introduction to automated controls jay swaminathan
play

Introduction to Automated Controls Jay Swaminathan San Francisco - PowerPoint PPT Presentation

Dec 05, 2023 •123 likes •395 views

Introduction to Automated Controls Jay Swaminathan San Francisco Chapter Agenda Defining Automated Controls The Value of Automated Controls Common Testing Approaches ITGC considerations The Concept of Benchmarking

  1. Introduction to Automated Controls Jay Swaminathan San Francisco Chapter

  2. Agenda • Defining Automated Controls • The Value of Automated Controls • Common Testing Approaches • ITGC considerations • The Concept of ‘Benchmarking’ • Capabilities of GRC tools • Increasing reliance on automated controls • Questions / Comments San Francisco Chapter

  3. Examples Example 1 Example 2 Example 3 Example 4 System Three way System Custom logic calculates match enforced to enforce Depreciation journal sales order based on approval limits by sales setting based on person limits Type Inherent Configurable Configurable Customized Nature Calculation Validation Authorization Authorization Key Change Program Program and Program Program Manage changes Configuration changes changes considerations changes Key Logical None Access to Access to None Access configuration configuration considerations Walkthrough Positive Negative Positive Positive San Francisco Chapter

  4. Categories of Controls Manual Controls Manual Type Of Control IT-Dependent Manual Controls IT General Controls Automated Application Controls Prevent Detect Support The Continued Functioning Of Automated Aspects Of Prevent And Misstatement In The Financial Statements Detect Controls Objective Of Control San Francisco Chapter

  5. Control Layout San Francisco Chapter

  6. Type of Controls • Inherent processing and controls – Built into the application – Examples: DR = CR, Depreciation calculation, etc. • Programmed controls (custom coded) – Custom functionality – Based on specific business requirement • Configurable controls – Customized and can be disabled or set up to operate in different ways – Examples: three-way matching, auto-accounting San Francisco Chapter

  7. Nature of Application Controls • Validations • Calculations • Authorizations San Francisco Chapter

  8. Examples Example 1 Example 2 Example 3 Example 4 System Three way System Custom logic calculates match enforced to enforce Depreciation journal sales order based on approval limits by sales setting based on person limits Type Inherent Configurable Configurable Customized Nature Calculation Validation Authorization Authorization Key Change Program Program and Program Program Manage changes Configuration changes changes considerations changes Key Logical None Access to Access to None Access configuration configuration considerations Walkthrough Positive Negative Positive Positive San Francisco Chapter

  9. Application Controls Benefits • Implement once (cost depending on type of control) • Lower cost in operation of control – Less dependence on humans – Fewer errors – Less paper • Control assessment usually more efficient – Test of One – Benchmarking San Francisco Chapter

  10. Random Application Control points • Control nomenclature – SOAP Subject, Object, Action and Purpose • Control where system defaults information are not strong • Logical Access controls as Application controls • Restricted Access & SOD Controls • Ignorance is not a control San Francisco Chapter

  11. Testing Approach • Test of Design (Test of one) – Inquiry and observation procedures. – Review of configurations for configurable control – Examination of one or more transactions to confirm the design. • Test of Effectiveness – Rely on underlying IT General Controls Questions / Discussion: • When is a ‘negative test’ appropriate? • How to confirm whether setup is same across the whole organization • What additional considerations for configurable controls • Do we review code for customizable controls? San Francisco Chapter

  12. Testing Examples • Inspect configuration – Inspect 2/3/4-way match configuration – Inspect tolerance levels configured • Re-performance via a walkthrough of each significant flow of transactions – Demonstrate the operating effectiveness of the control via positive and negative confirmation • Inspect the authorizations and re-perform controls to confirm the design – Inspect privileges assigned to all users • Determine how overrides are possible throughout testing and how they are monitored San Francisco Chapter

  13. ITGC Considerations • IT General Controls must be effective • ITGC must cover automated controls (e.g., configuration changes) • Configuration not made at entity/instance level (customer, supplier, item, etc.) San Francisco Chapter

  14. ITGC Considerations continued… • SOD between access to configuration vs. transaction • Emphasis could shift between change management and logical access – Authorizations, configurations – Logical Access – Calculation, customization, Inherent – Change Management San Francisco Chapter

