Continuous Transaction Monitoring

1 oversightsystems.com

Continuous Transaction Monitoring


Introductions

Oversight SystemsPatrick Taylor, CEO

Mark Converse, Director, Sales/Business Development

Stephen Barbarisi, Regional Sales Director


Internal Audit Trends

2009

Cost of Compliance Focus

• Resource reductions (25%)

• Outsourcing considered

• Technology leverage considered… delayed

Value Creation/Continuous Improvement

• Internal Audit: Fact-based, data-driven

• IA: Advise the “business”

• IA: “Enable” the business

Increased Board Activity

• Overall risk exposure

• Specific risk “initiatives”

Automate “Low Value” Tasks

• “More with less…”

• Focus on high value, bottom line results

• Leverage advanced technology

2010


Compliance Benefits/Risk Improvement

• “In-process, real-time” controls• Extend existing

system controls• Replace, automate post

transaction audits

• Gain visibility/accuracyinto business

• Policies• Stakeholder behaviors• Process improvement• Financial accuracy

• Audit Automation• Expanded use of data

analytics• Detect fraud early

OperationalBenefits

• Deliver bottom-line results

• Automate “lower value” tasks• Auditing/QA• Account reconciliations

• Real-time continuous improvements

• Detect issues early• Errors• Bottom-line/cash flow

improvement opportunities• Waste, abuse

• Establish a “detection adjudication/resolution” capability

Why Continuous Transaction Monitoring?


Fraud Statistics

Typical organization loses 5% of revenues to fraud• Median loss $160K, 25% of loses >$1M• Significantly higher for financial statement fraud, median >$4M

Asset misappropriation the most common

Recovery is low, only 20% recover significant amounts of losses

Controls work: organizations with more robust fraud controls had lower losses

85% of perpetrators have never been charged before

13% of employees will steal if given the opportunity

Source: ACFE 2010 Report to the Nation


Other Relevant Statistics

1.6% of vendor payments have errors• Similar for companies with a high degree of automation

3.6% of vendor invoices contain errors

Companies average 1.1% error rates in T&E

Invoice input error rates – average 15.6%

43% of companies never clean Vendor Master File• Leads to other issues: fraud, duplicate payments, missed discounts

Duplicate payments are still a problem• Approx 20% of companies report duplicate payment rate > 0.1%

39% of companies had check fraud in past two years• 70% in large companies (> 5000 employees)• % is growing

Source: IOMA 2007 Benchmark Study


What Value Does Oversight Deliver?


What Value Does Oversight Deliver?

• Regulations- SOX

• Best practices- COSO- GRC Program

• Internal policies/ procedures

• Audit Automation

• 100% transaction review

• Fraud- Employee- Vendor

• Policy/procedures- Procurement- T&E- Corporate cards

• Improper payment- real-time error prevention- Errors- Fraud/misuse

• Un-recovered payments

• Cost of capital• (Margin

optimization)

• Resource optimization

• Error correction• Audit fees• Internal audit

efficiency

• Reporting reliability• Decision support• Automated testing/reporting

• Transaction-level analytics• Process improvement


CCM-T Application Components

Example Transaction Process: Revenue Cycle

Libraries of Data Analytics

Disparate Source Systems

ExceptionIdentification

Analytics Engine

Reporting

ExceptionResolution

Documentation

Insights/Reporting

• Monitors Controls • Embeds Audit

Best Practices in Process

• Risk Ranking

HR Data Legacy SAP

Data Extraction

CUSTOMERMAINTENANCE

SALES ORDER INVOICE RECEIVING CASH RECEIPT CASH

APPLICATIONRMA/RETURNS

SAPCCM-T Application

UI and Workflow


Representative Monitoring Value Propositions

Financial Process Hard ROICompliance/Risk

GeneralLedger

G&A Cost Efficiency Audit Cost Reduction

Financial Reporting Accuracy Inappropriate Employee Behavior

Orderto Cash

Margin Improvement G&A Efficiency

Policy Compliance Error Reduction Operational Controls/Visibility

Procureto Pay

Prevent Cash Leakage G&A Efficiency

Policy Compliance Error reduction Operational Controls/Visibility Inappropriate Employee Behavior

P-Card/T&E

Prevent Cash Leakage G&A Efficiency

Policy Compliance PR Risks Operational Controls/Visibility Inappropriate Employee Behavior


