ACL Platform brings constant monitoring to risk management teams

By John L. Guerra

Editor, GRC & Fraud Software Journal

John Verver, ACL

John Verver, ACL

With a nod to International Fraud Awareness Week, ACL’s Fall ‘17 software release is designed to bring complete data automation to enterprise governance and risk management.

The ACL Platform uses data analytics and other tools to help risk management teams see a complete picture of fraud, operational risk and other problems in real time and helps audit teams and management react to and fix those problems.

When teams providing risk management and assurance are too small to do the job alone, or operate in silos, automation and collaboration technologies must step in and fill the void, said Dan Zitting, chief product officer at ACL.

Avoid multiple tech vendors

“Financial institutions and other organizations have had to rely on a number of tech vendors to support different parts of the GRC process,” said John Verver, an authority on the application of data analysis technology in audit, risk management and compliance, and an advisor to ACL. “One company provides the risk management portion, an entirely different company provides the regulatory compliance piece and so on. What ACL has done is put more of those things together into a single, continuous data-driven risk monitoring platform – that feeds dashboards so management can assess risks and control effectiveness and perform strategic risk management.”

Key risk indicators as tools

The ACL Platform not only provides key risk indicators (KRIs) by monitoring unlimited populations of corporate data, but also uses KRIs to drive enterprise risk management processes and assess management/board level risk (using heatmaps to show greatest risk areas) in real time.

The solution works with large and mid-sized companies, Verver said.

“Big or small, you’ve got it all, the whole thing, rather than having to go with multiple different technologies,” he added. “It’s not only data and technology-driven GRC, but a truly comprehensive GRC technology solution.”

The dilemma, Verver said, is that the traditional GRC model identifies the fraud threats, causing teams to put in as many controls as they can to fight fraud. It’s almost impossible to have a bulletproof system because fraudsters work around those controls.

Constantly monitor business and transactions

“It’s better if you constantly monitor all business and transactions systems for risk, such as general ledger journal entries and payments, and drive results into dashboards, so management teams can assess risks and spot fraud right away. That’s the comprehensive model ACL is creating. Always improving detection processes with suites of new tests, ultimately feeding the risk management and other dashboards.”

Verver, who was a principal and director of computer services, with responsibility for IT audit and security services at Deloitte in the UK and Canada, sums up the philosophy behind the ACL Platform thusly:

“The important thing is to take a data-driven or fact-driven and scientific approach to detecting and controlling fraud, rather than relying solely on controls for fraud prevention, when controls are seldom fool-proof.”

Fraud remains a large and predictable cause of revenue loss for organizations of all kinds, Verver said.

The Association of Certified Fraud Examiners’ 2016 Report to the Nations on Occupational Fraud and Abuse estimates the average organization loses up to 7 percent a year to fraud.

“Data analytics and automation mean teams can do more, and embedded best practice and embedded best practice content means teams know more,” Zitting said. “These enhancements to the ACL Platform enable that combination so risk management, compliance and assurance teams can multiply their impact.”

mglass

Posted in Uncategorized and tagged , , , , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>