acl
TRANSCRIPT
Use of ACLUse of ACLin Audits & Investigationsin Audits & Investigations
Lon S. Heuer, CPA, CIALon S. Heuer, CPA, CIAAssociate Vice President for Institutional Compliance and Associate Vice President for Institutional Compliance and
Director, Office of Internal AuditsDirector, Office of Internal Audits
Dyan G. Hudson, CISADyan G. Hudson, CISAAssociate Director, Office of Internal AuditsAssociate Director, Office of Internal Audits
AgendaAgenda
Overview of Generalized Audit SoftwareOverview of Generalized Audit Software How to Get StartedHow to Get Started Getting Basic File InformationGetting Basic File Information Looking for AnomaliesLooking for Anomalies Detailed Transaction AnalysisDetailed Transaction Analysis Example – Procurement Card Case StudyExample – Procurement Card Case Study
OverviewOverviewWhat does it do?What does it do?
Allows auditors to extract and analyze data Allows auditors to extract and analyze data independent of programmers and auditees independent of programmers and auditees
Summarizes large amounts of dataSummarizes large amounts of data 100% testing of large populations100% testing of large populations
– Increases probability of detecting errors and Increases probability of detecting errors and omissionsomissions
– Increases probability of detecting fraudIncreases probability of detecting fraud
Getting StartedGetting StartedKnow Your Data!Know Your Data!
Know where to get itKnow where to get it– Platform (PC/mainframe/other) and formatPlatform (PC/mainframe/other) and format– Quantity and extract optionsQuantity and extract options– Knowledgeable staffKnowledgeable staff
Know what it should look likeKnow what it should look like– Important fieldsImportant fields– Statistical expectationsStatistical expectations
Check key fields for validityCheck key fields for validity– Numeric / alphanumericNumeric / alphanumeric– Blank / non-blankBlank / non-blank– Valid codesValid codes
Getting StartedGetting Started
Validity Checks Demo
Get Basic InformationGet Basic Information
Generate summaries and statistics on key Generate summaries and statistics on key fieldsfields– Record countRecord count– Totals and key subtotalsTotals and key subtotals– Average, maximum, minimum valuesAverage, maximum, minimum values
Run “overview” reports (Classify, Run “overview” reports (Classify, Summarize)Summarize)
Get Basic InformationGet Basic Information
Summary statistics demo
Overview reports demo
Look for AnomaliesLook for Anomalies
Exception reportsException reports Statistical deviance and digital analysisStatistical deviance and digital analysis
– Benford’s LawBenford’s Law– Rounding of amountsRounding of amounts– Even dollar amountsEven dollar amountsStuff to Read:Stuff to Read:www.utexas.edu/admin/audit/files/www.utexas.edu/admin/audit/files/
Using Audit ToolsUsing Audit ToolsCase StudiesCase StudiesDigital AnalysisDigital Analysis
Look for AnomaliesLook for Anomalies
Look for AnomaliesLook for Anomalies
Look for AnomaliesLook for Anomalies
Exception report demo
Benford’s analysis demo
Detailed Transaction AnalysisDetailed Transaction Analysis
Extract “suspect” records for reviewExtract “suspect” records for review Select statistically valid sample for review Select statistically valid sample for review
and extractand extract
Detailed Transaction AnalysisDetailed Transaction Analysis
Extract Demo
ACL ExercisesACL Exercises
Go to Go to
www.utexas.edu/admin/audit/files/
Download all files.Download all files.
Open Open CARDUSE.ACLCARDUSE.ACL using ACL Workbook using ACL Workbook and follow instructions in and follow instructions in EXERCISES.DOCEXERCISES.DOC..
