Title: Continuous Auditing, XBRL and Data Mining
1Continuous Auditing, XBRL and Data Mining
- Presenters
- Jennifer Moore, Lumsden McCormick, LLP
- Karina Barton, Canisius College
- Dr. Joseph ODonnell, Canisius College
New York State Society of Certified Public
Accountants Technology Assurance Committee June
15, 2004
2Introduction Continuous Auditing
- Many auditors see continuous auditing as
inevitable for future auditing - once a year review may no longer be appropriate
- Continuous Auditing
- Produces audit results simultaneously with, or
short time after, occurrence of relevant events - Heavily dependent on modern information technology
3Continuous Auditing (cont.)
- XBRL and XML enable use of Continuous Auditing
- Facilitate real-time transfer of client data to
auditor database - Adds flexibility to use of embedded audit module
and generalized audit software (e.g., IDEA and
ACL) - Requires
- Integrity and security in transferring data from
client system to auditor database - Security of auditor database
4Tools For Continuous Auditing
- Auditors evaluate individual events and patterns
of events - Data Mining
5Benefits of Continuous Auditing
- Shorter Auditing Cycle
- More timely reporting
- Potential Cost Reduction
- Reducing manual effort
- Increased audit effectiveness
- Capability to analyze a greater number of
transactions in a timely manner
6Issues with Continuous Auditing
- Training and Staffing
- Greater need of IT and statistically trained
staff - Understanding meaningfulness of immediate audit
information - Client buy-in
- Technical issues such as security and integrity
of data
7XBRL
- Extensible Business Reporting Language
- Technology for the transparent interchange of
financial and business reporting data - Based on XML (Extensible Markup Language)
- Being developed by XBRL International Inc., which
is a not-for-profit consortium of around 200
companies and agencies - XBRL 2.1 Specification
8XBRL Code
- ltcicapitalAssetsNet.capitalAssetsGrossnumericCont
extc1gt 1000 lt/cicapitalAssetsNet.capitalAssets
Grossgt - The value of Gross Capital Assets in the numeric
context labeled c1 is 1,000.
9Taxonomies
- Defines elements that correspond to a concept
that can be referenced in XBRL generated reports.
- Hierarchy ordered system indicating
relationships - Standardized by country and industry
10How it Works
- Define G/L Accounts to Data Elements using
taxonomy - User draws information into an instance document
- Style sheet often used to create attractive and
easy to read reports
11Risks
- New control risks in applying taxonomies
correctly and completely to an entitys
accounting data - Information security- information is at risk for
malicious attacks (changes, destruction,
corporate espionage) - Encryption can be embedded in XML documents
12Advantages
- Facilitates real time reporting and continuous
auditing - Drill down capability and discovery of underlying
information - Comparability across industries
- royalty-free, and open standard
13Data Mining For Continuous Auditing
- Data Mining
- Statistical tools for recognizing patterns in
data - Data Mining could be used to identify high risk
transactions and control weaknesses - XBRL XML facilitates transfer of client data to
auditor data warehouses and data marts - Data mining of these data warehouses and data
marts
14Data Mining Benfords Law
- Data Mining Models for Auditing
- E.g., digital analysis based on Benfords Law
- Based on natural frequency of numbers
- The first digit of a number is more frequently a
lower number (1,2 or 3) than a higher number
(7,8,9) - Last two digits of a number (00-99) should occur
equally - Data significantly varying from Benfords Law
should be further evaluated for possible
erroneous transactions
15Need for Data Mining Models
- Continuous auditing of large databases requires
data mining for timely and efficient
identification of trends - Commercial CAAT packages generally provide
- Basic statistical approaches for data mining
- Static data mining models that incorporate
learning capabilities such as artificial
intelligence - Require a semi-automated process that may not be
economical for trend analysis of large databases
16SAS 99
- SAS 99 Consideration of Fraud in a Financial
Statement Audit requires varying audit procedures - Reduces likelihood that fraud perpetrators can
- Predict audit procedures, and
- Conceal fraud in areas and ways that auditors are
least likely to identify - Data mining analysis should vary
