AUDIT ANALYTICS AUDIT
x8YaD9
x8YaD9
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ESSAY 1: CONTINUOUS <strong>AUDIT</strong>ING—A NEW VIEW<br />
to monitoring operations. Investors may primarily be interested in data<br />
assurance though, depending on the industry, compliance and risk<br />
monitoring may be equally as important.<br />
CA is well suited for historic analyses, particularly given the speed with<br />
which CA provides information on attributes such as accuracy. Auditors<br />
that provide assurance on historic information will likely be primarily<br />
interested in the ability of CA to be used for such purpose. Access to<br />
sophisticated ERPs and complex data sets create an opportunity for CA<br />
to be used for diagnostic purposes. Where an error or anomaly has been<br />
identified, CA may perform a retrospective diagnostic of the<br />
situation—providing insight and analyses to management.<br />
Diagnostically, CA could also be tied to effectively assessing operational<br />
and structural strengths and weaknesses of an organization—enabling<br />
strategic decisions to be made in a timely manner and with sufficient<br />
context.<br />
Automation is an essential element to CA, though manual involvement<br />
remains important particularly in situations where extensive judgment is<br />
required and where anomalies, exceptions, and outliers are identified.<br />
Continuous Data Audit CDA<br />
Vasarhelyi and Halper called the process of monitoring and constantly<br />
assuring AT&T’s RCAM system continuous audit. The architecture of the<br />
system described in figure 1-1 shows data being (1) extracted from<br />
pre-existing reports, (2) sent to the business units through the remote job<br />
entry network, (3) transferred to an email system, and (4) extracted<br />
through individual text mining programs. This technique, analogous to<br />
what is called today "screen scrapping," was chosen to avoid interference<br />
in the long and complex system process development protocol. All<br />
information was collected from existing reports and placed in a relational<br />
database. This database drove hypertext graphs that were given to<br />
auditors to interact with the system. The several layers of the RCAM<br />
system were represented as flowcharts respecting the internal auditors’<br />
documentation practices and experience in data analysis. Many of the<br />
analytics impounded into the system were drawn from knowledge<br />
engineering (Halper, Snively, and Vasarhelyi, 1989) internal auditors and<br />
capturing the calculations they made with paper reports. The<br />
formalization of these processes allowed for their repetition at repeated<br />
frequency, and often reliance on these tests up to the moment that alerts<br />
were generated. Although internal auditors started relying on these<br />
exception reports, they also requested that the source reports be retained<br />
mainly for their traditional audit reports.<br />
7