Toward Effective Big Data Analysis in Continuous Auditing
Artigos
Mauricio Mello Codesso mmcodesso@outlook.com
Universidade Federal de Santa Catarina, Brazil
Paulo Caetano da Silva paulo.caetano@unifacs.br
University of Salvador, Brazil
Miklos A. Vasarhelyi miklosv@business.rutger.edu
Rutgers Business School, United States of America
Rogério João Lunkes rogeriolunkes@hotmail.com
Universidade Federal de Santa Catarina, Brazil
Continuous audit model: data integration framework
Revista Contemporânea de Contabilidade , vol. 15, no. 34, pp. 144-157, 2018
Universidade Federal de Santa Catarina
Received: 15 January 2018
Accepted: 26 March 2018
Abstract: The approximation of business areas with the use of new technologies, real-time savings, transactions with several countries and on several continents with different law guarantees are necessary. These warranties can be acquired through Continuous Audit (CA). However, to be able to perform the analysis the auditors need to have access and extract the data. Previous researchers only emphasis on the benefits of applying the CA methods, but don´t explain how to retrieve and organize the data. In this way, we propose the development of a framework to integrate different systems for continuous auditing. The paper aims to contribute to the literature with the deepening of ways to access, structure and collect critical and necessary data for CA. With the deepening of Audit Data Standard and eXtensible Business Reporting Language (XBRL), as well as creating a basis for future research with the integration of extraction, analysis and exception detection algorithms that are used by CA.
Keywords: Continuous Audit, XBRL, Audit, Audit Framework.
Resumo: A aproximação de áreas de negócio com o uso de novas tecnologias, economia em tempo real, transações com vários países e em vários continentes com diferentes garantias legais são necessárias. Essas garantias podem ser adquiridas por meio da Auditoria Contínua (CA). No entanto, para poder realizar a análise, os auditores precisam ter acesso e extrair os dados. Pesquisadores anteriores enfatizam apenas os benefícios da aplicação dos métodos de AC, mas não explicam como recuperar e organizar os dados. Desta forma, propomos o desenvolvimento de um framework para integrar diferentes sistemas de auditoria contínua. O artigo visa contribuir para a literatura com o aprofundamento das formas de acessar, estruturar e coletar dados críticos e necessários para a AC. Com o aprofundamento do Audit Data Standard e do eXtensible Business Reporting Language (XBRL), além de criar uma base para pesquisas futuras com a integração de algoritmos de extração, análise e detecção de exceção que são utilizados pela CA.
Palavras-chave: Auditoria Contínua, XBRL, Auditoria, Estrutura de Auditoria.
Resumen: La aproximación de áreas de negocio con el uso de nuevas tecnologías, economía en tiempo real, las transacciones con varios países y en varios continentes con diferentes garantías legales, son necesarias. Estas garantías se pueden adquirir a través de la Auditoría Continua (CA). Sin embargo, para poder realizar el análisis, los auditores necesitan tener acceso y extraer los datos. Los investigadores anteriores enfatizan sólo los beneficios de la aplicación de los métodos de AC, pero no explican cómo recuperar y organizar los datos. De esta forma, proponemos el desarrollo de un marco para integrar diferentes sistemas de auditoría continua. El artículo pretende contribuir a la literatura con la profundización de las formas de acceder, estructurar y recoger datos críticos y necesarios para la AC. Con la profundización de Audit Data Standard y del eXtensible Business Reporting Language (XBRL), además de crear una base para futuras investigaciones con la integración de algoritmos de extracción, análisis y detección de excepciones que son utilizados por la CA.
Palabras clave: Auditoría Continua, XBRL, Auditoría, Estructura de Auditoría.
1 Introduction
Real-time economics and globalization have caused an increase in the amount of data that is captured and stored. This change was facilitated by lower costs of storage, e-commerce, and increased use of information technology in business, such as Enterprise Resource Planning (ERP) systems, which generate huge amounts of transactional data for users. Various business systems have been developed to support decision making, planning, and control, as well as monitoring organizational performance (BERNHARD, 2012; VIJAYAN, 2012). However, this phenomenon of high data volume requires a different approach to audit.
After conducting global fraud research, the Association of Certified Fraud Examiners found that fraud costs organizations 5% of their annual income. The average time to detect and report frauds was 18 months. Confidence has been in traditional external audits as the primary fraud detection technique. However, these have only accounted for 3% of frauds. On the other hand, the implementation of controls to detect frauds has been proven effective in reducing costs and extent of fraud (RATLEY, 2012).
