Research in continuous assurance

Miklos A. Vasarhelyi

Rutgers University

AT&T Laboratories

Electronization of Business

Pre-sale care

E-care

VRSAuto Responder

Tech supportLead FollowsHelp desk

SalePayment

Web-based Cash register Shopping cartsClick pathsE-Catalog

Web-basedCredit cardE-cashMicropayments

Advertising

Web advertisingCustomizationBanners

MarketingIndividual targetingSpamingVirtual communitiesCustomer party lines

AccountingAuditing

ContinuousERPSsNew Paradigms

ContinuousAutomatic Confirmation

FinanceE-banking

E-hedging

E-Trading

E-Catalog

Tracking

Delivery

BitableNon-bitable

Inventory

Manufacturing

Tracking

B2B PurchasingOpen EDIExtranetsConsortia

PurchasingLogistics

Tracking

TrackingHumanResources

R&D

Databases

Artif. Intell.

Bu

sin

es

s M

on

ito

rin

g a

nd

B

us

ine

ss

Mo

nit

ori

ng

an

d

Co

ntr

ol

Arc

hit

ec

ture

Co

ntr

ol

Arc

hit

ec

ture Marketing

Event AnalysisSales Lead

ScoringSales

EffectivenessOrder

Fulfillment AnalysisRevenueAnalysis

AlertingRules

Data Collection Layer (open APIs)

XML Parser

Direct DBConnection

Server to Server Comm. Via HTTP/HTTPS

File UploadVia Browser

FTPConnectDirect

Report Parsing, other

Sales Lead

Order Status

Marketing Event

BilledRevenue

DerivedAnalytics

AlertingLog

Collected Information Derived Information

Analytics (expert system, commercial grade rule based engine)

Centralized Data Storage (commercial DB, SQL server, Oracle)

Analytics Reports

Analytics Definition(rule interface)

User Profile Admin

Alert AdminData Collection

AdminUser Interface

Admin

User Interface (Web based) and Alert Interface

Business Monitoring and ControlBusiness Monitoring and Control

CPAS OVERVIEW

System

OperationalReport

OperationalReport

OperationalReport

Filter

Database

System Operational Reports

Workstation

DF-level 0Alarm

Data Flow Diagrams

DF-level 1 DF-level 1 DF-level 1

DF-level 2

Reports Analytics Metrics

AuditMaster Premier V5.0 Demo

History

CPAS effort and embedded modules (ITF) –1987

AICPA /CICA monograph 1999 Continuous systrust 2001 Panel next ????? Much academic interest since 1999 (3

symposia, this year in the UK)

Stakeholders entity

-Pension Fund-Employees(Union)-LT Charts-LT Suppliers-Bank-Insurance Cos.

Auditor

Principals Company

MC layerPa

ymen

t

Payment

Regulators

Peer reviewprocess

MC Provider

Secondary assurance

Monitoring, control and assurance

metrics

Comparison of actual and model

Management action on discrepancy

Feedback loop of action

Assurance process

Verifies, the metrics and the control

MeasurableProcesses

Standard

Discrepancy detected

Assurance of the assurance process

Regulators Peer review process

First harmonic- operational process

Fourth harmonic- control of the audit process

Third harmonic- assurance process

Second harmonic- control process

Fifth harmonic- audit of the audit process

Why not?

“my problems are not with transactions but with legal exposures and environmental effects”

“this is not auditing, it is supervision” “this opens substantial data for the

competition”

Some Research StudiesResearcher Research

Rob Nehmer Applied CA cost/benefit with Major corp.

Anne Pushkin Company Strategies & CA

David Tick Network monitoring at The NY Fed

Bonnie Morris CA for a security application of a bank

Roger Debreceny & Glen Gray

Embedded audit modules

Company Problem Continuous Assurance Potential

ENRON SPEs Most likely the moves of Liabilities to SPEs would be flagged and require director’s endorsements

  Trading by executives More difficult to detect particularly if on the name of family and associates, a third party trading monitoring system should be established by the stock-exchanges for monitoringAdelphia Communications Loan guarantees to directors Difficult to detect if an executive signs for the company without informing directors

    Specific rules by bank regulators for loan guarantee monitoring and their continuous monitoring would resolve this problem

Quest Round-tripping Specific transaction logging and algorithmic matching would have easily identified even modified amounts and date lapping

Merck Booking not collected income by Medco Logs and cash matching would have shown the huge recognition differences

Global Crossing Round-tripping Specific transaction logging and algorithmic matching would have easily identified even modified amounts and date lappingContinuity equations would have further flagged production and sale inconsistenciesWorldCom Capitalization of operating charges Vendor maps and summarization with continuity equations would have pointed out the problem, changes on rules of internal control are needed for transaction reclassificationHalliburton Adopting more aggressive policies last

year about recording sales and postponing potential losses

Continuous monitoring of ratios would show dramatic change, internal control rules should require this being pointed to audit committee as a level 4 alarmXEROX Xerox's accounting for leases of its

copiers, early recognition of profits  

Continuity equations would point out timing discrepancies specially if methods changed

  Inappropriate set up reserves Analytics should show this but CA does not necessarily improve the situation without corresponding controls

  Accounting for interest income Continuity equations would point out timing discrepancies specially if methods changed