Continuous Auditing in Big Data Computing Environments: Towards an Integrated Audit Approach by Using CAATTs



Similar documents
Continuous Auditing in Big Data Computing Environments: Towards an Integrated Audit Approach by Using CAATTs

Contents. xv xvii xxi. Case Studies Preface Acknowledgments

Impact of Computer-Assisted Audit Techniques on Sarbanes-Oxley Act Sections 404 and 409. Scarlett Choi ACC 626

The Impact of Information Technology on the Audit Process

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

INTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT CONTENTS

Continuous auditing: the audit of the future

Learning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.

The Relationships between Computer Auditing Activity and. Performance

Using COSO Small Business Guidance for Assessing Internal Financial Controls

INFORMATION SYSTEM AUDITING AND ASSURANCE

Module 2 IS Assurance Services

North Highland Data and Analytics. Data Governance Considerations for Big Data Analytics

Certified Information Systems Auditor (CISA)

Page 1 of 5. (Modules, Subjects) SENG DSYS PSYS KMS ADB INS IAT

International Journal of Engineering Research ISSN: & Management Technology November-2015 Volume 2, Issue-6

The Information Systems Audit

GENERALIZED AUDIT SOFTWARE

IT Enabled System : Opportunities & Challenges for Assurance Professionals

Process-Family-Points

Key Evolutions of ERP

Transformation: Corporate Development and IT

3SL. Requirements Definition and Management Using Cradle

Advanced Financial Accounting. Winter Term 2014/2015

Customer Intimacy Analytics

Internal Auditing & Controls. Examination phase of the internal audit Module 5. Course Name: Internal Auditing & Controls

Module 6. Business Application Software Audit

1/21/2014. Agenda. Audit Testing. The Basics of Internal Auditing January 23-24, 2014

11 Tips to make the requirements definition process more effective and results more usable

IT Support through CAATTs - Systematic Requirements Analysis and Design for Process Audit

Control Matters. Computer Auditing. (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising)

Understanding Data and Information Systems for Recordkeeping. by Philip C. Bantin

Implementing COBIT based Process Assessment Model for Evaluating IT Controls

The Importance of IT Controls to Sarbanes-Oxley Compliance

Training Management System for Aircraft Engineering: indexing and retrieval of Corporate Learning Object

Toward Effective Big Data Analysis in Continuous Auditing. By Juan Zhang, Xiongsheng Yang, and Deniz Appelbaum

Requirements Traceability. Mirka Palo

Executive's Guide to

Internal Control Deliverables. For. System Development Projects

One Continuous Auditing Practice in China: Data-oriented Online Auditing(DOOA)

Prof. Dr. Nick Gehrke Alexander Rühle

INDEPENDENT VERIFICATION AND VALIDATION OF EMBEDDED SOFTWARE

A Risk-Adjusted Operating Model for Insurers: Addressing Regulatory and Market Demands

Effectively Assessing IT General Controls

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Audit Program for Prepaid Expenses and Other Assets

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

IndustrialIT System 800xA Engineering

Streamline Financial Consolidation and Reporting for a Faster Close

Data Analytics Working Group Update

Recommendation for IT Governance Using the COBIT 4.1 Framework

4 Testing General and Automated Controls

auditing in a computer-based

ELEVENTH EDITION. Brigham Young University. Arizona State University. Pearson Education International

FACULTY OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY AUTUMN 2016 BACHELOR COURSES

Overall Audit Plan and Audit Program. I. Introduction Chapter is primarily review and integration of the audit framework.

An Auditor s Guide to Data Analytics

Data Analytics Working Group Update

Increasing the Productivity and Efficiency of Business Transactions with Microsoft Business Solutions Navision Intercompany Postings

Information Technology Auditing for Non-IT Specialist

Preparation for Distributed Development and Outsourcing

Openbravo Services for Partners

Patterns of Information Management

Application of software tools during audits. Ing. Martin Lejsal September 2011

University of Central Florida Class Specification Administrative and Professional. IT ERP Business Analyst Senior

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

In recent years, information technology (IT) used by firms,

Reading Materials: Required Text Book: Hall, J. & Singleton, T. Information Technology Auditing and Assurance, 4th Edition.

Towards Collaborative Requirements Engineering Tool for ERP product customization

The CMDB at the Center of the Universe

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA

Feature. Multiagent Model for System User Access Rights Audit

3. Current Auditing Computerized Tools

How To Achieve Continuous Delivery

Phlexglobal Whitepaper

How To Improve Your Business

Customer Insight Appliance. Enabling retailers to understand and serve their customer

What Should IS Majors Know About Regulatory Compliance?

ORACLE HYPERION DATA RELATIONSHIP MANAGEMENT

Big Data: Impact, Benefits, Risk and Governance

A Reference Architecture for Self-organizing Service-oriented Computing

2 (18) - SOFTWARE ARCHITECTURE Service Oriented Architecture - Sven Arne Andreasson - Computer Science and Engineering.

System Software Product Line

Office of the Chief Information Officer

Domain 1 The Process of Auditing Information Systems

Chapter 11. Managing Knowledge

Supporting Workflow Overview. CSC532 Fall06

REPORT 2015/112 INTERNAL AUDIT DIVISION

Feature. A Framework for Estimating ROI of Automated Internal Controls. Do you have something to say about this article?

