Remote Audit - AAA 2010 - SET Workshop

Strategic and Emerging
Technology Workshop
July 31, 2010
Remote Audit:
A Research Framework
Ryan Teeter
Miklos A. Vasarhelyi
Michael G. Alles
Remote Audit: A Research Framework
■ ■ ■■■ ■■ ■■■■ ■■
Outline
I. Introduction
II. The Remote Audit
– Virtual teams
– Auditing activities
III. Information and Communication Technology

– The audit interface
– Online electonic working papers
IV. Continuous Evidence & Analytics

– Documentation
– Computer assisted auditing techniques (CAATs)
– Continuous Auditing
V. Conclusions and Directions for Future Research

■ ■ ■■■ ■■ ■■■■ ■■
I. Introduction
Context Opportunities
• Traditional audits experience lag • Audit automation reduces latency
• Internal audit departments face • Information and communication
budgetary and efficiency pressure technology allows auditors to work
• Audit evidence has changed remotely
• IA is evaluating technology • Evidence can be collected and
(e.g. New York Times) stored electronically
This paper is designed to:

• Synthesize ICT literature in IT, OM, and audit
• Present a research framework internal audit
• Provide a conceptualization of the remote audit
I. Introduction II. The Remote Audit III. Information and Communication Technology IV. Continuous Evidence & Analytics V. Conclusion
■ ■ ■■■ ■■ ■■■■ ■■

Remote auditing is the
process by which auditors
couple information and
communication technology
with data analytics to assess
the accuracy of financial data
and internal controls, gather
electronic evidence, and
interact with clients,
independent of physical
presence
■ ■ ■■■ ■■ ■■■■ ■■

• Virtual teams are “a collection of geographically distributed,
functionally and/or culturally diverse entities that are linked by
electronic forms of communication and rely on lateral,
dynamic relationships for coordination.”
(Desanctis and Monge, 1999)
• Internal auditors collaborate and coordinate with team

members
■ ■ ■■■ ■■ ■■■■ ■■
■ ■ ■■■ ■■ ■■■■ ■■

• The audit team already uses some Web conferencing & telework
Ellis et al. 1991: Groupware: some
ICT to enhance the audit issues and experiences - Overview of
– Spreadsheets, macros, e-mail, laptop for web conferencing,
Hunton & Harmon 2004: A model for
storing data investigating telework in accounting -
• For remote audit, additional Model for addressing antecedents and
outcomes of telecommuting.
technology is needed Campbell and McDonald (2009):
Defining a conceptual framework for
– Web conferencing & telework, electronic telework - Overview of and issues with
working papers, cloud computing telework application in accounting
■ ■ ■■■ ■■ ■■■■ ■■

• EWPs include evidence collected on Electronic working papers
DeYoung 1989: Hypertext challenges in
demand by the auditor along with the auditing domain - Workpapers
transaction-relevant data from mimicking the Web
Bierstaker et al. 2001: The impact of
automated systems information technology on the audit
process - Adoption of EWP by audit
• Process mining can aid automatic firms
development of EWP Jans et al 2010: Process mining of

event logs in auditing: opportunities
• Dynamic dashboard and challenges - Discussion of process
mining for auditing
■ ■ ■■■ ■■ ■■■■ ■■

• Documentation
– Can be a set of audit procedures, a spreadsheet of extracted
information, a transcript from an interview, or a combination of these
and other elements
– Ensures parties know their tasks
– Helps train new employees
– Creates a “paper” trail
■ ■ ■■■ ■■ ■■■■ ■■

