Continuous Auditing Technology Adoption in Leading Internal Audit Organizations Miklos A. Vasarhelyi Siripan Kuenkaikaew.

Slides:

Advertisements

Similar presentations

Organizational Governance

Advertisements

. . . a step-by-step guide to world-class internal auditing

External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.

1 The Antecedents of Internal Auditors Adoption of Continuous Auditing Technology: Exploring UTAUT in an Organizational Context Ray Henrickson CAIT, CACISA.

New IA IA Clinic March 30, Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed.

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

A Consultative Approach to Auditing

Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.

Introduction to Enterprise Risk Management (ERM)

INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.

Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Systems Analysis and Design 9th Edition

Sarbanes-Oxley Compliance Process Automation

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

…optimise your IT investments Spreadsheet Management Maturity Model Philip Howard Research Director – Bloor Research.

Audit Planning and Analytical Procedures Chapter 8.

The Acceptance and Adoption of Continuous Auditing by Internal Auditors: A Micro Analysis Miklos A. Vasarhelyi Micheal Alles Siripan Kuenkaikaew James.

Miklos A. Vasarhelyi Siripan Kuenkaikaew Silvia Romero

Caribbean Indigenous Banks Anti-Money Laundering Survey

Quality evaluation and improvement for Internal Audit

The Information Systems Audit Process

Audit Automation as the Foundation of Continuous Auditing Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr.

1 What is Internal Audit’s Role in Management’s Assertion The Institute of Internal Auditors May 11, 2004 Xenia Ley Parker, CIA, CISA, CFSA Principal XLP.

ECM Base Compliance Input Messaging & Alert Compliance dashboard Compliance Monitoring Internal & External Audit Tracking Access Control Compliance & Financial.

External Quality Assessments

Lecture 8 Understanding entity and its environment

AUDIT PROCEDURES. Commonly used Audit Procedures Analytical Procedures Analytical Procedures Basic Audit Approaches - Basic Audit Approaches - System.

REVIEW AND QUALITY CONTROL

Internal Auditing and Outsourcing

DAA and GEP Orlando Audit & Compliance or Audit vs. Compliance.

Central Piedmont Community College Internal Audit.

C. P. Mansoor S. Ahmed M. Com, PGDBA.  Not confined to Independent Audit  Systematic Examination of  Records  Procedures  Systems  Operations.

Session 3 & 4. Institute of Internal Auditors Inc (IIA) was created for internal auditors in 1941 Generally accepted criteria of a profession are: –Adopting.

Model Bank Testing Accelerators “Ready-to-use” test scenarios to reduce effort, time and money.

Erica Cummings Grant Coordinator 1.  The New Mexico Department of Homeland Security and Emergency Management (DHSEM) is responsible for:  Monitoring.

Chapter 14 Internal auditing 14-1 Copyright  2010 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay.

Implementing and Auditing Ethics Programs

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. Quality Assurance José Viegas Ribeiro IGF, Portugal SIGMA.

1 1 Internal Audit Annual Planning, Engagement Planning and Execution.

World Bank Institute Regional Workshop for Anglophone Africa on Auditing and Financial Accountability Addis Ababa KEY ISSUES IN CREATING AN EFFECTIVE INTERNAL.

IAOD Evaluation Section, the Development Agenda (DA) and Development Oriented Activities Julia Flores Marfetan, Senior Evaluator.

Report on the Evaluation Function Evaluation Office.

The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.

S14: Analytical Review and Audit Approaches. Session Objectives To define analytical review To define analytical review To explain commonly used analytical.

1 Kingsley Karunaratne, Department of Accounting, University of Sri Jayewardenepura, Colombo - Sri Lanka Practice Management.

Fleming Systems Renewal Project Project Evolve An update on Core Information Systems at Fleming Fleming College December, 2005.

Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.

INTERNAL AUDIT AND INVESTIGATION SERVICES PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE UNIT’S ACTIVITIES FOR THE YEAR ENDING 31 MARCH 2006 Z MXUNYELWA,

1 Internal Audit. 2 Definition Is an independent activity established by management to examine and evaluate the organization’s risk management processes.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

Conference Workshop Continuous Auditing: An Approach for Today Univ. of Salford, 5 December December 2015 Presented by Anton Bouwer

A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

Audit Evidence Process

Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.

Analytical Review and Audit Approaches

Internal and external quality evaluation of internal audit in public sector in Ukraine Maxim Timokhin, Head of CHU, Public Financial Inspection, Ukraine.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Experience of Leading Edge Organizations with CA/CM: Understanding the Challenges around People, Process and Technology.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

Belgian Technical Cooperation Internal audit presentation.

Compliance with Framework of Quality Control - General & Specific Controls CA Vimal Chopra, Ex Chairman of CIRC of ICAI.

Kode Etik dan IA Standard Dr Rilla Gantino, SE., AK., MM

Internal Audit Strategy Survey Results & Discussion

Presented by Anton Bouwer

Internal Audit Who? What? When? How? Why? In brief . . .

ProZorro : Innovations in Digital Ex-Ante Monitoring Tools for Public Procurement in Ukraine Eliza Niewiadomska

Presentation transcript:

Continuous Auditing Technology Adoption in Leading Internal Audit Organizations Miklos A. Vasarhelyi Siripan Kuenkaikaew

Rutgers Business School CA/CM adoption Objectives This study involve field research studies from 9 leading internal audit organizations. Examines the status of continuous auditing and continuous control monitoring adoption of the organizations. How internal auditors adopt audit-aid technology in their work.

