Recent Articles
Posted on May 18th, 2009 by Michael Evans »Permalink
People vote with their feet. So it’s always interesting to see where people head when a conference breaks from the plenary session. At the Gartner Risk Management & Compliance Summit earlier this month there was a clear winner. Gartner VP and Distinguished Analyst Paul Proctor’s session — “5 Practical Tips to Link IT Risk Management and Compliance to Corporate Performance” — attracted a standing room only crowd that stretched all the way back to the coffee stations in the hallway.
In a nutshell, Proctor’s main message is that executive management and boards of directors want to know that their organizations are appropriately protected against reasonably anticipated risks. But IT speaks a different language from the executives that allocate budget dollars. The solution? Proctor argued that now more than ever IT security professionals needed to translate the key risks indicators (KRI) they deal with on a day-to-day basis into key performance indicators (KPI) which executive management can understand. IT-oriented KRIs and operational metrics are down in the weeds and hard for execs to relate to according to Proctor. But if you can translate those into KPIs for key processes, communicate how good (or bad) you are currently doing and how specific proposed IT projects will help move your KPIs in from a 2 to a 5 you can make a direct link between how budget dollars will impact performance. What if your exec doesn’t want to fund your project? Proctor’s advice was simple. Tell your executive “No problem. See how we’re at a 2 out of 5 for our ‘threat and vulnerability management’ KPI? I just need you to sign here and say that you understand we’re going to be staying at a 2 because we’re not funding these three projects that could help us move to a 4.” It may sound simple but getting execs to sign off on the risk they are assuming by not funding key projects quickly brings the cost of inaction into focus.
Proctor’s other session on “Continuous Controls in ERP and Financial Systems”, which he presented along with Gartner Research VP French Caldwell, also attracted a near capacity audience. The main message in this session was that continuous controls monitoring isn’t just for compliance and audit anymore; it’s also driving key performance benefits particularly in the area of improving the availability of working capital and reducing fraud. Three ways CCM is driving business value for management: (1) lowering audit costs, (2) improving antifraud and other controls and (3) improving important business processes. On the audit side of the house value comes from: (1) reducing manual sampling, (2) external auditor trust in internal audit work and (3) ID and correct problems before there’s a performance impact.
Proctor and Caldwell are working on additional research in the area. In the meantime, feel free to check out some of their latest work on the subject here.
| digg | del.ic.ious | reddit |
Posted on April 20th, 2009 by Michael Evans »Permalink
Our friends at Protiviti recently issued their “2009 Internal Audit Capabilities and Needs Survey.” It makes for interesting reading. A couple of key conclusions jump off of the page. First, it’s clear that internal audit groups see continuous controls monitoring (CCM) as the next wave that’s going to impact the role of internal audit. Take a look at the top areas internal auditors list when it comes to audit processes where they “Need to Improve” their knowledge. Continuous auditing, computer-assisted audit techniques and fraud monitoring top the to-do list. Sounds a lot like CCM. Second, for the third year in a row, enterprise risk management (ERM) makes the top-5 list of issues where internal auditors need to improve their general technical knowledge. Like their counterparts across the hall in the finance organization, internal auditors are trying to automate routine tasks to make room for strategery. Sure, processes and financial results need to be audited. But boards also want to know where the short-, medium- and long-term risks lie. It seems clear from these surveys that internal audit is eager to find a more strategic role in the organization…and that step one is to automate as many of the day-to-day tasks as possible. A.E. Feldman has a similar take on the expanding role of internal audit over on their blog.
| digg | del.ic.ious | reddit |
Posted on February 23rd, 2009 by Katina »Permalink
Approva today released the latest version of its BizRights® Platform and Controls Intelligence Suite Version 4.5 to help companies gain a 360 degree visibility of key controls at the transaction level. Audit Trail (AT) sat down with Kendra Ferraro, Approva’s Senior Product Marketing Manager to understand how companies can benefit from the new Approva BizRights version.
AT: Why is process-level monitoring a top priority for companies?
