Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Emerging CARLAB work Miklos A. Vasarhelyi. 2 Outline Continuous Control Monitoring Simulating Continuous Auditing Control Tags.

Published byPatricia Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Emerging CARLAB work Miklos A. Vasarhelyi. 2 Outline Continuous Control Monitoring Simulating Continuous Auditing Control Tags."— Presentation transcript:

1 1 Emerging CARLAB work Miklos A. Vasarhelyi

2 2 Outline Continuous Control Monitoring Simulating Continuous Auditing Control Tags

3 3 Ongoing CA/R/Lab Projects CA = Continuous Control + Continuous Assurance 1.Continuous Control Monitoring (CCM) Siemens SALT project KPMG next generation control assessment Control tags 2.Continuous Assurance Advanced analytics at HCA (and Siemens) Liberty CA Simulator (and integrating with CCM)

4 4 CCM

5 5 Distributed And Inter-networked Systems: A New Control Paradigm Auditee systems Auditee systems Auditee systems Auditee systems Auditee systems Control Monitoring Device Monitoring Probes Control Agent resident analytics resident analytics resident analytics resident analytics metrics CA Monitoring Audit by exception

6 6 Levels Of Assurance Data Level Assurance (DLA) –Develop innovative tools: control tags, cookie crumbs, control paths, aggregate estimates Process Level Assurance (PLA) –Create a model that allows for the process by process estimate of control effectiveness Opinion Level Assurance (OLA) –Develop temporal related continuous control effectiveness assessments Evergreen opinions Exception frames Probabilistic opinions

7 7 Simulating Continuous Auditing Miklos A. Vasarhelyi Rutgers University

8 8 Outline The problem Structure of the simulation Demo Conclusions

9 9 The problem Progressively a large set of solutions is emerging in the CA arena Many of them have been theoretical and have no empirical basis It is very difficult to get transactional and/or control data from real-life companies Companies will give little entry to real-life situations

10 10 Structure of the Simulation Distributional data drawn from real life data The control structure is symbolic of a wide set of companies / processes We will vary the control structure and nature of data stream to compare

11 11

12 12

13 13

14 14 System Architecture

15 15

16 16 Conclusions A tool for continuous audit simulation through transaction replication and control evaluation Used real company distributions ARENA is a constricting tool There is much potential for its use Next step is results of simulations

17 17 Control Tags Miklos A. Vasarhelyi

18 18 Definition XML derivative tagging with a new type of tag, the control tags that incorporate specific control information on items of information.

19 19 Types of Control Tags 1) tags that specify the reliability of the control process that has generated the transaction 2) tags that serve to leave behind tracer information on the datum processing (cookie crumbs), 3) tags that record processes that the transaction was submitted, 4) tags that contain other control information, and 5) a mixture of the above.

20 20 Reliability control tags An ongoing assessment of the reliability of the control processes that generate a transaction is made. This measurement is carried with the transaction If it is subject to other processes, this reliability assessment is changed

21 21 Control tags, cookie crumbs and digital IDs Consolidation Financial statements Subsidiary 2 Financial statements Subsidiary 3 Financial statements Subsidiary 1 Financial statements Assurance station DID1 DID6 DID5DID4 DID2 DID3 Financial Intermediary Financial statements analysis DID7 DID8 DID9 Dynamic control spots with cookie crumb collection

22 22 Tracer related control tags (cookie crumbs) Tags carry a unique identifier of the transaction that is encrypted This identifier is deposited in tracer receptacles across the transaction path Public x private encrypting schema are used to verify transaction paths

23 23 Path recording control tags Transactions record its path by collecting process DIDs and carrying them encrypted Alternatively these may be deposited in a third party safe Web site and a pointer carried Information about the crypt decoding key / method is carried by the transaction as a tag

24 24 Information Control Tags Contain other control related information that could entail –Organizational placement and hierarchies –Reliability change related information –Name of the DLA assuror, e.g. KPMG –Outsource related agreements

25 25 Conclusions The balkanization financial information distribution creates serious integrity concerns Control tags associated to XML derivative transactions can deal with many of these problems Substantial investments on the standards, their implementation into software, and their conceptualization must be made

Download ppt "1 Emerging CARLAB work Miklos A. Vasarhelyi. 2 Outline Continuous Control Monitoring Simulating Continuous Auditing Control Tags."

Similar presentations

Financial Management Service Holden Hogue March 12, 2009 Standardizing, Consolidating, and Optimizing Budget & Financial Management Business Processes.

Financial Management Service Holden Hogue March 12, 2009 Standardizing, Consolidating, and Optimizing Budget & Financial Management Business Processes.
8/2/2006Prelimary – do not quote1 Transaction Objects, Control Objects, Control tags and Tags Dynamics Miklos A. Vasarhelyi Rutgers University.

8/2/2006Prelimary – do not quote1 Transaction Objects, Control Objects, Control tags and Tags Dynamics Miklos A. Vasarhelyi Rutgers University.
General Ledger and Reporting System

General Ledger and Reporting System
Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.

Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.

Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
WILL BIG DATA CHANGE EVERYTHING IN ACCOUNTING AND AUDITING? Miklos A. Vasarhelyi Rutgers University.

WILL BIG DATA CHANGE EVERYTHING IN ACCOUNTING AND AUDITING? Miklos A. Vasarhelyi Rutgers University.
Sustainable Energy Systems Overview of contractual obligations, procedures and practical matters KICK-OFF MEETING.

Sustainable Energy Systems Overview of contractual obligations, procedures and practical matters KICK-OFF MEETING.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Implementing Continuous Auditing in a Global Real Time Economy Miklos A. Vasarhelyi KPMG Professor of AIS Rutgers University Technology Consultant AT&T.

Implementing Continuous Auditing in a Global Real Time Economy Miklos A. Vasarhelyi KPMG Professor of AIS Rutgers University Technology Consultant AT&T.
The Experience Factory May 2004 Leonardo Vaccaro.

The Experience Factory May 2004 Leonardo Vaccaro.
Principles of Analytic Monitoring Miklos A. Vasarhelyi Michael Alles Alexandr Kogan Rutgers Business School.

Principles of Analytic Monitoring Miklos A. Vasarhelyi Michael Alles Alexandr Kogan Rutgers Business School.
Miklos A. Vasarhelyi Siripan Kuenkaikaew Silvia Romero

Miklos A. Vasarhelyi Siripan Kuenkaikaew Silvia Romero
Continuous Auditing Technology Adoption in Leading Internal Audit Organizations Miklos A. Vasarhelyi Siripan Kuenkaikaew.

Continuous Auditing Technology Adoption in Leading Internal Audit Organizations Miklos A. Vasarhelyi Siripan Kuenkaikaew.
The Demand for Audit and Other Assurance Services Chapter 1.

The Demand for Audit and Other Assurance Services Chapter 1.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.
Concurrent Auditing Techniques

Concurrent Auditing Techniques
Information Systems In The Enterprise

Information Systems In The Enterprise
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 1 Other Assurance Services Chapter 24.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Other Assurance Services Chapter 24.

Similar presentations

Ads by Google