Continuous Auditing, XBRL and Data Mining

1
Continuous Auditing, XBRL and Data Mining

• Presenters
• Jennifer Moore, Lumsden McCormick, LLP
• Karina Barton, Canisius College
• Dr. Joseph ODonnell, Canisius College

New York State Society of Certified Public
Accountants Technology Assurance Committee June
15, 2004
2
Introduction Continuous Auditing

• Many auditors see continuous auditing as
  inevitable for future auditing
• once a year review may no longer be appropriate
• Continuous Auditing
• Produces audit results simultaneously with, or
  short time after, occurrence of relevant events
• Heavily dependent on modern information technology

3
Continuous Auditing (cont.)

• XBRL and XML enable use of Continuous Auditing
  
• Facilitate real-time transfer of client data to
  auditor database
• Adds flexibility to use of embedded audit module
  and generalized audit software (e.g., IDEA and
  ACL)
• Requires
• Integrity and security in transferring data from
  client system to auditor database
• Security of auditor database

4
Tools For Continuous Auditing

• Auditors evaluate individual events and patterns
  of events
• Data Mining

5
Benefits of Continuous Auditing

• Shorter Auditing Cycle
• More timely reporting
• Potential Cost Reduction
• Reducing manual effort
• Increased audit effectiveness
• Capability to analyze a greater number of
  transactions in a timely manner

6
Issues with Continuous Auditing

• Training and Staffing
• Greater need of IT and statistically trained
  staff
• Understanding meaningfulness of immediate audit
  information
• Client buy-in
• Technical issues such as security and integrity
  of data

7
XBRL

• Extensible Business Reporting Language
• Technology for the transparent interchange of
  financial and business reporting data
• Based on XML (Extensible Markup Language)
• Being developed by XBRL International Inc., which
  is a not-for-profit consortium of around 200
  companies and agencies
• XBRL 2.1 Specification

8
XBRL Code

• ltcicapitalAssetsNet.capitalAssetsGrossnumericCont
  extc1gt 1000 lt/cicapitalAssetsNet.capitalAssets
  Grossgt
• The value of Gross Capital Assets in the numeric
  context labeled c1 is 1,000.

9
Taxonomies

• Defines elements that correspond to a concept
  that can be referenced in XBRL generated reports.
  
• Hierarchy ordered system indicating
  relationships
• Standardized by country and industry

10
How it Works

• Define G/L Accounts to Data Elements using
  taxonomy
• User draws information into an instance document
• Style sheet often used to create attractive and
  easy to read reports

11
Risks

• New control risks in applying taxonomies
  correctly and completely to an entitys
  accounting data
• Information security- information is at risk for
  malicious attacks (changes, destruction,
  corporate espionage)
• Encryption can be embedded in XML documents

12
Advantages

• Facilitates real time reporting and continuous
  auditing
• Drill down capability and discovery of underlying
  information
• Comparability across industries
• royalty-free, and open standard

13
Data Mining For Continuous Auditing

• Data Mining
• Statistical tools for recognizing patterns in
  data
• Data Mining could be used to identify high risk
  transactions and control weaknesses
• XBRL XML facilitates transfer of client data to
  auditor data warehouses and data marts
• Data mining of these data warehouses and data
  marts

14
Data Mining Benfords Law

• Data Mining Models for Auditing
• E.g., digital analysis based on Benfords Law
• Based on natural frequency of numbers
• The first digit of a number is more frequently a
  lower number (1,2 or 3) than a higher number
  (7,8,9)
• Last two digits of a number (00-99) should occur
  equally
• Data significantly varying from Benfords Law
  should be further evaluated for possible
  erroneous transactions

15
Need for Data Mining Models

• Continuous auditing of large databases requires
  data mining for timely and efficient
  identification of trends
• Commercial CAAT packages generally provide
• Basic statistical approaches for data mining
• Static data mining models that incorporate
  learning capabilities such as artificial
  intelligence
• Require a semi-automated process that may not be
  economical for trend analysis of large databases

16
SAS 99

• SAS 99 Consideration of Fraud in a Financial
  Statement Audit requires varying audit procedures
• Reduces likelihood that fraud perpetrators can
• Predict audit procedures, and
• Conceal fraud in areas and ways that auditors are
  least likely to identify
• Data mining analysis should vary

