Philip Elsas ComputationalAuditing.com  Vught, The Netherlands  October 5-6, 2010  Dutch Research School for  Information ...
Introduction <ul><li>Since 2003: Company - Canada, Netherlands </li></ul><ul><li>1988-2003: Deloitte.     with ’97-’99 int...
Why is Auditing an interesting Domain for SIKS:  the Dutch Research School for Information and Knowledge Systems? And, why...
Agenda <ul><li>Part II - New risk control mechanisms </li></ul><ul><li>Part I - Smart Auditing:    an auditor (historical)...
What connects part I & II? Owner-ordered auditing: dominating and integrating with management-ordered auditing <ul><li>Qua...
Supercycle M: Majority Owner-Manager S: Sales department B: Buy/Purchase department F: Financial department T: IT departme...
Part I  Smart Auditing:  an auditor (historical) perspective
Abstract   Part I - Smart Auditing:  an auditor (historical) perspective   <ul><li>What originated the audit profession? W...
Agenda   Part I - Smart Auditing:  an auditor (historical) perspective   <ul><li>1840 - 1930: “The early years: pragmatics...
Motivation   Why now? Relevancy Points made by Frank Partnoy: Roosevelt Institute, March, 2010 US$ 600,000 Billion derivat...
Motivation Why now? Relevancy Points made by Rick Bookstaber: U.S. House of Representatives,  Committee on Science and Tec...
Motivation   Why now? Relevancy   Prolonged “License to gaming the system”:   “Moral hazard is worse than ever” <ul><li>Ou...
<ul><li>The notes have not been and will not be registered under the United States securities act of 1933, as amended (the...
Today’s audit challenge No.1 International Federation of Accountants (IFAC),  “Financial Reporting Supply Chain” “ Shareho...
Today’s audit challenge No.2 International Federation of Accountants (IFAC),  “Financial Reporting Supply Chain” “ Moving ...
Today’s challenges <ul><li>“ Thus, the most important factor is society’s needs, and the related factor that interacts wit...
Addressing today’s challenge no.1 <ul><li>Why don’t we allow shareholders to substantiate their ownership responsibilities...
<ul><li>Financial institutions are exposed to more moral hazard than ever before. Why not measure systemic risk while it’s...
Agenda   Part I - Smart Auditing:  an auditor (historical) perspective   <ul><li>1840 - 1930: “The early years: pragmatics...
1840 - 1930: United Kingdom <ul><li>The auditing profession originated in the second half of the nineteenth century in the...
Annual company accounts Categorized states do convey  position  information at one point in time:  the end of the audit pe...
1840 - 1930: United States of America  (1/2) <ul><li>At the end of the 19th century, industrial growth also led to an  inc...
<ul><li>Until approximately 1930, the demand for audits by management, bankers and potential stockholders existed in the U...
Who are owners? Who is management? <ul><li>Private equity vs. operational management </li></ul><ul><li>Public raised equit...
1840 - 1930: The Netherlands  (1 of 3) <ul><li>Contrary to the Anglo-American historical evolution, auditing in the Nether...
<ul><li>In the Netherlands, the primary reason for the origin of the independent audit was the creation of the  division  ...
<ul><li>In other words, the independent audit in the Netherlands originated from the need to verify the accounting of the ...
1840 - 1930: Two Main Ways of Audit Owners Management Potential  Owners Management-ordered audit, to attract new investors...
Owner-ordered audit: an example <ul><li>Your client is a hotel franchisor. With lots of franchisees. The franchisor wants ...
Agenda   Part I - Smart Auditing:  an auditor (historical) perspective   <ul><li>1840 - 1930: “The early years: pragmatics...
1930-1990: Branching scientific approaches Dutch evolutionary branch Anglo-American evolutionary branch practical- inducti...
1930 - 1990: Branching approaches <ul><li>The owner-ordered audit tradition integrates the approach of the management-orde...
Introduction Prof. J.H. Blokdijk RA <ul><li>Nestor of Dutch auditing discipline </li></ul><ul><li>Inventor ‘irreplaceable ...
Annual company accounts
Contribution by Prof. J.H. Blokdijk RA On the basis of the previous slide I may explain the Dutch approach to substantive ...
Contribution by Prof. J.H. Blokdijk RA Dutch auditors have also given thought to something called ‘auditability’. For the ...
Contribution by Prof. J.H. Blokdijk RA The problem can be illustrated with the following example. It involves invoices for...
Contribution by Prof. J.H. Blokdijk RA Similar considerations apply to the receipt of goods and the performance of service...
Contribution by Prof. J.H. Blokdijk RA ‘ Non-reproducible’ internal controls Even though there are internal controls that ...
Contribution by Prof. J.H. Blokdijk RA So what should auditors do about ‘the system of internal control’? Firstly, they sh...
Owner-ordered audit  concepts & methods:   ‘Crown jewels’ <ul><li>Supercycle concept – client’s top-level business process...
Supercycle: top-level business process Schmalenbach (1929), Limperg (1926, 1930’s), Abr. Mey (1936), Burgert (1957), Starr...
<ul><li>Law 1.  Rational relation between consumed resources &   produced products and/or services:           per type of...
Supercycle-based auditing, model-based auditing … Begin End Purchase price Sales price Buy transaction Money buffer Goodsb...
Supercycle-based auditing 10,000’s man years of conceptualization  and abstraction,  integrated with  proof in practice,  ...
Starreveld  et al.  Typology of Top-cycles Frielink  et al. Supercycle- backboned Audit Approach  Volumes 1, 2a, 2b, etc. ...
Accounting Organization / Internal Control (AO/IC) <ul><li>The Accounting Organization (AO) can be envisaged as the inform...
Accounting Organization / Internal Control (AO/IC) <ul><li>The AO is the producer of the financial statements. Since error...
Accounting Organization / Internal Control (AO/IC) <ul><li>Internal Control (IC) consists of: </li></ul><ul><li>(i) intern...
Audit-technical segregation of duties <ul><li>Restrict every agent’s access to only a limited amount    of links in the su...
Supercycle & AO/IC The owner-ordered tradition introduces the concept of a quasi-goods stream for bonus rights – integrate...
Accounting Organization / Internal Control (AO/IC) 1.  Control measures vs. check & control activities 2.  Preventive, det...
Owner-ordered audit: an example <ul><li>Your client is a beer brewing company. Delivering to retailers, pubs and events. W...
Agenda   Part I - Smart Auditing:  an auditor (historical) perspective   <ul><li>1840 - 1930: “The early years: pragmatics...
Computational formalization, with fully continued, proven & improved software base <ul><li>1990 - 1996: Initiated in Smart...
<ul><li>p.334 </li></ul>p.337 Builder Player Specified Audit Methods drive  integral Planning, Execution & Documentation P...
Smart Audit Support’s document index related to Deloitte’s International Audit Approach (1990’s) p.336 p.62 Example audit ...
Process-based Cost Price: connector for  stream of money and stream of goods & services volume cost price spanning supercy...
Agenda   Part I - Smart Auditing:  an auditor (historical) perspective   <ul><li>1840 - 1930: “The early years: pragmatics...
<ul><li>Pull side </li></ul>Match-making between ‘pull’ & ‘push’ Internationalize the owner-ordered audit method.  This re...
Part II  New risk control mechanisms
What connects part I & II? Owner-ordered auditing: dominating and integrating with management-ordered auditing <ul><li>Qua...
Abstract   Part II - New risk control mechanisms   <ul><li>The current financial crisis -- from bank balances to state   b...
Agenda   Part II - New risk control mechanisms   <ul><li>Supercycle: interface between organization & auditor </li></ul><u...
Supercycle: interface between organization & auditor http://www.ComputationalAuditing.com/images/Kring.swf 1. Purchase 2. ...
Soll: To Be, normative Ist: As Is, representative Soll & Ist modalities
Agenda   Part II - New risk control mechanisms   <ul><li>Supercycle: interface between organization & auditor </li></ul><u...
Qualitative: Soll & Authorizations purchaser purchase registrar cash disburser cash disbursement registrar goods receiver ...
Qualitative: Ist & Abilities legitimate Soll as part of Ist illegitimate Ist, extending Soll Legend pp. 165-172 & 286-289
Qualitative: Cake cutting Mathematics, game theory How to use segregation of duties to let a group take care of getting an...
Qualitative Audit Analytics: assessing an incentive & authorization structure on segregation of duties from an owner’s per...
INAA, SRA Case Output: Solo-Fraud Base  Potential Solo-Fraud Qualitative Audit Analytics ‘ Ist’ action primitives Why are ...
Qualitative Audit Analytics - SoD X-Raying Segregation of Duties:  Support to Illuminate an Enterprise’s Immunity to Solo-...
Agenda   Part II - New risk control mechanisms   <ul><li>Supercycle: interface between organization & auditor </li></ul><u...
<ul><li>Law 1. Normative Relation between Consumed and Produced </li></ul><ul><li>Profit resulting from: </li></ul><ul><ul...
Quantitative: Completeness by  Spanning Reconciliation Checks 7)   (A/R) B  +  Sales  +  TS  – (A/R) E      C/R 6)   COGS...
Owner-ordered audit: an example <ul><li>Your client, the hotel franchisor, with lots of franchisees, hears from an acquain...
Agenda   Part II - New risk control mechanisms   <ul><li>Supercycle: interface between organization & auditor </li></ul><u...
Jacquard project:  Next Generation Auditing: Data Assurance as a Service <ul><li>Project lead: CWI, the Dutch national    ...
Jacquard: key audit phases 1.  Ist supercycle mining    Extend process mining to focus on client’s top-level    business p...
Jacquard: project goals 1.  Design and implementation of DSL for representing    supercycle business models 2.  Querying o...
Phase 1: Ist supercycle mining   Input : event log with journals, e.g. SAP Output : smart flowchart Based on: “Towards a C...
Phase 1: Ist supercycle mining  M: Majority Owner-Manager S: Sales department B: Buy/Purchase department F: Financial depa...
Phase 2: Identify Soll in Ist Identify Soll supercycle by excluding Ist flows,  based on automatically identified candidat...
Scientific foundation: rationally rigorous. With mathematical & computational formalization. Superbly suited for the digit...
Phase 3: Continuous auditing  http://www.ComputationalAuditing.com/images/Kring.swf Confront a stream of business events t...
Phase 3: Continuous auditing  Confront a stream of business events to Soll, close-to-real-time Answers the question: “Free...
