Research in continuous assurance Miklos A. Vasarhelyi Rutgers University AT&T Laboratories.
-
date post
18-Dec-2015 -
Category
Documents
-
view
217 -
download
1
Transcript of Research in continuous assurance Miklos A. Vasarhelyi Rutgers University AT&T Laboratories.
Electronization of Business
Pre-sale care
E-care
VRSAuto Responder
Tech supportLead FollowsHelp desk
SalePayment
Web-based Cash register Shopping cartsClick pathsE-Catalog
Web-basedCredit cardE-cashMicropayments
Advertising
Web advertisingCustomizationBanners
MarketingIndividual targetingSpamingVirtual communitiesCustomer party lines
AccountingAuditing
ContinuousERPSsNew Paradigms
ContinuousAutomatic Confirmation
FinanceE-banking
E-hedging
E-Trading
E-Catalog
Tracking
Delivery
BitableNon-bitable
Inventory
Manufacturing
Tracking
B2B PurchasingOpen EDIExtranetsConsortia
PurchasingLogistics
Tracking
TrackingHumanResources
R&D
Databases
Artif. Intell.
Bu
sin
es
s M
on
ito
rin
g a
nd
B
us
ine
ss
Mo
nit
ori
ng
an
d
Co
ntr
ol
Arc
hit
ec
ture
Co
ntr
ol
Arc
hit
ec
ture Marketing
Event AnalysisSales Lead
ScoringSales
EffectivenessOrder
Fulfillment AnalysisRevenueAnalysis
AlertingRules
Data Collection Layer (open APIs)
XML Parser
Direct DBConnection
Server to Server Comm. Via HTTP/HTTPS
File UploadVia Browser
FTPConnectDirect
Report Parsing, other
Sales Lead
Order Status
Marketing Event
BilledRevenue
DerivedAnalytics
AlertingLog
Collected Information Derived Information
Analytics (expert system, commercial grade rule based engine)
Centralized Data Storage (commercial DB, SQL server, Oracle)
Analytics Reports
Analytics Definition(rule interface)
User Profile Admin
Alert AdminData Collection
AdminUser Interface
Admin
User Interface (Web based) and Alert Interface
Business Monitoring and ControlBusiness Monitoring and Control
CPAS OVERVIEW
System
OperationalReport
OperationalReport
OperationalReport
Filter
Database
System Operational Reports
Workstation
DF-level 0Alarm
Data Flow Diagrams
DF-level 1 DF-level 1 DF-level 1
DF-level 2
Reports Analytics Metrics
History
CPAS effort and embedded modules (ITF) –1987
AICPA /CICA monograph 1999 Continuous systrust 2001 Panel next ????? Much academic interest since 1999 (3
symposia, this year in the UK)
Stakeholders entity
-Pension Fund-Employees(Union)-LT Charts-LT Suppliers-Bank-Insurance Cos.
Auditor
Principals Company
MC layerPa
ymen
t
Payment
Regulators
Peer reviewprocess
MC Provider
Secondary assurance
Monitoring, control and assurance
metrics
Comparison of actual and model
Management action on discrepancy
Feedback loop of action
Assurance process
Verifies, the metrics and the control
MeasurableProcesses
Standard
Discrepancy detected
Assurance of the assurance process
Regulators Peer review process
First harmonic- operational process
Fourth harmonic- control of the audit process
Third harmonic- assurance process
Second harmonic- control process
Fifth harmonic- audit of the audit process
Why not?
“my problems are not with transactions but with legal exposures and environmental effects”
“this is not auditing, it is supervision” “this opens substantial data for the
competition”
Some Research StudiesResearcher Research
Rob Nehmer Applied CA cost/benefit with Major corp.
Anne Pushkin Company Strategies & CA
David Tick Network monitoring at The NY Fed
Bonnie Morris CA for a security application of a bank
Roger Debreceny & Glen Gray
Embedded audit modules
Company Problem Continuous Assurance Potential
ENRON SPEs Most likely the moves of Liabilities to SPEs would be flagged and require director’s endorsements
Trading by executives More difficult to detect particularly if on the name of family and associates, a third party trading monitoring system should be established by the stock-exchanges for monitoringAdelphia Communications Loan guarantees to directors Difficult to detect if an executive signs for the company without informing directors
Specific rules by bank regulators for loan guarantee monitoring and their continuous monitoring would resolve this problem
Quest Round-tripping Specific transaction logging and algorithmic matching would have easily identified even modified amounts and date lapping
Merck Booking not collected income by Medco Logs and cash matching would have shown the huge recognition differences
Global Crossing Round-tripping Specific transaction logging and algorithmic matching would have easily identified even modified amounts and date lappingContinuity equations would have further flagged production and sale inconsistenciesWorldCom Capitalization of operating charges Vendor maps and summarization with continuity equations would have pointed out the problem, changes on rules of internal control are needed for transaction reclassificationHalliburton Adopting more aggressive policies last
year about recording sales and postponing potential losses
Continuous monitoring of ratios would show dramatic change, internal control rules should require this being pointed to audit committee as a level 4 alarmXEROX Xerox's accounting for leases of its
copiers, early recognition of profits
Continuity equations would point out timing discrepancies specially if methods changed
Inappropriate set up reserves Analytics should show this but CA does not necessarily improve the situation without corresponding controls
Accounting for interest income Continuity equations would point out timing discrepancies specially if methods changed