KF: When business is great, companies seem to only care about the bottom line. If they’ve exceeded their revenue goals, everything is peachy: bonuses are paid, shareholders are pleased, and expense accounts are endless. Why fix something that is not broken? As we’ve come to learn recently, a broken business process and strong performance are not mutually exclusive events. More and more companies are examining their business processes with a fine-tooth comb. What are they looking for? Basically anything that will help them identify where they can save costs (e.g. by increasing business process efficiencies, reducing the possibility for fines); increase revenue (e.g. through more efficient billing procedures and sales processing); and gain more confidence in the accuracy of their financial statements (e.g. through accurate revenue recognition and classification of debits and credits). Oh yeah, and it doesn’t hurt that they can impress their auditors, close their books faster and make life happier for business process owners to boot.
The value of process-level monitoring can come through identification of large business exceptions or thousands of small business exceptions. For example, just identifying a couple large overpayments, bogus vendors, or invalid payroll payments can show significant ROI. Business exceptions in small-amount transactions such as not taking advantage of vendor discounts, paying invoices too soon and issuing excess rebates can show significant deficits to the bottom line over time.
AT: What is the biggest advantage of transaction monitoring?
KF: Let’s take the example of a large global company that makes thousands of transactions on a quarterly basis. Without a controls monitoring solution to continuously monitor for exceptions, the company has no way to proactively mitigate a potential fraud from happening. This could cost the company millions of dollars in waste and inefficiency besides a huge jolt to the company’s reputation. Now with transaction monitoring technology, the same company can take a preventative approach to mitigating fraud and managing risk. Approva BizRights Version 4.5 has expanded baselining capabilities that proactively alert users when application configurations or sensitive master data fields are altered unexpectedly, exposing business processes to unnecessary disruption or compromising the integrity of underlying data. Moreover, transaction monitoring solutions like Approva provide actionable controls intelligence to accelerate follow-up and enable users to perform root cause analysis when anomalies occur, greatly reducing error rates and the risk of fraud.
In addition to the benefits of transaction monitoring in standard business processes such as procurement, sales and accounting, Approva helps companies monitor industry-specific controls. In the public sector, this could be monitoring how grants or federal funding is allocated and used. Our utilities customers are very interested in monitoring how rates are applied to their customers. In highly regulated industries such as pharmaceuticals and financial services, transaction monitoring can be configured to help companies automate their FDA and SEC compliance.
AT: How does Approva help companies to automate controls monitoring at the business process level?
KF: Approva helps companies automate their business process controls through a multi-step process. The first component is getting access to the data in companies’ business application systems. Approva packages many data adaptors for the most common ERPs such as SAP, Oracle and PeopleSoft that accesses the data through a non-invasive minimal-impact method. For other commercial or custom-built applications, we provide a data mapping template and new adapters can be configured by using ETL tools such as SSIS or Informatica.
The next component is defining the rule set for monitoring the data. Approva has hundreds of standard rules that look for anomalies across the most prevalent business processes. Organizations can extend the scope of their controls through Approva’s user-friendly rule building interface, which caters to both business and technical audiences. Are you a business process owner who wants to monitor POs with a specific attribute? The rule interface does not require you to know how the attribute is technically stored. Are you familiar with the back-end database of your business application? Approva allows you to write rules based on the source system’s data model.
The third component is finding the intersection between your data and your rules. Approva’s powerful analytics engine quickly analyzes the data to find exceptions in the business process. Since it has the ability to look at data at a very granular level, it can show not only exceptions in your high level process (e.g. a purchase order before goods receipt), but also very low level exceptions (e.g. a purchase order before goods receipt to a non-preferred vendor where the purchase order amount changed after the purchase requisition was approved). The final component is being notified and viewing your exceptions. To accommodate multiple stakeholders, exceptions can be presented through a variety of channels and displays. Email notifications can be set-up to notify certain individuals or teams when certain exceptions are found. Within the BizRights, exceptions can be view at detailed, summary, and trending levels.
AT: What are the key benefits a company can realize with the new BizRights 4.5 edition?
KF: While we have made significant enhancements to BizRights’ transaction analytics capabilities with version 4.5, we’ve also focused on a variety of enhancements to our other product sets, including user access. On the analytics side, we continue to look for ways to monitor vast amounts of data, across multiple business applications with laser focus precision. To do this, we made several behind-the-scene changes such as implementing new technologies and refining logic algorithms at the data extraction and analysis levels. With these changes, we’ve found really promising performance gains in data extraction and analysis.