17Quantitative and Textual Information
- Use of data mining has focused on quantitative
data - Incorporating quantitative and textual
information provides more comprehensive view of
trends - Content analysis can be used for textual
information - Prior Research
- Different patterns for textual and quantitative
information in annual reports
18Data Mining Approaches
- Three Basic Approaches to Data Mining
- Mathematical-based methods,
- Distance-based methods, and
- Logic-based methods
- Methods may use supervised or unsupervised
variable - Supervised induction rules for predefined
classifications - Unsupervised rules and classifications
determined by data mining method
19Mathematical-based Methods
- Neural Network
- Network of nodes modeled after a neuron or neural
circuit - Supervised learning
- Weighted values at different nodes
- Mimics the processing of the human brain
- Form of Artificial Intelligence
- Research models addressed audit areas of
- risk assessment, errors and fraud, going concern
audit opinion, financial distress, and bankruptcy
prediction
20Mathematical-based Methods
- Discriminant Analysis
- Similar to multiple regression analysis uses a
non-continuous dependent variable - Approach identifies the variables (features or
cases) that best explain the classification - Supervisory learning approach
- Loses effectiveness with large complex data sets
21Distance-Based Method
- Clustering
- Data mining approach that partitions large sets
of data objects into homogeneous groups - Uses unsupervised classification where little
manual pre-screening of data is necessary - useful in situations where there is no
predefined knowledge of categories - Classifications based on an objects attributes
- Most commonly used in field of marketing but
could be used in auditing
22Logic-Based Approach
- Tree and Rule Induction
- Supervised Learning
- Uses an algorithm to induce a decision tree from
a file of individual cases - Case has set of attributes and the class to which
it belongs - Decision tree can be converted to a rule-based
view. - Major advantage is ability to communicate and
understand information derived from this
approach. - Prior research addressed audit areas of
- bankruptcy, bank failure, and credit risk
23Selecting Data Mining Approach
- Criteria
- Scalability - how well data mining method works
regardless of data set size - Accuracy - how well information extracted remains
stable and constant beyond the boundaries of the
data from which it was extracted, or trained - Robustness - how well the data mining method
works in a wide variety of domains - Interpretability - how well data mining method
provides understandable information and valuable
insight to user
24Selecting DM Approach for Cont. Auditing
- Selecting the appropriate approach considering
audit environment - Varying internal (client) environment
- Difference between internal and external
environment - Varying size of databases
- Impact of immediate transaction evaluation of
continuous auditing on process and database size
25Additional Data Mining Issues
- In continuous audit environment
- Selecting appropriate attributes as input to data
mining - What type of information is most useful,
quantitative or textual? - What level of detail is most useful, detail
transactions or summary information such as
ratios? - In-house or vendor developed data mining tools
- Selection of data sets for learning
26Conclusion
- XBRL, XML, Data Mining, and Continuous Auditing
provide opportunities to improve audit
effectiveness while creating training and
information security issues. - Questions?
27Sources Used in Presentation
- American Institute of Certified Public
Accountants, Statement on Auditing Standards 99
(2002). Consideration of Fraud in a Financial
Statement Audit. - Apte, C.V., Hong, S.J., Natarajan, R., Pednault,
E.P.D., Tipu, F.A., and Weiss, S.M. (2003).
Data-Intensive Analytics for Predictive Modeling.
IBM Journal of Research and Development, 47, 1,
17-23. - Back, B., Toivenen, J., Vanharanta, H., Visa,
A. (2001). Comparing Numerical Data and Text
Information from Annual Reports Using
Self-Organizing Maps. International Journal of
Accounting Information Systems, 2(2001), 249-269. - Bierstaker, J. L., Burnaby, P., Hass, S.
(2003). Recent Changes in Internal Auditors' Use
of Technology. Internal Auditing, 18(4), 39-45. - Bergeron, Bryan. (2003). Essentials of XBRL.
Hoboken John Wiley Sons - Kogan, A., Sudit, E. F., Vasarhelyi, M. A.
(2003). Continuous Online Auditing An Evolution.
