Written by Nigel Matthews      Posted on May 19, 2008

Nigel Matthews is Senior Product Manager at ACL Services Ltd..  He is a member of the Canadian Institute of Chartered Accountants and has over 15 years experience implementing audit analytics in North America, Europe, and Asia.

Mike Willis of PricewaterhouseCoopers wrote in last October’s issue of Internal Auditor that “There are many pervasive [information] supply chain problems that exist today due to the lack of an open information standard and proprietary formats…XBRL enhances the work of internal auditors by addressing these information problems and enabling them to do more at a lower cost.”

Much of the recent discussion on XBRL has focused on the technology’s application to solving interactive financial reporting problems, most notably the SEC’s initiative to XBRL-enable EDGAR filings. But there’s a lot more to the XBRL concept than EDGAR. Mike’s comment highlights the tremendous potential of XBRL-GL to address one of the fundamental challenges facing auditors today: How can the average non-specialist auditor find and make sense of complex, often poorly documented, but nonetheless vital enterprise data — without getting deep into the weeds of IT technology?  
 
So why is continuous auditing important, and how can it work together with XBRL to provide improved business value? Continuous auditing gives auditors the ability to notify the organization, on a timely and ongoing basis, about errors and other situations that affect financial performance. Properly implemented, continuous audit and monitoring strategies can go a long way toward ensuring day-to-day adherence to internal business policies and external regulatory requirements — for example, correct handling of VAT on goods purchased and sold. (Note that the terms continuous auditing and continuous monitoring can be used somewhat interchangeably. Depending on who in the audit profession you talk to, continuous monitoring implies a responsibility for self- monitoring on the part of business stakeholders, as opposed to a purely audit-driven function.)

Continuous audit is becoming an important tool to enable enterprises to respond to and manage specific enterprise risks. In practice, continuous audit strategies are typically used on a daily basis to determine the validity, accuracy, and the appropriateness of transaction-by-transaction business records relative to business policies and control objectives. For example, one can use continuous auditing to examine and test every one of the millions of transactions that pass though the enterprise’s core computerized accounting records and ultimately contribute to the enterprise’s reported financial position — a task that would be impossible in all but the smallest organizations without the use of computerized tools.

Before continuous auditing came along, the “traditional” approach to audit, developed over the last forty years (after business computing caught on in the late 1960s), involved either of two methods. If the auditors chose to audit “through” the computer, they obtained periodic bulk downloads of historical data and fed this into their analysis tools, often through a long process of trial and error data discovery involving IT specialists and system administrators. In this case, the data was frequently weeks or months out of date before the audit began.

Many auditors chose not to even try this, instead opting for the second method, i.e.,  auditing “around” the computer. This approach entailed  placing their trust in the correct configuration and operation of the computer systems and business controls, sometimes backed up by various judgmental or statistically based strategies for achieving audit “coverage” via transaction sampling methods.

The concept of continuous auditing is not new. In recent years, however, it has become increasingly obvious that continuous audit is now not only technically viable, but is the auditor’s preferred response to the challenges posed by continuously changing  business conditions, massive data volumes, and the demands to audit better, smarter, and faster.

That said, continuous audit requires the auditor — and the computerized tools they are using — to have ongoing and ready access to enterprise data.  This is where XBRL-GL enters the picture. XBRL-GL enables auditors to pull information from disparate systems and map this information to standardized, tagged format, both in terms of the data content, and most important, placing and maintaining the data in the correct business context throughout the audit and reporting process. It answers the questions: What is the time period covered by the data?  What currency is that transaction in?  When was the transaction last updated? Where did this data come from? Has the data under audit been traced and reconciled back to source?

In the continuous auditing implementation projects which I have been involved in, answering these types of questions often takes up much of the available project time – in some cases up to half the total project.  XBRL opens up the possibility for auditors to achieve near-real-time data access and immediate, relevant, audited business information. It’s a simplified audit process that equips auditors to review more data in detail more frequently, thereby allowing them to spend time evaluating data, not working through information supply chain problems.

So where does making life better for auditors fit into the overall picture of XBRL-enabled financial reporting? In today’s organizations, continuous auditing and monitoring has become a reality, but there are still challenges in the financial reporting supply chain. These challenges require extensive manual audit and reconciliation procedures before and during (and hopefully not after) the audit process. XBRL-GL can bridge that gap and make the roll-up of continuously audited data into XBRL-enabled financial statements a faster, more effective process. The result is less opportunity for errors, less re-work, and improved efficiency for all stakeholders in the financial reporting process.

We’ve already seen the benefits that continuous auditing has brought to many companies around the globe, despite the challenges these firms (and their auditors) have been forced to face and overcome to access enterprise data. Beyond achieving the primary goal of delivering more timely, higher-quality output from the audit function, continuous auditing strategies frequently generate immediate, significant contributions to enterprise financial results through early identification of errors and fraud, and allow companies to move quickly to respond to control weaknesses and gaps. Once implemented, continuous audit strategies often exhibit ROI within days and weeks.

If a standard XBRL-GL schema is adopted and implemented widely by both technology providers and organizations submitting financial reports, one could reasonably expect the efficiency and cost savings of continuous audit to be achievable for more companies. At the very least, it would allow more organizations to benefit from continuously reviewing key financial controls and help overcome the data access challenges that often prevent companies from even trying.

Add to Del.icio.us | Digg this

This entry was posted on Monday, May 19th, 2008 at 3:13 pm and is filed under General, . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.