the magic of analytics - fiamalta.orgfiamalta.org/downloads/wallhoff.pdf · the magic of analytics...
TRANSCRIPT
The Magic of Analytics John Wallhoff (CISA, CISM, CISSP)
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
The Magic of Analytics
…
when data comes
alive
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
The Magic of Analytics
…
when data
transforms into information, knowledge
and wisdom
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
The Magic of Analytics
…
when you can see beyond
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
The Magic of Analytics
…
now what is
your story?
The Magic of Analytics
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
The magician and his journey
Wife
+ Son &
Daughter
Degree of bachelor of
science in business administration
and economics
Specialisation entrepreneurship
ERP (6 years)
Accounting and Finance
(2 years)
IT audit & Analytics (3 years)
Security (2 years)
Entrepreneur (12 years)
Scillani
Information
Fraud & Corruption Analytics Security ITSM
ISACA member
since 1999
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
The Magic of Analytics
Create Play Visualise
Stories
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Create
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Each role with its own view
Business view
IT view
Analyst view
Auditor view
Metrics KPI Cubes Statistics Patterns Controls Risks Mining
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
In motion
Agile
Apply an PREDICTIVE approach to navigate in a volatile
environment
Apply an ADAPTIVE approach to reveal facts in a structured
environment
Apply an AGILE approach to navigate through a disruptive
environment
Adaptive Predictive
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Scenario
Subject enhanced screening
Dependencies Strange charactaristics
Duplicates
Lack of specfication
The vendor is negotiating and tries to influence
employees direct/indirect to maintain
contract with their key client
Invoices are issued without
proper specification to avoid disclosure (not lies, just not telling the story)
The vendor is generating invoices
with foreign currency to make payment to offshore account
To avoid attention, the
vendor is registered
several times
Control weakness
Behaviour
Behaviour Behaviour
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
From Data to Knowledge
Transactions
Dashboards
Calculations
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Sample: Transactions ¡ Identify transactions below authorisation limits to
bypass controls, often with high nine as tail ¡ Amount”9 999” is just below 10 000 level
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Source: Hibis (www.hibis.com)/Scillani Analytics model for Fraud & Corruption Red flags detection using Arbutus Analyzer, (www.arbutussoftware.com)
Sample: Transactions ¡ Identify transactions round amount, a common behaviour for
fraud & corruption ¡ ”100 000” a nice round 100K invoice.
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Source: Hibis (www.hibis.com)/Scillani Analytics model for Fraud & Corruption Red flags detection using Arbutus Analyzer, (www.arbutussoftware.com)
Sample: Indicators ¡ An indicator can be ”Yes”/”No or percentage, and these indicators will help
you to see the overall picture instead of looking at individual transactions ¡ 100% round amount, i.e a vendor is always sending invoice with round amount
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Source: Hibis (www.hibis.com)/Scillani Analytics model for Fraud & Corruption Red flags detection using Arbutus Analyzer, (www.arbutussoftware.com)
Profiling
Integrity Check
Data
Red flag
What do we see
Employee
Expenses
Payroll
Large amount
Expenses approved by manager and also attending at representation
Receipts by non approved
counterpart
Attendee
Manager
Approval
Expensetype
Amount
Date
Purpose
Claims repeatedEmployee
Date
Payrolltype
Amount
Employee
Entrydate
Department
Manager
Address
City
Phone
Expenses claimed several times
Private withdrawal
Excessive representation
Tickets paid by company but
reembursed to the employee
Source: John Wallhoff, The Fraud Matrix session ISRM Las Vegas/Barcelona 2011
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Storytelling Characteristics of a good story
¡ A single theme, clearly defined
¡ A well developed plot
¡ Style: vivid word pictures, pleasing sounds and rhythm
¡ Characterization