Phase 4: Aggregate deviations  Builder What do the arrows mean? E.g. Table A1.2.1 accumulates risks regarding the assertio...
Phase 4: Aggregate deviations  Based on: Sun, Srivastava & Mock, 2006  “An Informa-tion Systems Security Risk Assessment M...
2  Receivables 3  Inventories + = <ul><li>Aggregation in XBRL:  </li></ul><ul><li>Calculation linkbase </li></ul><ul><li>X...
Phase 5: Publish deviation top-10 Publish on interactive dashboard Supercycle as dashboard Drill-down  on analytics Planni...
Jacquard project:  Next Generation Auditing: Data Assurance as a Service demo by Jacques de Swart, PricewaterhouseCoopers ...
Agenda   Part II - New risk control mechanisms   <ul><li>Supercycle: interface between organization & auditor </li></ul><u...
Nexus micro-macro: financials, consolidated  “ Hans Rosling shows the best    stats you've ever seen” “ Preparing for an a...
Nexus micro-macro: sustainability  <ul><li>Now you’ve had your crash course in owner-ordered auditing. Can someone explain...
Nexus micro-macro: Web infrastructure  <ul><li>Banking & rating agency utility functions:    -  fund transfers, account ke...
Nexus micro-macro: SWOOPs  Facilitate launching of  S elf   W eb- O rganized  O wning  P arties <ul><li>Which owner group ...
Agenda   Part II - New risk control mechanisms   <ul><li>Supercycle: interface between organization & auditor </li></ul><u...
<ul><li>Pull side </li></ul>Match-making between ‘pull’ & ‘push’ Internationalize the owner-ordered audit method.  This re...
Golden opportunity for the Netherlands Why, and how, the present financial crisis is driving owner-ordered auditing core c...
<ul><li>Your Questions </li></ul>
Upcoming SlideShare
Loading in …5
×

SIKS Smart Auditing Elsas

3,463 views

Published on

Contribution to Smart Auditing PhD course

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,463
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
58
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • In between Initial &amp; Final States. Normative relationship between 1. generated margin and 2. amount of labour, frequency of business transactions
  • Example BETA-equation system from Frielink’s et al. Auditing Education Literature 10,000’s man years of conceptualization. proven in practice, over decades. Recognized High Quality Audit. Very well suited for automated support. As is already done + pilots.
  • The Flow of Money is presented above the horizontal line “from right to left”. The Flow of Goods/Services is below and “from left to right”. Animation. Not for simulation: real data. Diagram of the value cycle for a commercial business in a format the computer can understand and analyze. A sales results on one hand in a sales order and on the other hand in a $2 debtor. A purchase results in a $1 creditor and a purchase order. Section I contains money due FROM others (debts of others, other companies, to this company; the debtors, the company’s accounts receivable); Section II , contains money due TO others (other companies; the creditors, the company’s accounts payable). Section III contains goods/services due FROM other companies, and Section IV contains goods/services due TO other companies, or private individuals. The two Sections N show the company’s possessions in cash and goods. The diagram shows the value cycle in an error-free Soll modality. However, this value cycle also exists in an Ist modality, in which also erroneous, illegitimate transactions are recognized in addition to the error-free, legitimate ones. These erroneous transactions may or may not be intentional. The diagram for the Ist value cycle is automatically generated from that for the Soll. The cash flow runs above the horizontal line; the flow of goods and services, below it. Section I contains the company’s accounts receivable; Section II , its accounts payable. Section III contains goods and services due from other companies and Section IV contains goods and services due to other companies. The two Sections N show the company’s possessions in cash and goods. * Executable Model * - in “Play” mode, extremely close to Mental Model Shows illustrative process: Purchase, 2. Accept Goods, 3. Sales, 4. Collect(1st) &amp; Deliver [concurrently], 5. Pay and 6. Collect(2nd) Results in: one coin, margin between sales price ($2) and purchase price ($1) Transformation process. Transforming transaction occurrences, labour, into margin. Abstract machine/model to transform labour into margin. Normative relation between amount of labour and amount of margin. Process mathematics: Petri nets -&gt; Audit nets. Quantitative: Reachability, spanning checks, Initial &amp; Final State (inspected) Qualitative: T-invariants for auth &amp; able
  • Modalities: Soll (as it should be, normative) &amp; Ist (as it is, reality) German, Schmalenbach Soll Process Structure - Ist Process Structure Arrows: Confrontation (mental) Model based audit
  • Constraints. E.g. on associating agents to buffers, for Auth &amp; Able. Alert for Able: ‘ Other maintenance resources’: include ‘f’ ‘ Maintenance man-hours’: include ‘f’ No alerts for agent associations to transactions.
  • Structural A-Invariant for Soll system BETA-equation is just projection/selection for one buffer
  • The Flow of Money is presented above the horizontal line “from right to left”. The Flow of Goods/Services is below and “from left to right”. Animation. Not for simulation: real data. Diagram of the value cycle for a commercial business in a format the computer can understand and analyze. A sales results on one hand in a sales order and on the other hand in a $2 debtor. A purchase results in a $1 creditor and a purchase order. Section I contains money due FROM others (debts of others, other companies, to this company; the debtors, the company’s accounts receivable); Section II , contains money due TO others (other companies; the creditors, the company’s accounts payable). Section III contains goods/services due FROM other companies, and Section IV contains goods/services due TO other companies, or private individuals. The two Sections N show the company’s possessions in cash and goods. The diagram shows the value cycle in an error-free Soll modality. However, this value cycle also exists in an Ist modality, in which also erroneous, illegitimate transactions are recognized in addition to the error-free, legitimate ones. These erroneous transactions may or may not be intentional. The diagram for the Ist value cycle is automatically generated from that for the Soll. The cash flow runs above the horizontal line; the flow of goods and services, below it. Section I contains the company’s accounts receivable; Section II , its accounts payable. Section III contains goods and services due from other companies and Section IV contains goods and services due to other companies. The two Sections N show the company’s possessions in cash and goods. * Executable Model * - in “Play” mode, extremely close to Mental Model Shows illustrative process: Purchase, 2. Accept Goods, 3. Sales, 4. Collect(1st) &amp; Deliver [concurrently], 5. Pay and 6. Collect(2nd) Results in: one coin, margin between sales price ($2) and purchase price ($1) Transformation process. Transforming transaction occurrences, labour, into margin. Abstract machine/model to transform labour into margin. Normative relation between amount of labour and amount of margin. Process mathematics: Petri nets -&gt; Audit nets. Quantitative: Reachability, spanning checks, Initial &amp; Final State (inspected) Qualitative: T-invariants for auth &amp; able
  • SIKS Smart Auditing Elsas

    1. 1. Philip Elsas ComputationalAuditing.com Vught, The Netherlands October 5-6, 2010 Dutch Research School for Information and Knowledge Systems (SIKS) 2010 Advanced Course on Smart Auditing Part I - Smart Auditing: an auditor (historical) perspective Part II - New risk control mechanisms
    2. 2. Introduction <ul><li>Since 2003: Company - Canada, Netherlands </li></ul><ul><li>1988-2003: Deloitte. with ’97-’99 intermezzo at Bakkenist Management Consultants, sold to Deloitte. </li></ul><ul><li>1990-1996: PhD Computational Auditing </li></ul>- Principal, chief architect & inventor of Smart Audit Support - Smart Audit Support: since 1994 key in Deloitte’s worldwide audit practice. Currently integrated in ‘The Deloitte Audit’ - System blueprint in chapter 5 of … - PhD in Mathematics & Computing Science on Financial Auditing - In parallel to Smart Audit project, 30% part-time, Vrije Universiteit - Directly after appearance awarded with the biennial Alfred Coini Prize for the best publication in Auditing Offering software and consultancy services to innovate audit practices and audit software firms The Dutch Tax Office used Computational Auditing in 2001-2003 as frame of reference to compare Big 4 planning and decision-support models & systems to investigate how to improve audit productivity (57 page report); considers Smart Audit Support ‘leader of the pack’
    3. 3. Why is Auditing an interesting Domain for SIKS: the Dutch Research School for Information and Knowledge Systems? And, why now? <ul><li>Auditors pass judgment on SIKS systems </li></ul>Organizational Context <ul><li>In doing so, auditors use their own SIKS systems </li></ul>Information & Knowledge Systems Internal & External Auditing <ul><li>Dutch auditing embodies unique & wanted (that’s new) concepts; need smart digital support to internationalize </li></ul>
    4. 4. Agenda <ul><li>Part II - New risk control mechanisms </li></ul><ul><li>Part I - Smart Auditing: an auditor (historical) perspective </li></ul>
    5. 5. What connects part I & II? Owner-ordered auditing: dominating and integrating with management-ordered auditing <ul><li>Quantitative: completeness of management’s stated profits </li></ul><ul><li>Qualitative: assess irreplaceable internal control to secure actions of agents </li></ul><ul><li>assess what? long-term incentive & authorization structure </li></ul><ul><li>how? segregation of duties serving long-term owner interest </li></ul><ul><li>Supercycle: client’s top-level business process </li></ul><ul><li>from mental model to process model </li></ul><ul><li>unifying quantitative and qualitative </li></ul>Why, and how, the present financial crisis is driving owner-ordered auditing core concepts out of a local past and into a global future
    6. 6. Supercycle M: Majority Owner-Manager S: Sales department B: Buy/Purchase department F: Financial department T: IT department W: Warehouse manager L: Labor/salary accounts P: Planning department C: Creditor accounts D: Debtor accounts A: Application Agent Legend Agent’s access is associated to: 1. Transactions 2. States 3. Flows Capital letter: authorized, legitimate access Small letter: illegitimate access C b f t F m d D s t A t L f t P t P t W t A t A t S A A L F L F L F M M D F D C B F B F W P P P P W A A A A C m D f t S t A t F t B f t B f t P t W t L f 225 25 200 225 500 25 25 1,000 400 400 100 20 20 20 20 500 400
    7. 7. Part I Smart Auditing: an auditor (historical) perspective
    8. 8. Abstract Part I - Smart Auditing: an auditor (historical) perspective <ul><li>What originated the audit profession? Which mainstreams of international evolution can be distinguished? </li></ul><ul><li>How were methods of the owner-ordered audit and management-ordered audit combined into an integral two-way audit approach? How has computational formalization been blended in? </li></ul><ul><li>With special attention to the evolution of the theoretical- deductive Dutch audit doctrine and its connection to mathematics. As opposed to the practical-inductive Anglo-American audit approach. </li></ul><ul><li>Why and how the originally Dutch, formalized two-way audit approach evolved into the world's strongest 'business process'-oriented audit approach. Enabling powerful audit analytics, impossible with old-style approaches. </li></ul>
    9. 9. Agenda Part I - Smart Auditing: an auditor (historical) perspective <ul><li>1840 - 1930: “The early years: pragmatics (UK, US, Dutch)” </li></ul><ul><li>1930 - 1990: “Developing a model-based theory (Dutch)”, with a presentation by Prof. J.H. Blokdijk RA </li></ul><ul><li>Addressing today’s challenge: “How to improve the audit profession’s relevancy to society (international)” </li></ul><ul><li>1990 - today: “Computational formalization of model & meta-model (outsiders)” </li></ul><ul><li>Motivation & how today’s audit challenge directs a historical selection </li></ul>
    10. 10. Motivation Why now? Relevancy Points made by Frank Partnoy: Roosevelt Institute, March, 2010 US$ 600,000 Billion derivatives isn’t visible on balance sheets “ Abusive off-balance sheet accounting” “ Another F-word: Fiction” Solution direction: “Make information available to investors” diagnosis remediation
    11. 11. Motivation Why now? Relevancy Points made by Rick Bookstaber: U.S. House of Representatives, Committee on Science and Technology, Subcommittee on Investigations and Oversight, Sept. 2009 Derivatives & markets: leverage, crowding & linkages Oversight solution direction: “Get the data” “ Shareholders are [only] silent partners within the corporation” Auditor’s attention point: reliability of the data “ I don’t think –I don’t mean to be cynical– but I don’t think that leadership within a financial firm can overcome the incentives that exist” Inside solution direction: “Long-term incentives” “ Gaming the system”
    12. 12. Motivation Why now? Relevancy Prolonged “License to gaming the system”: “Moral hazard is worse than ever” <ul><li>Out of which money pot does a bailed-out banker – e.g. of AIG ( A nd I t’s G one) – loves to pay its lobbyists? </li></ul>“ Wall Street's role in Greek crisis should be no surprise”, Allan Sloan, with ref. by Tom Nierop in public debate on accountant.nl, 2010 “ Four Weeks that Shook the Financial World”, Edward Harrison: “Moral hazard is worse than ever”, tvo.org, 2009 Regulatory capture in the financial industry, Bob Hoogenboom & Jules Muis on accountant.nl, 2009-2010 Moral hazard in the audit profession: every crisis leads to more audit work, “Catch-22 accountancy”, Bob Hoogenboom, accountant.nl, 2010 Indeed, out of the no-strings-attached TARP ( T o A void R egulating P oliticians) pot!