Companies are increasingly dependent on computerized systems, such as ERPs, to handle their business processes. This process of business computerization, coupled with real-time economics, encourages and requires companies to generate data promptly. To extract useful information, and finally, the knowledge that can support decision making (ELLIOTT; KIELICH, 1985), it is essential to ensure the quality and reliability of this data (VASARHELYI; CHAN; KRAHEL, 2012).
Advances in technology enable real-time or near-real-time monitoring, however, audit services have evolved at a much slower pace. Most of these services are still performed manually, an approach that is time-consuming and costly (VASARHELYI; ALLES; WILLIAMS, 2010). This comes in contrast to the technology currently available, which can offer ongoing credibility support.
Various aspects of the audit need to be reviewed. While traditional audit takes a sample-based approach, mainly due to time constraints and budgets, continuous audit examines the entire population of record. Companies can benefit from the use of automation and technology to improve the efficiency and effectiveness of auditing through the implementation of continuous auditing systems. Companies can lower the cost of work associated with audits by taking advantage of computerized technology and systems. Also, this can increase the efficiency of their production (ELLIOTT, 1998; MENON; WILLIAMS, 2001).
Continuous Audit is an audit process that produces audit results simultaneously or in a short time after a relevant event occurs (VASARHELYI et al., 2012). The continuous auditing implementation is only feasible as a fully automated process and with immediate access to relevant events and their results. To meet these requirements systems must be permanently connected, for both auditors and auditees.
Continuous auditing begins to gain more space as organizations gain more automation in their business processes and, therefore, the requirements for monitoring business risk (VASARHELYI; ALLES; KOGAN, 2004). However, the development of continuous auditing has enormous technological and organizational challenges. The wide variety of software used in companies makes it difficult for auditors to develop integrated auditing systems. Many pieces of such software were designed as stand-alone systems, with little or no network communication capability. However, the current stage of ERP development demonstrates a greater tendency for standardization and better integration with other subsystems (KOGAN; SUDIT; VASARHELYI, 1999).
Traditional audits and the use of small sampling techniques are progressively less efficient when dealing with large volumes of data. Unlike traditional auditing, continuous auditing does not work with samples, it analyzes the entire transaction population, which allows the change from manual detection to the development of prevention capabilities (LI et al., 2007).
O'Reilly (2006) points out the benefits generated using CA methodologies:
-
• Make the audit process faster, cheaper, more efficient and more effective;
-
• Reduce the time needed for audit cycles, providing better response times for risk control and reliability of operations;
-
• Increase the coverage of audit work without increasing the number of required resources;
-
• Enable the conduction of audits daily, monthly or in the interval of time that is deemed appropriate;
-
• Automate periodic audit testing, improving audit execution time;
-
• Test 100% of the data population in the audit work and not just a sample;
-
• Improve the quality of the audit and its speed.
CA allows corrective action to be taken sooner than traditional approaches. The focus of the audit will shift from manual detection to technology-based prevention (FLOWERDAY; BLUNDELL; VON SOLMS, 2006). The CA allows the auditor to analyze the data more frequently by performing control and risk assessment in a real-time environment. It allows the opportunity to go beyond traditional auditing approaches, such as sampling and to analyze at a specific point in time, providing automatic and timely detection of failures in controls and exceptional situations, directing efforts to find the facts and remedies needed (LI et al., 2007).
Real-time monitoring techniques can reduce errors and fraud, increase operational efficiency and profits (LI et al., 2007). Sarbanes & Oxley (SOX) defines rules and conditions for auditing and controlling operational risks, which has created complex demands for companies. The legal requirement of financial statements to be published in real time led to the need for transactions to also be audited in real time (FLOWERDAY; BLUNDELL; VON SOLMS, 2006).
The required control for compliance with legislation has forced companies to look for ways to meet this requirement at acceptable costs. The CA has been gaining strength due to the possibility of automating risk control through the early perception of potential problems, by using internal control to act in a preventive and no longer detective way (LI et al., 2007).
Continuous auditing and monitoring can improve the efficiency of auditing work through automation and adoption of an audit-by-exception approach. In this approach, the total population is analyzed and only exceptions are investigated.
Continuous auditing is a type of audit that can be done more often, in which exceptions are identified, and alarms are sent to those responsible to correct these errors. If they fail to correct the errors on time, the internal audit department may be notified to act (ALLES; KOGAN; VASARHELYI, 2008).
In the literature, numerous studies use statistical tests and techniques to identify exceptions (DULL et al., 2006; GROOMER; MURTHY, 1989). The proposed methodologies are efficient in helping auditors to detect anomalies and exceptions (ALLES et al., 2006; DEBRECENY et al., 2003). However, these studies do not integrate with each other and do not address the issue of data availability and extraction ways.
