topleft
topright

Unified Framework

Basis for a Unified Framework

Operational Goals

Operations Overview
Supply Chain Event Management (SCEM)
Business Activity Monitoring (BAM)
Implementation
Fast Track with Categoric
Procurement and Operations
ERP Solutions

Governance

Overview and Stakeholders
Compliance Frameworks, Regulations and Bodies
Continuous Audit
Intelligent Controls Assurance

By Business Role

Business Role Overview
The Board
Audit Committee
Senior Management
Internal Audit
Risk Management
Compliance
Operations
I.S. and I.T.
Intelligent Controls Assurance


Internal control is the whole system of controls, financial and otherwise, established to provide reasonable assurance of:

  • effective and efficient operations
  • internal financial control
  • compliance with laws and regulations.


In essence this impacts on every business function, and all will need to be involved as each area will have their own management control processes and procedures, which may or may not integrate to produce coherent management reports.
 
Therefore the most effective internal control program will cover the full risk profile of the company, adopting an enterprise-wide view of risk that includes both financial reporting as well as key business/operational processes.

Sustainable framework
Continuously monitoring and auditing these controls is an essential step to help the business move towards a sustainable risk management and compliance framework and increasing its operational efficiency. Undertaking this step allows a refocusing of management attention onto higher value activities while decreasing the cost and time required to maintain and prove them.


Although such compliance regulations as Sarbanes-Oxley do not specifically force automation on an organization, it is not realistically feasible for most companies to continually engage the human resources required to manually prove ongoing compliance with each of the necessary audit elements.


Categoric's solutions can greatly simplify the job of continuously proving compliance by facilitating the creation of rules to ensure that the required financial and other results are substantiated by data that is available for 100% of the transaction universe all of the time.


Intelligent
Rather than having to prove compliance at various intervals, the solution simply flags up instances where an organization is not compliant, or has generated an exception, thus allowing the maximum possible time for rectification of any issues.


This methodology reflects a different mind-set from the more traditional audit approach that has usually been employed in the past and certain characteristics can be seen:

  • Automated controls instead of manual. Businesses are moving away from a traditional dependency upon resource intensive manual controls towards a modern automated approach that emphasizes a reliance on preventive automated controls rather than forensic examination of data "after the event".

  • Dynamic instead of passive. If a control failure is found the modern requirement is much more driven by a need to generate activities that can be implemented straight away to ensure the organization stays compliant, rather than generating a report to highlight where it is not.

  • Ownership of the controls now rests with the business units and business process owners rather than with a separate Compliance Group or Internal Audit. They are now tasked at an operational level with making sure they are compliant – or find themselves responsible if they are not…

  • As a result of this the controls are now interlinked with the business processes and assessed in conjunction with the information generated – is the financial and non-financial/operational data on which they are based reliable, complete, timely etc, etc

  • This also means that expenditure in this area is subject to business scrutiny and opportunities to show a return on investment are welcome – rather than simply being regarded as a tick-in-the-box compliance cost, process improvements are also sought to offset the investment.


Real Value
The real value of continuous intelligent control assessment isn’t simply in the ability to identify standard exceptions, such as where values exceed a specified limit (e.g. transactions over $10,000 etc) or examples where information is omitted (e.g. field not filled in correctly). These are basic exceptions and can be easily tested for.

The true virtue of solutions like Categoric's "Accord" (our offering for Governance, Risk and Continuity management)  lies in the ability to perform much more complicated and sophisticated tests on controls. These tests can combine variables from various (and potentially disparate) data sources.

This means that detailed transaction testing can become automated and continuous (e.g. flag payments where approver name/postcode and the vendors are the same or flag transactions authorised by a user with insufficient authority levels).

In addition, tests can automatically be made on controls to identify instances which look suspicious but would otherwise not be an exception. For example, invoice amounts could be monitored using Benford’s law to look for suspicious patterns in invoices. (See Accord’s Benford’s Law Module).
 
[ Back ]
Copyright 2007 WKD Solutions Limited Incorporating Categoric Software  (View Site Map)