Documentation techniques and technologies
description
Transcript of Documentation techniques and technologies
Documentation Techniques and Technologies
ACC626
Harry Li
University of Waterloo
Introduction
• Harry Li, BAFM ’13– Candidate for Master of Accounting at University
of Waterloo School of Accounting and Finance – CA Student
• ACC626 – IT Assurance & Computer – Assisted Audit Techniques
• Instructor: Professor Kieng Iv
Agenda
1. Overview for Documentation Techniques and Technologies
2. Relevance for C-Suite Executives
3. Documentation Techniques and Technological Aids for Practitioners
4. Current Issues
5. Recommendations
1. Overview
• Auditors: documentation helps auditors to understand business processes and provide analysis to management
• Narrative and diagrammatic documentation methods to represent:– Business processes– Key operations– Reporting systems
Types of Documentation
• Narrative – documentation of business processes in writing
• Diagrammatic – depict business processes through visual diagrams
Uses of Documentation
• Business process modeling – provide a simplified overview of business process
• Business models – representation of a company’s network that includes value proposition, activities, assets, suppliers, customers, potential rivals, competitors, etc. (Alencar, Boritz, Carnaghan)
Importance of Documentation
• Parker – proper documentation helps auditors to gain the necessary business knowledge to better assess risks, communicate them to stakeholders, and make practical recommendations
• Sayana – good documentation enables audit work to be thorough and well substantiated
• Alencar, Boritz, and Carnaghan – proper documentation can improve auditor’s risk assessment decisions
General Guidelines for Audit Documentation
Sayana (ISACA Journal):• “All documentation should relate to the appropriate subject
and audit objective” – Overall guideline• Documentation may be a record of points from an interview
stating the topic of discussion, person interviewed, position and designation, time and place – Narrative guideline
• Documentation may be a record of auditor’s observations over the re-performance of their client’s work, including place and time – Narrative and diagrammatic guideline
General Guidelines for Audit Documentation (2)
Sayana (ISACA Journal):• “Documentation may be reports and data obtained from the
system directly by the auditor or provided by the audited staff. The IS auditor should ensure that these reports carry the source of the report, the date and time and the conditions covered.” – Narrative guideline
• Auditors should not solely rely on template audit work programs, but to fill in other details mentioned in previous points – Narrative guideline
2. Relevance for C-Suite Executives
• Management, auditors, and IT assurance professionals often require strong documentation skills– Documentation is used to record and present information as
part of the audit procedures
• Proper documentations allow auditors to better assess risks and make recommendations– These will be presented to C-Suite Executives
3. Techniques and Aids for Practitioners
• Narrative techniques – based on writing and texts
• Diagrammatic techniques – use of models– Business process documentation (recommended by
ISACA)– General modeling techniques
Narrative Process
• Alencar, Boritz, and Carnaghan:– Narrative documentation demonstrated superiority in focusing
participants’ attention on the implications of business model changes on financial statement account changes
• Boritz, Borthick, Presslee– informationally equivalent textual presentation can possess some of the
benefits often associated with diagrammatic representations, so that both alternatives can potentially lead to the same outcome
Diagrammatic Process – CISA Recommended Documentation Tools• Process maps – use of flow charts, influence
diagrams, and fish-bone diagrams• Risk assessment - assess external risk and
organizational risk through interviewing, brainstorming, Delphi technique
• Benchmarking – compare process to another similar process
CISA Recommended Documentation Tools (2)
• Roles and Responsibilities: define and document who is responsible for what process or what portions of the process
• Tasks and Activities: define tasks and activities in order to define who performs what work and how it affects the overall process
• Process Controls and Data Process Restrictions: define checkpoints and/or checklists to ensure that the entire process is being performed.
General Modeling Techniques (1)
• Data Flow Diagram – can be subdivided, provide a “context” view
Diagram:
Carnaghan
(2006)
General Modeling Techniques (2)
• System Flow Charts – capture flow of control via decision points
Diagram:
Carnaghan
(2006)
General Modeling Techniques (3)
• Resource-event-agent (REA) models – exchange of resources
Diagram:
Carnaghan
(2006)
General Modeling Techniques (4-1)
• IDEF0/IDEF3 – transformation of inputs, outputs, and controls and resources
Diagram:
Carnaghan
(2006)
General Modeling Techniques (4-2)
Diagram:
Carnaghan
(2006)
General Modeling Techniques (5)
• Extended Event-Driven Process Chain Diagrams (EPC) – entire chain of activities in response to a business event
Diagram:
Carnaghan
(2006)
General Modeling Techniques (6)
• Unified Modeling Language (UML) Activity Diagrams – capture activities and flow of control
Diagram:
Carnaghan
(2006)
General Modeling Techniques (7)
• Business Process Diagram (Business Process Modeling Notation) – can be further decomposed
Diagram:
Carnaghan
(2006)
Summary of Part 3
• Neither type of documentation is more superior than the other (narrative vs. diagrammatic)
• Some techniques should be used in conjunction of each other, such as IDEF0 and IDEF3, in order to offset each technique’s limitations
Current Issues
• Recent studies have indicated that narrative approach is as effective as diagrammatic approach
• Standardization
• Value of Process Modeling
Recommendations
• CA or IT assurance professionals should:– Develop strong business knowledge– Learn the various documentation methods to meet
management’s expectations and achieve audit objectives
Thank you
Harry Li, BAFM (2013)
Candidate for Master of Accounting (MAcc) at
University of Waterloo School of Accounting and Finance
References• Alencar, P., & Boritz, E., & Carnaghan, C. (2008, April 21) Business Modeling to Improve Auditor Risk
Assessment: An Investigation of Alternative Representations. Retrieved from http://www.isarhq.org/papers/511paper_Alencar.pdf
• Boritz, E., & Borthick, F., & Presslee, A. (2010, September 15) Narratives Versus Diagrams: the Impact of Alternative Business Process Representations on Auditor Risk and Control Assessments. Retrieved from http://accounting.uwaterloo.ca/uwcisa/resources/Business%20Process%20Modeling%20Sept%2015%20jeb-1.pdf
• Browne, Jim, Chen, Yuliu, Shen, Hui, Wall, Brian, Zaremba, Michal. “Integration of Business Modelling Methods for Enterprise Information System Analysis and User Requirements Gathering” 2004. Web. June 1, 2013.
• Cannon, David. (2011). CISA Study Guide 3rd Edition. Indianapolis, Indiana: Wiley Publishing, Inc.• Carnaghan, C. (2006) Business Process Modeling Approaches in the Context of Process Level Audit Risk
Assessment: An Analysis and Comparison, International Journal of Accounting Information Systems• Parker, R. (2010). Business Skills for the IT Audit and Assurance Professional. Retrieved from
http://www.isaca.org/Journal/Past-Issues/2010/Volume-3/Pages/Business-Skills-for-the-IT-Audit-and-Assurance-Professional.aspx
• Sayana, S. (2002). The Necessity for Documentation. Retrieved from http://www.isaca.org/Journal/Past-Issues/2002/Volume-3/Pages/The-Necessity-for-Documentation.aspx