    13. 13. <ul><li>The notes have not been and will not be registered under the United States securities act of 1933, as amended (the 'securities act'), or the securities laws of any state in the United States, and are subject to US tax law requirements. The notes may not be offered, sold or delivered at any time, directly or indirectly, within the United States or to or for the account of U.S. persons (as defined in either regulation s under the securities act or the United States internal revenue code of 1986, as amended). </li></ul><ul><li>In making an investment decision, investors must rely on their own examination of the issuer, the guarantor and the terms of the offering, including the merits and risks involved. These notes have not been recommended by any United States federal or state securities commission or regulatory authority. Furthermore, the foregoing authorities have not confirmed the accuracy or determined the adequacy of this document. Any representation to the contrary is a criminal offence. </li></ul>Motivation Why now? Relevancy Directing the “License to Gaming” This red flag was attached to Lehman’s toxic products, and not only Lehman’s, and was timely and publicly raised by American government and subsequently ignored by European financial oversight & most European financial institutions, see: “Hebben toezichthouders onmacht deels zelf veroorzaakt?” (Dutch only), with ref. to Rutger Schimmelpenninck, liquidator of the Lehman Brothers Treasury, leading to questions asked in Dutch parliament, accountant.nl, 2009 “ House of Cards”, Canadian Broadcasting Corporation (CBC), Fifth Estate, 2010, highlights US government’s knowledge built up in the 2002 law suits Compare “tone at the top” by appointments: résumés of Mark Carney & Nout Wellink & compare bail-outs “ Subprime primer”
    14. 14. Today’s audit challenge No.1 International Federation of Accountants (IFAC), “Financial Reporting Supply Chain” “ Shareholders should more actively pursue their ownership responsibilities” & “Align managerial behavior with the interests of the owners”, Jane Diplock, 2010 European Commission, “Corporate governance in financial institutions and remuneration policies”, green paper, June 2010, § 3.5 “The role of shareholders” “ … lead to the abstraction, or even disappearance, of the concept of ownership normally associated with holding shares” & footnote 18 General questions 5 & 3: “How to practically improve shareholder control of financial institutions, if still realistic?” & Necessary reinforcements for the external auditor Gaspar et al. “Shareholder Investment Horizon and the Market for Corporate Control” “ Shareholders have little to say in the USA” & “ Push legislators for statutory duty of care to investors, and get over the Caparo ruling (UK)”, David Webb, 2010
    15. 15. Today’s audit challenge No.2 International Federation of Accountants (IFAC), “Financial Reporting Supply Chain” “ Moving forward, national accountancy organizations should be charged with inventorying, bottom up, systemic disconnects that are difficult to voice for individual audit firms fearful of offending clients, and synthesizing them in an anonymous fashion.”, Jules Muis, 2010 See: “Preparing for an Audit Mandate to Contribute to Systemic Risk Anticipation”, ‘de Accountant’ & accountant.nl, 2009, with follow-up in 2010 Connecting ‘micro’ to ‘macro’ Rick Bookstaber’s Congressional testimonies on: - Hedge Funds, 2009 - Derivatives, 2009 - Systemic Risk, 2008 & 2007 “ My concern is that they are making themselves irrelevant.” Steven Thomas about auditors, based on the E&Y - Lehman case, 2010 See Royal NIVRA project “Sharing Knowledge” (“Kennis Delen”), NIVRA.nl with a requested comment on the new financial legislation for derivatives, June 2010
    16. 16. Today’s challenges <ul><li>“ Thus, the most important factor is society’s needs, and the related factor that interacts with it is the ability of auditing methods to meet society’s needs. </li></ul><ul><li>However, society’s needs are not fixed and change over time. </li></ul><ul><li>Also, auditing methods can change and improve over time.” </li></ul>Douglas Carmichael, First and Founding Chief Auditor of the Public Company Accounting Oversight Board (PCAOB), with reference to the Theory of Rational Expectations by Th. Limperg Jr. (1879-1961) in “The PCAOB and the Social Responsibility of the Independent Auditor”, 2004 Th. Limperg Jr.
    17. 17. Addressing today’s challenge no.1 <ul><li>Why don’t we allow shareholders to substantiate their ownership responsibilities? Why not have long-term incentive structures imposed upon management via the owner-ordered audit method? </li></ul>The potential risk pertaining to management picking up the bill for an integral two-way audit (the ‘paying, thus dominating’ risk), can be mitigated by continuing high-quality documentation (‘if it’s not documented, it’s not audited’), complemented by governmental reviewing Today we worldwide only use a management-ordered audit method. Ignoring the proven method of the owner-ordered audit. <ul><li>The sequel clarifies: </li></ul><ul><li>the owner-ordered audit </li></ul><ul><li>the integral two-way audit: integrating the methods of the owner-ordered audit and the management-ordered audit </li></ul>
    18. 18. <ul><li>Financial institutions are exposed to more moral hazard than ever before. Why not measure systemic risk while it’s building up? Why not introduce preventive measures to reduce built-up? </li></ul>Addressing today’s challenge no.2 A newborn, powerful preventive measure is the Royal NIVRA’s ‘Sharing Knowledge’ project, with supportive technology. The auditor is positioned to attest whether internal controls and incentives are in place to provide data of adequate reliability. A reliability emphasizing long-term ownership interests. Anything better to neutralize management’s exposure to moral hazard than the owner-ordered audit? Individual financial institutions might each be free of an internal systemic risk, while, as a collection, they may induce an external systemic risk. This occurs when a lot of institutions take a similar position, while the other side is not sufficiently covered. Loosely speaking: too many are on the same side of the ship, without them being able to see one another. The auditor is a pre-eminent party to make such accumulated systemic risk visible. It’s a party that is able to aggregate information into systemic risk indicators - or to certify the therefor required reporting channel - while taking professional care of confidentiality issues. See: ‘de Accountant’, April 2010
    19. 19. Agenda Part I - Smart Auditing: an auditor (historical) perspective <ul><li>1840 - 1930: “The early years: pragmatics (UK, US, Dutch)” </li></ul><ul><li>1930 - 1990: “Developing a model-based theory (Dutch)”, with a presentation by Prof. J.H. Blokdijk RA </li></ul><ul><li>Addressing today’s challenge: “How to improve the audit profession’s relevancy to society (international)” </li></ul><ul><li>1990 - today: “Computational formalization of model & meta-model (outsiders)” </li></ul><ul><li>Motivation & how today’s audit challenge directs a historical selection </li></ul>
    20. 20. 1840 - 1930: United Kingdom <ul><li>The auditing profession originated in the second half of the nineteenth century in the United Kingdom. This development was mainly caused by the trade unrests during the 1810’s and the subsequent intensified Industrial Revolution. </li></ul><ul><li>Technological developments caused an increase in investments and major changes in financial markets and organisations (i.e., a separation between ownership and management). Many companies were formed during this period; as a consequence of depressions and bankruptcies, the demand for independent audits of financial information grew. </li></ul><ul><li>So, generally speaking, British auditors became involved in corporate activity through the need to audit bankruptcy statements, as company failures were a common feature of early industrial activity. </li></ul><ul><li>As a consequence, in 1844 for the first time stockholders obtained the right to audit the company accounts as prepared by management (Statutory Audit Requirement, The British Joint Stock Companies Act, 1844). </li></ul>Based upon “Reflections on Auditing Theory”, Hans Blokdijk et al., Limperg Institute, 1996
    21. 21. Annual company accounts Categorized states do convey position information at one point in time: the end of the audit period Categorized streams do convey state-changing (trans)action information over a period of time: from the beginning till the end of the audit period
    22. 22. 1840 - 1930: United States of America (1/2) <ul><li>At the end of the 19th century, industrial growth also led to an increase in the demand for capital in the USA. </li></ul><ul><li>As a result, it became necessary for many companies to seek capital from abroad ; the main source was the United Kingdom. </li></ul><ul><li>British investors required an audit of the financial reports by independent (British) auditors, which – unsurprisingly – led to an increase in the demand for independent auditors' opinions on reported financial positions in the United States (Littleton & Zimmerman, 1962). </li></ul><ul><li>In the early stages of the development of the profession, it was very important for the auditors to satisfy the specific requirements of management. </li></ul>Based upon “Reflections on Auditing Theory”, Hans Blokdijk et al., Limperg Institute, 1996
    23. 23. <ul><li>Until approximately 1930, the demand for audits by management, bankers and potential stockholders existed in the United States to support investment decisions and to investigate fraud. </li></ul><ul><li>Because the auditor was engaged to perform these specific investigations by management, instead of stockholders, auditors' attitudes became relatively client-oriented, thus management-oriented, instead of oriented towards stockholders or potential stockholders, thus society as actual users of the financial statements (the actual, ultimate client). </li></ul><ul><li>To attract British investment capital (‘US new style capitalization’), or to be able to get a bank loan (‘US old style capitalization’), US company management increasingly ordered an independent opinion: to improve credibility of the existence of their stated net equity and net profits. </li></ul><ul><li>This audit objective is known as auditing for overstatement of net profits and stockholders’ equity. </li></ul>1840 - 1930: United States of America (2/2) Based upon “Reflections on Auditing Theory”, Hans Blokdijk et al., Limperg Institute, 1996
