Tytuł artykułu
Treść / Zawartość
Pełne teksty:
Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
The continuous auditing technology assures integrity of accounting systems and consequently improves the decision-making process of the small and medium-sized enterprises (SMEs) that implement it. Considering that SMEs located in developing countries function within a more risk prone environment and do not have resources to implement all layers of customized corporate functions in information systems, one argues for their reliance on the features of low complexity of enterprise resource planning (ERP) software to benefit from continuous auditing (CA). The purpose of this study is to relate the understanding of the CA demands and low complexity ERP systems’ technical functionalities in SMEs. Thus, to fulfill this objective, a conceptual model has been drawn to integrate the key concepts related to CA. Four pillars are the core of this model, namely: segregation of duties (SoD) with role-based access control centered on process-based approach (PBA); internal checkpoints; audit trails; and the level of integration of the continuous auditing software. This model was validated through the benchmarking of the implementation of the pillars in three cases of low complexity ERP systems adopted by SMEs in a developing country. The benchmarking/results of the study show significant differences between operational mechanisms of the three ERP software. Namely, the role-based access control exists in the two of the ERP LC but not in the Brazilian one. Also, there is no check-point in the Brazilian ERP LC and it does not integrate with continuous audit features. This study distinguishes between the low complexity ERP’s functionalities and the features of a more complex environment, thus bringing an important contribution to the study of low complexity ERP’s readiness for continuous monitoring in SME’s internal auditing processes.
Słowa kluczowe
Czasopismo
Rocznik
Tom
Strony
389--419
Opis fizyczny
Bibliogr. 79 poz., rys., tab.
Twórcy
- University of Säo Paulo, Av. Bandeirantes 3900, Ribeiräo Preto - SP, 14040-905, Brazil
autor
- University of Säo Paulo, Av. Prof Luciano Gualberto 908, Sao Paulo - SP, 05508-010, Brazil
Bibliografia
- Alaküla, M. L. and Matulevičius, R. (2015, November) An experience report of improving business process compliance using security risk-oriented patterns. In: IFIP Working Conference on The Practice of Enterprise Modeling, 271-285. Springer, Cham.
- Alles, M. G., Brennan, G., Kogan, A. and Vasarhelyi, M. A. (2006a) Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens. International Journal of Accounting Information Systems, 7(2), 137-161.
- Alles, M. G., Tostes, F., Vasarhelyi, M. A. and Riccio, E. L. (2006b) Continuous auditing: the USA experience and considerations for its implementation in Brazil. JISTEM - Journal of Information Systems and Technology Management, 3(2), 211-224.
- Alles, M. G., Kogan, A. and Vasarhelyi, M. A. (2008) Putting continuous auditing theory into practice: Lessons from two pilot implementations. Journal of Information Systems, 22(2), 195-214.
- Antunes, M. T. P., Imoniana, J. O., Formigoni, H. and Alves, A. S. (2010) Preparedness of ERP systems to create intangible managerial accounting information: evidence from Brazil. International Journal of Economics and Accounting, 1 (4), 375-390.
- Bagheri, A. and Hjorth, P. (2005) Monitoring for sustainable development: Systemic framework. Int. J. of Sustainable Development, 8(4), 280-301.
- Baker, W. E., Grinstein, A. and Harmancioglu, N. (2016)Whose innovation performance benefits more from external networks: entrepreneurial or conservative firms? Journal of Product Innovation Management, 33(1), 104-120.
- Batra, S., Sharma, S., Dixit, M. R., Vohra, N. and Gupta, V. K. (2015) Performance implications of industry appropriability for manufacturing SMEs. Journal of Manufacturing Technology Management, 26(5), 660–677.
- Best, P. J., Rikhardsson, P. and Toleman, M. (2009) Continuous fraud detection in enterprise systems through audit trail analysis. Journal of Digital Forensics, Security and Law, 4(1), 1-6.
- Bierstaker, J., Janvrin, D. and Lowe, D. J. (2014) What factors influence auditors’ use of computer-assisted audit techniques? Advances in Accounting, 30(1), 67-74.
- Blessing, L. T. M. (1994) A process-based approach to computer-support engineering design. Dissertation, University of Twente, ISBN 0.9523504.0.8, Enschede. 369 pp.
- Brennan, G. and Teeter, R. (2010) Aiding the Audit: Using the IT Audit as a Springboard for Continuous Controls Monitoring. Available at SSRN: https://ssrn.com/abstract=1668743 or http://dx.doi.org/10.2139/ssrn.1668743
- Brown, C. E., Wong, J. A. and Baldwin, A. A. (2007) A review and analysis of the existing research streams in continuous auditing. Journal of Emerging Technologies in Accounting, 4(1), 1-28.
- Bumgarner, N. and Vasarhelyi, M. (2015) Auditing—A New View. Audit analytics 3(1), 2015.
- Cahen, F. R., Lahiri, S. and Borini, F. M. (2016) Managerial perceptions of barriers to internationalization: An examination of Brazil’s new technology-based firms. Journal of Business Research, 69(6), 1973-1979.
- Clausing, D. and Holmes, M. (2010) Technology readiness. Research-Technology Management, 53(4), 52-59.
- COSO - Committee of Sponsoring Organizations of the Treadway Commission (2013). Internal Control-Integrated Framework.
- Coyte, R., Ricceri, F. and Guthrie, J. (2012) The management of knowledge resources in SMEs: an Australian case study. Journal of Knowledge Management, 16(5), 789-807.
- Daniels, B. W., Ellis, Y. and Gupta, R. D. (2013) Accounting educators and practitioners’ perspectives on fraud and forensic topics in the accounting curriculum. Journal of Legal, Ethical and Regulatory Issues, 16(2), 93.
- Davidson, B. I., Desai, N. K. and Gerard, G. J. (2013) The effect of continuous auditing on the relationship between internal audit sourcing and the external auditor’s reliance on the internal audit function. Journal of Information Systems, 27(1), 41-59.
- Debreceny, R., Gray, G. L., Jun-Jin Ng, J., Lee, K. S.-P. and Yau, W.-F. (2005) Embedded audit modules in enterprise resource planning systems: Implementation and functionality. Journal of Information Systems, 19(2), 7–27.
- Deep, A., Guttridge, P., Dani, S. and Burns, N. (2008) Investigating factors affecting ERP selection in made-to-order SME sector. Journal of Manufacturing Technology Management, 19(4), 430-446. https://doi.org/10.1108/17410380810869905
- Denning, D. E. (1987) An Intrusion-Detection Model. IEEE Transactions on Software Engineering, 13(2), 222-232.
- DeZoort, F. T. and Harrison, P. D. (2018) Understanding auditors’ sense of responsibility for detecting fraud within organizations. Journal of Business Ethics, 149(4), 857-874.
- Eulerich, M. and Kalinichenko, A. (2018) The current state and future directions of continuous auditing research: An analysis of the existing literature. Journal of Information Systems, 32(3), 31-51.
- Ferraiolo, D. F., Barkley, J. F. and Kuhn, D. R. (1999) A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security, 2(1), 34-64.
- Gershberg, T. (2016) Log4Audit: the application of logging in auditing and management. Doctoral dissertation, Rutgers University-Graduate School-Newark. Available at https://rucore.libraries.rutgers.edu/rutgerslib/51554/PDF/1/play/
- Gómez-López, M. T., Gasca, R. M. and Pérez-Álvarez, J. M. (2015). Compliance validation and diagnosis of business data constraints in business processes at runtime. Information Systems, 48, 26-43.
- Gonzalez, G. C., Sharma, P. N. and Galletta, D. (2012) Factors influencing the planned adoption of continuous monitoring technology. Journal of Information Systems, 26(2), 53-69.
- Groomer, S. M. and Murthy, U. S. (1989) Continuous auditing of database applications: An embedded audit module approach. Journal of Information Systems, 3(2), 53-67.
- Guimarães, A. B. S., Carvalho, K. C. M. and Paixão, L. A. R. (2018) Micro, pequenas e m´edias empresas: conceitos e estat´ısticas. Revista Radar: tecnologia, produ¸c˜ao e com´ercio exterior, 1(55), 21-26.
- Gupta, H., Aye, K. T., Balakrishnan, R., Rajagopal, S. and Nguwi, Y. Y. (2014) Formulating, implementing and evaluating ERP in small and medium scale industries. International Journal, 3(6).
- Gupta, J., Gregoriou, A. and Healy, J. (2015) Forecasting bankruptcy for SMEs using hazard function: To what extent does size matter? Review of Quantitative Finance and Accounting, 45(4), 845-869.
- Haddara, M. and Zach, O. (2012) ERP systems in SMEs: An extender literature review. International Journal of Information Science, 2(6), 106-116.
- Haynes, R. and Li, C. (2016) Continuous audit and enterprise resource planning systems: A case study of ERP rollouts in the Houston, TX oil and gas industries. Journal of Emerging Technologies in Accounting, 13(1), 171-179. https://doi.org/10.2308/jeta-51446
- Hevner, A. and Chatterjee, S. (2010) Design science research in information systems. In: Design Research in Information Systems. Springer, Boston, MA, 9-22.
- Illa, X. B., Franch, X. and Pastor, J. A. (2000) Formalising ERP selection criteria. In: Tenth International Workshop on Software Specification and Design. IWSSD-10 2000. IEEE, 115-122.
- Imoniana, J.O., Perera, L. C. J., Lima, F. G. and Antunes, M. T. P. (2011) The dialectic of Control Culture in SMEs: A Case study. International Journal of Business Strategy, 11(2), 39-48.
- Imoniana, J. O., Feitas, E. C. D. and Perera, L. C. J. (2016) Assessment of internal control systems to curb corporate fraud-evidence from Brazil. African Journal of Accounting, Auditing and Finance 5 (1), 1-24.
- Jans, M., Alles, M. G. and Vasarhelyi, M. A. (2014) A field study on the use of process mining of event logs as an analytical procedure in auditing. The Accounting Review, 89(5), 1751-1773.