On the user access side, we’ve made significant improvements to our user provision and role management product, Access Manager. Companies can use Access Manager to centralize and streamline the process for provisioning new users or modifying existing user access across multiple business applications. Many new configuration options were introduced to increase the flexibility and scalability of these workflows.
Finally, a nifty new feature we introduced for our SAP customers is a self-service portal for SAP password resets. We heard our customers bemoan the hefty help desk cost for resetting passwords – especially those customers who outsource their SAP hosting. Now, users who can authenticate themselves within BizRights can reset their SAP passwords if they’ve forgotten it or it has been locked due to too many incorrect login attempts. The enhancements we’ve made across our business controls and user access products continue to help our customers gain confidence in the integrity of their business systems, processes and transactions by automating the way organizations monitor and respond to business exceptions.
Find out more about the Approva BizRights Version 4.5 here.
Tags: controls monitoring, general ledger monitoring, Approva BizRights, Approva, Process Analytics, fraud, Technorati Profile
| digg | del.ic.ious | reddit |
Posted on January 26th, 2009 by Katina »Permalink
Audit Trail will launch a week long data privacy awareness campaign starting on Jan 28th, to celebrate International Data Privacy Day. We will be joining an array of corporations, government officials and academics across the US, Canada and twenty seven European countries in celebrating this event that promotes awareness and education in data privacy practices. Throughout the week, Audit Trail will feature thought leaders who will be sharing best practices for securing sensitive information and safeguarding your organization against theft.
With unemployment rates peaking at an all time high, the temptation for employees to steal company information is becoming a huge concern. According to a recent study conducted by Cyber-Ark Software, fifty six percent of workers surveyed admit to being worried about losing their jobs. “Alarmingly, in preparation, more than half have already downloaded competitive corporate data and plan to use the information as a negotiating tool to secure their next post,” the study says. With insider theft becoming the number one source of data leaks, companies need to implement proactive measures like continuous monitoring of user access controls, certifying access to sensitive transactions and process-level analytics to mitigate the loss of valuable company data.
Join the Data Privacy dialogue at Audit Trail and find out if your security strategies compare with industry standards from experts like:
Dr. Marilyn Prosch, Arizona State University: Dr. Prosch is the Associate Professor of Accountancy in Arizona State University’s School of Global Management and Leadership. Her teaching interests are in the areas of electronic commerce, accounting information systems, and financial accounting. As one of the members of the AICPA Privacy Task Force that created the Generally Accepted Privacy Principles, Dr. Prosch is keen on the latest trends in accounting that pertain to privacy. She is an eminent spokesperson on the use of technology to prevent data loss and has presented at leading IT security and Data Privacy summits. Dr. Prosch will be blogging about “Top business challenges in Data Privacy and how to overcome those challenges to prevent another Société Générale Employee Fraud.”
Doron Rotman, KPMG LLP: Mr. Rotman is the National Risk & Advisory privacy service leader, a member of KPMG’s National Privacy Leadership Council, and a member of KPMG’s international privacy team. Mr. Rotman has over 20 years of experience focusing on all aspects of information risk. He has led data privacy engagements in various industry sectors. He has comprehensive knowledge of the global privacy initiatives that impact business processes. Mr. Rotman represents the firm to the AICPA Privacy Task Force, the Task Force is composed of representatives from the accounting profession in the US and Canada, industry representatives, legal representatives, and academia. Mr. Rotman will share his thoughts on “How to Establish a Data Privacy Model that Minimizes Fraud and Increases Business Efficiency: Best Practices from Global 2000 Companies.”
Steve Elliott, Approva: Mr. Elliott is the CTO and Senior VP of Products at Approva and is responsible for designing and managing the development of Continuous Controls Monitoring product suites that help companies with automated user access monitoring and periodic access reviews. He has helped CFO and CIO organizations worldwide to implement effective controls around sensitive transactions that are targets of data breaches. Mr. Elliott has over 13 years experience in enterprise software development and has been in the forefront of building technologies in the areas of security management, Internet applications, ERP and identity provisioning solutions. Mr. Elliott will talk about “Emerging Technologies in Continuous Data Privacy Monitoring.”