Flowerday, Blundell and Von Solms (2006) describe problems affecting continuous auditing solutions is the variety of data formats and records, including legacy systems that are crucial to creating continuous audit system. For this, it is necessary that there is an evaluation and standardization of this data so that there are no processing errors.
The standardization of data format is the most complex and challenging aspect for building CA capabilities, which may entail high costs and complexity due to the need to collect information from different systems (REZAEE et al., 2002).
In light of the exposed issues and the difficulties pointed out by previous studies, the following problem question arises: How to standardize the data of the various systems so that it is possible to implement continuous audit? To respond this problem, we propose the development of a framework for integration of different systems for continuous auditing.
This paper is organized as follows, Section II we discuss the concepts needed to understand the problem and solution presented. In Section III, we explorer each layer from the proposed framework.
2 Background
2.1 Continuous Audit
Continuous Audit studies present as difficulties the availability and high cost of data access for the implementation of monitoring routines. Therefore, what is lacking in the academic and professional literature is a more in-depth analysis of how to collect, structure, and elaborate sampling of critical data for Audit analysis. This omission of methods and standards can undermine the work of the auditor by multiplying his sample bases beyond what is necessary, which will lead to auditing in a more substantial number of substantive tests as well as too many analytical procedures (SILVA, 2012). The ability to access and retrieve information from a variety of sources, including legacy systems, is a crucial point in creating a CA system. This makes it essential to standardize data. However, this can be a complicated and costly process (FLOWERDAY; BLUNDELL; VON SOLMS, 2006).
The high investments required for CA implementation are pointed out in Flowerday, Blundell and Von Solms (2006) as a difficulty to be overcome for adoption. Similarly, the financial scandals that occurred in broad organizations over the last decade, due to the execution of internal frauds, have amplified the performance of the audit, which needs to carry out analyzes in an immediate way and inopportune moments. Besides, the rigidity of regulatory requirements, such as the Sarbanes & Oxley (SOX) Act and Corporate Governance principles that offer a high level of transparency and an organized and well managed internal control environment, have increased the importance of Auditing, be it internal or external (SILVA, 2012).
The need for instant and steady security about the efficiency of risk management and the internal control environment is critical. Organizations are exposed to significant errors, fraud and inefficiencies that can lead to financial losses and increased risk exposure (BUMGARNER; VASARHELYI, 2015).
Continuous Audit (CA) began to draw attention to researchers in the late 1980s and early 1990s, with Groomer and Muthy (1989) and Varsarhelyi and Halper (1991), who respectively demonstrated the need and possibility of an assurance of the processes closest to the event. This approach has been shown both practical and professional orientation (CICA / AICPA, 1999; VASARHELYI et al., 2012).
Varsarhelyi and Halper (1991) argue that there are some fundamental problems that traditional auditing cannot solve, mainly related to large databases. Traditional auditing is performed only once a year, and this audit may occur just long after the economic event has occurred.
The first definition of CA by a representative body was introduced by AICPA (American Institute of Certified Public Accountants) and CIPA (Canadian Institute of Public Accountants) in 1999 in the AICPA / CICA's Red Book (1999):
Continuous Audit is a methodology that allows independent auditors to assure a matter for which the company's management is responsible, using a series of audit reports generated simultaneously or with a short time after the events occur (CICA / AICPA, 1999).
For Vasarhelyi, Alles and Kogan (2004), the evolution of new technologies and business processes meant that continuous auditing at first was used only to automate existing audit processes and was not able to take advantage of the ERP systems. The second stage of evolution occurs when audit processes are redesigned to exploit the full technological capability available in systems.
The adoption of continuous auditing has occurred in several sectors, although at a slower pace than developments in information technology. The Institute of Internal Auditors and ACL (software developer) conducted joint research and found that a growing number of companies are gaining interest in continuous auditing. The results of the study show that 36% of the companies that answered the questionnaire have already implemented continuous auditing, while 39% have planned to follow their tracks shortly (ALLES; KOGAN; VASARHELYI, 2008).
According to Silva (2012), the concept of continuous auditing is related to the availability of data that is closest to an event, if possible in real time, with the capacity to be processed and correlated in a secure computerized environment that brings reliable electronic information that auditors and managers of the organization. The standards do not update their risk measurement model for a model that takes into account the attributes of CA. If the audit profession encompasses CA, there will be an evolution of thinking in the audit processes that will bring satisfaction to the shareholders of the organizations and stakeholders. If it does not occur, the CA will be part of special services and will be provided by consulting firms that, without broad domain of the subject, may even weaken the auditor's opinion in their work.
