Data Analytics: Identifying and Responding to Business Risks Efficiently

Every time a company processes a transaction there is risk. Be it accidental errors such as duplicate entry, incorrect posting, and transposing numbers or intentional misconduct, all might be difficult to spot. As technology has advanced, so has the speed and volume of transaction processing. More is done in less time, which potentially increases the likelihood of error.

What can be done to prevent or mitigate these risks? Internal Controls. When designed properly, Internal Controls can detect a risk once it happens, or better yet, prevent a risk from happening in the first place.

Under the COSO Internal Control-Integrated Framework, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations.*

An example of an internal control is the three way match between a Purchase Order, a receipt of the goods and the related invoice. The control is that the match ensures that the invoice has the authorized price from the Purchase Order and that the quantity agrees to what has been received.

Designing an effective system of Internal Controls is just the beginning. Once designed, it is important to test the Internal Controls to make sure they are operating effectively. The traditional method for testing would investigate a sample size of roughly 25 invoices. If there are exceptions, the sample size will be increased. If there are no exceptions in the first 25, the Internal Controls were deemed effective. Without automation, this is the typical way to test the transactions and make assumptions on the entire population by extrapolation since there are too many transactions to manually test each one.

But what if there were errors, just not represented within the sample? Using CAATTs is the answer.

Computer Assisted Audit Tools and Techniques (CAATTs), is the practice of using software such as Excel or Access, or specialized Audit software such as ACL or IDEA, or ERP specific tools built into SAP or Oracle to automate or simplify the audit process. CAATTs are an efficient way to test all transactions, providing 100% assurance on the effectiveness of Internal Controls.*

What are the benefits?

• Large amount of data can be examined efficiently
• Timely identification of business risks and exceptions
• Business days are not interrupted with information requests to pull paper samples
• Once established, running the tests is simple and very cost-effective

What are the drawbacks?

• Setup time requires IT resource knowledge and availability
• Knowledge of the software to create the tests accurately
• Different system applications at different locations requires different tests to be created

To learn more about using CAATTS to identify and respond to business risks more efficiently visit www.vonyaglobal.com or contact Vonya Global for a free consultation.

* Excerpts taken from www.wikipedia.com

Social Media - is it Friend or Foe?

Social media is rapidly becoming a critical tool for communication not only bringing benefits, but also risks. For many organizations, social media is a vital channel for communication to customers, partners and stakeholders. However, some organizations see it as a distraction to their employees and a potential security threat and reputation risks. The key, of course, is to maximize the opportunities it presents and minimize the risks.

As an alternative to simply banning or limiting employees from using social media, organizations should understand the role that these innovative services have in today’s world. With the appropriate amount of governance, organizations can leverage social media to help reach their objectives.

In order to develop, implement, monitor and improve social media activities within an organization, an effective governance framework is imperative. A social media strategy and policy should be established followed by a risk assessment. Based on the outcome of the risk assessment, embed key controls, including an acceptable use agreement, corporate image rules and branding guidelines. Implementation of operational best practice guidelines should cover blogging and usage of popular sites such as LinkedIn, Twitter, Facebook, and YouTube.

Finally, ensure that roles and responsibilities are defined, metrics and monitoring procedures are established, and training and communication organization-wide takes place to help provide awareness and conformity.

Whether your objectives are to generate exposure for your business, increase traffic to your site, build new business partnerships or bring in new, qualified leads, benefits from social media can be realized as long as there is an effective governance structure in place to mitigate the associated risks.