As demand for data scientists in audit/Governance, risk management and compliance (GRC), and industry in general, outpaces supply, data science in a box—packaged analytics powered by artificial intelligence (AI) and guided machine learning—can bridge the gap to bring analytics to every major enterprise. Packaged analytics harness the power of AI and machine learning technologies to help operations, finance executives, and GRC professionals do their jobs better; optimize business processes; and deliver actionable insights for better decision making. This article will explore real-world case studies of how companies have used packaged analytics to achieve process improvements, better oversight over financial spend, and significant return on investment. It is a guide to internal auditors and their GRC counterparts on what is available and suggests they can partner or use the products independently and significantly contribute to their companies.
Packaged software applications are the automated workhorses that keep businesses running by supporting and streamlining a wide range of core business functions—from customer relationship management to finance, operations, human resources, GRC, and product. In recent years, they have evolved from on-premise solutions that required expensive hardware investments and lengthy system implementations to cloud-based applications that could be up and running much faster.
Analytics software is now taking a similar path. Traditional business intelligence (BI) platforms were often custom-built from scratch and utilized in-house data storehouses. Their complex architecture required elevated levels of expertise to create, curate, and run. Further, the actionable intelligence usually had to be unearthed by trained specialists and recently data scientists who wrangle huge sets of data and write code to reveal insights based on events that have already happened.
However, companies are finding that many of their business problems that can be solved by analytics are sufficiently common and may not need custom solutions in all cases. This opens the door to make the transition from traditional, on-premise BI and analytics packages to cloud-based packaged analytics software.
Ten years ago, the authors partnered to try to expand the understanding of and use of analytics software in the business, as well as the internal audit and GRC verticals. Here is a quote from a 2010 EDPACS article titled “Internal Audit’s Role in Continuous Monitoring”: “Since EDPACS is an Auditor-focused publication, my recommendation is that audit, specifically Internal Audit (IA), should be keenly focused on making operations management aware of these new automated continuous monitoring systems to improve efficiencies and effectiveness of the operations they will audit"1.
As demand for data scientists now outpaces supply, data science in a box—packaged analytics—can bridge the gap to bring analytics to every major enterprise. Packaged analytics harness the power of artificial intelligence (AI) and machine learning technologies to help finance executives do their jobs better, optimize business processes, and deliver actionable insights for better decision making. In GRC and IA our prior advice is even more valuable today (i.e., recommending, implementing, or partnering will add significant value).
Most traditional applications are based on black-and-white controls. But much of the real world is gray. For example, corporate financial applications are based on solid, black-and-white math. At times, we need to interpret those numbers. However, traditional transaction systems are not designed to handle interpretation. Take auditing, for example. It was traditionally done by manually reviewing an adequate sample of transactions and making sure there were not too many issues in this gray area. However, packaged analytics solutions, powered by AI, can provide detective controls to analyze and audit all transactions—not just a sample— much more quickly and accurately than any human can through manual methods.
The AI algorithms can learn, improve, and become smarter by observing how humans resolve issues over time. For example, a packaged analytics solution can develop knowledge of what is normal and customary for various categories of spend. An extravagant meal in London will be very different than it is in, say, Atlanta. It’s not hard to spend hundreds of pounds on a meal in London’s financial district. You would have to work very hard to spend the same amount of money on a typical meal in Atlanta. In this way, an AI analytics solution can spot exceptions, unusual activity, and patterns that might never be detected otherwise.
When packaged analytics are delivered as cloud-based software-as-a-service solutions, they can deliver even more value to businesses. The AI-powered data analytics engine can learn based on benchmarking across many customers’ data. As a result, organizations gain more accurate insights from much larger pools of anonymized data pools.
Let’s look at several actual examples to see how packaged analytics work in the real world.
ARTIFICIAL INTELLIGENCE, REAL RESULTS
Shaw Industries Group, a subsidiary of Berkshire Hathaway, Inc., is the world’s largest carpet manufacturer with more than $4 billion in annual sales. The company had a small staff for monitoring and auditing the finance process, making risk mitigation and compliance processes extremely challenging. Across such a sprawling organization, it was difficult to ensure procurement policies were followed.
The problem escalated when the accounts payable team repeatedly received many calls from vendors asking why their invoice had been paid twice. It was clear Shaw Industries needed a mechanism to monitor their procurement process, make sense of their data, and translate their findings into proactive actions such as preventing duplicate payments and duplicate vendors.
Initially, the company set out to build a solution for automating continuous auditing procedures. However, they quickly realized that the cost and complexities of building their own solution would far outstrip the return on investment (ROI). Instead, what they needed was an automated solution that would work out of the box without requiring a data scientist on staff to implement it.
Shaw Industries chose a packaged analytics tool that enabled continuous transaction monitoring, replacing their labor intensive, mostly manual and error-prone, in-house approach. Within the first day of rolling out this technology, the company had already identified 100 duplicate vendors in the system. By quickly identifying the root causes of such errors, they were able to employ new best practices for accounts payable and procure-topay processes. Within four months of implementing the solution, the manufacturer earned back the cost of the system—in large part by preventing duplicate vendors.