Introduction to Oversight Systems

The Company

• Leader in continuous transaction monitoring

• Software company

• Headquartered inAtlanta, Georgia USA

• Recognized by Forbes, “Big 4” and industrytrade associations

• Best practices focusand approach

Continuous Transaction Monitoring

• Automated, in-process

• 100% transaction review & prioritization

• Extracted from multiple data sources

• Pre-defined monitors

• Operational policy

• Policy adjudication workflow

• Financial transaction process monitoring• General Ledger Order to Cash• HR / Payroll Procure to Pay• PCard/T&E Custom


Continuous Monitoring: Emerging Best Practice

Oversight Clients:Monitoring $500B+ Transactions

http://images.google.com/imgres?imgurl=http://www.thelightisgreen.com/Coke%20logo%20bottle_1.jpg&imgrefurl=http://www.thelightisgreen.com/branding/index.html&h=300&w=300&sz=70&hl=en&start=16&sig2=h_L5TcEaFW6mqswC10x4wQ&um=1&tbnid=e8PlGwZU6Glx5M:&tbnh=116&tbnw=116&ei=LzOHSKKtG47OeKXSmeEE&prev=/images?q=coca+cola+logo&ndsp=18&um=1&hl=en&rls=com.microsoft:en-us:IE-SearchBox&rlz=1I7GGLR&sa=N

http://shawlearningacademy.com/


Finance & Accounting Functions

Continuous Monitoring Adoption

http://images.google.com/imgres?imgurl=http://www.thelightisgreen.com/Coke%20logo%20bottle_1.jpg&imgrefurl=http://www.thelightisgreen.com/branding/index.html&h=300&w=300&sz=70&hl=en&start=16&sig2=h_L5TcEaFW6mqswC10x4wQ&um=1&tbnid=e8PlGwZU6Glx5M:&tbnh=116&tbnw=116&ei=LzOHSKKtG47OeKXSmeEE&prev=/images?q=coca+cola+logo&ndsp=18&um=1&hl=en&rls=com.microsoft:en-us:IE-SearchBox&rlz=1I7GGLR&sa=N

http://shawlearningacademy.com/

http://www.undp.org/


Procure-to-Pay Monitoring• Payment for 0• Payment w/o

Voucher• Payment Payee

Differsfrom Vendor

• Payment to Ghost Vendor

• Payment to Employee

• Payment Detail Mismatch

• Payment/PO SOD

• Invalid Vendor• Duplicate Vendor• Ghost Vendor• Vendor

Change/Change-back

• Vendor Maintenance SOD

• Receipt/PO SOD

• Payment Duplicate• Payment Line Duplicate• Payment Line Exceed

Voucher• Payment Line w/o Voucher• Payment Line/Voucher

Mismatch• Payment Line for Duplicate

Voucher• Payment/Voucher SOD

• Invalid PO• PO to Inactive Vendor• PO to Invalid Vendor• PO to Ghost Vendor• Duplicate PO• PO/Vendor SOD

• Invalid Voucher• Voucher for 0• Voucher to Invalid

Vendor• Voucher to Duplicate

PO• Voucher Duplicate

Amount• Voucher Duplicate

Invoice• Voucher/PO SOD• Voucher Line with no

PO• Voucher Line/PO

Mismatch• Voucher Line/Receipt

SOD• Voucher Line/Receipt

Mismatch

VendorMaster Requisitions Purchase

and Receipts Invoice Voucher Payment Recovery


Accepted RiskBuilt into Design

• Less than ideal segregationof duty to facilitate doing business

• Quantity & pricing tolerances• Manual over-ride of controls• Subjective RFP process

Fraud

• Collusion• Single individual capitalizing

on system weakness• Single individual manipulating

data to mislead decision makers

• Check theft / manual check

Errors and Inefficiencies

• Lost payment terms discounts• Higher delivery costs• Catalog pricing not current• Manual processes• Multiple touches/parked

invoices• Research

Cash Leakage: Procure to Pay ProcessUnintended Design Gaps

• Lost volume discounts/rebates• Freight overpayments• Duplicate vendor payments• Approvals outside design

tolerance• Over/under payment of S&U tax• Start-up and/or new

configuration post go-live• Orders by-pass procurement • Incomplete/inaccurate

master data


Cardholder Maintenance

Card Maintenance Purchase Substantiate

Reconcile Accounting Approval Payment

• Cardholder Status Change• Cardholder Invalid• Cardholder Change• Cardholder Employee

Invalid

• Transaction Duplicate• Transaction Chain Individual• Transaction Chain Department/BU• Transaction Invalid• Transaction Merchant

