AUDIT ANALYTICS AUDIT

Recommendations

Info

CASE STUDY A: DEVELOPING CONTINUOUS ASSURANCE AT SIEMENS role as vice president of controls management at SFS, he observed that many of the company’s internal audit programs, such as audit checklists, are mechanical and repetitive in nature, so he wanted to automate these processes by moving to a CCM program as an independent control assurance function that would be separate from internal audit. Recognizing that organizations are often resistant to change, he decided to start with small, achievable targets to demonstrate that the program has merit, and then expand beyond financial reporting into operational components once the business unit and support unit managers at SFS had become accustomed to the continuous monitoring methodology. In the first phase of the project, the new vice president of controls management focused on financial reporting rules compliance and data integrity. Personnel at SFS manage data and make decisions within a framework of company policies expressed as a set of rules. Because SFS relies on communicating rules and assessing compliance with those rules in providing services to its clients, the first part of the project was to develop a system that could notify key people within the company about "exceptions" and "alerts." An exception demands immediate research and resolution because it means that a rule was not followed. Depending on the explanation that is given for the exception, it might also require a correcting entry in the SFS accounting records. By contrast, an alert flags any transaction that might be of interest to the owners of that information, such as a change in a transaction, so that SFS can take immediate action to verify the information and be proactive in monitoring the business. Implementing a CCM program would enhance business processes at SFS by immediately identifying any exceptions to the company’s system of rules and policies by internal decision-makers, notifying them of these exceptions, and demanding resolution. The CCM system would also improve the company’s financial assurance processes, such as SOX requirements, by monitoring the entire data population, instead of relying on the types of sample testing used in traditional SOX or internal audit methodologies. According to the vice president of controls management, "Exceptions in the data pool are like fish in the lake. Just because they are there doesn’t mean you will catch any." Continuously assessing 100 percent of data attributes (validity, authorization, completeness, valuation, time period, and disclosure) for exceptions gives far greater assurance that the data represents the company’s underlying economic position than periodic sampling ever could. In addition, the immediacy of the CCM’s feedback raises decision-makers’ cultural and behavioral awareness of rules at SFS, which further enhances its value as a tool and a methodology. 149
AUDIT ANALYTICS AND CONTINUOUS AUDIT:LOOKING TOWARD THE FUTURE Designing and instituting a CCM program requires finding a balance between complexity and flexibility. It must be simple enough for all personnel to use it correctly, but capable of being tailored to the needs of customized data sets, disparate system platforms, and unique business rules. For the CCM program at SFS, the vice president of controls management chose the ACL Analytics Exchange (AX) platform, including AX Exception and ACL Analytics. At the most basic level, this system recursively tests 100 percent of transactional data in the company’s sub-ledger system for anomalies and control failures, and notifies the owners of the data about any alerts or exceptions within their area of responsibility. As a result, process owners would get a higher level of assurance on data integrity. In addition, process owners and members of the controls management team can be freed from repetitious manual tasks and time constraints. Therefore, they can refocus their skills and energy on specifically flagged areas, and skip information in parts of the business processes that do not need immediate attention. As an added benefit, the number of exceptions detected was expected to decrease over time. Many exceptions come simply from habit, so better communication of the rules and mechanisms should reduce or eliminate repetitive problems, resulting in overall consistency and process improvement. The data analytics manager at SFS provided a sample of three of the company’s departments, covering approximately 60 of the 150 exception-type testing algorithms (commonly referred to as "analytics") in the scope of the CCM program. He noted the substantial improvements in the average percentage exception rate from the program’s inception to the present. These analytics cover various attributes including data input checks, validity checks, and compliance with regulations and internal policies. As shown in figure A-1, the consistent reduction in the average exception rates demonstrates an adherence to controls driven by the continuous monitoring program. For instance, Department A showed a reduction in percentage exception rate from 12–14 percent in 2011 and 2012 to 2–4 percent in 2013 and 2014. Even more strikingly, Department B improved from an exception rate of 21–25 percent in 2011 and 2012 to 2–3 percent in 2013 and 2014, and Department C improved from an exception rate of 4–6 percent in 2011 and 2012 to less than 1 percent in 2013 and 2014. 150
Page 1 and 2:
AUDIT ANALYTICS and CONTINUOUS AUDI
Page 3 and 4:
Notice to Readers Audit Analytics a
Page 6 and 7:
TABLE OF CONTENTS Preface Acknowled
Page 8 and 9:
CONTENTS 3 Evolution of Auditing: F
Page 10:
CONTENTS B Page Implementing Contin
Page 13 and 14:
AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 16 and 17:
AUTHOR BIOGRAPHIES Abdullah Alawadh
Page 18 and 19:
AUTHOR BIOGRAPHIES He is a passiona
Page 20 and 21:
AUTHOR BIOGRAPHIES AICPA Assurance
Page 22 and 23:
AUTHOR BIOGRAPHIES management. Prio
Page 24 and 25:
AUTHOR BIOGRAPHIES Trevor R. Stewar
Page 26:
PART I Essays 1
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 112 and 113:
ESSAY 4 Reimagining Auditing in a W
Page 114 and 115:
ESSAY 4: REIMAGINING AUDITING IN A
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125: ESSAY 4: REIMAGINING AUDITING IN A
Page 126 and 127: ESSAY 4: REIMAGINING AUDITING IN A
Page 128: ESSAY 4: REIMAGINING AUDITING IN A
Page 131 and 132: AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 170: PART II Case Studies 145
Page 173: AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 182 and 183: CASE STUDY B Implementing Continuou
Page 184 and 185: CASE STUDY B: IMPLEMENTING CONTINUO
Page 192: CASE STUDY B: IMPLEMENTING CONTINUO
Page 200 and 201: CASE STUDY D Implementing Continuou
Page 202 and 203: CASE STUDY D: IMPLEMENTING CONTINUO
Page 210: AICPA Assurance Services Executive
show all

AUDIT ANALYTICS AUDIT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?