november 30 th 2012, san francisco. 7:45 -8:15 amregistration and breakfast 8:15 -8:20 amwelcome and...
TRANSCRIPT
![Page 1: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/1.jpg)
SF IIA Fall Seminar Internal Audit's Role
in the Changing Business Landscape
November 30th 2012, San Francisco
![Page 2: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/2.jpg)
7:45 -8:15 am Registration and Breakfast
8:15 -8:20 am Welcome and Introductions
Ed Byers, (Deloitte),
Farhan Zahid, (Deloitte)
8:20 -9:00 am Emerging Hot Issues Security and Privacy – Husam Brohi, Michael Corey (PWC) Vendor Compliance – Byron Tatsumi, (KPMG)
09:00 -09:50 am Leveraging Data Analytics to Enhance Your Internal Audit Function Dawei Qu, (BlueShield of California), Dale Livezey (Deloitte)
9:50 -10:10 am BREAK
10:10 -11:30 am Enterprise Risk Management and Impact to Your Audit Plan
CAE Panel Discussion led by Shawn Kirshner (Accretive Solutions)
Agenda
![Page 3: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/3.jpg)
11:30 -12:20 pm Risks in Social Media
Anna Tchernina, Willis Kao (Deloitte)
12:20 -1:20 pm GOURMET LUNCH (provided)
1:20 -2:10 pm Fraud Risk Management – The Things You Need To Know
Paul Ritchie, (Deloitte)
2:10 – 3:00 pm Top 10 IT Internal Audit Risks
Michael Juergens (Deloitte)
3:00 – 3:20 pm BREAK
3:20 – 4:40 pm Understanding Your Auditee – How to Communicate More Effectively
Group Setting
Howie Cumme (URS)
Ed Byers, (Deloitte)
Farhan Zahid (Deloitte)
Agenda
![Page 4: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/4.jpg)
WelcomeSF IIA Fall Seminar
ChairEd Byers, (Deloitte)
Farhan Zahid, (Deloitte)
![Page 5: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/5.jpg)
Logistics – Fire Exits and Restrooms
Breaks and Lunch
Phone calls
Questions and Answers
Rules of the Road
![Page 6: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/6.jpg)
Emerging Hot Issues08:20 – 09:00
Various Presenters
![Page 7: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/7.jpg)
08:20 – 08:40 Security and PrivacyHusam Brohi, PWCMichael Corey, PWC
08:40 – 09:00 Vendor ComplianceByron Tatsumi, KPMG
Emerging Hot Issues
![Page 8: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/8.jpg)
Fortifying your defenses The role of internal audit in assuring data security and privacy
![Page 9: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/9.jpg)
PwC
CEOs/Boards are no longer ignoring Information and Technology (I&T) Risks
I&T Risk is an enterprise-wide issue. Specific types of risks organizations are facing include:
• Connected IT infrastructure exists in an environment that is increasingly under threat against unauthorized access or disclosure of sensitive data and attacks originating from cyber-criminal groups and hackers.
• Increase in Privacy and Security regulatory mandates in recent years, as well as expected changes in upcoming years.
• Boards are no longer willing to accept the risk that technology can pose to the business.
• Growing demand by business leaders to understand how security integrates with privacy (“what” data is sensitive to the business) and security (“how” they protect the data deemed sensitive).
• Increase in threats and vulnerabilities to sensitive data and corporate assets.
• Businesses continue to struggle to maintain accountability to their stakeholders and establish effective strategies and standards for security risk management and privacy control activities.
9
![Page 10: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/10.jpg)
PwC
Change and Complexity is Right Around the CornerSecurity and Privacy Hot Topics: Balancing Business Enablers vs Business Risks
10
Organizations looking to improve privacy management in the event of a breach have to continually plan and prepare.
Organizations in all industries are under increased scrutiny by regulatory governance bodies.
While risks associated with third parties and cloud computing continue to increase, many companies are less prepared to defend their data.
Privacy and Data Loss Prevention
Regulatory Compliance
Third Parties and Cloud Computing
Companies need to stay informed about the constantly changing threat environment, processes to identify potential vulnerabilities, and processes to resolve potential exposures.
Mobile platforms, social media, and accelerated product life cycles are just the latest contributors to risk of an enterprise.
The cyber threat landscape continues to yield an increasingly sophisticated underworld of criminals. Companies need to remain prepared for such cyber crises.
Mobility and Social Media
Technical threats and vulnerabilities
Cyber Crime
![Page 11: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/11.jpg)
PwC
Stakeholders want focus in all critical risk areasRisk areas in which stakeholders and CAEs want/plan to add IA capabilities
11
Government spending and taxation
Energy and commodity costs
Commercial market shifts
Competition
Mergers, acquisitions and JVs
New product introductions
Economic uncertainty
Large program risk
Financal markets
Regulations and government policies
Reputation and brand
Talent and labor
Business continuity
Fraud and ethics
Data privacy and security
11%
14%
10%
10%
26%
29%
23%
29%
22%
32%
21%
27%
22%
31%
46%
7%
12%
10%
12%
27%
23%
21%
33%
24%
34%
22%
24%
32%
47%
52%
CAEs
Stakeholders
![Page 12: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/12.jpg)
PwC
Acting today to protect data: The critical role ofinternal audit
12
What the audit committee should expect of internal audit
In the risk assessment report that it presents to the audit committee, internal audit should highlight the organization’s significant data security and privacy risks, including any new risks. Further, it should identify weaknesses in policies and controls.
Because the nature of information security risks is evolving continuously, internal audit functions need to stay ahead of the threat curve. stay plugged in to emerging security threats, and practices for protecting against them.
Internal audit’s role in ensuring that information security threats are properly considered becomes especially important when a company is ready to roll out a new business process, product or information system.
Internal Audit must also keep its ear to the ground and move quickly to conduct special audits for new information security threats, which some executives consider as important as regularly scheduled audits
1
2
3
Strengthen the Annual Risk Assessment to be relevant
Having the right people
Stay vigilant on key or triggering events
![Page 13: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/13.jpg)
PwC
Overcoming the barriers to internal audit playing an effective roleEffective data privacy and security measures are not easy to effect. In fact, we commonly find four barriers in organizations that try to adopt them.
13
Exposures are changing constantly,policies and controls need to changealongside them.
A mindset that believes adequatecontrols are already in place.
1
Implement cost/benefit analysis in risk assessment to assesses potential damage of various types of security breach.
