Chapter 12 CONCEPTS IN CONTINUOUS ASSURANCE
暂无分享,去创建一个
INTRODUCTION Auditing technologies and methodologies are continually changing to catch up with business data processing methods. For instance, the introduction of computers in business forced the creation of Electronic Data Processing (EDP) auditing. Databases and distributed computing substantively changed audit risks and forced the utilization of essential new audit tools. The advent of the Internet, the consequent internetworking1 of applications, and the progressive electronization of many corporate processes have accelerated the trend and demand for new, more timely assurance processes. Kogan et al. (1999) have described a research program needed for additional understanding of continuous online audit. This chapter aims to introduce a series of research issues for additional examination that may lead to an improved conceptualization of modern assurance and related processes. In the future, the entire concept of audit will change to a loose set of assurance services, some of which will be statutory in nature. Figure 12-1 describes an assurance centric view of corporate monitoring processes. Corporate IT (legacy, middleware, and Internet systems) provides the online monitoring structure at the same time that it provides for a series of real-time administrative processes (e.g., cash management or receivables management). High-level corporate metrics, KPIs (key performance indicators), are extracted from the monitoring infrastructure and provide for corporate scorecards and other processes. Many management processes progressively rely on this infrastructure. One of these processes is the evolving field of continuous assurance. Four main issues distinguish assurance processes from other management support functions: data structures, independent review, the nature of analytics, and the nature of alarms. The data structures tend to focus on cross-process metrics and time-series evaluation data. A particular process is managed independently under the control of third parties. Its analytics focus is on cross-process integrity