17
Quantitative and Textual Information

• Use of data mining has focused on quantitative
  data
• Incorporating quantitative and textual
  information provides more comprehensive view of
  trends
• Content analysis can be used for textual
  information
• Prior Research
• Different patterns for textual and quantitative
  information in annual reports

18
Data Mining Approaches

• Three Basic Approaches to Data Mining
• Mathematical-based methods,
• Distance-based methods, and
• Logic-based methods
• Methods may use supervised or unsupervised
  variable
• Supervised induction rules for predefined
  classifications
• Unsupervised rules and classifications
  determined by data mining method

19
Mathematical-based Methods

• Neural Network
• Network of nodes modeled after a neuron or neural
  circuit
• Supervised learning
• Weighted values at different nodes
• Mimics the processing of the human brain
• Form of Artificial Intelligence
• Research models addressed audit areas of
• risk assessment, errors and fraud, going concern
  audit opinion, financial distress, and bankruptcy
  prediction

20
Mathematical-based Methods

• Discriminant Analysis
• Similar to multiple regression analysis uses a
  non-continuous dependent variable
• Approach identifies the variables (features or
  cases) that best explain the classification
• Supervisory learning approach
• Loses effectiveness with large complex data sets

21
Distance-Based Method

• Clustering
• Data mining approach that partitions large sets
  of data objects into homogeneous groups
• Uses unsupervised classification where little
  manual pre-screening of data is necessary
• useful in situations where there is no
  predefined knowledge of categories
• Classifications based on an objects attributes
• Most commonly used in field of marketing but
  could be used in auditing

22
Logic-Based Approach

• Tree and Rule Induction
• Supervised Learning
• Uses an algorithm to induce a decision tree from
  a file of individual cases
• Case has set of attributes and the class to which
  it belongs
• Decision tree can be converted to a rule-based
  view.
• Major advantage is ability to communicate and
  understand information derived from this
  approach.
• Prior research addressed audit areas of
• bankruptcy, bank failure, and credit risk

23
Selecting Data Mining Approach

• Criteria
• Scalability - how well data mining method works
  regardless of data set size
• Accuracy - how well information extracted remains
  stable and constant beyond the boundaries of the
  data from which it was extracted, or trained
• Robustness - how well the data mining method
  works in a wide variety of domains
• Interpretability - how well data mining method
  provides understandable information and valuable
  insight to user

24
Selecting DM Approach for Cont. Auditing

• Selecting the appropriate approach considering
  audit environment
• Varying internal (client) environment
• Difference between internal and external
  environment
• Varying size of databases
• Impact of immediate transaction evaluation of
  continuous auditing on process and database size

25
Additional Data Mining Issues

• In continuous audit environment
• Selecting appropriate attributes as input to data
  mining
• What type of information is most useful,
  quantitative or textual?
• What level of detail is most useful, detail
  transactions or summary information such as
  ratios?
• In-house or vendor developed data mining tools
• Selection of data sets for learning

26
Conclusion

• XBRL, XML, Data Mining, and Continuous Auditing
  provide opportunities to improve audit
  effectiveness while creating training and
  information security issues.
• Questions?

27
Sources Used in Presentation

• American Institute of Certified Public
  Accountants, Statement on Auditing Standards 99
  (2002). Consideration of Fraud in a Financial
  Statement Audit.
• Apte, C.V., Hong, S.J., Natarajan, R., Pednault,
  E.P.D., Tipu, F.A., and Weiss, S.M. (2003).
  Data-Intensive Analytics for Predictive Modeling.
  IBM Journal of Research and Development, 47, 1,
  17-23.
• Back, B., Toivenen, J., Vanharanta, H., Visa,
  A. (2001). Comparing Numerical Data and Text
  Information from Annual Reports Using
  Self-Organizing Maps. International Journal of
  Accounting Information Systems, 2(2001), 249-269.
• Bierstaker, J. L., Burnaby, P., Hass, S.
  (2003). Recent Changes in Internal Auditors' Use
  of Technology. Internal Auditing, 18(4), 39-45.
• Bergeron, Bryan. (2003). Essentials of XBRL.
  Hoboken John Wiley Sons
• Kogan, A., Sudit, E. F., Vasarhelyi, M. A.
  (2003). Continuous Online Auditing An Evolution.
  Unpublished Workpaper, 1-25.

