“ACL has shown its benefits right from the start. The unlimited capabilities of ACL’s applications have allowed the Internal Audit Division to improve its risk-focused audit exams, enabling our team to investigate systems adherence to business rules and policies.”
Ariel de Paula Tasso, Systems Auditor, Fundação CESP
Based in São Paulo, Fundação CESP (FCESP) is one of the largest private welfare organisations in Brazil, administering health and welfare plans for electric utility employees across the state. The Internal Audit Division recently initiated a project to analyse the beneficiary payroll and identify errors, fraud, unauthorised system access, inaccurate files, and other issues. ACL™ has enabled FCESP auditors to implement continuous data monitoring to mitigate serious business risks and apply powerful data analytics to its audit schedule.
FCESP is a closed supplementary welfare institution that administers health and welfare plans for electricity utility employees in the state of São Paulo. With an annual budget of £12.3 million and 200 employees, FCESP is the fourth-largest private welfare organisation in Brazil and the largest in the state of São Paulo. Established in 1969 to provide welfare benefits, FCESP initially provided services exclusively for the Companhia Energética de São Paulo CESP and began administering welfare programs in 1977. Today, FCESP serves 13 sponsors and more than 140,000 participants, including current and former employees and their dependents, and has over £3.7 million in assets.
The FCESP Internal Audit Division uses ACL to conduct detailed examinations of core systems, especially the Oracle beneficiary database.
In the last several years, the Closed Supplementary Welfare Entities have experienced a series of market changes and new regulations that directly affect both their activities and income. For example, a team composed of internal auditors and KPMG risk consultants have been evaluating and classifying risks that could threaten FCESP’s objectives. The goal is to monitor and mitigate these risks and align FCESP with the best market practices available. The annual audit schedule is based on this risk map. FCESP has also set up an Internal Control Department that works under the Internal Audit Division to manage this program.
Aging program participants and dwindling returns from financial investments are also having a clear impact on pension funds. FCESP currently has more members receiving benefits than members paying contributions (55% and 45% respectively). In 2005, FCESP received £27.9 million in member contributions and paid out £279 million in benefits. FCESP received another £167 million in sponsor contributions and £2.37 million from current investments and incomes.
In addition to changing market regulations and participant demographic issues, the FCESP audit team works in a complex technological environment with large data volumes, transactions, and calculations that require solid infrastructure, management, and security procedures. Other business risks include fraud, registration errors, beneficiary payroll errors, and unauthorised file access.
An ACL application developed by system auditor Ariel de Paula Tasso allowed FCESP to investigate the payroll system for participants in the supplementary welfare plans. This system represents one of the highest risk areas for the organisation.
The Internal Audit team can analyse payment files sent from FCESP to the bank in order to identify weak points in the process, and to ensure that all system files match credit transactions, union and association regulations, and retain full integrity and consistency before FCESP’s finance department transmits the files to the paying bank.
If the investigation identifies relevant information such as bank accounts that conflict with official database information about beneficiaries and dependents contained in the FCESP system files, it exposes potentially fraudulent activities.
The project also tested employee data files, as well as their dependents’ files, to find suspicious connections with beneficiary accounts and credit files, and to identify unauthorised account access.
Additionally, ACL enabled the system auditor to process, search, and examine historical data files. When energy companies merge or split, or employees transfer to a new company with the same benefits program, the contributing organisation and file details must be adjusted accordingly. Thus, as payment files transmitted to the bank in the past are examined, ACL can automatically search and locate the beneficiary’s accurate database situation at the proper time. Most importantly, the audit team can now perform continuous data monitoring, enabling a preventative approach against fraud and unauthorised system access.
“ACL makes it simple for Internal Audit to ensure that all system files are accurate, complete and up to date,” says Carlos Henrique Pecorino, Internal Audit Division manager.
ACL has become a critical business tool for FCESP. With ACL, the internal audit team can: