1 Emerging CARLAB work Miklos A. Vasarhelyi. 2 Outline Continuous Control Monitoring Simulating Continuous Auditing Control Tags.

Slides:



Advertisements
Similar presentations
Financial Management Service Holden Hogue March 12, 2009 Standardizing, Consolidating, and Optimizing Budget & Financial Management Business Processes.
Advertisements

8/2/2006Prelimary – do not quote1 Transaction Objects, Control Objects, Control tags and Tags Dynamics Miklos A. Vasarhelyi Rutgers University.
General Ledger and Reporting System
Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
Discussion on SA-500 – AUDIT EVIDENCE
WILL BIG DATA CHANGE EVERYTHING IN ACCOUNTING AND AUDITING? Miklos A. Vasarhelyi Rutgers University.
Sustainable Energy Systems Overview of contractual obligations, procedures and practical matters KICK-OFF MEETING.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Implementing Continuous Auditing in a Global Real Time Economy Miklos A. Vasarhelyi KPMG Professor of AIS Rutgers University Technology Consultant AT&T.
The Experience Factory May 2004 Leonardo Vaccaro.
Principles of Analytic Monitoring Miklos A. Vasarhelyi Michael Alles Alexandr Kogan Rutgers Business School.
Miklos A. Vasarhelyi Siripan Kuenkaikaew Silvia Romero
Continuous Auditing Technology Adoption in Leading Internal Audit Organizations Miklos A. Vasarhelyi Siripan Kuenkaikaew.
The Demand for Audit and Other Assurance Services Chapter 1.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.
Concurrent Auditing Techniques
Information Systems In The Enterprise
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Other Assurance Services Chapter 24.
Introduction to Database Management
Chapter 10 Managing the Delivery of Information Services.
© Siemens Product Lifecycle Management Software Inc. All rights reserved Siemens PLM Software A protocol for continuous monitoring and assurance.
1 INTERACTIVE MARKETING STRATEGY (2) Sunarto Prayitno.
1 An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Assessment Lili Sun, Rutgers University Rajendra Srivastava, The University.
Developing the Marketing Plan
Page 0 Recording of this session via any media type is strictly prohibited. Page 0 FOR016: EXCELLENCE IN RISK MANAGEMENT 11.
Accounting Information Systems (ACCT 312) XBRL: eXtensible Business Reporting Language PowerPoint Presentations.
Dr. István Fekete: The Role of Integrated Risk Management in Organizations April11th, Budapest.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
XBRL for Internal Reporting XBRL International Conference Boston April 27, 2005 Neal J. Hannon Director, XBRL Software Development Allocation Solutions,
Changing the World of Financial Analysis Mark Schnitzer XBRL Analyst Supply Chain Chair.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 5 Internal Control over Financial Reporting
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
1 INTERACTIVE MARKETING STRATEGY (Lecture 11) Sunarto Prayitno.
Monitoring Monitoring forms part of the project cycle: Project Identification Planning Appraisal - Decision Implementation – Monitoring Evaluation Difference.
Implementing Continuous Auditing in a Global Real Time Economy Miklos A. Vasarhelyi KPMG Professor of AIS Rutgers University Technology Consultant AT&T.
S7: Audit Planning. Session Objectives To explain the need for planning To explain the need for planning To outline the essential elements of planning.
Site Operations Manager’s Workshop – September 26 th -28 th, 2006 Data Curation at NEES Claude Trottier Data Curator Site Operations Managers Workshop.
Audit Planning. Session Objectives To explain the need for planning To outline the essential elements of planning process To finalise the audit approach.
Business Process Change and Discrete-Event Simulation: Bridging the Gap Vlatka Hlupic Brunel University Centre for Re-engineering Business Processes (REBUS)
12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
DATABASE MANAGEMENT SYSTEMS CMAM301. Introduction to database management systems  What is Database?  What is Database Systems?  Types of Database.
E-Authentication in Higher Education April 23, 2007.
SSQSA present and future Gordana Rakić, Zoran Budimac Department of Mathematics and Informatics Faculty of Sciences University of Novi Sad
E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.
Continual Service Improvement Methods & Techniques.
(2) Organize information processing centers environment, the various functions and details Information technology audit: An information technology audit,
INSME – International Network for SMEs Tailored Services 1 st Meeting of the INSME Promoting Committee Milan, 7 th – 8 th July 2003.
Continuous audit: today and tomorrow Miklos A. Vasarhelyi KPMG Professor – Rutgers University Senior Consultant- AT&T Laboratories.
1 CASE STUDY ON DEUTSCHE BANK MARKET RISK MANAGEMENT SUBMITTED BY SNEHA B. SHAH SUBMITTED TO MS. MUDRA MISTRY 1.
Tool Support for Testing Classify different types of test tools according to their purpose Explain the benefits of using test tools.
Managing Trust Professor Richard Walton CB. Exam Question The importance of Trust in Data Protection (This essay should discuss the relationship between.
The Demand for Audit and Other Assurance Services
Managing the Delivery of Information Services
Chapter 1 An Introduction to Assurance and Financial Statement Auditing.
Miklos A. Vasarhelyi Rutgers University
Devising a Marketing Plan
Other Assurance Services
Other Assurance Services
Transaction Objects, Control Objects, Control tags and Tags Dynamics
Prerequisites for Achieving Net Centric Financial Operations
Big Data Analysis in Public Sector – CarLab research
The Structure of your Simulation assessment
Transaction Objects, Control Objects, Control tags and Tags Dynamics
Cascading Strategic Objectives – Hoshin Planning Template
Presentation transcript:

1 Emerging CARLAB work Miklos A. Vasarhelyi

2 Outline Continuous Control Monitoring Simulating Continuous Auditing Control Tags

3 Ongoing CA/R/Lab Projects CA = Continuous Control + Continuous Assurance 1.Continuous Control Monitoring (CCM) Siemens SALT project KPMG next generation control assessment Control tags 2.Continuous Assurance Advanced analytics at HCA (and Siemens) Liberty CA Simulator (and integrating with CCM)

4 CCM

5 Distributed And Inter-networked Systems: A New Control Paradigm Auditee systems Auditee systems Auditee systems Auditee systems Auditee systems Control Monitoring Device Monitoring Probes Control Agent resident analytics resident analytics resident analytics resident analytics metrics CA Monitoring Audit by exception

6 Levels Of Assurance Data Level Assurance (DLA) –Develop innovative tools: control tags, cookie crumbs, control paths, aggregate estimates Process Level Assurance (PLA) –Create a model that allows for the process by process estimate of control effectiveness Opinion Level Assurance (OLA) –Develop temporal related continuous control effectiveness assessments Evergreen opinions Exception frames Probabilistic opinions

7 Simulating Continuous Auditing Miklos A. Vasarhelyi Rutgers University

8 Outline The problem Structure of the simulation Demo Conclusions

9 The problem Progressively a large set of solutions is emerging in the CA arena Many of them have been theoretical and have no empirical basis It is very difficult to get transactional and/or control data from real-life companies Companies will give little entry to real-life situations

10 Structure of the Simulation Distributional data drawn from real life data The control structure is symbolic of a wide set of companies / processes We will vary the control structure and nature of data stream to compare

11

12

13

14 System Architecture

15

16 Conclusions A tool for continuous audit simulation through transaction replication and control evaluation Used real company distributions ARENA is a constricting tool There is much potential for its use Next step is results of simulations

17 Control Tags Miklos A. Vasarhelyi

18 Definition XML derivative tagging with a new type of tag, the control tags that incorporate specific control information on items of information.

19 Types of Control Tags 1) tags that specify the reliability of the control process that has generated the transaction 2) tags that serve to leave behind tracer information on the datum processing (cookie crumbs), 3) tags that record processes that the transaction was submitted, 4) tags that contain other control information, and 5) a mixture of the above.

20 Reliability control tags An ongoing assessment of the reliability of the control processes that generate a transaction is made. This measurement is carried with the transaction If it is subject to other processes, this reliability assessment is changed

21 Control tags, cookie crumbs and digital IDs Consolidation Financial statements Subsidiary 2 Financial statements Subsidiary 3 Financial statements Subsidiary 1 Financial statements Assurance station DID1 DID6 DID5DID4 DID2 DID3 Financial Intermediary Financial statements analysis DID7 DID8 DID9 Dynamic control spots with cookie crumb collection

22 Tracer related control tags (cookie crumbs) Tags carry a unique identifier of the transaction that is encrypted This identifier is deposited in tracer receptacles across the transaction path Public x private encrypting schema are used to verify transaction paths

23 Path recording control tags Transactions record its path by collecting process DIDs and carrying them encrypted Alternatively these may be deposited in a third party safe Web site and a pointer carried Information about the crypt decoding key / method is carried by the transaction as a tag

24 Information Control Tags Contain other control related information that could entail –Organizational placement and hierarchies –Reliability change related information –Name of the DLA assuror, e.g. KPMG –Outsource related agreements

25 Conclusions The balkanization financial information distribution creates serious integrity concerns Control tags associated to XML derivative transactions can deal with many of these problems Substantial investments on the standards, their implementation into software, and their conceptualization must be made

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.