practical implementation of data analysis county/iia oc presentation downlo… · – additional...

Practical Implementation of Data Analysis

IIA OC Chapter Meeting February 18, 2014 Edwards Lifesciences Global Internal Audit

Agenda

• Introduction • Data Mining

– Travel and Expense Audit • Special Words • Stratification

– Cash vs. Credit Card

• Excel Risk and Validation – Best practices – Spreadsheet Validation

Demonstrations

• Abel Casanova, Sr. Manager • Orlando Lopez, Sr. Manager • Daphne Chi, Sr. Auditor • Julie Ann Fan, Auditor

Global Internal Audit Team

Data Mining

– What is Data Mining? • Automated or semi-automated analysis which

transfers large-scale data into understandable information

• Using computer tools to examine all (or nearly all) the population in an audit test

– Why Data Mine? • Data mining is a fast and efficient way to reveal

hidden exceptions, patterns, and trends

Data Mining Example: Expense Report Analysis

Allan Capone Jr. – Sales Representative

based in Las Vegas, Nevada

– Expense reports from 2011-2013

• Obtained extract of data from the T&E System

• 2,125 transactions over 36 months

Data Mining Audit Test – Special Words

– What are “Special Words”? • “Special Words” is a type of audit test used to

identify transactions with suspicious words • “Special Words” is an audit test used to

analyze the “grey” areas and is a type of fuzzy logic

– Why use Fuzzy Logic? • Incorporates reasoning in the audit test to

identify fraud or exceptions • Can find really neat items

• Golf, mini, bar, cash, advance, gift, bribe, adjustment, allocation, government, party, cell phone, event, service – Additional fun words: Jack Daniels

• Using Caseware IDEA, the @Isini function searches for the occurrence of a specified string or piece of text in a character field, date field, or string and if found it returns the starting character position of the specified string. If the string is not found, a value of 0 is returned. @Isini ( "Golf" ,COMMENT) .OR. @Isini( "mini" , COMMENT) .OR. @Isini( "bar" , COMMENT) .OR. @Isini( "jack" , COMMENT) .OR. @Isini( "cash" ,COMMENT) .OR. @Isini( "advance" , COMMENT) .OR. @Isini( "gift" , COMMENT) .OR. @Isini( "bribe" , COMMENT) .OR. @Isini( "allocation" ,COMMENT) .OR. @Isini( "adjustment" , COMMENT) .OR. @Isini( "event" , COMMENT) .OR. @Isini( "adjust" ,COMMENT) .OR. @Isini( "party" , COMMENT) .OR. @Isini( "service" , COMMENT) .OR. @Isini( "government" , COMMENT) .OR. @isini("cellphone", COMMENT)



Golf, mini, bar, cash, advance, gift, bribe, adjustment, allocation, government, party, cell phone, event, service, Jack Daniels

Results

– What did we do? • Used logical reasoning and applied the special words test

– What did we find? • Allan Capone Jr. has charged non-compliant transactions to

the company card – What can Special Words be used for?

• Travel & Expense Reports • Journal Entries • Accounts Payable

– Tip • Consider acronyms, foreign languages or ask local speakers

for slang


Data Mining Audit Test – Stratification

– What is Stratification? • Stratification is the process of dividing the

population into subgroups before sampling

– Why use Stratification? • Narrows down large data into subgroups and can

provide information by dollar amount, type of transaction or transaction frequency

• Conclusions or analysis may be easier to apply to population subgroups

• Good way to begin sampling

• Stratify by Amounts – $0 - $20 – $20 - $45 – $45 - $100 – $100 - $1,000 – $1,000 - $2,000 – $2,000 - $5,000

• Stratify by transaction line amounts



• Why would a sales representative need to charge amounts over $1,000?

• Investigate!

• Why do these flights cost so much? – First Class/ Business Class flights are not allowed

under Corporate Policy – Possible multiple changes to flights?/ Last minute

flights? – Paying for miles?


• Now we look at smaller stratus because the last stratus only indicated possible exceptions over $1,000 but we should try and investigate exceptions under $1,000.

• Stratification - Cash vs. Card – $0 - $10 – $10 - $20 – $20 - $25 – $25 - $50 – $50 - $100 – $100 - $1,000 – $1,000 - $5,000


Data Mining Audit Test – Stratification Results

• Analyze the Results • Look for patterns • Do the results seem

reasonable?

Data Mining Audit Test – Stratification Comparison

18 2/18/2014

– What did we do? • We used the stratification to narrow down the transactions

into smaller samples

– What did we find? • Exceptions to T&E policy (i.e., Business class seats and

suspicious cash transaction)

– What can stratifications be used for? • AR Aging • AP Aging

– Tip • Stratifications are the beginning of audit analysis not the end


Data Mining Audit Test – Policy Compliance

– What is stratification sub-group analysis? • Taking the next step data stratification • One can build audit rules surrounding

company policy

– Why analyze stratification sub-groups?

• Detects non-compliance transactions to corporate policy

• GREAT practical application of data analysis

• Company T&E Policy - Cash – Cash transactions under $25 do not require

receipt – Cash transactions over $20 but less than $25 – 246 cash transactions were between $20 & $25

AMOUNT > 20 .AND. AMOUNT < 25



-taxi and valet parking in the same report is suspicious

- $21.38 at heartbeat café is curious activity.

- American Airlines baggage fee is $25 and requires a receipt under company policy

• What did we do? – Reviewed transactions between $20-$25

• What did we find? – Fake/non-compliant charges to T&E

• What can policy compliance test be used for – Approval Thresholds – Willful bypass

• Tip – This can be used for many company policies. Be

creative!


Allan Capone Jr.

• Our Excel Journey – Only doing the minimum on spreadsheet controls – More COSO/SOX demands were on the way – Wanted to bring more audit and control value

• Spreadsheet risks • Best Practices • Spreadsheet Validation Demonstration

Spreadsheet Risks and Validation

Our Excel Journey

• We still use many spreadsheets • Those spreadsheets have risks • Select best practices were implemented • Needed easy-to-use validation tool • Selected the following Excel add-on tools

by Incisive: – Xcellerator – Diff Interactive

Common Use of Spreadsheets

• Income Statement Fluctuation Analysis • Accounts Receivable Reserve Analysis • Excess & Obsolete Inventory Reserve • Vacation Accrual Update • Rebates Calculation • Outstanding Shares Calculation • Stock Repurchase Daily Summary • Statement of Cash Flow Calculation

Spreadsheet Risks

• Unauthorized changes to the data by users • Hidden worksheets or cells • Formula overwritten with text or numbers • Formula fails to cover full area • Incorrect referencing • Calculations are not refreshed

Best Practices

• Inventory and risk rank your spreadsheets based on complexity and potential impact

• Set security access levels for authorized users

• Establish version control and restrict changes to formulas

• Secure key spreadsheets on servers for backup purposes and security

• Routinely review spreadsheets for key changes

Spreadsheet Validation Tools

• Validation tools by Incisive: – Xcellerator: add-in application created for use

with Microsoft Excel. This application scans spreadsheets for likely errors and inconsistencies, allowing users to find and fix errors before they become problems.

– Diff Interactive: spreadsheet comparison software to quickly determine if and/or what spreadsheet changes were made by users.

Assumptions: • O&D Corporation is a medical device manufacturing company

• Business model: Direct Customers or Distributors • 2Q2013 vs. 1Q2013 AR Reserve Analysis

Demonstration Background

Demonstration of Xcellerator

• What will we do? – Analyze an AR aging report and calculation of

the allowance for doubtful accounts • Examples of kinds of tests will we run:

– “#” Errors and source – Data in formula range – Constant in formula (e.g., hardcoded numbers

inside a formula) – Hidden Worksheets/Cells/References – External workbook references

Demonstration Part I - Xcellerator

Data in Formula Range Test Results

Red Flag: Hardcoded numbers instead of formula

Constant in Formula Test Results

Red Flag: Hardcoded numbers within formula

Hidden Cell Test Results

Red Flag: Why are these cells hidden?

Hidden Worksheet Test Results

Red Flag: Why is this worksheet hidden?

Demonstration of Diff Interactive

• What will we do? – Compare spreadsheets between 1Q and 2Q

AR aging reports and allowance for doubtful accounts

• What tests and report will we run? – Spreadsheet Comparison

• Cell values • Calculated values • Formula/formula references

– Reporting of Testing Results

Demonstration Part II – Diff Interactive

Red Flag: Reserve percentages changed from prior quarter

Spreadsheets Comparison: Cell Values

Red Flag: What’s the nature of these changes?

Spreadsheets Comparison Cont.

Red Flag: Is it reasonable to change formula/reference?

Spreadsheets Comparison: Formula

Spreadsheets Comparison Cont.

Another example of formula/reference changed

• Summarize results by test types • Share test results with others

Reporting of Results

• What other spreadsheet tests can we run? – Xcellerator:

• Formula fails to cover area • Broken formula region • Inconsistent formula or complex formula • Currency errors • Few formula occurrences • Number formatted as text • Referencing blank cells or white space

– Diff Interactive: • Cell differences (e.g., cell values and formulas) • Sheet differences • Inserts/deletes

• Tip: – Be skeptical, spreadsheet errors are very common

Other Spreadsheet Validation Tests

Helping Patients is Our Life’s Work, and

practical implementation of data analysis county/iia oc presentation downlo… · – additional...

Documents