CarLabOverview(drinking from a fire hydrant)Miklos A. VasarhelyiDirector CarLabKPMG Professor of AIS8th Annual CarLab Advisory Board MeetingNovember 4th, 2010
22Continuous Assurance
Report levelAssuranceData level AssuranceProcess levelAssuranceAssurance ofKey ProcessesAssurance ofReportsAssurance ofData elementsProcess reviews a la Systrust
Internal or outsourced
Third party processes are to become the norm
Intra and Inter process controls an issue
Compliance reports becoming commonplace
Traditional audit is an instance of RLA
Generated and modified by different processes
XML/ XBRL datum
Generated and modified by different processes
Balkanization of data
Control / Assurance tagsAn evolving audit framework333
An Evolving Continuous AuditFrameworkContinuousAuditContinuous RiskMonitoring andAssessmentAutomation
Sensoring
ERP
E-CommerceContinuousAuditContinuousControlMonitoringData444
5The CarLab Research EffortsSiemensContinuous control monitoring (CCM)Audit automationAuthorization and control structure project Continuity equations at HCAItau Unibanco Branch monitoring and analyticsTransitory AccountsProduct sales monitoringInsurance companyForensics as CA -> the wires projectClaims5
P&GKPI projectOrder to cash project  -> selective automationVendor / payments projectKPMG projectsTechnology adoption at CPA firmsTechnology adoption at IA departmentsThe future of auditRapid Prototyping Environment for data research (RPE)Dashboard / visualization / Advanced Analytics Representation (DVAA)Telecom and Real Estate Co (TRE)Duplicate Payments detectionThe CarLab Research Efforts (2)6
RARC and Our Teaching MissionThe VPA effortAutomatic course recording experiment just startedA vision of free unencumbered educational stream for less developed nationsClickersExperimentation with response system uses in different contexts7
Out of the boxStandards Formalization: issuing standards in autocode8
AAA Impact of Research Taskforce 2009Perhaps the most important contribution of accounting information systems research to practice in the auditing and assurance domain is in continuous assurance. The work of Vasarhelyi and his colleagues on continuous assurance demonstrates the application of strong theoretical foundations to the practical problems of the auditor; in this case the internal auditor. 9
10
Innovations in Continuous AuditingModeling: continuity equations (HCA)Discrepancy detection -> multidimentionalclusteringProcess mining -> at international bank in HollandRemote audit conceptualization – Siemens, P&G, Itau UnibancoAutomatic taxonomy creationMultiple multivariate applications11
Continuity EquationsAlex KoganMichael AllesMiklos Vasrhelyi12
Voucher Payment ProcessOrdering ProcessReceiving Process13
CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100, 101CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100, 101, 102101Predicted Value101102103AP Model 1102103104102Predicted ValueAP Model 2103104105103Predicted ValueAP Model 3updatedupdated14
Initial Model EstimationDetermine Parameter p-value thresholdRetain parameters below threshold; Restrict parameters over threshold to zeroRe-estimate ModelNoDo new parameter estimates all below threshold?YesFinal Model15
CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100101Predicted Value101102103AP Model 116
Remote AuditRyan TeeterMiklos VasarhelyiDon Warren17
Goals of the Integrated Audit18
The Role of Documentation Within an Organization19
Risk Monitoring Workflow File SetupGather basic process, internal audit team infoInformation from External Interfaces such as …..Risk-Factor AssessmentsEvaluate ERP for flagged data, controlsAdministrative FunctionsUpdate data, risk factors, flag dataRisk ScoringMathematical scoring algorithm is applied and presented in a dashboard Begin automatic data collection, assign remote and in loco auditorsYESOn-Demand Audit DecisionAuditor decides whether an in-depth audit is requiredAssign low priority to process until risk changeNO20
2121Evolving Towards the Future
2222Opportunities for  ResearchCreating Control system measurement and monitoring schemataCreating standards for Business Process Monitoring and AlarmingAutomatic Confirmation ToolsDevelopment of a variety of modular Audit bots (agents) to be incorporated into programs of audit automation Creation of alternative real-time audit reports for different compliance masters
23Complementary Research NeedsExpansion of assurance to non-financial processes to relate to these through continuity equations (Kogan et al, 2010)Standards are needed for CA (CICA/ AICPA, 1999; IIA, 2003; ISACA 2010)Research on the development of complementary assurance products
