This blog post is a follow up to our original blog post on Internal Audit: Harnessing the power of Analytics published on April 24th where we had brought out the need for analytics in IA and provided some use cases for analytics. In this post we would like to talk about some specific examples where analytics has created significant impact for clients.
A global auto giant had mandated us to carry out Internal Audit of their Procure to Pay business processes. We adopted an analytics-based approach to carry out Risk Based Internal Audit. The data, which was extracted from a legacy ERP system, was voluminous, running into over 10 million records for a period of 2 years. This could not be handled in MS Excel so we adopted SQL Server to process the data.
- Data Quality Assessment of the vendor master
- Anomaly Diagnostics such as potential duplicate payments, payments to vendors who are not empanelled/blocked, etc.
- Operational Inefficiencies related to cycle time of payments, payment terms, discounts etc.
- Segregation of Duties and conflicts of interest
On analysing the vendor master for its completeness and quality of the data captured, we noted instances where different vendors were mapped to the same tax IDs. There were duplicate vendor codes in the master and transactions happening in both the codes. Payments amounting to $350K were identified as payments made to potential duplicate vendors. Also, about $1.8M was procured from vendors whose status showed as blocked vendors.
On analysing the total payment trend over the period of 2 years, we observed a spike in the months of April and May of 2013 and similarly between Mar to May of 2014 (the grey line in the chart below displays the same). This was a result of sales push by vendors which came as an insight to the business. This led to higher borrowings/ interest cost during those periods. Based on this, the management spread out its purchase pattern in a manner enabling optimum borrowings and thereby resulting in reduced interest costs.
While analysing the payment transactions in greater detail, we also noted that about 8% of the payment transactions were split to circumvent the DOA.
On reviewing the users who have been processing such payments and their segregation of duties, we noted that there were 8 users who had access to create records in the vendor master as well as pass payment transactions. Such users had passed 28% of the payments made to vendors during the period of review. This was a high fraud risk and triggered immediate corrective action by the client.
There were also a number of process efficiency tests such as payment days and credit period analysis which revealed significant inefficiencies in the payments function. About 54% of the invoices were paid earlier than their due date, which potentially led to a blockage of working capital. Further, 40% of the invoice transactions were paid late and there were transactions that were eligible for discounts that were never claimed. By pushing these payments on time, the business was able to reduce borrowings and optimize their working capital requirements.
Another leading auto parts manufacturing client was facing issues with high cost of sales thereby impacting their margins, despite following the Just-in-Time system. The client wanted us to review their production and inventory management processes to identify potential areas of process efficiency. An analysis of the inventory movement and re-computation of consumption and stock balances (using BoM) revealed that the packing materials vendor had consistently been under supplying by 5-10% of the recorded quantity. This had an impact on the cost of production and the product margins. The client was able to gain a 12% reduction in overall inventory costs after identifying the fraud perpetrated by the vendor.
Similarly, for an internal audit review of accounts payable for a client in the chemicals manufacturing sector, we identified potential duplicate payments of $2.4 million over a period of one year. The results were presented to the client’s in-house IA team who validated the duplicate payments, based on which management was able to proceed with recovery opportunities from the vendors.
By using analytics in executing these internal audits, EY was able to add value to the clients by analysing 100% of the transactions and thereby increasing confidence levels over coverage. Also, the exceptions identified by using analytics were further used for deep dive testing and root cause analysis which led to process improvements and an enhanced control environment at their organizations.
Such is the power of analytics. And when used at the early stages of risk assessment and audit planning, it can yield phenomenal value to the organization.
So what are you waiting for?
Shankari Raman, Senior Manager, Analytics practice – EY India Advisory has also contributed to this blog