    24. 24. Who are owners? Who is management? <ul><li>Private equity vs. operational management </li></ul><ul><li>Public raised equity vs. operational management </li></ul><ul><li>Franchisor vs. franchisee </li></ul><ul><li>Pension fund participants (contributors, ‘sleepers’ & receivers) vs. pension fund (‘mothered’ by company, industry sector, or none; defined benefit vs. defined contribution ) </li></ul><ul><li>Private equity firm vs. buyout ( e.g. short term ownership) </li></ul><ul><li>Patent or revenue rights holder vs. exploitation company </li></ul><ul><li>Software developer vs. selling company (e.g. Apple store) </li></ul><ul><li>Tax offices vs. tax payers (companies and others) </li></ul>
    25. 25. 1840 - 1930: The Netherlands (1 of 3) <ul><li>Contrary to the Anglo-American historical evolution, auditing in the Netherlands initially focused on meeting the requirements of owners and others who were entitled to the profits of an entity. </li></ul><ul><li>An important cause was the fact that, for a relatively long period of time, economic growth in the Netherlands was financed by equity capital (‘NL old style capitalization’) as opposed to loan capital in the USA (‘US old style capitalization’). </li></ul><ul><li>Moreover, raising new capital in public markets was not promoted by bankers, who were slow to adapt to the rapid developments in the business community during the 1920’s. Their so-called 'house' bankers encouraged the Dutch companies to borrow from them or to finance their operations by retaining earnings (‘NL new style capitalization’), instead of issuing stock or bonds on the capital market (Zeff, Van der Wel & Camfferman, 1992, p.352). </li></ul>Based upon “Reflections on Auditing Theory”, Hans Blokdijk et al., Limperg Institute, 1996
    26. 26. <ul><li>In the Netherlands, the primary reason for the origin of the independent audit was the creation of the division between management and ownership. </li></ul><ul><li>The theory of the independent audit was based on the insight that a potential conflict of interest exists between the management of an entity and its owners (stockholders). </li></ul><ul><li>It was understood that the stockholders demand that revenue be recorded completely and expenses be recorded correctly, as the difference, net profit, is the basis for their dividends and the value of their stock. </li></ul><ul><li>On the other hand, management might be motivated towards not reporting all of the revenue or create fake expenses or overly high expenses or bonuses. This would enable them to smooth income or withdraw the unreported revenue or faked expenses, or inflated parts of the expenses, for themselves (fraud). </li></ul>1840 - 1930: The Netherlands (2 of 3) Based upon “Reflections on Auditing Theory”, Hans Blokdijk et al., Limperg Institute, 1996 See: challenge no. 1 slide 14 & 17
    27. 27. <ul><li>In other words, the independent audit in the Netherlands originated from the need to verify the accounting of the funds entrusted to management of an entity on behalf of those who had a direct financial interest in the results of the entity. It should be emphasized that these not only included the stockholders, but also other stakeholders, and, of the utmost importance, potential stock- and stakeholders, that is, society at large. </li></ul><ul><li>As a consequence, Dutch auditors turned their attention primarily to management's tendencies to understate revenues or overstate expenses in the income statement. </li></ul><ul><li>This focus is known as auditing for understatement of net profits , or, articulated one spade deeper, completeness of revenues and correctness of expenses. </li></ul>1840 - 1930: The Netherlands (3 of 3) Based upon “Reflections on Auditing Theory”, Hans Blokdijk et al., Limperg Institute, 1996 The very fact that the owner-ordered audit encloses a substantiated focus on ‘society at large’, is key in recognizing the suitability of this tradition in preventing that society ends up being owner of last resort in company bail outs
    28. 28. 1840 - 1930: Two Main Ways of Audit Owners Management Potential Owners Management-ordered audit, to attract new investors: Money inflow for management: Money inflow for owners: Owner-ordered audit, to check management: to increase credibility that profits aren’t UNDERstated: that no revenues are missing& expenses (e.g. bonuses) aren’t too high to increase credibility that profits aren’t OVERstated: that stated profits are real, and not (partly) fake USA NETH&UK maximize equity long-term ROI
    29. 29. Owner-ordered audit: an example <ul><li>Your client is a hotel franchisor. With lots of franchisees. The franchisor wants assurance that each franchisee, the operational hotel management, isn’t making money on rooms and not report it. What method substantiates the assurance you provide to your client? </li></ul>The Ritz-Carlton Investing Company was established by Albert Keller, who bought and franchised the name in the United States. In 1927 he built the first Ritz-Carlton hotel in Boston, Massachusetts
    30. 30. Agenda Part I - Smart Auditing: an auditor (historical) perspective <ul><li>1840 - 1930: “The early years: pragmatics (UK, US, Dutch)” </li></ul><ul><li>1930 - 1990: “Developing a model-based theory (Dutch)”, with a presentation by Prof. J.H. Blokdijk RA </li></ul><ul><li>Addressing today’s challenge: “How to improve the audit profession’s relevancy to society (international)” </li></ul><ul><li>1990 - today: “Computational formalization of model & meta-model (outsiders)” </li></ul><ul><li>Motivation & how today’s audit challenge directs a historical selection </li></ul>
    31. 31. 1930-1990: Branching scientific approaches Dutch evolutionary branch Anglo-American evolutionary branch practical- inductive theoretical- deductive Audit policies, methods and standards follow from considering a lot of performed audits; empirical Audit methods evolve from client’s business process, i.e. a normative model Originally only a mental process model; later, due to formalization, supported by an executable process model 1840-1930 foundation management-ordered audit: overstated profits 1840-1930 foundation owner-ordered audit: understated profits
    32. 32. 1930 - 1990: Branching approaches <ul><li>The owner-ordered audit tradition integrates the approach of the management-ordered audit, leading to an integral two-way audit approach (Dutch only) </li></ul><ul><ul><li>- Theoretical-deductive on normative models, with mainstays: </li></ul></ul><ul><ul><ul><li>Auditee’s top-level business process </li></ul></ul></ul><ul><ul><ul><li>Accounting Organization / Internal Control (AO/IC) </li></ul></ul></ul><ul><ul><li>- Integral evolution of theory, practice & education; over full </li></ul></ul><ul><ul><li>period; culminating into theory connecting to process math </li></ul></ul><ul><li>The management-ordered audit tradition gets government intervention (USA, 1930’s), and moves forward by setting audit standards </li></ul><ul><ul><li>- Practical-inductive: early standards prescribe specific </li></ul></ul><ul><ul><li>procedures, later evolving into more generic guidance </li></ul></ul><ul><ul><li>- Recognition of missing a method to substantiate complete- </li></ul></ul><ul><ul><li>ness of revenues: ‘Completeness: the Elusive Assertion’ </li></ul></ul><ul><ul><ul><li>Whittington, Zulinski & Ledwith, 1983 </li></ul></ul></ul><ul><ul><ul><li>Leslie, Aldersley, Cockburn & Reiter, 1986; Cockburn, 1987 </li></ul></ul></ul>
    33. 33. Introduction Prof. J.H. Blokdijk RA <ul><li>Nestor of Dutch auditing discipline </li></ul><ul><li>Inventor ‘irreplaceable internal control’ concept </li></ul><ul><li>Emeritus auditing professor (VU & Nyenrode) </li></ul><ul><li>Partner KPMG, member National Office </li></ul><ul><li>Commissioner Royal NIVRA </li></ul>
    34. 34. Annual company accounts
    35. 35. Contribution by Prof. J.H. Blokdijk RA On the basis of the previous slide I may explain the Dutch approach to substantive auditing. Starting point is the completeness of revenue from sales: if sales appear to be recorded completely, the sum of receivables and cash receipts have also been recorded completely: double-entry bookkeeping! No understatements! But receivables and cash are subsequently audited for overstatements; if these appear not to have occurred, revenue from sales cannot have been overstated either. So debit balances are being audited for overstatements, and credit balances for understatements. The same goes for expenses and liabilities. The latter are audited for completeness, and expenses for overstatements. If no irregularities are found, expenses have also been completely accounted for, and liabilities do not contain non-existing debts. In practice, there are, of course, complexities and technicalities to deal with in this approach, but the principle just outlined is the basis. So there is no need to audit any item, whether in the balance sheet or in the income statement, both for under- and overstatements. This is highly efficient; it is my impression that this is not being fully recognized in the International Statements on Auditing.
    36. 36. Contribution by Prof. J.H. Blokdijk RA Dutch auditors have also given thought to something called ‘auditability’. For the audit of ‘assertions’ in the books the auditor should have ‘evidence’, especially for auditing for overstatements. An important source is: documents. But an invoice from a supplier is not sufficient in itself: the supplier may have overstated the price and/or the amount of goods purportedly delivered. The invoice should be reviewed and authorized internally. Here is where ‘internal control’ comes in. Performance of internal controls in that stage should normally be evidenced in some form, by stamps, initials on a voucher, and the like. The control should be performed by the appropriate employee: the system should provide for an adequate segregation of duties. Evidence of performance should include the identity of the employee. But how conclusive is that evidence? International Standards on Auditing mention several inherent limitations of internal control, such as human error, circumvention of internal controls through collusion, and management override. In performing tests of control, can the auditor detect this? This would only be possible if the auditor were able to repeat performing the internal controls involved.
