Continuous Audit: From the concept towards the implementation

Phd. Kayahan TM1

ARTICLE INFO ABSTRACT

Available online July 2013 Firms scandals in 2000s led to new arguments about how audit mechanism
Key Words: should be. Consequently, authorities agreed upon profiting from
Continuous Audit information technologies for audit and claimed that real time financial and
Information Technologies claimed that real time financial reports were done by electronic
Financial Reports development in firms and so was auditing. This study aims to examine the
continuous audit, defined as a new audit mechanism in literature, and its
availability.

Introduction

One of the main aims of auditing is to investigate the financial condition of a business for internal and
external users. In this context, what is expected from the audition mechanism is to minimize the
asymmetrical data between both users. However, recent company scandals such as Enron, WorldCom and
Xerox, arising from false financial reporting, caused serious financial loss for those who held the shares of
these companies. Rezaee (2004) suggested that the total loss of the investors due to these scandals is more
than 500 million dollars. According to the writer, another result of company scandals is the loss of public
confidence in both preparation of financial statements and audition processes. Following these scandals,
new audition approaches that include more information technology were suggested by accounting circles in
order to redesign the confidence in auditing process as the advances in information technology have made it
a must, to use information technology in the auditing of financial statements by removing the traditional
data resources. At this point, the limitations of traditional approach on the reliability and maintenance of
financial data generated by systems based on information technology resulted in the emergence of
continuous auditing approach. Continuous audit is an audit approach that is based on auditing electronically
generated financial statements on a real time or close to real time basis (Seval, 2005). This study is designed
to investigate continuous auditing concept that presents a more different audit approach than traditional
auditing.

1. Development of Continuous Audit: Literature Review

An important part of the studies in the literature reveals that advances in information technologies have a
decisive role in the emergence of continuous auditing approach. For instance, Kogan et al. (1996) identified
the factors and technologies responsible for the development of continuous auditing. Authors suggested
that widespread availability of computer networking makes it possible to dramatically increase the
frequency of periodic audits by redesigning the traditional auditing architecture around online auditing
(Omesteso et al. 2008). Following this pioneering study of Kogan, more importance was given to continuous
auditing in literature.

In a similar study Vasarhelyi and Greenstein (2003) explained that the most significant effect of information
technology on businesses is the electronization of business processes. According to the authors,
electronization of business processes created significant efficiency in reducing the cost of supply, tightening
of business processes, removing the unnecessary procedures between partners, and physical
documentation. What they put emphasis on is that due to the reduction of paper-based documentation in
businesses, the nature, timing and form of audit evidence have changed. They also pointed out that in the
face of the changing audit environment while the demand for traditional auditing is decreasing, the interest
in continuous auditing and assurance services is increasing.

Another study given as reference in literature was carried out by Rezaee et al (2001). According to Rezaee
et al.(2001,2002), information technology (IT) such as electronic data interchange (EDI), electronic

1 Mustafa Kemal University, Hatay/Turkey, E-mail: kayahantum@mku.edu.tr

1|P a g e
 International Journal of Business and Social Research (IJBSR), Volume -3, No.-7, July, 2013

commerce and the internet have provided business practises in electronic environment. The authors
claimed that such information technologies facilitate the production, presentation and assessment of
financial information on a real-time basis and supported the view that real-time financial information must
be audited on a real-time basis.

Still in another study, Woodroof and Searchy (2001) pointed out that current technology has made
continuous audit to be economically and technologically feasible and suggested a model for web-based
continuous auditing. The authors suggested that some criteria must be met in order for web-based audit
system. In the study they indicated that all parties ( the client, the auditor, and related third parties) must be
motivated, auditor must have a continuous and timely access to the information about the client, the
underlying systems of a continuous audit environment must be reliable and secure, there must be security,
authenticity, and confidentiality of data transmission between parties and there must be an agreement on
the degree of noncompliance and amount of downtime that will be tolerated. According to the authors,
unless these criteria are met a continuous audit will not be feasible. With such criteria in place, automatic
audit will work efficiently for all parties and audit reports relevant to users will be renewed continuously.
The continuous renewal of audit reports, therefore, will reduce the risks and uncertainty of the parties
about the company and increase their information about it.

Coderra (2006) by stating in his study that organizations are continually exposed to errors, frauds or
inefficiencies that can result in continual financial loss and increased level of risk suggested that timely and
continuous assessments of risk levels and control systems of firms have great importance over financial
data to be continuously reliable.

