A Framework for Identifying Potential Synergistic Combinations of Continuous Auditing and XBRL Glen L. Gray, Ph. D, CPA California State University, Northridge Rick S. Hayes, Ph. D, CPA California State University, Los Angeles
Simple Question/Complex Answer n n Question: Where can synergy best be achieved between XBRL and continuous auditing? Answer: Complex m x n problem space, where m is the alternative dimensions of continuous auditing implementations and n is the alternative characteristics of XBRL implementations. Continuous auditing can be m 1 x m 2, where m 1 is many definitions of continuous and m 2 is many definitions of auditing “…‘continuous’ is a malapropism. ” Mc. Cann (2009)
Simple Question/Complex Answer The missing word: population n Continuous auditing is almost always 100% population sample n Hidden cost: What about massive false positives? n Hidden risk: What about missed smoking gun? n 2 -step process: (1) CA, then (2) sample CA results n
Client-side XBRL Data Hub
Populating the XBRL Data Hub n Centralized Conversions Conversion at data hub n Data hub holds legacy and XBRL data n n Distributed Local Conversions Conversion at/near source n Data hub holds XBRL data n n Native XBRL No conversion n Data hub holds XBRL data n
Benefits/Costs Dimensions Implement any CA: Benefits > Costs n Benefits n n Tangibles n Increase revenue n Reduce costs (efficiency) n n n XBRL = economy of scale Shifting skill level of auditors [Reduce specialists] Intangibles n Audit through vs. around the computer n Internal audit effectiveness [Direct data access] n External audit effectiveness [Indirect data access]
Benefits/Costs Dimensions n SOX Paradigm Shift Both companies and auditors n Impacts cost-benefit equations n Section 302 n n Cascade n approach Section 404 n Fees drive search for productivity
Benefits Who?
Time Dimension
Other Dimensions n Integration Dimension n Bolt-on, after-the-fact n XBRL-FR n & XBRL-GL Native n XBRL-GL n Push vs. Pull Push = information automatically sent n Pull = information sent on-demand n
Other Dimensions n Ownership dimension n The client n Built n The external auditor n Built n into current IT architecture into CAAT toolbox Process vs. data dimension XBRL = data representation n However: Bolt-on is a process n
Other Dimensions n Which time interval? n Time between event and CA transmits information n Embedded n Time between CA transmits information and someone reviews the information n Immediate n audit modules vs. periodic CA vs. periodic System demands n One-table lookup vs. multiple-table lookups vs. calculations (e. g. , average purchase)
Auditor-side XBRL Implementation
Preliminary Conclusions n CAi = f (ETi, RTi, AAi, ASi, TDi, SIi, RUi, PPi, XIi, XTi, CBi) ETi = Extraction Timing interval n RTi = Review Timing interval n AAi = Audit Audience n ASi = Audit Subject matter n TDi = Test Demand on CPU n SIi = System Integration n RUi = Repeatable Utilization n
Preliminary Conclusions n CAi = f (ETi, RTi, AAi, ASi, TDi, SIi, RUi, PPi, XIi, XTi, CBi) PPi = Push or Pull approach n XIi = XBRL Integration (bolt-on vs. native) n XTi = XBRL Taxonomy n CBi = the resulting Cost/Benefit analysis n
Preliminary Conclusions n XBRL Cherry Picking (Easy Hits) SIi is low (many islands of technology) n AAi is wide (many CA users) n RUi is high (not ad hoc, one-time apps) n If XBRL is bolt-on: RTi is not real time (even if ETi is real time) n n Need real-world measures (cases/simulations)
Some Issues Getting XBRL on the radar (client buy-in) vs. SOX, HIPPA, PCI, Basel, etc. n XBRL staffing and training--client & auditors n Identifying and ameliorating any new security and data integrity issues n Who pays front-end costs? n Reaction plans for more-frequent red flags n Who pushes the STOP button? n When can the STOP button be pushed? n
Questions? Thank You glen. gray@csun. edu
Скачать презентацию A Framework for Identifying Potential Synergistic Combinations of
a2b935b2d0b615db60661474563eb750.ppt