Analysis of Continuous Auditing - Research Paper Example

CONTINUOUS AUDITING Introduction Continuous auditing may be defined as an automatic method that is applied in the performance of control and risk assessment in a regular basis (Basu 56). The use of technology plays an increasingly fundamental role in conducting this exercise since it requires automation which is only possible with the constant and continuous use of the modern information and communication systems. Systems find applications here significantly because they assist in testing controls, reviewing trends and analyzing patterns within digits of critical numeric fields. The automated tools utilized in this important exercise also help in the assurance provision on data related to finance, strategic management, organizational operations and compliance. It ensures that the control systems, internal to the organization are effectively functioning. It works very strongly to reduce elements of fraud, wastes and errors that are likely to occur in the conduct of the day-to-day business activities (Hayes 67-9). It offers an almost real time capability of checking and sharing the financial information in an organization. Continuous auditing indicates clearly that the integrity of information in an organization can be evaluated at any given time successfully. It also ensures that information is constantly verified in a regular basis to ensure that this information is efficient and free of any error or fraud. This type of auditing survives as the most detailed of all the other types that are in place and organizations have recognized, acknowledge, understood and appreciated its increasingly significant place in auditing (Lerner and Cashin 333). A Brief History of Continuous Auditing Continuous auditing finds its root from AT&T Bell Laboratories way back in the year 1089. At the time, a system known as Continuous Process Auditing System was developed. This development was associated with two individuals, Halper and Vasarhelyi. These two individuals provided the company’s billing information with data related to monitoring, measurement, and analysis using the Continuous Process Auditing System. They also introduced the significant concepts of alarms, metrics and analytics concerning the financial information. Components of Continuous auditing This type of auditing is composed of two main parts namely the Continuous Data Assurance and the Continuous Controls Monitoring. The continuous data assurance is primarily concerned with auditing with the aim of ensuring that the financial data is correct and free of errors. The Continuous Controls Monitoring, on the other hand, is basically concerned with monitoring and evaluations. It ensures that the settings in Enterprise Resource Planning systems in the business enterprise are compared with a given model (Spencer 116). Black box logging is a fundamental feature of Continuous auditing. It is a read only, control of the record of the actions of the auditors by the third parties. The main reason why this box is included in this important exercise of the continuous auditing is to ensure that the system in place for the use of continuous auditing is protected against the management and auditor benchmarks (Basu 56). Another very vital element of continuous auditing is the continuous reporting which ensures that both the financial and the non financial information are constantly and continuously, in a regular basis, released on an almost real time basis. It aims to make it possible for the external parties to have access to the information as the events unfold instead of waiting for the reports at the end of the period. Many companies have adopted XBRL which enhances the feasibility of the release of the information. There are normally several interested parties and/or stakeholders of the company including the investors, suppliers, the governmental departments, the company’s external clients who may get interested in knowing how the company is progressing. Constant reporting is a key to ensuring that they obtain this information promptly and conveniently indeed. The proponents of this reporting argue that this information is critical since it confers to them the ability to take advantage of the critical information and make appropriate moves as and when events happen. The opponents of the continuous reporting, on the other hand have significant reservations to this exercise. They argue that competitors may use this information to the disadvantage of the business since they are able to know the strategic information of the business (Flint 74). This, the opponents argue is very harmful to the life of the business and is in a position to derail the performance of the company and its critical success factors. The demand for continuous auditing has its origin from a number of sources. There are different parties that have interests in the organization that may push for this auditing to be conducted on a regular basis. These sources are basically driven by the user requirements. Issues such as internal drivers, external disclosure, laws and regulations and technology are very fundamental in pushing for such demands. External disclosure is believed to be a force that drives the nature of the entire process of the audit. It is seen as contributing significantly to the increment of the quality and quantity of the company’s earnings (Hayes 67). At the same time, it limits the aggression by the managers while reducing the volatility of the stock market. The internal drivers are mainly guided by the desire to ensure the integrity of data in this information age where security threats have become very common and significant areas that must be addressed. This happens more especially with the continued integration of the company’s departments. The suppliers, retailers and even the internal clients like to have data and information that is more reliable and accurate. As such they push for this integrity. There are also established laws and regulations that govern the conduct of business in a company. The companies are subject to these regulations that are mainly put in place by the government. They have to show compliance with these regulations to avoid any possible problems with the government and other regulatory bodies. In most cases, the company, and more especially if it is a profit making one, must contribute to the running of the government by paying taxes. Continuous auditing forms a significant basis of giving the government reliable information regarding the earnings of the company. This helps