Global Chemical Company Automates Risks Identification with CaseWare IDEA
Success Stories & Testimonials
The large global organization faced a myriad of challenges when mitigating risks. Big data was stored across disparate systems in varying formats, including large ERP systems. Auditors worked to identify global anti-corruption, meet regulatory requirements and communicate with teams across the world.
The company also aimed to improve awareness of company policies including code of conduct, delegation of authority, travel, expenditures, accounting and capital projects. Auditors needed a standardized, automated workflow to analyze more of the data universe, conduct more frequent audits and build a roadmap for routine processes.
Global company working with large volumes of transactional data wanted to improve the identification of high-risk transactions and business processes
Data analytics team used IDEA to build an automated workflow for routine audit processes
Analysis of larger data populations help improve awareness of company policies and reduce workload for field auditors
Attributes for high risk behavior were coded into IDEAScripts to flag for follow-up
Dashboards and data visualization tools communicate results among global stakeholders
The company chose to replace Microsoft Access with CaseWare IDEA. A team of auditors were allocated to a data analytics function to merge the accounting, technology and problem-solving skills required. The data analytics team used IDEA to help them analyze more data than sampling and traditional audit methods allowed. They began by analyzing contracts, then integrated scripting to enable event monitoring for T&E and purchasing card data. More recently, IDEA has been used to assist with global anti-corruption compliance and pilot the use of high-risk transaction dashboards.
The initial steps towards automation included defining and mapping the data analytics universe to determine what data needed to be analyzed and where it was stored. For example, the audit universe included financial, operational compliance and health, safety and environment data (HSE). They also utilized resources available from CaseWare, The IIA, ACFE, ISACA and CEB. Once the data universe was mapped, they created primary data cubes and developed lists of key fields needed, such as amounts, dates, etc. Extract, transfer, load (ETL) was used to download all transactions and create a repository within IDEA. They also used SmartExporter to extract data directly from their ERP for analysis.
Auditors worked to understand database system structures and standardize the report acquisition method. IDEAScripts and custom @functions were used to streamline testing, including ranking transactions by risk level. Each test was developed to run against different data sets with just a few clicks by the end user. Auditors fine-tuned their strategy to reduce the number of false positives, adjust thresholds to meet specific requirements and identify root causes of anomalies.
We wanted to build a roadmap for regular audits to automate the process of acquiring, testing and reporting on a greater amount of the data that’s available to us. With IDEA, we were able to move from ad-hoc analysis to a repeatable workflow and test our entire data population to identify high-risk transactions to test during fieldwork.
- Senior Lead Auditor
The extensive work of mapping and assessing the risk universe has helped the company move from ad-hoc analysis to an automated approach using a full population of data. Field auditors now review exceptions with the respective owners and are more prepared for on-site work. Dashboards and visual analysis tools facilitate sharing of analytic results and key findings with stakeholders across the world.
With an automated system in place, auditors now conduct monthly audits globally using 50 tests to identify high-risk transactions, detect duplicates and search for potential fraud. For example, purchase order reviews that were done on a site-by-site basis are now performed globally. Auditors can risk-rank every transaction in the database, flag anomalies and keep history logs of identified items to prevent overlap between annual audits.
The comments feature within IDEAScript provides end users with process narratives, which explain the function and purpose of each test. Auditors continue their quest to understand the data, increase the sophistication of current scripts and create new scripts. Data analytics has helped the company transition from random to repeatable analysis to improve the identification of high-risk transactions and processes.