Auditing With A Vengeance
A few weeks ago, I published an article suggesting an approach the Agency may take to avail ourselves of major’s continuous auditing resources. This approach would support our new abilities as promulgated by MRD 13-PPS-007(R). The piece is here.
From observation, personal experience and reviewing a number of contractor consultant blogs, I’m confident we’re going to get some push back. I know our Agency. I know we’ll prevail. BUT… our drive to obtain the information necessary to protect the warfighter and the taxpayer may not be immediate.
There’s an interim solution. Until we obtain full, unrestricted access to contractor’s continuous auditing systems and their internal audit reports, the Agency can invest in Computer Aided Auditing Techniques (CAATS). There are a number of vendors that provide this software. One of the most highly rated, least expensive and easiest to use is TopCAATS. TopCAATS is an Excel add-in that provides significant additional power to an old friend.
I recently obtained a copy of TopCAATS. With TopCAATS, we can undertake computer assisted auditing techniques independent of the contractor’s continuous auditing system.
TopCAATs permits DCAA to implement MRD 13-PAS-014(R), with a vengeance. It would be of tremendous value in the areas of, “Information Gathering Procedures,” “Management Inquiries,” “Analytical Procedures” and “Fraud Risk Factors.” With TopCAATs, execution of the entire MRD is improved.
The MRD reiterates the necessity to conduct Management Inquiries and Analytical Procedures. TopCAATs provides the means to quickly do extensive analytical procedures of a contractor’s entire GL as long as total GL transactions don’t exceed 1,048,576, the current Excel maximum. Many mobile contractors are well within this limit as are most data extractions from majors.
Once we obtain our data and perform the battery of detailed analytical procedures, DCAA Auditors will possess additional insights into where risk may lie and where fraud may have been perpetrated. These insights will permit our teams to make more pointed inquiries of contractor management.
A recent egregious defalcation shows how a few additional insights can save significant dollars.
Bernie Madoff’s multi-billion dollar Ponzi scheme ran for AT LEAST 20 YEARS. It could have been stopped in its tracks if knowledgeable auditors would have run a Benford’s analysis and made appropriate inquiries thereafter. Click Here.
I’ve written two pieces on Benford’s Law. They’re here and here. The second article ran a series of analyses on billing system data. It was a very laborious effort. I had to obtain the data, organize it, stratify it and on and on. As I was preparing the piece, I realized it was not something we’d want our people doing on a daily basis.
That changes with TopCAATs. Performing the same analysis took seconds. It’s calculated, summarized, graphed and presented in plenty of time to incorporate the information into an appropriate audit step.
How many Bernie Madoff’s might we be missing because we don’t perform this analysis during the risk assessment?
For demonstration purposes, I ran some additional reports on a smaller data set. I obtained a 2009 GL from our Mobil Auditing Supervisor. This contractor had 56,607 transactions for the year. The following examples were derived from that data.
This Benford’s first digit test on cash disbursements tracks as anticipated. From this report, it looks like there’s nothing to see here.
The following report might be worth asking about. It details the Days of the Week that transactions were posted. As you can see, almost 10% of them were posted on Saturday and Sunday. Significant weekend posting may be a sign of trouble. The next step would be to identify the accounts, learn who was making the after-hours posts and make Management Inquiries regarding the situation.
There’s a sister report TopCAATs produces depicting the time the transactions were posted. The GL I obtained from our Mobile Supervisor has the date, but not the time of the postings. If through further analytics, we learned that a large number of posts were made outside of normal business hours in addition to the weekend posts, we’d probably have identified a problem.
The final example is a Trade Receivables report. As you can see, I selected three criteria. Those criteria are, Accounts With Credit Balances, Accounts With a Balance over $9,500 and Rounded Balances. In addition to the summary report depicted here, TopCAATs extracted this information into separate Excel Sheets. If the auditor deemed it worthwhile, our people are ready to make pointed Management Inquiries at the Entrance Conference and/or to ask for specific supporting detail.
The Agency is focused on doing more with less. If we were to adopt CAATS software, initial concerns might be the additional time involved in performing analytical tests as well as the additional training necessitated by introducing a new tool to our professionals. The impact could be minimized by localizing the product and tests into a single position. The existing FAO Quality Tech Spec comes to mind as a good repository for the software and expertise. I can imagine how CAATs could be an extension of what they’re already doing.
The aforementioned tests are not all TopCAATs will do. The software will perform more than 100 additional tests and/or analytical procedures.
In addition to the ones depicted above, a few more examples are:
“Large Payments Review” – This feature extracts payments over three standard deviations from the average, grouped by employee. This permits the auditor to understand if there are any unusually large payments for some months and whether these represent fraud or error.
“Duplicate Claims Review” – Extract any expenses that may have been claimed twice. Understand whether these are legitimate claims and do not represent fraud.
“Employee Suppliers Review” – Compare a listing of suppliers to a listing of employees using the bank account number. Where an employee has the same bank account as a supplier, understand whether this represents fraud or error.
And over 100 others are very easy to accomplish. The resulting summarizations are clear, concise and ready to act upon. To review more, please: Click Here
This type of analysis is standard in the private sector.
In July of 2012 Ernst and Young produced a white paper entitled The Future of Internal Audit is Now. Click Here.
I’m not suggesting that this Whitepaper is the end-all, however, it may well be a beginning in understanding what contractors are doing to achieve auditing “Best Practices.” By building on this information, we can develop a line of contractor questions based on best practices. This understanding permits us to ask pointed questions regarding how they’re addressing areas of risk. If they’re not compliant with current best practices, what are they doing in place of them to mitigate the risk? We’ll then check our analytics to see if the results are consistent with their assertions.
When we can access contractor automated continuous auditing analytical reporting as well as their internal audit reports, we will have closed the circle.
The E&Y report was also adamant that the adoption Data Analytics were underway or coming into play in forward thinking shops. These analytics are the same made possible by TopCAATs.
One comment from the E&Y Report under: “Employing Innovation Throughout the Audit Cycle:”
“Internal Audit should consider developing a comprehensive data analytics program that can be embedded into the entire audit life cycle. Using analytics can produce more focused risk assessments, more efficient execution, increased risk coverage and more effective reporting.”
TopCAATs isn’t embedded, but it is immediately useful without a lot of additional effort. It will help us to identify red flags permitting us to become more efficient and proactive.
I read contractor consultant blogs. Overall, they’re not impressed with us. Here’s an example where this group of consultants are going to “Teach Us” how to audit. Click Here.
I don’t like that. I’d much prefer that we continue to press hard for total access to all their Internal Auditing reports as well as full access to whatever continuous auditing/monitoring software they’re using.
Until we prevail, it would be great to have CAAT software in our tool box. TopCAATS is not much money and we’d have instant analytics that we don’t presently possess.
I took a 30 Day free trial to look at the software. If I decide to keep it, it will cost $530.00 for a one year single user license. Copies are MUCH cheaper in quantity. To download a Free Trial, Click Here.
I think we should explore it further.