Procedure Onsite Methodology Remote Methodology
Obtaining Audit Evidence
Inspection of Records or Pull a sample of purchase orders Evaluate entire purchase order
Documents and verify authorized signature population in ERP and verify POs
(e.g. authorization) exists and matches authority list passed through approval workflow
and possess authorized user stamp
Inspection of Tangible Assets Print a list of inventory, walk Closed circuit television, scales,
(e.g. physical inventory count) through warehouse, open boxes, other metrics
etc.
Observation Sit with a worker and observe Use process mining to determine
(e.g. watching someone complete procedure transactions that deviate from
a process) standard
Inquiry Communicate electronically or in Monitor processes/controls.
(e.g. written or oral interviews) loco as part of traditional audit Automatically identify process
owner when exceptions occur
Analytical Procedures Extract data, scan for anomalies Filter real-time data through
(e.g. scanning and statistics) based on auditor judgment continuity equations, ratio
analysis,
Adapted from SAS 106
■ ■ ■■■ ■■ ■■■■ ■■

• Computer assisted auditing CAATs
Debreceny et al. 2005: CAAT
techniques (CAATs) facilitate acceptance low, varied in highly-
evidence collection technical bank setting
Zhao et al. 2004: Identify CAATs as a
– Data analysis software necessary step for continuous auditing
– Network security evaluation software Javrin et al. 2008: Auditor use of CAAT
requires training and accessibility
– OS and DBMS security evaluation
software and utilities
– Software and code testing tools
• Auditors see tools necessary only

for fraud and special investigations
• Need for specialized training
■ ■ ■■■ ■■ ■■■■ ■■

• Continuous auditing is a Controls monitoring
Brown et al. 2007: Survey of
formalization of audit procedures continuous auditing and continuous
and automation of CAATs monitoring research
Alles et al. 2006: CCM pilot at Siemens
• Continuous Data Audit + Continuous Corporation
Controls Monitoring Murthy 2004: Implementation for CCM

in e-commerce
Nelson 2004: CCM at Hospital
Corporation of America
Rose and Hirte 1996: Carolina Power
and Light
Turoff et al. 2004: Homeland Security
Vasarhelyi & Halper 1991: Continuous
online auditing at Bell Laboratories
Hunton et al. 2008: Managers’
perception of CCM
■ ■ ■■■ ■■ ■■■■ ■■
V. Conclusions and Future Research

• Driving costs
– Cost of technology and broadband access declines
– Budgetary pressure increases
• Enhanced interaction
– Increased efficiency
– Prolonged intense deterrence
• Innovation of the audit process
– Take advantage of technology
– Reengineer business processes
– Change the role of the internal auditor
■ ■ ■■■ ■■ ■■■■ ■■
V. Conclusions and Future Research

• More research needed
– Specific technology implementation in audit
– Updated internal audit framework
– Analysis of required auditor skills (attitudes, behaviors, expertise)
– Impact of costs + deterrence
Auditor Auditee
Behavioral Questions
• Motivation to complete audit tasks • Continual auditor presence
• Efficiency of collecting and processing data • Ability to hide fraud
• Information overload • Prolonged contact
• Technical skills and ability • Resistance to change
• Trust and professional skepticism • Trust
■ ■ ■■■ ■■ ■■■■ ■■■

Remote Audit - AAA 2010 - SET Workshop

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Remote Audit - AAA 2010 - SET Workshop

Загружено:

Авторское право:

Доступные форматы

Strategic and Emerging

III. Information and Communication Technology

IV. Continuous Evidence & Analytics

V. Conclusions and Directions for Future Research

This paper is designed to:

II. The Remote Audit

II. The Remote Audit

• Internal auditors collaborate and coordinate with team

II. The Remote Audit

III. Information and Communication Technology

III. Information and Communication Technology

development of EWP Jans et al 2010: Process mining of

IV. Continuous Evidence & Analytics

IV. Continuous Evidence & Analytics

Adapted from SAS 106

IV. Continuous Evidence & Analytics

• Auditors see tools necessary only

IV. Continuous Evidence & Analytics

Controls Monitoring Murthy 2004: Implementation for CCM

V. Conclusions and Future Research

V. Conclusions and Future Research

Вам также может понравиться