to avoid a scenario whereby the company pays excess or less the amount of tax that it is supposed to pay (Porter, Hatherly, and Jon 251-2). It is therefore very necessary that companies comply with the laws and regulations and hence conduct a continuous audit so as to prevent such harmful scenarios from occurring. Technology is a very basic component of the continuous auditing process. XBRL is a significant technological feature that aids in this exercise of continuous auditing. The XBRL facilitates the process by assisting the systems to understand and comprehend the meaning of the data that is tagged. Proper use of this technique makes it possible for the data that is obtained from a variety of sources to be reliable, analyzable and comparable. It is derived from the XML file format which assures that the data is tagged with hierarchical and contextual information. Many enterprise resource planning systems provide data in this format so that the problem of machine readability is effectively addressed. Because of the increased use of technology in this process, fresh challenges arise. These are challenges of security. The nature of information that passes through the continuous auditing systems is very vital. Some of the information is very sensitive and very important for the strategic planning and the day-to –day operations of the company (Spencer 114). The use of information and communication technology systems in the contemporary society is bedeviled by issues such as unauthorized access, hacking, cracking, computer viruses and warms, referred as the malicious software. The systems used for continuous auditing are not free of these. This makes it very necessary for these security concerns to be addressed effectively and efficiently so that the data is secure and its integrity is guaranteed. Data assurance techniques, policies and access control mechanisms must therefore be put in place to reduce or eliminate such vices that seem to be a big threat to this increasingly important process (Basu 58). Continuous auditing is often confused with the computer-aided auditing. However, the scope and the techniques employed in the two types of auditing are quite different. Computer-aided auditing makes use of the end user technology which adopts the use of spreadsheets such as the Microsoft Excel. This is aimed at allowing the traditional auditors to use audit specific analysis while conducting periodic audits. On the other hand, continuous auditing makes effective use of a variety of analytical tools to automate the major part of the auditing plan. Continuous auditing therefore makes use of highly powerful servers to automatically extract and ensure the analysis of data at specified intervals while the computer-aided auditing involves a scenario where the auditors manually do the data extraction and run their own analysis (Kumar and Virender 249). The element of automation is more on the side of the continuous auditing with the use of very powerful systems and effective servers that have never been a feature of the computer-aided auditing. These important features should draw an efficient line of distinction between the two types of auditing thereby eliminating any possible confusion between them. Issues to address before embarking on Continuous auditing There are three fundamental issues that normally arise before starting up the process of continuous auditing. When these three critical issues are anticipated, the continuous auditing exercise is bound to experience success. First and foremost, the managers ought to clearly understand the difference between continuous monitoring and continuous auditing. These two concepts are usually confusing and it is highly expected that if the managers cannot distinguish the two, they are likely to blunder (Wildman 89). They can end up doing continuous monitoring instead of continuous auditing. As such, a lot of time and money get wasted in the process. Continuous monitoring is a management function which ensures that the policies, business processes and procedures operate efficiently and effectively. The monitoring also ensures that these policies and procedures address the responsibility of the management the effectiveness, efficiency and even adequacy of the internal controls (Basu 56). Continuous monitoring normally involves the testing of all the automated systems and transactions in the company. The monitoring can be carried out on a weekly, daily or monthly basis depending on the business cycle that underlies the company. Many techniques used in continuous monitoring are similar to those applied in continuous auditing. Therefore, there is likelihood of significant amount of confusion occurring. Clear communication on the differences between the two processes assists in avoiding the possible confusion that is likely to arise. It will also aid in addressing the possible resistance to continuous auditing which may occur. Another issue that ought to be addressed is the Meta control. Continuous auditing is naturally dynamic. This is because it significantly makes use of the technology that keeps on changing. It heavily relies on the use of the automated system in whose field, dynamism is an appropriate description. Continuous auditing monitors particular configurable items thereby providing additional control levels and also acting as Meta control (Porter, Hatherly, and Jon 251-2). Independence and objectivity are also very significant issues of consideration before embarking on the steps of the continuous auditing. The audit activities in the continuous audit are very different from those that take place in the conventional auditing exercises and processes. As a result, the concepts of audit have to be re-conceptualized. The process of continuous auditing puts the auditor at the center of the transaction flow. The auditor deals more directly with the clients as compared to the conventional auditing processes. The auditors have therefore to ensure that the systems in use have got effective checks and balances (Hayes 78). The sole reason for the existence of these checks and balances is to guarantee independence and objectivity of the entire process. Having addressed these three issues of concern, the auditing process and steps leading to these processes can then commence. Steps to implementing Continuous Auditing After the managers have understood and effectively comprehended the fundamental issues of concern, the steps of continuous auditing can now begin. The implementation consists of six main procedural steps which are normally