Continuous auditing
Encyclopedia
Continuous auditing is the independent application of automated tools to provide assurance
on financial, compliance
, strategic and operational data within a company. Continuous auditing uses a set of tools to assure the internal control
system is functioning to prevent fraud
, errors and waste. The “continuous” aspect of continuous auditing and reporting refers to the near real-time capability for financial information to be checked and shared. Not only does it indicate that the integrity of information can be evaluated at any given point of time, it also means that the information is verified constantly for errors, fraud and inefficiencies.
Each instance of continuous auditing has its own pulse. The internal management chooses for evaluation depends on the frequency of updates within the accounting information systems. Analysis of the data may be performed hourly, daily, weekly, monthly, etc. depending on the application.
Non-financial aspects of continuous auditing might encompass an ongoing assessment program to determine the state of security control effectiveness as a result of changes in an organization's information systems or its environment of operation. Large changes to an organization's security and network infrastructure profile should trigger near real-time monitored events.
(ERP) system with a model.
Level 1: Analytical Review
Level 2: Some accounts monitored daily
Level 3: Detailed monitoring of accounts/exceptions
.
Continuous reporting is a point of constant debate. Some parties, including analysts and investors, are interested in knowing how a company is doing at a given point in time. They argue that near real-time information would provide them with the ability to take advantage of important business moves as they happen. However, opponents are skeptical of how the raw information can be useful and fear information overload, or that there would be too much irrelevant information out there. Additionally, some companies are fearful that continuously reported financial information would give away important strategic moves and undermine competitive advantage.
facilitates the development of continuous auditing modules by providing a way for systems to understand the meaning of tagged data. Proper use of XBRL assures that relevant data gathered from multiple sources is easily comparable and analyzable. XBRL is a derivative of the XML
file format, which tags data with contextual and hierarchical information. It is expected that many enterprise resource planning
systems will provide data in the XBRL-GL
format to facilitate machine readability.
, to allow traditional auditors to run audit-specific analyses as they conduct the periodic audit. Continuous auditing, on the other hand, involves advanced analytical tools that automate a majority of the auditing plan. Where auditors manually extract data and run their own analyses in computer-aided auditing during the course of their traditional audit, high-powered servers automatically extract and analyze data at specified intervals as a part of continuous auditing.
- The first model of continuous auditing was developed to evaluate the billing system within the company.
Itau Unibanco - Continuous auditing allows management to assess the performance and compliance of individual branches.
NEMEA - Advanced continuous auditing software intuitively compiles responses across all departments, tracks high-risk areas, then documents and provides standardized regulatory compliance reports to internal and external auditors.
Hospital Corporation of America
-
Hewlett-Packard
-
Procter & Gamble
- Analytics are used to enable advanced automation and remote auditing.
Siemens
- Advanced continuous monitoring of internal controls and access to IT systems.
Assurance services
Assurance service is an independent professional service, typically provided by CPAs, with the goal of improving the information or the context of the information so that decision makers can make more informed, and presumably better decisions...
on financial, compliance
Regulatory compliance
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and...
, strategic and operational data within a company. Continuous auditing uses a set of tools to assure the internal control
Internal control
In accounting and auditing, internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's...
system is functioning to prevent fraud
Fraud
In criminal law, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation...
, errors and waste. The “continuous” aspect of continuous auditing and reporting refers to the near real-time capability for financial information to be checked and shared. Not only does it indicate that the integrity of information can be evaluated at any given point of time, it also means that the information is verified constantly for errors, fraud and inefficiencies.
Each instance of continuous auditing has its own pulse. The internal management chooses for evaluation depends on the frequency of updates within the accounting information systems. Analysis of the data may be performed hourly, daily, weekly, monthly, etc. depending on the application.
Non-financial aspects of continuous auditing might encompass an ongoing assessment program to determine the state of security control effectiveness as a result of changes in an organization's information systems or its environment of operation. Large changes to an organization's security and network infrastructure profile should trigger near real-time monitored events.
History of continuous auditing
The first application of continuous auditing was developed at AT&T Bell Laboratories in 1989. Known as a continuous process auditing system (CPAS), the system developed by Vasarhelyi and Halper provided measurement, monitoring, and analysis of the company's billing information. Here key concepts such as metrics, analytics, and alarms pertaining to financial information were also introduced.Components of continuous auditing
Continuous auditing is made up of two main parts: continuous data assurance (CDA) and continuous controls monitoring (CCM).Continuous Data Assurance
A concern with continuous auditing is that the financial information is correct.Continuous Controls Monitoring
Monitoring is measuring, or comparing settings in an enterprise resource planningEnterprise resource planning
Enterprise resource planning systems integrate internal and external management information across an entire organization, embracing finance/accounting, manufacturing, sales and service, customer relationship management, etc. ERP systems automate this activity with an integrated software application...
(ERP) system with a model.
Level 1: Analytical Review
Level 2: Some accounts monitored daily
Level 3: Detailed monitoring of accounts/exceptions
Black Box Logging
A black box log file is a read-only, third-party controlled record of the actions of auditors. The objective of black box logging is to protect a continuous auditing system against auditor and management benchmarks.Continuous Reporting
Continuous reporting is the release of financial and non-financial information also on a near real-time basis. The purpose of continuous reporting is to allow external parties access to information as event take place, rather than waiting for the end of period reports. The adoption of XBRL by companies makes the release of this information more feasible. Continuous reporting also benefits users under Regulation Fair DisclosureRegulation Fair Disclosure
Regulation Fair Disclosure, also commonly referred to as Regulation FD or Reg FD, is a regulation that was promulgated by the U.S. Securities and Exchange Commission in August 2000...
