AUDIT ANALYTICS AUDIT

More documents

Recommendations

Info

ESSAY 6: MANAGING RISK AND THE AUDIT PROCESS objectively quantifiable and verifiable, it would be an unsatisfactory indicator. Second, a KRI must be relevant, meaning that changes in the measure must result in corresponding alterations in the probability of target risk event emergence. For instance, employee turnover rate might be considered as a proxy for risk of having material errors in the financial statements. While this seems a reasonable assumption, if the measure is not found to be highly predictive of the risk event, then it would not be a useful KRI in this context. Beyond being measurable and relevant, KRIs should also be non-redundant, easy to monitor, and auditable (Scandizzo 2005). To meet the first of these criteria, if two or more KRIs are highly correlated, then only one of the metrics is needed. Presumably, the retained KRI would be that which provides the greatest benefit in terms of risk monitoring and assessment quality. In fulfilling the second criterion, each KRI should be relatively easy and cost-effective to measure and report. To meet the final requirement, complete documentation of all indicators and corresponding data sources used for measurement should be consistently maintained. Table 6-1 provides some theoretical KRIs and associated applications so as to facilitate initial thinking about risk measure development. Table 6-1: Subset of Potential Key Risk Indicators Key Risk Indicator Segregation of duty violations Percent of uncollected sales Customer financial health Customer complaints Accounting employee turnover Password reset requests Ratio of book value to fair value for depreciable assets Customer attrition Research and development spending Tone of media coverage Phishing incidents To monitor risk of problems relative to: Internal control failures and misappropriation of assets Estimation quality and manipulative earnings management Cash flows, collections, and debt covenants Sales and customer base; product, labor, and process quality Error, fraud, and earnings management Control failure, fraud, data integrity or loss Estimation quality, errors, and manipulative earnings management Revenues and debt obligations Innovation, vision, organizational health, and management Corporate governance; management policies and practices Controls, external fraud, and data compromise 135
AUDIT ANALYTICS AND CONTINUOUS AUDIT:LOOKING TOWARD THE FUTURE In addition to formulating a comprehensive set of KRIs that are leading, meaningful measures of associated risk events, benchmarks must also be incorporated as reference mechanisms. Moon (2014a) indicates that such threshold values or ranges can be established in two ways. First, historical data can be explored to determine the appropriate threshold or tolerance limits for a given KRI. For example, if prior data reveals that late product deliveries of 1 percent or less is normal behavior from a customer service perspective, then 1 percent might be used as the benchmark in this case. Second, there are standardized KRIs and thresholds established for certain industries. For instance, risk consultancy firms have emerged in the marketplace that, among other things, specialize in the development and provisioning of KRI measures and associated benchmark information to their client bases. In summary, it is critical that a comprehensive and leading set of KRIs and corresponding thresholds or tolerance limits be developed and maintained so the CRMA program reliably informs auditors and management about the changing risk landscape. In this way, audit plans, audit procedures and tests, and organizational risk management policies and activities can all be addressed and revised in a proactive manner. Auditor Response to Changing Risk Levels The CEB Risk Management Council (2013) recommends the design and implementation of a KRI dashboard system for the reporting of risk information. A generic and simplified example of this is presented in figure 6-3. Figure 6-3: KRI Reporting Dashboard (taken from CEB 2013) 136
Page 1 and 2:
AUDIT ANALYTICS and CONTINUOUS AUDI
Page 3 and 4:
Notice to Readers Audit Analytics a
Page 6 and 7:
TABLE OF CONTENTS Preface Acknowled
Page 8 and 9:
CONTENTS 3 Evolution of Auditing: F
Page 10:
CONTENTS B Page Implementing Contin
Page 13 and 14:
AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 16 and 17:
AUTHOR BIOGRAPHIES Abdullah Alawadh
Page 18 and 19:
AUTHOR BIOGRAPHIES He is a passiona
Page 20 and 21:
AUTHOR BIOGRAPHIES AICPA Assurance
Page 22 and 23:
AUTHOR BIOGRAPHIES management. Prio
Page 24 and 25:
AUTHOR BIOGRAPHIES Trevor R. Stewar
Page 26:
PART I Essays 1
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110: AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 112 and 113: ESSAY 4 Reimagining Auditing in a W
Page 114 and 115: ESSAY 4: REIMAGINING AUDITING IN A
Page 128: ESSAY 4: REIMAGINING AUDITING IN A
Page 159: AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 170: PART II Case Studies 145
Page 182 and 183: CASE STUDY B Implementing Continuou
Page 184 and 185: CASE STUDY B: IMPLEMENTING CONTINUO
Page 192: CASE STUDY B: IMPLEMENTING CONTINUO
Page 200 and 201: CASE STUDY D Implementing Continuou
Page 202 and 203: CASE STUDY D: IMPLEMENTING CONTINUO
Page 210:
AICPA Assurance Services Executive
show all

AUDIT ANALYTICS AUDIT

Create successful ePaper yourself

Delete template?

Save as template?