24Reconsideration of Concepts and StandardsIndependence needs to be re-definedThe external audit billing model has to be restructured to bill on function not hoursAudit firms must put improved knowledge collection and management processes to feed their audit analytic toolkitAudit firms have to engage in auditor automation and pro-actively promote corporate data collection during-the-processValue added must be justified in terms of data qualityMateriality needs to be redefined
Multidimensional Clustering for audit fault detectionSutapat ThiprungsriMiklos A. Vasarhelyi25
Visualizing combination of attributes, we will be able to see similarity and differences among claims26
Analyzing individual variables, we will be able to see clearly that some claims have rare values 27
Process MiningMieke Jens (Hasselt University)	Michael Alles (Rutgers Univ.)28
What is Process Mining of Event Logs?The basic idea of process mining is to extract knowledge from event logs recorded by an information system. Until recently, the information in these event logs was rarely used to analyze the underlying processes. Process mining aims at improving this by providing techniques and tools for discovering process, control, data, organizational, and social structures from event logs. Fuelled by the omnipresence of event logs in transactional information systems… process mining has become a vivid research area.http://is.tm.tue.nl/staff/wvdaalst/BPMcenter/process%20mining.htm2929
An Example of An Event Log of an Invoice3030
Research team (all in AIS department but multidisciplinary background)Miklos A. Vasarhelyi, Prof. II (continuous auditing)Alex Kogan, Prof. – (computer scientist)Michael Alles, Professor –( economics)Helen Brown (auditing)Don Warren,  Professor –( audit Practice)Trevor Stewart, Professor (retired D&T partner)Silvia Romero – faculty Montclair UniversityYong Bum Kim – PhD Student (Statistics)Daewoon Moon –PhD Student (Risk Management)Ryan Teter – PhD Student (Computer Science)Qi, Liu–PhD StudentHassan Issa–PhD StudentDavid Chen–PhD Student (knowledge engineering)Danielle Lombardi (PhD student)JP Krahel (PhD student)Karina Chandia (PhD Student)31
http://raw.rutgers.eduA wide range of presentations / videos and papers from the multiple CA and CR conferences promoted by Rutgers32

Research & Innovations at Car Lab

  • 1.
    CarLabOverview(drinking from afire hydrant)Miklos A. VasarhelyiDirector CarLabKPMG Professor of AIS8th Annual CarLab Advisory Board MeetingNovember 4th, 2010
  • 2.
  • 3.
    Report levelAssuranceData levelAssuranceProcess levelAssuranceAssurance ofKey ProcessesAssurance ofReportsAssurance ofData elementsProcess reviews a la Systrust
  • 4.
  • 5.
    Third party processesare to become the norm
  • 6.
    Intra and Interprocess controls an issue
  • 7.
  • 8.
    Traditional audit isan instance of RLA
  • 9.
    Generated and modifiedby different processes
  • 10.
  • 11.
    Generated and modifiedby different processes
  • 12.
  • 13.
    Control / AssurancetagsAn evolving audit framework333
  • 14.
    An Evolving ContinuousAuditFrameworkContinuousAuditContinuous RiskMonitoring andAssessmentAutomation
  • 15.
  • 16.
  • 17.
  • 18.
    5The CarLab ResearchEffortsSiemensContinuous control monitoring (CCM)Audit automationAuthorization and control structure project Continuity equations at HCAItau Unibanco Branch monitoring and analyticsTransitory AccountsProduct sales monitoringInsurance companyForensics as CA -> the wires projectClaims5
  • 19.
    P&GKPI projectOrder tocash project -> selective automationVendor / payments projectKPMG projectsTechnology adoption at CPA firmsTechnology adoption at IA departmentsThe future of auditRapid Prototyping Environment for data research (RPE)Dashboard / visualization / Advanced Analytics Representation (DVAA)Telecom and Real Estate Co (TRE)Duplicate Payments detectionThe CarLab Research Efforts (2)6
  • 20.
    RARC and OurTeaching MissionThe VPA effortAutomatic course recording experiment just startedA vision of free unencumbered educational stream for less developed nationsClickersExperimentation with response system uses in different contexts7
  • 21.
    Out of theboxStandards Formalization: issuing standards in autocode8
  • 22.
    AAA Impact ofResearch Taskforce 2009Perhaps the most important contribution of accounting information systems research to practice in the auditing and assurance domain is in continuous assurance. The work of Vasarhelyi and his colleagues on continuous assurance demonstrates the application of strong theoretical foundations to the practical problems of the auditor; in this case the internal auditor. 9
  • 23.
  • 24.
    Innovations in ContinuousAuditingModeling: continuity equations (HCA)Discrepancy detection -> multidimentionalclusteringProcess mining -> at international bank in HollandRemote audit conceptualization – Siemens, P&G, Itau UnibancoAutomatic taxonomy creationMultiple multivariate applications11
  • 25.
