Search results
1 – 10 of over 2000Ka I. Pun, Yain Whar Si and Kin Chan Pau
Intensive traffic often occurs in web‐enabled business processes hosted by travel industry and government portals. An extreme case for intensive traffic is flash crowd situations…
Abstract
Purpose
Intensive traffic often occurs in web‐enabled business processes hosted by travel industry and government portals. An extreme case for intensive traffic is flash crowd situations when the number of web users spike within a short time due to unexpected events caused by political unrest or extreme weather conditions. As a result, the servers hosting these business processes can no longer handle overwhelming service requests. To alleviate this problem, process engineers usually analyze audit trail data collected from the application server and reengineer their business processes to withstand unexpected surge in the visitors. However, such analysis can only reveal the performance of the application server from the internal perspective. This paper aims to investigate this issue.
Design/methodology/approach
This paper proposes an approach for analyzing key performance indicators of traffic intensive web‐enabled business processes from audit trail data, web server logs, and stress testing logs.
Findings
The key performance indicators identified in the study's approach can be used to understand the behavior of traffic intensive web‐enabled business processes and the underlying factors that affect the stability of the web server.
Originality/value
The proposed analysis also provides an internal as well as an external view of the performance. Moreover, the calculated key performance indicators can be used by the process engineers for locating potential bottlenecks, reengineering business processes, and implementing contingency measures for traffic intensive situations.
Details
Keywords
The purpose of this paper is to demonstrate the technical feasibility of implementing multi-view visualization methods to assist auditors in reviewing the integrity of high-volume…
Abstract
Purpose
The purpose of this paper is to demonstrate the technical feasibility of implementing multi-view visualization methods to assist auditors in reviewing the integrity of high-volume accounting transactions. Modern enterprise resource planning (ERP) systems record several thousands of transactions daily. This makes it difficult to find a few instances of anomalous activities among legitimate transactions. Although continuous auditing and continuous monitoring systems perform substantial analytics, they often produce lengthy reports that require painstaking post-analysis. Approaches that reduce the burden of excessive information are more likely to contribute to the overall effectiveness of the audit process. The authors address this issue by designing and testing the use of visualization methods to present information graphically, to assist auditors in detecting anomalous and potentially fraudulent accounts payable transactions. The strength of the authors ' approach is its capacity for discovery and recognition of new and unexpected insights.
Design/methodology/approach
Data were obtained from the SAP enterprise (ERP) system of a real-world organization. A framework for performing visual analytics was developed and applied to the data to determine its usefulness and effectiveness in identifying anomalous activities.
Findings
The paper provides valuable insights into understanding the use of different types of visualizations to effectively identify anomalous activities.
Research limitations/implications
Because this study emphasizes asset misappropriation, generalizing these findings to other categories of fraud, such as accounts receivable, must be made with caution.
Practical implications
This paper provides a framework for developing an automated visualization solution which may have implications in practice.
Originality/value
This paper demonstrates the need to understand the effectiveness of visualizations in detecting accounting fraud. This is directly applicable to organizations investigating methods of improving fraud detection in their ERP systems.
Details
Keywords
Héctor Rubén Morales, Marcela Porporato and Nicolas Epelbaum
The technical feasibility of using Benford's law to assist internal auditors in reviewing the integrity of high-volume data sets is analysed. This study explores whether Benford's…
Abstract
Purpose
The technical feasibility of using Benford's law to assist internal auditors in reviewing the integrity of high-volume data sets is analysed. This study explores whether Benford's distribution applies to the set of numbers represented by the quantity of records (size) that comprise the different tables that make up a state-owned enterprise's (SOE) enterprise resource planning (ERP) relational database. The use of Benford's law streamlines the search for possible abnormalities within the ERP system's data set, increasing the ability of the internal audit functions (IAFs) to detect anomalies within the database. In the SOEs of emerging economies, where groups compete for power and resources, internal auditors are better off employing analytical tests to discharge their duties without getting involved in power struggles.
Design/methodology/approach
Records of eight databases of an SOE in Argentina are used to analyse the number of records of each table in periods of three to 12 years. The case develops step-by-step Benford's law application to test each ERP module records using Chi-squared (χ²) and mean absolute deviation (MAD) goodness-of-fit tests.
Findings
Benford's law is an adequate tool for performing integrity tests of high-volume databases. A minimum of 350 tables within each database are required for the MAD test to be effective; this threshold is higher than the 67 reported by earlier researches. Robust results are obtained for the complete ERP system and for large modules; modules with less than 350 tables show low conformity with Benford's law.
