Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
9 views39 pages

Chapter 5 Lecture

Uploaded by

John Mcaulay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views39 pages

Chapter 5 Lecture

Uploaded by

John Mcaulay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 39

Chapter  

5:  The  Modern  
Audit  and  ConAnuous  
AudiAng
Brandon  Lock,  Ph.D.
Baruch  College,  CUNY
Where  we  are  now
2.  Data  
1.  Data   3.  Modeling   4.  
PreparaAon  
AnalyAcs and  EvaluaAon VisualizaAon
and  Cleaning

7.  Key   8.  Financial  
5.  The  Modern   6.  Audit  
Performance   Statement  
Audit AnalyAcs
Indicators AnalyAcs
Learning  ObjecAves
1.  Understand  how  auditors  use  data  analyAcs
2.  Understand  how  audit  data  is  stored  and  the  importance  of  audit  data  standards
3.  Understand  how  data  analyAcs  relates  to  audit  plans
4.  Learn  to  evaluate  audit  alarms  as  part  of  conAnuous  audiAng  
5.  Understand  working  paper  plaZorms  
Q:  Why  are  auditors  
important  to  financial  
markets?
The  Modern  Audit
Assurance  services  are  crucial  to  
building  trust  in  financial  markets.  
Increasing  global  regulaAon  means  
auditors  must  provide  enhanced  
assurance  which  increases  audit  
coverage  and  efficiency.
Q:  How  might  data  
analyAcs  be  useful  in  
audiAng?
Data  AnalyAcs  are  effecAve  for  
evaluaAng  risk  and  helping  clients  
understand  their  businesses.  
Before,  an  external  auditor  may  have  
looked  at  samples  and  gathered  
evidence  to  make  inferences.  Now  
analyAcs  allow  full  populaAon  tesAng  
and  deep  insight  into  processes  and  
controls.
Internal  auditors  apply  analyAcs  in  their  
focus  on  operaAonal  inefficiencies  and  
internal  controls.
Data  AnalyAcs  in  AudiAng  Examples
• Examining  inventory  turnover  can  help  to  idenAfy  obsolete  
inventory  

• CompuAng  working  capital  can  help  to  evaluate  liquidity

• For  internal  auditors,  evaluaAng  cost  variances  can  help  


idenAfy  operaAonal  inefficiencies  or  unfavorable  contracts  
with  suppliers
AnalyAcs  aids  many  different  types  of  audits:  
 
1.  Process  efficiency  and  effecAveness.  
2.  Governance,  risk,  and  compliance  (GRC)  
including  internal  controls  effecAveness.  
3.  InformaAon  technology  and  informaAon  
systems  audits.  
4.  Forensic  audits  in  the  case  of  fraud.  
5.  Support  for  the  financial  statement  audit.
What  does  audiAng  
data  look  like?
Data  is  pulled  from  Enterprise  Resource  
Planning  (ERP)  systems  and  stored  in  
data  warehouses  for  analysis.
Firm  data  stored  
in  homogeneous  
ERP  systems  is  
easier  to  work  
with  because  the  
locaAon  of  key  
data  is  known.
Exhibit  5-­‐2  Homogeneous  Systems
Firm  data  in  
heterogeneous  ERP  
systems  requires  a  
systems  translaAon  
engine  and  mapping  
and  is  usually  the  
result  of  acquisiAons.
Exhibit  5-­‐2  Heterogeneous  Systems
In  either  case,  firm  data  may  require  a  
translaAon  engine  to  map  fields  to  a  
common  data  model,  such  as  the  
AICPA’s  Audit  Data  Standards.
The  Audit  Data  Standards  idenAfy  common  
tables  and  fields  needed  for  audit  analyAcs.
The  current  set  of  standards  includes:
§  Base  –  master  data  and  formats
§  General  Ledger  –  chart  of  accounts  and  GL  detail
§  Order  to  Cash  Subledger  –  orders  and  receivables  from  customers
§  Procure  to  Pay  Subledger  –  purchases  and  payments  to  suppliers
§  Inventory  Subledger  –  inventory  counts,  locaAon,  etc.
Exhibit  5-­‐3
Q.  What  are  the  advantages  of  the  use  
of  homogeneous  systems?  Would  a  
merger  target  be  more  ajracAve  if  it  
used  a  similar  financial  reporAng  system  
as  the  potenAal  parent  company?
How  do  we  automate  
the  audit  plan?
The  standardized  audit  plan  idenAfies  
the  methodology,  scope,  risk,  
procedures,  and  evaluaAon  performed  
by  auditors.  
An  audit  plan  consists  of  one  or  more  of  
the  following  elements:
• A  methodology  that  directs  audit  work
• The  scope  of  the  audit,  defining  the  Ame  period,  level  of  materiality,  
and  expected  Ame  for  the  audit
• PotenAal  risk  within  the  area  being  audited
• Procedures  and  specific  tasks  that  the  audit  team  will  execute  to  collect  
and  analyze  evidence,  e.g.,  tests  of  controls  and  substanAve  tests  of  
transacAon  details
• Formal  evaluaAon  by  the  auditor  and  supervisors.
Data  AnalyAcs  and  Audit  Plans
• Data  analyAcs  may  be  used  to  analyze  the  compliance  of  the  
methodology  with  standards  (e.g.,  PCAOB  audit  standards  or  the  COSO  
internal  control  framework)
• Data  analyAcs  can  be  applied  to  a  client’s  data  to  idenAfy  which  audit  
areas  to  focus  on.  This  may  include  outlier  detecAon  or  other  
substanAve  tests  of  suspicious  or  risky  transacAons
• The  evaluaAon  of  audit  data  may  be  disAlled  into  a  risk  score  that  
accounts  for  the  number  of  excepAonal  records  and  the  exposure  for  a  
funcAonal  area
• Machine  learning  can  be  used  to  help  auditors  idenAfy  risky  
transacAons  and  create  risk  scores
Example: Augmenting financial anomaly
detection with machine learning

