Revolutionize controls testing has been saved


After years of performing the same evaluation of its change management process across several IT platforms, a global asset management firm discovered that its routine checks were not picking up on issues beneath the surface that were impeding its change management process. The firm engaged Deloitte to identify the root cause of the slow down. Leveraging digital testing and controls automation (DTCA), the engagement team performed a trend analysis on 100 percent of the company’s system changes in half the time that the company traditionally spent conducting its former sample-based approach.
The analysis uncovered a series of governance-related issues that were causing system downtime and delays that ultimately slowed down their financial close process. Once corrected, the company was able to close faster as well as to better govern its system changes.


An organization wanted to revisit its SOX program and identify opportunities for process efficiencies and control rationalization. The Deloitte team helped management improve the control environment by taking a modernized approach to their risk assessment. This resulted in the opportunity for consolidating duplicate controls and shrinking the number of controls tested by each audit group. Through the engagement, the company reduced its overall number of controls by 71 percent and decreased its testing hours by 38 percent.


Deloitte used digital testing and controls automation (DTCA) to assist a leading global bank in analyzing numerous security profiles and transactions related to its wire disbursements process. This uncovered critical segregation-of-duties violations that would likely have previously gone undetected due to the complex nature of the bank’s IT environment. DTCA enabled the engagement team to visualize the entire population of disbursements and identify those with the greatest risk profile.
In one situation, an individual was identified with both the ability to update payee information and process disbursements and the ability to circumvent their $50,000 authority limit by splitting larger amounts into separate transactions. By adding new dimensions to the bank’s monitoring process, they were able to identify a series of inappropriate transactions that would have likely gone undetected. With DTCA, analyzing security profiles and transactions has become a continuous process, alerting the company to violations and risks in real-time.