Visual Risk IQ Solutions for Industry

Industry, generally large, for-profit firms, have been our primary customers since founding Visual Risk IQ in 2006. Many large firms have dabbled with CCM-T and/or own licenses for ACL or other CCM-T tools. Our ability to help large, complex firms is attributable to our expertise with the technologies being used (see our Partners page for more), our background in Big Four public accounting and our experience in industry. Below we outline the interlocking approaches that make implementation or tuning of CCM-T software uniquely powerful, profitable, fast and easy to accomplish.




"Visual Risk IQ helped us use our existing ACL licenses and turn them into an immensely powerful tool for the audit department - and for the whole firm."

Fortune 1000 Chief Audit Officer






Modular Approach

Our industry solutions currently consist of CCM-T "modules", each of which represents a series of tests and supporting data feeds designed to accomplish a specific goal for clients. These modules are:

  • Payments, including Duplicate Pay, Contract Compliance, and Spend Management
  • Card Spend, including Travel & Entertainment and Purchasing Card Spend
  • General Ledger Journal Entries, including SAS 99 anti-fraud review
  • Order-to-Cash, including revenue leakage and revenue assurance
  • FACTA Red Flag Rules

Each module is described in detail below. The diagram represents an overview of how a CCM-T system operates.



The "Platform" represents a processing engine, a sophisticated standalone system (i.e. no installation on your own software platforms is required) that takes data feeds from all over your organization - from almost any system, in any format - and monitors and analyzes them to identify potential issues.

Like in the Solutions for Industry, the platform takes data feeds from the following sources:

  • Enterprise Resource Planning (ERP) systems (e.g., Oracle, PeopleSoft, Lawson, SAP, etc.)
  • Student Information Systems, whether they are modern or legacy systems
  • Grants and Contract systems, whether they are modern or legacy systems
  • Exterrnal databases, including Federal and State debarred Vendors Lists
  • Homeland Security Terrorist Watchlist
  • World Bank Debarred Vendors List

It then compares them in multiple ways, generally daily, to determine if pre-defined or customized criteria have been met.  For example, a very common and effective test involves duplicate payments: the engine compares a pending payment with every other payment and invoice in your system in various ways to determine if it is possible that this is a duplicate payment, a fraudulent payment, or a payment that violates policy in any specified way.

When the conditions are met, we create a workflow item for a responsible party to research and resolve.

Module #1: Payments, including Duplicate Pay, Contract Compliance, and Spend Management

Module #2: Card Spend, including Travel & Entertainment and Purchasing Card Spend

Every large organization that processes a large number of payments and card transactions has a statistically small number of duplicate payments, overpayments and payments that violate contractual conditions or the organization's policy. Despite the fact that the number of items is relatively small, the dollar amount of these errors can be quite large. Identifying and recovering these payments can produce a great deal of cash for any organization. Preventing these erroneous payments in the future can represent a very profitable investment that improves the internal control environment and continues paying for itself year after year.


Two things take place when we install the Procure to Pay and Card Spend modules in your environment. First, we survey as much past spending as you have records for. These records often go back several years. This survey identifies duplicates, policy violations, and other payment errors at a rate of less than 0.001 (Point one percent) for accounts payable, but as much as one to three percent for payment cards. Typical error rates are as follows:

  • Regular (A/P) Spending: 0.001
  • Travel and Entertainment Reimbursements: 0.025
  • P-Card transactions: 0.015

So for example, an organization with $500,000,000 in A/P spending, $5,000,000 in T&E reimbursements and $10,000,000 in P-Card spending can usually expect to uncover more than $750,000 in duplicate payments, contract compliance, or other policy violations that can and should be recovered.

These items need to be classified and collected.  In many cases, this process is as simple as issuing a credit memo against existing invoices (when dealing with an existing vendor), or sending a letter with evidence of the item. Collections from employees where policy has been violated, or where fraud has been uncovered, are more problematic. These collections can take place, at your discretion, if they are uncovered.

The second thing we do is insert this review process into your disbursements workflow. We can prevent over 80% of these payments from ever leaving your walls by having items reviewed through this system before funds are disbursed.

The return on investment for such an implementation is highly positive. First, dollars that were spent in error are usually collected within 60-90 days. This produces a positive return on the investment in the platform and its customization. Furthermore, ROI is generated every year the system is in place as duplicate payments and overpayments are prevented from being generated in the first place. This system also acts as a cost-preventative in another way: employees typically hew much closer to stated policy when they know that each and every item is being checked.

Module #3: General Ledger - Manual Journal Entry review

Statement of Auditing Standards (SAS) 99: Consideration of Fraud in a Financial Statement Audit is a professional auditing standard that requires external auditors to consider the potential for mis-statement or fraud. In addition to brainstorming, most auditing firms have also implemented data analysis of an organization's manual journal entries to identify material misstatement or fraud.

Some of our clients have implemented CCM-T for automated review of these journal entries by internal staff (in either Finance or Internal Audit). These early adopters of CCM-T have seen a dramatic decrease in external audit fees as their external auditors move to rely on the organization's frequent analysis of journal entries. Because many internal audit and finance organizations use generalized audit software like ACL and IDEA for annual or quarterly review of journal entries, it is common for organizations to experiment with this module of CCM-T to understand the differences between CCM-T and generalized audit software.

Module #4:  Order-to-Cash, including revenue leakage and revenue assurance

Just as the Payments module compares every invoice, purchase order, and vendor master record to previous records, the Order-to-Cash (OTC) module compares every sales invoice to sales orders, customer records, and other digital evidence of service delivery.  The OTC module can evaluate sales commissions, discounts, and approvals against pre-defined business rules and external databases to provide assurance that billing errors are reduced or eliminated.  Reduced revenue cycle errors, including earlier validation of sales commissions, discounts, and customer deductions can have a very positive return on investment.


Module #5: FACTA Compliance

Red Flag rules are becoming important to many consumer-facing organizations in the US, due to the new privacy and identity theft guidelines issued by the Federal Trade Commission that are scheduled to be effective on November 1, 2009.  Visual Risk IQ developed and implemented a custom CCM-T module, specifically to comply with the FTC's Red Flag rules.  This module is based in part on the Order-to-Cash module, and provides improved FACTA / FTC Red Flag compliance in addition to reducing loss and bad debt expense that can arise when an organization has fraudulent customers originate transactions using the identity of real customers. 




Future Modules

The strength of our system is its ability to be customized. Where new compliance, risk management or business performance challenges arise, we stand ready to share them with our community of users, and to help implement them at reasonable cost. With minor of customization, CCM-T platforms can produce ground-breaking solutions for a variety of other Governance, Risk, and Control areas.