  15. ITGC Concerns Change Management • Ability to make code changes is not limited to programmers • Standard change management process not followed for configuration settings Logical Access • End users have ability to change configuration settings (Users Vs. Super Users Vs. System administrator) • Override of the control by super users or system/database administrators • Improper Segregation of Duties (Create document Vs. release holds) San Francisco Chapter

  16. Testing – Ineffective ITGC • Sample based Application control testing • WCGW never went wrong – E.g. configuration not changed although change management around configurations not effective. • Professional judgment on inherent controls San Francisco Chapter

  17. Examples Example 1 Example 2 Example 3 Example 4 System Three way System Custom logic calculates match enforced to enforce Depreciation journal sales order based on approval limits by sales setting based on person limits Type Inherent Configurable Configurable Customized Nature Calculation Validation Authorization Authorization Key Change Program Program and Program Program Manage changes Configuration changes changes considerations changes Key Logical None Access to Access to None Access configuration configuration considerations Walkthrough Positive Negative Positive Positive San Francisco Chapter

  18. Benchmarking • Benchmarking is the ability to roll forward prior conclusions on control effectiveness based on the ability to demonstrate a static and controlled environment. • Historically very difficult to achieve due to complexities within the ERP environment and the dynamic (regularly changing) nature. • GRC Software packages now making true benchmarking feasible. Question / Discussion: Does benchmarking become irrelevant if continuous monitoring (via GRC tools, etc.) can be achieved? San Francisco Chapter

  19. Benchmark Testing Approach • Monitoring • Rotational Testing San Francisco Chapter

  20. GRC Capabilities • Monitor SOD real time • Efficiently Implement SOD prevent controls • Monitor configuration changes real time • Document risks, audit, findings, etc San Francisco Chapter

  21. Case Study Expanding Reliance on Automated Controls San Francisco Chapter

  22. Objective • Identification of unmitigated risks or redundant controls • Identify additional automated controls • Increase the efficiency of testing the controls San Francisco Chapter

  23. Rationale • Once implemented, application controls are significantly cheaper to operate. • Application controls are more consistent and secure than manual controls. • Application controls are very often the only controls within an automated process. • It could be more efficient to rely on application controls rather than doing substantive testing. San Francisco Chapter

  24. Process 1. Meetings with Process Owners to understand the process 2. Working session to determine control set and testing approach 3. Draft implementation plan 4. Confirm changes and discuss the plan to implement San Francisco Chapter

  25. Result • Identified controls that were already implemented and contributed to the mitigation of risk • Implemented new application controls that reduced the need for manual controls • Used benchmarking for some application controls to increase the efficiency of the controls assessment Control mix prior to review – 90% manual, 10% automated Control mix after review – 50% manual, 50% automated San Francisco Chapter

  26. Questions? San Francisco Chapter

Recommend

Automated and Modern Trading Markets Subcommittee FIA Best Practices for Exchange Risk Controls

Automated and Modern Trading Markets Subcommittee FIA Best Practices for Exchange Risk Controls

Automated and Modern Trading Markets Subcommittee FIA Best Practices for Exchange Risk Controls October 3, 2019 FIA Best Practices for Exchange Risk Controls Electronic trading has become an integral tool for an increasingly large percentage of

136 views • 10 slides
Who Controls the Past Controls the Future Who Controls the Present Controls the Past Nothing

Who Controls the Past Controls the Future Who Controls the Present Controls the Past Nothing

Who Controls the Past Controls the Future Who Controls the Present Controls the Past Nothing gives rest but the sincere search for truth. -Pascal Greetz from Room 101 Kenneth Geers 1984 # Nineteen Eighty-Four (Orwell) # Govt IW vs own

1.03k views • 77 slides
Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracles

Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracles

Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracles Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is intended to outline our general product

408 views • 17 slides
Automated Reasoning Introduction Jacques Fleuriot Automated Reasoning Introduction Lecture 1,

Automated Reasoning Introduction Jacques Fleuriot Automated Reasoning Introduction Lecture 1,

Automated Reasoning Introduction Jacques Fleuriot Automated Reasoning Introduction Lecture 1, page 1 What is it to Reason? Informally, reasoning is: to seek or attain knowledge or truth or the process of drawing conclusions with

876 views • 18 slides
IT Security Controls By: Jay Chen What are IT Security Controls? Safeguards or

