AUDIT ANALYTICS AUDIT

More documents

Recommendations

Info

CASE STUDY B: IMPLEMENTING CONTINUOUS AUDITING AND CONTINUOUSMONITORING cannot be universally applied because business units have unique business rules. Exceptions are managed using the CaseWare Monitor software. The software supports notifications of exceptions, the person responsible, actions taken, the required time frame and when it has been resolved. Movement and pending reports have been developed out of CaseWare Monitor to better analyse the queues. By having greater visibility over the resolution process, the internal audit group is able to focus its attention on higher level oversight. DEFINITIONS AND APPLICATIONS OF CA/CM IN METCASH There is a range of definitions used for CA/CM (Hardy 2014). While some distinctions are based on roles, this was not a significant issue in the early stages of development in Metcash. The internal audit group led the development of the CM system. Responsibility for the CM system was handed over to the business owners after it was fully functioning. At this stage, the internal audit department played more of an oversight role, examining trends and reviewing whether business owners were using the system as intended. This approach supports the view that neither CA or CM needs "to be present for the other to be implemented" (KPMG 2012b, 3), but by combining them there is a more efficient use of technical and human resources through coordinated efforts (KPMG 2012b, 3). However, similar to Vasarhelyi et al. (2012, 275), findings, the monitoring systems shared between audit and management at the full continuous audit stage were not being fully used by management. Internal audit was generating exception reports and monitoring results that were being passed on to management. There was a degree of uncertainty as to when and how these exceptions were being acted on. Metcash developed a complete exception management system to monitor and determine how exceptions are being actioned by management using the CaseWare Monitor workflow application. The architecture is discussed in the following. Definitions of CM that emphasise how weaknesses in control designs or operations can be identified may also cause some level of confusion. It is challenging to monitor controls directly. For example, a review of segregation of duties (SOD) violations may reveal conflicts, but it does not address mistakes or possible fraud of authorised users. The continuous review of master data and transaction exceptions allows inferences to be drawn regarding the effectiveness of the controls and where gaps may exist. For example, Metcash policy requires staff to declare related party interests. In order to confirm that this policy is effective, a CMR compares changes to the vendor master file to the employee master file on a daily basis. Matches between the master files on 161
AUDIT ANALYTICS AND CONTINUOUS AUDIT:LOOKING TOWARD THE FUTURE sensitive data elements (address, telephone numbers, and the like) trigger exceptions for the review of the Group Security function. Multiple dimensions need to be considered when integrating CA/CM and analytics, incorporating transactions, controls and a "macro-analytic" aspect such as differences in metrics and patterns within a business unit or across an organization (KPMG 2012b, 6). An Example Application: The Leave Continuous Monitoring Routine (CMR) Metcash currently has more than 100 applications in a range of areas (see Hardy and Laslett, forthcoming for a list). One of these CMRs is relatively unique. All business entities struggle with ensuring that all leave (that is, compensated absences including sick, vacation, and other) is properly accounted for. Failures to complete compensated absence applications, particularly in large organizations, may lead to overstated compensated absence liabilities and adverse effects on cash flow and operations as staff leave the business or take compensated absences to which they are unentitled. A brief description of the leave CMR algorithm follows: Log-in data is captured from all sources across the business. Any staff member who has not logged in for two or more business days is identified and the exception is cross-matched to the human resources leave records. If no leave record is found, the exception is flagged, and the CMR continues to check the leave records for the next 14 days. If no leave record is processed during the 14-day window, the exception is processed to the exception management workflow system. An automated email (in the name of the responsible HR manager) is sent to the employee’s manager alerting him or her to the gap in the log-in records and asking him or her to review the exception and advise the human resources team. Once a response is received, the exception is closed in Caseware Monitor TM including a reason and action code for further analysis and reporting. If the exception remains unclosed, the CMR continues to produce follow-up emails asking the manager to review the exception and respond accordingly. For those exceptions closed as "leave owing" in Caseware MonitorTM, the CMR subsequently checks to ensure that the leave 162
Page 1 and 2:
AUDIT ANALYTICS and CONTINUOUS AUDI
Page 3 and 4:
Notice to Readers Audit Analytics a
Page 6 and 7:
TABLE OF CONTENTS Preface Acknowled
Page 8 and 9:
CONTENTS 3 Evolution of Auditing: F
Page 10:
CONTENTS B Page Implementing Contin
Page 13 and 14:
AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 16 and 17:
AUTHOR BIOGRAPHIES Abdullah Alawadh
Page 18 and 19:
AUTHOR BIOGRAPHIES He is a passiona
Page 20 and 21:
AUTHOR BIOGRAPHIES AICPA Assurance
Page 22 and 23:
AUTHOR BIOGRAPHIES management. Prio
Page 24 and 25:
AUTHOR BIOGRAPHIES Trevor R. Stewar
Page 26:
PART I Essays 1
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 112 and 113:
ESSAY 4 Reimagining Auditing in a W
Page 114 and 115:
ESSAY 4: REIMAGINING AUDITING IN A
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136: AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 170: PART II Case Studies 145
Page 182 and 183: CASE STUDY B Implementing Continuou
Page 184 and 185: CASE STUDY B: IMPLEMENTING CONTINUO
Page 192: CASE STUDY B: IMPLEMENTING CONTINUO
Page 200 and 201: CASE STUDY D Implementing Continuou
Page 202 and 203: CASE STUDY D: IMPLEMENTING CONTINUO
Page 210: AICPA Assurance Services Executive
show all

AUDIT ANALYTICS AUDIT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?