Michael Alles

Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens ☆

In this paper we report on the approach we have developed and the lessons we have learned in an implementation of the monitoring and control layer for continuous monitoring of business process controls (CMBPC) in the US internal IT audit department of Siemens Corporation. The architecture developed by us implements a completely independent CMBPC system running on top of Siemens’ own enterprise information system which has read-only interaction with the application tier of the enterprise system. Among our key conclusions is that “formalizability” of audit procedures and audit judgment is grossly underestimated. Additionally, while cost savings and expedience force the implementation to closely follow the existing and approved internal audit program, a certain level of reengineering of audit processes is inevitable due to the necessity to separate formalizable and non-formalizable parts of the program. Our study identifies the management of audit alarms and the prevention of the alarm floods as critical tasks in the CMBPC implementation process. We develop an approach to solving these problems utilizing the hierarchical structure of alarms and the role-based approach to assigning alarm destinations. We also discuss the content of the audit trail of CMBPC.

Putting Continuous Auditing Theory into Practice: Lessons from Two Pilot Implementations

ABSTRACT: In the almost twenty years since Vasarhelyi and Halper (1991) reported on their pioneering implementation of what has come to be known as Continuous Auditing (CA), the concept has increasingly moved from theory into practice. A 2006 survey by PricewaterhouseCoopers shows that half of all responding firms use some sort of CA techniques, and the majority of the rest plan to do so in the near future. CA not only has an increasing impact on auditing practice, but is also one of the rare instances in which such a significant change was led by the researchers. In this paper we survey the state of CA after two decades of research into continuous auditing theory and practice, and draw out the lessons learned by us in recent pilot CA projects at two major firms, to examine where this unique partnership between academics and auditors will take CA in the future.

The acceptance and adoption of continuous auditing by internal auditors: A micro analysis

The umbrella of “advanced technology” covers a range of techniques widely used in the U.S. to provide strategic advantage in a very competitive business environment. There is an enormous amount of information contained within current-generation information systems, some of which is processed on a real-time basis. More importantly, the same holds true for actual business transactions. Having accurate and reliable information is vital and advantageous to businesses, especially in the wake of the recent recession. Therefore, the need for ongoing, timely assurance of information utilizing continuous auditing (CA) and continuous control monitoring (CM) methodologies is becoming more apparent. To that end, we have conducted interviews with 22 internal audit managers and 16 internal audit staff members at 9 leading internal audit organizations to examine the status of technology adoption, to evaluate the development of continuous auditing, and to assess the use of continuous control monitoring. We found that several companies in our study were already involved in some form of continuous auditing or control monitoring while others are attempting to adopt more advanced audit technologies. We also made a large number of surprising observations on managerial, technology training and absorption, and other issues. According to our audit maturity model, all of the companies were classified between the “traditional audit” stage and the “emerging stage,” not having yet reached the “continuous audit” stage. This paper,11This paper is one output of a research program undertaken between the Continuous Auditing and Research Laboratory (CARLAB) at Rutgers Business School and KPMG, whose aim was to obtain a 360-degree view of the state of the art of CA, encompassing its use by both external and internal auditors. The authors are appreciative for the comments received in many presentations and in particular to Prof. Alexander Kogans suggestions. to our knowledge, is the first to study CA technology adoption in a micro level by an interview approach.

The case for process mining in auditing: Sources of value added and areas of application

Process mining aims to extract knowledge from the event logs maintained by a companys ERP system. The objective of this paper is to make the case for why internal and external auditors should leverage the capabilities process mining offers to rethink how auditing is carried out. We do so by identifying the sources of value added of process mining when applied to auditing, which are as follows: 1. process mining analyzes the entire population of data and not just a sample; 2. critically that data consists of meta-data—data entered independently of the actions of auditee—and not just data entered by the auditee; 3. process mining allows the auditor to have a more effective way of implementing the audit risk model by providing effective ways of conducting the required walkthroughs of processes and conducting analytic procedures; 4. process mining allows the auditor to conduct analyses not possible with existing audit tools, such as discovering the ways in which business processes are actually being carried out in practice, and to identify social relationships between individuals. It is our argument that these sources of value have not been fully understood in the process mining literature, which has focused on developing it as a statistical methodology rather than on applying it to audit practice. Only when auditors and audit researchers appreciate what is new and unique about process mining will its acceptance in auditing practice become feasible.

Will XBRL improve corporate governance?: A framework for enhancing governance decision making using interactive data ☆ .