Research limitations/implications
This study is not about detecting fraud; it aims to help internal auditors red flag databases that will need further attention, making the most out of available limited resources in SOEs. The contribution is a simple, cheap and useful quantitative tool that can be employed by internal auditors in emerging economies to perform the first scan of the data contained in relational databases.
Practical implications
This paper provides a tool to test whether large amounts of data behave as expected, and if not, they can be pinpointed for future investigation. It offers tests and explanations on the tool's application so that internal auditors of SOEs in emerging economies can use it, particularly those that face divergent expectations from antagonist powerful interest groups.
Originality/value
This study demonstrates that even in the context of limited information technology tools available for internal auditors, there are simple and inexpensive tests to review the integrity of high-volume databases. It also extends the literature on high-volume database integrity tests and our knowledge of the IAF in Civil law countries, particularly emerging economies in Latin America.
Details
Keywords
Alexandra Kanellou and Charalambos Spathis
The purpose of this article is to provide a selective and comprehensive literature review based on previous research within auditing and enterprise systems (ES). This is done to…
Abstract
Purpose
The purpose of this article is to provide a selective and comprehensive literature review based on previous research within auditing and enterprise systems (ES). This is done to identify research gaps, propose directions for future research and guide researchers and practitioners on how to better synthesize these two areas. Interaction between ES and auditing is in need of more academic research and practical investigation, which may lead to the development of better solutions, guidelines and frameworks.
Design/methodology/approach
A total of 31 academic studies from 2000 to 2010 were included in this study. After reading these studies, different areas had been selected and were addressed in five categories: the future of audit in ES environment, modern audit tools and techniques, changes of auditors' role, differences in perceptions between financial auditors and IT auditors, ERP and compliance with regulations.
Findings
ES implementation results in audit process reengineering and increases the need of continuous monitoring of transactions. The presence of IT auditors becomes critical, while financial auditors are asked to enhance their skills in order to be able to conduct effective audit tests. Modern audit tools and techniques must be used so that internal control processes will be appropriate for an ES.
Research limitations/implications
It is not an exhaustive list and some relevant publications might have been overlooked. Much literature has been scanned by reading the title only. In order to conduct a comprehensive review the topical focus was kept relatively narrow on auditing and ES.
Practical implications
Researchers and practitioners must take into consideration the interaction between ES and auditing in order to advance research in this area. Companies must understand the changes that occur in the audit procedure due to ES implementation, so that they will design efficient audit tests and auditors must enhance their knowledge in order to be able to conduct these tests effectively.
Originality/value
This study uncovers and classifies current research within auditing and ES (focusing mostly on ERP systems).
Details
Keywords
Il‐hang Shin, Myung‐gun Lee and Woojin Park
The purpose of this paper is to introduce the continuous auditing system based on continuous monitoring and its implementation methodology; also to present a systematic case study…
Abstract
Purpose
The purpose of this paper is to introduce the continuous auditing system based on continuous monitoring and its implementation methodology; also to present a systematic case study of actual continuous auditing systems implemented in the financial industry and the manufacturing industry.
Design/methodology/approach
The paper examines the method of implementing the continuous auditing system in the enterprise resource planning (ERP) environment, and suggests how the continuous auditing system can take firm root by looking at the successful introduction of the continuous auditing system in the financial industry and the manufacturing industry.
Findings
The proposed method of implementing the continuous auditing system has the 2stage approaches which can be applied to various kinds of companies in the ERP‐based environment. In addition, the proposed cases have the important practical implications acquired in the process of implementing the continuous auditing system in the financial industry and the manufacturing industry.
Practical implications
This study will help many corporations facing various types of corruption or circumvention of internal control, with their internal auditing, by showing them how to use the continuous auditing system to reinforce internal control. Also, it will make the independent auditor understand audited company's continuous monitoring system and lead to use the infrastructure for efficient and effective external auditing.
Originality/value
The proposed method and cases of implementing the continuous auditing system offer an innovative approach to auditing in the ERP‐based environment because it facilitates both internal auditor and external auditor to achieve the audit objectives efficiently and effectively.
Details
Keywords
Munir Majdalawieh, Sofiane Sahraoui and Reza Barkhi
The pressure is on organizations to go beyond automating their internal audit activities and develop and integrate internal auditing into business processes of the enterprise…
Abstract
Purpose
The pressure is on organizations to go beyond automating their internal audit activities and develop and integrate internal auditing into business processes of the enterprise. This paper aims to propose a “full power” continuous auditing (CA) model with three key components: electronic audit evidence functions; intra‐process auditing; and inter‐process auditing.