28
Sources Used in Presentation (cont.)

• Liang, D., Fengyi, L., Wu, S. (2001).
  Electronically Auditing EDP Systems with the
  Support of Emerging Information Technologies.
  International Journal of Accounting Information
  Systems, 2, 130-147.
• Lin, J. W., Hwang, m. I., Becker, J. D. (2003).
  A Fuzzy Neural Network for Assessing the Risk of
  Fraudulent Financial Reporting. Managerial
  Auditing Journal, 18(8), 657-665.
• Maltseva, E., Pizzuti, C., and Talia, D. (2000).
  Indirect Knowledge Discovery by Using Singular
  Value Decomposition. In Data Mining II,
  Southhampton, UK WIT Press.
• Nigrini, M. J. (2002). Analysis of Digits and
  Number Patterns. In J. C. Robertson (Ed.), Fraud
  Examination for Managers and Auditors (pp.
  495-518). Austin, Texas Atex Austin, Inc.
• Pushkin, A. B. (2003). Comprehensive Continuous
  Auditing The Strategic Component. Internal
  Auditing, 18(1), 26-33.

29
Sources Used in Presentation (cont.)

• Rezaee, Z., Sharbatoghlie, A., Elam, R., and
  McMickle, P.L. (2002). Continuous Auditing
  Building Automated Auditing Capability. Auditing
  A Journal of Practice Theory, 21, 1, 147-163.
• Spangler, W.E., May, J.H., and Vargas, L.G.
  (1999). Choosing Data Mining Methods for Multiple
  Classification Representational and Performance
  Measurement Implications for Decision Support,
  Journal of Management Information Systems, 16, 1,
  pp. 37-62.
• Warren, J. Donald Jr., and Parker, Xenia Ley
  (2003). Continuous Auditing Potential for
  Internal Auditors, Institute of Internal
  Auditors.
• XBRL.org. (2002). Contact Us Jurisdictions.
  Extensible Business Reporting Language. Online.
  Internet. 7 June 2004. Available www.xbrl.org.

30
About the Presenters

• Dr. Joseph B. ODonnell is currently an Assistant
  Professor in the Department of Accounting at
  Canisius College. He has a Ph.D. and MBA from the
  State University of New York at Buffalo and a
  B.B.A. from the University of Notre Dame. Dr.
  ODonnell, a CPA, has six years experience as an
  information systems auditor and financial auditor
  with an international accounting firm. He has
  written several articles in information systems
  academic and practitioner publications. Dr.
  ODonnell has presented papers at several
  academic conferences including Decision Sciences
  Institute Conferences and the Americas Conference
  of Information Systems. His research interests
  include Continuous Auditing, Ecommerce Trust,
  Valuing IT, and Real-time Financial Reporting.
• Dr. ODonnell teaches financial accounting,
  managerial accounting and accounting information
  systems courses. He played a central role in
  designing Canisius Colleges innovative
  Accounting Information Systems program that
  started in 2001. Dr. ODonnell has developed
  courses in Information Systems Auditing,
  E-Business, and Enterprise Systems.

31
About the Presenters

• Karina Barton is a student at Canisius College in
  Buffalo, New York. She is completing an M.B.A.
  in Accounting and graduated Summa cum laude in
  May 2004 with a dual major in Accounting and
  Accounting Information Systems. She is a member
  of the New York State Society of Certified Public
  Accountants Technology Assurance Committee.
  Karina is currently working on independent
  research in the area of XBRL. She authored an
  article on this subject for the September 2003
  issue of the Trusted Professional.
• Karina is an intern in Systems Process Assurance
  at PricewaterhouseCoopers. She is a member of
  several academic honor societies including The
  National Deans List Honor Society, Beta Gamma
  Sigma, and Alpha Sigma Lambda.
• Jennifer A. Moore is currently a staff accountant
  with Lumsden McCormick, LLP. She graduated
  from Canisius College in May of 2003 from the
  Honors College with a BS in Accounting and
  Accounting Information Systems. She also minored
  in Computer Science while at Canisius College.
  Jennifer is a member of the NYSSCPAs Technology
  Assurance Committee. Her articles have been
  published in the CPA Journal and The Trusted
  Professional.