行政院國家科學委員會補助專題研究計畫成果報告
※※※※※※※※※※※※※※※※※※※※※※※※※
※ ※
※ 連續性審計:分類架構、分析性方法、與應用績效 ※
※
※
※※※※※※※※※※※※※※※※※※※※※※※※※
計畫類別:□個別型計畫
□整合型計畫
計畫編號:NSC89-2416-H-002-111
執行期間:八十九年八月一日至九十年七月三十一日
計畫主持人:吳琮璠
共同主持人:
本成果報告包括以下應繳交之附件:
□赴國外出差或研習心得報告一份
□赴大陸地區出差或研習心得報告一份
□出席國際學術會議心得報告及發表之論文各一份
□國際合作研究計畫國外研究報告書一份
執行單位:國立台灣大學會計學系
中
華
民
國
九 十 年 十 月 二 十 五 日
行政院國家科學委員會專題研究計畫成果報告
連續性審計:分類架構、分析性方法、與應用績效
計畫編號:NSC89-2416-H-002-111
執行期限:89 年 8 月 1 日至 90 年 7 月 31 日
主持人:吳琮璠 國立臺灣大學會計學系
中文摘要 隨著網際網路的快速發展,許多的資 料以電子形式存放,資訊環境的變遷使得 美國會計師協會分別在 1994 年即組成委員 會,研議會計師的因應策略。隨著企業體 以網際網路提供隨時更新的企業報告,包 括財務報表,美國會計師協會與加拿大會 計師協會更呼籲學術界積極從事連續性報 導與連續性審計之相關議題。本研究嘗試 從在那些領域適合使用那些方法的角度建 構連續審計之觀念模式。 關鍵詞:審計、分析性程序、連續性審計、 線上審計 AbstractIn this day and age, with immediate information available, doing a periodic audit (semiannual and annual audit) provides very little relevant information. Continuous auditing with the aids of powerful intelligent agents aimed at putting auditing in the virtual world where most financial information is stored is vitally necessary.
Continuous auditing is a new paradigm. This research attempts to explore some key issues in the establishment of a continuous audit environment.
Keywords: Auditing, Assurance, Attestation,
Internet, eCommerce, Analytical procedures, Data mining, Genetic algorithm
Research Motivation
The report “Continuous Auditing” issued by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants (1999) arrives at three main conclusions:
1. There is a need for a high degree of automation of the processes used to
capture, manipulate, store, and disseminate data related to the subject matter under audit.
2. Research by academics, experimentation by practitioners, and guidance from standard setters is needed to help continuous audit services evolve.
3. Demand for more reliable, relevant, and timely decision-making information is likely to create a need for continuous audits.
Although many corporations have enterprise systems and data warehouse capabilities, their systems lack financial intelligence capabilities, and auditors are unable to recognize the exceptions continuously. In the age of Internet business reporting, continuous auditing is going to play an important role. Academic research is needed.
Research objectives
Research objectives are as follows: Research Objective One is to explore various auditing application domains and develop a taxonomy framework to lay the foundation for further research. The application context could be financial statement attestation, system reliability assurance, eCommerce transaction assurance, Web trust assurance, attestation for mutual fund daily performance and online circulation audit for advertisers.
Research Objective Two attempts to select appropriate continuous auditing analytical tool to achieve various auditing objectives.
Analytical methods that are potentially useful for continuous auditing will be
programming, data mining, and neural network).
Research Outcome
Continuous auditing, in the Information Systems Auditing literature, has classically meant using embedded audit module in the business information systems to detect auditor-specified exceptions from among all transactions that are processed either in a real-time or near real-time environment. We could discover irregularities almost instantly-- not at the end of the year. The exceptions could be written to an auditor's log (called Systems Control Audit Review File) for further review. The embedded audit routine was incorporated into the application system during the design phase of its
development.
Figure1 presents a conceptual model of continuous audits environment.