Design/methodology/approach
This paper follows a design science approach by identifying relevant problems from the current literature, defining the objectives of the study, designing and developing the “full power” CA model, and evaluating the model. The model supports business process‐centric auditing and enhances the business monitoring capacities of organizations enabling the fulfillment of increasingly stringent compliance requirements with internal policies as well as external regulations.
Findings
This work has attempted to fill the gap between the enterprise solutions offered by enterprise system providers and a structured approach to auditing within enterprise environments by proposing the IIPCA model which combines the automated controls inherent in the systems with continuous audits based on electronic audit evidence. The approach provides for auditing both within and between processes ensuring comprehensiveness of the audit process.
Originality/value
The paper makes a contribution by proposing a “full power” continuous auditing model on the principle of continuous monitoring and with predefined building block components; facilitating the integration of continuous auditing within business information processing in an enterprise using different building blocks; and giving practitioners insight on the adoption of the CA in the enterprise and how it will enhance their audit effectiveness, and audit efficiency.
Details
Keywords
Yuan George Shan and Indrit Troshani
The purpose of this paper is to evaluate the impact of the International Financial Reporting Standards (IFRS) and eXtensible Business Reporting Language (XBRL) on audit fees based…
Abstract
Purpose
The purpose of this paper is to evaluate the impact of the International Financial Reporting Standards (IFRS) and eXtensible Business Reporting Language (XBRL) on audit fees based on evidence from listed companies operating in an emerging economy. Whilst IFRS constitute high-quality accounting standards, XBRL represents a technology standard that can enhance the usability of IFRS and overall financial reporting transparency.
Design/methodology/approach
Multivariate analyses are used on a sample of 1,798 firm-year observations between 2000 and 2011 from companies listed in the Shanghai Stock Exchange that were subject to XBRL and IFRS adoption mandates.
Findings
The main results suggest that XBRL has a main negative effect on audit fees which is weaker for larger firms. Additionally, the authors find that IFRS increases audit fees for all companies. Whilst this effect is positive for firms of different sizes, it is weaker for larger firms.
Research limitations/implications
Whilst the findings are applicable to the selected sample and may or may not be generaliseable to other economies, they can provide important implications for both regulators and companies that are undertaking IFRS convergence and XBRL implementation projects in developing economies around the world.
Originality/value
This study offers a timely assessment of the economic consequences of IFRS and XBRL on listed companies operating in an emerging economy, in addition to providing an important basis upon which further research can be designed in order to extend the analysis.
Details
Keywords
The purpose of this paper is to develop a theoretical framework that will help to examine the role of internal auditors (IAs) in enterprise resource planning (ERP) based…
Abstract
Purpose
The purpose of this paper is to develop a theoretical framework that will help to examine the role of internal auditors (IAs) in enterprise resource planning (ERP) based organizations. An ERP integrates all organizational functions in one powerful system that drives the organization strategically and also presents new challenges to the internal audit function.
Design/methodology/approach
A literature review is undertaken to highlight the role of IAs in an ERP environment.
Findings
The framework depicts the new relationships which the ERP system requires between the IAs and five associated groups: software vendors, information systems, information technology managers, ERP users, and consultants. ERP also gives interanl auditors an enabling technology to advise management on the implications of ERP for risk‐intelligence.
Research limitations/implications
This is a conceptual paper that has implications for internal auditing practice. Academic researchers will find this framework to be useful for testing it in the field. Practitioners will also benefit from this model when assessing the role of IAs in an ERP environment.
Originality/value
Prior research in the auditing field has overlooked this issue. This paper will attempt to fill such an apparent gap in prior research and will help motivate further research in this field.
Details
Keywords
Computers and the information they process are critical to many organizations’ ability to perform their mission and business functions. It therefore makes sense that executives…
Abstract
Computers and the information they process are critical to many organizations’ ability to perform their mission and business functions. It therefore makes sense that executives view computer security as a management issue and seek to protect their data which are stored in these computers. Presents a main objective of introducing a modeling design and verification of the monitoring part of common intrusion detection framework (CIDF) using Petri Nets. To enhance the security of a system by monitoring system activity and detecting a typical behavior, statistical unusual behavior must be found in the observation of the system. Such a monitoring system will be capable of detecting intrusion that could not be detected by any other means. These systems that do collect audit data are the only way to build a real secure system which is the most important part of the network. Presents a proposed model of the monitoring part of the CIDF based on Petri Nets modeling technique. Tests the proposed model using the Petri Nets properties.
Details