Transcript Principles of Analytic Monitoring

Principles of Analytic
Monitoring
Miklos A. Vasarhelyi
Michael Alles
Alexandr Kogan
Rutgers Business School
The continuous assurance
will change
•
•
•
•
•
•
1) objectives
2) levels and hierarchy
3) timing
4) process
5) tools
6) outcomes
Real Time Economy
•Process Acceleration
•Sensors
•Dashboards
The Real Time Economy
•ERPSs
•The Information bus (XML – XBRL)
•System Integration
•Re-engineering
Monitoring and Control Platform
Assurance Processes
Financial
Audit
Other
Assurance
Systrust
WebTrust
Management Control Processes
Other hybrid Processes
Objective changes
• 1) changes in the environment and
industry, 2) the existence and
effectiveness of controls, 3)
increased human resource risks, 4)
process continuity and integrity, and
5) coherence between endogenous
and exogenous factors:
Effects on Controls
•
•
•
•
The existence of the controls,
That they are operational,
That their warnings are properly
observed and distributed,
That the controls are
comprehensive, covering all relevant
aspect of operational risk.
ERPSs
•
•
•
•
Integration
Automation
Common processes and data
Facilitate the deployment of CA by
providing a common platform
Supply, demand,
technology and CA
• Wider set of assurance services
•More efficient services
•Wider set of assurance providers
•More automated services
Supply t+1
Demand t+1
•New methods of assurance
• corporate malfeasance
•Increased information needs
Demand t
Supply t
•Wider set of assurance needs
•More rapid processes
•Increased regulation
Technology t
Technology t+1
• Ubiquitous internetworking
• Real-time corporation
• Improved analytic methods
• ERPSs
•New audit technologies
The continuous assurance
will change
•
•
•
•
•
•
1) objectives
2) levels and hierarchy
3) timing
4) process
5) tools
6) outcomes
Four levels of CA
Audit of judgments and facts
Auditor
Formal spec
evaluation at all
points
Process 1
Rules of measurement interpretation
MC Layer
Process 2
Process 5
Process 3
Process 6
Process 4
Transaction monitoring
Object and info. flows
Pensions: 4 levels of CA
•
•
•
•
Level 1: Flag and extract all transactions that pass resources between the
company and its pension fund, extract all transactions that affect pension
related ledger accounts and vouch for these transactions.
Level 2: GAAP specifies maximum and minimum contributions to pension
plans as well as ways to account for pension obligations, and other pension
related items. This level would create a logical template evaluating the
obedience for the rules of ERISA and GAAP.
Level 3: On a more analytical level, the continuous assuror can examine the
formally disclosed rules relative to pensions that allow for the
organizations actuarial estimates. Accounting standards require the
disclosure and usage of an interest rate in the assumptions about pension
estimates such as interest rate, employee related obligations vis-à-vis age
and years of employment, asset returns but the standards do not require a
relationship between the historical returns of the fund and the future
return assumptions. The future will bring corporate measurement rules
that link endogenous and exogenous data in the measurement of business
and its assessment.
Level 4: the auditor could make assertions at a strategic level about the
appropriateness of pension plan funding and the quality of the management
of the fund
The continuous assurance
will change
•
•
•
•
•
•
1) objectives
2) levels and hierarchy
3) timing
4) process
5) tools
6) outcomes
Timing issues
•
•
•
•
•
•
•
Extensive Front end work
Monitoring of system changes
Alarm based intervention
Evergreen opinion (of different forms)
Automated interim work
Continuous confirmation
Very limited, if any, detail testing
The continuous assurance
will change
•
•
•
•
•
•
1) objectives
2) levels and hierarchy
3) timing
4) process
5) tools
6) outcomes
The Auditing Process
• Traditional
• Engagement definition
• Audit planning
• Internal control
evaluation
• Substantive testing
• Opinion formulation
• Reporting
• Continuous
• MC architecture
• Analytic monitoring
structuring
• Discrepancy based audit
monitoring
• Continuous model
building and gathering
• Alarming and informing
• Discrepancy analysis
• Multilevel opinions
Evidence
• Major change on the nature of relied
evidence
• Automated confirmations will take a
progressively larger role
• Alarm frequency and nature will be
evidential matter
• Joint systems (with other entities) will
become prevalent
The continuous assurance
will change
•
•
•
•
•
•
1) objectives
2) levels and hierarchy
3) timing
4) process
5) tools
6) outcomes
Architecture
reports
Applications
reports
reports
reports
reports
Feeds for
applications
Ad hoc Analytic
reports
Periodic
reports
reports
reports
reports reports
reports
reports
alarms
alarms
alarms
alarms
Monitoring and control layer
intranets