ExampleExampleProcurement Card FraudProcurement Card Fraud
BackgroundBackground Fiscal Year 2000 Audit Plan – Spot CheckFiscal Year 2000 Audit Plan – Spot Check Procurement Card Program Fiscal Year 99Procurement Card Program Fiscal Year 99 Follow up to 1997 auditFollow up to 1997 audit StatisticsStatistics
– Over 300 departments and 1,680 cardsOver 300 departments and 1,680 cards– 281,000 transactions (through 5/31/2002)281,000 transactions (through 5/31/2002)
(78,463 in FY01, 63,559 in FY02 through 5/31)(78,463 in FY01, 63,559 in FY02 through 5/31)
– $41.3M $41.3M ($12.0M in FY01, $9.3M in FY02 through 5/31)($12.0M in FY01, $9.3M in FY02 through 5/31)
Obtaining Data for AnalysisObtaining Data for Analysis
Card DataCard Data
Transaction DataTransaction Data
Merchant ClassesMerchant Classes
Accounting/Payment DataAccounting/Payment Data
Data from Bank of AmericaData from Bank of America
Data from UT Accounting SystemData from UT Accounting System
Merged Transaction Merged Transaction Data File in ACLData File in ACL
Data Analysis Using ACLData Analysis Using ACL
Summaries & StatisticsSummaries & Statistics High volume cardholdersHigh volume cardholders High dollar cardholdersHigh dollar cardholders High volume merchantsHigh volume merchants High dollar merchantsHigh dollar merchants
Exceptions & AnomaliesExceptions & Anomalies Policy violationsPolicy violations Other unusual transactionsOther unusual transactions
Created reports based on merchant class code Created reports based on merchant class code to identify unusual types of purchasesto identify unusual types of purchases
International itemsInternational items Clothing storesClothing stores PetsPets
GasGas FlowersFlowers Bicycle shopBicycle shop
GiftsGifts CharitiesCharities SchoolsSchools
Equipment RentalEquipment Rental CollegesColleges Travel-relatedTravel-related
Postal ServicePostal Service Utilities (including telephone services)Utilities (including telephone services)
InternetInternet Grocery storesGrocery stores
TransportationTransportation AntiquesAntiques
Policy ViolationsPolicy ViolationsType of PurchaseType of Purchase
Other Policy ViolationsOther Policy Violationsand Unusual Transactionsand Unusual Transactions
Transactions over $999.00 limitTransactions over $999.00 limit Split Orders – Split Orders – multiple transactions to single multiple transactions to single
vendor on single day with total amount over vendor on single day with total amount over $999.00$999.00
Even dollar amountsEven dollar amounts Sales tax paid to Texas merchantsSales tax paid to Texas merchants
Match Suspect TransactionsMatch Suspect Transactionsto Accounting Recordsto Accounting Records
Complicated account postings and transfers Complicated account postings and transfers between accountsbetween accounts
Matched dollar amounts and dates using Matched dollar amounts and dates using ACL’s Duplicate function to identify ACL’s Duplicate function to identify movement of funds between accountsmovement of funds between accounts
Scrutinized electronic routing and approval Scrutinized electronic routing and approval of electronic payment documents to identify of electronic payment documents to identify weaknesses in segregation of duties and/or weaknesses in segregation of duties and/or insufficient account/transaction reviewsinsufficient account/transaction reviews
Initial InvestigationInitial Investigation
Reviewed Existing ReportsReviewed Existing Reports
Ran Additional Reports - Single Card UseRan Additional Reports - Single Card Use
Collection of ReceiptsCollection of Receipts
Meeting with Principal InvestigatorsMeeting with Principal Investigators
Personnel ActionsPersonnel Actions Secure Electronic Hardware/ Files/ etc.Secure Electronic Hardware/ Files/ etc. Coordination with Police and District Attorney’s Coordination with Police and District Attorney’s
OfficeOffice Arrest of subjectArrest of subject
Compilation of EvidenceCompilation of Evidence
ProblemsProblems
Card Use (10/97 - 4/00)Card Use (10/97 - 4/00)
• Transactions: 1,840Transactions: 1,840
• Volume: $209,403Volume: $209,403
Post 4/99 Receipts Destroyed (65%)Post 4/99 Receipts Destroyed (65%)
Complicated Account PostingsComplicated Account Postings
Number/Type of VendorsNumber/Type of Vendors
Compilation of EvidenceCompilation of Evidence
ApproachApproach
Document Each TransactionDocument Each Transaction
Evaluate Source Documents:Evaluate Source Documents:
• Original receiptOriginal receipt
• Receipt copy - On request or by subpoenaReceipt copy - On request or by subpoena
• Vendor web sites - order history & account infoVendor web sites - order history & account info
• E-mail purchase & shipping confirmationsE-mail purchase & shipping confirmations
Compilation of EvidenceCompilation of Evidence
Case ICase I
ReceiptsReceipts
Online order historyOnline order history
Email confirmationsEmail confirmations
Returns for credit on Returns for credit on personal cardspersonal cards
Case IICase II
Receipt with forgeryReceipt with forgery
Online order historyOnline order history
Email confirmationsEmail confirmations
Case I - ReceiptsCase I - Receipts
Case I - ReceiptsCase I - Receipts
Case I – Online Order HistoryCase I – Online Order History
Case I – Email Case I – Email ConfirmationConfirmation
Case I – ReturnsCase I – Returns
OrderReturn
Credit
Case II – Receipt Case II – Receipt With ForgeryWith Forgery
Forged Receipt
Case II – Receipt Case II – Receipt With ForgeryWith Forgery
Actual Receipt
Forged Receipt
Control IssuesControl Issues
Separation of DutiesSeparation of Duties
Sharing of PasswordsSharing of Passwords
Account ReconciliationsAccount Reconciliations
Minimal Account ReviewsMinimal Account Reviews
Corrective StepsCorrective Steps
Letters to Deans, Directors, Principal Letters to Deans, Directors, Principal Investigators, etc.Investigators, etc.