¡ Faithful to source
¡ Dramatic appeal
¡ Appropriateness to listeners
Source: Effective Storytelling, A manual for beginners by Barry McWilliams, http://www.eldrbarry.net/roos/eest.htm
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Storytelling – The Pixar Pitch Pixar story artist, Emma Coats has cracked the code and argues that every Pixar film shares the same narrative DNA – a deep structure of storytelling that involves six sequential sentences:
1. Once upon a time there was …
2. Every day …
3. One day …
4. Because of that …
5. Because of that …
6. Until finally …
Source: The Pixar Pitch, Emma Coats, http://www.ctectv.org/wp-content/uploads/2013/02/PIXAR00.pdf
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Think – Your story
This is a simple excercise with following fact. You are working in a company where continuous monitoring will be used for credit approvals. 1. What type of data (tables/datafiles) should be possible for you to
use? 1. Financial sector
or 2. Retail sector
2. What type of stories could you tell based upon that data? You’ve got a couple of minutes to reflect and talk to the one sitting next to you (this is about sharing experience and networking)
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Play
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
My experience
Cost &
Control
Process &
Performance
Fraud &
Corruption
Metrics &
Reporting
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
My experience - examples ¡ External Audit ¡ Accounts payables ¡ Accounts receivables ¡ Payroll ¡ Inventories ¡ General ledger ¡ Cash register data ¡ Aggreements vs invoice ¡ User accounts
¡ IT ¡ Server utilization
¡ Internal audit ¡ Expenses ¡ Payroll ¡ Logistics process ¡ Accounts payables ¡ General ledger ¡ Statistical sampling
(Agriculture-EU)
¡ Security/Privacy – IT ¡ Web server logfile ¡ Incidents
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Using other frameworks ¡ Six Sigma – Quality assurance framework
Source: Phil Green, In GodWeTrust–EveryoneElse BringData, presentation at itsmf finland conference 2015
Strategies Approach
¡ Unstructured (Ad Hoc) ¡ Will only be used for one time
¡ Structured ¡ Will be used repeatedly
¡ Centralised ¡ Expert skills
¡ Monitoring ¡ Automation
Access to data
¡ Internally ¡ Are we able to access data
directly (our environment)
¡ Externally ¡ Do we need to request and
obtain data from someone else
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Digital forensics scientific process
¡ Data collection ¡ Obtain search authority ¡ Document chain of custody ¡ Image and hash
¡ Examination and analysis ¡ Validate tools ¡ Analyze ¡ Repeat and reproduce (quality assurance)
¡ Reporting ¡ Report ¡ Possibly present expert testimony
Source ISACA, Overview-of-Digital-Forensics_whp_Eng_0315
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
The Process
Define
Controls, Risks, Profiles, Scenarios, Tasks, Symptoms,
Performance, Fraud
Execute
Request, Obtain, Validate, Run,
Analyze
Report
Formal, Grahps, Intranet, Workshop,
Films, Games
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Use your imagination ¡ Controls
¡ Invoices with amount higher than approver is authorised to
¡ Risks ¡ Customers that have excceeded
credit limit
¡ Profiles ¡ Invoices with round amount that
is a start up
¡ Scenarios ¡ Unauthorised access to Financial
system in a certain month
¡ Tasks ¡ Investigate a privacy breach
¡ Symptoms ¡ Trend of problems related to
service/application/system
¡ Performance ¡ Weekly incident management
dashboard
¡ Fraud ¡ Red flags to indicate fraudulent
behaviour
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Structure your work Create assertions/categorisation when you play (work with analysis)
¡ Assertions in the Audit of Financial Statements 1)
¡ Assertions relating to classes of transactions: Occurrence, Completeness, Accuracy, Cut-off, Classification
¡ Assertions relating to assets, liabilities and equity balances at the period end: Existence, Completeness, Rights & Obligations, Valuation
¡ IS Audit and Assurance Guideline 2007 Assertions 2) ¡ Confidentiality, Completeness, Accuracy, Integrity, Availability,
Compliance
1) Accounting-Simplified.com#sthash.IrSFWF3t.dpuf, http://accounting-simplified.com/audit/introduction/audit-assertions.html 2) IAACA, http://www.isaca.org/Knowledge-Center/ITAF-IS-Assurance-Audit-/IS-Audit-and-Assurance/Documents/2007-Assertions_gui_Eng_0614.pdf
