1 / 41

Continuous Assurance 101

Continuous Assurance 101. Miklos A. Vasarhelyi AT&T Laboratories Rutgers University. Outline. Electronization Continuous measurement & reporting Continuous assurance Efforts and statutes Concepts CPAs Enron ???? Conclusions. http://raw.rutgers.edu/continuousauditing.

lynley
Télécharger la présentation

Continuous Assurance 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Continuous Assurance 101 Miklos A. Vasarhelyi AT&T Laboratories Rutgers University

  2. Outline • Electronization • Continuous measurement & reporting • Continuous assurance • Efforts and statutes • Concepts • CPAs • Enron ???? • Conclusions

  3. http://raw.rutgers.edu/continuousauditing miklosv@yahoo.com

  4. Logistics Human Resources Tracking Tracking Finance E-banking E-hedging E-Trading Purchasing B2B Purchasing Open EDI Extranets Consortia Manufacturing Electronization of Business Tracking Sale Payment Pre-sale care Inventory Web-based Cash register Shopping carts Click paths E-Catalog VRS Auto Responder Web-based Credit card E-cash Micropayments E-Catalog Marketing Delivery Individual targeting Spaming Virtual communities Customer party lines Bitable Non-bitable Tracking Advertising Auditing Accounting Web advertising Customization Banners E-care Tech support Lead Follows Help desk Continuous Automatic Confirmation Continuous ERPSs New Paradigms

  5. Key Financial processes being electronized • measurement (accounting), • control • Assurance • evolving revolution in corporate financial processes and the financial industry • several world class organizations are leading this effort

  6. Continuous reporting

  7. SEC roundtable of 4/4/2002 • Priority no. 1: real-time reporting. Real-time reporting should take highestpriority. More frequent reporting of results will help solve the problem ofmanaged earnings because daily or weekly earnings will be harder to managethan quarterly earnings. SEC's proposal for faster reporting of some 8-Kitems is helpful, but it doesn't go far enough.

  8. Short interval reporting • Cisco’s virtual close • Real balances of certain accounts • Cash, accounts receivable, accounts payable, inventory • Estimates / allocations • Behavioral changes • End-of-period adjustments • Competitive fears • Scorecards (Bob Kaplan)

  9. Increased frequency and scope of reporting • Obstacles are not technical • Internal vs external reporting • Litigation fears • Who needs continuous reporting? • Increased transparency • Qualitative, environmental, social, and other reporting • Multi-layered reporting (the FD rule)

  10. Is Continuous Reporting Necessary for Continuous Assurance? • ‘continuous’ measurement is necessary, but the time from is contingent on the process • Batch process cycles limit the process • Companies measure a much wider set of variables to support a multitude of continuous processes

  11. Systems Reliability Assurance Report on internal control The Assurance Services (Eliott) Special Committee proposed an evolution of services towards “real-time” assurance Real-time assurance on on-line databases Ultimately Tomorrow Today

  12. Continuous Assurance

  13. History • CPAS effort and embedded modules (ITF) –1987 • AICPA /CICA monograph 1999 • Continuous systrust 2001 • Panel next ????? • Much academic interest since 1999 (3 symposia, this year in the UK)

  14. Current Practice • HCA Healthcare • Several monitoring and auditing functions • Martin Marietta • Data driven risk model • Federal Reserve of New York • Network Monitoring

  15. Why not? • “my problems are not with transactions but with legal exposures and environmental effects” • “this is not auditing, it is supervision” • “this opens substantial data for the competition”

  16. A Dramatic Change in the Audit model • 1. The continuous assurance model has many clients • 2. The continuous assurance model has a different justification • 3. A new toolset • 4. The continuous assurance model is an instance of operational monitoring • 5. The continuous assurance model will turn the audit process into audit by exception • 6. The continuous assurance model covers a wider set of quantitative and qualitative non-financial data • 7. The continuous assurance model had different Independence considerations • 8. The continuous assurance opinion has some futurity implied in it

  17. Pseudo report 1 • We have examined the reliability and financial reports of ABC corporation and have been engaged on a continuous assurance engagement for the fiscal year of xxxx. We will monitor the organization’s operations and strategic accomplishments using a wide set of analytics as described in http://www.ca.com/analytics and other analytics we deem appropriate and will report on an audit by exception basis when more than xx % variance is found in operational and strategic standards or when we deem it appropriate. This exception report will be issued to all customers registered ( paying ) at http://www.ca.com/analytics/customers.