Cost. Achieving and maintainingeffective information security cancost significant money and effort.
2
Hiring & training staff to be top of their game in this arena and/or outsourcing as needed to experts that have technical skills
Low expectations. Internal Audit not viewed as capable of assessing complex security and privacy topics.
3
Establish responsibility and accountability. Define and assign a single point of responsibility for information security.
Fragmented responsibilities. The job of maintaining effective information security controls is often split among many stakeholders
4
![Page 14: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/14.jpg)
PwC
Thank you…
For more information, please contact:
Michael Corey 415-505-2482 [email protected]
Husam Brohi 415-205-8068 [email protected]
14
![Page 15: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/15.jpg)
Adobe Acrobat Document
![Page 16: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/16.jpg)
16
IIA ConferenceNovember 30, 2012
Continuous Audit with Data Analytics
![Page 17: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/17.jpg)
17
Speakers
Dale LivezeySenior Manager, NorPac Regional Technology Leader
Deloitte & Touche LLPAudit and Enterprise Risk ServicesSan Francisco, CA [email protected]
Dawei QuInternal Audit Manager
Blue Shield of CaliforniaInternal Audit ServicesSan Francisco, CA [email protected]
![Page 18: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/18.jpg)
18
• Benefits of Data Analysis• Type of Data Analysis
Ad hoc queryRepetitive AnalysisContinuous Auditing
• Case StudyClaims Denials AuditAccounts Payable Audit
Agenda
![Page 19: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/19.jpg)
19
Benefits of Data Analytics
![Page 20: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/20.jpg)
20
More efficient and effective manual testing
Assist in root cause analysis
Test Validity and accuracy of reports
Target and assess specific risk areas
Identify control weakness / effectiveness gaps
Data Analytics can help in many aspects of business process testing
Overall more effective control testing
services for our clients
Data analysis improves the quality, effectiveness and efficiency of audits• Performs 100% recalculations and verification of transactions in a timely and repeatable fashion• Compares data from multiple / disparate systems• Provides business insights and identifies process improvement opportunities• Presents quantifiable results from analysis based on complete population
Benefits of Analyzing Data
![Page 21: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/21.jpg)
21
Benefits of Analyzing Data
Approach BenefitProfiling and trending • Focus on specific areas of risk or interest
• Provide insights into transactional history and behavior• Test internal controls effectiveness• Identify hidden relationships between people, organizations
and events
Customized transactional analysis
• Geared towards a clients specific business process• Reduction in manual testing procedures• Perform proactive instead of reactive audits• Identify potentially improper or fraudulent transactions
Statistical Sample selection and evaluation
• More efficient and accurate selection procedures• Reduces time spent on selections of little or no interest• Analyze the full population of transactions instead of a
traditional sampling approach• Focus on risk!
Report re-performance and metric recalculation
• Validate operational reporting systems and assist in the documentation of current reporting process
• Reduce manual testing procedures
![Page 22: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/22.jpg)
22
Type of Data Analysis
![Page 23: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/23.jpg)
23
Computer Aided Audit
1) Ad-Hoc Query: One time based specific analytic query or analysis at a point of time. No intention of repetitive testing Explorative and investigative
2) Repetitive: Periodic analysis of processes from multiple data resources
Periodical Seek to improve the efficiency , consistency, and quality of audits
![Page 24: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/24.jpg)
24
Continuous Audit
1) Definition: The independent application of automated tools to provide assurance on financial, compliance, strategic and operational data within a company.
2) Nature: Automated Continuous basis – Specified intervals Constantly search for errors, fraud and inefficiencies Advanced analytic tool involved: SAS and ACL
3) Example: Automated A/P review Automated J/E review Operational process review
![Page 25: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/25.jpg)
25
What are Companies Doing?
1) 25% have CA programs in 2009, compared to 11% in 2006 *
2) Benefits listed by survey participants : Auditors are aware of issues as they occur 100 percent of the population rather than a sample is evaluated Allow to create preventive controls for process owners
3) Challenges listed by survey participants: Implementation takes long Auditors need to have detailed knowledge of the underlying data
structures to use the tool correctly Auditors and business owners have to the determine parameters
used in the CA program
Note: Statistic is based on IIA survey
![Page 26: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/26.jpg)
26
Case Study 1 – SAS Medical Claims Denials
Analytics
Note: Numbers or findings have no meaning beyond being placeholders for the given example
![Page 27: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/27.jpg)
27
Steps
1) Audit Planning2) Data Readiness3) Data Analysis4) Risk based Sampling5) Substantive Testing6) Communication of Results
![Page 28: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/28.jpg)
28
Audit Planning
1) Establish Testing Period: Jan to June of 20122) Determine Scope: all medical claims denied from Jan to June of 20123) Determine Frequency: quarterly4) Define Audit Objective: Ensure claims were appropriately denied
as per provider contract, member benefit and regulation5) Select Audit Methodology:
Perform data analysis to identify high risk denial areas Perform risk based sampling and substantive testing
6) Know your Deliverables: An excel based deck to present data analysis results An audit report to communicate findings of substantive testing
![Page 29: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/29.jpg)
29
Data Readiness
1) Request Data: Pull data directly from corporate data marts Work with IT to extract relative data
2) Data Reconciliation Control total Key fields (numeric fields) tie-out
3) Data Quality Test Duplicate records Missing values of key fields Invalid value of key fields. For example, billed date of
01/32/2012; negative co-pay/deductable amount
![Page 30: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/30.jpg)
30
Data Analysis Steps
1)Research the relative areas of high risks by partnering with business owners
Measurement of compliance risk: system days per claimMeasurement of operational risk:
locations per claimdenial ratio at provider level
Measurement of financial risk: billed amount /claim2)Design the profiling tests in relation to specific risks
Determine the list of testsMap test to risk(s)
3)Develop testing routines in SAS4)Review the data analysis results with business owners
![Page 31: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/31.jpg)
31
Data Analysis – Profiling Tests
1)Population overview
2)Trend analysis of denial rate
3)Trend analysis of system date
4)Dollar stratification
5)Location count stratification
6)Profiling of providers (hospitals)
7)Profiling of explanation of benefit (EOB) codes
![Page 32: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/32.jpg)