Come join us on Audit Trail to raise your awareness on Data Privacy issues and post a question to our expert panel.
Tags: data privacy, international data privacy day, Marilyn Prosch, Doron Rotman, Steve Elliott, data breach, href=”http://technorati.com/tag/data security” rel=”tag”>data security, Technorati Profile
lipitor drug cost buspar zoloft prednisone stopped taking side effects
difference between lexapro and celexa does prozac make your urine smell accutane timeline
symptoms of zoloft working! buy rimonabant lipitor drug cost
prednisone stopped taking side effects zithromax no prescription difference between lexapro and celexa
accutane timeline zoloft pregnancy symptoms of zoloft working!
lipitor drug cost prednisone without prescription prednisone stopped taking side effects
difference between lexapro and celexa lexapro antidepressant accutane timeline
symptoms of zoloft working! cytotec safe for abortion lipitor drug cost
prednisone stopped taking side effects accutane lawyers los angeles difference between lexapro and celexa
accutane timeline side effects of lexapro symptoms of zoloft working!
lipitor drug cost lasix without prescription prednisone stopped taking side effects
difference between lexapro and celexa lexapro prescription drug accutane timeline
symptoms of zoloft working! prednisone drug lipitor drug cost
prednisone stopped taking side effects georgia accutane claims difference between lexapro and celexa
accutane timeline lasix eye surgery symptoms of zoloft working!
lipitor drug cost prednisone overdose prednisone stopped taking side effects
difference between lexapro and celexa rimonabant accutane timeline
symptoms of zoloft working! female viagra lipitor drug cost
prednisone stopped taking side effects levitra dangers difference between lexapro and celexa
accutane timeline lasix side effects symptoms of zoloft working!
lipitor drug cost lexapro success prednisone stopped taking side effects
difference between lexapro and celexa buy clomid accutane timeline
symptoms of zoloft working! lexapro and pregnancy lipitor drug cost
prednisone stopped taking side effects overdose by celexa and zoloft difference between lexapro and celexa
accutane timeline zoloft during pregnancy symptoms of zoloft working!
lipitor drug cost cytotec abortion prednisone stopped taking side effects
difference between lexapro and celexa side effects of cipro accutane timeline
symptoms of zoloft working! cipro side effects lipitor drug cost
prednisone stopped taking side effects lexapro dosage difference between lexapro and celexa
accutane timeline cat on prozac symptoms of zoloft working!
lipitor drug cost lexapro side effects prednisone stopped taking side effects
difference between lexapro and celexa lipitor and muscle pain and weakness accutane timeline
symptoms of zoloft working! lasix surgery lipitor drug cost
prednisone stopped taking side effects georgia accutane lawsuits difference between lexapro and celexa
accutane timeline soma carisoprodol symptoms of zoloft working!
lipitor drug cost prednisone dosage prednisone stopped taking side effects
difference between lexapro and celexa buy levitra online accutane timeline
symptoms of zoloft working! zoloft abuse lipitor drug cost
prednisone stopped taking side effects enlarged liver lipitor difference between lexapro and celexa
accutane timeline zoloft weight gain symptoms of zoloft working!
lipitor drug cost lipitor unusual side effect prednisone stopped taking side effects
difference between lexapro and celexa zoloft generic accutane timeline
symptoms of zoloft working! snorting prozac lipitor drug cost
prednisone stopped taking side effects levitra sale difference between lexapro and celexa
accutane timeline lexapro vs cymbalta symptoms of zoloft working!
lipitor drug cost levitra cialis prednisone stopped taking side effects
difference between lexapro and celexa illegal use of prozac accutane timeline
symptoms of zoloft working! accutane lawsuit columbus lipitor drug cost
prednisone stopped taking side effects lasix dosage difference between lexapro and celexa
accutane timeline levitra medicine symptoms of zoloft working!
| digg | del.ic.ious | reddit |
Posted on January 9th, 2009 by Katina »Permalink
While financial pundits are debating what consequences Mary Shapiro’s appointment as the new SEC chief will have on corporate America, Audit Trail sat down with two financial experts to get their take on what to expect once Shapiro takes charge. Will she be spending most of her time re-establishing the SEC’s lost credibility as the “investor’s advocate” stemming from the recent Bernie Madoff episode or should companies start acting fast on XBRL and IFRS transitions? Let’s see what our experts have to say.
