Continuous Assurance 101 - PowerPoint PPT Presentation

About This Presentation

Title:

Continuous Assurance 101

Description:

Continuous Assurance 101 Miklos A. Vasarhelyi AT&T Laboratories Rutgers University Outline Electronization Continuous measurement & reporting Continuous assurance ... – PowerPoint PPT presentation

Number of Views:140

Avg rating:3.0/5.0

Slides: 42

Provided by: Mikl151

Learn more at: https://raw.rutgers.edu

Category:

more less

Transcript and Presenter's Notes

Title: Continuous Assurance 101

1
Continuous Assurance 101

Miklos A. Vasarhelyi
ATT Laboratories
Rutgers University

2
Outline

Electronization
Continuous measurement reporting
Continuous assurance
Efforts and statutes
Concepts
CPAs
Enron ????
Conclusions

3
http//raw.rutgers.edu/continuousauditing
miklosv_at_yahoo.com
4
Electronization of Business
Purchasing
B2B Purchasing Open EDI Extranets Consortia
Manufacturing
Tracking
Sale
Payment
Pre-sale care
Inventory
Web-based Cash register Shopping carts Click
paths E-Catalog
VRS Auto Responder
Web-based Credit card E-cash Micropayments
E-Catalog
Delivery
Marketing
Individual targeting Spaming Virtual
communities Customer party lines
Bitable Non-bitable
Tracking
Advertising
Auditing
Accounting
Web advertising Customization Banners
E-care
Continuous Automatic Confirmation
Tech support Lead Follows Help desk
Continuous ERPSs New Paradigms
5
Key Financial processes being electronized

measurement (accounting),
control
Assurance
evolving revolution in corporate financial
processes and the financial industry
several world class organizations are leading
this effort

6
Continuous reporting
7
SEC roundtable of 4/4/2002

Priority no. 1 real-time reporting. Real-time
reporting should take highestpriority. More
frequent reporting of results will help solve the
problem ofmanaged earnings because daily or
weekly earnings will be harder to managethan
quarterly earnings. SEC's proposal for faster
reporting of some 8-Kitems is helpful, but it
doesn't go far enough.

8
Short interval reporting

Ciscos virtual close
Real balances of certain accounts
Cash, accounts receivable, accounts payable,
inventory
Estimates / allocations
Behavioral changes
End-of-period adjustments
Competitive fears
Scorecards (Bob Kaplan)

9
Increased frequency and scope of reporting

Obstacles are not technical
Internal vs external reporting
Litigation fears
Who needs continuous reporting?
Increased transparency
Qualitative, environmental, social, and other
reporting
Multi-layered reporting (the FD rule)

10
Is Continuous Reporting Necessary for Continuous
Assurance?

continuous measurement is necessary, but the
time from is contingent on the process
Batch process cycles limit the process
Companies measure a much wider set of variables
to support a multitude of continuous processes

11
The Assurance Services (Eliott) Special Committee
proposed an evolution of services towards
real-time assurance
Real-time assurance on on-line
databases
Ultimately
Tomorrow
Today
12
Continuous Assurance
13
History

CPAS effort and embedded modules (ITF) 1987
AICPA /CICA monograph 1999
Continuous systrust 2001
Panel next ?????
Much academic interest since 1999 (3 symposia,
this year in the UK)

14
Current Practice

HCA Healthcare
Several monitoring and auditing functions
Martin Marietta
Data driven risk model
Federal Reserve of New York
Network Monitoring

15
Why not?

my problems are not with transactions but with
legal exposures and environmental effects
this is not auditing, it is supervision
this opens substantial data for the competition

16
A Dramatic Change in the Audit model

1. The continuous assurance model has many
clients
2. The continuous assurance model has a different
justification
3. A new toolset
4. The continuous assurance model is an instance
of operational monitoring
5. The continuous assurance model will turn the
audit process into audit by exception
6. The continuous assurance model covers a wider
set of quantitative and qualitative non-financial
data
7. The continuous assurance model had different
Independence considerations
8. The continuous assurance opinion has some
futurity implied in it

17
Pseudo report 1

We have examined the reliability and financial
reports of ABC corporation and have been engaged
on a continuous assurance engagement for the
fiscal year of xxxx. We will monitor the
organizations operations and strategic
accomplishments using a wide set of analytics as
described in http//www.ca.com/analytics and
other analytics we deem appropriate and will
report on an audit by exception basis when more
than xx variance is found in operational and
strategic standards or when we deem it
appropriate. This exception report will be issued
to all customers registered ( paying ) at
http//www.ca.com/analytics/customers.

18
Pseudo report secondary assurance

We have been engaged on a continuous assurance
engagement for the fiscal year of xxxx for the
purpose of covenant monitoring. We will monitor
the organizations covenants, using the ATT MC
platform, as described in our agreement with bank
XYZ using a specified set of covenant figures and
wide set of analytics as described in
http//www.ca.com/analytics and other analytics
we deem appropriate and will report on an audit
by exception basis when more covenants are
violated by more than xx for a day or when we
deem it appropriate. This exception report will
be issued to bank XYZ immediately when the
variance day is completed and to all customers
registered ( paying ) at http//www.ca.com/analyti
cs/customers.