Literature review summarized above indicates that information technologies have great effects on business
processes. The emergence of this effect in the form of electronization of business processes accelerated and
ensured the efficiency of obtaining, presenting and managing financial data. Especially the development of
reporting languages that provide online presentation of financial data such as Extensible Business
Reporting Language (XBRL), Extensible Business Language (XBL) have enabled real-time access to financial
data by users. Despite the improvements in information technology, inefficiency of traditional audit
approach in handling company scandals such as Enron, Worldcom, Xerox allowed continuous audit
approach that is more technology implemented, to come into prominence and develop.

1.1. Continuous Auditing vs Traditional Auditing

It will be useful to set traditional and continuous audit approaches clearly for a better understanding of the
issue before making a comparison between them.

According to Konrath (2002), auditing is a 'systematic process of objectively obtaining and evaluating
evidence of assertions about economic actions and events to ascertain the correspondence between those
assertions and established criteria and communicating the results of interested parties'. Continuous
auditing is a type of auditing which produces audit results simultaneously, or a short period of time after,
the occurrence of relevant events. In continuous auditing, the collection and evaluation of the evidence
occurs promptly after the relevant event (Vasarhelyi, et.al, 2006).

From this perspective, both continuous auditing and traditional auditing are assurance services trying to
increase the quality of financial data for users. Assurance services can be decomposed into attestation and
non-attestation services .In the attestation engagement, auditors investigate the degree of correspondence
between written assertions and pre-established criteria. Therefore, both traditional and continuous
auditing are under attestation category. Besides, both audit approaches focus on basic financial statements
such as the balance sheet, income statement and a statement of cash flows (Zhoa and Yen, 2004).

The fact that the traditional audit is conducted mostly in the traditional paper-based accounting information
system causes the audit to do the fieldwork such as collecting the evidence, applying audit tests and
evaluating the evidence at the end of the accounting period. The delays that take place between the
fieldwork and writing the audit report have brought out less beneficial financial reports for information
users in many samples (Kurnaz and etinolu, 2010). Contrary to this, due to the conduction of continuous
audit on a real-time accounting basis, the occurrence of financial data and the presentation of audit report is
timely or in an interval close to timely.

2|P a g e
 Continuous Audit: From the concept towards the implementation
Kayahan TM

Another difference between continuous auditing and traditional auditing approaches is the research
techniques. Even though information technologies are partly used in traditional auditing, the human factor
is in the foreground. Continuous auditing, however, uses audit techniques and tools that are fully automatic.
In continuous auditing, by using the tools that are implemented in business information system, all data in
the system is continuously audited and reported. When the rules pre-established by the auditor are broken,
the auditor is automatically informed about the fault and abnormal condition. As continuous audit process
is applied through fully automatic digital tools, it can be claimed that it reduces the faults and delays
stemming from human factor (Woodroof and Searchy, 2001, Chen, 2003).

In addition to this, continuous auditing presents both more dynamic and efficient audit techniques when
compared to the risk assessment, planning, auditing and reporting cycle of traditional auditing (O'Really,
2006).

While financial verification tests related to electronic documents are of less importance, internal audit
transactions have greater significance. For this reason, an audit programme based on assessment of control
and risk is applied in continuous audit (Rezaee, 2002). Continuous auditing, therefore, provides more
frequent control and risk assessment. Continuous auditing helps the internal auditors with a comprehensive
understanding crucial controlling points, rules, and deviations within the business since it focuses on
continuous control and risk assessment as well as both account abnormalities and risks in data due to lack
of timely control (Coderra,2006).

Within this framework, the benefits of continuous auditing can be summarized as follows:
The elaborate use of information technology in continuous audit can reduce the cost of audit. That
is, the number of auditors needed, fees paid to the auditing staff, the travel and accommodation
expenses of auditors and other possible costs during the auditing itself can reduce.
There can be a significant decrease in the time spent on calculations and transaction tests that are
done manually in traditional auditing approach.
The auditors understanding of the industry that the business is involved in, its business strategy
has of great value for the auditor in terms of understanding the aims, risk analysis, and internal
audit facilities of the business. This can increase the quality of financial audit providing the
auditors with a more focus on the business itself, industry and internal structure of the business
(Rezaee et al.2002).
Continuous audit can present higher audit quality as it enables the investigation of data on the
whole instead of testing data with specific scales (OReally, 2006).
Owing to the timely assessments of control and risk factor, continuous auditing can detect faults,
fraud, and abnormalities in account and transactions easily (Omoteso et al.,2008).
The easy detection of abnormalities and the reliability provided to investors and shareholders in
online statements can significantly lessen the gap between audit expectations and performance
(Omoteso et al.,2008).
Because of increasing the extension and frequency of auditing, continuous audit can act as a more
powerful internal audit mechanism that maintain a greater communication and statement
between the management and auditing committee (OReally,2006).