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Execute ¡ Request
¡ Just the data you need (you may need to request more later) ¡ As much data as possible (you may not understand what you get)
¡ Obtain ¡ Protect data according to its senstivity
¡ Validate ¡ Complete and correct data used properly
¡ Run ¡ Structure, run and re-run with variations
¡ Analyze ¡ Reflect upon the outcome and tell the story
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Report ¡ Formal
¡ Report with summary and details
¡ Graphs ¡ Key findings to show progress
¡ Intranet ¡ Performance and metrics
¡ Workshop ¡ Discuss, learn and evolve
¡ Films ¡ Convert you ppt to movie clip and add comments/speaker
¡ Games ¡ Create interactivity based upon what you have discovered
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
CAATs planning steps The major steps to be undertaken by the auditor in preparing for the application of the selected CAATs include the following:
¡ Set the audit objectives of the CAATs, which may be included in the terms of reference for the exercise. Determine the accessibility and availability of the organisation’s IS facilities, programs/systems and data.
¡ Clearly understand composition of data to be processed including quantity, type, format and layout.
¡ Define the procedures to be undertaken (e.g., statistical sampling, recalculation, confirmation).
¡ Define output requirements.
¡ Determine resource requirements, i.e., personnel, CAATs, processing environment (the organisation’s IS facilities or audit IS facilities).
¡ Obtain access to the organisation’s IS facilities, programs/systems and data, including file definitions.
¡ Document CAATs to be used, including objectives, high-level flowcharts and run instructions.
Source ISACA, IT assurance guidelline http://www.isaca.org/Knowledge-Center/Standards/Documents/IT-Audit-Assurance-Guidance-1March2010.pdf
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
IS Audit Basics ¡ IT Audit and Assurance Guidelines
¡ G3 Use of Computer Assisted Audit Techniques (CAATs)
¡ ITAF Information Technology Assurance Framework ¡ 2.5.3 Professionals should review the results of
engagement procedures to determine whether there are indications that irregularities or illegal acts may have occurred. Using computer assisted audit techniques (CAATs) could aid significantly in the effective and efficient detection of irregularities or illegal acts. (2207 Irregularity and Illegal Act - section 2.5 Designing and Reviewing Engagement Procedures)
¡ Control Journal ¡ IS Audit Basics section
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Data validation & Quality Remember to:
¡ Understand the source of data and codes in data ¡ System documentation and System/Information owners are cruical
¡ Define relevant timeframes ¡ Over year-end (calender /financial year) or financial year
¡ Reasonablility check ¡ Does the data make sense
¡ Visual validation ¡ Compare data in model against source documents (pdf, jpg, …)
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Types of analytics logic ¡ Duplicate transactions
¡ Data quality
¡ Transaction limits
¡ File matching
¡ Character pattern matching
¡ Segregation of duties (SoD)
¡ Aging
¡ Numeric pattern matching
¡ Date/time matching
¡ Variance tests
Source ISACA, Data Analytics—A Practical Approach, http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Data-Analytics-A-Practical-Approach.aspx
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Types of analytics logic
• Controls • Transactions vs Authorisation levels • User accounts vs Employee master & Access Management
• Reasonable • Transactions with the date January 1st, 1015
• Errors • Missing transactions
• Behaviour • Same amount at the same day of month
• Intuition • Looks strange or does not make sense
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Keep Murphy’s law in mind
Alfred Holt at an 1877:
It is found that anything that can go wrong at sea generally does go wrong sooner or later, so it is not to be wondered that owners prefer the safe to the scientific .... Sufficient stress can hardly be laid on the advantages of simplicity. The human factor cannot be safely neglected in planning machinery. If attention is to be obtained, the engine must be such that the engineer will be disposed to attend to it
The British stage magician Nevil Maskelyne wrote in 1908:
