160 likes | 289 Views
Continuous Auditing and Continuous Control Monitoring: Case studies of technology adoption in leading internal audit organizations and external audit teams. Miklos A. Vasarhelyi Siripan Kuenkaikaew Silvia Romero. External auditors and CA – Assessment of 4 Audit teams use of CA. Objectives
E N D
Continuous Auditing and Continuous Control Monitoring: Case studies of technology adoption in leading internal audit organizations and external audit teams Miklos A. Vasarhelyi Siripan Kuenkaikaew Silvia Romero
External auditors and CA – Assessment of 4 Audit teams use of CA • Objectives • This study involve field research studies from 4 external audit teams • Examines the status of usage of technology in auditing, its enablers and difficulties
Methodology • Interviews with audit team managers, IT managers and forensic team managers. • The interviews were conducted face-to-face through site visits.
Conclusions • Teams report tools are useful – but usage is sparse • Integration between teams • Wide range of outcomes with Approva – suggest leveraging the better practice as to how IT is integrated on team • Background / training of specialists makes a difference • Audit Managers “wish lists” • Data extraction – all teams prefer be in position to do extracts rather than rely on client and then test for reliability • Automated report generation [e.g. IDEA comparison reports] • Synergies between internal and external audit use of tools • No teams mentioned activity that leverages work / tools of internal auditors on the external audit
Leading Organizations Usage of CA/CMObjectives • This study involve field research studies from 9 leading internal audit organizations. • Examines the status of continuous auditing and continuous control monitoring adoption of the organizations.
Methodology • Interviews with internal auditors, IT internal auditors and internal audit management. • The interviews were conducted face-to-face through site visits. • Interviewees were selected from the internal audit department. At least four employees were interviewed per organization to ensure validity, information completeness, and a range of points of view.
The Audit Maturity Model Traditional Emerging Maturing Continuous
Factors affect the adoption • Management support • Management support is critical especially for projects requiring considered amount of budget and affecting some operational processes. • It is also necessary that the auditor has access to the systems and data of each auditee (Handscombe 2007). Such access requires management approval. • The audit-aid technology implementation is initiated and supported by the head of the internal audit department or higher level management. • Internal auditors do not have direct access to the data. • With the CA/CM tools, data are automatically extracted without human intervention.
Factors affect the adoption • Employee knowledge • Hall and Khan (2003) posited that an adoption of new invention might be slow if a success of the implementation requires complex new skills. • Continuous auditing and continuous control monitoring relies on advance technology. • The tools and systems are varied across/within the company, so that an internal auditor needs some basic knowledge or skills for those systems, audit-aid technology and tools. • Standard training, customized training, MBA program • Prefer experienced auditors • Staff rotational program
Factors affect the adoption • Perceived cost • In this context, cost is not the monetary value but the perception of the adoption cost. • Taylor and Murphy (2004) suggested that high set-up and ongoing costs could be barriers to the implementation of technology. • Searcy and Woodroof(2001): Continuous auditing is increasingly adopted because of a dramatically fallen in a cost of implementation and an availability of support technology. • Cost is not the barrier for the adoption of technology. It was not identified as a top challenge for the implementation.
Factors affect the adoption • Regulation and compliance • Many of the executives are thinking of continuous auditing as one of the solutions that assist them to comply with the regulation (Handscombe 2007). • SEC 33-8128 (accelerate the submission of financial report), SOX 404 (internal control quality and on-time report), bank regulation • Although there is no explicit relationship between CA/CM implementation with regulation and compliance, the interviewees report that CA/CM supports SOX fulfillment. • It facilitates the review activities and reduces time allocated to SOX compliance.
Analysis • Most of the companies are at the foundation stage of CA/CM adoption. • Contrasts with the findings of the ACL and internal audit surveys conducted by PwC. • Lacking audit aid tools such as working paper management and data analysis tools. • i.e. Consumer 1 • Lack of training for Audit aid tools • Consumer 1 is not successful with the ACL data analysis adoption. • Audit like organization
Analysis • IA needs to improve audit competency and technology skill set. • Bank 2 hires Big4 as a consultant to help in internal audit areas. • Some companies have a certain level of CA/CM technology adoption such as Hi-tech1, Hi-tech 2 and Bank 1. • External auditor can rely on internal audit work at some level. • With advanced auditing technology, sufficient access to data is facilitated; for instance, the continuous monitoring system of Bank 1 and the audit tools of Hi-tech 1. • Analyze data in various dimensions and at a deeper level
Conclusion • Several companies have implemented some advanced audit technologies, however, none of them really has continuous auditing. • Most of them are ranked between stage 1, traditional audit, and stage 2, emerging. • There is opportunity for development in the future.