A man stands in a flowing river while fly fishing in Chile
Case Study
The better the question The better the answer The better the world works
Case Study

Using technology to control spending risk in a fast-moving environment

EY is helping Microsoft to modernize and reinvent its compliance risk management across its global footprint.

1

How can a steady stream of information detect spending leaks?

One of the world’s largest tech leaders sought help controlling and organizing a torrent of transaction data from around the globe.

Today, Microsoft is much more than a global tech leader. It’s also a household name that’s a byword for innovation – and a critical piece of the world’s societal and business infrastructure, spanning cloud computing to games consoles and much more.

But just like any other business, Microsoft needs to be vigilant and rigorous in how it manages its compliance risks. This means validating that everybody across its enterprise is behaving in accordance with its internal policies and external regulations on areas from data privacy to anti-corruption.

In a company as large, dynamic and diverse as Microsoft, it’s a big and complex challenge. A challenge that EY is helping Microsoft to address, using EY’s forensic analytics-powered continuous monitoring platform, EY Virtual, built on the Microsoft Azure stack.

A partnership with an evolving scope

It’s a client relationship that goes back many years. EY has been supporting Microsoft across various areas of its business for decades, including partnering for the past seven years with the company’s Finance Operations Group to support its compliance risk management.

This work – founded on EY’s industry-leading controls and compliance managed services, which are built on Microsoft platforms and have since developed further – and EY is now helping several other areas of Microsoft’s business with similar services, increasing the benefits to the client.

Hardly surprising, then, that when Microsoft decided in 2019 to embark on an ambitious project to improve controls and compliance across all of its corporate spending globally – an initiative it called the Spend Risk Monitoring Modernization (SRMM) program – EY was its first choice to help navigate the journey. “We’ve had a trusted and valued relationship with EY, in that they have been carrying out monitoring for us in our ‘subsidiary controls assessment program’. That program has grown and been very successful through the years – so it was an easy decision for us to expand upon that relationship and utilize EY’s expertise from the monitoring they’d already been doing for us.” says Holly Younggren, Group Global Process Manager, Microsoft.

We’ve had a trusted and valued relationship with EY, in that they have been carrying out monitoring for us in our ‘subsidiary controls assessment program’.
Holly Younggren
Group Global Process Manager, Microsoft
The plughole shaft spillways at Ladybower resevoir
2

Advanced analytics powers future collaboration

Efficient workflows create a deep well of reliable data that leaders can tap into for additional strategic imperatives.

Zeroing in on spending risks

What issues was Microsoft looking to address? Having closely reviewed how it was managing its spend risks enterprise-wide, the company determined that its existing approach to testing transactions could be improved in three key ways.

  • First, Microsoft’s existing spend management testing was siloed across different organizations for different controls. Instead, it wanted to be able to review each transaction only once rather than multiple times, gaining a broader end-to-end view.
  • Second, the current testing was based on random sampling – and some was carried out only once a year. Microsoft knew a better approach would be continuous monitoring, using resources efficiently to get a more real-time view into the transactions.
  • Third, the company wanted to move to enterprise-wide spend management, taking the best aspects of its existing programs and bringing them together to create one source of the truth to drive global consistency in policies and reporting.

Microsoft could see that this new approach would provide major business benefits. Continuous monitoring would bring it constant insight both into any issues arising with its transactions and into progress on addressing them. It would also be easier to track patterns in anomalies and take decisive action in response. “Compliance done right is a modern experience that works continuously and allows employees and companies to focus on their core competencies.  Microsoft and EY share this belief and have a valued partnership in delivering compliance through the latest technology.” says Luke Fewel, General Manager, Finance Operations, Microsoft.

Compliance done right is a modern experience that works continuously and allows employees and companies to focus on their core competencies.
Luke Fewel
General Manager, Finance Operations, Microsoft

Creating a solution with EY Virtual at the core...

Tasked with helping achieve these goals, EY’s deep understanding of Microsoft’s compliance processes enabled it to hit the ground running.

At the core of the solution was the EY Virtual platform, a microservices-based continuous monitoring platform that EY has developed on the Microsoft Azure Data Factory and has already deployed at more than 140 clients worldwide. Current EY customers drive approximately $5m in annual consumption revenue for Microsoft with projected year-on-year growth of more than 10%. Powered by advanced analytics, AI, and machine learning, EY Virtual has an unsurpassed capability to ingest huge volumes of data and then detect and flag anomalies within it – helping to pinpoint and address risks around compliance, cyber, fraud, legal and more. “We have a lot of monthly transactions – and EY Virtual takes in all of those transactions, tests them against all of the risk triggers and signals, and provides us very quickly with a data selection population of 600 anomalous transactions. It’s EY Virtual’s ability to get to the accurate data selection in a short amount of time that really allows the SRMM program to happen.” says Holly Younggren, Group Global Process Manager, Microsoft

We have a lot of monthly transactions – and EY Virtual takes in all of those transactions, tests them against all of the risk triggers and signals, and provides us very quickly with a data selection population of 600 anomalous transactions.
Holly Younggren
Group Global Process Manager, Microsoft

Through its work with EY Virtual across scores of clients, EY has developed a app store of more than 100 analytics-enabled apps to help with various aspects of compliance. One of these apps – called Spend Analytics – focuses on managing risks around spending, making it ideally suited to Microsoft’s needs.

