Download as PDF, PPTX
![The analysis in owner-ordered auditing starts with:
testing sales for understatement
Equation:
Inv[B] + Pur – Inv[E] → Sales
But then, testing Sales for understatement means:
testing Inv[E] for overstatement!
15](https://image.slidesharecdn.com/pejhbrn-siks-v4-120509131847-phpapp01/85/Top-Cycle-Mining-15-320.jpg)
![One specific challenge in every audit:
Equation: Inv[B] + Pur – Inv[E] → Sales
is right in terms of quantities (of goods or services),
not in terms of money, like all the other equations!
The difference: ‘Gross Profit’,
which is to be audited for understatement.
Main challenge to be solved in every audit.
18](https://image.slidesharecdn.com/pejhbrn-siks-v4-120509131847-phpapp01/85/Top-Cycle-Mining-18-320.jpg)
![Audit evidence a framework (ppt ch7[1].pdf)](https://cdn.slidesharecdn.com/ss_thumbnails/auditevidence-aframeworkpptch71-pdf-121211154609-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
Top Cycle Mining
- 1. SIKS Master Classon Smart Auditing March 21, 2012, Vught Top Cycle Mining Philip Elsas, ComputationalAuditing.com Hans Blokdijk, Limperg Institute Robert Nehmer, Oakland University 1
- 2. Introduction • Process miningis a technique that takes business event logs as input and generates a smart flow chart as output • The business case for process mining: – Automatically generated flow chart – Flow chart is not documentation-only 2
- 3. Process Mining • References – Aalst, W. van der (2011). Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer Verlag, Berlin (ISBN 978-3-642-19344-6). – Jans, M., van der Werf, J.M., Lybaert, N., Vanhoof, K. (2011) A business process mining application for internal transaction fraud mitigation, Expert Systems with Applications, 38 (10), 13351-13359 – http://www.processmining.org/ 3
- 4. Our Approach • Ourapproach is to strategically position process mining for the cash-to-cash top cycle by assessing and assuring completeness of loggings • The cash-to-cash cycle is central in the integrated owner-ordered and management-ordered audit approach – To Be modality ('Soll') – As Is modality ('Ist') 4
- 5. • Owner-ordered auditingaddresses understatement of profits: whether revenues are understated and expenses are overstated As an owner you want assurance that management, who you entrusted your money, is not making profits while keeping parts of it unstated, since profits are the basis of your dividends and stock quotation • Management-ordered auditing addresses overstatement of profits As management you want to attract investment capital by increasing your credibility that the profits you state are all real, not overstated, and so you hire the independent auditor to provide this assurance • Management's illegitimate interest (overstating or understating profits) determines the direction of the audit from a market-driven value-adding perspective 5
- 6. Owner-ordered audit: tocheck management to increase credibility that profits aren't understated Owners Money-inflow for management maximize equity Management Money-inflow for owners long-term ROI Potential Owners Management-ordered audit: to attract new investors to increase credibility that profits aren't overstated 6
- 7. • In theowner-ordered audit tradition the auditor determines completeness of profits using the cash-to-cash top cycle • Quantitative: enterprise-level spanning reconciliation checks (also known as: comprehensive coherence tests): central norm connecting: - ‘buy side’ and ‘sell side’ transaction volumes - generated ‘gross profit’ margins • Qualitative: enterprise-level segregation of duties: non-identical and preferably opposite interests in top cycle logging locations 7
- 8.
