Practical Uses of Continuous Monitoring….and How To Drive It Forward

Presented By:Richard B. Lanza, CPA-CITP, CFE, PMPPresident, Cash Recovery Partners, LLC

rich@auditsoftware.net 973-601-3701

Agenda

What are we seeing

What is holding back CM/CA

What can drive it forward

The Current View

Who are the Users?

Process owners (A/P, A/R, etc.)

Recovery audit functions/firms

Trend-setting internal audit departments

Big 4 accounting firms

What Are the Applications?

Purchase-to-Pay

T&E

Procurement Card

Payroll

Order to Cash

Inventory

General Ledger

Recovery / Fraud

Process Managers

Auditors

How Do They See the Light?

Major prior cash outflow / fraud

Have a past taste of data analysis success

Fear of audit failure

What’s Holding It Back

Key Inhibitors

External auditors are making large sums of cash keeping audits as manual as possible…and they still hold the pen to compliance

Internal auditors are building mini-empires and don’t want to relinquish this control to virtual auditors

Litigators give no incentive to 100% auditing as the more auditors see…the more lawyers have to base their lawsuit

IT Departments rather build it in house vs. buy it…and then they rarely do

Key Inhibitors

People are too busy to “sharpen their saw”

It is a commitment to report and manage exceptions (Ad hoc reporting is simply “dating”)

The lack of imagination...too few people “play” with data

Unlike XBRL that benefits the SEC/PCAOB, there is no perceived value to them in it....yet!

Limited lobbying is seen to these groups on the value of automated control testingTherefore, there is no whip (regulation) requiring it

Key Inhibitors

SEC Chairman William H. Donaldson said, “As I mentioned when the Commission first announced this (XBRL) initiative, this initiative is part of the Commission's broader effort to improve the quality of information available to investors and the marketplace. By working to enhance the Commission's filing and disclosure process through the use of new data formats, including tagged data, the Commission can improve how content is organized and analyzed - improvements that will benefit everyone who utilizes the SEC's public disclosure process.”…..a similar statement is needed for CA/CM

Key Inhibitors

Lack of a business case to do it continuously….once a year still works for most

No perceived middle-market solution….focus is mainly on the Big 4 and Fortune 1,000

Control testing and management has not to date been a consistent process (with some exceptions in payroll, accounts payable, and order to cash)

What Can Drive It Forward

Key Drivers

Working on ERP FailureERP systems / IT Departments do such a bad job at control, that users are looking elsewhere for control solutionsToo few people “play” with data....which is an opportunity to implement black-boxes

Process owners & senior management see the value of co-sourcing a virtual auditor

Reduced testing costs / Less auditor timeProactive detection practically as good as preventionFaster re-action times to potential issuesKeep skeletons safe within their closets

Key Drivers

100% auditing is more acceptable todayAudit procedures are based on sampling standards written over 20 years agoThe best fraud to defend is the one you findMore actual users supporting the cause

Audit staff market is drying upMore resource options are neededAuditors need not fear delegating effort to the virtual auditor….it will identify even more work for their empire

Key Drivers

Recovery firms are moving to proactive reporting models

More competitors/analysts are entering the market…..it must be a serious business

Speed = more recovered cash, detected fraud, and less downstream problems

It is trendy and cool

Build a Bridge to CA/CM

1. Gain an appreciation for the data…do a pilotTurn on system audit logsFocus on key risk area data analysisRun reports on a “one-time” basis

2. Find a major event/fraud

3. Build a case for a fully-functional, out-of-the-box system

Conclusion

Auditors are starting to see the need for virtual auditors…as they drown in work

Management are in the best position to drive increased usage

To reduce auditorsTo keep their skeletons safe

Regulatory powers need to support the audit profession in 100% auditing

Supporting it for their own useRemoving the litigation case fear