- HP presented their use of monthly data extraction and a variety of CAAT-based and ERP query tools to interrogate transactions and logs. They evaluate a mix of configurable controls and transaction analysis to deliver a risk-based heat map that aids the audit team in project selection decisions. They've made excellent progress from prior years, and continue to be a leader in CA / CM, especially among SAP shops.
- P&G presented about their measurement around the business case for their CA / CM investments, which have focused primarily around order to cash (O2C). Their program's strengths are its workflow, in that audit uses "automated delivery of high quality controls tests results to the business." It's the evolution of having MANAGEMENT evaluate the test results (vs. internal audit) that was most noteworthy.
- IBM presented about their system that they call Enhanced Auditing with Technology, which is also focuses on O2C. They monitor more than 400 query test attributes (contrast w/ Siemens Financial, who monitors only 45!).
- Jason Gross of Siemens Financial presented their CCM program with considerable energy and enthusiasm. Jason and I had previously met at an IIA event during 2007, when he had been in Internal Audit. Interesting is that he has left audit and is now a direct report to the CFO at Siemens Financial. This option should be on the career path of most data-focused, audit professionals as it allows Jason and his team to have more responsibility for research and follow-up on CCM exceptions.
Visual Risk IQ