In spite of the benefits stated, continuous audit surely has some limitations. As it will be given in further
parts, the most significant limitation of continuous auditing is technological and economic difficulties it
involves.

1.2. The Applicability of Continuous Audit

The applicability of continuous audit, which presents significant advantages over traditional auditing, is
based on some criteria. These criteria can be categorized as technological, economic and other factors and
examined below:

1.2.1. Technological Requirements of Continuous Auditing

There are various studies in literature about the technical applicability of continuous audit. Taking these
studies as basis, the technological conditions can be summarized as follows:

3|P a g e
 International Journal of Business and Social Research (IJBSR), Volume -3, No.-7, July, 2013

Web Servers: There is a need for web servers that are interrelated and authorized to access in
order for a communication among continuous auditing partners (client, auditor and third parties).
For this, company server gives the auditor authorization for access to its own data base. As a result
of this, the auditor has direct access to the data that is needed. Besides, the server of the auditor
acts as a moderator by providing the third parties that are engaged in continuous auditing process,
with restricted access to business information (Woodroof and Searchy, 2001).
A Reliable System: Continuous auditing is conducted under the supervision of real-time accounting
systems. The benefit expected from continuous audit depends on the reliability of real-time
accounting systems. AICPA (1999) pointed out the properties of a reliable system as follows. These
are:
1. Accuracy: According to this principle, the system must obtain, record, and report the
information to be audited accurately, completely, and on a timely basis.
2. Security: There must be controls to prevent unauthorized access to business data and
processes. When violations are detected or suspected, the system must warn the auditor and
there must be temporary restriction.
3. Integrity: The system processing must be complete, accurate, timely and in accordance with
the entitys transaction approval and output distribution policy.
4. Maintainability: The system must be updated in order to provide continuous accuracy,
security, and integrity.
5. Automated Auditing Programmes: As continuous auditing is applied through computing
systems, the auditor needs readily made auditing programmes or the ones auditor develops.
These audit tools need to be capable of identifying risks, investigate internal audit,
conducting electronic audit procedures, picking up the related samples via financial
verification tests, detecting abnormalities, calculating the records automatically (Rezaee,
2002)

1.2.2. Economic Requirements of Continuous Auditing

The second factor that affects the application of continuous audit is the economic dimensions of it. Aca
(2006) suggests that continuous audit has a reducing effect on audit costs (fees paid to the auditors, travel
and accommodation expenses and so on).Yet, in order for such a financial benefit a great amount of
structural expenses is required. The high structural expenses will increase the cost of product that is
maintained through continuous auditing. Therefore, it is of vital importance to identify who will need the
product, its frequency and how much they will pay for it, in other words, whether the demand is sufficient
or not (Kurnaz and etinolu, 2010).

Another economic factor that affects the conduction of continuous audit is cost. Here, cost does not only
mean 'price' during the conducting period. This is the amount that is perceived by all parties. Hall and Khan
(2003) pointed out that the decision to conduct a new technology is based on the perception of 'cost' all
parties and suggested that the decision of conduction will start at the moment when the perceived benefit
exceeds the perceived cost. Although there are views arguing that high cost of installation and maintenance
constitute barriers in technology applications it is known that recently, technology costs have fallen
significantly Taylor and Murphy, 2004) Therefore, the economic applicability of continuous auditing can be
mentioned as long as the benefits are more than the cost. For this reason, it can be assumed that there will
be demand of business management for continuous audit as an internal auditing mechanism since an
internal audit carried out for continuous control has great contributions to informing both business owners
about whether their investments are preserved and protected and managers about whether their business
transactions are carried out as planned, more timely (Aca, 2006).

1.2.3. Other Requirements

Other factors that affect the applicability of continuous audit can be summarized as follows:
Management support: Management support is another point that must be taken into consideration
as it affects the demand for continuous audit. As mentioned earlier, business management must
make great deal of technological investment in order for an ideal continuous audit environment.
For an effective application, especially in an application with such a high cost affecting all
processes, there must be management support (Vasarhelyi, et.al, 2006).

4|P a g e
 Continuous Audit: From the concept towards the implementation
Kayahan TM

Reliable Data Exchange: The parties must have authorized access to the data in order for an
exchange that is fast and accurate. However, some limitations must be set so as to prevent the
manipulation of accessing authority between the parties. For instance, authorization can be given
to certain people in the entity. Access to data can be restricted through security wall, codes and
biometrical tools. Besides, with an aim to verify the source of data shared between the parties,
digital signatures and codes must be used (Handscombe, 2007; Woodroof and Searchy, 2001; Zhao
et al.2004)
Technological Knowledge of the Auditors: The pace of conducting a new method that includes
information technology varies depending on the knowledge and ability of the auditing staff. As
stated before, auditors are required to have knowledge of information technology that is
conducted on auditing practises such as watching internal controls and reporting any deviation
(Vasarhelyi, et.al, 2006).

