Upload
pcrabbit999
View
206
Download
0
Tags:
Embed Size (px)
Citation preview
Continuous Auditing
Tianli XieJuly 3rd, 2011Section 1
What is Continuous Auditing (CA)?
ISACA: “the collection of audit evidence, by an auditor, on systems and transactions, on a continuous basis through a period”
External Auditors: electronic audit evidence gathering process to render an opinion on fair presentation of financial statements (Rezaee et al)
Internal Auditors: process to evaluate business processes and assess management’s monitoring process of the control and disclosure environment (Rezaee et al)
Continuous Monitoring (CM)A tool for management Automatic and continuous monitoring of:◦compliance of business processes and
transactions against company rules, policies and objectives
◦effectiveness of internal controlsSome techniques/procedures are similarCA and CM complement each other
CA’s advantages over traditional external auditing
CCM
•continuous control monitoring
•monitors the internal control effectiveness
•verifies the programming code of the controls retrieved in read-only format against appropriate benchmark to see whether it is actually achieving its purpose
CDA
•continuous data assurance
•attests information system data integrity
•1st level filter: transaction verification
•2nd level filter: analytical procedures on transactional level
CRMA
•continuous risk monitoring and assessment
•assesses risks to provide input for audit planning
•collects real time inputs relating to change in environment to generate a new risk profile
•change the CCM and CDA software and techniques and the audit plan accordingly
Traditional
Purchase Listing
Item A $5,000
Item B $5,000 DL
Programming code:
@IF( SERV_YEARS >= 5 .AND. DAYS_ABSENT_ACTUAL <= 30, 0.2* MON_SAL_DOLLAR )
CA
CCM
•continuous control monitoring
•monitors the internal control effectiveness
•verifies the programming code of the controls retrieved in read-only format against appropriate benchmark to see whether it is actually achieving its purpose
CDA
•continuous data assurance
•attests information system data integrity
•1st level filter: transaction verification
•2nd level filter: analytical procedures on transactional level
CRMA
•continuous risk monitoring and assessment
•assesses risks to provide input for audit planning
•collects real time inputs relating to change in environment to generate a new risk profile
•change the CCM and CDA software and techniques and the audit plan accordingly
Traditional audit
Manual procedures
Annual audit
Annual option
trend, regression and ratio analytics
Sample testing
Continuous Audit
Automated procedures
Frequent to real time audit
Evergreen/on demand opinion
regression, classification, association and clustering analytics
100% population
Cost reduction
Traditional audit
Manual procedures
Annual audit
Annual option
trend, regression and ratio analytics
Sample testing
Continuous Audit
Automated procedures
Frequent to real time audit
Evergreen/on demand opinion
regression, classification, association and clustering analytics
100% population
Cost reduction
Traditional audit
Manual procedures
Annual audit
Annual option
trend, regression and ratio analytics
Sample testing
Continuous Audit
Automated procedures
Frequent to real time audit
Evergreen/on demand opinion
regression, classification, association and clustering analytics
100% population
Cost reduction
Traditional audit
Manual procedures
Annual audit
Annual option
trend, regression and ratio analytics
Sample testing
Continuous Audit
Automated procedures
Frequent to real time audit
Evergreen/on demand opinion
regression, classification, association and clustering analytics
100% population
Cost reduction
Traditional audit
Manual procedures
Annual audit
Annual option
trend, regression and ratio analytics
Sample testing
Continuous Audit
Automated procedures
Frequent to real time audit
Evergreen/on demand opinion
regression, classification, association and clustering analytics
100% population
Cost reduction
Traditional audit
Manual procedures
Annual audit
Annual option
trend, regression and ratio analytics
Sample testing
Continuous Audit
Automated procedures
Frequent to real time audit
Evergreen/on demand opinion
regression, classification, association and clustering analytics
100% population
Cost reduction
Demand for CA
SOX
Growing complexity of business transactions
Trend towards continuous reporting (ie. MD&A, XBRL)
Wide adoption of ERP systems and data warehouses
More responsibilities for fraud detection
Demand for CA
CA Implementation
1. Business case
cost benefit analysisHard to justify using ROI aloneRecommended to develop specific cases
where CA is value adding and cost saving
2. Client Pre-requisiteGood control environment
Good data integrity
Understanding of company system and controls in place
Senior executive and BOD support
3. Adoption Strategyprioritize the risk areas under each
business process◦ROI, degree of risk and costs and benefits
start with a less complex, high return and low cost project
quick realization of benefits gain support
4. Planning scope and objectivesresources and timeline roles and responsibilities
5. Design and implementationestablish the business rules, controls
and analytical procedure benchmarks
frequency of testing
follow up procedures
6. Monitoring and communicationresults and benefits reported to
stakeholders
CA software
Barriers to CA
Barriers to CACost constraint
Hard to demonstrate benefits using ROI
Lack of system integration (decentralized)
Lack of data integrity and control environment
Staff resistance
Current CA adoption and future outlook