Audit Automation as the Foundation of Continuous Auditing - PowerPoint PPT Presentation

About This Presentation
Title:

Audit Automation as the Foundation of Continuous Auditing

Description:

Benefits of mobility (and EAM): ... SAP GRC Access Control, Risk Management, Process Control (VIRSA) Oracle Governance, Risk, and Compliance (LogicalApps) ... – PowerPoint PPT presentation

Number of Views:155
Avg rating:3.0/5.0
Slides: 14
Provided by: Goog6673
Category:

less

Transcript and Presenter's Notes

Title: Audit Automation as the Foundation of Continuous Auditing


1
Audit Automation as the Foundation of Continuous
Auditing
  • Michael Alles
  • Alexander Kogan
  • Miklos A. Vasarhelyi
  • J. Donald Warren, Jr.

2
The Case for Audit Automation
Audit Automation as the Foundation of Continuous
Auditing
  • Automation of business processes
  • Labor-intensive repetitive audit work
  • Cost and availability of qualified audit
    personnel
  • Budgetary pressure on internal audit departments
  • Complexity of business transactions and
    increasing risk exposure
  • Scale and scope of audit procedures
  • Timeliness of audit results

CA/R/Lab
3
Audit Automation Work Sequence
Audit Automation as the Foundation of Continuous
Auditing
  • Identification and engagement of stakeholders
  • Business process owners
  • IT personnel
  • Internal auditors
  • Composition of audit automation teams
  • Automation of audit procedures
  • Duplicate automation is ideal but too expensive
  • Verification of automated procedures
  • Independent verification by experienced auditors
  • Approval of automated audit program

CA/R/Lab
4
Formalizing the Audit Program
Audit Automation as the Foundation of Continuous
Auditing
  • Automation requires formalization
  • Formalized is usually automatable
  • Possibility of formalization is often
    underestimated
  • Benefits of formalization
  • promotes precision and consistency
  • improves confidence in audit results
  • Reduces long-run audit costs
  • Problems with formalization
  • Many humans resist formal thinking
  • Formalization can be very laborious and costly
  • Certain complex judgments are not amenable to
    formalization

CA/R/Lab
5
Re-engineering the Audit Program
Audit Automation as the Foundation of Continuous
Auditing
  • Conventional audit programs are not designed for
    automation
  • Formalizable and judgmental procedures are often
    intermixed redesign is required to separate
    them out
  • Re-engineering objective maximize the proportion
    of automatable procedures in the audit program
    (i.e., reduce reliance on informal judgmental
    techniques)
  • Substitution of high frequency (continuous)
    automated procedures for eliminated manual methods

CA/R/Lab
6
Continuous Auditing (CA) as Implementation of
Automated Audit
Audit Automation as the Foundation of Continuous
Auditing
  • Formalized audit procedures are programmed into
    an automated audit system that can run
    continuously
  • CA CCM CDA
  • Continuous Control Monitoring (CCM)
  • Access Control and Authorizations
  • System Configuration and Business Process
    Settings
  • Continuous Data Assurance (CDA)
  • Master Data
  • Transactions
  • Analytics (including Continuity Equations)

CA/R/Lab
7
Baseline Monitoring (Baselining)
Audit Automation as the Foundation of Continuous
Auditing
  • Traditionally used in configuration management
    and IT security
  • Baseline a snapshot of system configuration and
    business process settings
  • Deltas from baseline exceptions
  • Critical issues
  • Definition of baseline (the more static
    parameters are, the better they are suitable for
    baselining)
  • Initial verification of baseline values
  • Security of baseline (both definition and current
    values)
  • Accumulation of deltas redefinition of baseline

CA/R/Lab
8
Scalability of Audit Automation
Audit Automation as the Foundation of Continuous
Auditing
  • Automation of highly specific audit procedures
    for different enterprise units can incur
    prohibitive costs
  • Automation will be scalable across the enterprise
    only if the repetitive audit procedure automation
    costs are eliminated
  • Strategies for making audit automation scalable
  • Hierarchical structuring of automated audit
    procedures from the most generic audit
    procedures applicable across the enterprise to
    the more specific ones for major units and
    subunits
  • Hierarchical updates
  • Parameterization of automated audit procedures

CA/R/Lab
9
Architecture of Automated Audit
Audit Automation as the Foundation of Continuous
Auditing
  • Organization of audit software
  • integrated software vs.
  • distributed (i.e., multi-agent-based) system
  • Access to the enterprise system and data
  • Direct (either to the database or to the
    application layer)
  • Intermediated (through a business data warehouse)
  • Platform of audit software
  • Common enterprise platform (EAM embedded audit
    module)
  • Separate platform (MCL monitoring and control
    layer)
  • Providers of audit software
  • Common platform enterprise software vendors
  • Separate platform 3rd party vendors and audit
    firms

CA/R/Lab
10
Mobile Agents in Automated Audit
Audit Automation as the Foundation of Continuous
Auditing
  • Mobile agents can be transported to the
    enterprise platform to be run there (as EAM!)
  • Benefits of mobility (and EAM)
  • Protection against network connectivity outages
  • Event-triggered execution of audit procedures
    potentially zero latency (not affected by network
    congestion)
  • More efficient for processing large volumes of
    enterprise data (on site vs. moving that data
    over the network)
  • Problems with mobility (and EAM)
  • Protection of enterprise platform against
    (possibly malicious) agent
  • Protection of agent against possible manipulation
    by the platform
  • Impossibility of protecting the agent outweighs
    the benefits!

CA/R/Lab
11
Securing Continuous Auditing
Audit Automation as the Foundation of Continuous
Auditing
  • Location of continuous auditing hardware
  • clients premises
  • audit shop
  • Physical access security
  • Logical access security
  • Super-user privileges
  • Clients IT personnel access
  • Export / import of CA system settings

CA/R/Lab
12
Software for Audit Automation
Audit Automation as the Foundation of Continuous
Auditing
  • ACL
  • CaseWare IDEA
  • Approva
  • Oversight Systems
  • Governance, Risk, and Compliance Solutions
  • SAP GRC Access Control, Risk Management, Process
    Control (VIRSA)
  • Oracle Governance, Risk, and Compliance
    (LogicalApps)
  • IBM Workplace for Business Controls and Reporting
  • Paisley Enterprise GRC
  • OpenPages
  • AXENTIS Enterprise
  • BWise
  • Protiviti Governance Portal

CA/R/Lab
13
Whats Coming?
Audit Automation as the Foundation of Continuous
Auditing
  • AMR Research projects spending on government,
    risk and compliance applications and services
    will top 32.1 billion in 2008, up 7.4 from
    2007. In 2009, growth is projected at 7 .
  • Hosted, or on-demand solutions
  • Integration of audit automation with audit
    working papers software
  • Transformation of internal audit
  • Structural changes in external audit

CA/R/Lab
Write a Comment
User Comments (0)
About PowerShow.com