32
Data Analysis - RPM
![Page 33: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/33.jpg)
33
Population Overview
The average billed amount for denied claims is significant higher than paid claims Denied claims take longer to process compared to paid claim Denied claims go through more locations to complete
![Page 34: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/34.jpg)
34
Trend Analysis – Denial Rate
Facility (hospital) denial rate is significantly higher compared to overall average Denial rate in May 2012 is high driven by the higher denial rate of facility claims
![Page 35: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/35.jpg)
35
Trend Analysis – System Day
Manual claims take longer by the processing system to reject or pay. Correlation exists between denial rate and manual system days in May May population is worth to look into
![Page 36: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/36.jpg)
36
Stratification
Yellow strata subjects to risk based sampling while purple might need drill down Auditors may design strata according to relative limit approval controls
Dollar Stratification
Stratification on location
![Page 37: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/37.jpg)
37
Profiling on Hospitals
The denial rate for top providers is significantly high compared the average (20%) Provider #2 has a high denial rate in May Hospitals #1, #2 and #5 are trending up on denial rate
![Page 38: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/38.jpg)
38
Profiling on Explanation of Benefit
19%
17%
11%
50%
3%
Break-out by EOB Category
MG/IPA ResponsibilityEligibility - MemberMissing EOBNon-Contract BenefitDuplicate
11% blank EOB is noted This break-out can be compared against the industry benchmark to analyze the space of improvement
![Page 39: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/39.jpg)
39
Profiling and Sampling Process Flow
Denial Claims with
EOB Desc
Datamart
Logics to define denials
SAS Programming – Pull In Scope Denied Claims Data
25 Claim Selections
Risk Assessment - Assign Risk Score to Sub-Population of Each Analysis
EOB Desc File
Analysis 1
Population Overview
Analysis 2
Trend by Denial Rate
Analysis 3
Trend by System Date
Analysis 4
Dollar Stratification
Analysis 5
System Day Stratification
Analysis 6
Location Stratification
Analysis 7
COB Profiling
Analysis 8
ER Visits Profiling
Analysis 9
Provider Profiling
Analysis 10
EOB Profiling
Analysis 11
IPA / MG Drill Down
SAS Programming - Analyze the Claims Data
Score: 1
Trend by Denial Rate
Score: 1
Trend by System Date
Score: 1
Dollar Stratification
Score: 1-2
System Day Stratification
Score: 1-2
Location Stratification
Score: 1
ER Visits Profiling
100% Test
Provider Profiling
Score: 1-3
EOB Profiling
100% Test
DOFR Drill Down
Score: 0
Population Overview
Score: 0
COB Profiling
SAS Programming: Claims Scoring and Sampling
12 Provider Selections
Input:
Output: Subject to Detail Testing
![Page 40: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/40.jpg)
40
Risk Based Sampling - Selections
1) Risk score is calculated for each claim
2) Total risk score is the sum of risk weight for each failed / hit profiling tests
3) Samples were selected from the claims with higher risk scores
4) Auditors professional judgment plays an important role on finalizing samples
5) Average number of risks tested per sample is 5.56
![Page 41: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/41.jpg)
41
Communication of Findings
Finding 1:
During the data analysis, Internal Audit noted that 11% denied claims do nothave explanation of benefit (EOB) codes. This was a result of an incorrect fieldmapping between the claims processing system and Claims data mart.
Finding 2:
During the data analysis and the subsequent detail testing, Internal Audit notedthat the denial rate for hospital #2 in May is significant higher than other periodsand other hospitals. This was a result of an insufficient communication on thechanged provider contracts.
![Page 42: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/42.jpg)
42
Case Study 2 – Accounts Payable
![Page 43: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/43.jpg)
43
Agenda
Final Assessment
Project Snapshot
Roles and Responsibilities
Purpose and Scope
![Page 44: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/44.jpg)
Internal Audit engaged Deloitte to help proof of concept
Account PayableFCPAExpenses
Purpose and Scope
Deloitte understands that the Company’s objectives for this engagement are:
Assist with developing ACL scripts, to serve as queries for use by limited members of various business units, as part of routine management oversight.
Obtain results of profiling analytics specifically on procurement and expense data provided by the Company.
Execute sample profiling scripts, as a test case, to assist with FCPA (Foreign Corrupt Privacy Act) related controls.
Assess the applicability of scripts executed, and determination of additional scripts to be considered for future development in the Procurement Cycle.
![Page 45: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/45.jpg)
Project Snapshot
Accounts Payable– List of Analytics performed
Vendor Analyses: Vendor Master Check Valid Vendor Analysis Vendors with PO Box Addresses Duplicate Vendor Analysis One Time Vendor
Invoice Analyses:
Duplicate Invoices Payment Date vs. Invoice Date Analysis Benford Analysis
Disbursement Analyses:
Payments to Vendors not in Vendor Master or Unauthorized/Restricted Payee Name / Vendor Name Mismatch Duplicate Disbursements Benford Analysis
![Page 46: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/46.jpg)
Project SnapshotAccounts Payable – Continued….
Analytics - VENDOR MASTER CHECK
![Page 47: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/47.jpg)
Project SnapshotAccounts Payable – Continued….
Analytics – Duplicate Vendors
![Page 48: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/48.jpg)
Project SnapshotAccounts Payable – Continued….
Analytics – PAYMENT DATE VS. INVOICE DATE
![Page 49: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/49.jpg)
Project SnapshotAccounts Payable – Continued….
Analytics – DUPLICATE DISBURSEMENTS
![Page 50: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/50.jpg)
Project Snapshot
Expense Report – List of Analytics performedLine items flagged as “Policy Violation”Expense booked in advance of the actual expense date.Flight within US above $500 Hotels above $1000Group Meals above $50Duplicate Analysis 1 – Combination of Expense date, Expense line amount, Expense type, Employee name and Expense report numberDuplicate Analysis 2 – Combination of Expense date, Expense line amount, Expense type and Employee nameMissing Expense ReceiptExpense over WeekendsExpense over Holidays
![Page 51: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/51.jpg)
Project SnapshotExpense Report – Continued….
Analytics - Flight within US above $500
![Page 52: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/52.jpg)
Project SnapshotExpense Report – Continued….
Analytics – Duplicate Line Items
![Page 53: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/53.jpg)
Project SnapshotExpense Report – Continued….
Analytics – Expenses booked in advance of the actual expense date
![Page 54: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/54.jpg)
Project Snapshot
FCPA Analytics– List of Analytics performed
Keyword search – Invoice line description
Keyword search – Expense line description
Payment Date vs. Invoice Date Analysis – Run as part of the AP Analytics
![Page 55: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/55.jpg)
Project SnapshotFCPA – Continued….
