Access violations
, 116–117
Accounting Standards Board (ASB)
, 171
Activity-Based Management
, 153
Adaptation to technologies
, 78–79
Advanced Decision Support System
, 131
Agency costs, continuous online auditing of
, 139–141
American Institute of Certified Public Accountants (AICPA)
, 32, 54, 59, 150, 173, 188, 251
Accounting Standards Board
, 171
ASEC Emerging Assurance Technologies Task Force
, 27
assurance independence
, 162
Assurance Services Executive Committee
, 294
Auditing Procedures Study
, 178
Committee on Continuous Auditing
, 130
Elliot Committee
, 129, 152, 158
Enhanced Business Reporting project
, 8
Red Book
, 7, 8, 16, 46, 249, 261
Statement on Auditing Procedure
, 286, 288–289
Systems Reliability Task Force
, 129–130
SysTrust
, 130, 152, 158, 160
Vision Project 1998
, 170
WebTrust
, 130, 152, 158, 160
Analytical procedures
, 277
Analytic method
, 34–36, 78
Analytic monitoring, for continuous assurance
, 191–215
automatic confirmations
, 212–213
continuity equations
, 208–209
control tags
, 213
data taps
, 211–212
dynamic reconciliation of accounts
, 211
hierarchy of auditing
, 204–205
levels of assurance and audit objectives
, 196–202
MC layer
, 205–207
outcomes
, 213–214
process
, 203–204
supply and demand
, 193–196
tagging data accuracy
, 209–210
tertiary ‘black box’ monitoring
, 207
time series analysis
, 210–211
timing of
, 202–203
tools for
, 207–213
Annual World Continuous Auditing and Reporting Symposium
, 323
Anti-money laundering
, 15
Application agents
, 306–308, 311
Artificial neural network assistant (ANNA)
, 61
Association of Certified Fraud Examiners
, 289
Assurance
, 8
continuous
, 149–165, 251
continuous data
, 9, 261–268, 277
control level
, 30
costs of providing
, 160–161
embedded modules
, 163–164
entity
, 36
estimation of
, 200–201
independence
, 162, 164
judgment
, 201–202
levels of
, 29–30, 196–202
measurement rule
, 199–200
products, ownership of
, 161–162
Assurance Services Executive Committee (ASEC)
, 294
Emerging Assurance Technologies Task Force
, 27
Assuror’s independence, and continuous assurance
, 162–164
AT&T Corp.
, 3, 248, 273
continuity equations
, 208
continuous monitoring versus continuous auditing
, 18
Continuous Process Audit System. See Continuous Process Audit System (CPAS)
RCAM system
, 11, 17–18
transaction evaluation
, 199
Audit Action Sheets (AASs)
, 224–226, 236, 239, 254, 256, 259, 260
selection of
, 230–233
Audit applications approach
, 294
Audit Applications Group (AAG)
, 184
Audit automation
, 56–57, 75
Audit Command Language (ACL)
, 175, 195, 248, 249, 250, 268, 288
Audit Data Standard (ADS)
, 26–28
ecosystem architecture
, 28
Audit data warehouse model
, 293–294
Audit ecosystem
, 42–45
characteristics of
, 43, 299, 309
defined
, 299
external influences on
, 310
to support blockchain-based accounting and assurance
, 299–312
Auditees–auditors relationship
, 144
Auditing: A Journal of Practice and Theory
, 3
Auditing Standards Board
, 178
Statement on Auditing Standards
, 178, 266, 267
Audit-like organizations (ALOs)
, 16, 20, 21
Audit methodology, continuous auditing innovations in
, 273–278
audit reporting
, 278
automation of audit procedures
, 275
continuous or frequent audit
, 274
data modeling and data analytics, for monitoring and testing
, 277–278
internal and external auditors, work and role of
, 275–276
nature, timing, and extent of testing
, 276–277
proactive audit
, 274
Audit modules into DBMS application programs, embedding of
, 110–111
Audit objectives
, 196–202
Auditor interface
, 117–119
Auditors
external
, 2
heuristics
, 92
internal
, 2
relationship with auditees
, 144
Audit Reference Library (ARL)
, 184
Audit risk assessment
, 134
Audit trial of continuous monitoring of business process controls
, 243
Australian Institute of Chartered Accountants
Continuous Assurance for the Now Economy
, 16
Automated auditing capability, building
, 169–188
continuous auditing applications
, 182–186
future research
, 186–188
Automated continuous transaction verification environment (ACTVE)
, 60
Automatic confirmations
, 212–213
Automation
, 10, 240, 272, 275, 290
audit
, 56–57, 75
data analytics as precursor to
, 315–321
migration of functions to
, 41–42
path for future
, 76–77
Canadian Institute of Chartered Accountants (CICA)
, 32, 54, 59, 171, 173
Committee on Continuous Auditing
, 130
Red Book
, 7, 8, 16, 46, 249, 261
Systems Reliability Task Force
, 129–130
SysTrust
, 130, 152, 158, 160
WebTrust
, 130, 152, 158, 160
Carolina Power and Light
SMART Auditing
, 183
Center for Audit Quality (CAQ)
, 27
