The Continuous Auditing Methodology for Web-Release

1
The Continuous Auditing Methodology for
Web-Release An ECAM Prototype Using
Object-Oriented Technology
Chi-Chun Chou, Assistant Professor Department of
Accounting Chung-Yuan Christian University 22
Pu-Jen, Pu-chung Li, Chung Li, Taiwan, Republic
of China PHONE 011-886-3-4563171(ext.)5316 FAX
011-886-3-34372092 E-mail chichun_at_cycu.edu.tw
2
Continuous Auditing as the Solution to
Web-Release Assurance

• WE NEED WEB-RELEASE, BUT HOW TO CONTROL THE
  ASSURANCE PROBLEM?
• Is Continuous Auditing the SOLUTION?
• Our Preliminary Analysis Indicates

• Ceteris paribus, given the appropriate
  technology, the total economic welfare under
  continuous auditing will never be less than the
  real-time auditing, and the real-time auditing
  will never be less than the traditional
  periodical auditing, regardless of their
  information environment type.

3
But, how to Conduct it ?

• Thinking on the Basic Requirements
• Analyzing the Conceptual Model
• Identifying the Implementation Tools
• Realizing the ECAM System

4
Basic Requirements

• AUTOMATION is the KEY to Continuous Auditing!
• To Make Data MACHINE-READABLE is the KEY to
  Automated Data Extraction!
• The MACHINE-EXECUTABLE PROCEDURES to Read and
  Analyze Data is the KEY to Automated Data
  Analysis!
• Detail Requirements
• OLCT Propositions 3-1 to 3-5
• CSTM Propositions 3-6 to 3-7

5
Machine-Readable Data

• How to Read?
• Requiring the knowledge of Data Schema Design
• Wait and Wakeup Threads (Non-Semantic Daemons)
• Requiring no knowledge of Data Schema Design
• Semantic Intelligent Agents -gt Mission
  Impossible!
• PRE-ARRANGED Data Standard Data Interface (ex
  XML-Based Format)
• Embedded Event-Triggering Methods (ex OO-Based
  EAM Gateway)
• What to Read?
• Can we use INTERNAL CONTROL INFORMATION?
• The Hooked Balance-Related Transaction Data
• When to Read?
• On_Updates of the INTERNAL CONTROL Configuration
• On_Posted of each Transaction
• Where to Read?
• URI of INTERNAL CONTROL Configuration Data
• URI of Transaction Data

6
Machine-Executable Procedures

• How to Perform?
• Event-Triggering Threads (ex OO-Based Audit
  Patterns)
• What to Perform?
• Workflow-Based Control Testing Logic
• Automated Transaction and Balance-Related Testing
  Procedures
• Error-Detecting Procedures
• Error-Correcting Procedures
• When to Perform?
• On_Retrieval of the updated INTERNAL CONTROL
  Configuration
• On_Retrieval of each Transaction Data
• Where to Perform?
• Continuous Auditors Server

7
On-Line Control Testing

• Idea
• Let Clients System Setting Talks
• Obtaining Control Configuration Data Directly
  from the Clients System Setting -gt Workflow
  Control Data
• Benefits
• More Direct Results No more Testing Data Method
• Easier to achieve Continuous Monitoring
• Exact Tie-in to the Substantive Testing
• Determinants of a Successful OLCT
• The availability of control configuration data
• The reliability of system application components
• The reusability of OLCT mechanism

8
Analyzing Steps for OLCT

• Identify the Testing Objectives of OLCT,
  restricted by
• High measurability of the control element
• Low pervasiveness of the control element
• High feasibility to facilitate control testing by
  computer
• Identify the System Control Evaluating Model
• Tie-in to the Substantive Testing Patterns
• Considering the Influence of Client System on
  OLCT
• Availability of Control Configuration Data
• Maintenance of Control Data Availability
• Reliability of System Application Components
• Data Model Requirements for OLCT
• Continuing Availability of Control Configuration
  Data
• The Maintenance and Reusability of OLCT Mechanism

9
Continuous Substantive Testing Model

• Idea
• Transaction Testing REPLACES Balance Testing
• Obtaining and Analyzing the Transaction on Timely
  Basis
• Automated Transaction Testing BASED on Control
  Testing
• Benefits
• Easier to achieve Real-time Audit Reports
• Automation Decreases the Operational Costs
• Exact Substantive Testing according to the OLCT
  Patterns
• Determinants of a Successful CSTM
• The availability of transaction data
• The comprehensiveness of CSTM mechanism
• The reusability of CSTM components

10
Analyzing Steps for CSTM

• Identify the Testing Objectives of CSTM
• Identify the Continuous Substantive Testing Model
• Considering the Influence of Client System on
  CSTM
• Continuing Availability of Transaction Data
• Data Model Requirements for OLCT
• The Comprehensiveness of CSTM Mechanism
• The Maintenance and Reusability of CSTM
  Components

11
Realizing ECAM

• System Architecture of ECAM
• OOAD is the Best Solution!
• Implementation Tools
• Prototype Demonstration
• http//chichun.ac.cycu.edu.tw/research.htm
• Concluding Remarks and Future Study

12

• The Comparisons of Three Audit Approaches

13

• Determinant Factors for an Efficient OLCT

14
DIST1 stands for the least deficient situation
that we call inconsistency. Using ICDL words,
DIST1 collects the inconsistent deficiencies
describes as follows For each (nl, rk) in PC
under auditing, it is found a corresponding pair
(nl, rk) in PC and each nl in (nl, rk) will
be identical to nl in (nl, rk). However, there
exists some rk is not equal to rk.
DIST2 is the moderate case of deficiency that we
call incomprehensiveness deficiency. Using ICDL
terms, DIST2 is the case when each ni in PC has
an identical node ni in PC, there exists some
rk in PC but rknot in PC.
DIST3 has the worst situation is the
incompleteness, represented by DIST3, which
means there exists some nl in PC but nl not
in PC, as well as its related preconditions
rk. This deficiency might increase the
possibility of fictitious transactions so that a
serious further investigation on the existence
assertion might be necessary.
System Control Evaluating Model using ICDL
15
(No Transcript)
16
(No Transcript)
17
An ASP Framework for ECAM
18
ECAM Data Model
Client System Data Model
Class Diagram an Illustration of ECAM Data
Model
19
Audit Risk Induced by Various System Design
Approaches
20
Illustration of the Transaction-Basis Testing
Scheme
21
Illustration of CSTM Processes
22
(No Transcript)
23
Summary of the Analysis, Design and
Implementation Tools for ECAM Prototype