 |
An International Meeting of American Accounting
Association
|
Continuous Monitoring of Business Process Controls: A Pilot Implementation of a Continuous Auditing System at Siemens |
Michael Alles
Rutgers Business School
Gerard Brennan
Siemens Corporation
Alexander Kogan
Rutgers Business School
Miklos Vasarhelyi
Rutgers University
Abstract: In this paper we report on the approach we have developed and the lessons we have learned in an implementation of the monitoring and control layer for continuous monitoring of business process controls (CMBPC) in the US internal IT audit department of Siemens Corporation. The architecture developed by us implements a completely independent CMBPC system running on top of Siemens’ own enterprise information system which has read-only interaction with the application tier of the enterprise system. Among our key conclusions is that “formalizability” of audit procedures and audit judgment is grossly underestimated. Additionally, while cost savings and expedience force the implementation to closely follow the existing and approved internal audit program, a certain level of reengineering of audit processes is inevitable due to the necessity to separate formalizable and non-formalizable parts of the program.