Phil Livingston, a co-author of the Sarbanes Oxley act and Approva3 board member feels that Shapiro will focus her efforts on getting the securities firms back on track versus more corporate compliance issues. In his own words:
Mary Shapiro is an experienced regulator. Her unique skill set seems to be that she is familiar with both the Commodity Futures Trading Commission (CFTC) and the SEC. There seems to be broad consensus that these two regulatory bodies will be combined in the early part of the Obama administration.
I think she will have to refocus the SEC on enforcement actions and put Chairman Cox’s XBRL and IFRS initiatives on the backburner for some period. Her experience with the Financial Industrial Regulatory Authority (FINRA) will allow her to focus the SEC’s efforts on the securities firms (Goldman and Morgan Stanley) and financial institutions as opposed to corporate compliance issues like financial reporting.
Another obvious action will be the implementation of “say on pay” rules that President-elect Obama appears to have promised the unions. This will give shareholders and pension plan a non-binding, advisory proxy vote on executive compensation each year.
On the other hand, Michael Cangemi, Approva advisory board member and the former CEO of Financial Executives International (FEI), a leading industry think tank for senior-level corporate financial executives, feels that the guard is not only changing at the SEC but this historic election has given President-elect Obama a mandate for macro change. Contrary to Livingston’s prediction, Cangemi feels that the SEC will continue to push companies towards XBRL and IFRS implementations under Shapiro’s leadership. He personally endorses moving to XBRL:
I believe it is a foundation technology that will eventually achieve implementation, but I caution the SEC that you cannot mandate a deadline for a technology project. Fast tracking the tags was essential and now the SEC must guide the pace of implementation to allow it to be efficient and effective, allowing time for the technology to be available at a reasonable cost. Once the XBRL tags are built in to ERP systems, the small cost will be well worth the benefits. I see this tagged data leading to better internal reporting and analysis and more automated continuous auditing.
As for IFRS – Cangemi believes that with the melding of capital markets worldwide and the need for one language of accounting, it will continue to be a major milestone for SEC. However, the pace of implementation should be measured for smaller public companies and private companies, who desperately need to be focused on their business.
A recent posting by Tom Quaadman on Shapiro’s appointment sums it up saying, “Yes the 1930’s may have required a pirate of Wall Street, but our times require something much different. Mary Shapiro’s resume points to the experience we need, let’s see if that that translates into the action required.”
Check back with us every Thursday for more expert comments and opinions on hot topics that affect the risk and compliance industry and send us any questions you would like to ask our industry experts.
Tags: Mary Shapiro, SEC, XBRL, IFRS, Phil Livingston,
href="http://technorati.com/tag/Michael Cangemi" rel="tag">Michael Cangemi,
href="http://technorati.com/tag/Obama" rel="tag">Obama,
Technorati Profile
| digg | del.ic.ious | reddit |
Posted on December 8th, 2008 by Katina »Permalink
Purchase cards or P-cards have become the new currency that more and more companies are using these days to make payments on a global scale. And why not? According to our friends at RPMG Research Corporation, the average administrative cost (sourcing, purchasing and payment activities) of a traditional Purchase Order (PO) process was reported to be about $89. For p-card transactions, the cost was reported around $19. Net savings: $70 per transaction. This translates into a transactional cost savings of more than $34 billion within North America on an annual basis. (Source: 2007 Purchasing Card Benchmark Survey Results by Richard Palmer and Mahendra Gupta, RPMG Research Corporation).
