Continuous Auditing

Magsys has developed an extensive library of Data Analytics (CAATs) across a wide range of ERP systems ( Eg. Ellipse, SAP, Finance One, Great Plains, Oracle Financials, Maximo and Peoplesoft ) also, additional systems such as Purchasing Card ( Eg. iCMS and Peoplesoft ) Procurement Systems ( Eg. Ariba ) and Asset Management ( Eg. Maximo & Ellipse ) are covered.
CAATs have been developed across the full range of ERP module processes ( Eg. AP, AR, GL, HR/Payroll, Asset Management and ERP Application Security ) and OS Security ( Eg. Unix and IBM RACF ).

This extensive, modular library of CAATs and other ACL™ based applications are all designed to fit into the Magsys standard framework to implement automated “Continuous” processing

We work with the Auditor to identify and analyse the requirements, then map them to our library of modular, extensible CAAT solutions. We prefer to incorporate a prototyping approach as much as possible since this is the optimal way to show the client what can be done and to clarify that it actually meets the client’s needs.

Magsys Continuous Auditing framework - features

Having reviewed a number of existing Continuous Auditing applications and listened to feedback from users, Magsys has derived many key criteria for an optimal design, and incorporated them in the Magsys Continuous Auditing solution.

  • Audit oriented data analysis programming ( The ideal programming framework underpinning the CAAT data analysis and reporting should come from the auditing world Eg. ACL™ )
  • Always extract the source data ( The data should be extracted from the source production database, not a partially processed Data Warehouse or Cube )
  • Minimise the call on ICT Resources ( design the Continuous framework to be as independant of ICT resources as possible )
  • Keep the level of complexity down ( host the Continuous application on a high spec Windows workstation )
  • Aggregate the extracted host data on the workstation ( extract, normalise and accumulate the various data on the workstation )
  • Perform simple readonly table extracts from the production host ERP systems ( Simple Select criteria, minimise joins - do the complex joins and processing on the workstation with ACL™ )
  • Ability to extract and combine data from very diverse sources ( can leverage ACL's abilility in importing data from just about anywhere )
  • Secure accumulation of historical data not retained by ERP host systems ( Audit may identify instances where important data is updated in situ and previous values are not being retained in the host ERP system )
  • Empower the Auditor ( the workstation resident data repository is a valuable resource and ACL™ has an easy to learn user interface and a powerful set of commands. The Auditor can perform sophisticated data mining, analysis and reporting from the repository. This facility may not be readily accessible by other means. )
  • Tests Design Philosophy ( Magsys has concluded that an ideal profile of a CAAT is to perform the data crunching with ACL™ and create a series of results as spreadsheets containing summary and detail level data. An Excel Test Report Template combines these results as worksheets in one spreadsheet and the extensive use of Excel filters enables the Auditor to drill into the Reports. )
  • Tests Execution ( the Magsys Continuous framework utilises a "Job" concept, typically, each job nominates a target host system and a set of CAAT tests, each of which maps to an ACL™ script and an Excel results report template spreadsheet. The frequency of the job's running is determined by its parameters in the Windows scheduler Eg. overnight, weekly etc. )
  • Tests Results Presentation ( Where relevant, a test cycle attribute is used to suppress repeat reporting of exceptions. Eg. Duplicate invoices - a duplicate set/pair reported in a cycle will not be reported in successive cycles unless another invoice joins the set. Since the cycle number is an Excel filterable field, duplicate invoices for the last 3 cycles can be included in the worksheet. )
  • Tests Results Notification ( Each Test Result spreadsheet contains a Summary worksheet which is aggregated into a single Job notification email and emailed as the final step in the Job execution. The Test result spreadsheets are saved to a network folder. )
  • Regular automated backups of the workstation database to a network server ( can zip the entire application and save it )
  • Enable the Auditor to maintain / incorporate some additional reference / control data into the CAAT ( because the ACL™ analysis programs and the data are resident on the workstation, user maintained data is available to the programs. This is not so easy if the analysis programs and data are resident on a Unix host for example. )
  • The design and implementation of Continuous Auditing should be very modular and parameter driven ( the addition of new host systems, jobs, analysis programs and reports and other objects should be facilitated )
  • Magsys specialises in working with the Auditor to develop genuinly useful tests ( An existing CAAT could be the starting point, but the best CAATs are built by tailoring the CAAT to address the particular business practices of the organization. )
  • Value for money ( the cost of the Magsys Continuous Auditing solution is inexpensive compared to most other offerings, and the quality of the Continuous Auditing Application, Service, Training and Support is excellent. )