In short, the applicability of continuous audit in business is not limited to information technologies. Cost,
management support, the qualifications of the staff and the knowledge and ability of auditors in this field
affect the applicability as well as information technologies.

1.3. Areas for the Application of Continuous Auditing

As mentioned earlier, continuous auditing is conducted under the supervision of real-time accounting
information systems. Because of this, as the practising areas of real-time accounting systems extend, it is
possible that continuous auditing will become widespread.

According to latest studies, in manufacturing industries, just-in-time (JIT) inventory management has
generated real-time reporting of inventories and work-in-process items on companies' balance sheets.
Therefore, continuous auditing has become an ideal area for companies in this sector. Likewise, the real-
time practising of accounting systems is getting more frequent in retail sector. For the flow of transactions
in this sector, the accounting process, from an individual consumer purchase process to the company's
bottom line, is becoming an online process. Thus, individual consumer purchases directly affect the
inventory management and the process of reordering the product from the supplier. The financial part of
such a retail sale is managed through computer software tools on a real-time basis (Zhao et al.2004).For this
reason, the widespread use real-time accounting systems and the extension of areas for the application of
continuous auditing in the future is probable.

Furthermore, Ales et al. (2006) pointed out that many businesses from different sectors both in America
and Europe have already been applying continuous auditing. Accordingly, many companies such as Siemens,
BIPOP Bank and American Revenue Administration are conducting continuous audit tools and practices that
provide assurance and reduce the auditing cost via automated process for transactions. According to
another study carried out by Price water house on 397 internal audit firms proves the existence of
continuous auditing. 81% of 397 firs have been applying continuous auditing monitoring process or
planning to develop such an application. 27 % for risk monitoring and controlling, 26 % for audit tests, 20%
for fraud detection, 17 % for monitoring key control practices and 10 % for monitoring performance scales
are applying continuous auditing and monitoring method.

Conclusion

This study aimed to investigate continuous auditing approach within the literature framework. As a result of
this investigation, continuous auditing is a new audit method that is necessary in today's business world, yet
that requires serious criteria. Continuous auditing is a must for today's business world since information
technologies fundamentally changed the accounting process (recording, classification, statement) in
businesses by removing the sources based on traditional paper-based documents. The inefficiency of
traditional audit applications in controlling and monitoring business processes and transactions that have
become electronic due to the effects of technological changes has made the investigation of those changes
through continuous auditing that is more based on technology a must. This led to both automation of audit
function and changes in the qualities of the auditor.

Apart from information technologies, the attitude of managers, which is of vital importance, is another
factor that affects the applicability of continuous audit approach. Business management may not wish their

5|P a g e
 International Journal of Business and Social Research (IJBSR), Volume -3, No.-7, July, 2013

financial data to be monitored continuously for a variety of reasons, the fact that continuous auditing can
apply risk and control managements timely or close to timely will provide the management with more
accurate data over control practises. That's why, many businesses in the USA and Europe conduct
continuous monitoring and auditing method for a variety of purposes such as risk monitoring, fraud
detection, monitoring control practices. Within this framework, it will not be incorrect to suggest that
businesses will be more willing to apply continuous auditing in the future due to the contributions of it to
business processes.

Besides, the advances in information technology have made significant changes in the qualifications of
auditors as well as affecting business processes .In continuous auditing the auditors are required to have
enough technical knowledge to apply these technologies since many auditing tests are done semi-manually
semi-automatically in traditional auditing approach, are applied automatically in continuous auditing.
Therefore, it is inevitable for auditors to improve their knowledge and skills in this field.

In conclusion, it is clear that traditional auditing function has changed and is changing related to
technological advances. It is highly possible that traditional auditing will change its way toward continuous
auditing which widely uses information technologies.

REFERENCES

AICPA, (American Institute of Certified Public Accountants) (1999) CPA SYSTRUST Service A New
Assurance Service On Systems Reliability, Assurance Services

Alles, G.Michael, Tostes, Fernando, Vasarhelyi, A. Miklos, and Riccio, L.Edson (2006)Continuous Auditing:
the USA Experience and Considerations for its Implementation in Brazil. Revista de Gesto da
Tecnologia e Sistemas de Informao, v.3,(2): p. 211- 224.