    37. 37. Contribution by Prof. J.H. Blokdijk RA The problem can be illustrated with the following example. It involves invoices for goods or services received. It does not yet deal with the circumstance that many internal controls in this stage are no longer evidenced in visible form, but are embedded in the automated systems. Regarding those invoices, the auditor can easily reproduce the computation of the final amount and of a sales tax amount included in it. Reproducing the internal control on the price invoiced is more difficult: it may be in agreement with a price list from the supplier that the auditor may consult, but employees in the purchasing department are paid by the employing entity to obtain a better price. The difference may partly or wholly end up in their own pockets by way of the infamous kick-backs. Only a thorough knowledge of that particular market would enable the auditor to uncover such a defalcation; as he/she cannot be expected to have such expertise on all the markets where his/her clients do business, he/she must rely on the system of internal control.
    38. 38. Contribution by Prof. J.H. Blokdijk RA Similar considerations apply to the receipt of goods and the performance of services. Some goods could be traced afterwards, though that may be highly impractical. Most office supplies, however, are simply used up, and as to services, it is virtually impossible to ascertain that the windows actually have been cleaned if the audit takes place three months after. For the most important aspects of those purchases, the auditor cannot do much more than look for evidence of the performance of internal control. So, there are internal controls that cannot be reproduced by the auditor. The issues raised by this circumstance have been explored extensively in Dutch auditing literature. The best English translation I have been able to find for this type of internal controls is: 'non-reproducible' internal controls (in Dutch: “onvervangbare interne controle”). Sometimes, investigative techniques designed to overcome the restrictions outlined above, do exist, but an independent auditor is not allowed to use them. An example is the situation in which an auditor has suspicions about a credit note purportedly granted by his/her client to another company audited by a partner of his/her own audit firm. The professional rule of confidentiality does not permit the former auditor to consult the latter on this document.
    39. 39. Contribution by Prof. J.H. Blokdijk RA ‘ Non-reproducible’ internal controls Even though there are internal controls that can be reproduced, such as those involving arithmetical operations, the most important ones often cannot be reproduced. The fundamental causes have been categorized as follows: (1) expertise: the auditor cannot possibly acquire sufficient expertise to form, entirely by himself, a conclusive opinion on all the technical and/or commercial events that are to be reflected in the financial statements (e.g., product yield rates, purchase prices); (2) presence: the auditor cannot possibly be continuously present on the client's premises in order to ensure the completeness of the recording of transactions and (relevant) events; apart from economic considerations, this is unacceptable in that it would jeopardize the client's and/or the auditor's independence; and (3) inadmissibility of investigative techniques: the independent auditor is not entitled to use certain techniques that are available to government auditors (such as informing other government auditors about other taxpayers), or that may be used by police authorities (such as wiretaps, search of private premises and the like).
    40. 40. Contribution by Prof. J.H. Blokdijk RA So what should auditors do about ‘the system of internal control’? Firstly, they should evaluate the design of the system. Especially important is the segregation of duties; e.g., no single person should be able to authorize payment of invoices, and persons charged with the authorization of separate elements (quantity, quality, prices) of invoices should not have an interest in collusion with each other, or with suppliers or other parties outside the auditee. In order to better evaluate the design of the internal control system, dr. Elsas has developed a very promising automated technique, which he will be glad to further explain.
    41. 41. Owner-ordered audit concepts & methods: ‘Crown jewels’ <ul><li>Supercycle concept – client’s top-level business process model – typology of supercycles </li></ul><ul><li>Mainstays of supercycle-based audit method – qualitative: AO/IC in design, implementation & operation, focusing on irreplaceable & indispensable internal control – quantitative: spanning reconciliation checks, or, alternatively phrased, comprehensive coherence testing </li></ul><ul><li>Limperg’s theory of rational expectations </li></ul>Unfortunately, hardly translated into English, except for Limperg’s theory, in the 1970’s. In the public domain only Blokdijk et al. ‘96, and Elsas ‘96.
    42. 42. Supercycle: top-level business process Schmalenbach (1929), Limperg (1926, 1930’s), Abr. Mey (1936), Burgert (1957), Starreveld (1962, 1980’s), Frielink (1980’s), Blokdijk (1975), Veenstra (1972, p.41) Buy Side Sell Side Inside (cost price) Sell price Buy price A rectangle represents a state, a balance sheet item A circle represents a (trans)action, an activity, a mutation to connected states ‘ Soll’ (To Be) & ‘Ist’ (As Is) modalities
    43. 43. <ul><li>Law 1. Rational relation between consumed resources & produced products and/or services:  per type of products or services (categorized)  with a cost price based on activity in the supercycle (Limperg, ABC, …) </li></ul><ul><li> Alternatively phrased, normative relation between: </li></ul><ul><li>  generated margin &  frequency of business transactions </li></ul><ul><li> </li></ul><ul><li> </li></ul>Supercycle-based Auditing Laws Starreveld et al. & Frielink et al. “ De wet van het rationeel verband tussen opgeofferde en verkregen zaken” & “De wet van de samenhang tussen toestand en gebeuren”, the BETA formula Begin - End + Inflow - Outflow = 0, Gross Margin = Sales price - Cost price, Replacement Cost Accounting Activity Based Costing Law 2. Rational relation between states at time points & mutation streams over the enclosed time period:  per state  except: Money > 0
    44. 44. Supercycle-based auditing, model-based auditing … Begin End Purchase price Sales price Buy transaction Money buffer Goodsbuffer Sell transaction What happened in between? What is the normative relation?
    45. 45. Supercycle-based auditing 10,000’s man years of conceptualization and abstraction, integrated with proof in practice, over decades Worldwide recognized high quality audit education: 3-years post-Master Integrating owner-ordered audit method & management-ordered audit method into two-way audit approach Traditional Dutch audit education literature, Frielink et al. Mathematical framework: system of linear equations, based on the BETA-formula World’s scientifically strongest audit approach, due to its mathematical foundation How the spanning reconciliation checks, based on spanning equations, relate to the supercycle Superbly suited for powerful computational support
    46. 46. Starreveld et al. Typology of Top-cycles Frielink et al. Supercycle- backboned Audit Approach Volumes 1, 2a, 2b, etc. Decisive advantage of these concepts, norms & methods: no need to prove again in practice, since practice was part of the integral evolution Also 10,000’s man years of conceptualization and abstraction, integrated with proof in practice, over decades
    47. 47. Accounting Organization / Internal Control (AO/IC) <ul><li>The Accounting Organization (AO) can be envisaged as the information infrastructure of an organization, as it is formed by: (i) the organization’s Information System, and, (ii) the procedural embedding of this Information System into the organization, e.g. managerial and logistic control, judgment and decision-making. </li></ul><ul><li>The organization’s Information System is considered to embody all economical and financial information and information processing services required for both: (i) the functioning of, and control over, the surrounding organization, and (ii) the rendering of account over that functioning, as is done in the financial statements. </li></ul>p.37
    48. 48. Accounting Organization / Internal Control (AO/IC) <ul><li>The AO is the producer of the financial statements. Since error proneness in organizational production processes is inevitable, it necessitates control over this error proneness. For this purpose, a system of Internal Control (IC) is identified, whose goal is twofold, namely: (i) to secure trustworthiness of accounting information in the organization, and, (ii) to control (potential) error in both accounting and business operation. The IC can be considered the “immune system” of the organization, in particular the AO; i.e., immunity to error in an organizational context. AO & IC are not considered disjunct systems. </li></ul>pp.37-39
    49. 49. Accounting Organization / Internal Control (AO/IC) <ul><li>Internal Control (IC) consists of: </li></ul><ul><li>(i) internal control measures, including organizational rules & incentives structures, intended to be continuously present (ii) internal check & control activities, taking only a relatively short amount of time, as compared to the audit period </li></ul>pp.38-42 Internal control measures are refined into: (i) preventive protection of enterprise values (ii) preventive securing of actions of agents (iii) creation of opportunities for detective and corrective check & control activities ‘ Securing actions of agents’ is refined by restricting authorizations to different agents for: (i) actions directly changing values: intern, inflow & outflow (ii) actions involving no direct change of values
    50. 50. Audit-technical segregation of duties <ul><li>Restrict every agent’s access to only a limited amount of links in the supercycle </li></ul><ul><li>Impose non-coinciding, preferably opposite, agent interests; especially for, but not limited to, recording activities </li></ul><ul><li>Avoid in one hand authorizations & duties of the following types: </li></ul><ul><li>Custodial </li></ul>pp.43-46 <ul><li>Directive </li></ul><ul><li>Operative </li></ul><ul><li>Recording </li></ul><ul><li>Checking </li></ul>Potential risk: management overriding of internal control & mitigation methods from the owner-ordered audit tradition The authorization restrictions to secure actions of agents involving no direct change of value, is refined into segregation of duties (SoD): audit-technical SoD & other SoD Leading to powerful conceptualization: in particular securing of actions of agents, and ownership-oriented segregation of duties, thus including managerial duties from a critical point of view (!), therefore key in the irreplaceable and indispensable internal control See: challenge no. 1 slide 14 & 17 The owner-ordered audit tradition substantiates the concept of internal control from the perspective of the owners’ original and authentic long-term interests