According to Vasarhelyi, Alles and Kogan (2004), the pressures imposed by SOX point out that the audit process is carried out continuously, this type of audit provides the auditors with a set of tools that can transform the audit process into a continuous process of monitoring an organization's business.
Alles et al. (2006) expanded the scope of CA by dividing Continuous Control Monitoring (CCM) and Continuous Data Assurance (CDA). Initially, the CA was conceptualized for monitoring data, and as systems of exceptions. However, as a reaction to the Sarbanes Oxley Act (SOX) and the need to express an opinion on the adequacy of internal controls, the concept was expanded with the inclusion of the CCM.
The CCM verifies the parameters of the ERP and compares with the previously established standards. The case study that originated its development was carried out at Siemens. Alles et al. (2006) applied a conceptual model that compared the parameters of the system with the standard settings defined every night and, if there were any variation, the auditors would be alerted. The company had more than 150 instances of SAP, and the original audit plan was applied in cycles ranging from 18 to 24 months. The results pointed to the possibility of creating a layer of security or guarantee on the instances of the ERP.
Vasarhelyi, Alles and Williams (2010) added to the scope, Continuous Risk Monitoring and Assessment (CRMA). The CRMA is divided into three areas: operational, environmental and black swans. Black Swans are very remote risks, but with enormous consequences (TALEB, 2010). Risks are chosen and judged by the audit team, and key risk indicators (KRIs) are associated with the most significant threats in each category. Variances models are applied to detect significant changes in risks.
Compliance Monitoring (COMO) is related to the area of risk assessment and also to the increase of regulated markets, such as banks and insurance companies. Only the conformity information is initially qualitative, are being increasingly automated by automated systems. The need to comply with various regulations and the need to reduce compliance costs makes it possible to implement this approach (BUMGARNER; VARSARHELYI, 2015).
According to Bumgarner and Varsarhelyi (2015), adopting COMO will be able to create comprehensive taxonomies of compliance issues and continuous updates to regulatory changes by geographic region, the area of activity, as well as the nature of the compliance rule (qualitative, quantitative, quanti-quali).
The integration of these elements in a closer-to-the-event approach has the advantage of improving the coordination of Assurance. According to Varsarhelyi and Alles (2006), Assurance can be defined as an umbrella of services that includes traditional auditing and other similar or complementary services that emerge or are facilitated by new technologies and business needs.
Given the incorporation of the elements, Bumgarner and Varsarhelyi (2015, p.48) redefine Continuous Audit as:
A methodology that allows auditors to provide assurances about an issue for which the entity is responsible, using a continuous opinion schema given almost simultaneously with, or shortly after that, the occurrence of events underlying the subject. Continuous auditing may involve predictive modules and may complete organizational controls. The continuous audit environment will be progressively automated and with auditors progressively assuming more judgmental roles. The audit will be by analytical methods, by exception, adaptive, and will cover nonfinancial financial functions (BUMGARNER; VARSARHELYI, 2015, p.48).
Initially, CA was seen only as automation of traditional auditing procedures, but over time new needs were emerging and were being expanded within the scope of CA. These unique requirements came from the technological evolution, the complexity and the size of the information that the audit and the companies began to work.
The emergence of new information and analytics technologies has introduced new products and new ways to gauge business performance. Both CA and management have been substantially involved in the continuous monitoring of processes in various areas of activities, including accounting and finance (BUMGARNER; VARSARHELYI, 2015).
Traditional auditing argues that if the auditor acts as a monitor, it begins to be part of the control system and loses its independence. However, the progressive increase of layers between the auditor and the data, and the large volume of data used in companies force the existence of monitoring and a series of reports (BUMGARNER; VARSARHELYI, 2015). It became clear that analytical monitoring processes would be beneficial for the management and benefit of using the system itself (VASARHELYI; HALPER; ESAWA, 1995).
2.2 XBRL - eXtensible Business Reporting Language
According to Luciano and Silva (2014), in 1998, XML (eXtensible Markup Language) language is recommended by the W3C (World Wide Web Consortium), in an attempt to solve the problems and limitations of SGML and HTML. XML is a flexible and straightforward format language intended for the exchange of electronic publications and a variety of data types on the Internet and in other computing environments. According to Silva (2006, p.32), "the XML language allows users to add structure to their documents, but whoever uses them will have to know the meaning of this structure so that it can create the programs that will process them."
