Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous."— Presentation transcript:

1 1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous Assurance Symposium, November 22&23, 2002

2 2 Overview Current methods of control Are there systems of control? Current frameworks of internal control eCommerce impacts on the current frameworks Are the current frameworks sufficient? Research agenda for systems of internal control

3 3 Current Methods of Control Methods of Management Control Methods of Internal Control Methods of Assurance

4 4 Methods of Management Control Planning, organizing, staffing, leading, controlling Internal audit definition Insure reliability and integrity of information Compliance with policies, plans, procedures, laws, and regulations Safeguarding of assets Economical and efficient use of resources Accomplishment of established objectives and goals for operations or programs Theory X, Theory Y Charisma Organizational design Process re-engineering

5 5 Methods of Internal Control Pervasive controls Control environment Plan of the organization General scheme of authorization General physical security Personnel policies Application controls Preventative: Separation of duties, specific authorization, validation, verification, specific physical controls Detective: Pre-numbered documents, registers and logs, reconciliation, review procedures

6 6 Methods of Assurance External audits Internal control evaluation Prospective financial information Compliance with laws and regulation Other WebTrust SysTrust

7 7 Systems of Control Appeal to auditor judgement What risks are pervasive controls actually lowering? When and how do pervasive control activities reduce application cycle risks? Under what conditions are multiple control activities likely to actually reduce risk? How are compensating controls justified with respect to risk?

8 8 eCommerce Impacts on the Current Frameworks Electronic transactions inputs processes outputs Continuous monitoring Continuous reporting Continuous assurance

9 9 Electronic Transactions Inputs No “inside source,” entry by the customer on the web Blanket authorizations Processes Transaction stream is continuously automated: points of control must be designed Outputs Effortless duplication, no natural tracing

10 10 Continuous Auditing Monitoring Points of control “disappear” into the processing system Measures, recording and reporting media, and measurement tools all change Assurance Decision cycle time decreases Decision based more on electronic measures Reporting On demand, 24/7, web-based Must reflect the shorter cycle times

11 11 Sufficiency of Current Frameworks COSO COBIT SAS 55, 78 IIA Guidelines 300 (C), 520 (Risk)

12 12 COSO Control Environment Risk Assessment Control Activities Information and Communication Monitoring

13 13 COBIT Information Technology Resources Information Planning and Organizing Acquisition and Implementation Delivery and Support Monitoring

14 14 SAS 55, 78 Obtain a sufficient understanding of IC to plan the audit Assess control risks for F/S assertions Additional tests of controls Determine the nature, timing, and extent of substantive tests COSO framework

15 15 IIA Guidelines 300 (C), 520.04 (Risk) Management controls Insure reliability and integrity of information Compliance with policies, plans, procedures, laws, and regulations Safeguarding of assets Economical and efficient use of resources Accomplishment of established objectives and goals for operations or programs Risk Assessment Identification of auditable activities Identification of relevant risk factors Assessment of the relative significance of the factors

16 16 Researching Systems of Internal Control Heuristics on combining risk effects of IC activities Risk implications of emerging IT technologies Identification and evaluation of points and bands of control Further (better) articulation of control goals and operational and control activities

17 17 Heuristics on Combining Risk Effects Use of non-classical mathematics: modal logics, fuzzy sets Data mining with pattern recognition Knowledge elicitation from the experts Analysis of known systemic risk and know subsystem risk A metaphor: what we use now is “payback” vs. NPV

18 18 Risk Implications of Emerging IT Technologies Increased and new risks Decreased and eliminated risks All “technologies” SW: OSs, applications, IDEs HW: servers, communications, clients Administrative: network monitoring, SAD methodologies, programming methodologies

19 19 Identification and Evaluation of Points and Bands of Control Rethink our traditional measure points (registers, logs) and convert to eCommerce settings Determine how to evaluate the placement of points wrt value added and C/B Develop systems of activities (bands of control) which can be evaluated for efficiency and effectiveness

20 20 Better Articulation of Control Goals and Operational/Control Activities Lining up qualitative dimensions of activities with the goals they are achieving Researching the relationships between activities and goals: linear, non-linear, etc. Tighter linkage of activities and goals to the different aspects of “control” Classification of control needs, the inventory of activities available to meet those needs, and “missing” control classes

Download ppt "1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous."

Similar presentations

Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Auditing Concepts.

Auditing Concepts.
Internal Control.

Internal Control.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Operational Auditing---Spring 2000 (2/3) 1 Accounting Business Skills “The What” 4 Business perspective 4 Organizational focus 4 Bias for action 4 Communication.

Operational Auditing---Spring 2000 (2/3) 1 Accounting Business Skills “The What” 4 Business perspective 4 Organizational focus 4 Bias for action 4 Communication.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Central Piedmont Community College Internal Audit.

Central Piedmont Community College Internal Audit.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Similar presentations

Ads by Google