Tuesday, November 24, 2009

Conflict of Interest / External Databases, in the news again!

Last week's New York Times article about Research Conflicts of Interest within the University community included a link to the US Department of Health and Human Services Office of Inspector General (OIG) audit report. The audit report identifies that financial conflicts, including equity ownership in companies in which researchers' financial interests could significantly affect the grant research. Simply stated, the doctor who reports that compound XYZ could be a breakthrough drug for treatment of disease, may profit significantly from their own research. And that personal gain may not be known to their University, the general public, or the National Institute of Health (NIH) who is often the sponsor of that research.

Though grantee institutions often require researchers to disclose conflicts of interest in research publications, the same institutions rarely reduce or eliminate the financial conflicts. Ninety percent of grantee institutions rely solely on researcher discretion to determine which interests are required to be reported. Because equity interests (i.e. stock ownership) is rarely required to be reported, the specific financial interests of NIH-funded researchers are often unknown.

The OIG audit report recommends that National Institute of Health request grantee institutions to provide detailes to NIH regarding the nature of ALL reported financial conflicts of interest, and how the conflicts are managed, reduced, or eliminated. This change, if implemented, would be a major step-up in Oversight on how the University Research community is monitored.

Stay tuned - the compliance and record keeping impact of such changes could be quite widespread. Fortunately for some universities who have implemented Continuous Controls Monitoring (CCM-T) solutions that compare data from internal to external databases, these changes may be easier to implement. For more information, see: www.VisualRiskIQ.com/HigherEd

For related posts, see: October 2009 and July 2009 blog entries.

Tuesday, November 10, 2009

Reflections from the Rutgers World Continuous Auditing Symposium (WCAS)

I represented Visual Risk IQ as a panelist Friday 11/6 at the Rutgers WCAS event in New Jersey. Mike Cangemi, former president of FEI moderated our panel, which also included Eric Cohen from PwC / OCEG, and Dr. Virginia Cortijo from University of Huelva (Spain). Despite the presentation time on a Friday afternoon (4:00!), the panel generated nearly a dozen questions from the audience, and dialog continued into the dinner hour.

The event provided opportunity to reconnect with friends and colleagues from most of the CA / CCM software firms, from academia, and most importantly, with other early adopters of CA / CCM. Most attendees had already committed to some level of CA / CCM at their firms, each with varying levels of success. Some observations from the presentations:
  • External auditors opine on a balance sheet as of one day each year. Not much continuous about that. Internal Auditing should be leading the charge for Continuous Auditing.
  • Most CCM applications focus on a single application - P-Card, Procure to Pay, or Journal Entry review, likely because of simpler data models and availability of commercial software. Exceptions are IBM (Order to Cash) and HP (IT General Controls)
  • Organizations that are the best candidates for CCM are those that have a zero tolerance for Compliance exceptions and also a relentless desire for Continuous Improvement.
  • Internal audit can be the CA / CCM learning lab for the rest of Company. See Terry Hickman's presentation (Proctor & Gamble) for more information.
  • Most savings realized by audit teams through Continuous Auditing are re-directed toward emerging risks and increasing coverage.
  • Continuous auditing and data analytics jobs are out there, but the quantity and quality of applicants has been below expectations, according to several hiring managers.
  • New software entrants such as SymSure for IDEA and ACL's Audit Exchange 2 (AX2) are sparking new projects in CA, as their price point is a marked improvement relative to more comprehensive CCM tools that have previously been available.
Our presentation emphasized some of the challenges of defining Continuous Auditing. At some organizations, the term means Continuous Risk Assessment. At others, it means Control Assessment of configurable controls or Control Assessment of Transactions. If people that are doing CA / CCM use the same words for different activities, it's hard for others to follow this leadership. For more information on the conference, see: Rutgers WCAS.

Did you attend? What were your key take-aways. All comments are welcomed!

Joe Oringel
Visual Risk IQ
Charlotte NC, USA