XBRL language was developed for the preparation and exchange of financial data, providing an XML-based framework for use in the creation, exchange, and analysis of financial or accounting statements specifically for the accounting area, but not limited to, financial statements, audit analyzes.
There are two relevant types of XBRL taxonomy: the XBRL Global Ledger (XBRL GL) and the XBRL Financial Reporting (XBRL FR). XBRL GL taxonomies allow the representation of information found in a chart of accounts, such as accounting postings or historical, financial and non-financial transactions. XBRL FR taxonomies are explicitly designed to promote communications, i.e., financial reports to be disseminated externally and internally by organizations (LUCIANO; SILVA, 2014).
XBRL GL taxonomy specification was created from the XBRL 2.1 specification. While XBRL emphasizes the preparation and exchange of financial data and analysis of financial or accounting statements. XBRL GL is a standard format for representing financial and non-financial detail-level data, moving data between different systems and applications, and providing the context for deepening knowledge from summary reports (XBRL FR) to the detail of to which it relates.
Financial reports use the XBRL FR taxonomy, in which each element of the taxonomy identifies a concept of financial information. XBRL GL is a link between accounting records systems, at their highest granularity of data, and financial reporting at the most elevated aggregation level (lower granularity of data). The objectives of the XBRL GL differ from the XBRL FR, while the first taxonomy is intended to represent the most basic accounting information, FR taxonomies represent the reports of the basic accounts represented by the XBRL GL (LUCIANO; SILVA, 2014).
In the next section, we present a corporate architecture based on standard technologies for the exchange of financial information, i.e., XBRL and web services, to find a solution for the standardization of data, in a way that facilitates the process of continuous auditing.
3 Architecture of the Continuous Auditing Environment
The framework proposed in this work is based on a corporate environment based on an integration infrastructure, which aims to promote access and retrieval of information within the information structure of the company. In this infrastructure is the corporate environment, extraction services, and standardization services, in the lower layers of the framework. At the top layers are persistence services, auditing services, and distribution services. The services are materialized in the form of web services to meet the integration needed to design the information collection and retrieval environment. In this way, all adjacent layers of the environment can consume the information. Figure 1 illustrates the proposed environment for a continuous audit process using services and XBRL.
Figure 1:
A physical and logical data communication infrastructure is proposed to provide effective integration between the various layers of the environment. Physics is based on a service bus and the logic for representing information through XBRL technology.
XBRL Taxonomy
As far as the taxonomy is concerned, its distribution in the architecture allows its integration with all other layers. The use of the XBRL taxonomy standardizes the representation of the data, as well as the way to exchange them, which allows all the layers to have in their internal structure a unique pattern of data representation, whose facts and information are declared in the XBRL instances.
We proposed the adoption of an XBRL taxonomy as the standard of data representation to be shared by the framework. XBRL is an international standard for the representation of financial and, consequently, audit data. From this communication infrastructure, physical and logical, six layers are defined. These will be discussed in the following sections.
Corporate Environment
The corporate environment layer is composed of the organization's information systems financial database, accounting, and other information and data sources. It is suggested to perform a mapping of these systems, analyzing their characteristics, technological aspects and, mainly, the domain for which each software is used. The result of this mapping is a semantic standardization of systems and data. For this, it is necessary to develop an organizational ontology and an ETL (Extract, Load, and Transformation) process, which is represented in the next layer of the architecture. The ontology is essential to map and standardize the concepts and terms of the organizational environment and in this way to harmonize the interaction between the information systems. This will favor interoperability and reuse of data and systems. The ETL process will serve to extract data from the various organizational database and from the XBRL taxonomy load them into an XBRL database. Standardizing the representation of data.
This mapping also contributes to the identification of new requirements that may eventually lead to the need to include or adapt services, favoring alignment between technology and business requirements.
Extraction Service
The extraction service layer brings together the services required for data integration. The services are responsible for collecting the information distributed in the corporate environment, gathering them to be sent to the standardization service that will convert to the XBRL format, in agreement with the taxonomy used, so that all the adjacent layers of the model may consume (use) this information.
The exchange of messages between the services and the layers is performed through the Enterprise Service Bus (ESB), which through the SOAP protocol (Simple Object Access Protocol) or REST (Representational State Transfer) allows the consumption and provision of the services of this layer.
The services available in this layer are materialized in the form of web services, which must be programmed to meet integration requirements necessary to build the information collection and retrieval environment.
