Use Case Scenario-Expense Transaction Lifecycle a “real world” from concept to adoption in 3 days


A business architect disguised as a Super User in a centralized operating model not to long after the implementation of Sox key controls in a new ERP implementation. In this use case; assume the introduction of sox key controls was designed into the new technology.

Volume of Potential Records

A few points to understand; prior technology volume for this same operation was 50 purchase orders per year.

Post implementation the controls were designed in a manner that ensured every manager hierarchy was used to gain approvals on all expenses and invoices.

Risk Defect by Record Volume Percentage and Severity Multiplier

Calculate the number of data points with a potential policy defect-Score 1 per ISO standard non-conformance potential threats divided by the total data points for the average risk.

Example; if a policy exist to ensure the expense reports in the period the expense was incurred.

How many ways can the period accuracy be influenced incorrectly?

Calculate the number of financial threats to GAAP

Calculate the number of Sarbanes Oxley key control threats

  1. 1-5 Defects low in 50 events with up to 5 defects to compliance – expense defects = Number of People in a process * Resource Cost to perform process activities/severity of defects
  2. 6-10 Defects in a 15 data decisions = 50-75% defective = High Severity

Effectiveness Calculator

  1. Process Effectiveness : Number of Users * effort to execute Activities with defect=Cost Multiplier
  2. Waste : Standard Skill to execute task or activities * Hourly Rate + Loaded Cost to staff (Work tools % + Space % + Benefits)
  3.  Reconcile and Corrective Action : Re-Work skill standard rate + loaded cost * hours to execute corrective action
  4. Estimate Effort at average (loaded rate) effectiveness average / Volume of Records (count)
    1. Plus-General Accounting Acceptable Practices risk + Sarbanes Oxley threats = Number of Defects * Volume of Records
  5. Management Systems related to the records and integrity of the

in a model with 50 purchase events;

Within a few weeks in the role the first peak was upon us and the chaos began.

Every transaction was a rush and overdue by an entire quarter;

Strike 1-Failure to report expenses in the period they were expended.  Financial statement accuracy.

  • Policy 1 for any expense acquired without an approved purchase order
    • Supply ChainScorecard-does your supplier adhere to your policies?  No
      • Is the supplier authorized to supply the goods or services based on the assigned expense charge code
        • 50% of the time “yes”
        • 50% of the time “No”
    • The vendor has a clear understanding that they are not to begin work without an authorized purchase order.
      • This risk was caused by the vendors practice and willingness to put our company at risk for their profit.

None of the transactions were free of modifications on the legal templates.

None of the transactions were supplied from an authorized expense approver.

None of the transactions were signed by an authorized signatory with the appropriate level of financial authority.

Impact-74 users

  • Local preference with Centralized control.
  • Geographical nuances by segment and region were adjusted for those regions (fit for purpose) without threats to the (Real World)

Operations in a federated model-became more confident and less re-active to business request.

  • Enabled more visibility  for the team by request and
  • Who and where the request was no longer required a scheduled meeting nor searching through emails.
  • Status by process in operations increased the teams ability to provide responses immediately.
  • The systems contact was amazed that no issues were reported after transitioning from former resource to new with less skill.
  • This may appear to have been an issue due to person; when in fact the issue was corrected by design.
  • It was too hard for me to understand with the vast experience in my tool box.
  • Avoid threats with new SOX or LEGAL compliance concerns.


  • The ability to manage the pipeline was no longer in email communications.
  • Executive Visibility;
  • The VP was no longer in the blind and understood the dates and people when surprises surfaced.  The VP had the summary and the option to drill down to the user.


  • Converges numerous technologies to a common desktop service.
  • Information and Data Management immediately
  • People side of change – contain bad behaviors into a single environment fewer opportunities to penetrate greater threats.
  • Allows a way to measure people and their responses to different decisions without forcing a tremendous amount of development.
  • Personalization on the fly – easy enough for an administrative assistant to support.
  • Many basic business templates to quickly enable “real world” from “fit for purpose”

Allows the business to expand from the real world without threats when site hierarchy uses the best practice approach with organization hierarchy the inputs and outputs with rights to information are managed by organization to manager.

  1. Effective tools to use have proven in days you can create a layer that has established resilience with no more than something you may already have in exchange.
  1. The tool
  • If not, try a tool of choice and understand the tradeoffs of any custom development.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s