Figure1: The Conceptual Model of a Continuous Audit Environment
Traditionally, audit evidence collection process generally consists of three major tasks (Arens & Loebbecke 2000). Analytical procedures are applied first to identify critical audit areas. Systems controls are reviewed and tested to assess the
reliability of control (audit of transactions). Finally, substantive detailed tests for the
audit of balances(e.g. examination of source document, confirmation of accounts
receivable, physical observation of inventory) are performed to verify for the accuracy of data, numbers, and information.
The following issues are discussed in a continuous audit environment.
1. Application Context
The research derives a framework for defining different types of continuous
auditing based on its attributes. The attributes considered include the continuous auditing application contexts
-function -industry
-internal or external auditing
The choice of functional areas will probably depend on (1) the importance of higher
frequency auditing for an area, and (2) the ease of deploying continuous audit in that area. as Kogan, et al (1999) identifies cash managements as one area.
Certain industries are more amenable to continuous audit than others. For example, the security industry, much of their data is available almost continuously. Fast and unpredictable changes make it especially important for the stakeholders to know the ongoing state of affairs.
Relative to external auditors, internal auditors seem to have more intimate knowledge of a company’s information systems.
Being new and unproven in the marketplace. It is reasonable to expect that initially only large firms will be able and willing to use COA in external audit engagements.
In addition, there could be 2 levels of continuous audit concept.
Level 1 – an audit regarding the reliability of the client’s system and the security of transmissions of data much like SYSTRUST (AICPA 1999);
Level 2 – an opinion regarding the fairness of the real-time financial statements
provided by the client based upon the continuous audit; and
The continuous audit environment depicted in the model make two basic assumptions. First, there is the assumption that the auditor has the proficiency to
undertake a continuous audit engagement. The second assumption is that there is a
Secure system
Client
Reliable system Continuous Audit EnvironmentAuditor
’s
Web
Web ServerAuditor’sContinuous Audit Agreement Secure Transmission Client’s Web Server Secure system Reliable system
high degree of automation of the processes that capture, store, aggregate, and report information related to the subject matter being audited so that it is available in real-time. This automation applies to three categories of data:
Routine hard data (e.g., Sale price). Non-routine hard data (e.g., periodic
adjustment entities of accruals).
Soft data: Soft data is data with a high
degree of subjectivity that requires judgment by the client’s staff (e.g. net realizable value of inventory).
Automating this type of data is becoming more and more feasible with advances in information technology such as neural networks and intelligent agents [CICA, 1999].
The continuous audit agreement is the contract between the parties participating in a continuous audit arrangement (i.e., the audit firm, the client, the suppliers, and the customers). However, since the auditor will need the capability to retrieve client-specific data from the client’s suppliers (vendors and financial institutions) and customers, the continuous audit agreement should contain language outlining the audit firm’s and the third parties’ understanding of the execution of and responsibility for continuous audit routines.
Intelligent audit agents employed in the continuous audit notify the auditor of a Level 1 exception via email. Once notified, the auditor should determine the cause of the Level 1 exception, and then monitor the steps taken by the responsible party to remedy the problem.
Level 2 exception reports is similar to the issuance of a qualified or adverse opinion presently used by CPA under Statements on Auditing Standards. As with the other levels of assurance reporting, the auditor is notified via email of a Level 2 exception.
2. Mehods
Kinney (2000) noted that analytical monitoring has become increasingly
important in recent years due to the effect of information technology (IT).
To assess the relative health of a business
or misstatement of certain accounts, relations among data variables are expected. The expectation is conditional on the information available to the auditors and the model used to form the expectation.
Major method to analyze the exception and signal the auditors are identified as follows: --Statistical modeling tools for comparing
and testing for reasonableness --Regression models
--Time series parameter contingent models --Stochastic models
--Patterns recognition techniques for financial health and fraud;
--Discriminate analysis --Regression analysis --Logit and Probit models --Data Mining
--Rule Induction
--Neural Network Models --Stochastic models --Genetic Algorithm
--Analytical Tools for Continuous Monitoring (OLAP)
--Matching information from more than one sources for their validity (e.g., Invoices, Receiving Reports, and Purchasing orders )
--Matching behavioral patterns (purchasing, calling, etc.)