While it’s good to see that Corporate America is adopting cost saving measures like P-Card programs especially now, when we are officially in a recession, P-card expansion also leads to increased chances of fraud. Currently companies have no way to proactively monitor and flag exceptions like duplicate payments, unauthorized transactions, unusual vendors that ultimately result in the loss of millions of dollars in company revenue. Well, Approva does have a solution to that problem. The Approva P-Card Insight dramatically increases management’s confidence in expanding P-card usage by providing real-time visibility into the whole process. Approva can help you replace manual reconciliations with a more streamlined automated reconciliation process and alert managers on suspicious P-card activity instantaneously.
If you want to know more, join us for a free webcast on “Improve Your Visibility and Controls for P-Card Programs” by registering here.
Tags: P-Cards, Purchase Cards, Fraud, Controls Testing, Approva,
href=”http://technorati.com/tag/RPMG Research” rel=”tag”>RPMG Research,
| digg | del.ic.ious | reddit |
Posted on December 2nd, 2008 by Katina »Permalink
Make 2009 the year of increased operational efficiency and reduced risk for your company. Take the 2009 Approva Controls Intelligence Survey to gauge if your company’s enterprise risk management strategy is on par with industry standards.
Click here to take the 5-min survey.
Vist us at www.approva.net/audittrail to get the survey results mid Dec. You could also subscribe to our RSS feed to receive the survey findings directly in your inbox.
| digg | del.ic.ious | reddit |
Posted on November 17th, 2008 by Katina »Permalink
Happy Monday, everybody. Have you been reading the lively debate between Risktical Ramblings’s Chris Hayes and Stuart King (whose risk management blog is at computerweekly.com)? It seems Stuart believes Chris’s strategies for risk assessment are impractical. Chris, in a response, takes a stab at explaining how he and Stuart differ on views of risk assessment. Feel free to weigh in in the comments on who’s making the stronger case. Could Team Stuart and Team Chris tees be far behind?
Meanwhile, Jim Kim has some tough questions at FierceSarbox — first for AIG’s board and also for NY hedge fund Peconic Partners, whose fired chief compliance officer is raising questions about just what precipitated his ouster, and whether it had anything to do with questions he raised about the head of the fund’s trading activity. Hmmm.
Speaking of lively and hedge funds, check out footnoted.org’s live-blog from last week’s Congressional hearing on hedge funds. Seriously, you should read it.
| digg | del.ic.ious | reddit |
Posted on November 10th, 2008 by Katina »Permalink
What a difference a day makes. America will soon have a new President, to whom we offer our congratulations. Washington has begun preparations for the inauguration with all the pomp and circumstance that accompanies the country’s transition of power, and Americans across the land wait breathlessly for the latest on the Presidential Puppy.
Across the U.S., some are congratulating, others are celebrating, and many are wondering what this will all mean. It’s so reassuring that we can count on those in our own community to get right to important matters — what’s this going to mean for the US economy, the financial crisis, and corporations? What kind of regulation do we think an Obama administration will institute? And what are the best ideas for digging us out of this mess?
No one knows for sure, but there are lots of ideas out there. Former US Labor Secretary Robert Reich (and informal advisor to the President-Elect) is advocating a Big Bang infusion of government investing in infrastructure to get more Americans working — and thus boost the consumer demand that drives the economy. CFO ponders what the composition of the President-Elect’s economic team signals about his plans for various corporate finance issues, Compliance Week considers how investor activists are gearing up for an Obama administration, and WebCPA has the latest on how Major League Baseball might help players avoid a 2009 tax-hike by paying signing bonuses in 2008.
| digg | del.ic.ious | reddit |
Posted on November 3rd, 2008 by Katina »Permalink
With all the focus on portfolios and the bailout and credit issues and so on, it’s taken some time to take stock of farther-reaching effects on our financial system. Like, for instance, what this is going to mean for the coming move to international accounting standards. This piece from CFO has a pretty interesting take on how that move is shaping up in light of recent events. Speaking of accounting standards, CFO’s also got the goods on the former FDIC chief who holds fair-value accounting responsible for destroying millions of dollars in capital. Not that everyone shares that opinion — as CNN reports, the SEC has gotten conflicting advice on its advisability. Web CPA has the latest on the Senate’s recent vote to reaffirm the SEC’s authority to suspend mark-to-market accounting as part of the rescue plan.
accounting standards, GAAP, IFRS, fair value
| digg | del.ic.ious | reddit |
