More than 100 people attended our session last week at the Carolina's IIA District Conference, where I joined Matt Cleaver, Head of Internal Audit for RH Donnelley (RHD), to talk about their journey along the Continuous Auditing maturity curve. Since Visual Risk IQ's initial continuous auditing project for them in 2007, RHD has migrated from one-time, retrospective data analysis in the Accounts Payable area to weekly review of potential duplicate payments or overpayments PRIOR to any checks being issued. An important step on the maturity curve for RHD was achieved earlier this year, as the business process owner (not internal audit!) now runs the queries that had been developed to identify the potential duplicates.
As shared at the Conference, several hundred thousands of dollar in errors have been prevented due to this weekly review, and the overpayments actually recovered from our original project have more than funded the entire annual budget of the internal audit department. The return on the project's investment has been outstanding, and the audit team is even more highly valued at the Company during these challenging times affecting media and advertising companies (and most everyone else!).
Special thanks to Matt, who was very candid about the findings that our project helped their audit team uncover, in terms of these overpayments, as well as other internal control improvements that resulted from the data analysis work. For more information on their success, or for a copy of the slide deck, please email me at the contact information below.
Here's wishing that your internal audit projects can help demonstrate the value of data analysis and continuous auditing in such a direct and tangible way.
Joe Oringel
Visual Risk IQ
Charlotte NC, USA
Monday, March 2, 2009
Sunday, March 1, 2009
New acronyms in the Continuous Controls Monitoring space - CCM-T
Those of you who have met Kim Jones and me, either from our PwC days or since we've founded Visual Risk IQ, know that we believe that the IT Research community has not done a great job of defining categories within Governance, Risk and Compliance software. Even the Continuous Controls Monitoring category had everything from Segregation of Duties tools like Virsa (now SAP-GRC) to IT General Control Tools (like TripWire) to more general purpose CCM tools like those from ACL, Apex, Approva, and Oversight.
But now in 2009, the Research community is getting better. Maybe much better. Gartner has published a new report on the segment of the GRC category that we specialize in, and they have named the category "Continuous Controls Monitoring for Transactions, or CCM-T" We believe this segmentation does a MUCH better job of identifying the vendors who are in this cateogory.
The report separates CCM-T from other CCM technologies, like Segregation of Duties tools, Application Controls, and Master Data tools. For a copy of the report, register on ACL's web site and download the Gartner CCM-T Report
Take a look and tell us what you think, either by commenting below, sending an email or seeing us in person. Look for Visual Risk IQ at IIA's GAM conference or at MISTI's SuperStrategies, where we will be a sponsor and speaker on Thursday morning April 16.
Joe Oringel
Visual Risk IQ
Charlotte NC, USA
But now in 2009, the Research community is getting better. Maybe much better. Gartner has published a new report on the segment of the GRC category that we specialize in, and they have named the category "Continuous Controls Monitoring for Transactions, or CCM-T" We believe this segmentation does a MUCH better job of identifying the vendors who are in this cateogory.
The report separates CCM-T from other CCM technologies, like Segregation of Duties tools, Application Controls, and Master Data tools. For a copy of the report, register on ACL's web site and download the Gartner CCM-T Report
Take a look and tell us what you think, either by commenting below, sending an email or seeing us in person. Look for Visual Risk IQ at IIA's GAM conference or at MISTI's SuperStrategies, where we will be a sponsor and speaker on Thursday morning April 16.
Joe Oringel
Visual Risk IQ
Charlotte NC, USA
Subscribe to:
Posts (Atom)