administered by a continuous audit manager. When the auditors are well informed of these processes, they are in a better position to carry out the continuous auditing process more effectively and monitor the whole process thereby providing important recommendations on areas to be improved if at all there is any (Whittington and Pany 27-9). These steps include the following: establishing priority areas, identifying, monitoring and continuous audit rules, determining the frequency of the process, configuring the continuous audit parameters, follow up and the communication of the results. Establishment of priority areas The exercise of determining which departments of the organization to priorities when conducting this important process should be well defined and clearly spelt out in the company’s internal audit annual plan and also in its risk management program. Many departments in an organization tend to be integrated with other activities and other compliance plans. While deciding on the areas to give a priority of the continuous auditing process, the managers have to consider certain factors (Spencer 112). First and foremost, the managers have to determine and clearly identify the business processes that are very critical to the running of the company. These processes should further be broken down with regards to the ones that have potential risks. Those identified as being exposed to greater potential risks should be given the first and fundamental priority in the process of continuous auditing (Kumar and Sharma 249). The managers and auditors also ought to clearly and vehemently understand the availability of the data to be used for the process of continuous auditing. This happens after the potential risk areas have been identified. The data that is being sought here must be related to those identified risk areas. Having ensured that, the managers and auditors should then evaluate the benefits and costs of implementing the continuous audit for each of the areas identified to be likely to suffer risks (Porter, Hatherly, and Jon 251-2). This is very important as it provides information on whether the efforts, time and money that is likely to be spent on the continuous auditing for the specific areas identified are worth investing in. The managers and auditors should then look keenly on the corporate ramifications of continuous auditing of a particular function or process. Early application should then be chosen to ensure that auditing of areas likely to be demonstrating rapid results and are of great value to the company are done effectively and conveniently. Thereafter, a negotiation with the internal audit areas and those whose areas should be audited should be ensured to realize a long term implementation. While carrying out these important considerations and activities, auditors must bear in mind the objectives of each of the auditing procedures. These objectives can be categorized as preventive, detective, compliance and financial (Siegel and Jae 105). Monitoring and Continuous Audit Rules Having effectively identified the fundamental priority areas, the next step in continuous auditing is the determination of rules and analytics that are able to promptly, effectively and efficiently guide the all exercise. The continuous auditing is a continuous, programmed process which has to be repeated in a frequent basis and reconfigured as possibly required to meet the changing needs of the dynamic times and circumstances that are frequently witnessed in the contemporary society. This is owing to the fact that the technology used keep on changing. The process relies very heavily on the use of information and communication systems that are typical of any successful modern-day organizations. The rules have to be established effectively prior to the conduct of some of the most fundamental activities in the process of continuous auditing (Flint 76). Furthermore, the monitoring and audit rules ought to take into account the environmental issues as well as the legal ones. At the same time, it has to take into consideration the objectives of each process. For example the manner in which the management will quickly respond depends on the speed of the process of clearance. In other words, it is closely pegged on the issues of the environment (Mainardi 278). On the other hand, the overall monitoring approach of the entire continuous auditing activity depends on the manner in which the legal framework operates and whether the legal and compliance issues are effectively enforced. Determination of the Frequency of the Process Although the concept is a continuous process, in a sense the frequency depends on the individuals’ perceptions and interpretations. There is something referred to as the natural rhythm of the processes being continuously audited (Wildman 89). This is what determines the frequency with which the auditing process will be conducted. The auditors therefore have an initiative to strongly make considerations regarding this rhythm. This includes the processes of timing the business processes and those of the computer. Similarly the consideration on the auditors to use for the continuous process has to be determined here. It is most crucial that the most skilled, knowledgeable and reputable continuous auditors be used to spearhead this important organizational process (Lerner and Cashin 333). The increased frequency of testing has fundamental benefits, however, the processes of extraction, processing and follow up of the testing results ought to be ensured so that increased cost of the process is effectively curbed. Consequently, the cost benefit ration of continuous audits of particular areas has to be put into consideration way before monitoring. Besides, there are certain tools that are used by the managers and the auditors to ensure that the success of the whole process can be guaranteed. These tools bring much more efficiency, accuracy and reliability to the process of continuous auditing. Such a tool includes an audit control panel which can bring about the activation of the frequencies and parameters variations (Basu 57). Configuration of the Continuous Audit Parameters The rules that should be adopted in each of the identified audit areas ought to be identified and configured early and in advance before the process of the implementation of the continuous auditing takes effect. The frequency of the parameters used might at times require some changes after the initial set up. This is because there are potential changes that might stem up after the first set up. These issues