Succesvolle innovatie woningbouw: De bouwer; Martin Vos (VBK Groep) - De EC Garant Woning
Conference Workshop Continuous Auditing: An Approach for Today Univ. of Salford, 5 December 20155...
-
Upload
ami-robertson -
Category
Documents
-
view
218 -
download
0
Transcript of Conference Workshop Continuous Auditing: An Approach for Today Univ. of Salford, 5 December 20155...
Conference Workshop
Continuous Auditing:An Approach for Today
Univ. of Salford, April 18, 2023
Presented by Anton Bouwer
www.acl.com
AGENDA
The “Phrase”
The “Distinction”
Approach for Today’s Requirements
Summary
Definition of Continuous
Auditing
CONTINUOUS Never ends
When cycle ends, next starts
AUDITING. Access information
Know business
Verify info
Express/Report
Definition of Continuous
Auditing
Can CA be possible without human interface?
Are we disrespecting the auditor?
Square peg, round hole?
Diluting the concept “audit”?
Legal issues? Ignore at own peril!
The DistinctionThe Distinction
MONITOR/REPORTMonitoring & Reporting checks every transaction One record at a timeType = ControlImplemented FOR management
AUDITAuditing is looking for & verifying exceptions IndependentlyComparing each record against expected normsAudit efficiency: more than 1 record at a timeType = Audit compliance or substantive
What is the PROBLEM?
The only way to get CA to the masses (auditors):
Build bridge from today’s audit program to the SciFi CA
system. Don’t start in 2010, start in 2002.
Ask auditors what they want & verify result (Majority
rules). Remember budget!
Messing with age old principles
Lets learn from the E-Bubble & Y2K & Euro
conversion!!! How big a part did we play in this? How
much did we cost commerce?
Approach to CA Development
NOT Complex
NOT Technical
Audit approach & result (NOT contol)
Obtain top level buy-in & top level sponsor
One application at a time
Get specialist assistance
Setting up the projectPerform detailed risk analysisLink to risk measurementAnticipate exceptions & develop
specificationsPlan access to data Plan the audit frequency and audit
response
Setting up the projectPerform detailed risk analysisLink to risk measurementAnticipate exceptions & develop
specificationsPlan access to data Plan the audit frequency and audit
response
Implementing Continuous Auditing
Develop and implement the continuous auditing application
Test & AcceptanceMaintenance and redesignPost Implementation Review Regular auditing of the continuous
auditing application
Develop and implement the continuous auditing application
Test & AcceptanceMaintenance and redesignPost Implementation Review Regular auditing of the continuous
auditing application
Implementing Continuous Auditing
What to measure? Exceptions Trends on statistics & ratios
Difficult to get data access Auto update of audit database Top-level sponsor
Slow death
What to measure? Exceptions Trends on statistics & ratios
Difficult to get data access Auto update of audit database Top-level sponsor
Slow death
Pitfalls
Audit independenceAudit independence
Pitfalls
DO DONT
Test complianceSubstantiate accuracySubstantiate completenessReport on trendsDetect
ControlMonitorPrevent
Case Study
Background
Banking & finance entityStrategic risk analysis identified
reputational risk as very high due to impact
Management expect auditor to review risk on more regular basis
Case Study
Solution
Measure (audit) riskReport on risk measurementAutomate processSchedule future audits and
reporting frequency
Risk Measurement
Risk Control AuditProcedure
Type = ReputationAbuse of customer funds trough internal theft or fraud
Staff are not allowed to transfer customer funds to their own accounts. Such transfers in excess of $ 1000 must be done by another employee.
Access data containing information on:
User IDEmployee
accountTo accountFrom account
Identify control exceptions
Develop Specifications
Objective Method DataSearch
transactions to find:Transfer of fundsTo employee accountCaptured by employee who owns accountAmount bigger than $1000
Analyse each transaction and identify instances where the TO account equals the account number of the employee who captured the transaction
Info needed can be found in two files
Employee masterTransaction
master Both files contain the field EmpID which is the employee’s unique ID number in the company.
Technical Specifications
Analysis Notification Reporting1.Access both files2.Join files on
EmpID and (Emp_Accnt to To_Accnt)
3.Join type MATCHED
4.Extract matches5.Compute
statistics on exceptions
6.Automate analysis
7.Schedule automated excecution
1.Determine if there are exceptions
2.NOTIFY auditor of exceptions
3.Attach exceptions
4.Automate notification
1. Extract statistical data to permanent file
2. Present file with results as trend analysis to management
3. Automate reporting
Efficient Data Access
Develop Application
Schedule Application
Real-time Notification
Audit Verification
Continuous Reporting
Continuous Audit: Emp Transfers
0
10000
20000
30000
40000
50000
60000
1 2 3
Date
Val
ue
TOTAL1
AVERAGE1
COUNT1
ABS1
MAX1
MIN1
RANGE1
Continuous Audit Continuous Audit CycleCycle
Continuous Audit Continuous Audit CycleCycle
Automated data
download
Automated data
download
Continuous Audit: Emp Transfers
0
10000
20000
30000
40000
50000
60000
1 2 3
Date
Valu
e
TOTAL1
AVERAGE1
COUNT1
ABS1
MAX1
MIN1
RANGE1
Automated
scheduling
Automated
scheduling
ReportReport
Automated
audit
Automated
audit
Audit VerificationAudit Verification
Summary
Start at Risk Analysis
Do not forget 80:20
Prove benefits (£££)
Internal audit implement, external audit
share benefits (Consulting opportunities -
£££)
Wonderful trends!!!
Technical barriers are smallest problem
Risk can not be measured, managed?
Start at Risk Analysis
Do not forget 80:20
Prove benefits (£££)
Internal audit implement, external audit
share benefits (Consulting opportunities -
£££)
Wonderful trends!!!
Technical barriers are smallest problem
Risk can not be measured, managed?