IIA E-Business Audit Demystified - PowerPoint PPT Presentation

About This Presentation
Title:

IIA E-Business Audit Demystified

Description:

Conference Workshop Continuous Auditing: An Approach for Today Univ. of Salford, * Presented by Anton Bouwer www.acl.com – PowerPoint PPT presentation

Number of Views:93
Avg rating:3.0/5.0
Slides: 26
Provided by: Anton208
Learn more at: https://raw.rutgers.edu
Category:

less

Transcript and Presenter's Notes

Title: IIA E-Business Audit Demystified


1
Conference Workshop
Continuous Auditing An Approach for Today
Univ. of Salford, 8 November 2015
Presented by Anton Bouwer www.acl.com
2
AGENDA
  • The Phrase
  • The Distinction
  • Approach for Todays Requirements
  • Summary

3
Definition of Continuous Auditing
  • CONTINUOUS
  • Never ends
  • When cycle ends, next starts
  • AUDITING.
  • Access information
  • Know business
  • Verify info
  • Express/Report

4
Definition of Continuous Auditing
  • Can CA be possible without human interface?
  • Are we disrespecting the auditor?
  • Square peg, round hole?
  • Diluting the concept audit?
  • Legal issues? Ignore at own peril!

5
  • The Distinction
  • MONITOR/REPORT
  • Monitoring Reporting checks every transaction
  • One record at a time
  • Type Control
  • Implemented FOR management
  • AUDIT
  • Auditing is looking for verifying exceptions
  • Independently
  • Comparing each record against expected norms
  • Audit efficiency more than 1 record at a time
  • Type Audit compliance or substantive

6
What is the PROBLEM?
  • The only way to get CA to the masses (auditors)
  • Build bridge from todays audit program to the
    SciFi CA system. Dont start in 2010, start in
    2002.
  • Ask auditors what they want verify result
    (Majority rules). Remember budget!
  • Messing with age old principles
  • Lets learn from the E-Bubble Y2K Euro
    conversion!!! How big a part did we play in this?
    How much did we cost commerce?

7
Approach to CA Development
  • NOT Complex
  • NOT Technical
  • Audit approach result (NOT contol)
  • Obtain top level buy-in top level sponsor
  • One application at a time
  • Get specialist assistance

8
Implementing Continuous Auditing
  • Setting up the project
  • Perform detailed risk analysis
  • Link to risk measurement
  • Anticipate exceptions develop specifications
  • Plan access to data
  • Plan the audit frequency and audit response

9
Implementing Continuous Auditing
  • Develop and implement the continuous auditing
    application
  • Test Acceptance
  • Maintenance and redesign
  • Post Implementation Review
  • Regular auditing of the continuous auditing
    application

10
Pitfalls
  • What to measure?
  • Exceptions
  • Trends on statistics ratios
  • Difficult to get data access
  • Auto update of audit database
  • Top-level sponsor
  • Slow death

11
Pitfalls
  • Audit independence

DO DONT
Test compliance Substantiate accuracy Substantiate completeness Report on trends Detect Control Monitor Prevent
12
Case Study
  • Background
  • Banking finance entity
  • Strategic risk analysis identified reputational
    risk as very high due to impact
  • Management expect auditor to review risk on more
    regular basis

13
Case Study
  • Solution
  • Measure (audit) risk
  • Report on risk measurement
  • Automate process
  • Schedule future audits and reporting frequency

14
Risk Measurement
Risk Control Audit Procedure
Type Reputation Abuse of customer funds trough internal theft or fraud Staff are not allowed to transfer customer funds to their own accounts. Such transfers in excess of 1000 must be done by another employee. Access data containing information on User ID Employee account To account From account Identify control exceptions
15
Develop Specifications
Objective Method Data
Search transactions to find Transfer of funds To employee account Captured by employee who owns account Amount bigger than 1000 Analyse each transaction and identify instances where the TO account equals the account number of the employee who captured the transaction Info needed can be found in two files Employee master Transaction master Both files contain the field EmpID which is the employees unique ID number in the company.
16
Technical Specifications
Analysis Notification Reporting
Access both files Join files on EmpID and (Emp_Accnt to To_Accnt) Join type MATCHED Extract matches Compute statistics on exceptions Automate analysis Schedule automated excecution Determine if there are exceptions NOTIFY auditor of exceptions Attach exceptions Automate notification Extract statistical data to permanent file Present file with results as trend analysis to management Automate reporting
17
Efficient Data Access
18
Develop Application
19
Schedule Application
20
Real-time Notification
21
Audit Verification
22
Continuous Reporting
23
Automated data download
Automated audit
Continuous Audit Cycle
Report
Audit Verification
Automated scheduling
24
Summary
  • Start at Risk Analysis
  • Do not forget 8020
  • Prove benefits ()
  • Internal audit implement, external audit share
    benefits (Consulting opportunities - )
  • Wonderful trends!!!
  • Technical barriers are smallest problem
  • Risk can not be measured, managed?

25
Thank You
www.acl.com anton_bouwer_at_acl.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "IIA E-Business Audit Demystified" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!