Analytics – Keyword search – Expense line just
![Page 56: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/56.jpg)
Final Assessment
![Page 57: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/57.jpg)
Final AssessmentContinued….
![Page 58: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/58.jpg)
58
Questions?
![Page 59: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/59.jpg)
BREAK09:50 – 10:10
![Page 60: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/60.jpg)
Enterprise Risk Management and Impact
to Your Audit Plan 10:10 – 11:30
CAE Panel Discussion led by Shawn Kirshner (Accretive Solutions)
![Page 61: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/61.jpg)
61
Panel Members
Janet ChapmanGeneral Auditor, Union Bank
Cindy OvermyerSVP, Internal Audit Services, Kaiser Permanente
Thierry DessangeDirector, IT Audit, Safeway
Pat SammonHead of Audit & Advisory Services, Autodesk
Kathy GuthormsenDirector of Risk Management, Autodesk
![Page 62: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/62.jpg)
Risks in Social MediaSocial media usage and risks
11:30 – 12:20Willis Kao, (Deloitte)Anna Tchernina (Deloitte)
![Page 63: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/63.jpg)
© 2012 Deloitte Global Services Limited
Speaking with you today
Willis Kao, Senior Manager
408 718 0566
San Jose
Anna Tchernina, Senior Manager
415 254 4722
San Francisco
63
![Page 64: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/64.jpg)
© 2012 Deloitte Global Services Limited
Agenda
64
Welcome to the world of social business
Social media risks deep dive
Social media governance and risk management
Lessons learned from audits
Questions
![Page 65: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/65.jpg)
© 2012 Deloitte Global Services Limited
Social Media Revolution Videohttp://www.youtube.com/watch?v=dA5Fn_Q10Tk&feature=related
65
![Page 66: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/66.jpg)
© 2012 Deloitte Global Services Limited
Welcome to the World of Social Business
66
![Page 67: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/67.jpg)
Welcome to the world of social business!
• People matter most
• Transparent markets
• Real-time expectations
• Pervasive, mobile, cloud computing
• Big data and invaluable analytics
• Connected customers & ecosystem
• Cross-boundary collaboration
67
![Page 68: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/68.jpg)
Are you smarter than a 5th Grader?
• Do you use (personally) Facebook? LinkedIn? Twitter?
• Does your Company use - Facebook? LinkedIn? Twitter?
• Does your Company have a Social Media Policy?
• Are your employees allowed to use Social Media?
68
![Page 69: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/69.jpg)
Social Media IncludesWikis, Social Networks, Blogs, Presence & Microblogging, Online Sharing of Videos & Media, and Social
Bookmarking & Tagging.
![Page 70: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/70.jpg)
Social media is an umbrella term for a host of sites and technology that facilitate social
interaction, sharing, and creation of user-generated content, and aggregation of users’
opinions and recommendations.
Common forms of social media
Social Media Defined
Social media Description Popular examples
Wikis A page or site designed to enable collaborative contribution and modification of content by users
BlogsShort for web log; frequent online publications with commentary on current events, subjects, or one’s personal thoughts
Social networking Site focused on building online communities, establishing connections, and providing avenues for social interaction
Presence and Microblogging
Brief real-time updates of personal commentary, news, or status (aka “Tweets”)
Online photo andvideo sharing
Media-centric online communities that facilitate the viewing, sharing, and “tagging,” or classification, of media content
Online forums and/review sites
Websites/Tools that allow users to search for peer reviews or advice on a product or service, as well as to contribute their own ratings and comments
70
![Page 71: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/71.jpg)
Copyright © 2012 Deloitte Development LLC. All rights reserved.71
Social media benefits Social media challenges
Decrease Costs
2
Generate
Prospects and Leads
(Sales)
1
Increase Loyalty
3
• Decrease time to market for new products• Increase marketing effectiveness• Develop new revenue opportunities• Leverage “interest” based marketing &
advertising
• Decrease R&D costs for new products by listening to your customers (and prospects)
• Focus on inexpensive social media tools instead of using the traditional expensive marketing channels
• Decrease customer support costs
• Increase customer insights and intelligence (“Voice of Customer”)
• Improve customer experience responsiveness• Improve customer education, expertise and
service• Direct contact with the customer instead of
indirect through the retail channels
Manage
Brand Reputation
4• Increase brand awareness through social
media• Protect brand and manage reputation• Benefit from spontaneous reactions from
the community by connecting like-minded peers
Inconsistent message
2
Loss of Control
1
Confidential Information
3
• The voice of the customer is amplified• Companies no longer control the message
or topic• Messages might include negative publicity
• When engaging several employees in the social media world, their messages and responses may not always be consistent and aligned with the strategy of the company
• The use of social media sites enables users to circumvent company controls, opening up the potential to violate communication policies
• Education and training for employees is a key component to managing loss of information
Productivity loss
4
• Social media drives collaboration among co-workers but can also be a major distraction in the work place
![Page 72: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/72.jpg)
• Advertising departments
• Sales and Marketing staff
• Compliance professionals
• Internal Audit
• Risk Management
• Legal departments
• Operations and IT staff
• Recruiting/HR
• Customer service
• Senior Management
Key departments affected
72
![Page 73: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/73.jpg)
© 2012 Deloitte Global Services Limited
Social media risks – deep dive
73
![Page 74: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/74.jpg)
© 2012 Deloitte Global Services Limited
Social Media usage presents behavioral, application and technology related risks. The risklandscape is vast and continuously evolving
Anticipated Risks
Legal & regulatory compliance
• Disclosure of confidential information• Violation of copyright laws• Protection of intellectual property rights• Legal and financial ramifications for non-
compliance with industry regulations
Security & Privacy
• Identity theft, Social engineering • Ability to retain and log social media
communication; data retention• Technical exploits: Malware, Viruses/Worms,
Flash Vulnerabilities, XML injection
Brand and reputation damage
• Posting unfavorable or confidential information on a public site
• Unclear behavioral expectation of end users to use social media
• Defamation, Copyright infringement
Productivity loss
• Use of social media can be a distraction i.e. employees accessing non-work related social media sites
• Acceptable use of social media
Social Media Risk Landscape
74
![Page 75: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/75.jpg)
Malware and viruses• Data leakage/theft• “Owned” systems (zombies)• System downtime• Resources required to clean systems
Brand hijacking• Customer backlash/adverse legal actions• Exposure of customer information• Reputational damage• Targeted phishing attacks on customers or employees
Lack of control over content• Enterprise’s loss of control/legal rights of information posted to the social media sites
Customer service dissatisfaction• Customer dissatisfaction with the responsiveness received in this arena, leading to
potential reputational damage for the enterprise and customer retention issues.