    51. 51. Supercycle & AO/IC The owner-ordered tradition introduces the concept of a quasi-goods stream for bonus rights – integrated within the regular stream of goods and services (see diagram) – allowing for an integral assessment of the authorization and incentive structure, as key component of the irreplaceable and indispensable internal control Here we’re in a smart auditing course, which may raise the question “Is there dumb auditing?” See: challenge no. 1, slide 14 & 17
    52. 52. Accounting Organization / Internal Control (AO/IC) 1. Control measures vs. check & control activities 2. Preventive, detective & corrective 5. Irreplaceable vs. replaceable; indispensable 4. First-time recording vs. using existing recordings 6. Preventive securing of actions of agents vs. values; check point 7. Direct change of value vs. no direct change of value; outside 8. Segregation of duties; audit-technical vs. business-economical pp.38-43 3. Design, implementation & operation
    53. 53. Owner-ordered audit: an example <ul><li>Your client is a beer brewing company. Delivering to retailers, pubs and events. When delivering to an event it’s commonly as a sponsor. The brewery wants assurance that the operational management of the event isn’t making extra money with their beer and not report it. What method substantiates the assurance you provide to your client? Hint: span & reconcile information over buy side & sell side. </li></ul>Haarlem beer barrel race, 2009, event sponsored by beer breweries
    54. 54. Agenda Part I - Smart Auditing: an auditor (historical) perspective <ul><li>1840 - 1930: “The early years: pragmatics (UK, US, Dutch)” </li></ul><ul><li>1930 - 1990: “Developing a model-based theory (Dutch)”, with a presentation by Prof. J.H. Blokdijk RA </li></ul><ul><li>Addressing today’s challenge: “How to improve the audit profession’s relevancy to society (international)” </li></ul><ul><li>1990 - today: “Computational formalization of model & meta-model (outsiders)” </li></ul><ul><li>Motivation & how today’s audit challenge directs a historical selection </li></ul>
    55. 55. Computational formalization, with fully continued, proven & improved software base <ul><li>1990 - 1996: Initiated in Smart Audit Support project collaboration between Deloitte and faculty of Math & Computing Science of Free University of Amsterdam, ignited by sampling support system for the Dutch practice (’88-’90), based on adapted TMYCIN sources </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li>1997 - 2002: Continued in process-based costing project, facilitating end-user tooling to specify and analyze enterprise-wide process model diagrams; at Bakkenist Management Consultants for privatizing Dutch Post Office in its merger with TNT. In collaboration with the faculties of Math & Computing Science of Amsterdam & Eindhoven </li></ul><ul><li> </li></ul><ul><li>2003 - today: Continued in ComputationalAuditing.com with example formalizations & applications in Part II: New risk control mechanisms </li></ul>
    56. 56. <ul><li>p.334 </li></ul>p.337 Builder Player Specified Audit Methods drive integral Planning, Execution & Documentation Proven Architecture ‘ Correctness by Construction’ Deloitte’s Smart Audit Support: Interactive Audit Documentation published in Word and browsers, World’s Strongest Audit Support* * Dutch Tax Office Instantaneous Adequate Flexible Questionnaire integrated in Web Forms: By making explicit what is needed to answer “When to do which audit test?” & “What to do with the test results?” you articulate a body of multiple-choice questions, tables, etc., connected by choice-labeled relevancy links , embodying an approach, a method, or even, if possible, a workflow process, to guide how to achieve assurance Effective: don’t miss relevant issue Efficient: no access to less relevant issues Drives & Captures the ‘Story of the Audit’ Optimal mitigation of litigation risk Conditional Relevancy
    57. 57. Smart Audit Support’s document index related to Deloitte’s International Audit Approach (1990’s) p.336 p.62 Example audit pack <ul><li>In addition to $200M yearly cost reduction ROI is: </li></ul><ul><li>Relevant Doc & Planning, no more no less </li></ul><ul><li>Comfortable & stringent way to get it </li></ul>Yearly ROI guess : 20K man-yrs/yr x $10K cost reduction/man-yr = $200M Deloitte’s approach All planning docs are smart forms All planning docs are smart forms All planning docs are smart forms All planning docs are smart forms All planning docs are smart forms All planning docs are smart forms with built-in Conditional Relevancy
    58. 58. Process-based Cost Price: connector for stream of money and stream of goods & services volume cost price spanning supercycle Forecasted volume vs. realized volume Planning & Control The cost price captures the quantitative relation between resource use & produced products Relating the stream of goods and the stream of money, answering “What’s the gross margin per product type?”, as required for auditing the completeness assertion
    59. 59. Agenda Part I - Smart Auditing: an auditor (historical) perspective <ul><li>1840 - 1930: “The early years: pragmatics (UK, US, Dutch)” </li></ul><ul><li>1930 - 1990: “Developing a model-based theory (Dutch)”, with a presentation by Prof. J.H. Blokdijk RA </li></ul><ul><li>Addressing today’s challenge: “How to improve the audit profession’s relevancy to society (international)” </li></ul><ul><li>1990 - today: “Computational formalization of model & meta-model (outsiders)” </li></ul><ul><li>Motivation & how today’s audit challenge directs a historical selection </li></ul>
    60. 60. <ul><li>Pull side </li></ul>Match-making between ‘pull’ & ‘push’ Internationalize the owner-ordered audit method. This requires deep computational support. Why? To minimize international, educational burden (3-years post-Master) To streamline train-the-trainer, roll-out & getting ROI fast <ul><li>Improve the audit profession’s relevancy to society </li></ul><ul><ul><li>Individual audit: ownership orientation (chall. 1) </li></ul></ul><ul><ul><li>Contribute to systemic risk mitigation (chall. 2) </li></ul></ul>Push side <ul><li>R&D of supportive concepts and technology </li></ul>Addressing today’s challenge
    61. 61. Part II New risk control mechanisms
    62. 62. What connects part I & II? Owner-ordered auditing: dominating and integrating with management-ordered auditing <ul><li>Quantitative: completeness of management’s stated profits </li></ul><ul><li>Qualitative: assess irreplaceable internal control to secure actions of agents </li></ul><ul><li>assess what? long-term incentive & authorization structure </li></ul><ul><li>how? segregation of duties serving long-term owner interest </li></ul><ul><li>Supercycle: client’s top-level business process </li></ul><ul><li>from mental model to process model </li></ul><ul><li>unifying quantitative and qualitative </li></ul>Why, and how, the present financial crisis is driving owner-ordered auditing core concepts out of a local past and into a global future
    63. 63. Abstract Part II - New risk control mechanisms <ul><li>The current financial crisis -- from bank balances to state balances -- challenges the audit profession to increase its societal relevancy </li></ul><ul><li>How to contribute to preventing that aggregated positions of individual financial institutions accumulate into systemic risks? </li></ul><ul><li>Why is the formalized two-way audit approach the best to address such actual and persistent questions? Why is co-operation between SIKS researchers and the auditing discipline opportune? </li></ul><ul><li>Another driver for audit innovation is found in sustainability audits: Has no part of realized waste and pollution been left unstated? Alternatively articulated: How to audit the completeness assertion of stated financial impact of produced waste and pollution? </li></ul>
    64. 64. Agenda Part II - New risk control mechanisms <ul><li>Supercycle: interface between organization & auditor </li></ul><ul><li>Jacquard project: “Next Generation Auditing”, 2010-2014, with a software demo by Jacques de Swart & Paul Griffioen </li></ul><ul><li>Nexus micro-macro, consolidated </li></ul><ul><li>Qualitative: internal control to secure actions of agents </li></ul><ul><li>Quantitative: “completeness, the elusive assertion” </li></ul><ul><li>Financials: ‘incentives thread’ of owner-ordered audit </li></ul><ul><li>Sustainability: ‘completeness thread’ of owner-ordered audit </li></ul><ul><li>Soll & Ist </li></ul><ul><li>Public digital infrastructure for financial utility functions & to facilitate SWOOPs: Self Web-Organized Owning Parties </li></ul><ul><li>Golden opportunity for the Netherlands </li></ul><ul><li>Your questions </li></ul>
    65. 65. Supercycle: interface between organization & auditor http://www.ComputationalAuditing.com/images/Kring.swf 1. Purchase 2. Accept 3. Sales 4. Deliver & Collect 5. Pay 6. Collect Process Steps
    66. 66. Soll: To Be, normative Ist: As Is, representative Soll & Ist modalities
    67. 67. Agenda Part II - New risk control mechanisms <ul><li>Supercycle: interface between organization & auditor </li></ul><ul><li>Jacquard project: “Next Generation Auditing”, 2010-2014, with a software demo by Jacques de Swart & Paul Griffioen </li></ul><ul><li>Nexus micro-macro, consolidated </li></ul><ul><li>Qualitative: internal control to secure actions of agents </li></ul><ul><li>Quantitative: “completeness, the elusive assertion” </li></ul><ul><li>Financials: ‘incentives thread’ of owner-ordered audit </li></ul><ul><li>Sustainability: ‘completeness thread’ of owner-ordered audit </li></ul><ul><li>Soll & Ist </li></ul><ul><li>Public digital infrastructure for financial utility functions & to facilitate SWOOPs: Self Web-Organized Owning Parties </li></ul><ul><li>Golden opportunity for the Netherlands </li></ul><ul><li>Your questions </li></ul>
    68. 68. Qualitative: Soll & Authorizations purchaser purchase registrar cash disburser cash disbursement registrar goods receiver goods receipt registrar Agent Legend pp. 165-172 & 286-289 A rectangle represents a (trans)action, a mutation to connected states A circle represents a state
    69. 69. Qualitative: Ist & Abilities legitimate Soll as part of Ist illegitimate Ist, extending Soll Legend pp. 165-172 & 286-289
    70. 70. Qualitative: Cake cutting Mathematics, game theory How to use segregation of duties to let a group take care of getting an equal size of the cake for each member? Indeed, one cutter and the others are choosers: 1. Cutter cuts 2. Choosers choose 3. Cutter chooses If we look closer, it’s not only about duties, but also about sequence & parallelism of duty involvement. Switch steps 2 & 3 and it won’t work anymore. Protocol design & verification? Hint: use opposite interests to enforce fairness