--Stochastic models
In addition to running this tool periodically we can run it continuously. The continuous auditing can be the enabler throughstandard models are built for each industry, which define the data to be captured and provide a set of tools to investigate the data in the context of business and financial statement risks. Data capture is provided on an automatically scheduled basis, or at least with the minimum of human intervention, thus minimizing the need for technical support and enabling up-to-date data to be captured frequently. The use of standard
multi-dimensional models facilitates the gathering and sharing of benchmark data across an industry or segment.
Figure2: presents the use of continuous audit tools.
In the establishment of continuous audit environment, there is a need to assess its feasibility in terms of technical and economic feasibility.
In theory accounting information is now almost always recorded and stored in electronic form. Computer networking allows continuous remote access to this information. In practice, however, the great variety of software systems used in enterprises makes it very difficult to develop integrated online auditing systems.
Whether the costs can be lowered to levels that make application cost-effective is the key success factor of continuous audits. The actual system development cost remains substantial if the cost of software development has not benefited significantly from technological developments.
The anticipated effects of continuous audits on direct costs and agency cost, on audit frequency and audit quality, the managerial and behavioural consequences, and the effects on audit practice need to be researched.
There are many other research opportunities, such as estimation of the effects of continuous audits on agency cost. Also experimental psychological studies of human reactions to continuous monitoring need to be conducted.
Reference
[1] A. Lymer, and R. Debreceny. “The Audit of Corporate Reporting on the Internet: Challenges, Institutional Responses and Yet More” Challenges.
[2] AICPA. Overview of Assurance Services. Jersey City, New Jersey: American Institute of Certified Public Accountants, (1997).
[3] AICPA, Continuous Auditing Report,
Jersey City, New Jersey: American Institute of Certified Public Accountants, (1999).
[4] Arens and Loebeckee. Auditing: An Integrated Framework. McGraw Hill, (2000).
[5] Banzhal, Nordin, Keller , and Francone, Genetic Programming: An Introduction: On the Automatic Evolution of Computer Programs and Its Application, Morgan Kaufmann.Boritz, J.E.; Kennedy, D.B.; and Albuquerque, A. Predicting corporate failure using a neural network approach. Intelligent Systems in Accounting, Finance and Management, 4, 2 (1995), 95-111.
[6] Breiman, L.; Friedman, J.H.; Olshen, R.A.; and Stone, C.J. Classification and Regression. Montetrey, CA: Wadsworth and Brooks, (1984).
[7] Canadian Institute of Chartered Accountants. Research Report on Continuous Auditing. Toronto, 1999. [8] Carter, C and Catlett, J. Assessing credit
card applications using machine learning. IEEE Expert, 2, 3 (1987), 71-79.
[9] Charitou, A., and Charalambous, C. The prediction of earnings using financial statement information: empirical evidence with logit models and artificial neural networks. Intelligent Systems in
Accounting, Finance and Management, J, 4 (1996), 199-215.
[10] Chung, H.M., and Tarn, K.Y. A comparative analysis of inductive learning algorithms. Intelligent Systems in Accounting, Finance and
Management, 2, 1 (1993), 3-18.
[11] Currim, I.S.; Meyer, R.J.; and Le, N. A concept-learning system for the
inference of production models of consumer choice. UCLA Working Paper, (1986).
[12] Elliott, R.K., “ The future of audits,” Journal of Accountancy (September 1994): 74-82.
[13] Elliott, R.K. and Pallais, D.M., “ Are you ready for new assurance services?” Journal of Accountancy (June 1997a): 47-51.
