（2003）Towards a Paradigm for Continuous Auditing.docVIP

Towards a Paradigm for Continuous Auditing Robert L. Onions Information Systems Security Research Group University of Salford, United Kingdom. January 2003. Abstract: Modern computer transactions can be completed in nanoseconds; almost every aspect of life has an interface with computer systems. This rapid completion and sheer volume of electronic transactions simply indicates that traditional auditing techniques are no longer either applicable or efficacious; they are no longer capable of guaranteeing the integrity of an entity’s transactions. Modern methodologies, like Computer Assisted Audit Tools (CAATS), whilst affording the auditing profession much power in terms of investigating transactions, are still run in batch and may be too belated to prevent fraudulent transactions. If business is carried out in real time then so too should the auditing of the transactions. Policing of data needs to be dynamic and contemporaneous with transaction entry; it must follow the data paths from all sub ledgers through to final posting in the General Ledger. The skills required to operate, monitor and maintain these systems dynamically do not reside wholly within the current auditing/accounting communities but, rather, in the realms of business information technology experts. New paradigms of auditing and standards need to be both accepted and implemented to match the relentless pace of technological change. This paper is not aimed to deprecate traditional auditing techniques but rather to offer an alternative, electronic, real-time approach suitable for the 3rd Millennium. Key Words: Extensible Continuous Auditing Language (XCAL). Continuous Auditing. Introduction “The world we have created today as result of our thinking thus far, has problemswhich cannot be solved by thinking the way we thought when we created them.” (Attributed to Einstein). ‘Although there is a clear necessity to increase the scope of audit coverage in areas of high organisational ris