visual reporting 101: data analytics: the importance of self-directed data … · 2019-12-11 ·...
TRANSCRIPT
+
Visual Reporting 101:
Data Analytics: the importance of self-directed data discovery
April 26, 2016
Agenda
n Introduction: the looming death of the audit sample
n The rise of big data
n Typical queries today: “List all exceptions that...”
n Metric, Outlier, and Exception queries – each has their role
n Types of Visual Analytics
n Developing your team
n Demo / examples
n Q&A
2
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Mark to provide example(s)
n Introduction: the looming death of the audit samplen Let’s start with an example of why samples should be
replaced.
n What insights have been gained at CapOne by using data analysis and discovery as part of audit planning?
n General Demo
3
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
How do you do this? Body of Knowledge for Audit Data Analytics (adapted from APRA)
4
All of these skills are needed for a successful data analytics effort. It’s very rare to find all of these skills in one individual. Our profession should acknowledge this is best when a team effort
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
• Project Management
• Data Acquisition and Manipulation
• Statistical Techniques
• Visual Reporting Techniques
• Communication
• (Audit and Compliance) Domain Expertise
• Change Management / Strategic Thinking
What Internal Control, Compliance, or Audit Questions can be Answered?
5
Are any vendors or consultants a “match” with lists of debarred or watch list parties
Are we seeking reimbursement on
Federal Grants for any costs (or Cost Transfers!)
that will likely be disallowed?
Are P-Card or T&E disbursements “double-
dipped” when cross-checked against
Accounts Payable
Are there relationships (e.g. shared address,
bank account, phone, or TIN numbers) between
Employees and Vendors that ought to
be investigated?
How are these questions answered today? What if they were answered differently?
6
Would it be valuable to verify that any
required actions were indeed completed?
What should be on a dashboard report?
Number of exceptions? Or how each exception
was resolved
If a “red flag” item is detected and requires research and follow-up,
how is that research recorded?
What reports are available from our ERP
Systems?
What would “new and improved” reports look
like? Why?
Visual Risk IQ’s Analytics Projects –Different tools, common approach
7
Rapid, iterative development of customized logic for matching names, addresses, and also patterns of disbursements that may represent fraud, errors, or abuse
Visual Risk IQ – GRC thought leadership, practically applied© 2013 Visual Risk IQ, LLC, All Rights Reserved
Example: Exception Query (three, but not four identical fields (i.e. duplicate invoice)
8
VendorNumber
Invoice Number(Scrubbed)
Invoice Date VENDOR_NAME INVOICE_ID InvoiceAmount
12402 INV00000015112 1/20/14MARKETING SYSTEMS INC INV-‐00000015112 $56,899.36
12402 INV00000015112 1/20/14MARKETING SYSTEMS INC INV00000015112 $56,899.36
61906 61906042511 4/25/14CROUCH, SARAH 061906/04/25/14 $4,425.00
61906 61906042511 4/25/14CROUCH, SARAH 61906/042514 $4,425.00
Three out of Four matches from scrubbed columns between Scrubbed Invoice Number, Invoice Date, Amount, and Vendor Number. But where Scrubbed Invoice differs from Invoice ID.
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
List the Exceptions that have PO’s created AFTER the Vendor’s Invoice Date
9
VendorNumber
Purchase Order Date
PO Number Invoice Date VENDOR_NAME REQUISITIONER InvoiceAmount
134051 03/12/2014 54201B 02/28/14 ORACLE tjones $126,400.00
129342 04/07/2014 53701A 03/27/14 MICROSOFT tjones $87,000.00
678012 04/07/2014 52981C 04/05/14 COUCHBASE tjones $54,750.00
891432 04/07/2014 54128D 04/03/14 SALESFORCE tjones $77,825.00
`Compare Invoice Dates to PO Dates – why were these purchase orders being issued AFTER the cross-referenced invoices were received from the respective vendor. Is there a pattern? Why?
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Data Discovery / Visual Reporting Techniques From: Stephen Few “Show me the Numbers”
10
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
• Time Series
• Ranking
• Part to Whole
• Deviation
• Distribution
• Correlation
• Geospatial
• Nominal Comparison (e.g. East, Central, West)
Ranking Example #1: Source: Wells Fargo Economic Commentary
11
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Ranking Example #2: Internal Audit P-Card Data Discovery
12
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Ranking Example #3 Source: IIA Gain Survey
13
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Part to Whole Example #2a: Source: Titanic Survivors, by visual.ly
14
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Part to Whole Example #2b: Source: Titanic Survivors, by visual.ly
15
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
This chart also shows how many crew members survived (and did not survive) the Titanic, by Gender
Part to Whole Example #3: Source: Internal Audit P-Card Project
16
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Making this happen: Data champions
17
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
• Project Management
• Data Acquisition and Manipulation
• Statistical Techniques
• Visual Reporting Techniques
• Communication
• (Audit and Compliance) Domain Expertise
• Change Management / Strategic Thinking
Example: Visual Reporting and rounding for employee time worked (hourly workers)
During our interviews and sample analysis, we observed that more workers on the production line punched in early than punched in late. This puts the manufacturing plant at risk for criticism and even fines from the Labor Union, since Union regulations require that any rounding practices must be administered in such a manner that employees are compensated for all time worked.
Because the company’s rounding convention of recording time to the nearest five minutes, most workers were shorted some small amounts of pay during the most recent calendar year. Some workers have lost as much as 20 hours of pay due to the current, five-minute rounding convention, when comparing pay amounts under the rounding to simulated pay if they were paid for each and every minute that they were “on the clock” during the fiscal year.
We recommend that…
18
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Example: Visual Reporting and rounding for employee time worked (hourly workers)
We reviewed nearly 25,000 shifts for factory floor workers at the Michigan production facility. We re-computed each pay shift for all workers and compared their pay amount under the current five minute rounding convention to similar pay if they were paid for every minute worked.
Data analysis results tell us that workers have been shorted one to four minutes per shift more than twice as often as workers who benefitted from a similar one to four minutes upward adjustment due to the rounding convention. The total minutes rounded against the factory workers are more than 16,000 minutes, or nearly three hours per worker during the year.
This condition puts the manufacturing plant at risk for criticism and even fines from the Labor Union, since Union regulations require that any rounding practices must be administered in such a manner that employees are compensated for all time worked.
We recommend that…
19
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Example: Visual Reporting and rounding for employee time worked (hourly workers)
20
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Higher Ed Example 1: Burn Rate for Federal Grant Spending
21
Outlier queries are much more effective than exception queries alone, in identifying transactions to be investigated
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Higher Ed Example 2: Sub-recipient monitoring
22
We use automation to prioritize risk rankingsat all sub-recipients by evaluating A-133 Findings and also the size and number of grants
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Higher Ed Example 3: Grades of Student Athletes vs. Non-Athletes
23
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Selecting a Chart typeWhich graph should I use? When? Why?
24
Visual Risk IQ – helping audit and compliance people see and understand data© 2015 Visual Risk IQ, LLC, All Rights Reserved
Source: http://media.juiceanalytics.com/downloads/graphselectionmatrix_sfew.pdf
Q&ANext Steps
25
`