[14] Elliott, R.K. and Pallais, D.M., “First:
Real Time Assurance tools
Client information Audit Guidance Benchmarks Data model Standard analytics Benchmarks Standard & ad hoc reports Exception and highlights reporting Industry audit co-ordination Audit Engagement Scheduled Data collection Data
Know you market,” Journal of Accountancy (July 1997b): 56-63. [15] Elliott, R.K. and Pallais, D.M.,
“ Building on your firm's strengths,” Journal of Accountancy (August 1997c): 53-58.
[16] Elliott, R.K. and Pallais, D.M. “To market, to market we go,” Journal of Accountancy (September 1997d): 81-86. [17] Fanning, K., and Cogger, K.O. A
comparative analysis of artificial neural networks using financial distress
prediction. Intelligent Systems in Accounting, Finance and Management, 3,4 (1994), 241-252.
[18] Fanning,, K..M., and Cogger, K.O. Neural network detection of management fraud using published financial data. Intelligent Systems in Accounting. Finance and Management, 7(1998), 21-41.
[19] Fanning,, K.; Cogger, K.O.; and
Srivastava, R. Detection of management fraud: a neural network approach. Intelligent Systems in Accounting Finance and Management, 4,2 (1995), 113-126.
[20] Fayyad, U., Piatetsky-Shapiro, G., and Smyth, P. From Data mining to
knowledge discovery/in databases. Al Magazine, 17,3 (1996), 37-54.
[21] Frudnitski, G.; Do, A.Q.; and Shilling, J.D. A neural network analysis of mortgage choice. Intelligent Systems in Accounting Finance and Management, 4,2 (1995), 127*135.
[22] Helms, G.L. J.M. Mancino. Information technology: attest functions, CPA Journal, 69, 5, (May 1999). 62-63.
[23] Hess, T. J., Rees, L. P., and Rakes, T. R., “Using Autonomous Software Agents to Create the Next Generation of Decision Support Systems,” Decision Sciences,
31, 1, (Winter 2000). p1-31.
[24] Jo, H.; Han, 1.; and Lee, H. Bankruptcy prediction using case-based reasoning, neural networks, and discriminate analysis. Expert Systems with Applications, 13,2 (1997), 97*108. [25] Kogan, A., Sudit, E. F., and Vasarhelyi,
M. A., “Continuous Online Auditing: A
Program of Research,” Journal of Information Systems, 13,2, (1999). p.
87-103.
[26] Koreto, R.J. “In CPAs we trust,” Journal of Accountancy (September 1997) [27] Kinney, William R., Information
Quality Assurance and Internal Control for Management Decision Making, McGraw Hill
[28] Liang, T.P. A composite approach to inducing knowledge for expert system design. Management Science 38, 1 (1992), 1-17.
[29] Liang, T.P.; Chandler, J.S.; Han, 1.; and Roan, J. An empirical investigation of some data effects on the classification accuracy of probit, ID3, and neural networks. Contemporary Accounting Research, 9, 1 (1992).
[30] Messier, W.F., and Hansen. J.V. Inducing rules for expert system
development: an example using default and bankruptcy rules. Management Science, 34, 12 (1988), 1403-1415. [31] Olson, D.H. and Cooney. V. The
strategic benefits of data warehousing: an accounting perspective. Information Strategy: The Executive’s Journal. Winter 2000.
[32] Quinlan, J.R. C4,5: Programs for machine learning. San Mateo, CA: Morgan Kaufmann. (1993).
[33] Ragothaman, S., and Naik, B. Using rule induction for expert system development: the case of asset writedowns. Intelligent Systems in accounting Finance and Management, 3, 3(1994), 187-203.
[34] Shaw, M.J., and Gentry, J.A. Using an expert system with inductive learning to evaluate business loans. Financial Management, 17, 3 (1988), 45-56. [35] Spangler, W.E. J.H. May. and L.G.
Vargas. Journal of Management
Information Systems, 16,1 (Summer99). p.37-62.
[36] Tam, K., and Kiang, M. Managerial applications of neural networks: the case of bank failure prediction. Management Science, 38,7 (1992), 926-947.
