Scribd
Upload
101 views12 pages

Audit Automation for Continuous Auditing

1. Audit automation can help address issues like repetitive audit work, cost and availability of auditors, and complexity of transactions. 2. The process of automating audits involves identifying stakeholders, composing teams, automating procedures, verifying procedures, and approving the program. 3. Formalizing audit programs makes them more amenable to automation but some judgments cannot be formalized. Programs need reengineering to separate formalizable from judgmental procedures.

Uploaded by

NhicoleChoi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
101 views12 pages

Audit Automation for Continuous Auditing

1. Audit automation can help address issues like repetitive audit work, cost and availability of auditors, and complexity of transactions. 2. The process of automating audits involves identifying stakeholders, composing teams, automating procedures, verifying procedures, and approving the program. 3. Formalizing audit programs makes them more amenable to automation but some judgments cannot be formalized. Programs need reengineering to separate formalizable from judgmental procedures.

Uploaded by

NhicoleChoi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
  • Audit Automation as the Foundation of Continuous Auditing
  • The Case for Audit Automation
  • Audit Automation Work Sequence
  • Formalizing the Audit Program
  • Re-engineering the Audit Program
  • Continuous Auditing as Implementation of Automated Audit
  • Baseline Monitoring (Baselining)
  • Scalability of Audit Automation
  • Architecture of Automated Audit
  • Mobile Agents in Automated Audit
  • Securing Continuous Auditing
  • Software for Audit Automation

Audit Automation as the

Foundation of Continuous
Auditing
The Case for Audit Automation 2
• Automation of business processes
• Labor-intensive repetitive audit work
• Cost and availability of qualified audit personnel
• Budgetary pressure on internal audit departments
• Complexity of business transactions and increasing risk
exposure
• Scale and scope of audit procedures
• Timeliness of audit results
Audit Automation Work Sequence 3

• Identification and engagement of stakeholders:


• Business process owners
• IT personnel
• Internal auditors
• Composition of audit automation teams
• Automation of audit procedures
• Duplicate automation is ideal but too expensive
• Verification of automated procedures
• Independent verification by experienced auditors
• Approval of automated audit program
Formalizing the Audit Program 4

• Automation requires formalization


• Formalized is usually automatable
• Possibility of formalization is often underestimated
• Benefits of formalization:
• promotes precision and consistency
• improves confidence in audit results
• Reduces long-run audit costs
• Problems with formalization
• Many humans resist formal thinking
• Formalization can be very laborious and costly
• Certain complex judgments are not amenable to
formalization
Re-engineering the Audit Program 5

• Conventional audit programs are not designed for


automation
• Formalizable and judgmental procedures are often
intermixed – redesign is required to separate them
out
• Re-engineering objective: maximize the
proportion of automatable procedures in the audit
program (i.e., reduce reliance on informal
judgmental techniques)
• Substitution of high frequency (“continuous”)
automated procedures for eliminated manual
methods
Continuous Auditing (CA) as Implementation 6
of
Automated Audit
• Formalized audit procedures are programmed into an
automated audit system that can run continuously
• CA = CCM + CDA
• Continuous Control Monitoring (CCM):
• Access Control and Authorizations
• System Configuration and Business Process Settings
• Continuous Data Assurance (CDA):
• Master Data
• Transactions
• Analytics (including Continuity Equations)
Baseline Monitoring (Baselining) 7

• Traditionally used in configuration management


and IT security
• Baseline – a snapshot of system configuration and
business process settings
• Deltas from baseline  exceptions
• Critical issues:
• Definition of baseline (the more static parameters are,
the better they are suitable for baselining)
• Initial verification of baseline values
• Security of baseline (both definition and current
values)
• Accumulation of deltas  redefinition of baseline
Scalability of Audit Automation 8

• Automation of highly specific audit procedures for


different enterprise units can incur prohibitive
costs
• Automation will be scalable across the enterprise
only if the repetitive audit procedure automation
costs are eliminated
• Strategies for making audit automation scalable:
• Hierarchical structuring of automated audit
procedures – from the most generic audit procedures
applicable across the enterprise to the more specific
ones for major units and subunits
• Hierarchical updates
• Parameterization of automated audit procedures
Architecture of Automated Audit 9
• Organization of audit software:
• integrated software – vs.
• distributed (i.e., multi-agent-based) system
• Access to the enterprise system and data:
• Direct (either to the database or to the application layer)
• Intermediated (through a business data warehouse)
• Platform of audit software:
• Common enterprise platform (EAM – embedded audit module)
• Separate platform (MCL – monitoring and control layer)
• Providers of audit software:
• Common platform – enterprise software vendors
• Separate platform – 3rd party vendors and audit firms
Mobile Agents in Automated Audit 10

• Mobile agents can be transported to the enterprise


platform to be run there (as EAM!)
• Benefits of mobility (and EAM):
• Protection against network connectivity outages
• Event-triggered execution of audit procedures  potentially zero
latency (not affected by network congestion)
• More efficient for processing large volumes of enterprise data (on
site – vs. moving that data over the network)
• Problems with mobility (and EAM):
• Protection of enterprise platform against (possibly malicious) agent
• Protection of agent against possible manipulation by the platform
• Impossibility of protecting the agent outweighs the
benefits!
Securing Continuous Auditing 11

• Location of continuous auditing hardware:


• client’s premises
• audit shop
• Physical access security
• Logical access security
• Super-user privileges
• Client’s IT personnel access
• Export / import of CA system settings
Software for Audit Automation 12

• ACL
• CaseWare IDEA
• Approva
• Oversight Systems
• Governance, Risk, and Compliance Solutions:
• SAP GRC Access Control, Risk Management, Process Control (VIRSA)
• Oracle Governance, Risk, and Compliance (LogicalApps)
• IBM Workplace for Business Controls and Reporting
• Paisley Enterprise GRC
• OpenPages
• AXENTIS Enterprise
• BWise
• Protiviti Governance Portal

You might also like