Social Media Risk Deep Dive
75
![Page 76: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/76.jpg)
Record retention non-compliance• Regulatory sanctions and fines
• Adverse legal actions
Other threats and vulnerabilities….• Use of personal accounts to communicate work-related information
• Employee posting of pictures or information that link them to the enterprise
• Excessive employee use of social media in the workplace
• Employee access to social media via enterprise-supplied mobile
devices
Social Media Risk Deep Dive – Continued
76
![Page 77: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/77.jpg)
© 2012 Deloitte Global Services Limited
Social media governance and risk management
77
![Page 78: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/78.jpg)
© 2012 Deloitte Global Services Limited
Social Media Governance and Risk Management
Strategy: • Review the social media strategy, program goals, and organization model and assess
whether these have been formalized and communicated to all relevant teams.
• Evaluate the alignment of the strategy with company goals.
Policy:• Review the social media policy and confirm that elements related to disclosure, ethics,
community and privacy are included. • Identify gaps and test awareness of the policy.
Roadmap:• Assess the adequacy of the social media roadmap, including whether it is global, or
localized and whether short-term and long-term program milestones have been defined.
Team Structure: • Assess whether the roles of key owners and stakeholders in the social media program
have been defined and clearly communicated (e.g. executive sponsorship, communications / PR, employees, Legal, IT, etc).
78
![Page 79: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/79.jpg)
© 2012 Deloitte Global Services Limited
Preparedness and Response
Customer Profiles and Market Analyses: • Review customer profile and market analyses and evaluate whether all products are
covered, the appropriate target customers have been identified, including the desired relationship and engagement model.
Tools and Analytics:• Understand how customer interactions via social media are integrated with existing
systems and databases.• Assess whether formal alerting tools have been implemented to identify key topics,
comments, commentators, and sentiment from website activity.• Evaluate KPIs and metrics against best practices and alignment of metrics with the
social media strategy.
Processes:• Test the policies and procedures that have been implemented to ensure that messaging
is consistent with the social media strategy / plan• Review and test policies, processes and procedures used for triage, crisis response,
intake and response to customer insights. • Understand how customer insights are monitored, tracked, and shared with relevant
teams (product marketing, R&D, Support, etc) for resolution.
79
![Page 80: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/80.jpg)
© 2012 Deloitte Global Services Limited
Training and Education / Compliance
Training and Education• Evaluate the types of training programs implemented to share best practices and rules of
the road within the social media team• Understand how social media best practices are shared cross functionally with other
functions in the organization, such as recruiting, sales, product, etc.
Monitoring and Compliance:• Understand whether compliance with the social media policy is monitored both internally
and externally• Perform procedures to test compliance with the social media policy internally and
externally
80
![Page 81: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/81.jpg)
© 2012 Deloitte Global Services Limited
Lessons Learned from Recent Audits
• Crisis Management Plan
• Monitoring processes
• Bloggers disclosers
• Data leakage protection
81
![Page 82: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/82.jpg)
• It is here and it’s not going away
• There may be substantial business benefits with using social media to achieve business objectives
• As with any opportunity there is risk
Bottom line
82
![Page 83: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/83.jpg)
© 2012 Deloitte Global Services Limited
Questions?
83
![Page 84: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/84.jpg)
GOURMET LUNCH12:20 – 13:20
![Page 85: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/85.jpg)
Fraud Risk Management:The Things You Need To Know
1:20 – 2:10Paul Ritchie, Deloitte
![Page 86: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/86.jpg)
Agenda
What is Fraud and Why is it an Important Concern? The Profile of a Fraudster Fraud Risk Assessment, Schemes and Red Flags Responding to Indicators of Fraud
![Page 87: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/87.jpg)
What is Fraud and Why is it an Important Concern?
![Page 88: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/88.jpg)
What is Fraud?
As defined by the Institute of Internal Auditors:
“Any illegal acts characterized by deceit, concealment or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by parties and organizations to obtain money, property or services; to avoid payment or loss of services; or to secure personal or business advantage.”
![Page 89: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/89.jpg)
Types of Fraud
Internal: illegal acts of employees, managers and executives against the company
External: illegal acts of outsiders (non-employees) against a company
The activity:◦ Is clandestine◦ Violates the perpetrator’s fiduciary duties to the victim
organization◦ Is committed for the purpose of direct or indirect financial
benefit to the perpetrator◦ Costs the employing organization assets, revenue or
reserves
![Page 90: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/90.jpg)
Occupational Frauds by Category - Frequency
Source: ACFE 2012 Report to the Nation on Occupational Fraud and Abuse.
![Page 91: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/91.jpg)
Occupational Frauds by Category – Median Loss
Source: ACFE 2012 Report to the Nation on Occupational Fraud and Abuse.
![Page 92: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/92.jpg)
Fraud Across Industries
Source: ACFE 2012 Report to the Nation on Occupational Fraud and Abuse.
![Page 93: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/93.jpg)
Corruption Across Industries
Source: ACFE 2012 Report to the Nation on Occupational Fraud and Abuse.
![Page 94: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/94.jpg)
Initial Detection of Occupational Frauds
Source: ACFE 2012 Report to the Nation on Occupational Fraud and Abuse.
![Page 95: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/95.jpg)
Why Do Companies Need to Manage Fraud Risk?
Legal duty of care to shareholders Statutory/regulatory requirements (SOX, SEC, FCPA,
and Federal Sentencing Guidelines) Direct financial impact to the organization Indirect costs to the organization
![Page 96: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/96.jpg)
Economics of Fraud
A $250,000 fraud loss . . .
XYZ Company Profit margin = 10%
0500,000
1,000,0001,500,0002,000,0002,500,000
Fraud Loss
Revenue
Fraud Loss Revenue
. . . will require an additional $2.5 million in revenue to maintain net income levels
![Page 97: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/97.jpg)
The Profile of a Fraudster
![Page 98: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/98.jpg)
The Fraudster – Which Department?
Statistics from the 2012 ACFE Report to the Nation on Fraud
![Page 99: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/99.jpg)
The Fraudster – How Old?