Corporate
Legacy
Systems
intranets
Corporate
Web facing
Systems
reports
reports
reports
extranets
Internet
Systems from other
entities
Co ntinuo us Mo nito ring and Co ntro l Platfo rm
Analytic
templates
External data
provisioning
Semantic
v
A la MIMS extraction layer
External data
provisioning
v
Pattern scanning
Extracted data
facility
Exception
engine
v
Bulk data transfer v
facility A la GECKO
Data
provisioning
SQL extraction
Relational
storage
device
Data synthesis
module
Filtering layer
Strategic KPIs
platform
Standards and
procedures store
A la CPAS
Extracted data
facility
Reporting
platform
Diagnostic
engine
Audit exception
platform
Process
scorecards
Reporting
layers
Tool Category
Tools for CA
Specific technique
Transaction Monitoring
Example / comment
XML tags can be used to provide
invisible referentials and markings
for audit usage
Invisible sequencing
Sequence number and time stamps can be
included
Invisible signaturing
Electronic signatures can be used for
determining sourcing and to
increase non-deniability
Invisible linking
two /ten pieces of data are logically
linked so they get information ally
linked
Data entry edits
Data can be edited with specific content
knowledge I increasing its value
Knowledge-based template review
(heuristic rule based)
Into the process editing (after entry
Verifying extensions
Intermediate total usage for controlling
Continuity equations
Tools 2
Structural knowledge models
Industry structure knowledge models
Customer behavior models (purchasing,
paying, brand switching,
Physical world rules
Discriminant , nn, etc models that
parameterize events but causality or
relationships cannot be determined
Time series analysis
Very little if ever in auditing
Month and years are very coarse
measures
Processes have their own lives and biorhythms
KPI’s based analyses
Processes have overlaps, sub processes,
macro-processes, a management,
aberrations, cyclicalities, reasons
for leaving steady-state
Tools 3
Time series analysis
Very little if ever in auditing
Month and years are very coarse
measures
Processes have their own lives and
bio-rhythms
KPI’s based analyses
Cross sectional analysis
Comparison across firms
Compression across firm processes
Cross sectional time series analyses
KPI’s based analyses
Processes have overlaps, sub
processes, macro-processes, a
management, aberrations,
cyclicalities, reasons for leaving
steady-state
Corporate modeling
For risk analysis
For development of standards
Qualitative screening (parameter
based)
Transactions from the governors
mansions
Transactions that the IRS is watching
Transactions by crooks
Sensitive transactions
money laundering
Payments to management
Modified audit procedures
Confirmatory extranet
Data level reliability measure
Automatic transaction rejection
Automatic fraud detection
Linking financial and non financial processes analytically
Continuity Equations / Long Distance Billing
Receiving Call
Creating datasets
Splitting call
Posting from one
Rating each
detail data from
one-to-one
detail into
biller file to accounts
Billable
independent
many-to-many
files to be
in several billing
Customer
telephone
one-to-many'
posted to
cycles
companies in
different
mag. tapes
billers
1
2
3
4
5
Confirmatory Extranets
Balance
A meta-level can be
computed for
analytical purposes
Transactions can b e
traced / dated and
anlayzed
The continuous assurance
will change
•
•
•
•
•
•
1) objectives
2) levels and hierarchy
3) timing
4) process
5) tools
6) outcomes
Assurance Hierarchies
Monitoring,
control and
assurance
Peer review process
Regulators
Assurance of the assurance process
Tertiary monitoring - of the audit process
Assurance process
Verifies, the metrics and the
control
Secondary monitoring - audit processes
Feedback loop of action
Management action on discrepancy
Comparison of actual and model
Discrepancy detected
Standard
Primary monitoring and control processes
metrics
Underlying structure - operational processes
Measurable
Processes
Multiple Outcomes
• Assurance of a wider range of
stakeholders
• Front-end work more consulting-like
(Sarbanes – Oxley ???)
• Opinions will be mainly negative assertions
of the sort: no alarms level 5 occurred
• Major cultural changes needed
Opinion with futurity
• We have examined the reliability and financial reports of
ABC corporation and have been engaged on a continuous
assurance engagement for the fiscal year of xxxx. We will
monitor the organization’s operations and strategic
accomplishments using a wide set of analytics as described
in http://www.ca.com/analytics and other analytics we deem
appropriate and will report on an audit by exception basis
when more than xx % variance is found in operational and
strategic standards or when we deem it appropriate. This
exception report will be issued to all customers registered (
paying ) at http://www.ca.com/analytics/customers