    71. 71. Qualitative Audit Analytics: assessing an incentive & authorization structure on segregation of duties from an owner’s perspective 50 600 5 2 3 60 10 5 300 15 40 5 Complete input for top-down, first-layer analysis of segregation of duties, with focused drill-down into deeper layers Real case: International Network of Accountants and Auditors, INAA, SRA M: Majority Owner-Manager S: Sales department B: Buy/Purchase department F: Financial administrator T: Technical staff manager W: Warehouse manager Agent Legend Capital: Authorization - Small: Ability A circle represents a state, a balance sheet item A rectangle represents a (trans)action, an activity, a mutation to connected states Smart flowchart: visualization close to internationally familiar flowchart diagrams S f F m F t B f w F m B m f B f w M f F m F s W m t W m t W m t T m F m b F m s
    72. 72. INAA, SRA Case Output: Solo-Fraud Base Potential Solo-Fraud Qualitative Audit Analytics ‘ Ist’ action primitives Why are these classes of potential solo-frauds relevant? Why this isn’t only interesting for Small & Medium-sized Enterprises (SME’s) E.g. Large companies structured as clusters of similarly shaped, but differently sized SME’s, with headquarters on top of it Easy to verify, hard to find ISA 240 Notion of completeness for the linear basis of fraud constructs
    73. 73. Qualitative Audit Analytics - SoD X-Raying Segregation of Duties: Support to Illuminate an Enterprise’s Immunity to Solo-Fraud Paper with two discussion articles, one by K. Matcham and one by R.S. Sriram, and with a response article, appeared as four separate articles together in the International Journal of Accounting Information Systems, June 2008 Quote from the response article: “Adequate SoD assessment and SoD design appears to be much more complex than could have been assumed without this methodical analysis” with thanks to P.M. Ott de Vries for discussing this quoted response Introduces an algebraic analysis technique that takes a supercycle-based body of authorizations as input, and delivers a complete linear basis that spans a space of singleton ‘black hole’ weak spots in the supercycle system of internal control, extensible from 1-agent, to 2-agent, etc. The concept of irreplaceable and indispensable internal control, especially segregation of duties and securing actions of agents, as developed in the owner-ordered audit tradition, allows a rationally rigorous analysis method, impossible with the segregation of duties concept from the management-ordered audit tradition Method answering the question if a body of authorizations is free of opportunities for traceless embezzlement, without need to collude Alternatively stated: Method locating who has too many authorizations in one hand creating a dangerous opportunity for traceless embezzlement, jeopardizing the integrity of financial statements See: challenge no. 1 slide 14 & 17
    74. 74. Agenda Part II - New risk control mechanisms <ul><li>Supercycle: interface between organization & auditor </li></ul><ul><li>Jacquard project: “Next Generation Auditing”, 2010-2014, with a software demo by Jacques de Swart & Paul Griffioen </li></ul><ul><li>Nexus micro-macro, consolidated </li></ul><ul><li>Qualitative: internal control to secure actions of agents </li></ul><ul><li>Quantitative: “completeness, the elusive assertion” </li></ul><ul><li>Financials: ‘incentives thread’ of owner-ordered audit </li></ul><ul><li>Sustainability: ‘completeness thread’ of owner-ordered audit </li></ul><ul><li>Soll & Ist </li></ul><ul><li>Public digital infrastructure for financial utility functions & to facilitate SWOOPs: Self Web-Organized Owning Parties </li></ul><ul><li>Golden opportunity for the Netherlands </li></ul><ul><li>Your questions </li></ul>
    75. 75. <ul><li>Law 1. Normative Relation between Consumed and Produced </li></ul><ul><li>Profit resulting from: </li></ul><ul><ul><li>revenues from goods and services offered, and, </li></ul></ul><ul><ul><li>expenses involved in acquiring and providing offerings </li></ul></ul><ul><li>Re-phrased as ‘quid pro quo’: </li></ul><ul><ul><li>frequency of business transactions in supercycle, and, </li></ul></ul><ul><ul><li>resulting profit </li></ul></ul><ul><li>Law 2. Normative Relation between State and Event </li></ul><ul><li>BETA-equation for every State: </li></ul><ul><li>B egin – E nd + addi T ions – subtr A ctions = 0, except Money > 0 </li></ul>Quantitative: Auditing Laws of Starreveld & Frielink Structural A-Invariant: ‘ A’ for Audit p. 224 of Computational Auditing These Laws combine into:   
    76. 76. Quantitative: Completeness by Spanning Reconciliation Checks 7) (A/R) B + Sales + TS – (A/R) E  C/R 6) COGS + Gross Profit  Sales 3) (Inv) B + P – (Inv) E  COGS 2) C/D – (A/P) B + (A/P) E – TP  P 1) (Cash) B + C/R – TO – (Cash) E  C/D 8) (VAT) B + TS – TP – TO  (VAT) E <ul><li>- Cf. slide 34, part I: equation numbers, audit literature, etc. </li></ul><ul><li>Equation set is automatically generated from supercycle diagram </li></ul><ul><li>Sub-scripts ‘B’ and ‘E’ stand for Begin and End; C/R: Cash Receipts; A/R: Accounts Receivable; TS: value added Taxes received on Sales; COGS: Cost of Goods Sold; Inv: Inventory; P: Purchases during the period; A/P: Accounts Payable; TP: value added Taxes Paid on purchases during the period; C/D: Cash Disbursements; VAT: Value Added Taxes; TO: Taxes payment Outflow (with thanks to Raj Srivastava) </li></ul>pp.244-265 Integrating owner-ordered audit method (quantities in boldface font on understatement & quantities in regular font on overstatement) & management-ordered audit method (just the reverse audit direction) into two-way audit approach
    77. 77. Owner-ordered audit: an example <ul><li>Your client, the hotel franchisor, with lots of franchisees, hears from an acquainted real estate agent that quite a lot of centrally located parking lots are (unofficially) rented to employees of nearby offices. What information can you use to offer your client the assurance that his franchisees don’t abuse his parking lots in such a way? </li></ul>
    78. 78. Agenda Part II - New risk control mechanisms <ul><li>Supercycle: interface between organization & auditor </li></ul><ul><li>Jacquard project: “Next Generation Auditing”, 2010-2014, with a software demo by Jacques de Swart & Paul Griffioen </li></ul><ul><li>Nexus micro-macro, consolidated </li></ul><ul><li>Qualitative: internal control to secure actions of agents </li></ul><ul><li>Quantitative: “completeness, the elusive assertion” </li></ul><ul><li>Financials: ‘incentives thread’ of owner-ordered audit </li></ul><ul><li>Sustainability: ‘completeness thread’ of owner-ordered audit </li></ul><ul><li>Soll & Ist </li></ul><ul><li>Public digital infrastructure for financial utility functions & to facilitate SWOOPs: Self Web-Organized Owning Parties </li></ul><ul><li>Golden opportunity for the Netherlands </li></ul><ul><li>Your questions </li></ul>
    79. 79. Jacquard project: Next Generation Auditing: Data Assurance as a Service <ul><li>Project lead: CWI, the Dutch national Center of Mathematics & Computing Science, Paul Klint, Tijs van der Storm & Paul Griffioen </li></ul><ul><li>Project partners: </li></ul><ul><li>Project result: Domain-Specific Language (DSL) in Software as a Service (SaaS) architecture </li></ul>http://www.cwi.nl/en/2010/1064/Software-engineering-researchers-and-audit-experts <ul><li>PricewaterhouseCoopers, Jacques de Swart & Mona Mashaie </li></ul><ul><li>The Dutch Tax Office, Marc van Hilvoorde </li></ul><ul><li>ComputationalAuditing.com, Philip Elsas </li></ul><ul><li>Current project sketch: model-based audit support </li></ul>
    80. 80. Jacquard: key audit phases 1. Ist supercycle mining Extend process mining to focus on client’s top-level business process 2. Soll supercycle identification Identify Soll supercycle in Ist smart flowchart 3. Continuous auditing Confront a stream of business events to Soll, close-to-real-time 4. Collect, collate & aggregate deviations automatically 5. Publish deviation top-10 on interactive supercycle dashboard. Interface to query the enterprise. iPhone app Next Generation Auditing: Data Assurance as a Service
    81. 81. Jacquard: project goals 1. Design and implementation of DSL for representing supercycle business models 2. Querying of models: Pacioli DSL 3. Visualization of models Next Generation Auditing: Data Assurance as a Service 4. Parsing, extraction & analysis of business data 5. Interpretation & inclusion of business data in model 6. DSL for structured auditing interviews via interactive audit documentation (expert vs. engagement team) 7. Facilitating automatic generation of XBRL & XBRL Formula (Standard Business Reporting, SBR): XBRL for data, DSL for analysis
    82. 82. Phase 1: Ist supercycle mining Input : event log with journals, e.g. SAP Output : smart flowchart Based on: “Towards a Computer-Assisted Audit Analysis of Business Processes: Process Mining as Tool for IT Auditors”, Maria Bezverhaya, Emiel Caron & Piet Goeyenbier, ‘de EDP-Auditor’, NOREA, 2009 Push signal from Technical University of Eindhoven, ProM, Fluxicon & Anne Rozinat Pull signal from audit practitioners & IT audit educators, e.g. “Process Mining” by Mieke Jans & CARLAB, Rutgers, 2010 Computational Auditing: - focus on discovery of supercycle - framing stand-alone workflows - connecting to cost price theory: - activity-based costing - process-based costing - supercycle-based costing
    83. 83. Phase 1: Ist supercycle mining M: Majority Owner-Manager S: Sales department B: Buy/Purchase department F: Financial department T: IT department W: Warehouse manager L: Labor/salary accounts P: Planning department C: Creditor accounts D: Debtor accounts A: Application Agent Legend Agent’s access is associated to: 1. Transactions 2. States 3. Flows Capital letter: authorized, legitimate access Small letter: illegitimate access C b f t F m d D s t A t L f t P t P t W t A t A t S A A L F L F L F M M D F D C B F B F W P P P P W A A A A C m D f t S t A t F t B f t B f t P t W t L f 225 25 200 225 500 25 25 1,000 400 400 100 20 20 20 20 500 400
    84. 84. Phase 2: Identify Soll in Ist Identify Soll supercycle by excluding Ist flows, based on automatically identified candidate Ist flows Based on: “Towards a Computer-Assisted Audit Analysis of Business Processes: Process Mining as Tool for IT Auditors”, Maria Bezverhaya, Emiel Caron & Piet Goeyenbier, ‘de EDP-Auditor’, NOREA, 2009 Push signal from Technical University of Eindhoven, ProM, Fluxicon & Anne Rozinat Apply constraints to check if remaining model is a valid Soll Analyzing 3232 cases, classi-fying casualties (red arrows): A . Invoice receipt without prior approval (2537x) B . Approval acquired after pur- chase completion (261x) C . Purchase order established for rejected request (9x) D . Handled order status skip- ping receipt (875x), etc. Design-time workflow vs. run-time workflow Pull signal from audit practitioners & IT audit educators, e.g. “Process Mining” by Mieke Jans & CARLAB, Rutgers, 2010 D A C B
