AUDIT ANALYTICS AUDIT

Recommendations

Info

ESSAY 1: CONTINUOUS AUDITING—A NEW VIEW internal controls within a highly formalized and well-controlled enterprise resource planning environment. Utilizing the IT audit plan as a template, auditor expertise as a guide, and manual audit output as a validation tool, this field study examines the process of audit formalization and implementation of CCM at a software division of a large, multinational corporation. (Teeter, 2014) The results of the applied effort 5 indicated that 62 percent of the controls arguably could be formalized, creating the possibility of a control certification or assurance layer on top of the SAP instance. Conceptually, this layer could be a part of SAP or an add-on, could be generic in configuration or tailored to the instance, and could be re-thought as a way to increase audit coverage as the original audit plan was applied in an 18- to 24-month cycle, and under this design this layer would be executed every day. Furthermore, the audit plan contained many qualitative questions such as "Is there documentation for XYZ system?" Elder et al. (2013) narrate a continuous monitoring effort at a large South American bank in which internal audit monitored 18 different key performance indicators (KPIs) for over 1400 branches of a bank. Daily extracts of variances were obtained and, on a selective basis, followed up by emails to the regional managers for the branches. These KPIs looked to control overrides such as credit above allowable level or reversal of certain types of transactions. These examples illustrate (1) situations where auditors were in positions of control over operational controls, which could result in a conflict to the auditor’s objectivity or independence and (2) that technology has changed the needs, capabilities, and roles of the assurance function. As suggested earlier, a more flexible set of conceptualizations must evolve, concerning auditor independence in particular. These examples are focused on internal auditors, but a similar monitoring role could be developed for external auditors and an ongoing monitoring opinion could potentially be issued as a new CPA product. Figure 1-2 describes the vision developed for multi-instances of ERPs and an analytic engine supporting a set of functions. This view, however, could be immediately after the event based on the two experiences described above and would be an ex-post-facto overnight process, which we would describe as retroactive close to the event meta-control or assurance process. 5 Private notes Teeter, R.A., Warren, J.D., Brennan, R., and Vasarhelyi, M.A. 2007. 9
AUDIT ANALYTICS AND CONTINUOUS AUDIT:LOOKING TOWARD THE FUTURE Figure 1-2: Pilot Continuous Monitoring of Business Processes at Siemens, Rutgers CAR-Lab & Siemens Adding Intelligence (from Alles et al, 2006) Incorporating the concept of CCM into the original CA conceptualization led to the renaming of the original CA to Continuous Data Audit (CDA) where CA = CDA + CCM. Continuous Risk Monitoring and Assessment (CRMA) Vasarhelyi, Alles, and Williams (2010) suggested the addition of Continuous Risk Monitoring and Assessment (CRMA) into the CA schema where: CA = CDA + CCM + CRMA. CRMA is discussed in more detail in essay 6, "Managing Risk and the Audit Process in a World of Instantaneous Change" of this book. The essence of the CRMA concept is displayed in figure 1-3 where risks are divided into three areas: (1) operational, (2) environmental, and (3) black swans (Taleb, 2010). Black swans are very remote risks with strong consequences that could arise, as Taleb predicted the crisis of 2008. Risks are chosen judgmentally by the audit team or management, and key risk indicators (KRIs) are associated with the most important risks in each of the categories. The same basic variance and acceptable variance model can be adapted to detecting significant changes of risk. The model can be parameterized at the initial 10
Page 1 and 2: AUDIT ANALYTICS and CONTINUOUS AUDI
Page 3 and 4: Notice to Readers Audit Analytics a
Page 6 and 7: TABLE OF CONTENTS Preface Acknowled
Page 8 and 9: CONTENTS 3 Evolution of Auditing: F
Page 10: CONTENTS B Page Implementing Contin
Page 13 and 14: AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 16 and 17: AUTHOR BIOGRAPHIES Abdullah Alawadh
Page 18 and 19: AUTHOR BIOGRAPHIES He is a passiona
Page 20 and 21: AUTHOR BIOGRAPHIES AICPA Assurance
Page 22 and 23: AUTHOR BIOGRAPHIES management. Prio
Page 24 and 25: AUTHOR BIOGRAPHIES Trevor R. Stewar
Page 26: PART I Essays 1
Page 33: AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 85 and 86:
AUDIT ANALYTICS AND CONTINUOUS AUDI
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 112 and 113:
ESSAY 4 Reimagining Auditing in a W
Page 114 and 115:
ESSAY 4: REIMAGINING AUDITING IN A
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 170:
PART II Case Studies 145
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 182 and 183:
CASE STUDY B Implementing Continuou
Page 184 and 185:
CASE STUDY B: IMPLEMENTING CONTINUO
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192:
Page 195 and 196:
Page 197 and 198:
Page 200 and 201:
CASE STUDY D Implementing Continuou
Page 202 and 203:
CASE STUDY D: IMPLEMENTING CONTINUO
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210:
AICPA Assurance Services Executive
show all

AUDIT ANALYTICS AUDIT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?