Continuous auditing is possible
assurancenews
New approaches make it viable even for manual processes
BY JEFF REIBEL
Since the Sarbanes-Oxley Act of 2002 and Auditing Standard
No. 5 were issued, momentum continues to shift towards con-
tinuous monitoring or automation solutions.
Such systems are often the focus of cost-reduction efforts, conference presentations
or seminars.
When SOX first came out and transactional
testing was significantly larger, Pricewater-
houseCoopers directly identified such tech-
nology solutions as the key to cost reductions,
noting, “ Technology-enabled auditing, when
deployed as part of a broader continuous au-
diting program, can make the audit process
faster, cheaper, more efficient, and more ef-
fective … . You can also improve assurance
quality because of the new-found ability to
rapidly audit 100 percent of a transaction uni-
verse as opposed to being restricted to data
samples alone.”
Continuous auditing certainly makes a
lot of sense at the transactional level. Since
those early years of SOX, AS5 provided some
relief to public companies by redirecting
compliance efforts towards high-risk areas
and higher-level controls. The change in AS5
allowed companies to reduce transactional
testing while relying more on manual inter-
nal controls, but we continue to hear that
continuous auditing and monitoring are the
wave of the future.
I remember one of the first continuous
monitoring webinars I attended. The very
first question from the audience was, “How
do you continuously monitor a manual
process?” The response from the solution
provider was simple. They monitor items in
the general ledger or items that are already
electronic, which certainly is a piece of the
puzzle, but ignored the reality the participant
was pointing out.
As a former Big Four auditor for over a doz-
en years, I recognized the point being made
by the participant was that his company, like
all other companies, relies heavily on manual
processes and controls, which are typically
performed via Excel, Word, e-mail, paper,
closing binders, etc.
company. Such files and documentation are
not linked to the documented processes. SOX
itself pushed for the documentation of the
process and then required testing after the
fact to make sure evidence existed to prove
the procedure was followed.
Wouldn’t it make more sense to have the
process linked to the control at the very level
of creation of such evidence? Wouldn’t the
controller or accounting manager now be
able to know the items that are not done automatically?
As a former controller, I know that the
items that are missing are where most of
the errors occur, and they likely are missing
because there is a problem. Technology has
made this possible and will help make sure
that the blocking and tackling of producing
manual control support is completed. Having
documentation and signoffs to support a key
control should be a given, and systems can
now monitor for these items on a real-time
basis. There will always be judgment issues
or errors from an accounting perspective, but
the basics should be a given.
IFAC TO BEEF UP ACCOUNTING
EDUCATION STANDARDS
The International Accounting Education
Standards Board, which operates under
the auspices of the International Federation of Accountants, has issued a Strategy
and Work Plan for 2010-2012 with a focus
on enhancing International Education
Standards for accounting and providing
guidance for adoption and implementation of the standards, aiming to prescribe
principles for the learning and development of accountants.
The board plans to focus in the next
two years on revising and improving
the clarity of the education standards;
developing implementation guidance
and quality control measures for education providers; and promoting greater
awareness among academics, regulators
and others of the IAESB’s pronouncements and its role in advancing international debate on emerging issues relating
to the development and assessment of
professional accountants. For more, visit
www.ifac.org/education.
Jeff Reibel, cPA, is founder and cEo of
conexxus LLc, which develops, markets
and supports software and solutions for
accounting, finance and internal audit
departments. Reach him at jeff.reibel@
conexxus.com.
LINKING PROCESS DOCUMENTS
As we know, SOX compliance required new
types of documentation and analysis, such
as process narratives, flowcharts, internal
control risk matrices, supporting documentation and audit programs. Numerous solutions attempted to assist with this portion of
compliance; however, many companies recognized that they could document in Excel or
Word what the process should be, and many
elected not to purchase solutions that solely
focused in this area.
The primary reason was that after documenting the business processes the first time
around, this part of compliance is simply not
that difficult, and the real time is spent in the
data testing and mining procedures.
Auditors do not have supporting documentation at their fingertips, as their evidence and
documents for controls are spread all over the
MONITORING MANUAL PROCESSES
Manual controls continue to be the lifeblood
of companies and auditors nationwide. Certainly, if controls can be automated fully, they
should be, but that may only get a company to
50 percent of controls being automated. Manual controls need to be included in any continuous monitoring or auditing program.
The keys to achieving continuous monitoring of manual processes include deploying
technology that combines file management
and workflow for approvals, but also integrating a process documentation tool that incorporates a rules engine.
Documented processes for most companies are stagnant. They document what is
supposed to happen without regard to what
actually is happening until the audit process
starts. Many solutions allow auditors to put
documentation in as support for their testing,
which helps you understand where the audit
stands, but it will not tell you what is or is not
done in the accounting department today.
And that is mission-critical information.
See coNtiNuouS on 18
PACTER APPOINTED TO IASB
LONDON — Paul Pacter has been named
to a seat on the International Accounting
Standards Board, replacing Jim Leisen-ring, whose term ends in June.
Pacter has served for the past six years
as director of small and midsized entities
for the IASB, and led the development
of the slimmed-down set of International
Financial Reporting Standards for SMEs.
He has decided to serve a two-year term,
rather than the customary five-year term,
and will serve until June 30, 2012. He will
continue to chair the new SME Implementation Group on behalf of the board.
Pacter is expected to continue to help
with the convergence of U.S. GAAP and
IFRS. He previously served as deputy
director of research at the Financial Accounting Standards Board and as executive director of its parent, the Financial
Accounting Foundation. He was also vice
chairman of the advisory council to the
U.S. Governmental Accounting Standards
Board. Since 2000, Pacter has also been
a part-time director in Deloitte’s global
IFRS leadership team and a specialist in
Chinese accounting standards.