IT Security Controls By: Jay Chen What are IT Security Controls? Safeguards or

IT Security Controls By: Jay Chen What are IT Security Controls? Safeguards or countermeasures to avoid, detect, counteract, or minimize security risk Types of Controls Preventive Controls (E.g. Password lockout after 5 failed

483 views • 31 slides
Benchmarking Automated Controls Vijay Venkatesh, IT Audit Lead Carrie Gilstrap, IT Audit Manager

Benchmarking Automated Controls Vijay Venkatesh, IT Audit Lead Carrie Gilstrap, IT Audit Manager

Benchmarking Automated Controls Vijay Venkatesh, IT Audit Lead Carrie Gilstrap, IT Audit Manager Brad Ames, Internal Audit Director Hewlett-Packard Company San Francisco Chapter San Francisco Chapter Premise for Continuous Monitoring

879 views • 70 slides
Todays Keys What are IT Controls Basic IT Controls Where to Find Resources What are IT

Todays Keys What are IT Controls Basic IT Controls Where to Find Resources What are IT

Todays Keys What are IT Controls Basic IT Controls Where to Find Resources What are IT Controls Objectives of IT Controls are Interrelated Prevent & Detect Fraud Automate Ensure controls Prevent integrity & accidental

308 views • 16 slides
Chapter 7 System & Controls Chapter 7. System and controls Introduction 1. How do ICS

Chapter 7 System & Controls Chapter 7. System and controls Introduction 1. How do ICS

Chapter 7 System & Controls Chapter 7. System and controls Introduction 1. How do ICS operates 2. Ascertaining the systems 3. Documenting client systems 4. Testing the system 5. The revenue cycle 6. The purchase cycle 7. The

358 views • 32 slides
ASCEM Conference Lighting Controls Roundtable Discussion Why do we want lighting controls?

ASCEM Conference Lighting Controls Roundtable Discussion Why do we want lighting controls?

ASCEM Conference Lighting Controls Roundtable Discussion Why do we want lighting controls? Behavior Modification versus lighting controls Implementation and outcomes Typical Controls Keyed Switches Dual switching

973 views • 15 slides
Automated Planning Introduction and Overview 1 Literature Malik Ghallab, Dana Nau, and

Automated Planning Introduction and Overview 1 Literature Malik Ghallab, Dana Nau, and

Automated Planning Introduction and Overview Automated Planning Introduction and Overview 1 Literature Malik Ghallab, Dana Nau, and Paolo Traverso. Automated PlanningTheory and Practice , chapter 1. Elsevier/Morgan Kaufmann, 2004.

476 views • 32 slides
Introduction to Automated Reasoning and Satisfiability Marijn J.H. Heule

Introduction to Automated Reasoning and Satisfiability Marijn J.H. Heule

Introduction to Automated Reasoning and Satisfiability Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/ Automated Reasoning and Satisfiability, September 3, 2019 1/40 Automated Reasoning Has Many Applications security planning and

1.04k views • 56 slides
13 Automated Reasoning 13.0 Introduction to Weak 13.3 PROLOG and Methods in Theorem

13 Automated Reasoning 13.0 Introduction to Weak 13.3 PROLOG and Methods in Theorem

13 Automated Reasoning 13.0 Introduction to Weak 13.3 PROLOG and Methods in Theorem Automated Reasoning Proving 13.4 Further Issues in 13.1 The General Problem Automated Reasoning Solver and Difference 13.5 Epilogue and Tables

775 views • 51 slides
Mr.Coffee Espresso Machine Jefferson Delgado Allan Li Thanh Tran Antonio Whitehead

Mr.Coffee Espresso Machine Jefferson Delgado Allan Li Thanh Tran Antonio Whitehead

Mr.Coffee Espresso Machine Jefferson Delgado Allan Li Thanh Tran Antonio Whitehead Introduction Model: ECMP50 Brand: Mr. Coffee Type: Espresso Machine Features: Automated pump Automated temperature controls Switches Diagram

217 views • 17 slides
Introduction to Automated Task Planning Jonas Kvarnstrm Automated Planning and Diagnosis

Introduction to Automated Task Planning Jonas Kvarnstrm Automated Planning and Diagnosis

Introduction to Automated Task Planning Jonas Kvarnstrm Automated Planning and Diagnosis Group Artificial Intelligence and Integrated Computer Systems (AIICS) / IDA jonkv@ida jonkv@ida What is Planning? Shakey 3 4 Classical example:

763 views • 30 slides
Controls on aboveground net primary productivity & the partitioning of canopy and wood

Controls on aboveground net primary productivity & the partitioning of canopy and wood

Controls on aboveground net primary productivity & the partitioning of canopy and wood production in tropical rainforests Florian Hofhansl, & Wolfgang Wanek ATBC 2013 San Jos, Costa Rica Climatic Controls Introduction Global

414 views • 17 slides
Automated Reasoning: Some Successes and New Challenges Predrag Jani ci c

Automated Reasoning: Some Successes and New Challenges Predrag Jani ci c

What is this talk about? What is automated reasoning? Automated reasoning in propositional logic Automated reasoning in first-order logic Automated reasoning in higher-order logic Automated reasoning in geometry Conclusions Automated

806 views • 52 slides
HIV Clinical Update: Treatment in 2017 and Beyond Shobha Swaminathan, MD Associate Professor of

HIV Clinical Update: Treatment in 2017 and Beyond Shobha Swaminathan, MD Associate Professor of

5/25/17 HIV Clinical Update: Treatment in 2017 and Beyond Shobha Swaminathan, MD Associate Professor of Medicine Rutgers New Jersey Medical School Overview Whats new in the guidelines Starting antiretroviral therapy Switching

163 views • 14 slides
Scalable Hosting of Web Applications Guillaume Pierre (with Zhou Wei, Jiang Dejun, Swaminathan

Scalable Hosting of Web Applications Guillaume Pierre (with Zhou Wei, Jiang Dejun, Swaminathan

Scalable Hosting of Web Applications Guillaume Pierre (with Zhou Wei, Jiang Dejun, Swaminathan Sivasubramanian, Tobias Groothuyse, Sandjai Bhulai, Chi-Hung Chi and Maarten van Steen) CANOE and EuroSys Summer School 21 august 2009

528 views • 34 slides
Automated Planning Introduction and Overview Literature Malik Ghallab, Dana Nau, and Paolo

Automated Planning Introduction and Overview Literature Malik Ghallab, Dana Nau, and Paolo

Automated Planning Introduction and Overview Literature Malik Ghallab, Dana Nau, and Paolo Traverso. Automated PlanningTheory and Practice , chapter 1. Elsevier/Morgan Kaufmann, 2004. John E. Hopcroft and Jeffrey D. Ullman.

621 views • 16 slides
Tolera'ng FileSystem Mistakes with EnvyFS Swaminathan Sundararaman Lakshmi N. Bairavasundaram

Tolera'ng FileSystem Mistakes with EnvyFS Swaminathan Sundararaman Lakshmi N. Bairavasundaram

Tolera'ng FileSystem Mistakes with EnvyFS Swaminathan Sundararaman Lakshmi N. Bairavasundaram Andrea C. ArpaciDusseau NetApp, Inc. Remzi H. ArpaciDusseau University of Wisconsin Madison File Systems in Todays World Modern

941 views • 36 slides
Agenda Introduction Internal Controls the textbook version ACFE Report to the

Agenda Introduction Internal Controls the textbook version ACFE Report to the

6/21/2018 Fraud Happens.but it doesnt have to. A Simple Perspective on how to Protect You and Your Organization David Mol, CPA Redpath and Company,Ltd 1 Agenda Introduction Internal Controls the textbook version ACFE

499 views • 20 slides
Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 21, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk.

609 views • 40 slides
Custom Actuation Solutions Since 1973 Actuation Valves Controls Service Expertise

Custom Actuation Solutions Since 1973 Actuation Valves Controls Service Expertise

AVC Automated Valve & Control Custom Actuation Solutions Since 1973 Actuation Valves Controls Service Expertise AVC - Intro AVC is one of the actuation industrys most experienced full-service actuation houses. As the

237 views • 8 slides
Cryogenic Controls for FAIR Review on Cryogenics for FAIR Ralph C. Br 28.02.2012 Controls

Cryogenic Controls for FAIR Review on Cryogenics for FAIR Ralph C. Br 28.02.2012 Controls

Cryogenic Controls for FAIR Review on Cryogenics for FAIR Ralph C. Br 28.02.2012 Controls Situation for FAIR Accelerator control system for FAIR is GSI in-kind contribution Controls group has lots of experience for machine control, but no in

259 views • 13 slides

More recommend