Statistics from the 2012 ACFE Report to the Nation on Fraud
![Page 100: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/100.jpg)
Typical Fraudster – On the Surface
Long-time employee Position of trust Appears to be extremely
dedicated Unexplained cash or other
wealth Always willing to help out
and put in extra hours
![Page 101: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/101.jpg)
Typical Fraudster – Beneath the Surface
Gambler Drug or alcohol problem Behavioral changes Extramarital affairs Hostility to management General disenchantment with compensation
![Page 102: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/102.jpg)
The Fraudster – Educational Background
Statistics from the 2012 ACFE Report to the Nation on Fraud
![Page 103: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/103.jpg)
The Fraudster – Effects of Tenure
Direct correlation between length of time employed and size of fraud losses
Employees with 10 or more years of tenure caused median fraud losses of $229,000
Employees with less than one year of tenure caused median fraud losses of $25,000
Statistics from the 2012 ACFE Report to the Nation on Fraud
![Page 104: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/104.jpg)
The Fraudster – Effects Of Gender
Male perpetrators accounted for 65% of cases with median fraud losses of $200,000
Female perpetrators accounted for 35% of cases with median fraud losses of $91,000
Statistics from the 2012 ACFE Report to the Nation on Fraud
![Page 105: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/105.jpg)
The “10-80-10” Rule
10% of the Population:
Would never engage in illegal conduct.
80% of the Population:Might engage in illegal conduct.
10% of the Population: Deviants
and always on the lookout to cheat, steal,
etc. (regardless of profession).
![Page 106: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/106.jpg)
The Fraudster – How do they Attempt to Fool, Distract and Undermine an Auditor?
Overloading. Attaching false time
frames. Taking advantage of
perceived fears. Killing time with trivia. Exploiting expected
scopes. Exploiting historically
low-risk areas.
Statistics from the 2012 ACFE Report to the Nation on Fraud
• Exploiting complex areas.• Predicting cycle audits.• Stalling.• Making staff unavailable.• Filtering of information.• Not updating procedures.• Discrediting the auditor.
![Page 107: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/107.jpg)
How to Address
Maintain an attitude of professional skepticism Investigate what does not make sense If it seems to good to be true, it usually is – trust your
instincts Beware of trust over reason Avoid placing faith in other people’s faith
◦ Verify and corroborate Good interviewing and observation skills are key Look for signs of deceptive behavior Do not ignore information or data
![Page 108: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/108.jpg)
Fraud Risk Assessment, Schemes and Red Flags
![Page 109: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/109.jpg)
Internal Audit Plan
The plan should be:◦ Dynamic/Flexible.◦ Comprehensive/Complete.
It integrates fraud risk assessment, appropriate cycle rotations, and management insight.
It directs resources to areas with highest risk.
![Page 110: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/110.jpg)
Fraud Risk Assessment Approach
1. Evaluate
Fraud Risk Factors
3. Analyze Fraud Risks and Schemes
and Evaluate Mitigating Controls
4. Evaluate Fraud Risk Assessment
Results and Prioritize Residual
Fraud Risks
2. Identify Possible Fraud Schemes and
Scenarios
![Page 111: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/111.jpg)
Design Tests to Identify Fraud
Color By Numbers Approach Creativity and Thought Approach
![Page 112: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/112.jpg)
What Are The Hallmarks Of An Effective FRA?
• Is systematic and recurring.• Is dynamic and is updated when new or unique circumstances
arise (e.g., changed operating environments, restructurings, acquisitions), at least annually.
• Is performed with the involvement of appropriate personnel.• Considers possible internal and external fraud schemes and
scenarios.• Considers management override (e.g., journal entries, bias of
estimates, non-routine transactions).• Assesses risk at organization-wide, significant business unit,
and significant account levels.• Consider historical fraud or industry fraud risks.• Results are monitored by the Audit Committee/Board.
![Page 113: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/113.jpg)
Indicators in Practical Use
Where is the potential for fraud (according to interview results and survey responses)
Areas where fraud has been detected Manual and complex processes. Timing to register transactions Process involving cash management Unclear – who reviews and who approves Lack of controls – or knowledge of procedures
![Page 114: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/114.jpg)
Valuable Soft Skills for an Internal Auditor
Think like a fraudster. Facilitate a control self assessment. Use information gathering techniques. Communicate and build rapport. All segments of an audit are connected. Use an unpredictable and flexible audit approach. Perform and understand data analytics. Don’t lead the interviewee. Pay attention to the details.
![Page 115: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/115.jpg)
Attention to Details
![Page 116: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/116.jpg)
Interviewing Techniques – Detecting Deceptive Behavior
Deceptive behaviors◦ Verbal or Non-Verbal
Remember:◦ Disregard isolated and/or individual behaviors
![Page 117: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/117.jpg)
Deceptive Behaviors – Non-verbal
Adjusting AttireFleeing PositionWiping Sweat Hand Wringing
Scratching Covering Eyesand Face
Biting Lip Crossingthe Arms
![Page 118: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/118.jpg)
Deceptive Behaviors – Verbal
Character Testimony
Making Excuses
Repetition of Oaths
Answering with a Question
Repeating Questions
Overuse of Respect
Selective Memory
Changing Speech Patterns
![Page 119: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/119.jpg)
Responding to Indicators of Fraud
![Page 120: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/120.jpg)
Internal Auditor Proficiency Standard
Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.
Source: The Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing (www.theiia.org)
![Page 121: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/121.jpg)
When Does an Internal Audit Become a Fraud Investigation?
Expand sample, expand scope, or perform additional procedures. Look for additional instances or patterns.
Ask additional questions framed in the context of the internal audit (e.g., how could a situation like this occur?).
Maintain copies of documents and data files that support the red flags and symptoms of fraud.
When possible, maintain originals of documents. Any indication of potential perpetrators? Cease audit work if there appears to be a predication
for suspecting fraud.
![Page 122: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/122.jpg)
Forensic Accounting vs. Financial Audit
Forensic Investigation Audit
Mindset • All cases may end in litigation
• Professional Skepticism
Frequency • Non-recurring; random • Recurring; scheduled
Approach • No management planning session
• Limited notification
• Meet with management to plan and scope the audit
Relationship • Potentially adversarial • Professional skepticism
Scope • Document examination of particular issue;
• Review of outside data, interviews of potential persons of interest.
• Analysis of financial statements and/or other financial data;
• Interviews with management.