  • 26.
    Voucher Payment ProcessOrderingProcessReceiving Process13
  • 27.
    CA SystemData Segmentsfor Analytical Modeling: 1,2,3,4,5,6……100CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100, 101CA SystemData Segments for Analytical Modeling: 1,2,3,4,5,6……100, 101, 102101Predicted Value101102103AP Model 1102103104102Predicted ValueAP Model 2103104105103Predicted ValueAP Model 3updatedupdated14
  • 28.
    Initial Model EstimationDetermineParameter p-value thresholdRetain parameters below threshold; Restrict parameters over threshold to zeroRe-estimate ModelNoDo new parameter estimates all below threshold?YesFinal Model15
  • 29.
    CA SystemData Segmentsfor Analytical Modeling: 1,2,3,4,5,6……100101Predicted Value101102103AP Model 116
  • 30.
    Remote AuditRyan TeeterMiklosVasarhelyiDon Warren17
  • 31.
    Goals of theIntegrated Audit18
  • 32.
    The Role ofDocumentation Within an Organization19
  • 33.
    Risk Monitoring WorkflowFile SetupGather basic process, internal audit team infoInformation from External Interfaces such as …..Risk-Factor AssessmentsEvaluate ERP for flagged data, controlsAdministrative FunctionsUpdate data, risk factors, flag dataRisk ScoringMathematical scoring algorithm is applied and presented in a dashboard Begin automatic data collection, assign remote and in loco auditorsYESOn-Demand Audit DecisionAuditor decides whether an in-depth audit is requiredAssign low priority to process until risk changeNO20
  • 34.
  • 35.
    2222Opportunities for ResearchCreating Control system measurement and monitoring schemataCreating standards for Business Process Monitoring and AlarmingAutomatic Confirmation ToolsDevelopment of a variety of modular Audit bots (agents) to be incorporated into programs of audit automation Creation of alternative real-time audit reports for different compliance masters
  • 36.
    23Complementary Research NeedsExpansionof assurance to non-financial processes to relate to these through continuity equations (Kogan et al, 2010)Standards are needed for CA (CICA/ AICPA, 1999; IIA, 2003; ISACA 2010)Research on the development of complementary assurance products
  • 37.
    24Reconsideration of Conceptsand StandardsIndependence needs to be re-definedThe external audit billing model has to be restructured to bill on function not hoursAudit firms must put improved knowledge collection and management processes to feed their audit analytic toolkitAudit firms have to engage in auditor automation and pro-actively promote corporate data collection during-the-processValue added must be justified in terms of data qualityMateriality needs to be redefined
  • 38.
    Multidimensional Clustering foraudit fault detectionSutapat ThiprungsriMiklos A. Vasarhelyi25
  • 39.
    Visualizing combination ofattributes, we will be able to see similarity and differences among claims26
  • 40.
    Analyzing individual variables,we will be able to see clearly that some claims have rare values 27
  • 41.
    Process MiningMieke Jens(Hasselt University) Michael Alles (Rutgers Univ.)28
  • 42.
    What is ProcessMining of Event Logs?The basic idea of process mining is to extract knowledge from event logs recorded by an information system. Until recently, the information in these event logs was rarely used to analyze the underlying processes. Process mining aims at improving this by providing techniques and tools for discovering process, control, data, organizational, and social structures from event logs. Fuelled by the omnipresence of event logs in transactional information systems… process mining has become a vivid research area.http://is.tm.tue.nl/staff/wvdaalst/BPMcenter/process%20mining.htm2929
  • 43.
    An Example ofAn Event Log of an Invoice3030
  • 44.
    Research team (allin AIS department but multidisciplinary background)Miklos A. Vasarhelyi, Prof. II (continuous auditing)Alex Kogan, Prof. – (computer scientist)Michael Alles, Professor –( economics)Helen Brown (auditing)Don Warren, Professor –( audit Practice)Trevor Stewart, Professor (retired D&T partner)Silvia Romero – faculty Montclair UniversityYong Bum Kim – PhD Student (Statistics)Daewoon Moon –PhD Student (Risk Management)Ryan Teter – PhD Student (Computer Science)Qi, Liu–PhD StudentHassan Issa–PhD StudentDavid Chen–PhD Student (knowledge engineering)Danielle Lombardi (PhD student)JP Krahel (PhD student)Karina Chandia (PhD Student)31
  • 45.
    http://raw.rutgers.eduA wide rangeof presentations / videos and papers from the multiple CA and CR conferences promoted by Rutgers32