Continuous auditing tianli xie_20241457

Continuous Auditing

Tianli XieJuly 3rd, 2011Section 1

What is Continuous Auditing (CA)?

ISACA: “the collection of audit evidence, by an auditor, on systems and transactions, on a continuous basis through a period”

External Auditors: electronic audit evidence gathering process to render an opinion on fair presentation of financial statements (Rezaee et al)

Internal Auditors: process to evaluate business processes and assess management’s monitoring process of the control and disclosure environment (Rezaee et al)

Continuous Monitoring (CM)A tool for management Automatic and continuous monitoring of:◦compliance of business processes and

transactions against company rules, policies and objectives

◦effectiveness of internal controlsSome techniques/procedures are similarCA and CM complement each other

CA’s advantages over traditional external auditing

CCM

•continuous control monitoring

•monitors the internal control effectiveness

•verifies the programming code of the controls retrieved in read-only format against appropriate benchmark to see whether it is actually achieving its purpose

CDA

•continuous data assurance

•attests information system data integrity

•1st level filter: transaction verification

•2nd level filter: analytical procedures on transactional level

CRMA

•continuous risk monitoring and assessment

•assesses risks to provide input for audit planning

•collects real time inputs relating to change in environment to generate a new risk profile

•change the CCM and CDA software and techniques and the audit plan accordingly

Traditional

Purchase Listing

Item A $5,000

Item B $5,000 DL

Programming code:

@IF( SERV_YEARS >= 5 .AND. DAYS_ABSENT_ACTUAL <= 30, 0.2* MON_SAL_DOLLAR )

CA

CCM

•continuous control monitoring

•monitors the internal control effectiveness

•verifies the programming code of the controls retrieved in read-only format against appropriate benchmark to see whether it is actually achieving its purpose

CDA

•continuous data assurance

•attests information system data integrity

•1st level filter: transaction verification

•2nd level filter: analytical procedures on transactional level

CRMA

•continuous risk monitoring and assessment

•assesses risks to provide input for audit planning

•collects real time inputs relating to change in environment to generate a new risk profile

•change the CCM and CDA software and techniques and the audit plan accordingly

Traditional audit

Manual procedures

Annual audit

Annual option

trend, regression and ratio analytics

Sample testing

Continuous Audit

Automated procedures

Frequent to real time audit

Evergreen/on demand opinion

regression, classification, association and clustering analytics

100% population

Cost reduction

Traditional audit

Manual procedures

Annual audit

Annual option


Sample testing

Continuous Audit





100% population

Cost reduction

Traditional audit

Manual procedures

Annual audit

Annual option


Sample testing

Continuous Audit





100% population

Cost reduction

Traditional audit

Manual procedures

Annual audit

Annual option


Sample testing

Continuous Audit





100% population

Cost reduction

Traditional audit

Manual procedures

Annual audit

Annual option


Sample testing

Continuous Audit





100% population

Cost reduction

Traditional audit

Manual procedures

Annual audit

Annual option


Sample testing

Continuous Audit





100% population

Cost reduction

Demand for CA

SOX

Growing complexity of business transactions

Trend towards continuous reporting (ie. MD&A, XBRL)

Wide adoption of ERP systems and data warehouses

More responsibilities for fraud detection

Demand for CA

CA Implementation

1. Business case

cost benefit analysisHard to justify using ROI aloneRecommended to develop specific cases

where CA is value adding and cost saving

2. Client Pre-requisiteGood control environment

Good data integrity

Understanding of company system and controls in place

Senior executive and BOD support

3. Adoption Strategyprioritize the risk areas under each

business process◦ROI, degree of risk and costs and benefits

start with a less complex, high return and low cost project

quick realization of benefits gain support

4. Planning scope and objectivesresources and timeline roles and responsibilities

5. Design and implementationestablish the business rules, controls

and analytical procedure benchmarks

frequency of testing

follow up procedures

6. Monitoring and communicationresults and benefits reported to

stakeholders

CA software

Barriers to CA

Barriers to CACost constraint

Hard to demonstrate benefits using ROI

Lack of system integration (decentralized)

Lack of data integrity and control environment

Staff resistance

Current CA adoption and future outlook

Education

Continuous auditing tianli xie_20241457