Choice of assertion
, 33–34
Cognitive effects, of continuous online auditing
, 143
Committee on Continuous Auditing (CICA/AICPA)
, 130
Compliance monitoring (COMO)
continuous
, 14–16
Computerized aided audit tools (CAATs)
, 1, 195, 244, 250, 287, 288, 290–292
Concurrent auditing techniques (CAT)
, 106–108
Continuity equations
, 208–209, 262
Continuous and intermittent simulation (CIS)
, 179
Continuous assurance (CA)
, 251
analytic monitoring for
, 191–215
in ASP setting, analysis of
, 150–152
assuror’s independence and
, 162–164
business transactions, continuous reading of
, 153–154
components of
, 152–153
demand for
, 155–159
feasibility and economics of
, 149–165
issues for future research
, 164
paying for
, 160–162
supply and demand for
, 193–196
technical architecture of
, 162–164
timing of
, 202–203
transaction monitoring, assurance, and reporting
, 154–155
Continuous Audit
, 3, 7, 8, 16, 46, 249, 261
Continuous auditing (CA)
characteristics of
, 62–75
defined
, 2, 8, 54, 169, 173–174, 186, 221, 251
distinguished from traditional auditing
, 273
elements of
, 10, 20–21
emergence of
, 56–57
guidance on
, 16
implementation of
, 60–61
process
, 174–176
research directory 1983–2011
, 327–338
research distribution
, 4
versus continuous monitoring
, 16–20
See also individual entries
Continuous Audit Monograph
, 291
Continuous audit tools and techniques (CATTs)
, 175, 178, 179, 187
Continuous compliance monitoring
, 14–16
Continuous control monitoring (CCM)
, 9, 12–13, 23–24, 59–60, 71, 74, 252, 277
implementation of
, 60–61
Siemens
, 254–261
Continuous data assurance (CDA)
, 9, 261–268, 277
Continuous data audit
, 11–12
Continuous Management Monitoring (CMM)
, 268
Continuous monitoring (CM)
versus continuous auditing
, 16–20
Continuous monitoring of business process controls (CMBPC)
, 59, 219–245
Audit Action Sheets, selection of
, 230–233
audit trial of
, 243
CA analyzer
, 234–239
continuous monitoring software, developers of
, 243–244
control and alarm hierarchy, management of
, 240–243
data issues
, 233
formalization
, 239–240
implementation of
, 230–239
MC layer–ERP system interaction
, 229–230
modes of
, 226–228
pilot implementation
, 222–226
reengineering
, 239–240
system architecture for
, 228–229
Continuous online auditing (COA)
, 58, 125–147, 250
architectural issues
, 132–137
database applications
, 128–129
defined
, 126–127
economic feasibility
, 127–128
effects/consequences
, 138–146
experiences
, 129–132
factors affecting
, 137–138
history and institutional background
, 128–147
program of research in
, 132–146
research priorities
, 133, 146–147
technological feasibility
, 127
Continuous Process Audit Methodology (CPAM)
online systems
, 88, 92, 102, 103
Continuous Process Audit System (CPAS)
, 17–19, 249, 250
Advanced Decision Support System
, 131
architecture
, 131
online systems
, 87, 88, 92, 94–98, 101–103, 130–132
software implementation
, 96–101
Continuous risk monitoring and assessment (CRMA)
, 13–14, 20, 59
Control(s)
, 231, 240–243
charts
, 60
compliance
, 9
level assurance
, 30
processes, improvement on
, 214
settings
, 227
structure
, 9
tags
, 213
violations
, 116
Costs of providing assurance
, 160–161
Data
, 9
capture
, 134
integrity
, 214
mining
, 315
modeling
, 277–278
source
, 32–33
standardization
, 181
taps
, 211–212
Data analytics
, 277–278
exceptions versus audit automation exceptions
, 316
as precursor to audit automation
, 315–321
Database applications, continuous audit of
, 128–129
Database Management System (DBMS)
, 56, 90–91
audit modules into DBMS application programs, embedding of
, 110–111
controls using DBMS facilities, establishing
, 109–110
environment, need for EAMs in
, 106–107
Data description language (DDL)
, 108–110, 123
Data warehousing project interrelationships, auditing of
, 183
Decentralized Autonomous Organization/Corporation (DAO/DAC)
, 301, 303, 305
Decision Support Systems
, 3
Deloitte & Touche, LLP
, 176, 319
Demand for continuous assurance
guarantee of
, 156–158
inherent
, 155–156
real-time assurance
, 158–159
Development and intellectual structure, of continuous auditing research
, 53–81
continuous auditing, characteristics of
, 62–75
continuous controls monitoring
, 59–60
electronic data processing and audit automation
, 56–57
implications of
, 80–81
paths for future research
, 75–80
real-time reporting and assurance, demanding and promoting
, 57–59
Development of continuous auditing
, 249–251
Direct costs, continuous online auditing of
, 139
Discrepancy analysis
, 207
Distributed resource protection mechanism
, 305