have to be put into consideration while configuring the continuous audit parameters. As a result, the rules, the frequency of the activity and the initial parameters have to be clearly defined and conveniently spelt out prior to the onset of the process of continuous auditing. They must also be reconfigured on the basis of the monitoring results of the activity (Lerner and Cashin 333). When defining the parameters for the continuous auditing process, the cost benefits should be considered and critically examined. Apart from this, there should be significant possibility of error detection in the process of the audit and the follow up activities related to the management of the company. Follow Up Follow up is a very fundamental activity in the process of continuous auditing. This activity is particularly very important when any errors are detected. It ought to be known early, that the process of continuous auditing, although, guided by systems, is equally controlled by human beings who are prone to making errors and mistakes. As a result, there should be constant and continuous follow up processes to ensure that these possible errors are detected and corrective measures put in place. The issues of who should receive the alarms must be effectively addressed at this point. It should be clear whether it is the line managers or the internal auditors are the ones to receive the alarm (Flint 78). In most instances, it is the process manager, the auditor in charge or the immediate supervisors that receive this alarm. There are other additional follow up procedures that should also be administered to ensure that the process is successful. These procedures include the reconciliation of the alarm even before the process of follow up. This can be done by critically examining the alternative data sources and waiting for the occurrences of similar alarms before the performance of any escalation guidelines (Porter, Hatherly, and Jon 251-2). Communication of Results This is the final step in a continuous auditing process. The manner in which the communication of the auditing results will be done to those whose areas and departments have been audited must be considered at this point. It is important that when the information is given to these people, there is consistence and independence. Again, while developing and implementing the communication guidelines and even the follow up procedures, the risk of collusion should be considered. A lot of work concerning fraud has in the past brought about an indication that much of the fraud is collusive. As a result they can be performed by both the internal and external parties of the company (Macbeath 201). Advantages of continuous auditing The process of continuous auditing has several merits to the organizations that conduct it in an almost regular basis. Firstly, it ensures that the internal controls are properly and effectively functioning. This is very important in the running of any company or business enterprise. Moreover, the process of continuous auditing helps the organization to prevent errors and cases of fraud which may be very harmful to the success and the effectiveness of the running of the organizations. When such errors are identified well and in advance, corrective measures can be put in place to safeguard the reputation and integrity of the company (Puttick, at el. 72). The process is makes use of systems that guarantee the provision of information in a near real time basis for the use by the internal managers of the company and other stakeholders. The information is of great importance to the investors, the government, and the clients of the company both internal and external, of course including the very potential customers. It provides a basis upon which the progress and the performance of the company can be evaluated (Lerner and Cashin 333). Disadvantages of Continuous Auditing While there are many merits associated with the process of continuous auditing, the most outstanding limitation is the fact that the process is as good as the systems used to guarantee its success. Since the process relies heavily in the modern use of technology which keeps on changing, issues of technological obsolescence come into mind when discussing it. This indeed is a very fundamental blow to the process of continuous auditing (Paton, et al., 167-9). Conclusion Of all the types of auditing, the continuous one survives as the most complex and the only one best suited to provide significant auditing information on a real time basis. As a result, companies and organizations that wish to monitor their progress ought to implement this process. In ensuring that this is done, organizations have to invest heavily on the appropriate infrastructure that can guarantee the success of the process. This is because the process relies heavily upon the use of information systems with powerful servers to provide real time auditing results. Works Cited Basu, S K. Auditing: Principles and Techniques. New Delhi: Pearson Education, 2006:56-9. Print. Flint, David. Philosophy and Principles of Auditing: An Introduction. Basingstoke: Macmillan Education, 1988:70-89. Print. Hayes, Rick S. Principles of Auditing: An Introduction to International Standards of Auditing. Harlow, U.K: Pearson Education, 2005:67-90. Print. Kumar, Ravinder, and Virender Sharma. Auditing: Principles and Practice. New Delhi: Prentice-Hall of India, 2005:245-7. Print. Lerner, Joel J, and James A. Cashin. Principles of Accounting I. New York: McGraw-Hill, 1999:333. Print. Macbeath, Angus. Continuous Auditing. London: Gee, 2005:190-201. Print Mainardi, Robert L. Harnessing the Power of Continuous Auditing: Developing and Implementing a Practical Methodology. Hoboken, N.J: John Wiley, 2011:278. Internet resource. Paton, William A, and Russell A. Stevenson. Principles of Accounting. New York: Arno Press, 2008:125-176. Print. Porter, Brenda, David J. Hatherly, and Jon Simon. Principles of External Auditing. Chichester, England: John Wiley, 2008:250-7. Print. Puttick, George, Esch S. D. Van, and S P. Kana. The Principles and Practice of Auditing. Lansdowne [South Africa: Juta, 2007:70-9. Print. Siegel, Joel G, and Jae K. Shim. Accounting Handbook. Hauppauge, NY: Barron's, 2006:100-9. Print. Spencer, Norman. A Basic Textbook of Auditing Principles. Nairobi: s.n., 1996:312. Print. Whittington, Ray, and Kurt Pany. Principles of Auditing & Other Assurance Services. New York: McGraw-Hill Irwin, 2012:23-8. Print. Wildman, John R. Principles of Auditing. Brooklyn: William G. Hewitt Press, 2000:89. Print. Read More