The document summarizes an advisory board meeting for the CarLab research center. It discusses continuous assurance and how audit is evolving to be a continuous process using automation, sensors, and data monitoring. Research projects are looking at areas like control monitoring, process mining, remote auditing, and using techniques like continuity equations and clustering for anomaly detection. The document also discusses creating a rapid prototyping environment for testing advanced analytics and building dashboards to visualize risks and transactions for continuous monitoring.

1. CarLabOverview(drinking from a fire hydrant)Miklos A. VasarhelyiDirector CarLabKPMG Professor of AIS8th Annual CarLab Advisory Board MeetingNovember 4th, 2010

2. 22Continuous Assurance

3. Report levelAssuranceData level AssuranceProcess levelAssuranceAssurance ofKey ProcessesAssurance ofReportsAssurance ofData elementsProcess reviews a la Systrust

4. Internal or outsourced

5. Third party processes are to become the norm

6. Intra and Inter process controls an issue

7. Compliance reports becoming commonplace

8. Traditional audit is an instance of RLA

9. Generated and modified by different processes

10. XML/ XBRL datum

11. Generated and modified by different processes

12. Balkanization of data

13. Control / Assurance tagsAn evolving audit framework333

14. An Evolving Continuous AuditFrameworkContinuousAuditContinuous RiskMonitoring andAssessmentAutomation

15. Sensoring

16. ERP

17. E-CommerceContinuousAuditContinuousControlMonitoringData444

18. 5The CarLab Research EffortsSiemensContinuous control monitoring (CCM)Audit automationAuthorization and control structure project Continuity equations at HCAItau Unibanco Branch monitoring and analyticsTransitory AccountsProduct sales monitoringInsurance companyForensics as CA -> the wires projectClaims5

19. P&GKPI projectOrder to cash project -> selective automationVendor / payments projectKPMG projectsTechnology adoption at CPA firmsTechnology adoption at IA departmentsThe future of auditRapid Prototyping Environment for data research (RPE)Dashboard / visualization / Advanced Analytics Representation (DVAA)Telecom and Real Estate Co (TRE)Duplicate Payments detectionThe CarLab Research Efforts (2)6

20. RARC and Our Teaching MissionThe VPA effortAutomatic course recording experiment just startedA vision of free unencumbered educational stream for less developed nationsClickersExperimentation with response system uses in different contexts7

21. Out of the boxStandards Formalization: issuing standards in autocode8

22. AAA Impact of Research Taskforce 2009Perhaps the most important contribution of accounting information systems research to practice in the auditing and assurance domain is in continuous assurance. The work of Vasarhelyi and his colleagues on continuous assurance demonstrates the application of strong theoretical foundations to the practical problems of the auditor; in this case the internal auditor. 9

23. 10

24. Innovations in Continuous AuditingModeling: continuity equations (HCA)Discrepancy detection -> multidimentionalclusteringProcess mining -> at international bank in HollandRemote audit conceptualization – Siemens, P&G, Itau UnibancoAutomatic taxonomy creationMultiple multivariate applications11

25. Continuity EquationsAlex KoganMichael AllesMiklos Vasrhelyi12

26. Voucher Payment ProcessOrdering ProcessReceiving Process13

27. CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100, 101CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100, 101, 102101Predicted Value101102103AP Model 1102103104102Predicted ValueAP Model 2103104105103Predicted ValueAP Model 3updatedupdated14

28. Initial Model EstimationDetermine Parameter p-value thresholdRetain parameters below threshold; Restrict parameters over threshold to zeroRe-estimate ModelNoDo new parameter estimates all below threshold?YesFinal Model15

29. CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100101Predicted Value101102103AP Model 116

30. Remote AuditRyan TeeterMiklos VasarhelyiDon Warren17

31. Goals of the Integrated Audit18

32. The Role of Documentation Within an Organization19

33. Risk Monitoring Workflow File SetupGather basic process, internal audit team infoInformation from External Interfaces such as …..Risk-Factor AssessmentsEvaluate ERP for flagged data, controlsAdministrative FunctionsUpdate data, risk factors, flag dataRisk ScoringMathematical scoring algorithm is applied and presented in a dashboard Begin automatic data collection, assign remote and in loco auditorsYESOn-Demand Audit DecisionAuditor decides whether an in-depth audit is requiredAssign low priority to process until risk changeNO20

34. 2121Evolving Towards the Future

35. 2222Opportunities for ResearchCreating Control system measurement and monitoring schemataCreating standards for Business Process Monitoring and AlarmingAutomatic Confirmation ToolsDevelopment of a variety of modular Audit bots (agents) to be incorporated into programs of audit automation Creation of alternative real-time audit reports for different compliance masters

36. 23Complementary Research NeedsExpansion of assurance to non-financial processes to relate to these through continuity equations (Kogan et al, 2010)Standards are needed for CA (CICA/ AICPA, 1999; IIA, 2003; ISACA 2010)Research on the development of complementary assurance products

37. 24Reconsideration of Concepts and StandardsIndependence needs to be re-definedThe external audit billing model has to be restructured to bill on function not hoursAudit firms must put improved knowledge collection and management processes to feed their audit analytic toolkitAudit firms have to engage in auditor automation and pro-actively promote corporate data collection during-the-processValue added must be justified in terms of data qualityMateriality needs to be redefined

38. Multidimensional Clustering for audit fault detectionSutapat ThiprungsriMiklos A. Vasarhelyi25

39. Visualizing combination of attributes, we will be able to see similarity and differences among claims26

40. Analyzing individual variables, we will be able to see clearly that some claims have rare values 27

41. Process MiningMieke Jens (Hasselt University) Michael Alles (Rutgers Univ.)28

42. What is Process Mining of Event Logs?The basic idea of process mining is to extract knowledge from event logs recorded by an information system. Until recently, the information in these event logs was rarely used to analyze the underlying processes. Process mining aims at improving this by providing techniques and tools for discovering process, control, data, organizational, and social structures from event logs. Fuelled by the omnipresence of event logs in transactional information systems… process mining has become a vivid research area.http://is.tm.tue.nl/staff/wvdaalst/BPMcenter/process%20mining.htm2929

43. An Example of An Event Log of an Invoice3030

44. Research team (all in AIS department but multidisciplinary background)Miklos A. Vasarhelyi, Prof. II (continuous auditing)Alex Kogan, Prof. – (computer scientist)Michael Alles, Professor –( economics)Helen Brown (auditing)Don Warren, Professor –( audit Practice)Trevor Stewart, Professor (retired D&T partner)Silvia Romero – faculty Montclair UniversityYong Bum Kim – PhD Student (Statistics)Daewoon Moon –PhD Student (Risk Management)Ryan Teter – PhD Student (Computer Science)Qi, Liu–PhD StudentHassan Issa–PhD StudentDavid Chen–PhD Student (knowledge engineering)Danielle Lombardi (PhD student)JP Krahel (PhD student)Karina Chandia (PhD Student)31

45. http://raw.rutgers.eduA wide range of presentations / videos and papers from the multiple CA and CR conferences promoted by Rutgers32