19
CPAS concepts

metrics
Analytics / continuity equations
standards
of operation
of variance
others
alarms
measurement vs monitoring

20
CPAS concepts

The essence of monitoring and control is the
comparison of a measured value (metric) with a
model of behavior (standard)
Control of a process implies detecting variances
and either accepting them or exerting action for
change
Assurance is a meta-level for measurement,
monitoring and control that detects anomalies in
this process or provides re-enforcement of its
proper performance

21
Monitoring, control and assurance
22
metrics

Are direct measurement of elements that measure
corporate processes
Can be expressed in many types of units
A phone call has minutes, origination, dollars
and modified dollars..
Metrics also work in aggregates (e.g. bottles,
cases, liters, tons, etc)
Automated sensor substantially improve the value
of a metrics
Metrics can be combined to higher level meaning
metrics
Managers develop intuitive feeling for metrics

23
Analytics

Traditional analytics encompass time series and
cross-sectional analytics
CA adds structural analytics provided by
multivariate continuity equations
Some CA analytics include
Comparisons with constants
Relationships of variables
Daily, hourly, continuous reconciliations
Loose relationships (e.g 10 increase in
advertising creates 3 increase in sales)

24
standards

Types
of operation
of variance
relationships
Others
Can be
empirically derived
model derived

Have to be realistic
25
Alarms

Multiple levels and purposes
A. Inform continuous assurers
B. Inform operations
C. Inform operations and auditors
D. Inform operations / auditors / top management
/ audit committee / regulators
E. Suspend the process

Level is an attribute of the alarm
26
Methods of data capture

measurement vs monitoring
Database queries
Capture of temporary datasets
Parsing of electronic reports
Direct process taps programmed into the
transaction routes

27
Principles of Continuity Equations

Different stages of the product life life have
different metrics
Continuity of processes creates relationships
between different variables
Most processes have metrics being expressed in
different units (volumes, dollars, units, etc)
There are intrinsic relationships between these
values that can add substantively to basic
analytical review
Standards must be developed to these
relationships
The understanding of these relationships will
avoid major process discontinuities or will
identify them for scrutiny

28
Linking financial and non financial processes
analytically
29
CPAS effort

This methodology will change the nature of
evidence, timing, procedures and effort
involved in audit work.

30
CPAS effort (II)

The auditor will place an increased level of
reliance on the evaluation of flow data (while
accounting operations are being performed)
instead of evidence from related activities (e.g.
preparedness audits).
Audit work would be focused on audit by
exception with the system gathering knowledge
exceptions on a continuous basis.

31
CPAS OVERVIEW
System
System Operational Reports
Workstation
Operational Report
Operational Report
DF-level 2
Operational Report
DF-level 1
DF-level 1
DF-level 1
Filter
Alarm
DF-level 0
Data Flow Diagrams
Database
Reports
Analytics
Metrics
32
FlowFront - Interactive Flow Diagram Viewer -
ATT Bell Laboratories - Murray Hill, NJ
fer
04/01/89
Date
Set Date
Recalculating With Check.
Help
Text
Quit!
FlowFront Hierarchy
Billing System - Customer Billing Module
Customer Database
Extract Customer Accounts
Calculate Amount Due
Update Billing Info
1000
1000
Journal Files
Format Bill
998
988
Accounts Missing 10
2
Journal Files
Table
Process Errors
0
33
Flowchart Front End - C.J. Calabrese, F.B.
Halper, J.S. Lavin, T-W. Pao, M.A. Vasarhelyi,
C.S.Warth
11/27/89
Date
MESSAGE PROCESSING
Cant read sql 14
Cant read sql 15
ATT
LEC
reject held dropped
R
(excl. invalid IX)
0
invalid IX code
LUB and to other billers
6
Returns Transfers
89744
RCAM Biller
66449
12324
recycles
Interrogation/Deletion (to Billers)
Message Completion
Message Validation
238605
0
passed to message completion
Duplicates and Dropped Records
617
Business Biller
errors
errors
1106
68365
8
161
Message Investigation (MIU)
corrected errors LUB and to other billers
errors
0
34
FlowFront - Interactive Flow Diagram Viewer -
ATT Bell Laboratories - Murray Hill, NJ
fernsu
fer
04/01/89
Date
Set Date
Plot Request graph.level 1
RPC
Silver Springs
PE 60
Help
Text
Quit!
FlowFront Hierarchy
Billing System - Overview
S Graphics
Percent Of Accounts Successfully Billed
100
100
99
99
99
98
98
98
Tra
97
95
Bill Upda
85
AmtDue
67
0 20 40
60 80
100
Percent Billed
Pay
Overview
Trans Data
23
Inquiry
3/16 3/17 3/18 3/21 3/22
3/23 3/24 3/25 3/28 3/29
3/30 3/31 4/1
Pro
4/1/89
Mean 89.076923076923 StdDev
21.872591442494
Errors
35
New technologies need new thinking

Internetworking and extreme intrusion
Confirmatory extranets
Analytic webs and fourth and fifth party
assurance
Intelligent transaction detection
Sniffers, exposure databases, pattern detectors,
common fraud databases

36
The Enron debacle

Would CA have detected the problem?
Would have reduced it
If transparency is desired it can be obtained to
the extreme
Other forms of third party monitoring can deal
with management fraud and audit collusion
Are we willing to go that far?
Financial engineering and opacity together are a
deadly mix

37
Monitoring and Control Business at ATT
Laboratories
38
Focus group objectives

Understand the business models that can emerge
from the CA effort
Keeping independence of CA
Partnerships
Changing the audit paradigm
Bringing in new confidence on the process
Linking with network and IT assurance

39
Center for Continuous Auditing

A consortium of major Universities led by Texas
AM
J. Don Warren Director
Will probably host this conference next year

40
Charter Board of CCA Research Fellows
The Center for Continuous Auditing An Alliance
of Arizona State University, Indiana University,
Rutgers University, Texas AM University and
University of Tennessee