IIA Twin Cities Event Sponsored by RSM: Data Analytics

Morning Session: Using Data Analytics and Automation to Increase Value in the 2nd & 3rd Line of Defense

Internal Audit and Compliance departments have been talking about topics such as continuous monitoring, data analytics, and process automation for decades, however many organizations fail to get a successful program beyond very early stages of maturity--and those that do often find themselves back at square one after key team members leave. In this session, we will discuss what it takes to both get a successful and sustainable analytics and automation program in place, and what it takes progress the program from Level 1 to Level 5 maturity. You will hear about tips and tricks from experts with decades of experience, who have helped some of the most well-known companies in the world achieve success. You will walk away with specific steps that you can take to either get your program started, or progress it to the next level.

By the end of this session, participants should be able to:

Discuss why many analytic and automation programs in the 2nd and 3rd line of defense fail to achieve sustainable success
Describe better practices employed by organizations that have been recognized for the success of their own programs
Identify opportunities to address people, process and/or technology issues that may be hindering the optimization of their own efforts
Develop effective mitigation strategies to address each of the Top 3 risks that could impact effective implementation of their program goals

Afternoon Session: Auditing SAP Using Data Analytics

Internal Audit and Compliance departments in organizations running the SAP ERP system are faced with a unique challenge when trying to implement data analytics. The complexity of the SAP data model, the use of German-based field names, the role the application plays in keeping certain information from being directly accessible from the underlying database, and the lack of good publicly-available information all create an environment that makes the effective implementation of audit analytics difficult. In this session, we will share tips and tricks for identifying, accessing, analyzing, and interpreting SAP data. You will learn how to use the SAP data dictionary, in-built entity-relationship diagram, and other tools delivered within the standard SAP ECC. You will see how to build simple analytics that can highlight problems that cannot easily be identified through standard SAP reports, and hear about little-known tables that can be extremely useful for audit and compliance-related analysis. You will walk away with specific test ideas you can implement within hours, as well as an understanding of more advanced analysis.

By the end of this session, participants should be able to:

Explain what makes the SAP data model different from traditional systems
Navigate the SAP data dictionary, E-R diagram, and object repository in order to identify relevant tables and fields
Describe examples of simple analytics that can highlight potential business problems and/or data integrity issues that cannot be easily seen in standard SAP reports
List useful tables and analytic ideas that could be used to enhance existing data analytics
Share stories of valuable insight other organizations have achieved by applying audit analytic-thinking to SAP data
Describe how analytic processes are likely to evolve and improve under SAP HANA

	Steve Biskie Director, Risk Advisory Services, National Data Analytics Leader RSM US LLP Steve has been working in audit, compliance and IT risk management for over 23 years. His IT experience includes public accounting, private industry and specialized risk management consulting firms. Steve is considered an international expert in SAP audit and risk management issues. He has published numerous audit-related topics for the SAP Professional Journal, written articles for SAP GRC Expert and has been invited to speak at the SAP Insider series of conferences for 14 consecutive years. Steve also teaches beginner through advanced SAP auditing courses through the MIS Training Institute. He was an expert reviewer for the book, Security, Audit, and Control Features: SAP ERP (third and fourth editions) and is the author of the book, Surviving an SAP Audit. Steve is also a thought leader in the audit analytics and continuous monitoring space, and is a four-time Institute of Internal Auditors (IIA) All-Star speaker.

	Jim Tarantino, CISA, DRISC, ACDA National Data Analytics Champion, Manager Risk Advisory Services RSM US LLP Jim Tarantino is a manager at RSM and the National Data Analytics Champion responsible for helping RSM clients deploy practical solutions to conduct technology-enabled audits, risk assessments and investigations. Jim has over 20 years of information technology, analytics, audit, and GRC experience through roles at multiple companies including High Water Advisors, ACL Services, RTI International, and Nortel Networks. He has implemented data analytics for over 50 companies in many industries with multiple compliance needs. He has expertise working in complex data environments, extracting and analyzing data volumes in excess of 1 billion records for clients in defense, financial services, transportation and manufacturing. Jim also is recognized nationally for his expertise in the use of various technologies, including commonly used software like ACL, Arbutus, IDEA, and Tableau, but also advanced technologies like Alteryx, SAS, R and Python. Jim also serves as a Senior Instructor for the MIS Training Institute, teaching courses on IT audit, data analytics, fraud analytics, and data mining for auditors. As member of the IIA, ISACA and ACFE, he also participates in local chapter activities, including serving as an instructor for CISA certification exam preparation seminars.