AUDIT ANALYTICS AUDIT

More documents

Recommendations

Info

ESSAY 1 Continuous Auditing—A New View Nancy Bumgarner, CPA Miklos A. Vasarhelyi, PhD 1 1. INTRODUCTION—CONTINUOUS ASSURANCE THE THEORY 2 This volume is intended as an update on the report Continuous Audit (also called Red Book) published by the CICA and AICPA in 1999. In that volume, some basic principles and a vision were presented that served as a basis for additional guidance work by the Institute of Internal Auditors (IIA) in 2005 and the Information Systems Audit and Control Association (ISACA) in 2010. Fifteen years after that 1999 report, this volume presents a much different state-of-the-art, and this essay proposes an expanded set of concepts largely adding to Vasarhelyi and Halper (1991) and joining it with an increasing set of experiences and literature from practice and academia. The evolution of IT, the emergence of big data, and the increasing use of analytics have rapidly changed the landscape and profile of continuous assurance and auditing. 3 Many of the current audit 1 The suggestions and contributions of professors Michael Alles and Mr. Shrikant Despante are gratefully acknowledged. This essay also substantively benefited from the suggestions of Messrs. Bob Dohrer, Chris Kradjan, Dorothy McQuilken, and Beth Schneider. 2 The authors are appreciative for advice and guidance from Professor Michael Alles, the comments of Mr. Shrikant Deshpande, and the research assistance of Ms. Qiao Li. 3 In general the field of assurance incorporates both the traditional audit as well other types of assurance such as SysTrust, WebTrust or assurance on cybersecurity. In this essay continuous assurance is also taken as potentially a larger set of topics than providing traditional auditing services but on a more frequent basis. On the other hand, the terms continuous audit and continuous auditing are used interchangeably. 3
AUDIT ANALYTICS AND CONTINUOUS AUDIT:LOOKING TOWARD THE FUTURE standards were initially instituted by legislation based on the Securities Act of 1933 and the Securities Exchange Act of 1934 and progressively developed into the current, ever-evolving set of generally accepted auditing standards, or GAAS. This formalization of "generally accepted" has had an enormous effect on business practices and consequently large effects on the social ecosystem. Within this context, in addition to the external verification of financial statements, many contexts in need of third-party verification have risen. Consequently, organizations developed internal audit departments, consulting firms introduced auditing services, and some of these needs are being satisfied on an ad hoc basis mainly by external audit firms. Vasarhelyi and Alles (2006), in a study for the AICPA’s Enhanced Business Reporting (EBR) project, characterized the umbrella of verification services as "assurance," under which falls a set of services such as the "traditional (external) audit," internal audit, and much of what we later in this paper call "audit-like services." Several data analytic and monitoring functions of the expanded set of activities that we hereby call continuous assurance have dual or multiple functions serving assurance, management, and other parties. Guidance on materiality, independence, and required procedures will eventually be needed to adapt to the new tools as the environment evolves. This essay illustrates some of these needs. Groomer and Murthy (1989) and Vasarhelyi and Halper (1991) have respectively argued for and demonstrated the desirability and possibility of "closer to the event" assurance processes. This approach, reflecting the evolution of technology to online, real-time systems, has had slow but progressive adoption both in practice (Vasarhelyi et al, 2012; ACL 2006; PWC 2006) 4 and in professional guidance (CICA/AICPA, 1999; IIA, 2005; ISACA, 2010). 1.1 Continuous Process Auditing Motivating the need for continuous assurance, Vasarhelyi and Halper (1991) state: "There are some key problems in auditing large database systems that traditional auditing (level 1) cannot solve. For example, given that traditional audits are performed only once a year, audit data may be gathered long after economic events are recorded." To deal with these problems, the AICPA/CICA’s Red Book (1999) introduced the current definition of continuous auditing: A continuous audit is a methodology that enables independent auditors to provide written assurance on a subject matter, for which an entity’s management is responsible, using a series of 4 PricewaterhouseCoopers, Internal Audit Survey; Continuous Audit Gains Momentum, 2006. 4
Page 1 and 2: AUDIT ANALYTICS and CONTINUOUS AUDI
Page 3 and 4: Notice to Readers Audit Analytics a
Page 6 and 7: TABLE OF CONTENTS Preface Acknowled
Page 8 and 9: CONTENTS 3 Evolution of Auditing: F
Page 10: CONTENTS B Page Implementing Contin
Page 13 and 14: AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 16 and 17: AUTHOR BIOGRAPHIES Abdullah Alawadh
Page 18 and 19: AUTHOR BIOGRAPHIES He is a passiona
Page 20 and 21: AUTHOR BIOGRAPHIES AICPA Assurance
Page 22 and 23: AUTHOR BIOGRAPHIES management. Prio
Page 24 and 25: AUTHOR BIOGRAPHIES Trevor R. Stewar
Page 26: PART I Essays 1
Page 77 and 78:
AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 112 and 113:
ESSAY 4 Reimagining Auditing in a W
Page 114 and 115:
ESSAY 4: REIMAGINING AUDITING IN A
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 170:
PART II Case Studies 145
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 182 and 183:
CASE STUDY B Implementing Continuou
Page 184 and 185:
CASE STUDY B: IMPLEMENTING CONTINUO
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192:
Page 195 and 196:
Page 197 and 198:
Page 200 and 201:
CASE STUDY D Implementing Continuou
Page 202 and 203:
CASE STUDY D: IMPLEMENTING CONTINUO
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210:
AICPA Assurance Services Executive
show all

AUDIT ANALYTICS AUDIT

Create successful ePaper yourself

Delete template?

Save as template?