visual reporting 101: data analytics: the importance of self-directed data … · 2019-12-11 ·...

+

Visual Reporting 101:

Data Analytics: the importance of self-directed data discovery

April 26, 2016

Agenda

n Introduction: the looming death of the audit sample

n The rise of big data

n Typical queries today: “List all exceptions that...”

n Metric, Outlier, and Exception queries – each has their role

n Types of Visual Analytics

n Developing your team

n Demo / examples

n Q&A

2

Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved

Mark to provide example(s)

n Introduction: the looming death of the audit samplen Let’s start with an example of why samples should be

replaced.

n What insights have been gained at CapOne by using data analysis and discovery as part of audit planning?

n General Demo

3


How do you do this? Body of Knowledge for Audit Data Analytics (adapted from APRA)

4

All of these skills are needed for a successful data analytics effort. It’s very rare to find all of these skills in one individual. Our profession should acknowledge this is best when a team effort


• Project Management

• Data Acquisition and Manipulation

• Statistical Techniques

• Visual Reporting Techniques

• Communication

• (Audit and Compliance) Domain Expertise

• Change Management / Strategic Thinking

What Internal Control, Compliance, or Audit Questions can be Answered?

5

Are any vendors or consultants a “match” with lists of debarred or watch list parties

Are we seeking reimbursement on

Federal Grants for any costs (or Cost Transfers!)

that will likely be disallowed?

Are P-Card or T&E disbursements “double-

dipped” when cross-checked against

Accounts Payable

Are there relationships (e.g. shared address,

bank account, phone, or TIN numbers) between

Employees and Vendors that ought to

be investigated?

How are these questions answered today? What if they were answered differently?

6

Would it be valuable to verify that any

required actions were indeed completed?

What should be on a dashboard report?

Number of exceptions? Or how each exception

was resolved

If a “red flag” item is detected and requires research and follow-up,

how is that research recorded?

What reports are available from our ERP

Systems?

What would “new and improved” reports look

like? Why?

Visual Risk IQ’s Analytics Projects –Different tools, common approach

7

Rapid, iterative development of customized logic for matching names, addresses, and also patterns of disbursements that may represent fraud, errors, or abuse

Visual Risk IQ – GRC thought leadership, practically applied© 2013 Visual Risk IQ, LLC, All Rights Reserved

Example: Exception Query (three, but not four identical fields (i.e. duplicate invoice)

8

VendorNumber

Invoice Number(Scrubbed)

Invoice Date VENDOR_NAME INVOICE_ID InvoiceAmount

12402 INV00000015112 1/20/14MARKETING SYSTEMS INC INV-‐00000015112 $56,899.36

12402 INV00000015112 1/20/14MARKETING SYSTEMS INC INV00000015112 $56,899.36

61906 61906042511 4/25/14CROUCH, SARAH 061906/04/25/14 $4,425.00

61906 61906042511 4/25/14CROUCH, SARAH 61906/042514 $4,425.00

Three out of Four matches from scrubbed columns between Scrubbed Invoice Number, Invoice Date, Amount, and Vendor Number. But where Scrubbed Invoice differs from Invoice ID.


List the Exceptions that have PO’s created AFTER the Vendor’s Invoice Date

9

VendorNumber

Purchase Order Date

PO Number Invoice Date VENDOR_NAME REQUISITIONER InvoiceAmount

134051 03/12/2014 54201B 02/28/14 ORACLE tjones $126,400.00

129342 04/07/2014 53701A 03/27/14 MICROSOFT tjones $87,000.00

678012 04/07/2014 52981C 04/05/14 COUCHBASE tjones $54,750.00

891432 04/07/2014 54128D 04/03/14 SALESFORCE tjones $77,825.00

`Compare Invoice Dates to PO Dates – why were these purchase orders being issued AFTER the cross-referenced invoices were received from the respective vendor. Is there a pattern? Why?


Data Discovery / Visual Reporting Techniques From: Stephen Few “Show me the Numbers”

10


• Time Series

• Ranking

• Part to Whole

• Deviation

• Distribution

• Correlation

• Geospatial

• Nominal Comparison (e.g. East, Central, West)

Ranking Example #1: Source: Wells Fargo Economic Commentary

11


Ranking Example #2: Internal Audit P-Card Data Discovery

12


Ranking Example #3 Source: IIA Gain Survey

13


Part to Whole Example #2a: Source: Titanic Survivors, by visual.ly

14


Part to Whole Example #2b: Source: Titanic Survivors, by visual.ly

15


This chart also shows how many crew members survived (and did not survive) the Titanic, by Gender

Part to Whole Example #3: Source: Internal Audit P-Card Project

16


Making this happen: Data champions

17


• Project Management

• Data Acquisition and Manipulation

• Statistical Techniques

• Visual Reporting Techniques

• Communication

• (Audit and Compliance) Domain Expertise

• Change Management / Strategic Thinking

Example: Visual Reporting and rounding for employee time worked (hourly workers)

During our interviews and sample analysis, we observed that more workers on the production line punched in early than punched in late. This puts the manufacturing plant at risk for criticism and even fines from the Labor Union, since Union regulations require that any rounding practices must be administered in such a manner that employees are compensated for all time worked.

Because the company’s rounding convention of recording time to the nearest five minutes, most workers were shorted some small amounts of pay during the most recent calendar year. Some workers have lost as much as 20 hours of pay due to the current, five-minute rounding convention, when comparing pay amounts under the rounding to simulated pay if they were paid for each and every minute that they were “on the clock” during the fiscal year.

We recommend that…

18



We reviewed nearly 25,000 shifts for factory floor workers at the Michigan production facility. We re-computed each pay shift for all workers and compared their pay amount under the current five minute rounding convention to similar pay if they were paid for every minute worked.

Data analysis results tell us that workers have been shorted one to four minutes per shift more than twice as often as workers who benefitted from a similar one to four minutes upward adjustment due to the rounding convention. The total minutes rounded against the factory workers are more than 16,000 minutes, or nearly three hours per worker during the year.

This condition puts the manufacturing plant at risk for criticism and even fines from the Labor Union, since Union regulations require that any rounding practices must be administered in such a manner that employees are compensated for all time worked.

We recommend that…

19



20


Higher Ed Example 1: Burn Rate for Federal Grant Spending

21

Outlier queries are much more effective than exception queries alone, in identifying transactions to be investigated


Higher Ed Example 2: Sub-recipient monitoring

22

We use automation to prioritize risk rankingsat all sub-recipients by evaluating A-133 Findings and also the size and number of grants


Higher Ed Example 3: Grades of Student Athletes vs. Non-Athletes

23


Selecting a Chart typeWhich graph should I use? When? Why?

24


Source: http://media.juiceanalytics.com/downloads/graphselectionmatrix_sfew.pdf

Q&ANext Steps

25

`

visual reporting 101: data analytics: the importance of self-directed data … · 2019-12-11 ·...

Documents