Search results

Given the growing interest in the topic, both in practice and academia, it is timely and important to examine the concept of continuous assurance (CA) and the possible paths along which such services will evolve. There has been a tendency to see CA purely from the point of view of its technological enablers. As such, it has virtually been taken for granted that CA will follow as a matter of course. What has been less thought through is the business architecture that must underlie CA. In particular, we show that the key driver of CA is the demand for it. While there may be many economic transactions between the company and its stakeholders that could benefit from the provision of CA, there is no guarantee that CA is either cost effective—the only way of enhancing efficiency—or actually has to be continuous. Other factors that will affect the development of CA are the need for a new infrastructure to pay for it, as well as concerns about the independence of the assurors. We also identify some important research issues.

There is an increasing recognition in the public audit profession that the emergence of big data as well as the growing use of business analytics by audit clients has brought new opportunities and challenges. That is, should more complex business analytics beyond the customary analytical procedures be used in the engagement and if so, where? Which techniques appear to be most promising? This paper starts the process of addressing these questions by examining extant external audit research. 301 papers are identified that discuss some use of analytical procedures in the public audit engagement. These papers are then categorized by technique, engagement phase, and other attributes to facilitate understanding. This analysis of the literature is categorized into an External Audit Analytics (EAA) framework, the objective of which is to identify gaps, to provide motivation for new research, and to classify and outline the main topics addressed in this literature. Specifically, this synthesis organizes audit research, thereby offering guidelines regarding possible future research about approaches for more complex and data driven analytics in the engagement.

In this paper we report on the approach we have developed and the lessons we have learned in an implementation of the monitoring and control layer for continuous monitoring of business process controls (CMBPC) in the US internal IT audit department of Siemens Corporation. The architecture developed by us implements a completely independent CMBPC system running on top of Siemens’ own enterprise information system which has read-only interaction with the application tier of the enterprise system. Among our key conclusions is that “formalizability” of audit procedures and audit judgment is grossly underestimated. Additionally, while cost savings and expedience force the implementation to closely follow the existing and approved internal audit program, a certain level of reengineering of audit processes is inevitable due to the necessity to separate formalizable and non-formalizable parts of the program. Our study identifies the management of audit alarms and the prevention of the alarm floods as critical tasks in the CMBPC implementation process. We develop an approach to solving these problems utilizing the hierarchical structure of alarms and the role-based approach to assigning alarm destinations. We also discuss the content of the audit trail of CMBPC.

The evolution of MIS technology has affected traditional auditing and created a new set of audit issues. This paper describes the Continuous Process Auditing System (CPAS) developed at AT&T Bell Laboratories for the internal audit organization that is designed to deal with the problems of auditing large paperless real-time systems. The paper discusses why the methodology is important and contrasts it with the traditional audit approach. CPAS is designed to measure and monitor large systems, drawing key metrics and analytics into a workstation environment. The data are displayed in an interactive mode, providing auditors with a work platform to examine extracted data and prepare auditing reports. CPAS monitors key operational analytics, compares these with standards, and calls the auditor’s attention to any problems that may exist. Ultimately, this technology will utilize system probes that will monitor the auditee system and intervene when needed.

The progressive computerization of business processes and widespread availability of computer networking make it possible to dramatically increase the frequency of periodic audits by redesigning the auditing architecture around Continuous Online Auditing (COA). Continuous auditing is viewed here as a type of auditing that produces audit results simultaneously with, or a short period of time after, the occurrence of relevant events. It is arguable that continuous auditing can be implemented only as an online system, i.e., a system that is permanently connected through computer networking to both auditees and auditors. This article proposes a research agenda for the emerging field of COA. First, the history, institutional background, feasibility of and some experiences in COA are briefly reviewed. Thereafter, a number of research issues relating to the architecture of COA, factors affecting the use of COA, and the major consequences of COA are presented. Finally, a selected number of research issues are highlighted as priorities for future research in COA.

The purpose of this project is to undertake continuous auditing and monitoring (CA/CM) implementations working with small-to-medium-sized (SME) not-for-profit (NFP) organizations of varying sizes, business purposes and levels of technical sophistication.

This paper discusses a project using a case study approach with an SME NFP entity.

The findings support the discussions in the literature regarding CA/CM adoption in organizations, particularly regarding its implementation benefits and challenges.

The project is not complete in that additional case studies could possibly offer additional applicability to the findings.

This case study illustrates the issues inherent with the process of adopting new technologies. It provides insights for others considering adoption of CA/CM tools or protocols.

The need for more reliable auditing has never been more urgent than it is today in the NFP environment, and this case study demonstrates how an NFP could address these critical needs of increased reporting accountability and internal controls.

The application of CA/CM is quite interesting and relevant in this modern real-time economy. This case study provides a new area of research in the field of CA/CM and, as such, contributes to the literature.