Follow-up Confirmations to Hierarchical Follow-up Confirmations to Hierarchical GroupsGroups
Improvement of Control StructureImprovement of Control Structure On-going Part of Compliance ProgramOn-going Part of Compliance Program
Improvement of Improvement of Control StructureControl Structure
Website InformationWebsite Informationhttp://www.utexas.edu/admin/purchasing/procard/pcardwelcome.htmlhttp://www.utexas.edu/admin/purchasing/procard/pcardwelcome.html
Testing of new cardholdersTesting of new cardholdershttp://www.utexas.edu/admin/purchasing/procard/pcardmodule1.htmlhttp://www.utexas.edu/admin/purchasing/procard/pcardmodule1.html
Tightened card use limitsTightened card use limits Review/acknowledge voucher approvalReview/acknowledge voucher approval
On-going Compliance ActivitiesOn-going Compliance Activities
Inclusion in Compliance Verification Inclusion in Compliance Verification SystemSystem
Approvals of monthly vouchersApprovals of monthly vouchers Quarterly reviews using ACLQuarterly reviews using ACL
Quarterly ACL ReviewsQuarterly ACL Reviews
Card Use ReportsCard Use Reports– Ranks by $ amountRanks by $ amount– Ranks by # transactionsRanks by # transactions
Card Use SummaryCard Use Summary
Quarterly ACL ReviewsQuarterly ACL Reviews
Card Use ReportsCard Use Reports– Ranks by $ amountRanks by $ amount– Ranks by # transactionsRanks by # transactions
Compliance/Miscellaneous ReportsCompliance/Miscellaneous Reports– Transactions > $999.00Transactions > $999.00– Potential Split OrdersPotential Split Orders– Posting delays > 30 daysPosting delays > 30 days
Compliance/Misc. SummaryCompliance/Misc. Summary
Compliance/Misc. SummaryCompliance/Misc. Summary
Quarterly ACL ReviewsQuarterly ACL Reviews
Card Use ReportsCard Use Reports– Ranks by $ amountRanks by $ amount– Ranks by # transactionsRanks by # transactions
Compliance/Miscellaneous ReportsCompliance/Miscellaneous Reports– Transactions > $999.00Transactions > $999.00– Potential Split OrdersPotential Split Orders– Posting delays > 30 daysPosting delays > 30 days
College/Department Level ReportsCollege/Department Level Reports
Quarterly ACL ReviewsQuarterly ACL Reviews
Merchant Summary ReportsMerchant Summary Reports– High $ MerchantsHigh $ Merchants– ““Suspect” MerchantsSuspect” Merchants– Merchant TypesMerchant Types
Specific Card Investigations/WatchesSpecific Card Investigations/Watches
Procard Review ProceduresProcard Review Procedures
ReportsReports Coordination with Other DepartmentsCoordination with Other Departments
– Internal AuditsInternal Audits– PurchasingPurchasing– Accounts PayableAccounts Payable
Follow-upFollow-up