Aca, Ahmet (2006) Srekli Denetim: Denetimde Bir Devrim mi Yoksa Bir Hayal mi? Muhasebe ve Bilim
dnyas Dergisi, v.3.p.63-78

Chen, Sean(2003) Continuous Audit: Risk, Challenges and Opportunities, The International Journal of
Applied Management and Technology, v.1,(1), p.77-85

Coderre, David; (2006), Continuous Auditing: Implications for Assurance, Monitoring, and Risk
Assessment, A Summary of The IIAs Global Technology Audit Guide, p. 1-10.

Hall, Bronwyn, and Beethika, Khan (2003) Adoption of New Technology University of California, Berkeley
Working Papers No: E03-330 (May)

Handscombe, Kevin( 2007) Continuous Auditing From a Practical Perspective. Information Systems
Control journal, v.1., p.1-5

Kontrath, F.Larry (2002) Auditing: A Risk Analysis Approach Fifth Edition, South-Western Pub. Cincinnati,
Ohio: South-Western

Kogan, Alexander; Ephraim F. Sudit and Miklos, A. Vasarhelyi; (1999), Continuous Online Auditing: A
Program of Research, Journal of Information Systems, 13(2), p. 87103.

Kogan, Alexander; Ephraim F. Sudit and Miklos, A. Vasarhelyi; (1996) Implications of Internet Technology:
On-Line Auditing and Cryptography, IS Audit and Control Journal, v. 3, p. 42-48

Kurnaz, Niyaz.; etinolu, Tansel (2010) Denetim Gncel Yaklamlar Umuttepe Yaynlar, 1.Basm,
zmit-Kocaeli

ODonnell, Joseph B.; (2010), Innovations in Audit Technology: A Model of Continuous Audit Adoption,
Journal of Applied Business and Economics, pp. 1120, Internet Address: http://www.nabusiness
press.com/odonnellweb.pdf, Date of Access: 10.11.2012.

6|P a g e
 Continuous Audit: From the concept towards the implementation
Kayahan TM

Omoteso, Kamil, Patel, Ashok and Peter Scott. (2008) An Investigation into the Application of Continuous
Online Auditing in the U.K The International Journal of Digital Accounting Research v. 8,(14:)
p .23-44

OReilly, Anthony; (2006), Continuous auditing: wave of the future?, Corporate Board, v..4(6), p. 14.

Rezaee, Zabihollah (2004) "Restoring public trust in the accounting profession by developing anti-fraud
education, programs, and auditing", Managerial Auditing Journal, v.19,(1): 1, p.134 - 148

Rezaee, Zabihollah, Ahmad Sharbatoghlie, Rick Elam and Peter L. Mcmickle; (2002), Continuous Auditing:
Building Automated Auditing Capability, Auditing: A Journal of Practice&Theory, 21(1), p. 147
164.

Rezaee, Zabihollah, Ahmad Sharbatoghlie and Rick Elam and (2001), Continuous auditing: the audit of the
future, Managerial Auditing Journal, 16(3), p. 150158

Searcy, DeWayne and Jon Woodroof (2003), Continuous Auditing: Leveraging Technology, The CPA
Journal, v.73(5), p. 4648.

Selimolu, Seval K. (2005), Denetim Olgusunun Kurumsal Kaynak Planlamas (ERP) Sistemleriyle
Btnletirilmesi, 7. Trkiye Muhasebe Denetimi Sempozyumu, Antalya, sf.9.

Taylor, Michael, and Andrew, Murphy (2004) SMEs and E-business Journal of Small Business and
Enterprise Development 11 (3): 280-289

Woodroof, Jon and Searcy Dewayne (2001), Continuous Audit: Model development and implementation
within a debt covenant compliance domain, International Journal of Accounting Information
Systems,v.2, p. 169191.

Vasarhelyi, Miklos and Marilyn, Greenstein. 2003. Underlying Principles of the Electronization of Business: A
Research Agenda, International Journal of Accounting Information Systems, 49 (2003) pp. 1-25.

Vasarhelyi, Miklos, Kuenkaikaew, Siripan, Littley, James and Katie Williams (2006) Continuous Auditing
technology adoption in leading internal audit organizations, Working Paper, http://raw.rutgers.
edu/docs/previousprojects/p2a.1%20Techadoption%20jp%202%20EAA.pdf Date of Access:
15.07.2012

Zhao, Ning, Yen, C., David and Chiu Chang (2004), Auditing in the ecommerce era, Information
Management & Computer Security, v.12(5), p. 389-400

7|P a g e