The Continuous Auditing Methodology for Web-Release - PowerPoint PPT Presentation

About This Presentation
Title:

The Continuous Auditing Methodology for Web-Release

Description:

The Continuous Auditing Methodology for Web-Release An ECAM Prototype Using Object-Oriented Technology Chi-Chun Chou, Assistant Professor – PowerPoint PPT presentation

Number of Views:86
Avg rating:3.0/5.0
Slides: 24
Provided by: Evan136
Learn more at: https://raw.rutgers.edu
Category:

less

Transcript and Presenter's Notes

Title: The Continuous Auditing Methodology for Web-Release


1
The Continuous Auditing Methodology for
Web-Release An ECAM Prototype Using
Object-Oriented Technology
Chi-Chun Chou, Assistant Professor Department of
Accounting Chung-Yuan Christian University 22
Pu-Jen, Pu-chung Li, Chung Li, Taiwan, Republic
of China PHONE 011-886-3-4563171(ext.)5316 FAX
011-886-3-34372092 E-mail chichun_at_cycu.edu.tw
2
Continuous Auditing as the Solution to
Web-Release Assurance
  • WE NEED WEB-RELEASE, BUT HOW TO CONTROL THE
    ASSURANCE PROBLEM?
  • Is Continuous Auditing the SOLUTION?
  • Our Preliminary Analysis Indicates
  • Ceteris paribus, given the appropriate
    technology, the total economic welfare under
    continuous auditing will never be less than the
    real-time auditing, and the real-time auditing
    will never be less than the traditional
    periodical auditing, regardless of their
    information environment type.

3
But, how to Conduct it ?
  • Thinking on the Basic Requirements
  • Analyzing the Conceptual Model
  • Identifying the Implementation Tools
  • Realizing the ECAM System

4
Basic Requirements
  • AUTOMATION is the KEY to Continuous Auditing!
  • To Make Data MACHINE-READABLE is the KEY to
    Automated Data Extraction!
  • The MACHINE-EXECUTABLE PROCEDURES to Read and
    Analyze Data is the KEY to Automated Data
    Analysis!
  • Detail Requirements
  • OLCT Propositions 3-1 to 3-5
  • CSTM Propositions 3-6 to 3-7

5
Machine-Readable Data
  • How to Read?
  • Requiring the knowledge of Data Schema Design
  • Wait and Wakeup Threads (Non-Semantic Daemons)
  • Requiring no knowledge of Data Schema Design
  • Semantic Intelligent Agents -gt Mission
    Impossible!
  • PRE-ARRANGED Data Standard Data Interface (ex
    XML-Based Format)
  • Embedded Event-Triggering Methods (ex OO-Based
    EAM Gateway)
  • What to Read?
  • Can we use INTERNAL CONTROL INFORMATION?
  • The Hooked Balance-Related Transaction Data
  • When to Read?
  • On_Updates of the INTERNAL CONTROL Configuration
  • On_Posted of each Transaction
  • Where to Read?
  • URI of INTERNAL CONTROL Configuration Data
  • URI of Transaction Data

6
Machine-Executable Procedures
  • How to Perform?
  • Event-Triggering Threads (ex OO-Based Audit
    Patterns)
  • What to Perform?
  • Workflow-Based Control Testing Logic
  • Automated Transaction and Balance-Related Testing
    Procedures
  • Error-Detecting Procedures
  • Error-Correcting Procedures
  • When to Perform?
  • On_Retrieval of the updated INTERNAL CONTROL
    Configuration
  • On_Retrieval of each Transaction Data
  • Where to Perform?
  • Continuous Auditors Server

7
On-Line Control Testing
  • Idea
  • Let Clients System Setting Talks
  • Obtaining Control Configuration Data Directly
    from the Clients System Setting -gt Workflow
    Control Data
  • Benefits
  • More Direct Results No more Testing Data Method
  • Easier to achieve Continuous Monitoring
  • Exact Tie-in to the Substantive Testing
  • Determinants of a Successful OLCT
  • The availability of control configuration data
  • The reliability of system application components
  • The reusability of OLCT mechanism

8
Analyzing Steps for OLCT
  • Identify the Testing Objectives of OLCT,
    restricted by
  • High measurability of the control element
  • Low pervasiveness of the control element
  • High feasibility to facilitate control testing by
    computer
  • Identify the System Control Evaluating Model
  • Tie-in to the Substantive Testing Patterns
  • Considering the Influence of Client System on
    OLCT
  • Availability of Control Configuration Data
  • Maintenance of Control Data Availability
  • Reliability of System Application Components
  • Data Model Requirements for OLCT
  • Continuing Availability of Control Configuration
    Data
  • The Maintenance and Reusability of OLCT Mechanism

9
Continuous Substantive Testing Model
  • Idea
  • Transaction Testing REPLACES Balance Testing
  • Obtaining and Analyzing the Transaction on Timely
    Basis
  • Automated Transaction Testing BASED on Control
    Testing
  • Benefits
  • Easier to achieve Real-time Audit Reports
  • Automation Decreases the Operational Costs
  • Exact Substantive Testing according to the OLCT
    Patterns
  • Determinants of a Successful CSTM
  • The availability of transaction data
  • The comprehensiveness of CSTM mechanism
  • The reusability of CSTM components

10
Analyzing Steps for CSTM
  • Identify the Testing Objectives of CSTM
  • Identify the Continuous Substantive Testing Model
  • Considering the Influence of Client System on
    CSTM
  • Continuing Availability of Transaction Data
  • Data Model Requirements for OLCT
  • The Comprehensiveness of CSTM Mechanism
  • The Maintenance and Reusability of CSTM
    Components

11
Realizing ECAM
  • System Architecture of ECAM
  • OOAD is the Best Solution!
  • Implementation Tools
  • Prototype Demonstration
  • http//chichun.ac.cycu.edu.tw/research.htm
  • Concluding Remarks and Future Study

12
  • The Comparisons of Three Audit Approaches

13
  • Determinant Factors for an Efficient OLCT

14
DIST1 stands for the least deficient situation
that we call inconsistency. Using ICDL words,
DIST1 collects the inconsistent deficiencies
describes as follows For each (nl, rk) in PC
under auditing, it is found a corresponding pair
(nl, rk) in PC and each nl in (nl, rk) will
be identical to nl in (nl, rk). However, there
exists some rk is not equal to rk.
DIST2 is the moderate case of deficiency that we
call incomprehensiveness deficiency. Using ICDL
terms, DIST2 is the case when each ni in PC has
an identical node ni in PC, there exists some
rk in PC but rknot in PC.
DIST3 has the worst situation is the
incompleteness, represented by DIST3, which
means there exists some nl in PC but nl not
in PC, as well as its related preconditions
rk. This deficiency might increase the
possibility of fictitious transactions so that a
serious further investigation on the existence
assertion might be necessary.
System Control Evaluating Model using ICDL
15
(No Transcript)
16
(No Transcript)
17
An ASP Framework for ECAM
18
ECAM Data Model
Client System Data Model
Class Diagram an Illustration of ECAM Data
Model
19
Audit Risk Induced by Various System Design
Approaches
20
Illustration of the Transaction-Basis Testing
Scheme
21
Illustration of CSTM Processes
22
(No Transcript)
23
Summary of the Analysis, Design and
Implementation Tools for ECAM Prototype
Write a Comment
User Comments (0)
About PowerShow.com