Research Streams in Continuous Audit: A Review and Analysis of the Existing Literature

1
Research Streams in Continuous Audit A Review
and Analysis of the Existing Literature

• Carol E. Brown, Oregon State University
• Jeffrey A. Wong, Oregon State University
• Amelia A. Baldwin, University of Alabama

2
Overview

• Objective summarize and provide a framework for
  classifying continuous audit research
• Six major categories
• demand factors
• theory and guidance
• enabling technologies
• applications
• cost benefit factors
• Over sixty papers included, more exist

3
Demand Factors

• Increasing complexity and data-intensiveness of
  the business environment (Alles, et al, 2002
  Means and Warren 2005)
• More electronic transactions (EDI etc), scrutiny
  important (Van Decker, 2004. Vasarhelyi, et al,
  2004).
• outsourcing
• value chain integration
• Users desire reliable information to be disclosed
  more frequently, more timely and in more detail
  (Elliot 2002 Means and Warren 2005)
• WWW reporting (Elliot 2002 Kogan et al 1999)
• XBRL based reporting (Alles, et al, 2002 Elliot
  2002)
• Sarbanes-Oxley -- companies must disclose
  certain information on a current basis
  (Vasarhelyi, et al, 2004 Vasarhelyi, et al,
  2005 Harrison 2005 Means and Warren 2005)

4
Impediments

• Who will pay
• Independence issues
• Large start up costs
• Who owns work product (Alles, et al, 2002)

5
Theory and Guidance

• Description of concepts (Vasarhelyi, 2002
  Vasarhelyi and Greenstein, 2003 Razaee et al
  2002 Abdolmohammadi and Sharbatouglie, 2005)
• Framework (Vasarhelyi and Alles, 2005 Vasarhelyi
  et al, 2004)
• Research Agenda (Kogan et al, 1999 Razaee et al
  2002 CICA/AICPA 1999)
• Implementation Challenges (DeWayne and Woodroof,
  2003)
• Substantial Implementation Guidance
• 16 propositions for implementation methods
  (Greenstein and Ray, 2002)
• Project management issues, approaches to
  development and generic example of a prototype
  (Abdolmohammadi and Sharbatouglie, 2005)
• Conditions for viability, conduct of hypothetical
  audit (CICA/AICPA 1999)
• Literature Review (Rezaee et al, 2002)
• Practitioner General Education (Krass, 2002
  McGuire et al, 2003 Vasarhelyi et al, 2002
  White, 2005)

6
Enabling Technologies

• Belief Functions (Dutta and Srivastava 1993
  Gillett and Srivastava 2000 Shafer and
  Srivastava 1990 Srivastava and Mock 2000
  Srivastava and Shafer 1992)
• Database (Borthick et al 2001 Groomer and Murthy
  1989)
• Expert Systems (Halper et al 1992 Gillett 1993
  Boritz and Wensley 1990, 1992 Peters 1990
  Bailey et al 1985, Meservy et al 1996 and many
  more)
• Intelligent Agents (Nelson and Kogan 2000 Nelson
  et al 1998 Woodroof and Searcy 2001 and many
  more)
• Neural Networks (Baker 2005 Coakley and Brown
  1993, Brown and Coakley 1999, 2000 Ethridge et
  al 2000 Koskivaara 2000, 2004 Lin et al 2003
  and many more)
• XBRL/ XML (Rezaee and Hoffman 2001 Murthy and
  Groomer 2004 and many more)

7
Applications

• Case Studies
• Product Descriptions
• Application Domain

8
Case Studies

• Pilot implementation of the monitoring and
  control layer for continuous monitoring of
  business process controls (Alles et al, 2005a)
• Continuous Process Auditing System (CPAS)
  developed at ATT Bell Laboratories (Vasarhelyi
  Halper 1991 Vasarhelyi Halper 1991b
  Vasarhelyi et al 1991)
• FRAANK Financial Reporting and Auditing Agent
  with Net Knowledge (Kogan et al, 2002)
• Separation of duties - Algieba Corp.- SAP R/3
  (Boccasam and Kapoor, 2003)
• Selective Monitoring and Assessment of Risks and
  Trends or SMART. (Rose and Hirte 1996)

9
Product Descriptions

• AuSoftware
• checks controls and audit issues at the most
  distributed levels in very large enterprises
• tracks the effects of consolidation and
  reconciliations on data anomalies. (Sigvaldason
  and Warren 2005 Sigvaldason and Warren 2005b)
• SQL Remote Guard continuous monitoring and
  auditing of remote database access activity
  (Fonseca 2005)
• Audit Command Language (ACL) - used for file
  interrogation, which enables direct access to
  computerized client data (Braun and Davis 2003)

10
Application Domain

• Emergency response management information systems
  (Turoff et al, 2004)
• Business assurance analytics (BAA) (Van Decker
  2004)
• Electronic continuous audit of accounts payable
  (Potla 2003)
• Continuous control monitoring (Glover and Romney
  1998) (Huffman and Crump 2005)

11
Cost Benefit Issues

• Possible paths along which continuous assurance
  will evolve (Alles, et al 2002)
• Long run operating cost of running database audit
  (Pathak et al 2005)
• Benefits of timely discovery of errors,
  omissions, and defalcations. Cost-effectiveness
  of automated, software-driven audit procedures.
  (Means and Warren, 2005)
• Discussion of economic feasibility (Kogan et al
  1999)
• Experimental market and laboratory experiment for
  Continuous Online Audit (COA) (Daigle and Lampe
  2005)
• Nine benefits of continuous business assurance
  analytics (Van Decker 2004)