Domain expertise Statistical Machine Cross


business rules methods Learning correlation

MindBridge‘s Standard tests Benford’s law, Expert Score, Correcting Controls


Outlier detection
Ai Auditor Advanced tests Statistical Reinforced combining methods
Completeness checks Variance Learning
How  do  we  evaluate  
audit  excepAons?
Data  AnalyAcs  and  audit  automaAon  
allows  auditors  to  con$nuously  monitor  
systems  and  processes.
ConAnuous  audiAng  is  a  method  used  to  
perform  control  and  risk  assessments  
automaAcally  to  provide  real-­‐Ame  
assurance  over  business  processes.  This  
provides  increased  coverage  and  
Ameliness  of  audit  procedures.  
ConAnuous  monitoring  evaluates  
controls  and  transacAons  and  is  
primarily  used  by  management  to  show  
effecAveness  of  internal  controls.
ConAnuous  reporAng  provides  the  
status  of  the  audit  procedures  and  
output  of  the  informaAon  systems.
Alarms  and  ExcepAons
When  a  conAnuous  audiAng  rule  is  violated,  an  excepAon  occurs  which  
generates  an  alarm.

Auditors  evaluate  excepAons  to  determine  whether  the  event  is  


problemaAc  (true  posiAve)  or  normal  (false  posiAve).  

When  too  many  alarms  are  false  posiAve,  auditors  face  informa$on  
overload,  which  could  distract  them  from  adequately  evaluaAng  the  
system.

Audit  parameters  are  set  to  balance  the  amount  of  false  posiAve  
excepAons  and  limit  the  amount  of  alarms  generated.
With  respect  to  audiAng,  what  is  more  
harmful,  a  false  posiAve  or  false  
negaAve?
What  goes  into  audit  
working  papers?
Audit  working  papers  provide  
documentaAon  for  the  procedures  that  
auditors  follow,  evidence  they  collect,  
and  communicaAon  with  the  audit  
client.
Working  Papers  and  Data  AnalyAcs
Working  papers  should  include  the  following,  with  respect  to  
data  analyAcs:
• DocumentaAon  for  audit  procedures  used  to  collect,  
manipulate,  model,  and  evaluate  data
• IT  documentaAon  and  flowcharts  that  provide  system  
understanding
• Database  maps  (e.g.,  UML  diagrams)  and  data  dicAonaries
• DocumentaAon  about  exisAng  automated  controls
• Audit  evidence,  including  data  extracts  and  model  outputs  
that  provide  support  for  controls  and  management  asserAons
Remote  Audit  Work
 
Electronic  working  paper  plaZorms  automate  the  collecAon  of  evidence  
and  enable  online  sharing  through  the  cloud.  

 
CollaboraAon  tools  and  cloud  plaZorms  enable  auditors  to  work  together  
from  remote  locaAons  and  to  include  team  members  with  a  variety  of  
experAse  such  as  specialists.  
Q.  PwC  uses  three  systems  to  automate  its  audit  
process.  Aura  is  used  to  direct  the  audit  by  
idenAfying  which  evidence  to  collect  and  analyze,  
Halo  performs  Data  AnalyAcs  on  the  collected  
evidence,  and  Connect  provides  the  workflow  
process  that  allows  managers  and  partners  to  
review  and  sign  off  on  the  work.  How  does  that  
line  up  with  the  steps  of  the  IMPACT  model  we’ve  
discussed  throughout  the  text?
Summary
• Data  AnalyAcs  has  improved  internal  and  external  auditors’  ability  to  
assess  risk  and  improve  assurance  over  the  processes  and  controls  in  
organizaAons
• Firm  data  can  be  pulled  from  either  homogenous  or  heterogenous  ERP  
systems  and  stored  in  data  warehouses  for  analysis.
• The  Audit  Data  Standards  idenAfy  common  tables  and  fields  needed  for  
audit  analyAcs.
• The  standardized  audit  plan  idenAfies  the  methodology,  scope,  risk,  
procedures,  and  evaluaAon  performed  by  auditors.  
• ConAnuous  audiAng,  electronic  working  papers  and  enhanced  
collaboraAon  tools  all  enable  the  modern  audit.

You might also like