Unpublished Workpaper, 1-25.
28Sources Used in Presentation (cont.)
- Liang, D., Fengyi, L., Wu, S. (2001).
Electronically Auditing EDP Systems with the
Support of Emerging Information Technologies.
International Journal of Accounting Information
Systems, 2, 130-147. - Lin, J. W., Hwang, m. I., Becker, J. D. (2003).
A Fuzzy Neural Network for Assessing the Risk of
Fraudulent Financial Reporting. Managerial
Auditing Journal, 18(8), 657-665. - Maltseva, E., Pizzuti, C., and Talia, D. (2000).
Indirect Knowledge Discovery by Using Singular
Value Decomposition. In Data Mining II,
Southhampton, UK WIT Press. - Nigrini, M. J. (2002). Analysis of Digits and
Number Patterns. In J. C. Robertson (Ed.), Fraud
Examination for Managers and Auditors (pp.
495-518). Austin, Texas Atex Austin, Inc. - Pushkin, A. B. (2003). Comprehensive Continuous
Auditing The Strategic Component. Internal
Auditing, 18(1), 26-33.
29Sources Used in Presentation (cont.)
- Rezaee, Z., Sharbatoghlie, A., Elam, R., and
McMickle, P.L. (2002). Continuous Auditing
Building Automated Auditing Capability. Auditing
A Journal of Practice Theory, 21, 1, 147-163. - Spangler, W.E., May, J.H., and Vargas, L.G.
(1999). Choosing Data Mining Methods for Multiple
Classification Representational and Performance
Measurement Implications for Decision Support,
Journal of Management Information Systems, 16, 1,
pp. 37-62. - Warren, J. Donald Jr., and Parker, Xenia Ley
(2003). Continuous Auditing Potential for
Internal Auditors, Institute of Internal
Auditors. - XBRL.org. (2002). Contact Us Jurisdictions.
Extensible Business Reporting Language. Online.
Internet. 7 June 2004. Available www.xbrl.org.
30About the Presenters
- Dr. Joseph B. ODonnell is currently an Assistant
Professor in the Department of Accounting at
Canisius College. He has a Ph.D. and MBA from the
State University of New York at Buffalo and a
B.B.A. from the University of Notre Dame. Dr.
ODonnell, a CPA, has six years experience as an
information systems auditor and financial auditor
with an international accounting firm. He has
written several articles in information systems
academic and practitioner publications. Dr.
ODonnell has presented papers at several
academic conferences including Decision Sciences
Institute Conferences and the Americas Conference
of Information Systems. His research interests
include Continuous Auditing, Ecommerce Trust,
Valuing IT, and Real-time Financial Reporting. -
- Dr. ODonnell teaches financial accounting,
managerial accounting and accounting information
systems courses. He played a central role in
designing Canisius Colleges innovative
Accounting Information Systems program that
started in 2001. Dr. ODonnell has developed
courses in Information Systems Auditing,
E-Business, and Enterprise Systems.
31About the Presenters
- Karina Barton is a student at Canisius College in
Buffalo, New York. She is completing an M.B.A.
in Accounting and graduated Summa cum laude in
May 2004 with a dual major in Accounting and
Accounting Information Systems. She is a member
of the New York State Society of Certified Public
Accountants Technology Assurance Committee.
Karina is currently working on independent
research in the area of XBRL. She authored an
article on this subject for the September 2003
issue of the Trusted Professional. -
- Karina is an intern in Systems Process Assurance
at PricewaterhouseCoopers. She is a member of
several academic honor societies including The
National Deans List Honor Society, Beta Gamma
Sigma, and Alpha Sigma Lambda. -
- Jennifer A. Moore is currently a staff accountant
with Lumsden McCormick, LLP. She graduated
from Canisius College in May of 2003 from the
Honors College with a BS in Accounting and
Accounting Information Systems. She also minored
in Computer Science while at Canisius College.
Jennifer is a member of the NYSSCPAs Technology
Assurance Committee. Her articles have been
published in the CPA Journal and The Trusted
Professional.