Panel Discussion on Continuous Auditing November 3, 2006 Paul Penler, Executive Director Ernst & Young LLP November 3, 2006 Paul Penler, Executive Director Ernst & Young LLP

Thoughts Around Continuous Auditing Challenges Approaches Audit Areas and Enabling Technologies Challenges Approaches Audit Areas and Enabling Technologies

Challenges to Historical Continuous Auditing Model Benefits unclear No “burning platform” High cost Lack of competing products Industry leaders are not pushing the process Benefits unclear No “burning platform” High cost Lack of competing products Industry leaders are not pushing the process F No “Silver Bullet” F Data capture unsolved F Infinite variety of client IT systems F Data mapping is time intensive F Volumes of transaction data make deployment difficult F Companies, and their stakeholders, are not demanding F Current focus is on eCommerce F Company assistance is critical F Routine changes to IT Systems F Concerned about security & confidentially F Customization required F Auditing standards limit opportunities F Less than 50% of audit hours relate to substantive tests F Analytics not persuasive F Industry specific analytics need further development F Benefits to control testing is not clear Cost / Benefit Companies TechnologyStandards

Alternative to Historical Model: - Continuous Monitoring by Companies Clients’ develop/implement Continuous Monitoring Systems Client’s rely on and test Continuous Monitoring Systems Auditors evaluate, test and rely on client’s Continuous Monitoring System(s) Clients’ develop/implement Continuous Monitoring Systems Client’s rely on and test Continuous Monitoring Systems Auditors evaluate, test and rely on client’s Continuous Monitoring System(s)

Possible Audit and Technology Areas Audit Areas Risk Identification Fraud Detection JE Data Analysis Subledger Data Analysis Confirmations System Evaluations Assurance Beyond F/Ss –Internal Controls/404 –XBRL Audit Areas Risk Identification Fraud Detection JE Data Analysis Subledger Data Analysis Confirmations System Evaluations Assurance Beyond F/Ss –Internal Controls/404 –XBRL Technologies XBRL Web and Web Services Pattern Recognition ERP Systems Enabling Business Rules Data Capture Automation