Using technology to control spending risk in a fast-moving environment

Zeroing in on spending risks

What issues was Microsoft looking to address? Having closely reviewed how it was managing its spend risks enterprise-wide, the company determined that its existing approach to testing transactions could be improved in three key ways.

• First, Microsoft’s existing spend management testing was siloed across different organizations for different controls. Instead, it wanted to be able to review each transaction only once rather than multiple times, gaining a broader end-to-end view.
  
• Second, the current testing was based on random sampling – and some was carried out only once a year. Microsoft knew a better approach would be continuous monitoring, using resources efficiently to get a more real-time view into the transactions.
• Third, the company wanted to move to enterprise-wide spend management, taking the best aspects of its existing programs and bringing them together to create one source of the truth to drive global consistency in policies and reporting.

Microsoft could see that this new approach would provide major business benefits. Continuous monitoring would bring it constant insight both into any issues arising with its transactions and into progress on addressing them. It would also be easier to track patterns in anomalies and take decisive action in response. “Compliance done right is a modern experience that works continuously and allows employees and companies to focus on their core competencies.  Microsoft and EY share this belief and have a valued partnership in delivering compliance through the latest technology.” says Luke Fewel, General Manager, Finance Operations, Microsoft.

Creating a solution with EY Virtual at the core...

Tasked with helping achieve these goals, EY’s deep understanding of Microsoft’s compliance processes enabled it to hit the ground running.

At the core of the solution was the EY Virtual platform, a microservices-based continuous monitoring platform that EY has developed on the Microsoft Azure Data Factory and has already deployed at more than 140 clients worldwide. Current EY customers drive approximately $5m in annual consumption revenue for Microsoft with projected year-on-year growth of more than 10%. Powered by advanced analytics, AI, and machine learning, EY Virtual has an unsurpassed capability to ingest huge volumes of data and then detect and flag anomalies within it – helping to pinpoint and address risks around compliance, cyber, fraud, legal and more. “We have a lot of monthly transactions – and EY Virtual takes in all of those transactions, tests them against all of the risk triggers and signals, and provides us very quickly with a data selection population of 600 anomalous transactions. It’s EY Virtual’s ability to get to the accurate data selection in a short amount of time that really allows the SRMM program to happen.” says Holly Younggren, Group Global Process Manager, Microsoft

Through its work with EY Virtual across scores of clients, EY has developed a app store of more than 100 analytics-enabled apps to help with various aspects of compliance. One of these apps – called Spend Analytics – focuses on managing risks around spending, making it ideally suited to Microsoft’s needs.

Applying deep industry and technical knowledge, the EY team rapidly configured and customized the Spend Analytics app to monitor all of Microsoft’s spending globally.

...that takes risk management into a new era

The impact for Microsoft? Using EY Virtual and Spend Analytics, the company has been able to make the quantum leap from random sampling to risk-based sampling align with its business strategy.  It can now review and risk rate its spend in every territory and business unit against all relevant controls in real time, pinpoint anomalies and high-risk transactions, and submit these for detailed compliance review and reporting. EY handles the entire process in an integrated and automated way as a seamless, end-to-end managed service.

It’s a new kind of risk management for today’s world: modernized, reimagined and scalable. A solution that’s expandable and adaptable for use by many more areas of Microsoft’s business, as well as other organizations across all industries. “EY Virtual has enabled us to move from random sampling to strategic risk-based sampling. It’s helping us to really focus – and to spend our valuable human time reviewing the riskiest areas where we really want to ensure our controls are operating properly.” says Holly Younggren, Group Global Process Manager, Micosoft.

...Key differentiation at each stage

A closer look at the EY Virtual-powered solution reveals several breakthrough attributes. At the front end, in connecting to Microsoft’s key data sources, EY has removed all manual inputs and automated the entire data ingestion process based on Microsoft’s own IT standards – including addressing all the related data privacy and security issues.

Combining advanced technology in the Microsoft stack and human insight

A further differentiating factor is that EY Virtual’s screening applies not just statistical rules-based analytics, but also advanced AI and machine learning algorithms developed over 15 years of experience and enabled by Azure.  The machine learning enables the monitoring to constantly improve and stay ahead.

EY Virtual’s Azure AI-enabled testing reviews 100% of invoices across the enterprise and identifies high-risk anomalies for human review. These are passed directly into an EY workflow solution, EY Controls, which is built on Microsoft Dynamics 365 and utilizes Power Automate, and other Power Platform technology to enable EY’s processing to enable EY’s processing teams worldwide. The results are reported back to Microsoft using Microsoft’s Power BI data visualization tool.

A smart solution that’s getting even smarter

Finally, the outputs are fed back to EY Virtual, which uses them to refine and improve the compliance screening.

An example? Imagine the average spend with “vendor A” is US$50,000 per month, with specific spikes at the end of each quarter. All of these expenses are booked to the Marketing GL Code. If a new transaction for $200,000 happens to be booked to the Miscellaneous GL Code, the algorithm will pull out this transaction and put it into the high-risk bucket. If the transaction proves to be non-complaint, the system will remember those characteristics next time they occur.

The benefits for Microsoft are set to rise...

This, in a nutshell, is what EY Virtual does for Microsoft – globally, continually and in real time. And the outcomes? Today, Microsoft can risk-rate its global spending in a fraction of the time previously achievable, enabling it to dramatically expand its risk management coverage. All while consolidating its existing siloed compliance programs into a single integrated process, taking out more than 10,000 hours of work annually across its business.

And the benefits to date are just the start. The Spend Analytics app that powers the SRMM program is only one of a catalog of apps across various compliance risks and work flows in the EY Virtual library that showcases the power of the Microsoft stack.

...and EY Virtual’s capabilities are continuing to advance

The benefits that EY Virtual delivers to Microsoft will keep expanding. And the solution is also progressing in other ways. For many years, EY and Microsoft have been partnering to create new digital solutions and platforms – an alliance that was recently expanded to drive a US$15billion growth opportunity, as highlighted by the two firms’ CEOs.

As part of this alliance, teams across the EY Microsoft Services Group are now collaborating to further develop and enhance EY Virtual. The goal? To increase EY Virtual’s ability to meet both Microsoft’s needs and also those of the two firms’ joint clients worldwide. The possibilities are immense – and hugely exciting.

Leading the way

In the time since EY Virtual and Spend Analytics went live in Microsoft in late 2020, the impact on Microsoft’s spend risk management has been dramatic. Put simply, Microsoft can now zero in with laser-accuracy on its riskiest transactions globally, faster and with less effort than its old approach.

It’s a capability that many other businesses across the world would love to have, since most are still managing spend risk by reviewing a small sample of transactions.

The message is clear. In a world of fast-moving risks, it’s time for every enterprise to apply leading-edge technology to modernize and expand its risk management. Together, EY and Microsoft are leading the way. “What we're doing with EY really is a success story. The program’s objectives are to raise awareness around spend management policies and see where we can tighten our controls. We've definitely met those goals, and we're very pleased with the relationship from a tooling, collaboration and partnership perspective. Microsoft always has super-high expectations – and EY is absolutely meeting them, and in some cases even exceeding them.” says Holly Younggren, Group Global Process Manager, Micosoft.