Continuous Auditing
From a Public Accounting Firm Perspective
November 2, 2007
Presented By:
Kevin Rockecharlie (MBA,CISA)
IT Assurance Manager
TravisWolff
A New Way of Auditing
Our continuous auditing approach is based on the assumption that a
qualified IT resource will be sent to each client during the interim audit
period to implement a data extraction procedure. The end result will
provide the ability to:
•
•
•
•
•
Review the entire population (no sampling)
Introduce the opportunity to recalculate account balances
Allow for a comparison of financial information with industry data
Identify trends, recognize exceptions and audit by exception
Allow the audit staff to target higher risk areas as required by the
introduction of new risk based accounting standards, SAS Nos. 104111
Data Requirements (ERP Business Cycles)
Business Cycles
•
•
•
•
•
Accounts Payable
Accounts Receivable
Inventory
Fixed Assets
General Ledger
ERP
Database
Business Cycles
• Payroll
• Human Resources
Payroll \ HR
Database
Accounts Payable
• Related Party Identification
• Detail Reconciliation to GL & AP Aging
• Vendor Concentrations (footnote)
Accounts Receivable
• Recalculation of AR Aging
• Outstanding AR by Customer
• Expediting Confirmation Process
Inventory
• Obsolete Inventory Identification
• Labor & Overhead Rate Reasonableness
• LIFO Calculations
Fixed Assets
• Asset Addition\ Disposal
• Gain\Loss, Depreciation Calculation
• Identification of Capital Leases
General Ledger
• Journal Extraction (Balanced & Complete)
• Population Identification
• Trial Balance Verification , Cutoff Testing
Payroll \ HR System
• Population Identification
• Employee Existence
• Payroll Distribution
• Reconciliation to GL Detail
Continuous Audit Workflow
A new procedure will be implemented with each client that will provide for the
ability to continually audit transactions throughout the year, including:
1.
Identify critical client data
2.
Build extraction scripts to retrieve data
3.
Educate client on extraction procedure
4.
Submit data to a centralized enterprise database used
as an internal data repository
5.
Import data into (CAAT) software for review
6.
Document audit work performed
Data Workflow
(CAAT) Software
Client ERP / Payroll Systems
Internal Data Repository
Oracle
SQL Server
Industry Data
(For Ratio Analysis)
D&B
S&P
RMA
(Robert Morris)
MySQL
Custom Reports
Including SAS 99
(Fraud)
Increase the Reliability of Audit Evidence using (CAAT) Software
A recalculation of highly reliable audit evidence can be performed by checking
the mathematical accuracy of records using software that provides for Computer
Assisted Audit Techniques (CAAT) such as CaseWare’s
software.
Level of Reliability
High
Medium
Low
Type of Evidence
Inspection of assets
Reperformance
Recalculation (with
Inspection of Documents
Scanning
Confirmation
Analytical Procedures (with
Inquiry & Observation
)
)
IDEA Smart Analyzer
Accounts Receivable
Aging by due date and invoice date
Accounts with balances or transactions’ exceeding credit limits
Accounts with credit balances
Transactions within a date range
Duplicate transactions
Debtor transaction Summary
Accounts Payable
Aging by invoice date
Duplicate invoices or payments
Accounts with balances or transactions with debit balances
Accounts over credit limit
Invoices without purchase orders
Transactions within a date range
Transactions posted on weekends, specific dates or times
Transactions summarized by user
Transaction with rounded amounts
Duplicate field search
Fixed Assets
Fixed assets additions
Asset category summary
Recalculate straight line depreciation
Recalculate declining balance depreciation
Depreciation exceeding cost
Duplicate field search
Inventory
Aging by receipt date
Recalculate inventory balance
Calculate inventory turnover ratio
Zero or negative unit cost
Negative quantity on hand
Inventory location summary
Large inventory amounts
Inventory received around a specified date
Last sales prices lower than unit cost
Compare sales price with unit cost
Duplicate field search
General Ledger
Out of balance journal entries
Duplicate journal entries
Missing journal entries
Posted on weekends, specific dates or times
GL Reports and Summaries by:
User Account combinations
Journal entries with large amounts
Journal entries with rounded amounts
Account number
Period or source
Account balances by source or period
Import Components Supported by IDEA
•
XML Audit File Financial
•
Dynacom Accounting
•
Fortune 1000 Acomba
•
QuickBooks
•
Fortune
•
ACL Data
•
Avantage Progression NG
•
ACCPAC Advantage Series
•
PeachTree Complete Accounting
•
Simply Accounting 8-2003
•
Simply Accounting 5-7
•
MYOB
•
Avantage Progression 8 – 10
•
QuickBooks Canada
•
Sage Accpac ERP
•
Sage Simply Accounting
TravisWolff Client Systems
Custom Reporting (SAS 99, Fraud)
By having an internal data repository containing client data, SAS 99 / fraud
compliance is now a byproduct of the continuous audit methodology because
audit staff will be able to run predefined/automated work programs against unmanipulated client data.
Firms will be able to analyze data for various fraud characteristics such as:
Ghost employees
Duplicate vendors
Duplicate checks
Favored vendors
etc...
•
•
•
•
•
Real World Challenges
•Clients do not operate homogeneous systems
•Custom extraction programs & processes must be developed
•Time and resources are required for initial client data extraction
Summary of Audit Client Systems
Other Applications Detail:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Accpacc
AMB Accounting
American Health Tech
Apogee
AXYS
Black Buad (Razors Edge)
Business Works
Cetec
Club Connect
CPR Plus (ERP)
Fourth Shift
JD Edwards
Latitude
LAWSON
MRI
MYOB
QAD
ROGARS
SoftTalk
Storis
SYSPRO
Timberline
Yardi
Real World Opportunities
Qualified accounting resources are in tight supply. By implementing a well defined
continuous audit methodology, firms will be able to:
– Target high risk audit areas and focus your limited resources
– Work more efficiently with each client
– Retain audit staff by using cutting edge audit techniques
– Increase realization of audit fees
– Implement more effective fraud procedures (SAS 99)
For more information: