130 likes | 293 Views
Audit Automation as the Foundation of Continuous Auditing. Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr. Audit Automation as the Foundation of Continuous Auditing. The Case for Audit Automation. Automation of business processes
E N D
Audit Automation as the Foundation of Continuous Auditing Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr.
Audit Automation as the Foundation of Continuous Auditing The Case for Audit Automation Automation of business processes Labor-intensive repetitive audit work Cost and availability of qualified audit personnel Budgetary pressure on internal audit departments Complexity of business transactions and increasing risk exposure Scale and scope of audit procedures Timeliness of audit results CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Audit Automation Work Sequence Identification and engagement of stakeholders: Business process owners IT personnel Internal auditors Composition of audit automation teams Automation of audit procedures Duplicate automation is ideal but too expensive Verification of automated procedures Independent verification by experienced auditors Approval of automated audit program CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Formalizing the Audit Program Automation requires formalization Formalized is usually automatable Possibility of formalization is often underestimated Benefits of formalization: promotes precision and consistency improves confidence in audit results Reduces long-run audit costs Problems with formalization Many humans resist formal thinking Formalization can be very laborious and costly Certain complex judgments are not amenable to formalization CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Re-engineering the Audit Program Conventional audit programs are not designed for automation Formalizable and judgmental procedures are often intermixed – redesign is required to separate them out Re-engineering objective: maximize the proportion of automatable procedures in the audit program (i.e., reduce reliance on informal judgmental techniques) Substitution of high frequency (“continuous”) automated procedures for eliminated manual methods CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Continuous Auditing (CA) as Implementation of Automated Audit Formalized audit procedures are programmed into an automated audit system that can run continuously CA = CCM + CDA Continuous Control Monitoring (CCM): Access Control and Authorizations System Configuration and Business Process Settings Continuous Data Assurance (CDA): Master Data Transactions Analytics (including Continuity Equations) CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Baseline Monitoring (Baselining) Traditionally used in configuration management and IT security Baseline – a snapshot of system configuration and business process settings Deltas from baseline • exceptions Critical issues: Definition of baseline (the more static parameters are, the better they are suitable for baselining) Initial verification of baseline values Security of baseline (both definition and current values) Accumulation of deltas • redefinition of baseline CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Scalability of Audit Automation Automation of highly specific audit procedures for different enterprise units can incur prohibitive costs Automation will be scalable across the enterprise only if the repetitive audit procedure automation costs are eliminated Strategies for making audit automation scalable: Hierarchical structuring of automated audit procedures – from the most generic audit procedures applicable across the enterprise to the more specific ones for major units and subunits Hierarchical updates Parameterization of automated audit procedures CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Architecture of Automated Audit Organization of audit software: integrated software – vs. distributed (i.e., multi-agent-based) system Access to the enterprise system and data: Direct (either to the database or to the application layer) Intermediated (through a business data warehouse) Platform of audit software: Common enterprise platform (EAM – embedded audit module) Separate platform (MCL – monitoring and control layer) Providers of audit software: Common platform – enterprise software vendors Separate platform – 3rd party vendors and audit firms CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Mobile Agents in Automated Audit Mobile agents can be transported to the enterprise platform to be run there (as EAM!) Benefits of mobility (and EAM): Protection against network connectivity outages Event-triggered execution of audit procedures • potentially zero latency (not affected by network congestion) More efficient for processing large volumes of enterprise data (on site – vs. moving that data over the network) Problems with mobility (and EAM): Protection of enterprise platform against (possibly malicious) agent Protection of agent against possible manipulation by the platform Impossibility of protecting the agent outweighs the benefits! CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Securing Continuous Auditing Location of continuous auditing hardware: client’s premises audit shop Physical access security Logical access security Super-user privileges Client’s IT personnel access Export / import of CA system settings CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing Software for Audit Automation ACL CaseWare IDEA Approva Oversight Systems Governance, Risk, and Compliance Solutions: SAP GRC Access Control, Risk Management, Process Control (VIRSA) Oracle Governance, Risk, and Compliance (LogicalApps) IBM Workplace for Business Controls and Reporting Paisley Enterprise GRC OpenPages AXENTIS Enterprise BWise Protiviti Governance Portal CA/R/Lab
Audit Automation as the Foundation of Continuous Auditing What’s Coming? AMR Research projects spending on government, risk and compliance applications and services will top $32.1 billion in 2008, up 7.4 % from 2007. In 2009, growth is projected at 7 %. Hosted, or on-demand solutions Integration of audit automation with audit working papers software Transformation of internal audit Structural changes in external audit CA/R/Lab