AUDIT ANALYTICS AUDIT

Recommendations

Info

CASE STUDY B: IMPLEMENTING CONTINUOUS AUDITING AND CONTINUOUSMONITORING has actually been processed as promised. Exceptions are passed to Human Resources for further review. The CMR also examines cases where exceptions have been closed as "no leave owing," but leave is processed nonetheless (as a test of integrity). The CMR produces weekly activity and status summaries for executive management. The leave CMR is complex. We argue that it tests the boundaries of CA/CM and thus provides an illustration of developments in an environment with multiple data sources and a complex software and data ecosystem. Specifically, the CMR: accesses several systems to assemble and cross match the data; applies relatively complex algorithms to reduce the number of false positives; and uses multiple platforms to deliver and monitor the exceptions including ensuring that the exceptions are being actioned as advised. The value of CA/CM is diluted unless there is a robust mechanism to track and resolve exceptions. Further, the value of CA/CM is also reduced if the algorithms do not effectively address the suppression of false positives. Experience suggests that external auditors tend to find techniques of this sort to be uneconomical due to the need to incorporate the business rules of differing clients in the algorithms. For example, tools such as ACL can easily check for potential duplicate invoicing; however, ACL will potentially produce large numbers of potential exceptions unless scripts are developed to, for example, identify matching reversals. The experience at Metcash has been that multiple iterations of the algorithms are required to minimise false positives. Moving Forward—Key Risk Indicators Metcash has moved away from the AS/NZS ISO 31000 Risk Management Standard risk profiling approach, as published by the International Standards Organization. A static 5 × 5 matrix that builds on likelihood and consequences is not consistently of practical use to management. Monitoring and assessing key risks through data driven risk indicators provides a greater benefit to management. The increasing availability of data and sophisticated analytics has facilitated a more accurate identification of problems in critical areas such as Food Safety and Human Resources. The use of dashboards (see figure B-2 for example) has enabled the risk indicator data to be effectively communicated to management via various media including tablet devices. 163
AUDIT ANALYTICS AND CONTINUOUS AUDIT:LOOKING TOWARD THE FUTURE Figure B-2: Example of a KRI Dashboard: Dummy Data CHALLENGES AND LESSONS LEARNED Eight key challenges were encountered and lessons were learned: Implementing a CA/CM system is not a trivial exercise. While CA/CM has a high payback, there are long lead times and a significant investment of time and effort is required. Data management is critical in ensuring that the right data is accessible on a timely basis. However, data accessibility and quality issues were major inhibitors in the early stages of implementing CA/CM at Metcash. CA/CM needs to be robust, sustainable, and deliverable. This outcome involves the development of adequate physical architecture, data coding standards, documentation, exception management, and backup. As an end-user development, the CA/CM system requires a range of controls around it to ensure that it continues to operate properly and maintain its integrity. More than 100 fully automated scripts run on a daily basis, some of which are quite complex. It is vital that these applications are properly managed. 164
Page 1 and 2:
AUDIT ANALYTICS and CONTINUOUS AUDI
Page 3 and 4:
Notice to Readers Audit Analytics a
Page 6 and 7:
TABLE OF CONTENTS Preface Acknowled
Page 8 and 9:
CONTENTS 3 Evolution of Auditing: F
Page 10:
CONTENTS B Page Implementing Contin
Page 13 and 14:
AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 16 and 17:
AUTHOR BIOGRAPHIES Abdullah Alawadh
Page 18 and 19:
AUTHOR BIOGRAPHIES He is a passiona
Page 20 and 21:
AUTHOR BIOGRAPHIES AICPA Assurance
Page 22 and 23:
AUTHOR BIOGRAPHIES management. Prio
Page 24 and 25:
AUTHOR BIOGRAPHIES Trevor R. Stewar
Page 26:
PART I Essays 1
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 112 and 113:
ESSAY 4 Reimagining Auditing in a W
Page 114 and 115:
ESSAY 4: REIMAGINING AUDITING IN A
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138: AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 170: PART II Case Studies 145
Page 182 and 183: CASE STUDY B Implementing Continuou
Page 184 and 185: CASE STUDY B: IMPLEMENTING CONTINUO
Page 192: CASE STUDY B: IMPLEMENTING CONTINUO
Page 200 and 201: CASE STUDY D Implementing Continuou
Page 202 and 203: CASE STUDY D: IMPLEMENTING CONTINUO
Page 210: AICPA Assurance Services Executive
show all

AUDIT ANALYTICS AUDIT

Create successful ePaper yourself

Delete template?

Save as template?