Dynamic reconciliation of accounts
, 211
Economic feasibility, of continuous online auditing
, 127–128
EDGAR system
, 65, 172, 250
Electronic data interchange (EDI)
, 57, 163, 170, 250
Electronic data processing (EDP)
, 56–57, 126, 135, 179, 287
Electronic Data Processing and Auditing
, 286–287
Electronic financial reporting
, 171–173
Elliot Committee
, 129, 152, 158
Embedded assurance modules
, 163–164
Embedded audit modules (EAMs)
, 57, 105–123, 228, 229, 258, 292, 293
access violations
, 116–117
advantages of
, 121–122
audit modules into DBMS application programs, embedding of
, 110–111
auditor interface
, 117–119
as audit tool, use of
, 119–121
control violations
, 116
controls using DBMS facilities, establishing
, 109–110
database control and security
, 109
in DBMS environment, need for
, 106–107
drawbacks of
, 122
error handling approaches
, 112
implementation of
, 112–116
operational considerations
, 121
prior research
, 107–108
Enhanced Business Reporting (EBR) project
, 8
Enterprise resource planning (ERP) systems
, 9, 10, 13, 14, 22, 24, 30, 32, 58, 127, 150, 154, 161, 188, 193, 195–196, 272
interaction with MC layer
, 229–230
EQUEL (Embedded QUEry Language)
, 112–113
Equity Funding Corporation scandal of 1973
, 287–288
Error handling approaches
, 112
ETL (extract, transform, and load) process
, 179, 181
Evolution of auditing
, 285–296
Expanded opinion conceptualization
, 37
Exploratory Data Analysis (EDA)
, 34, 47
EXtensible Business Reporting Language (XBRL)
, 58, 65, 74, 171, 172, 186, 188, 250, 268
EXtensible Markup Language (XML)
, 171
Extent of testing
, 276–277
External audit
, 8
technology
, 88
External auditors
, 2
characteristics of
, 138
work and role of
, 275–276
External contracts, continuous online auditing of
, 143–144
Exxon Company USA
, 183–184
IBM
, 3, 273, 287
IMS
, 90
internal audit approach
, 17
Watson
, 319
Incremental technological change
, 26
Industrial Revolution
, 286
Information and communication technologies (ICT)
, 302
Information brokering agents
, 306
Information Systems Audit and Control Association (ISACA)
, 3
IT Audit and Assurance Guidelines, G42, Continuous Assurance
, 16
Information Systems Reliability service
, 129
Information technology (IT)
, 22–28, 221
Audit Data Standard
, 26–28
database audit
, 24–25
evolution of
, 22–23
incremental technological change
, 26
Innovation
, 271–281
in audit methodology
, 273–278
technological process
, 272
Institute of Internal Auditors (IIA)
, 3, 248, 268
GTAG 3 Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment
, 16
Integrated test facilities (ITF)
, 108, 178, 179, 292
Interactive Data Extraction and Analysis (IDEA)
, 288
Internal audit
, 8, 54
technology
, 88
Internal auditors
, 2
work and role of
, 275–276
Internal controls
, 56, 76
Internal vs. external COA effects
, 144
International Federation of Accountants (IFAC)
, 60
International Journal of Accounting Information Systems
, 3
International Journal of Digital Accounting Research, The
, 3
Interoperation agents
, 306
SAP
, 12, 134, 188, 249, 318
Audit Action Sheet
, 224, 225
Business Warehouse
, 238
SAP R/3
, 127, 163, 179, 222, 224, 227, 229, 243
Sarbanes Oxley Act of 2002 (SOX)
, 1, 11, 29, 41, 192, 193, 251–252, 288, 296
Section
, 201, 65, 244, 252
Section
, 404, 65, 76, 214, 224, 244, 252, 254, 261, 268
Section
, 409, 58
Scope of auditing
, 134–135
Securities Act of 1933
, 7
Securities and Exchange Act of 1934
, 1, 7, 286
Securities and Exchange Commission (SEC)
, 286, 288
Security of continuous online auditing
, 136–137
Selective Monitoring and Assessment of Risks and Trends (SMART) Auditing
, 183
Service oriented computing (SOC)
, 304
Siemens
, 3, 11, 59, 253, 268, 273
continuous control monitoring
, 254–261
continuous monitoring of business process controls
, 222–245
Simultaneous Equation Modeling (SEM)
, 265
Small Audit Support (SAS)
, 175
Snapshot approach and systems control and audit review facility (SCARF)
, 179
Software-based agent research
, 302
Special Committee on Assurance Services (SCAS). See Elliot Committee
Specific area of emphasis
, 65–66
longitudinal analysis of research method by
, 67–70
longitudinal analysis of topical area by
, 70–75
Standards, formalizing
, 79
Statement on Auditing Procedure (SAP)
, 286
Statement on Auditing Standards (SAS)
, 178, 266, 267
Supply and demand, for continuous assurance
, 193–196
Supply chain management (SCM)
, 1, 153
System-level support agents
, 306
Systems Reliability Task Force (CICA/AICPA)
, 129–130
SysTrust
, 152, 160
denomination–system reliability assurance
, 130