    85. 85. Scientific foundation: rationally rigorous. With mathematical & computational formalization. Superbly suited for the digital age. Recognized as such in accelerating pace. Easy by new tech Top-cycle: normative backbone of the ‘business process’-oriented audit approach Top-cycle concept & typology: Central result of integral evolution. Of ‘business process’-oriented Auditing Theory , Auditing Practice & Auditing Education . Over 60-80 years Typology of top-cycles: ordered by the strength of the backbone Unfortunately hardly translated into English Phase 2: Identify Soll supercycle in Ist Soll identification is supported by a typology of top-cycles
    86. 86. Phase 3: Continuous auditing http://www.ComputationalAuditing.com/images/Kring.swf Confront a stream of business events to Soll Interrelate all buffer contents Reconcile with external evidence On-the-fly, close-to-real-time checking of spanning business equations Especially spanning buy side & sell side Triangulation Capture deviations and associated risks 3rd party evidence processing “ Continuity Equations” Miklos Vasarhelyi et al. CARLAB, Rutgers, 2010
    87. 87. Phase 3: Continuous auditing Confront a stream of business events to Soll, close-to-real-time Answers the question: “Free of opportunities for traceless embezzlement, without need to collude?” Design, Implementation & Operation Continuous auditing web service (hosted via external auditor?) intercepts every Authorization Change Request to signal: refuse human intervention required OK Irreplaceable internal control: Irreplaceable in the sense that there is no way for an external auditor to compensate its lacking or failing, while it is indispensable for a rationally justifiable approval “ Audit Automation as the Foundation of Continuous Auditing”, Michael Alles, Alexander Kogan, Miklos Vasarhelyi & Donald Warren, 16th WCAS, 2008
    88. 88. Phase 4: Aggregate deviations Builder What do the arrows mean? E.g. Table A1.2.1 accumulates risks regarding the assertion ‘Systems that retain…’ based upon underlying feeding questions such as E1.6 & classifies & propagates the accumulated risk to Table A1.2 & A1 to contribute to driving the configuring, via table S2, of audit tasks constituting the audit plan Risk summarization tables capturing assertion-based aggregation schemes, that define how to automatically generate table rows from, e.g., collected & collated phase 3 deviations Arrow as workflow operator
    89. 89. Phase 4: Aggregate deviations Based on: Sun, Srivastava & Mock, 2006 “An Informa-tion Systems Security Risk Assessment Model”, pp. 43-48 Fully Automatic Semi Automatic This can be realized in Deloitte’s Smart Audit Support with a plug-in for Dempster-Shafer-Srivastava confidence-level computations Manual Player
    90. 90. 2 Receivables 3 Inventories + = <ul><li>Aggregation in XBRL: </li></ul><ul><li>Calculation linkbase </li></ul><ul><li>XBRL Formula </li></ul>Plug-in: transferable ‘type polymorphism’ mechanism for XBRL Assurance Builder & Player Domain-Specific Language (DSL) for auditing: Pacioli, developed by Dutch software partner in cooperation with national research center for mathematics and computer science in the Netherlands (CWI) & University of Amsterdam 5 Assets 5 Current Assets At least one non-current inventory All three inventories are current { XBRL US GAAP Taxonomy or Articulate XBRL Assurance functionality using a dedicated website builder (plug-ins) instead of handcrafting XBRL Formula’s Type Polymorphism: Least Upper Bound in the Taxonomy Phase 4: Aggregate deviations See: “On Positioning XBRL Assurance Business Rules in a Computational Infrastructure for Modern Auditing”, 2009, University of Kansas, Annual International Conference on XBRL
    91. 91. Phase 5: Publish deviation top-10 Publish on interactive dashboard Supercycle as dashboard Drill-down on analytics Planning & Control Key Performance Indicators (KPI’s) Key Control Indicators (KCI’s) C b f t F m d D s t A t L f t P t P t W t A t A t S A A L F L F L F M M D F D C B F B F W P P P P W A A A A C m D f t S t A t F t B f t B f t P t W t L f 225 25 200 225 500 25 25 1,000 400 400 100 20 20 20 20 500 400
    92. 92. Jacquard project: Next Generation Auditing: Data Assurance as a Service demo by Jacques de Swart, PricewaterhouseCoopers & Paul Griffioen, CWI More on the Jacquard project at the 21st World Continuous Auditing & Reporting Symposium, Rutgers, New Jersey, November 5-6, 2010
    93. 93. Agenda Part II - New risk control mechanisms <ul><li>Supercycle: interface between organization & auditor </li></ul><ul><li>Jacquard project: “Next Generation Auditing”, 2010-2014, with a software demo by Jacques de Swart & Paul Griffioen </li></ul><ul><li>Nexus micro-macro, consolidated </li></ul><ul><li>Qualitative: internal control to secure actions of agents </li></ul><ul><li>Quantitative: “completeness, the elusive assertion” </li></ul><ul><li>Financials: ‘incentives thread’ of owner-ordered audit </li></ul><ul><li>Sustainability: ‘completeness thread’ of owner-ordered audit </li></ul><ul><li>Soll & Ist </li></ul><ul><li>Public digital infrastructure for financial utility functions & to facilitate SWOOPs: Self Web-Organized Owning Parties </li></ul><ul><li>Golden opportunity for the Netherlands </li></ul><ul><li>Your questions </li></ul>
    94. 94. Nexus micro-macro: financials, consolidated “ Hans Rosling shows the best stats you've ever seen” “ Preparing for an audit mandate to contribute to systemic risk anticipation”, accountant.nl “ Automatic aggregation in auditing, with an application to systemic risk anticipation”, 19th World Continuous Auditing & Reporting Symposium, Rutgers, New Jersey, 2009 “ Risk control and technology”, Royal NIVRA Dutch Auditing Day, Amsterdam, 2009 With supportive technology to: 1. Receive input data streams via auditor-certified channels: assuring data is reliable from a long-term ownership perspective 2. Aggregate data anonymously 3. Present a Rosling-style big picture of Bookstaber’s systemic risk indicators, with built-in triggers for timely alerts, on oversight level, with drill-down functionality: to pro-actively inform firms involved, e.g. via their auditors Royal NIVRA’s ‘Sharing Knowledge’ project See: challenge no. 2 slide 15 & 18 Black & Scholes
    95. 95. Nexus micro-macro: sustainability <ul><li>Now you’ve had your crash course in owner-ordered auditing. Can someone explain to me why the method of assessing the completeness assertion is so very well transferable from ‘completeness of revenues’ to ‘completeness of pollution’? Any hints wanted? </li></ul>
    96. 96. Nexus micro-macro: Web infrastructure <ul><li>Banking & rating agency utility functions: - fund transfers, account keeping, account access, etc. - tracking & tracing of who owes what to whom, etc. - tracking & tracing bar-coded financial products, etc. Why not with scientific security and code base? </li></ul><ul><li>Audit & oversight mechanisms: </li></ul><ul><li>- web platform for audit support: interactive audit forms </li></ul><ul><li>- access audit methods, CAATTs </li></ul><ul><li>- access auditee’s accounting system </li></ul><ul><li>Why not let aggregated XBRL-tagged data streams enable double-entry bookkeeping on macro-economic level? </li></ul><ul><li>Why not for both financial and non-financial information? </li></ul>Why not have a public digital infrastructure for financial utility functions? With additional commercial functions? Computer Assisted Audit Tools & Techniques
    97. 97. Nexus micro-macro: SWOOPs Facilitate launching of S elf W eb- O rganized O wning P arties <ul><li>Which owner group has clear ROI (Return On Investment) ? </li></ul><ul><li>How to empower downplayed owners? SWOOPs </li></ul><ul><li>Launching mechanism: agent technology, agency theory </li></ul><ul><li>Example focus group: individual pension fund participants </li></ul><ul><li>Ownership control spectrum: from franchisor (strong) till individual pension fund participant (weak) </li></ul><ul><li>Auditor applies web-based owner-ordered audit method </li></ul><ul><li>contributor </li></ul><ul><li>‘ sleeper’ </li></ul><ul><li>receiver </li></ul>“ The South-Koreans didn’t understand the advanced American derivatives, so they didn’t bought them and weren’t hit by the crisis”, portfolio manager at big Dutch institutional investor for big Dutch pension fund who made big losses, Safe magazine, summer 2010
    98. 98. Agenda Part II - New risk control mechanisms <ul><li>Supercycle: interface between organization & auditor </li></ul><ul><li>Jacquard project: “Next Generation Auditing”, 2010-2014, with a software demo by Jacques de Swart & Paul Griffioen </li></ul><ul><li>Nexus micro-macro, consolidated </li></ul><ul><li>Qualitative: internal control to secure actions of agents </li></ul><ul><li>Quantitative: “completeness, the elusive assertion” </li></ul><ul><li>Financials: ‘incentives thread’ of owner-ordered audit </li></ul><ul><li>Sustainability: ‘completeness thread’ of owner-ordered audit </li></ul><ul><li>Soll & Ist </li></ul><ul><li>Public digital infrastructure for financial utility functions & facilitating SWOOPs: Self Web-Organized Owning Parties </li></ul><ul><li>Golden opportunity for the Netherlands </li></ul><ul><li>Your questions </li></ul>
    99. 99. <ul><li>Pull side </li></ul>Match-making between ‘pull’ & ‘push’ Internationalize the owner-ordered audit method. This requires deep computational support. Why? To minimize international, educational burden (3-years post-Master) To streamline train-the-trainer, roll-out & getting ROI fast <ul><li>Improve the audit profession’s relevancy to society </li></ul><ul><ul><li>Individual audit: ownership orientation (chall. 1) </li></ul></ul><ul><ul><li>Contribute to systemic risk mitigation (chall. 2) </li></ul></ul>Push side <ul><li>R&D of supportive concepts and technology </li></ul>Golden opportunity for the Netherlands
    100. 100. Golden opportunity for the Netherlands Why, and how, the present financial crisis is driving owner-ordered auditing core concepts out of a local past and into a global future The international auditing community is converging to be receptive for an accelerated recognition of the owner-ordered audit method – with deep computational support – as an effective and efficient key method to counterweight core issues manifested by the crisis Till today the Netherlands are the only ones who cultivated the owner-ordered audit method, and integrated this with the management-ordered audit method, in the supercycle-based two-way audit approach, while founding this combination in the scientific stronghold of process math Worldwide leading institutions in process math also happen to be located in the Netherlands, and international thought leaders in auditing in the USA & Canada have expressed their interest in co-operation with them But, can a small country, like the Netherlands, be big in innovation? Of course, look at Israel: it has attracted 30 times more venture capital than all countries of Europe together, Het Financieele Dagblad, Huub Schellekens, July 17, 2010
    101. 101. <ul><li>Your Questions </li></ul>

    ×