Lecture 3 - Smart Auditing Flashcards
Example DA (Trevor Stewart)
Analytical procedures are used for the following purposes:
• To assist the auditor in planning the nature, timing, and extent of
other auditing procedures
• As a substantive test to obtain evidential matter about particular
assertions related to account balances or classes of transactions
• As an overall review of the financial information in the final review
stage of the audit
3 types of Data Analytics in AP:
- Scanning
- Proof in total
- Statistical predictive modelling
Advantages of replacing samples by whole population - e.g., with recalculation
DA- Example Benford’s Law
• Data Mining Models for Auditing
• E.g., digital analysis based on Benford’s Law
• Based on natural frequency of numbers
• The first digit of a number is more frequently a lower
number (1,2 or 3) than a higher number (7,8,9)
• Last two digits of a number (00-99) should occur equally
• Data significantly varying from Benford’s Law should
be further evaluated for possible erroneous
transactions
4 Criteria for selecting Data Mining Approach
- Scalability - how well data mining method works regardless of data set size
- Accuracy - how well information extracted remains stable and constant beyond the boundaries of the data from which it was extracted, or trained
- Robustness - how well the data mining method works in a wide variety of domains
- Interpretability - how well data mining method provides understandable information and valuable insight to user
Dau & Vaserhelyi - Auditing 4.0
• Audit 1.0
• Manual audit. Tools: pencils and calculators
• Audit 2.0
• IT audit. Tools: Excel, CAAT software
• Audit 3.0
• Inclusion of Big Data in audit analytics. Tools: BA
• Audit 4.0
• Semi- and progressive automation of audit. Tools: sensors,
cyber-physical systems, IoT/IoS, RFID, GPS, heart-beat
mechanism, blockchain
Principles Industry 4.0/ Auditing 4.0
• Interoperability • Virtualization, Mirror World • Decentralization and mass customization • Real-time capability • Service orientation • Modularity
Relevance for audit • Data integration -> analytics • Real-time asset management • Necessity of automation of audit equations • CA/CM, audit by exception • “Audit as a Service” • Audit apps
CA/CM
- CA is focusing on obtaining audit evidence and indicators from systems, processes, transactions and controls which are collected on a frequent or continuous basis by assurance functions assisted by analytical technology tools (KPMG 2010)
- CM is a control mechanism used by management to ensure that controls and systems function as intended and that transactions are processed as prescribed (KPMG 2010)
- Internal control is a process effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives related to operations, reporting and compliance (COSO 2013)
Digital Technology for the first phases of Smart Computing (5A’s)
- Awareness
- Analysis
- Alternatives
- Action
- Auditability
A1: Data creation (“awareness”)
• Data created by the Information System or by IoT sensors
• Very reliable (esp. when managed by external party), but not
necessarily complete
• Data created internally by employees
• Quality depends on quality of the organization, e.g., Segregation
of Duties, and built-in controls, e.g., mandatory fields in the form
• External data
• Quality varying. Usually requires transformation and data
cleansing before it can be used.
Information fusion
• In traditional systems, not all individual transactions can be checked
due to the vast amount.
• In first-generation continuous auditing systems, all transactions are
monitored, continuously, leading quickly to an exception overflow.
• An approach to deal with this exception overflow is information
fusion, having its origin in defense. Information fusion is a
systematic approach to aggregating exceptions.
Information Fusion benefits
• Systematic way of handling exceptions
• Emphasis on combination of data (on different levels)
• More automation possibilities (e.g. in combining output of different
decision makers)
• In this way: solving anomaly overflow problem
Data Mining for fraud analysis - Three basic approaches to data mining
• Statistics-based methods (e.g. neural networks,
discriminant analysis)
• Distance-based methods (e.g. clustering), and
• Logic-based methods (decision trees, rule induction)
Example fraud analysis (fake vendors)
• Identify fraud scenario
• Starting with simple queries and matching
• For example: match the vendor address set with the employee
address set
• More intelligent analysis tries to find patterns not known yet and/or
takes the counter-measures of the fraudulent party into account
SAS 99
• SAS 99 Consideration of Fraud in a Financial
Statement Audit requires varying audit procedures
• Reduces likelihood that fraud perpetrators can
• Predict audit procedures, and
• Conceal fraud in areas and ways that auditors
are least likely to identify
• Data mining analysis should vary
Note: whereas fraud analytics has high potential, traditional means,
like Analytic Procedures based on aggregate numbers, are also very
useful, esp. when applied rigorously.
Articles on audit analytics - Trevor Stewart
Trevor Stewart - data analytics in auditing
- Gentle introduction into audit analytics
- The value of visualization
- The value of clustering
- Challenges in outlier detection