Risk, Controls, Entropy, Black Swans, Analytics and RPA

For years I have been thinking about Risk, Controls, Black Swans and Entropy; and more recently about Analytics and RPA.  Only recently did I understand how these are all connected and impact large and small organizations – particularly in activities that are high-risk and strictly controlled.  Sadly, these tightly controlled areas are often overlooked until it is too late.  Which bring us to Risk and Controls. Risk and Controls:  Business…

August 23, 2019
Read More >>

CEOs Need to Wake up to the Strategic Importance of GRC

GRC: Governance, Risk and Compliance (or, in my view, Controls) is critical to companies that want to remain viable.  A company’s GRC activities should be not just coordinated, but also integrated to provide all levels of management with a view into changing risks and risk levels.   If you do not have structures and procedures in place to monitor, identify and assess these risks you are less likely to succeed.  Want…

November 27, 2018
Read More >>

Year 26 – 2013 – Payroll

 I haven’t looked at payroll very often; at least not as often as I think I should or would have liked.  Payroll can be a significant cost to an organization – easily representing 50% of a company’s total expenditures in some industries – but senior management seems to think that the controls over payroll are good and therefore it is low risk.   This belief is often transferred to audit even…

October 31, 2016
Read More >>

Year 24 – 2011 – Fraud Detection – part 1

By 2011, I was becoming more and more involved in data analysis to detect fraud.  I had been doing this for years but had never really thought about the approaches I was taking to assess fraud risk and determine the analytics to perform.  The following is the result of my deliberations (which continue to this day). Fraud Detection The unrelenting advancement of technology is affecting virtually every aspect of our…

October 10, 2016
Read More >>

Year 22 – 2009 – SAP Extract

Imagine my excitement when I had 7 responses to my previous post on Payroll and then my utter disappointment when I found out that all we in Russian and had nothing to do with the content of my blog.  This continued for several days and suddenly switched to English posts about Credit Unions.  In total I had over 65 spam bot posts including two that wanted to help me monetarize…

September 12, 2016
Read More >>

Year 15 – 2002 – Part 2 – IT Audit

Second part of article on making IT Audits more effective and value-added …. The next area that will need to be address by CAEs is ensuring that risk-based audit plans are relevant and that selected audits provide maximum value to senior management.  Today’s business environment changes rapidly to adjust to market conditions, evolving legislation and economic forces; and the risk-based audit plan must keep pace with this rapid change if…

June 27, 2016
Read More >>

Year 15 – 2002 – Part 1 – IT Audit

Many audit shops rely on IT auditors to support their use of data analytics; however, the IT audits typically focus on general and application controls.  Around this time I wrote an article for the EDPACS magazine which encouraged IT auditors to look beyond the black box – to look at how IT supports, drives, and impact business processes.  I have included below. IT Auditors need to come out of the…

June 20, 2016
Read More >>

Year 13 – 2000 – Back to Work after a Year of Consulting

This was another exciting year for me.  First, in 1999, I had decided to take a year off without pay and do some sub-contracting for ACL (I forgot to mention this in 1999 post).   It gave me the opportunity to really expand my analysis skills.  Also, I worked on the development of DirectLink for SAP which really forced me to develop a better understanding of SAP – something that has…

May 30, 2016
Read More >>

Year 12 – 1999 – Part 2 – Drilling down into A/P risks

Technically, we were still in the planning phase of the A/P audit – but had already identified several areas of risk that needed to be analyzed further. The early payments represented a potential fraud.  If you paid within 15 days, you should receive an early payment discount of between 1.5 -2.5% depending on the vendor’s terms.   In addition to reviewing the invoices with ‘immediate’ payment terms, we calculated the difference…

May 23, 2016
Read More >>

Year 8 – 1995 – HR analysis

Our analytics team was running on all cylinders and achieving significant results.  There was not just my opinion, we received an ISACA Award of Excellence at the Info Tech Audit ’95 conference for leadership and contribution to IT Audit Community.  Amazingly, it was a $1,000 cash award.  The team (3 people) went for out for a celebratory dinner and donated the remaining funds to a local charity. By how we…

April 18, 2016
Read More >>