Privacy & Security Requirements: from EHRs to PHRs

Transcription:

Continuous Auditing in Big Data Computing Environments: Towards an Integrated Audit Approach by Using CAATTs Andreas Kiesow, Novica Zarvić, Oliver Thomas Stuttgart, 23.09.2014 Management komplexer IT-Systeme und Anwendungen (MITA) 2014

Agenda Introduction Theoretical Background Research Approach Results Discussion Conclusion & Outlook 2

Introduction Impact of the Big Data paradigm on Financial Audit: The Big Data Computing Environment (BDCE) Enterprise Accounting Transactions Assessment Accounting Processes Accounting Information Systems (AIS) Control Environment Financial Statements Certification Computer-Assisted Audit Tools Audit Transaction Level and Techniques (CAATTs) True and Fair View? 3

Introduction Impact of the Big Data paradigm on Financial Audit: The Big Data Computing Environment (BDCE) Volume: Complexity and Risk Enterprise Audit Accounting Transactions Variety: increasing complexity and complicate the ex post traceability of data source Assessment Velocity: Limitations of manual, Transaction annual audit with Level historic data Accounting Processes Veracity: Completeness and Accounting Information Accuracy, Systems data (AIS) privacy and Control information Environment security Computer-Assisted Audit Tools and Techniques (CAATTs) Financial Statements Certification Big Data Analytics: fraud detection, risk-assessment True and Fair View? 4

Introduction Impact of the Big Data paradigm on Financial Audit: The Big Data Computing Environment (BDCE) Enterprise Accounting Transactions Assessment Accounting Processes Accounting Information Systems (AIS) Control Environment Continuous Auditing Financial Statements Certification Computer-Assisted Audit Tools Audit Transaction Level and Techniques (CAATTs) True and Fair View? 5

Introduction The overall goal: Realization of Continuous Auditing (CA) Scope of this paper: Analysis of established types of CAATTs in terms to their support of the IT auditor to conduct a proper examination of financial statements in a BDCE 6

Theoretical Background: CAATTs Computer-Assisted Audit Tools and Techniques (CAATTS) are tools and techniques used to examine directly the internal logic of an application as well as the tools and techniques used to draw indirectly inferences upon an application's logic by examining the data processed by the application (Hall, 2010) Types of CAATTs Test Data (TD) Integrated Test Facility (ITF) Parallel Simulation (PS) Embedded Audit Module, System Control and Audit Review Files (EAM/ SCARF) Generalized Audit Software (GAS) Snapshot Method (tagging and tracing) Description Fictitious, auditor-prepared data, which will be processed by the audited systems. The evaluation bases on a comparison between the results of the test data and the auditor s expectations. The processing within the audited systems is a black box. Processing of Test Data in separated areas or modules within the audited system. The results of the internal system controls are visible for the auditor. Auditor-developed application, which is completely separated from the client s systems. The results of processing real data are compared with the results of the client s systems. Auditor-developed module which is implemented within a client s system. EAM evaluates real data by predefined criteria while it is processed. Results of EAM evaluations can be written into a SCARF, which is send to the auditors for further examination Auditor-developed and self-contained applications, which evaluate extracted real data and analyze them, regarding predefined criteria. Selection and marking of accounting transactions and monitoring their processing within the AIS. After every step, a snapshot is created and analyzed. Typology of CAATTs (Braun & Davis, 2003; Rittenberg et al., 2009) 7

Research Approach Design Science (March, Smith 1995 & Hevner et al. 2004) Diffusion Analysis Requirements Analysis (Kiesow et al. 2014) Conceptual Architecture (Scope of this Paper) Evaluation Design Iterative Research Approach (Österle et al., 2011) 8

Results: Investigating Existing Audit Tools and Techniques Assessment: Applicability of CAATTs for the Dimensions of Big Data based on literature and own considerations 9

Results: Conceptual IT Architecture The combination of Embedded Audit Modules (EAM), Test Data, General Audit Software (GAS) enables basically the adoption of Big Data Audit Cockpit enables permanent monitoring of the control environment 10

Discussion: Informed Argument Assessment according to the Typology of Audit (Marten et al., 2007) No. Dimension 1 Risk-oriented Audit 2 Direct Audit 3 System Audit, Goal-oriented Audit 4 Transaction Audit 5 Basic Population Audit 6 Progressive Audit and Retrograde Audit 7 Formal Audit 8 Computer-assisted Audit 9.1 Continuous Audit 9.2 On-site Audit and Off-site Audit 9.3 Announced Audit and Unannounced Audit 11

Discussion: Limitations Technical realization of the approach requires the implementation of manifold interfaces Reorganization of the processes Controls and data flows have to be carved out and analyzed Approach is not able to cover manual controls Reduction of system performance Code modifications Long-term solution, strategic planning/management decisions 12

Conclusion & Outlook Conclusion The design of appropriate audit solutions for BDCE is of increasing importance Continuous Auditing (CA) gains in importance due to the evolution of (A)IS CA has to be realized by computer-assisted audit tools and techniques (CAATTs) The tools and techniques to handle and use Big Data are already in place Audit Solution can build on the combination of different techniques Realization and Implementation is a recognized technical challenge and related with high costs Outlook Prototyping Stronger Evaluation (in practical environment) Organizational requirements, internal controls, IT framework (e.g. COSO, COBIT) 13

Questions & Comments Thank you for your attention. Questions and Comments? Andreas Kiesow, CISA Information Management and Information Systems Osnabrück University, Germany andreas.kiesow@uni-osnabrueck.de 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information