In this paper we first develop a framework for understanding how tagged data can be used to change the way in which decisions affecting governance are made. Ultimately data, however it is formatted, is simply a means towards an end and it provides no value added unless different decisions are made as a result of its availability. We use Elliotts (1998) model of decision making and apply it to the governance area to serve as a framework for an investigation of precisely how XBRL will provide value added. We then analyze the current specifications of XBRL, both its taxonomies and the way in which tagged data is rendered, to answer the question of whether XBRL—as opposed to the generic concept of tagged data—takes full advantage of its potential to improve governance decision making.

Exploiting comparative advantage: A paradigm for value added research in accounting information systems

Following the lead of recent papers by Demski [Demski J. Is Accounting an Academic Discipline? Account Horiz 2007;21(2): 153–157], Fellingham [Fellingham J. Is Accounting an Academic Discipline? Account Horiz 2007;21(2): 159–163] and Hopwood [Hopwood A. Whither Accounting Research? Account Rev 2007;82(5): 1365–1374] which questioned the direction and value added of non-AIS accounting research, we discuss the state of research in Accounting Information Systems. AIS researchers face a significant hurdle in undertaking value added research given that the financial and human resources that industry devotes to research and development of AIS technology dwarf the capabilities of academic researchers. In these circumstances, we put forward a paradigm for AIS research based on the principle of comparative advantage, which is the powerful economic force that ensures that trade can take place even between parties where one has an absolute superiority over the other. It is our contention that if AIS academics are to succeed in creating value added research then they have to identify what they can do that the AIS industry, despite all its financial and human resource advantages, cannot or will not do. And what economic theory indicates is that such opportunities to add value always exist — if only academics are willing to seek them out. We illustrate our paradigm by analyzing three potential sources of comparative advantage for AIS researchers and discussing illustrative examples of research in each of these areas.

The "now" economy and the traditional accounting reporting model: Opportunities and challenges for AIS research ☆

The real time economy (RTE) can be characterized by a substantive acceleration of business measurement, assessment, and decision processes. It implies a new business model where there is reduction of intra-process and inter-process latency. The AIS research literature has failed to develop new paradigms for accounting of accelerated processes. This paper places key relevant research questions for accounting, assurance, and business information systems in the RTE.

Continuous auditing: the USA experience and considerations for its implementation in Brazil

Continuous Auditing, broadly defined as the transformation of internal and external auditing through the application of modern information technology, is being increasingly adopted by firms throughout the world. Organizations ranging from Siemens, HCA, the Royal Canadian Mounted Police, BIPOP Bank and the Internal Revenue Service are developing tools and practices that will bring assurance closer to the transaction and reduce through automation, the cost of auditing. A June 2006 PricewaterhouseCoopers survey finds that 50% of U.S. companies now use continuous auditing techniques and 31% percent of the rest have already made plans to follow suit. In this article we introduce the concepts of CA to a Brazilian audience and discuss its further application there.

A Relative Cost Framework of Demand for External Assurance of XBRL Filings

ABSTRACT: There has been much discussion in the academic literature and in the XBRL community on the role of audit firms in providing assurance services for XBRL filings, especially now that the use of XBRL has been mandated in the United States. This paper presents the development of a framework of the demand for external assurance of XBRL filings predicated on two relative cost arguments. First, that in the absence of a mandate for XBRL filings to be assured by an external auditor, a manager will compare the cost of obtaining external assurance against the cost of obtaining confidence on the filings internally. Second, managers will be reluctant to pay more for external assurance on an XBRL filing than they paid to prepare it. The former is called the external cost relative to internal cost comparison, and the latter the external cost relative to preparation cost comparison. Based on our relative cost framework, it is predicted that there will only be a role for externally provided assurance of XBRL fil...

Collaborative design research: Lessons from continuous auditing

In this paper we discuss Collaborative Design Research – a hybrid methodology for undertaking design science research in collaboration with industry partners – that has been applied to the area of Continuous Auditing and which also has wider applicability to AIS research. Collaborative Design Research has a role at the time in the evolution of a field when early adopting practitioners have made the decision to implement an innovation, but there is as yet no established product or set of best practices that makes it obvious what they should do. We discuss eight key issues facing researchers attempting to do collaborative design research: 1) choice of implementation partner (IP), 2) choice of projects, 3) managing expectations, 4) building on the expertise of the IP, 5) introducing innovation to the IP, 6) project evaluation and reassessment, 7) cost and resource management, and 8) publishing results.