1 / 34

Implementing Continuous Auditing in a Global Real Time Economy

Implementing Continuous Auditing in a Global Real Time Economy. Miklos A. Vasarhelyi KPMG Professor of AIS Rutgers University Technology Consultant AT&T Laboratories. Outline. The real time economy Going Global Measuring Business Assurance in the Global Real Time Economy

teneil
Download Presentation

Implementing Continuous Auditing in a Global Real Time Economy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Implementing Continuous Auditing in a Global Real Time Economy Miklos A. Vasarhelyi KPMG Professor of AIS Rutgers University Technology Consultant AT&T Laboratories

  2. Outline • The real time economy • Going Global • Measuring Business • Assurance in the Global Real Time Economy • Implementing Continuous Audit • Opportunities and Challenges

  3. The Real Time Economy

  4. The real time economy • The objective • Reduction of latency • Inter-Process 7 Intra-Process Latency • The facilitators • Sensors – measuring transactions automatically • ERPs • Process Automation • Dashboards • Reengineering, Outsourcing, System Integration

  5. RTE • Processes that are supported by real-time systems • Processes which are monitored on a close to continuous basis • Processes that are highly time dependent • Processes where timely decisions give competitive advantage

  6. Going global

  7. Going global - Preamble • Over the last 50 years technology has enabled major motion towards a global economy. • Consequently it has set into motion social change, economic rebalancing, and an unprecedented degree of across-country cooperation. • However this phenomenon of ubiquitous consequence has created a wave of challenges to the socio-technical structure of business and corporate policy making.

  8. Going Global - Friedman • 11/09/1989 (Berlin Wall) • 08/09/95 (Netscape went Public) • Three billion new people joining the fray • Work flow software • Open sourcing • Outsourcing, offshoring, In-forming • Hardware & software multifuctionality • Tools of cooperation

  9. Measuring Business

  10. RTEBIS • Very rapid business cycles • Instant need of resolution of certain business needs (for example monthly billing may not be acceptable) • Service agreements that specify certain degree of data reliability • Rapid change in the terms of agreements contingent on dynamic parameters • Utilization of Service Oriented Architectures that allow for dynamic servicing of clients and dynamic acquisition of suppliers and service providers

  11. Assurance in the Global Real Time Economy

  12. What is Continuous Auditing? • No consensus on what constitutes a continuous • audit • Enhanced auditor skill set • Differences from traditional audit • New audit risk model • Continuous reporting and impact on auditor’s • report • Senior management support

  13. A Distinction between Continuous Auditing and Continuous Monitoring Continuous auditing does not necessarily have to generate a report; it is a process that tests transactions based upon prescribed criteria, identifies anomalies, and is the responsibility of the auditor. Continuous monitoring, on the other hand, is the responsibility of management, best defined in terms of the COSO Study control framework. Continuous monitoring, when employed by auditors, focuses on the control environment and not transactions.

  14. An evolving continuous auditframework Continuous Audit Continuous Audit Continuous Control Monitoring • Automation • Sensoring • ERP • E-Commerce Data CA = CCM+ C(D)A CA -> Continuous Audit CCM -> Continuous Control Monitoring C(D)A -> Continuous Data Assurance

  15. Unibanco – Advances to Clients Monitoring

  16. Some Key Issues • Two recent surveys (ACL and PWC) show that a large number of key companies are attempting to perform continuous audit like functions • An industry of software is evolving with ACL, IDEA, APPROVA, and others growing rapidly • Control Monitoring and Continuous Data Assurance are the main approaches • The first recorded application was AT&T Bell Laboratories CPAS effort in the 1986-1991 period • The Rutgers CarLab is working in leading applications

  17. Overview of CaR-Lab examples

  18. CAR-Lab Experiences • Control monitoring at Siemens • Transaction monitoring at Unibanco • Continuous (data) assurance at HCA • Other • Conceptual developments • Simulating Liberty • EBR work • KPMG projects

  19. Expanded Audit Coverage Significant Cost Savings Siemens' – Project Value Proposition Automated Business Process Controls Monitoring Project

  20. Siemens' – Project Features • Formalize & automate internal audit procedures used for business process controls monitoring • Conduct “man vs. model” assessments • Calibrate “exception rules” to optimize model performance • Scale up to all SAP instances • Increase frequency of model application, where feasible • Transition to Approva application and extend the model where optimal

  21. Implementing Continuous Audit

  22. Background • While technologies of continuous audit have been extensively discussed and are progressively emerging the more mundane issues of their implementation in a socio-technical environment have been neglected • http://www.theiia.org/itaudit/features/in-depth-features-2-10-08/feature-2/

  23. Priority • Areas 2. Rule 6. Action and Reaction 3. Frequency Audit Control Panel 5. Follow-up 4. Parameterization Six steps of process implementation

  24. Opportunities and Challenges

  25. Opportunities for business and research (1) • Control system measurement • We are in a pre-paradigmatic stage of control documentation and measurement • We do not know how to monitor controls in large ERPs • We do not know how to provide a really supportable opinion on controls • We do not know how to rate combinations of controls • Business Process Monitoring and Alarming • Auditors have to carve a position on the new monitoring and control environment • Auditors can collect exception “alarms” as trusted parties and incorporate these into evidentiary matter • Auditors can be “trusted”

  26. Opportunities (2) • Automatic Confirmation Tools • Confirmations will have an increased evidentiary role with eventual elimination of population and integrity worries • Intelligent confirmatory tags can do much • Database to database hand-shaking will be medium • Business opportunity for auditors • Audit bots (agents) • Many of the basic audit functions can be emulated by software • These must be eventually developed by the profession to work hand-in-hand with human auditors in the new audit world • These agents will work on all areas including: 1) audit planning, 2) analytical reviews, 4) confirmations, and )5 evergreen opinions

  27. Opportunities (3) • Collecting forensic trails • Auditor “black” box • Publishing real-time authenticated reports for different compliance masters • Publishing FD independent compliance reports

  28. Challenges • Standards are needed for CA • Audit monitoring needs to be defined • Types of evidence are to change and must be reconsidered • Independence needs to be re-defined • The billing model has to be restructured to bill on function not hours • Audit firms must put improved knowledge collection and management processes to feed their audit analytic toolkit • Audit firms have to engage in auditor automation and pro-actively promote corporate data collection during-the-process • Value added must be justified in terms of data quality

  29. Conclusions • Attention must be paid to the organizational processes that implement continuous audit • There are 6 key steps to progressively implement a CA program module by module • The CA process is dynamic and CA management will change schedule and parameters of each process • The organization of the audit process must be evolved progressively

  30. Issues

More Related