  18. CPAS concepts • metrics • Analytics / continuity equations • standards: • of operation • of variance • others • alarms • measurement vs monitoring

  19. CPAS concepts • The essence of monitoring and control is the comparison of a measured value (metric) with a model of behavior (standard) • Control of a process implies detecting variances and either accepting them or exerting action for change • Assurance is a meta-level for measurement, monitoring and control that detects anomalies in this process or provides re-enforcement of its proper performance

  20. Verifies, the metrics and the control Assurance process Feedback loop of action Management action on discrepancy Comparison of actual and model Discrepancy detected Standard metrics Measurable Processes Monitoring, control and assurance

  21. metrics • Are direct measurement of elements that measure corporate processes • Can be expressed in many types of units • A phone call has minutes, origination, dollars and modified dollars.. • Metrics also work in aggregates (e.g. bottles, cases, liters, tons, etc…) • Automated sensor substantially improve the value of a metrics • Metrics can be combined to higher level meaning metrics • Managers develop intuitive feeling for metrics

  22. Analytics • Traditional analytics encompass time series and cross-sectional analytics • CA adds structural analytics provided by multivariate continuity equations • Some CA analytics include: • Comparisons with constants • Relationships of variables • Daily, hourly, continuous reconciliations • Loose relationships (e.g 10% increase in advertising creates 3% increase in sales)

  23. standards: • Types • of operation • of variance • relationships • Others • Can be • empirically derived • model derived Have to be realistic

  24. Alarms • Multiple levels and purposes • A. Inform continuous assurers • B. Inform operations • C. Inform operations and auditors • D. Inform operations / auditors / top management / audit committee / regulators • E. Suspend the process Level is an attribute of the alarm

  25. Methods of data capture • measurement vs monitoring • Database queries • Capture of temporary datasets • Parsing of electronic reports • Direct process taps programmed into the transaction routes

  26. Principles of Continuity Equations • Different stages of the product life life have different metrics • Continuity of processes creates relationships between different variables • Most processes have metrics being expressed in different units (volumes, dollars, units, etc…) • There are intrinsic relationships between these values that can add substantively to basic analytical review • Standards must be developed to these relationships • The understanding of these relationships will avoid major process discontinuities or will identify them for scrutiny

  27. Linking financial and non financial processes analytically

  28. CPAS effort (II) • The auditor will place an increased level of reliance on the evaluation of flow data (while accounting operations are being performed) instead of evidence from related activities (e.g. preparedness audits). • Audit work would be focused on audit by exception with the system gathering knowledge exceptions on a continuous basis.

  29. CPAS OVERVIEW System System Operational Reports Workstation Operational Report Operational Report DF-level 2 Operational Report DF-level 1 DF-level 1 DF-level 1 Filter Alarm DF-level 0 Data Flow Diagrams Database Analytics Metrics Reports

  30. Recalculate Metrics Trans Bill Upda Billing AmtDue Pay Overview Print Bill Inquiry Errors FlowFront - Interactive Flow Diagram Viewer - AT&T Bell Laboratories - Murray Hill, NJ fer 04/01/89 Date: Set Date Recalculating With Check. Help Text Quit! FlowFront Hierarchy Billing System - Customer Billing Module Customer Database Extract Customer Accounts Calculate Amount Due Update Billing Info 1000 1000 Journal Files Format Bill 998 988 Accounts Missing: 10 2 Journal Files Table Process Errors 0

  31. RPC: SS PE: 60 Set Date/RPC/PE Help Text Quit! A rec msg min dol O 4 FlowFront Hierarchy TCSS baj BAC cam BRICC b CBill bar MrgBal b Bill Upd l AsUse be BAR cam BillFmat AccExtr UBillDb CAM MFU.bar MSCOM MGDB n MPS cam MSG VA RETURN BNA mu Toll.miu Journals.n MIU cam UCase.m MError.m CCase.m CError.m Flowchart Front End - C.J. Calabrese, F.B. Halper, J.S. Lavin, T-W. Pao, M.A. Vasarhelyi, C.S.Warth 11/27/89 Date: MESSAGE PROCESSING Can’t read sql 14 Can’t read sql 15 AT&T LEC reject held dropped R (excl. invalid IX) 0 invalid IX code LUB and to other billers 6 Returns Transfers 89744 RCAM Biller 66449 12324 recycles Interrogation/Deletion (to Billers) Message Validation Message Completion 238605 0 passed to message completion Duplicates and Dropped Records 617 Business Biller errors errors 1106 68365 8 161 Message Investigation (MIU) corrected errors LUB and to other billers errors 0

  32. Recalculate Metrics Billing FlowFront - Interactive Flow Diagram Viewer - AT&T Bell Laboratories - Murray Hill, NJ fernsu fer 04/01/89 Date: Set Date Plot Request graph.level 1 RPC: Silver Springs PE: 60 Help Text Quit! FlowFront Hierarchy Billing System - Overview S Graphics Percent Of Accounts Successfully Billed 100 100 99 99 99 Tra 98 98 98 97 95 Bill Upda 85 67 AmtDue 0 20 40 60 80 100 Percent Billed Pay Overview Trans Data 23 Inquiry 3/16 3/17 3/18 3/21 3/22 3/23 3/24 3/25 3/28 3/29 3/30 3/31 4/1 Pro 4/1/89 Mean: 89.076923076923 StdDev: 21.872591442494 Errors

  33. New technologies need new thinking • Internetworking and extreme intrusion • Confirmatory extranets • Analytic webs and fourth and fifth party assurance • Intelligent transaction detection • Sniffers, exposure databases, pattern detectors, common fraud databases

  34. The Enron debacle • Would CA have detected the problem? • Would have reduced it • If transparency is desired it can be obtained to the extreme • Other forms of third party monitoring can deal with management fraud and audit collusion • Are we willing to go that far? • Financial engineering and opacity together are a deadly mix

  35. Monitoring and Control Business at AT&T Laboratories

  36. “Focus group” objectives • Understand the business models that can emerge from the CA effort • Keeping independence of CA • Partnerships • Changing the audit paradigm • Bringing in new confidence on the process • Linking with network and IT assurance

  37. Center for Continuous Auditing • A consortium of major Universities led by Texas A&M • J. Don Warren Director • Will probably host this conference next year

  38. The Center for Continuous Auditing: An Alliance of Arizona State University, Indiana University, Rutgers University, Texas A&M University and University of Tennessee Charter Board of CCA Research Fellows • Arizona State University • Kurt Pany, Paul Steinbart • Indiana University • Michael Groomer • Rutgers University • Miklos Vasarhelyi, Alex Kogan, Michael Alles • Texas A&M University • James Flagg, Uday Murthy, Chris Wolfe • University of Tennessee • Jake Rose, Jon Woodroof

  39. Center for Continuous Auditing (cont.) • in the process of finalizing the Advisory Board • The Honorable David Walker, USComptroller General, • Robert Herdman, SEC Chief Accountant • Jim Gerson, Chair, Auditing Standards Board • Barry Melancon, President of AICPA • Bob May, Dean, McCombs School of Business, The University of Texas • John Verver,Vice-President of ACL • Sander Wechsler, ISACA 

  40. Conclusions • Need to re-think third party assurance wit focus on the client • Need to rethink the audit to use new technology (analytic, IT and TC) • More links are needed with XML derivative technologies • We need a new business model

More Related