Business Services Industry
Flashes of brilliance - role of information system auditors
Internal Auditor, June, 1994 by Sara S. Patterson, Kimberly A. Svevo-Cianci
As the Information Systems Audit and Control Association, formerly the EDP Auditors Association, approaches its twenty-fifth birthday, members comment on the changes in information systems auditing and the electrifying challenges of the future.
In transportation, what started with the wheel has taken us to the stars. In art, what began with sketches on cave walls has given us the works by Michaelangelo on the Sistine Ceiling and paintings by the Impressionists and Surrealists.
In the profession of auditing, what perhaps originated as counting the beans has evolved into examining billions of transactions, verifying their accuracy and dollar value in minutes using computer systems. It has led to evaluations of systems that may cost organizations millions of dollars and recommendations for innovative, cost-effective measures. Further, the global reach of auditors today, using advanced technologies, enables them to review the internal controls of subsidiaries worldwide at a fraction of the cost, taking a nanosecond of the time it took just 10 to 20 years ago.
The modern-day heroes of information systems (IS) auditing and control play an important role in helping all industries and sectors to advance and improve their productivity and success. They strive to improve their organizations by helping them to look at things differently, so that existing structures, procedures, and systems can be fortified, and new opportunities can be seized.
The evolution of the IS auditing profession has only just begun. IS auditors, who have already established themselves as the backbone of progress, are positioning themselves for the next century, and not only with technological knowledge and skills. They are pioneers in their profession, open to the challenge of change, to breakthrough thinking, to the flashes of brilliance that will enhance the success and quality of their organizations.
Implementing New Systems
In 1993, John Klarquist, Director of Technical Audit, ITT Hartford, was called about a possible problem. A person was suspected of fraudulently making out a check to herself. Using the phonetics search software purchased only weeks before, an investigator keyed in the suspected name. "It was like hitting a slot machine," according to Klarquist. A report emerged showing that the suspected individual had nearly $106,000 in illegal checks in her possession. Before the search, no one had been aware of this individual's multiple illegal transactions.
"Someone was on a plane and out to California before some of the checks were cashed," Klarquist said. "This software paid off the first month. Now we use it with auditors and investigators, and we can assist business personnel who come to us to run specific reports they need."
Klarquist and his associates have used the software repeatedly over the past year to detect and quantify all sorts of internal and external fraud -- including premium and claim fraud by policyholders. Klarquist has also shared this valuable find with auditors in other insurance firms and believes that the software will enable companies to make inroads in thwarting fraud and help to control insurance rate increases for everyone.
Prior to the purchase of the pivotal software, ITT Hartford's auditing department had only one flat paid file that kept information on past payees. Weekly information from ITT Hartford's systems saved names and addresses, but they were in unformatted fields and could be tracked only by expensive and time-consuming methods. In fact, one search in January 1993, analyzing activities of more than 25 names during a five-year period, cost ITT Hartford $100,000. Today, the $48,000 software package runs on a LAN, and auditors don't even need to know exactly how to spell the name they are researching -- a vast improvement over the system of guessing and entering countless options on spelling in the past.
Continuous Processing
Finding ways to support improvements on traditional approaches is a constant challenge to IS auditing and control professionals, who must be open and receptive to change. Not being afraid of change isn't enough, however; IS auditors must be excited and motivated about new ways of doing things.
Michael Cangemi, Chief Financial Officer and Executive Vice President of Etienne Aigner, believes that continuous process auditing is being accepted all too slowly. Cangemi theorizes that banks will lead the way, because they can no longer wait six months or a year to audit transactions. "Too much happens too quickly," Cangemi said. "Smart auditors should monitor continuously with integrated test facilities. With today's high volume of transactions and complexities, the old audit model of coming in after one year to extract and analyze has to change."
Cangemi thinks that organizations need to move more quickly into evolving the traditional integrated test facility of old, which relies on samples taken at different points throughout the year, into continuous process auditing. The difference is that continuous process auditing is now built into the system itself.
Most Recent Business Articles
- Multiple criteria evaluation and optimization of transportation systems
- Multi-criteria analysis procedure for sustainable mobility evaluation in urban areas
- A two-leveled multi-objective symbiotic evolutionary algorithm for the hub and spoke location problem
- Multi-criteria analysis for evaluating the impacts of intelligent speed adaptation
- The development of Taiwan arterial traffic-adaptive signal control system and its field test: a Taiwan experience
Most Recent Business Publications
Most Popular Business Articles
- 7 tips for effective listening: productive listening does not occur naturally. It requires hard work and practice - Back To Basics - effective listening is a crucial skill for internal auditors
- FAS 109: a primer for non-accountants - Financial Accounting Standards Board's "Statement 109: Accounting for Income Taxes"
- Design a commission plan that drives sales - Sales Commissions
- Too Young to Rent a Car? - 25-years-old the minimum age for car renting - Brief Article
- LIFO vs. FIFO: a return to the basics