It is important to emphasize the importance of defining the limits or scope of the information retrieval from the corporate environment. This model maintains its focus on the information domains of the corporate environment layer. Thus, in the form of services, domains interrelate to form the organization's ongoing audit environment, which will be important for integration of environmental data, i.e. a given set of services should always be linked to at least one domain information, so that the provision of services values cohesion in the relationship between domains, services and the low coupling inherent in technologies based on web services.
This layer is part of the ETL process. We propose the use of the XBRL Abstract Model specification to map the data of the relational environment, commonly existing in the databases of the organizations, to the context of XBRL. The XBRL Abstract Model is a specification that from an XBRL taxonomy allows the construction of relational databases based on the structure of the XBRL 2.1 specification (XBRL International, 2012). With this, there is complete integration between relational data environments and the XBRL taxonomy, facilitating the ETL process and making database maintenance independent of the database.
Standardization Services
This layer has the objective of standardizing the form of representation of the information, coming from the layers of Services of Extraction and Corporate Environment, through the XBRL taxonomy. Like the other two layers, this is a part of ETL process. Data retrieved from the corporate environment is organized from the XBRL taxonomy, creating the XBRL instance, i.e. the document that contains the data. Consequently, the XBRL instance contains the data that portrays the organization's information to be audited. The entire process of information exchange is standardized and organized for later retrieval periodically in the form of reports. This data recovery and standardization environment must be based on a data model based on the XBRL Abstract Model.
It is hoped by this standardization that organizations can develop a forward-looking management strategy based on consistent and real-time information, assisting stakeholders in decision-making.
Persistence Services
The function of this layer is to store the organization's monitoring reports in a data repository so that analysts/stakeholders can have access to this data, which will allow better management in the data analysis of their sustainable practices. This layer is a final part of ETL process, and the relational database is modeling using the XBRL Abstract Model.
From the various XBRL instances stored in this layer, queries can be made by providing the use of knowledge discovery and analysis techniques (e.g., OLAP, data mining, trend analysis) to support decision making. It is proposed that this repository is based on the XBRL Abstract Model; thus not only the XBRL documents but the relational model is based on the XBRL. Through this repository it is possible to retrieve and analyze information from specific reports, both current and historical, queries and comparisons between documents, as well as the use of this information by other informational systems.
In this layer, two databases can be used: One using XML technology and other on relational technology, both based on the XBRL Abstract Model. The first allows the preservation of the syntactic and semantic structure of the analyzed XBRL documents (i.e., instances, link bases, and schema), without the need to modify them to other data formats (e.g., relational). Regarding the performance during data processing, it is observed that the relational repositories are more efficient, especially when it comes to OLAP systems. Although they are more performance-efficient, they require an additional process (i.e. ETL), due to the change of format from XML to relational, but being based on the XBRL Abstract Model, the semantic structure of the taxonomy and instances is preserved.
Audit Services
Regarding audit services, its position in the architecture allows it to be continuously interconnected with all other layers. In this layer, there are two components: the web services Audit and an OLAP Server and data mining (SILVA et al., 2012). The first component should contain the services that are intended to audit the data. The data mining and OLAP server will allow the performance of analytical processing on XBRL data and infer information with data mining techniques.
Distribution Services
The distribution layer is intended to provide evidence of the company's information. To maintain the alignment between stakeholders and their different demands for information, this layer is conceptually subdivided into two categories: (1) internal stakeholders, whose concerns are linked to the continuous monitoring of organizational indicators, and the category of (2) external stakeholders whose interest is focused on the use of the reports to know the initiatives, economic-financial stability and other information of the organization. Internal stakeholders, the organization itself, its owners, directors, managers, employees and all directly involved with the objectives of the company or project are defined as the external stakeholders group, which can be made up of governors, clients, investors, shareholders, community local and all that affect or are affected by the company or project.
This proposal of analysis and distribution of information seeks to mitigate the barriers imposed by the formatting used in conventional reporting models since the distribution formats proposed here should be based on international data communication standards, i.e., XBRL and derived technologies. Therefore, it is proposed that the distribution layer be responsible for receiving the instances of XBRL documents and distributing them.
Two aspects are evidenced in the internal stakeholders' category: (1) Indicators, which consist of real-time retrieval of previously established indicators and (2) XBRL Instances, which make feasible beyond analysis, the easy integration of this information with other information systems organization or third parties. The taxonomy used guarantees the understanding about the semantic nature of the evidenced facts.
It can be observed that the distribution layer represents an essential ally in the process of engagement and maintenance of the organization's performance. In this way, it benefits the external stakeholders, as it will represent a tool in the follow-up of the company's initiatives in its areas of operation. Regarding internal stakeholders, it will enable continuous monitoring of its performance and, consequently, contribute to the constant improvement of its indicators.
