for the teams in their regions against the central data repository
  3. Analytic consumers – who will act upon the analytics provided – includes auditors, managers, compliance and monitoring functions

Auditors will need to understand:

  1. Integrated business processes
  2. The data side of business risks and opportunities
  3. How KRIs affect KPIs and impact strategic objectives\
  4. How to interpret the results of analytics
  5. How to draw conclusions and make recommendations in real time – based on the results of analytics.  No more taking 6 months to produce a final report.
  6. How to present the results of analytics to management – who often don’t know the difference between mean, median and mode.

It will be challenging and exciting – I hope you enjoy the ride.

Leave a Reply

Your email address will not be published. Required fields are marked *