.
Continuous reporting is a point of constant debate. Some parties, including analysts and investors, are interested in knowing how a company is doing at a given point in time. They argue that near real-time information would provide them with the ability to take advantage of important business moves as they happen. However, opponents are skeptical of how the raw information can be useful and fear information overload, or that there would be too much irrelevant information out there. Additionally, some companies are fearful that continuously reported financial information would give away important strategic moves and undermine competitive advantage.
Demand
Demand for continuous auditing has come from a variety of sources, primarily user-driven requirements. External disclosure, internal drivers, laws and regulation, and technology all play important roles in pushing up demand.External disclosure
More frequent disclosure will drive the nature of the audit process. This increase improves the quality of earnings while reducing manager aggressiveness and decreasing stock market volatility.Internal drivers
As companies have become more integrated within their own departments and with other companies, such as suppliers and retailers, a desire for data integrity throughout the electronic data exchange process is also driving demand for continuous auditingLaws and regulation
In Laws and regulation all those activities and ways by which a company followed in order to achieve a specific goal. By these laws and regulation company comenced for continuous auditing.XBRL
XBRLXBRL
XBRL is a freely available, market-driven, open, and global standard for exchanging business information. XBRL allows information modeling and the expression of semantic meaning commonly required in business reporting. XBRL is XML-based...
facilitates the development of continuous auditing modules by providing a way for systems to understand the meaning of tagged data. Proper use of XBRL assures that relevant data gathered from multiple sources is easily comparable and analyzable. XBRL is a derivative of the XML
XML
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....
file format, which tags data with contextual and hierarchical information. It is expected that many enterprise resource planning
Enterprise resource planning
Enterprise resource planning systems integrate internal and external management information across an entire organization, embracing finance/accounting, manufacturing, sales and service, customer relationship management, etc. ERP systems automate this activity with an integrated software application...
systems will provide data in the XBRL-GL
XBRL GL
XBRL GL international, is an organisational section of XBRL that makes the international XBRL GL EDI standard for electronic accounting and financial report documents in XML format....
format to facilitate machine readability.
Security
Because of the nature of the information passing through continuous auditing systems, security and privacy issues are also being addressed. Data assurance techniques, as well as access control mechanisms and policies are being implemented into CA systems to prevent unauthorized access and manipulation, and CCM can help test these controls.Comparison to Computer-Aided Auditing
Continuous auditing is often confused with computer-aided auditing. The purpose and scope of the two techniques, however, are quite different. Computer-aided auditing employs end user technology including spreadsheet software, such as Microsoft ExcelMicrosoft Excel
Microsoft Excel is a proprietary commercial spreadsheet application written and distributed by Microsoft for Microsoft Windows and Mac OS X. It features calculation, graphing tools, pivot tables, and a macro programming language called Visual Basic for Applications...
, to allow traditional auditors to run audit-specific analyses as they conduct the periodic audit. Continuous auditing, on the other hand, involves advanced analytical tools that automate a majority of the auditing plan. Where auditors manually extract data and run their own analyses in computer-aided auditing during the course of their traditional audit, high-powered servers automatically extract and analyze data at specified intervals as a part of continuous auditing.
Continuous Auditing in Action
AT&T Bell LaboratoriesAT&T Labs
AT&T Labs, Inc. is the research & development division of AT&T, where scientists and engineers work to understand and advance innovative technologies relevant to networking, communications, and information. Over 1800 employees work in six locations: Florham Park, NJ; Middletown, NJ; Austin, TX;...
- The first model of continuous auditing was developed to evaluate the billing system within the company.
Itau Unibanco - Continuous auditing allows management to assess the performance and compliance of individual branches.
NEMEA - Advanced continuous auditing software intuitively compiles responses across all departments, tracks high-risk areas, then documents and provides standardized regulatory compliance reports to internal and external auditors.
Hospital Corporation of America
Hospital Corporation of America
Hospital Corporation of America is the largest private operator of health care facilities in the world, It is based in Nashville, Tennessee and is widely considered to be the single largest factor in making that city a hotspot for healthcare enterprise.-History:The founders of HCA include Jack C....
-
Hewlett-Packard
Hewlett-Packard
Hewlett-Packard Company or HP is an American multinational information technology corporation headquartered in Palo Alto, California, USA that provides products, technologies, softwares, solutions and services to consumers, small- and medium-sized businesses and large enterprises, including...
-
Procter & Gamble
Procter & Gamble
Procter & Gamble is a Fortune 500 American multinational corporation headquartered in downtown Cincinnati, Ohio and manufactures a wide range of consumer goods....
- Analytics are used to enable advanced automation and remote auditing.
Siemens
Siemens
Siemens may refer toSiemens, a German family name carried by generations of telecommunications industrialists, including:* Werner von Siemens , inventor, founder of Siemens AG...
- Advanced continuous monitoring of internal controls and access to IT systems.