- 9. Top cycle representedas a smart flow chart: transaction, or flow, as a box with adjacent arrows (active), state or stock as a circle (passive) 9
- 10. Top cycle representedas matrices with quantitative aspects (prices & volumes) and qualitative aspects (authorizations by agents/departments: S,B,F,D,C,W) 10
- 11. Top cycle representedas a set of equations with the primary audit direction per equation parameter in an owner-ordered audit: overstatement (overlining in dark orange color) or understatement (underlining in light orange color) 11
- 12. $0 + $30 * (900+100) - $0 => $27,000+$3,000 $0 + $30 * (900+100) - $0 => $27,000+$3,000 0 + 900+100 - 0 => 900+100 0 + 900+100 - 0 => 900+100 $0 + $18,000+$2,000 - $0 => $20 * (900+100) $0 + $18,000+$2,000 - $0 => $20 * (900+100) $0 + $27,000+$3,000 - $9,000+$1,000 => $18,000+$2,000 $0 + $27,000+$3,000 - $9,000+$1,000 => $18,000+$2,000 recording + omitted recording reality + omitted reality 12 unstated revenues, spanning reconciliation checks & detectability
- 13. Economic substance ofthe business can be represented by a ‘Web of equations’ which inevitably includes: ‘stocks’ and ‘flows’ outside of the basic cash-to-cash top cycle, such as transactions regarding: - fixed assets; - financing; - general expenses. 13
- 14. The complete ‘webof equations’ is indispensable to compose an ‘audit plan’, for all the ‘stocks’ and ‘ flows’. Main question: Should a particular ‘stock’ or ‘flow’ be tested - for: overstatement, - or: understatement? Requires different auditing techniques. 14
- 15. The analysis inowner-ordered auditing starts with: testing sales for understatement Equation: Inv[B] + Pur – Inv[E] → Sales But then, testing Sales for understatement means: testing Inv[E] for overstatement! 15
- 16. The analysis shouldbe pursued for all equations, and there is no need to audit any item, in either B/S or P&L, for both under- and overstatement. The general result is: test all debits for overstatements (assets in the B/S and expenditures in the P&L), and test all credits for understatements (liabilities in the B/S and revenues in the P&L). 16
- 17. The International Standardson Auditing (ISA’s) do not specify audit plans. However, they require that all items in the accounts are tested both for over- and understatements. But this does not generally require two different tests on an item: if a debit is tested for overstatement, the corresponding credit is implicitly tested for overstatement as well! Double-entry bookkeeping. 17
- 18. One specific challengein every audit: Equation: Inv[B] + Pur – Inv[E] → Sales is right in terms of quantities (of goods or services), not in terms of money, like all the other equations! The difference: ‘Gross Profit’, which is to be audited for understatement. Main challenge to be solved in every audit. 18
- 19. Mapping out thecash-to-cash top cycle enables the auditor to perform: ‘comprehensive coherence testing’ (CCT) extensively described in ‘Reflections on Auditing Theory’, chapter 3 (Kluwer Bedrijfswetenschappen, Limperg Instituut, 1995). 19
- 20. But: CCT doesnot discover ‘shop in the shop’: Entire cycle of purchases, sales, payments and receipts fraudulently omitted from the accounting records. To be prevented by segregation of duties. Mapping out the top cycle enables the evaluation of internal controls. 20
- 21. System Logging inOur Approach • Information System (IS) server software is developed with built in logging capabilities and default log levels • Log levels specify the amount of details logged • The IS function uses logs to help control day-to-day operations and maintenance • Auditors can mine existing logs for audit evidence in our approach 21
- 22. Benefits of theapproach • Uses existing logs as a baseline • Allows a critique of existing controls when combined with the top cycle approach • IS personnel are already familiar with logging and require little or no additional training 22
- 23. Example: Database serverlogging • Access logging – Logs data about connections to a data base server: time stamp, duration, user ID, table accessed, etc. This data can be used to test separation of duties and appropriate access from the audit perspective. • Write-ahead logging – Logs transaction details for transactions still in volatile areas of the system. Used to recover data in case of system failure but can be mined for transaction details. This data can include purchase cost, direct labor, and overhead details. 23
- 24. Full Coverage ofLoggings Access log Write-ahead log 24
- 25. Logs Mapped toMatrix 25
- 26. Assessment with TopCycle: Partial Coverage 26
- 27. Partial Coverage Mapped toMatrix 27
- 28. Assessment Part 1 Absentlogged measures can be corrected in one of two ways: 1) Increase logging levels and have the built in logging capture the measures 2) Write a custom system to capture the measures • In either case, costs are determinable and comparable with the value of the missing measures 28
- 29. Assessment Part 2 •Problems in qualitative design of the system of segregation of duties would be discovered by setting expectation for access to the database and that necessary transactions are occurring. • The logs can be checked to make sure these access points exist and are being routinely used. 29
- 30.
- 31. Mining the topcycle business process 31
- 32. Concluding remarks • Basedon existing logs in appropriate segregation of duties an organization may already be very close to boost audit power by process mining • Additionally required logging detail or additional segregation of duties is systematically identified using the cash-to-cash top cycle from the proven owner-ordered audit tradition 32