Rutgers Business School CA/CM adoption Methodology Interviews with internal auditors, IT internal auditors and internal audit management. The interviews were conducted face-to-face through site visits. Interviewees were selected from the internal audit department. At least four employees were interviewed per organization to ensure validity, information completeness, and a range of points of view.

Rutgers Business School CA/CM adoption The Audit Maturity Model (1) Stage 1Stage 2Stage 3Stage 4 Traditional AuditEmergingMaturingContinuous Audit Objectives Assurance on the financial reports presented by management Effective control monitoring Verification of the quality of controls and operational results Improvements in the quality of data Creation of a critical meta-control structure Approach Traditional interim and year-end audit Traditional plus some key monitoring processes Usage of alarms as evidence Continuous control monitoring Audit by exception IT/Data access Case by case basis Data is captured during the audit process Repeating key extractions on cycles Systematic monitoring of processes with data capture Complete data access Audit data warehouse, production, finance, benchmarking and error history Audit Automation Manual processes & separate IT audit Audit management software Work paper preparation software Automated monitoring module Alarm and follow-up process Continuous monitoring and immediate response Most of audit automated

Rutgers Business School CA/CM adoption The Audit Maturity Model (2) Stage 1Stage 2Stage 3Stage 4 Traditional AuditEmergingMaturingContinuous Audit Audit and management sharing Independent and Adversarial Independent with some core monitoring shared Shared systems and resources where natural process synergies allow Purposeful Parallel systems and common infrastructures Management of audit functions Financial organization supervises audit and matrix to Board of director Some degree of coordination between the areas of risk, auditing and compliance IT audit works independently IA and IT audit coordinate risk management and share automatic audit processes Auditing links financial to operational processes Centralized and integrates with risk management, compliance and SOX/ layer with external audit. Analytic methods Financial ratiosFinancial ratios at sector level/account level KPI level monitoring Structural continuity equations Monitoring at transaction level Corporate models of the main sectors of the business Early warning system

Rutgers Business School CA/CM adoption The Audit Maturity Model Traditional Emerging Maturing Continuous

Rutgers Business School CA/CM adoption Factors affect the adoption Management support – Management support is critical especially for projects requiring considered amount of budget and affecting some operational processes. – It is also necessary that the auditor has access to the systems and data of each auditee (Handscombe 2007). Such access requires management approval. – The audit-aid technology implementation is initiated and supported by the head of the internal audit department or higher level management. – Internal auditors do not have direct access to the data. – With the CA/CM tools, data are automatically extracted without human intervention.

Rutgers Business School CA/CM adoption Factors affect the adoption Employee knowledge – Hall and Khan (2003) posited that an adoption of new invention might be slow if a success of the implementation requires complex new skills. – Continuous auditing and continuous control monitoring relies on advance technology. – The tools and systems are varied across/within the company, so that an internal auditor needs some basic knowledge or skills for those systems, audit-aid technology and tools. – Standard training, customized training, MBA program – Prefer experienced auditors – Staff rotational program

Rutgers Business School CA/CM adoption Factors affect the adoption Perceived cost – In this context, cost is not the monetary value but the perception of the adoption cost. – Taylor and Murphy (2004) suggested that high set-up and ongoing costs could be barriers to the implementation of technology. – Searcy and Woodroof(2001): Continuous auditing is increasingly adopted because of a dramatically fallen in a cost of implementation and an availability of support technology. – Cost is not the barrier for the adoption of technology. It was not identified as a top challenge for the implementation.

Rutgers Business School CA/CM adoption Factors affect the adoption Regulation and compliance – Many of the executives are thinking of continuous auditing as one of the solutions that assist them to comply with the regulation (Handscombe 2007). – SEC (accelerate the submission of financial report), SOX 404 (internal control quality and on-time report), bank regulation – Although there is no explicit relationship between CA/CM implementation with regulation and compliance, the interviewees report that CA/CM supports SOX fulfillment. – It facilitates the review activities and reduces time allocated to SOX compliance.

Rutgers Business School CA/CM adoption Analysis 1. Most of the companies are at the foundation stage of CA/CM adoption. Contrasts with the findings and internal audit surveys previously conducted. 2.Lacking audit aid tools such as working paper management and data analysis tools. i.e. Consumer 1 3. Lack of training for Audit aid tools Consumer 1 is not successful with the ACL data analysis adoption. 4. Audit like organization

Rutgers Business School CA/CM adoption Analysis 5. IA wants to improve audit competency and technology skill set. – Bank 2 hires Big4 as a consultant to help in internal audit areas. 6. Some companies have a certain level of CA/CM technology adoption such as Hi-tech1, Hi-tech 2 and Bank 1. – External auditor can rely on internal audit work at some level. 7. With advanced auditing technology, sufficient access to data is facilitated; for instance, the continuous monitoring system of Bank 1 and the audit tools of Hi-tech 1. – Analyze data in various dimensions and at a deeper level

Rutgers Business School CA/CM adoption Conclusion Several companies have implemented some advanced audit technologies, however, none of them really has continuous auditing. Most of them are ranked between stage 1, traditional audit, and stage 2, emerging. There is opportunity for development in the future.