A global software firm needed a better way to audit and analyze its entire travel and expense (T&E) spend. By implementing a packaged analytics solution, the firm was able to detect and mitigate high-risk transactions, unusual spending patterns, duplicate expenses, and out-of-pocket activity. The automated solution generates customized emails that cite the specific out-of-policy expense, for example, and provides specific feedback to educate employees and help them make smarter choices in the future. Companywide compliance with T&E policies improves dramatically—by as much as 70%—by implementing such a program. Employees were encouraged to use corporate purchase cards instead of cash for expenses, and the company was able to stretch its T&E budget further. As a result, the company was able to reduce T&E waste and fraud and realize a ROI more than six times what it originally paid for the solution.
A Fortune 500 utility firm had a problem with accounts payable and used recovery auditors to claw back erroneous payments. The problem was that the utility lost the use of the money it had mistakenly paid and then had to pay the recovery auditor 20% of anything that was recovered. As a result, they were only to recoup only 80 cents on every dollar recovered.
When the utility employed packaged analytics, it discovered how those erroneous payments were made in the first place and corrected the process. Now, before someone hits the wire transfer button, he or she runs the payment through an oversight system. That process improvement has saved the utility $1.5 million in cash, plus the $300,000 to $400,000 that would have gone to recovery auditors. AI buttoned up the process so well that the recovery auditors eventually quit the account because it was no longer worth their effort.
These examples illustrate process improvements that every business can achieve using AI-powered packaged analytics to gain better oversight over financial spend—whether T&E, purchase cards, accounts payable, or accounts receivable—to detect patterns of noncompliance that you can effectively disrupt using preventive controls.
Recommending the expanded use of analytics will shine a bright light on IA and GRC functions and now the process is much easier to accomplish. Packaged analytics analyze 100% of all transactions, resulting in a higher degree of accuracy than sample audits. “We are increasing our overall confidence in our conclusions because we’re able to do full-population testing versus sample testing,” noted David Chronkright, IT auditor director for The Dow Chemical Company2.
Whether the analytics are built in to the company processes by operations, compliance, and/or under a partnership with IA, the result is a better control environment and significant business process improvement.
As Hank Roberts, the director of IA, Shaw Industries, observes, “Ultimately, this analytics process becomes part of the company’s system of internal controls and internal audit is seen as delivering value to the business”3.
- P. Cangemi, “Internal Audit’s Role in Continuous Monitoring,” EDPACS 41(4) (2010).(Page 2)
- P. Cangemi “Addressing the C-Level Question: How Effectively are Assurance Functions Contributing and Using Automated Analytics?” EDPACS in 2017 (Page 6)
- ibid Page 5
- Cangemi, M. P. (2010). Internal audit’s role in continuous monitoring. EDPACS 41(4).
- Cangemi, M. P. (2015). Staying a step ahead—Internal audit’s use of technology. Retrieved from http://contentz.mkt5790.com/lp/ 2842/191428/2015-1403_CBOK_Staying_A_Step_Ahead.pdf
- Cangemi, M. P. (2017). Addressing the C-level question: How effectively are assurance functions contributing and using automated analytics? EDPACS.
- Cangemi, M. P. (2016). Views on internal audit, internal control, and internal audit’s use of technology. EDPACS.
- Cangemi, M. P., & Sinnett, W. (2016). Data analytics and financial compliance: How technology is changing audit and business systems. Retrieved from http://www.financialexecutives.org/ ferf/download/2016%20final/2016-012.pdf M. P.
- Cangemi and W. Sinnett, “data Analytics and Financial Compliance: How Technology is Changing Audit and Business Systems” (2016), http://www.financialexecutives.org/ferf/ download/2016%20final/2016-012.pdf
- P.Cangemi,“Stayinga Step Ahead—Internal Audit’s Use of Technology” (2015), http://contentz.mkt5790.com/lp/2842/ 191428/2015-1403_CBOK_Staying_A_Step_Ahead.pdf
- P. Cangemi, “Views on Internal Audit, Internal Control, and Internal Audit’s use of Technology.” EDPACS (2016).
- P. Cangemi and T. Singleton, Managing the Audit Function, Third Edition (Hoboken, NJ: Wiley & Sons, 2003). Also available from Wiley as a download (www.wiley.com), and at Amazon.com it has formed the basis of many IA department procedures manuals.
Michael P. Cangemi is a prolific writer, active speaker and has had a wide-ranging career having served as a CAE, CIO, CFO, and then in two CEO positions, as well as on Boards and as AC Chair. His experiences as a CAE were published in his second successful book, Managing the Audit Function. The book, now in a third edition, was featured in the business section of the Sunday New York Times in August 2002 and translated into Chinese in 2005 and Serbian in 2013. Mr.
Patrick Taylor is Co-Founder of Oversight Systems, which annually analyzes more than $2 trillion of business transactions to identify and mitigate fraud and waste, improve compliance and optimize business processes. Taylor is an authority in the convergence of business analytics, information security, and the implementation of technology to boost organizational performance. An innovator in his field, Patrick recognized that most IT-security and financial-system controls focus on user access and role management, but do not address how to convert ERP, CRM, and other financial transaction resources into plain-language, actionable insights. Taylor has held previous leadership positions with Internet Security Systems (ISS), Symantec, ORACLE, Red Brick Systems, GO, Air2Web, and Fast-Talk. Patrick earned his bachelor’s degree in mechanical engineering from Georgia Tech and an MBA from the Harvard Business School. EDPACS 2018 6 ª Copyright 2018 Cangemi Company LLC—All rights reserved.
Originally published in EDPACS Newsletter (2018 Vol. 57, NO. 4)