Work Programs • Programs developed and amended as needed
• Audit programs
“Employer” • Client’s Attorney, In-House Counsel, Special Committee
• Audit Committee/Client Management
Objective • Identify responsible parties;
• Quantify damages
• Issue an opinion on the client’s financial statements and related disclosures
Report Audience • Report is presented to counsel
• Opinions used by Board of Directors/Audit Committee/Shareholders/Public
![Page 123: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/123.jpg)
Benefits of a Fraud Response Plan
Standardized response. Consistent approach. Clarified roles and responsibilities. Internal and external reporting responsibilities. Process for consensus and agreement.
![Page 124: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/124.jpg)
Contact Details
Paul RitchieSenior Manager, Deloitte ForensicDeloitte Financial Advisory Services LLPTel. [email protected]
![Page 125: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/125.jpg)
Top Ten Emerging IT Audit Issues
2:10 – 3:00pm
Michael JuergensDeloitte & Touche LLP
![Page 126: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/126.jpg)
Overview IT controls continue to increase in
importance to organizations◦ Corporate reliance on technology increases◦ Compliance requirements increase
Deficiencies in IT controls can have a significant impact on the organization
![Page 127: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/127.jpg)
IT Audits
Where We Have Been
Where We Need To Be
![Page 128: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/128.jpg)
Top 10 IT audit issues By no means a comprehensive list Will vary by environment
◦ May be greater/lesser risk depending on industry, technology, business processes etc.
This list is based on what we see in the marketplace
Designed to get you thinking about your environments and if currently scheduled IT audit procedures will evaluate these risks
List is in no particular order
![Page 129: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/129.jpg)
1. Omnichannel CommerceIssueTraditional “bricks and mortar” channels are merging with e-commerce channels to create a single integrated approach to sales.
Risk Failure to evolve could impact long term enterprise viability Will change sales approach and systems Large integration and master data concerns
RecommendationUnderstand current and planned changes to sales channels. Determine impact on systems, specific transactions processed, accounts impacted, and master data. Evaluate risk and then plan and execute audit procedures accordingly.
![Page 130: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/130.jpg)
2. Cyber Security Reporting
IssueAs of October 2011, the SEC now requires public companies to disclose the risk of cyber incidents as part of Management’s Discussion and Analysis if "these issues are among the most significant factors that make an investment in the company speculative or risky."
Risk Failure to comply with SEC reporting requirements Exposure to potential shareholder litigation if requirement not met Audit Committee exposureRecommendationChallenge is that the reporting requirement lacks specificity. Organizations must determine what to report, if anything. Therefore, organizations must have a process for identifying exposures, evaluating impact, and then reporting and disclosing appropriately. IT audit should perform an assessment of this process to determine if it exists, and how comprehensive it is. Additional steps should be taken to evaluate how effective the process is.
![Page 131: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/131.jpg)
3. Software Asset Management
IssueSoftware licensing contracts are complicated, and software lifecycles are complex. Economic downturn has caused software vendors to aggressively pursue licensing audits.
Risk Potential significant financial liabilities in case of an audit Loss of potential savings Failure to “sunset” unused applications
RecommendationPerform a software asset management (SAM) audit. Consider use of International Organization for Standardization (ISO) and Information Technology Information Library (ITIL) SAM standards. Audit should include evaluating the process for SAM, review of contracts and software license baselines, and analysis of non-essential software and patch deployment.
![Page 132: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/132.jpg)
4. Payment ProcessingIssueEmerging methods of payment processing (ISIS, GoogleWallet, PayPal).
Risk Failure to adopt impacts potential revenue Impact on revenue cycle processes, systems and controls
RecommendationDetermine what changes are planned or underway to adopting new payment processing technologies. Determine impact on financial systems and processes (e.g. sales audit). Evaluate integration management. Identify new security and controls considerations and execute audit steps accordingly.
![Page 133: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/133.jpg)
5. Hyper-Hybrid CloudIssueAdoption of heterogeneous cloud solutions creates significant issues with management and integration of processes and data, as well as leads to the need for deployment of additional management solutions.
Risk Master data proliferation and management Disparate cloud solutions impact business processes Security management becomes much more complex e.g. Security Assertion
Markup Language (SAML), OpenID Need for effective service lifecycle management increases
RecommendationUnderstand current and planned cloud services grid, and specific business control points, integration and workflow. Understand security management strategy, and deployment of new technologies/standards. Determine process and data risk and identify/test controls. Evaluate Service Organization Control (SOC) reports for vendors.
![Page 134: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/134.jpg)
6. Data Lifecycle Management (DLM)
Issue2011 saw the emergence of new regulations and legislation for records management and data retention. Regulators have significantly increased their scrutiny of the data lifecycle space.
Risk Large potential financial penalties for non-compliance Impact on brand Impact on customers and vendors
RecommendationGain an understanding of how DLM is operationalized throughout the organization, DLM awareness levels and how DLM compliance is achieved. Evaluate the organization’s DLM capability maturity and identify compliance gaps related to the DLM governance structure, policies, processes and procedures
![Page 135: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/135.jpg)
7. End User Computing (EUC)
IssueSignificant increase in evaluation of spreadsheets and other end user computing solutions by auditors and regulators. Additional regulations promulgated (e.g. Solvency II). Uncontrolled EUCs still impacting financial statements and business operations.
Risk Loss of critical data Potentially inaccurate financial or management reporting Exposure to regulatory sanctions or fines
RecommendationPerform an extensive EUC audit. Evaluate criteria such as criticality determination, governance model, and use of technical accelerators. Audits should also evaluate programming structure. A policy-based audit and/or access based audit is likely insufficient.
![Page 136: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/136.jpg)
8. IT GovernanceIssueIT Governance continues to play a large role in aligning the proliferation and use of technology with organizational objectives. Also, Institute of Internal Auditors (IIA) Standard 2210.A2 states: “The internal audit activity must assess whether the information technology governance of the organization sustains and supports the organization’s strategies and objectives.
Risk Noncompliance with IIA standards Potential misalignment of IT resources with organization strategy
RecommendationAssess capabilities across IT governance capabilities: Strategic Alignment, Risk Management, Value Delivery, Performance Management and Resource Management. Establish a baseline of understanding regarding current capabilities and maturity level of IT governance processes.
![Page 137: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/137.jpg)
9. Digital IdentityIssueDeployment of emerging technologies and unification of internal/external systems creates significant identity sprawl, and difficulties managing across platforms, applications and networks. To be efficient and compliant, federated identities are emerging. Our IT access audits and analysis are becoming more reliant on review-based controls.