It is an experience common to all men to find that, on any special occasion, such as the production of a magical effect for the first time in public, everything that can go wrong will go wrong. Whether we must attribute this to the malignity of matter or to the total depravity of inanimate things, whether the exciting cause is hurry, worry, or what not, the fact remains
1952, as an epigraph to a mountaineering book by John Sack, who described it as an "ancient mountaineering adage”
Anything that can possibly go wrong, does
In 1952 the adage was called "Murphy's law" in a book by Anne Roe, quoting an unnamed physicist:
He described [it] as "Murphy's law or the fourth law of thermodynamics" (actually there were only three last I heard) which states: "If anything can go wrong, it will”
Source https://en.wikipedia.org/wiki/Murphy%27s_law
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Other sources of information
Online Use search engines and social media to understand more
GIS See the context of business partners by looking at the location
Public records Use public records that are not available online to verify existence
Observation Go out in the field to understand the context and verify existence
Contact Make a phone call to see if references are real
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Think – Your story
This is a simple excercise with following questions: 1. You have just implemented the continuous monitoring solution for
credit limits. What could you do to transform it from a detective to predictive control ?
2. How can you integrate the output from Analytics to relevant processes?
You’ve got a couple of minutes to reflect and talk to the one sitting next to you (this is about sharing experience and networking)
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Visualise
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Information Is Beautiful
Source: David McCandless, www.informationisbeautiful.net/2009/interesting-easy-beautiful-true/
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Charts to sell the story
Source: David McCandless, Information is beautiful, www.informationisbeautiful.net/
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
htt
p:/
/ww
w.in
form
atio
nisb
ea
utif
ul.n
et/
visu
aliz
atio
ns/
mill
ion
-lin
es-
of-
co
de
/
htt
p:/
/ww
w.in
form
atio
nisb
ea
utif
ul.n
et/
visu
aliz
atio
ns/
wo
rlds-
big
ge
st-d
ata
-bre
ac
he
s-h
ac
ks/
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Infographics
Source: Google search on the word ”Inforgraphics”
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Relationsship diagrams
Source: Dan Wasser, FMS Advanced Systems Group, Sentinel Visualizer, www.fmsasg.com
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
GIS Data & Timeline
Source: Dan Wasser, FMS Advanced Systems Group, Sentinel Visualizer, www.fmsasg.com
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Colour coding
Source: Arbutus Analyzer, www.arbutussoftware.com
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Think – Your story
If you have implemented continuous monitoring in your organisation: 1. How do you use your results? 2. Are you communicating the results outside your department? 3. Have you enabled continuous improvements with your monitoring?
Share your experience with all of us!
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
Conclusions
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
The Magic of Analytics
…
is not about data -
it is about you
Definition - Analytics The field of data analysis. Analytics often involves studying past historical data to research potential trends, to analyze the effects of certain decisions or events, or to evaluate the performance of a given tool or scenario.
The goal of analytics is to improve the business by gaining knowledge which can be used to make improvements or changes.
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)
See you again John Wallhoff (CISA, CISM, CISSP) Management consultant / Expert advisor Fraud & Corruption – Analytics - Information & Cyber security – IT Service Management
Scillani Information AB Ekgatan 6, SE 230 40 BARA, Sweden - Vestergade 16, DK 1456 COPENHAGEN, Denmark E-mail: [email protected] Linkedin: http://www.linkedin.com/pub/john-wallhoff/1/48b/a69 Skype: john.wallhoff Webb: www.scillani.se Mobile: +46 (0)707 743131 Phone: +46 (0)40 543131
The
Ma
gic
of A
na
lytics b
y Joh
n W
allh
off (jo
hn
.wa
llho
ff@sc
illan
i.se)