It is hoped that through this presented architecture the means to mitigate problems of access and standardization of the information about the performance of the organizations can be offered.
4 Conclusion
In this work, we presented a service framework to continuous audit based on the XBRL rules. This framework can contribute to the development of a model that is able to simplify the collection, analysis, comparison and disclosure of data. It is expected that through this work and the use of technology involving SOA (Service Oriented Arquiteture) and XBRL, the framework can bring greater reliability and security to stakeholders.
Some research contributions may be listed as: provide a standardization of data and nomenclatures for the data used by Continuous Audit procedures; Re-use of previously developed detection and analysis algorithms; Reduction of the development and implementation costs of the processes of continuous audit in the organizations due to the standardization of data and the reutilization of algorithm; Encourage the creation of a repository of public access algorithms; An harmonized environment of data and systems.
This paper also contributes to the literature with the deepening of ways to access, structure and collect critical and necessary data for CA, as well as creating a basis for future research with the integration of extraction, analysis and exception detection algorithms that are used by CA
References
AICPA, American Institute of Certified Public Accountants. CPA SYSTRUST Service - A new Assurance Service On Systems Reliability, Assurance Services, 1999.
ALLES, M.; BRENNAN, G.; KOGAN, A.; VASARHELYI, M. Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens. International. International Journal of Accounting Information Systems. V. 7, N. 2, 2006, p. 137-161. DOI: 10.1016/j.accinf.2005.10.004
ALLES, M.; KOGAN, A.; VASARHELYI, M. Putting continuous auditing theory into practice: Lessons from two pilot implementations. Journal of Information Systems. V. 22, N. 2, 2008, p. 195-214. https://doi.org/10.2308/jis.2008.22.2.195
BERNHARD, A. How Big Data brings BI, predictive analytics together, 2012. Access in http://www.cio.com/article/716726/How_Big_Data_Brings_BI_Predictive_Analytics_ Together.
BUMGARNER, N.; VASARHELYI, M. Continuous Auditing - A New View, Audit Analytics and Continuous Audit: Looking Toward the Future. New York: AICPA, 2015.
CICA / AICPA, Continuous Auditing, Research Report. The Canadian Institute of Chartered Accountants. Toronto, Ontario. 1999.
DEBRECENY, R.; GRAY, G.; THAM, W.; GOH, K.; TANG, P. The Development of Embedded Audit Modules to Support Continuous Monitoring. International Journal of Auditing. V. 7, N. 2, 2003, p. 169-185. https://doi.org/10.1111/1099-1123.00067
DULL, R.; TEGARDEN, D.; SCHLEIFER, L. ACTVE: a proposal for an automated continuous transaction verification environment. Journal of Emerging Technologies. Vol. 3, N. 1, 2006, p. 81-96.
ELLIOTT, R. Assurance services and the audit heritage. CPA JOURNAL. V. 68, N. 6, 1998, p. 40.
ELLIOTT, R.; KIELICH, J. Expert systems for accountants. Journal of Accountancy, 1985, p. 126.
FLOWERDAY, S.; BLUNDELL, A.; VON SOLMS, R. Continuous auditing technologies and models: A discussion. Computer & Security. V. 25, N. 5, 2006, p. 325-331.
GROOMER, S.; MURTHY, U. Continuous auditing of database applications: An embedded audit module approach. Journal of Information Systems. V. 3, N. 2, 1989, p. 53-69.
KOGAN, A.; SUDIT, E.; VASARHELYI, M. Continuous online auditing: a program of research. Journal of Information Systems. V. 13, N. 2, 1999, p. 87-103.
LI, Y. et al. Achieving Sarbanes-Oxley compliance with XBRL-based ERP and Continuous Auditing. Issues in Information Systems. V. 8, N. 2, 2007, p. 430-436
LUCIANO, J.; SILVA, P. A Data Model for SPED Based on XBRL GL, 11th CONTECSI, São Paulo, 2014. Doi: 10.5748/9788599693100-11CONTECSI/PS-666.
MENON, K.; WILLIAMS, D. Long-term trends in audit fees. Auditing: A Journal of Practice & Theory. V. 20, N. 1, 2001, p. 115-136. Doi: https://doi.org/10.2308/aud.2001.20.1.115.
MURTHY, U.; GROOMER, S. Continuous auditing web services model for XML-based accounting systems. International Journal of Accounting Information System. V. 5, N. 2, 2004, p.139-163. https://doi.org/10.1016/j.accinf.2004.01.007
O'REILLY, A. Continuous auditing: wave of the future? Corporate Board. V. 27, N. 160, 2006, p.24.