Risk Unauthorized access to data or transactions Regulatory fines or litigation Brand impact
RecommendationUnderstand corporate security perspective on identity management. Inventory systems, devices and technologies currently deployed or planned (consider external sources as well). Evaluate strategy and technical solutions for managing digital identity. Perform a detailed audit of critical technologies and controls.
![Page 138: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/138.jpg)
10. Product DuplicationIssueProliferation of cheap 3D printing technology makes it possible to easily duplicate certain consumer products
Risk Loss of sales, market share Impact on brand
RecommendationUnderstand current product mix; identify products susceptible to duplication (small, higher value items are typical). Understand security and controls around schematics. Peruse pirate sites to identify proliferation of schematics. Consult with loss prevention teams to understand approach to managing remote duplication.
![Page 139: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/139.jpg)
Summary Need to understand which items may be
relevant in your business and technical environment
Ensure that risk assessment and audit universe address relevant items
Don’t walk the plank alone – communicate with management and the audit committee
Plan resource requirements◦ Be careful not to underestimate
![Page 140: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/140.jpg)
Questions
![Page 141: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/141.jpg)
Contact information
Michael JuergensPrincipal, Deloitte & Touche LLP213-688-5338
[email protected]/pub/michael-juergens/2/221/988
![Page 142: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/142.jpg)
This presentation contains general information only and Deloitte & Touche LLP is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
![Page 143: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/143.jpg)
BREAK2:40 – 3:00
![Page 144: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/144.jpg)
Soft Skills TrainingUnderstanding your Auditee – Key
Lessons on Effective Communication 3:20 – 4:40
Group Setting
Howie Cumme, URSEd Byers, Deloitte
Farhan Zahid, Deloitte
![Page 145: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/145.jpg)
Agenda and Introduction First Impressions Building Trust Personality Analysis – DISC Profiles Getting The Truth Navigating Politics Wrapping Up
Agenda for Session
![Page 146: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/146.jpg)
Interactive Session Better understanding of yourself and human interactions
Building attraction and trust Adapting to the situation Challenging situations – tips and tricks
Intro and Background
![Page 147: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/147.jpg)
Ultimate Auditing Technique
![Page 148: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/148.jpg)
How many seconds to form a first impression?
1/10th of second, 7 seconds, 12 seconds All the correlations between judgments
made after a 1/10-second glimpse and judgments made without time constraints were high, but of all the traits, trustworthiness was the one with the highest correlation.
First Impressions
![Page 149: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/149.jpg)
LogicalComplex,Certain
EmotionalAttachment,Uncertainty
PrimalHealth/Status
How the Mind Works
Reptilian
Paleomammalian
Neomammalian
![Page 150: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/150.jpg)
You need to cater to the brain in the order it evolved Primal, Emotional and then Logical
Health and Appearance - Primal Behavior and Body Language - Primal Warmth and Introductions – Emotional Personality, Professionalism and
Preparation - Logical
First Impressions
![Page 151: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/151.jpg)
Key to effective communication is to understand the style or method of communication desired by the auditee
The auditee’s behavior style is key! Ineffective communication typically results
when an auditor communicates in THEIR style vs. the AUDITEES desired style
Personality Analysis – Intro to DISC
![Page 152: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/152.jpg)
The DISC profile is a simple tool to understand your behavior style and how to best work with others (e.g. SPOUSE!)
No behavior style is right/wrong – the key is to understand how to communicate effectively with others
DISC Profile
![Page 153: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/153.jpg)
Select a word that MOST describes you and a word that LEAST describes you
Put an M/L next to the word – DO NOT put a big “X” for example in the MOST/LEAST column
Use a coin to gently rub the rectangle after the word in the MOST/LEAST columns
Tally up the results in the tally box on page 5
Fill out graphs I, II, and III
Steps to filling out the DISC Profile
![Page 154: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/154.jpg)
Each style has its strengths, weaknesses, and needs – a weakness is an “overextension” of a style’s strength
There are typically key success factors in communicating to different styles
Understanding how to “match styles” is important – “evolve” if necessary
Good questions to ask different styles
Note: refer to handouts which overviews these four areas
Understanding the DISC Profile
![Page 155: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/155.jpg)
How do you communicate if you are presenting to two different styles (e.g. D & C)
Do not assume that all executives are “D’s” and all auditors are “C’s”
How can you assess a person’s behavior style by looking at their office (or other factors)
What have you learnt about yourself? Key potential next steps
DISC Discussion Points
![Page 156: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/156.jpg)
Friendliness/Rapport◦Warmth◦Connection◦Assertiveness
Flow of Conversation – Comfort Professionalism and preparedness Reassurance/Implications
Building Trust
![Page 157: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/157.jpg)
Fear of the consequences Focus on what you need to know Professional reassurance – rationalism,
unbiased How to know if you are always getting the
truth?Sweaty palms?Hesitation?Avoidance of eye contact?
Getting The Truth
![Page 158: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/158.jpg)
• Tough to tell the difference between lies and an honest person under stress
• Indicators of lying:◦ Level of detail being provided◦ Tone of voice, unusual body language◦ Inconsistency when changing viewpoints◦ Concealment of anger, distress or fear◦ Lifting just the inner part of the eyebrow
(Distress>85%)◦ Eyebrows raised and pulled together (Fear)◦ Narrowed, tightened lips or lopsided smile (Anger)
• No absolute clues to lying, only indicators.
Lies
![Page 159: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/159.jpg)
Is it always possible? Internal and external politics affecting the meeting
Pressures in the room. Possibility of one on one time?
Ask questions again when necessary to each individual
Navigating Politics
![Page 160: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/160.jpg)
“Leave the door open” Follow up within 24 hours Be genuine and smile Finish with something memorable and relaxed
Wrapping Up
![Page 161: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/161.jpg)
Wrapping Up
![Page 162: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/162.jpg)
Seminar Wrap Up and Thanks
![Page 163: November 30 th 2012, San Francisco. 7:45 -8:15 amRegistration and Breakfast 8:15 -8:20 amWelcome and Introductions Ed Byers, (Deloitte), Farhan Zahid,](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974a0c/html5/thumbnails/163.jpg)
SF IIA Fall Seminar Internal Audit's Role
in the Changing Business Landscape
November 30th 2012, San Francisco