Unauthorized• Transaction Merchant Suspicious• Transaction Amount Suspicious• Transaction Timing Suspicious• Transaction Limit Violation• Transaction Employee Invalid• Transaction Series

• Merchant Distribution Mismatch

• Distribution Timing Error

• Payment without Approval

• Payment to Ghost Merchant

• Payment to Employee

Card Program Monitoring

• Cardholder Multiple Cards• Card Limit Change• Card Excessive Limit• Card Invalid

• Recon SOD• Transaction without Recon• Transaction without

Substantiation

• Transaction without Approval

• Approval Override



• Less than ideal segregation of duty to facilitate doing business

• Quantity & pricing tolerances• Manual over-ride of controls• Subjective RFP process

Fraud




• Check theft / manual check


• Lost payment terms discounts• Higher delivery costs• Catalog pricing not current• Manual processes• Multiple touches/parked

invoices• Research

T&E and Cards Programs: Monitoring ObjectivesUnintended Design Gaps

• Lost volume discounts/rebates• Freight overpayments• Duplicate vendor payments• Approvals outside design

tolerance• Over/under payment of S&U tax• Start-up and/or new

configuration post go-live• Orders by-pass procurement • Incomplete/inaccurate

master data



• Price overrides• Approval tolerances

Unintended Design Gaps

• Pricing errors• Credit terms• Unit of measure• Free shipping not in contract• Wrong tax codes• Rebates• Incomplete/inaccurate

master data

Fraud





• Returns• Deductions• Authorized promotion

deductions• Chargebacks• Penalties• Short shipments• Late payments• Write-offs• Slow dispute resolution

Profit Leakage: Order to Cash Process


Access Controls

• Unintended configuration gaps• Super-user access• Material transaction approval• Incomplete/Inaccurate Master

Data• Period open – period close

Process Controls

• Intercompany reconciliation• Month end close monitoring• Improve close efficiency

accuracy

Fraud

• Revenue manipulation• Overcapitalization• Understatement of liabilities• Super-user access


• Duplicate entries• Entries posted “backwards”• Account code misclassification• Keying errors• Manual entry review• Internal/external audit

preparation• Multiple touches required for

multiple “customers”

General Ledger: Accuracy, Risk and Compliance


Oversight Overview


Oversight Solution Overview


CTM: People, Process and Technology

Corporate

Finance

Operations

BU3

Finance

Procurement

BU4

Operations

Internal Audit

CFO Office

Audit Committee

BU1

Finance

Procurement

BU2

Operations

Finance Operations

VP Finance

VP Operations

BU1

Finance

Procurement

BU2

Operations


Oversight Product Capabilities

Reporting CapabilitiesOversight DashboardOversight Workbench

Exception Handling CapabilitiesDiscovery: Exception Detection

WorkflowCollaboration

CommunicationAdvanced Analytical Capabilities


Oversight: Macro Trends Generated Automatically


Oversight: “Exception” Reporting


Oversight: “Exception” Detail


Oversight: Transaction Detail Provided


Why Industry Leaders Choose Oversight

• Multiple, diverse, systems• Normalize data into common model• No data volume limitation• Low impact on client system/network

• Reasoning beyond rules• Statistical, Behavioral, Temporal, Symbolic• Correction detection integrated with workflow• Pre-defined + user defined analytics

• Workflow enabled resolution• Consistent across all business processes• Supporting documentation in one system• Drill-down, email, attachments, link analysis

• User-defined view: workbench & dashboard• Ad-hoc reporting + “what if” analysis• Flexible deployment configurations• Web based administration and configuration

• Client base Best Practices Group• The most successful implementations• Diversity in team expertise• Proven customer satisfaction

• Large, diverse data volume• Minimize IT on-going support• Streamlines advanced analytics

• Higher ROI faster• Discover “what I don’t know”

• No technical skills required• Assurance through visibility

• Encourages user adoption• Direct & pertinent to unique KPI

• Operationalizing continuous improvement

• Quick time-to-value• Quick, efficient, effective• Leverage F500 client experience

Key Attributes Key Value

Superior Data Acquisition

Advanced Analytics

Intuitive Configurability

Practical Workbench and

Dashboard

Proven Experience and

Results


Find It.Inspect every transaction.

Fix It.Resolve every exception.

Prove It.Substantiate every resolution.

Christopher Rossie

This is starting to strike me as IT-oriented as opposed to business/value-oriented. Not sure I have a good solution yet.

Continuous Transaction Monitoring

Documents

Transcript of Continuous Transaction Monitoring