AUDIT ANALYTICS AUDIT
x8YaD9
x8YaD9
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>AUDIT</strong> <strong>ANALYTICS</strong> AND CONTINUOUS <strong>AUDIT</strong>:LOOKING TOWARD THE FUTURE<br />
ask of each activity during this phase is "What can go wrong?" because<br />
this will enhance discovery of relevant task characteristics such as how<br />
an activity can fail, how much risk exists, and the probability of<br />
occurrence and impact of potential risk exposure. Once all risks are<br />
identified and a profile is constructed, efforts gravitate toward the<br />
formulation and implementation of a meaningful set of KRIs able to<br />
productively monitor the risk environment.<br />
KRI Development and Implementation<br />
Key risk indicators are "metrics used by an organization to provide an<br />
early signal of increasing risk exposures in various areas of the<br />
enterprise" (CEB 2013). Each KRI should be a root cause identifier or a<br />
leading indicator of risk, such that a proactive response can be made in<br />
addressing detected problems. However, achieving this in practice is a<br />
non-trivial task. In a recent ERM function survey, 56 percent of<br />
respondents indicated the greatest difficulty in KRI development is<br />
establishing metrics that are leading indicators of risk (CEB 2013).<br />
Therefore, serious attention must be devoted to KRI construction. For<br />
example, if the inability to settle current liabilities is an identified risk,<br />
several potential KRIs might be envisioned, but many would be<br />
suboptimal. The current ratio might initially be suggested as a potential<br />
KRI in this situation, but at the point when this measure is indicative of a<br />
problem, it could be too late to prevent occurrence of the underlying risk<br />
event. Conversely, customer financial health trend information is a<br />
leading and more suitable KRI. In this case, if significant financial<br />
deterioration in the customer base is detected, then more effective<br />
corrective measures could be enacted to avoid having insufficient<br />
liquidity in clearing current liabilities as they mature.<br />
Moon (2014a) argues each KRI must possess two fundamental<br />
characteristics. First, it has to be measurable, but need not be purely<br />
objective. A KRI can be relatively subjective provided it is independently<br />
quantifiable and verifiable (Scandizzo 2005). For instance, information<br />
arising via text mining and sentiment analysis of news feeds and other<br />
electronic media could be synthesized in generating an effective KRI. In<br />
an application of this approach, relevant textual information is regularly<br />
analyzed, and variables such as information source quality, frequency<br />
and timing of news, and severity level of content are all determined and<br />
aggregated in computing an entity’s reputation risk score (RepRisk 2014).<br />
On the other hand, for the identified risk of manipulative earnings<br />
management, one might view tone-at-the-top as a potential KRI. The<br />
underlying rationale might be that this variable is highly correlated with<br />
organizational culture as well as the propensity for unethical behavior.<br />
However, evaluating tone-at-the-top would prove extremely challenging<br />
from the standpoint of measurability, and if the proposed KRI is not<br />
134