Applying deep industry and technical knowledge, the EY team rapidly configured and customized the Spend Analytics app to monitor all of Microsoft’s spending globally.

...that takes risk management into a new era

The impact for Microsoft? Using EY Virtual and Spend Analytics, the company has been able to make the quantum leap from random sampling to risk-based sampling align with its business strategy.  It can now review and risk rate its spend in every territory and business unit against all relevant controls in real time, pinpoint anomalies and high-risk transactions, and submit these for detailed compliance review and reporting. EY handles the entire process in an integrated and automated way as a seamless, end-to-end managed service.

It’s a new kind of risk management for today’s world: modernized, reimagined and scalable. A solution that’s expandable and adaptable for use by many more areas of Microsoft’s business, as well as other organizations across all industries. “EY Virtual has enabled us to move from random sampling to strategic risk-based sampling. It’s helping us to really focus – and to spend our valuable human time reviewing the riskiest areas where we really want to ensure our controls are operating properly.” says Holly Younggren, Group Global Process Manager, Micosoft.

EY Virtual has enabled us to move from random sampling to strategic risk-based sampling. It’s helping us to really focus – and to spend our valuable human time reviewing the riskiest areas where we really want to ensure our controls are operating properly.
Holly Younggren
Group Global Process Manager, Microsoft
The Hoover Dam
3

Automated continuous monitoring screens for noncompliance

A virtual platform pools all transaction data globally, filters for anomalies and delivers real-time insights.

...Key differentiation at each stage

A closer look at the EY Virtual-powered solution reveals several breakthrough attributes. At the front end, in connecting to Microsoft’s key data sources, EY has removed all manual inputs and automated the entire data ingestion process based on Microsoft’s own IT standards – including addressing all the related data privacy and security issues.

Combining advanced technology in the Microsoft stack and human insight

A further differentiating factor is that EY Virtual’s screening applies not just statistical rules-based analytics, but also advanced AI and machine learning algorithms developed over 15 years of experience and enabled by Azure.  The machine learning enables the monitoring to constantly improve and stay ahead.

EY Virtual’s Azure AI-enabled testing reviews 100% of invoices across the enterprise and identifies high-risk anomalies for human review. These are passed directly into an EY workflow solution, EY Controls, which is built on Microsoft Dynamics 365 and utilizes Power Automate, and other Power Platform technology to enable EY’s processing to enable EY’s processing teams worldwide. The results are reported back to Microsoft using Microsoft’s Power BI data visualization tool.

A smart solution that’s getting even smarter

Finally, the outputs are fed back to EY Virtual, which uses them to refine and improve the compliance screening.

An example? Imagine the average spend with “vendor A” is US$50,000 per month, with specific spikes at the end of each quarter. All of these expenses are booked to the Marketing GL Code. If a new transaction for $200,000 happens to be booked to the Miscellaneous GL Code, the algorithm will pull out this transaction and put it into the high-risk bucket. If the transaction proves to be non-complaint, the system will remember those characteristics next time they occur.

The benefits for Microsoft are set to rise...

This, in a nutshell, is what EY Virtual does for Microsoft – globally, continually and in real time. And the outcomes? Today, Microsoft can risk-rate its global spending in a fraction of the time previously achievable, enabling it to dramatically expand its risk management coverage. All while consolidating its existing siloed compliance programs into a single integrated process, taking out more than 10,000 hours of work annually across its business.

And the benefits to date are just the start. The Spend Analytics app that powers the SRMM program is only one of a catalog of apps across various compliance risks and work flows in the EY Virtual library that showcases the power of the Microsoft stack.

...and EY Virtual’s capabilities are continuing to advance

The benefits that EY Virtual delivers to Microsoft will keep expanding. And the solution is also progressing in other ways. For many years, EY and Microsoft have been partnering to create new digital solutions and platforms – an alliance that was recently expanded to drive a US$15billion growth opportunity, as highlighted by the two firms’ CEOs.

As part of this alliance, teams across the EY Microsoft Services Group are now collaborating to further develop and enhance EY Virtual. The goal? To increase EY Virtual’s ability to meet both Microsoft’s needs and also those of the two firms’ joint clients worldwide. The possibilities are immense – and hugely exciting.

Leading the way

In the time since EY Virtual and Spend Analytics went live in Microsoft in late 2020, the impact on Microsoft’s spend risk management has been dramatic. Put simply, Microsoft can now zero in with laser-accuracy on its riskiest transactions globally, faster and with less effort than its old approach.

It’s a capability that many other businesses across the world would love to have, since most are still managing spend risk by reviewing a small sample of transactions.

The message is clear. In a world of fast-moving risks, it’s time for every enterprise to apply leading-edge technology to modernize and expand its risk management. Together, EY and Microsoft are leading the way. “What we're doing with EY really is a success story. The program’s objectives are to raise awareness around spend management policies and see where we can tighten our controls. We've definitely met those goals, and we're very pleased with the relationship from a tooling, collaboration and partnership perspective. Microsoft always has super-high expectations – and EY is absolutely meeting them, and in some cases even exceeding them.” says Holly Younggren, Group Global Process Manager, Micosoft.

What we're doing with EY really is a success story. The program’s objectives are to raise awareness around spend management policies and see where we can tighten our controls. We've definitely met those goals.
Holly Younggren
Group Global Process Manager, Microsoft

Contact us

Like what you’ve seen? Get in touch to learn more.