RATLEY, J. Report to the Nations: On occupational fraud and abuse. 2012. Access in http://www.acfe.com/uploadedFiles/ACFE_ Website/Content/rttn/2012-report-to-nations.pdf.
REZAEE, Z. et al. Continuous auditing: Building Automated Auditing Capability. Auditing. Journal of Practice & Theory. V. 21, N. 1, 2002, p.147-163.
SILVA, P. et al. Analytical processing over xml and xlink. International Journal of Data Warehousing and Mining (IJDWM). V. 8, N. 1, p. 52-92, 2012.
SILVA, P. XBRL Extensible Business Reporting Language Conceitos e Aplicações. Rio de Janeiro: Ciência Moderna, 2006.
SILVA, W. Auditoria contínua de dados como instrumento de automação do controle empresarial. 2012. Tese (Doutorado em Sistemas Digitais) - Escola Politécnica, Universidade de São Paulo, São Paulo, 2012.
TALEB, N. The Black Swan: The Impact of the Highly Improbable. New York: Random House, 2010.
VASARHELYI, M. et al. The acceptance and adoption of continuous auditing by internal auditors: A micro analysis. International Journal of Accounting Information Systems. V. 13, N. 3, 2012, p. 267-281.
VASARHELYI, M.; ALLES, M.; WILLIAMS, K. Continuous assurance for the now economy. Sydney, Australia: Institute of Chartered Accountants in Australia, 2010.
VASARHELYI, M.; CHAN, D.; KRAHEL, J. (2012). Consequences of XBRL standardization on financial statement data. Journal of Information Systems. V. 26, N. 1, 2012, p. 155-167. https://doi.org/10.2308/isys-10258
VASARHELYI, M.; HALPER, F. The continuous audit of online systems. Auditing: A Journal of Practice & Theory, V. 10, N. 1, 1991, p.110-125.
VASARHELYI, M.; HALPER, F.; ESAWA, K. The Continuous Process Audit System: A UNIX Based Auditing Tool. The EDP Auditor Journal. V. 3(3), 1995, p.85-91.
VASARHELYI, M.; ROMERO, S.; KUENKAIKAEW, S.; LITTLEY, J. Adopting Continuous Audit/ Continuous Monitoring in Internal Audit. ISACA Journal. V. 3, N. 3, 2012, p. 31.
VASARHELYI, M.; ALLES, M.; KOGAN, A. Principles of analytic monitoring for continuous assurance. Journal of Emerging Technologies in Accounting. V. 1, N. 1, 2004, p.1-21.
VIJAYAN, J. (2012). Finding the business value in big data is a big problem. Access in http://www.computerworld.com/s/article/9231224/Finding_the_business_value_in_big_ data_is_a_big_problem
Author notes
Mauricio Mello Codesso. Doctor in Business Administration (UFSC), Brasil. Address: Centro Socioeconômico, Bloco F, Campus Universitário, Trindade, CEP: 88040-970, Florianópolis - SC, Brasil. E-mail: mmcodesso@outlook.com. Phone: +55 (48) 3721-9365
Paulo Caetano da Silva. Pos-Doctoral at Rutgers Business School, USA. Profesor at University of Salvador (UNIFACS). Address: Rua Doutor José Peroba, nº 251, Edf. Civil Empresarial, Sobreloja - STIEP CEP: 41770-235, Salvador - BA, Brasil. E-mail: paulo.caetano@unifacs.br. Phone: +55 (71) 3021-2800
Miklos A. Vasarhelyi. University of California, Los Angeles, Graduate School of Management, Ph.D. KPMG Distinguished Professor of AIS. Rutgers Business School. Address: 1, Washington Park, Room 946. 07102, Newark - NJ, USA. E-mail: miklosv@business.rutger.edu. Mobile: +1(201) 454-4377
Rogério João Lunkes. Pos-Doctoral at Universidat de València, Spain. Professor at Federal University of Santa Catarina (UFSC). Address: Centro Socioeconômico, Bloco F, Campus Universitário, Trindade, CEP: 88040-970, Florianópolis, SC, Brasil. E-mail: rogeriolunkes@hotmail.com. Phone: +55(48) 3721-9000
mmcodesso@outlook.compaulo.caetano@unifacs.brmiklosv@business.rutger.edurogeriolunkes@hotmail.com
Source: https://www.redalyc.org/journal/762/76261661008/html/
0 Response to "Toward Effective Big Data Analysis in Continuous Auditing"
Post a Comment