- Jituri, S., Fleck, B. and Ahmad, R. (2018) A Methodology to Satisfy Key Performance Indicators for Successful ERP Implementation in Small and Medium Enterprises. International Journal of Innovation, Management and Technology, 9(2).
- Kim, Y. and Kogan, A. (2014) Development of an anomaly detection model for a bank’s transitory account system. Journal of Information Systems, 28(1), 145–165.
- Kobelsky, K. W. (2014) Conceptual Model for Segregation of Duties: Integrating Theory and Practice for Manual and IT-Supported Procedures. International Journal of Accounting Information Systems, 15(1), 304–322.
- Kogan, A., Alles, M. G., Vasarhelyi, M. A. and Wu, J. (2010) Analytical Procedures for Continuous Data Level Auditing: Continuity Equations Available at http://raw.rutgers.edu/docs/Innovations/Continuity%20Equations.pdf
- Kogan, A., Alles, M. G., Vasarhelyi, M. A. and Wu, J. (2014) Design and evaluation of a continuous data level auditing system. Auditing: A Journal of Practice & Theory, 33(4), 221-245.
- Kuhn, J. R. and Sutton, S. G. (2006) Learning from WorldCom: Implications for fraud detection through continuous assurance. Journal of Emerging Technologies in Accounting, 3(1), 61-80.
- Kuhn, J. R. and Sutton, S. G. (2010) Continuous Auditing in ERP System Environments: The Current State and Future Directions. Journal of Information Systems, 24(1), 91–112.
- Lee, C. H., Kim, Y. H. and Rhee, P. K. (2001) Web personalization expert with combining collaborative filtering and association rule mining techniques. Expert Systems with Applications, 21(3), 131-137.
- Lenz, R. and Hahn, U. (2015) A synthesis of empirical internal audit effectiveness literature pointing to new research opportunities. Managerial Auditing Journal, 30(1), 5-33.
- Li, S. H., Huang, S. M. and Lin, Y. C. G. (2007) Developing a continuous auditing assistance system based on information process models. Journal of Computer Information Systems, 48(1), 2-13.
- Li, H., Dai, J., Gershberg, T. and Vasarhelyi, M. A. (2018) Understanding usage and value of audit analytics for internal auditors: An organizational approach. International Journal of Accounting Information Systems, 28, 59-76.
- Lu, J. W. and Beamish, P. W. (2006) SME internationalization and performance: Growth vs. profitability. Journal of International Entrepreneurship, 4(1), 27–48.
- Ly, L. T., Maggi, F. M., Montali, M., Rinderle-Ma, S. and van der Aalst, W. M. (2015) Compliance monitoring in business processes: Functionalities, application, and tool-support. Information Systems, 54, 209-234.
- Manolova, T. S., Manev, I. M. and Gyoshev, B. S. (2010) In good company: The role of personal and inter-firm networks for new-venture internationalization in a transition economy. Journal of World Business, 45(3), 257–265.
- Mokhitli, M. and Kyobe, M. (2019) Examining factors that impede internal auditors from leveraging information technology for continuous auditing. In: Proceedings of Conference on Information, Communications, Technology and Society (ICTAS), Durban, South Africa, 1-6.
- Muhrtala, T. O. and Ogundeji, M. (2013) Computerized accounting information systems and perceived security threats in developing economies: The Nigerian case. Universal Journal of Accounting and Finance, 1(1), 9-18.
- Mulig, L. and Prachyl, C. L. (2017) Identifying Red Flags in an Accounts Payable Environment: The Importance of Controls in the Detection of Fraudulent Activity. Journal of Forensic & Investigative Accounting, 9(3), 941-952.
- Munro, D. (2013) A Guide to SME Financing. Springer.
- OSI (2016) Open Source Initiative. Available at https://opensource.org/osd
- Poba-Nzaou, P. and Raymond, L. (2011) Managing ERP system risk in SMEs: A multiple case study. Journal of Information Technology, 26(3), 170-192.
- Powell, D., Riezebos, J. and Strandhagen, J. O. (2013) Lean production and ERP systems in small-and medium-sized enterprises: ERP support for pull production. International Journal of Production Research, 51(2), 395-409.
- Rikhardsson, P. and Dull, R. (2016) An exploratory study of the adop tion, application and impacts of continuous auditing technologies in small businesses. International Journal of Accounting Information Systems, 20, 26-37.
- Rikhardsson, P., Singh, K. and Best, P. (2019) Exploring Continuous Auditing Solutions and Internal Auditing: A Research Note. Journal of Accounting and Management Information Systems, 18(4), 614-639. https://doi.org/10.24818/jamis.2019.04006
- Santos, L. M., Silva, G. M. and Neves, J. A. B. (2011) Risk of Survival of Commercial Micro and Small Enterprises. Revista de Contabilidade e Organizacões, 5(11), 107-124.
- Schultz, M. (2013) Enriching process models for business process compliance checking in ERP environments. In: Proceedings of International Conference on Design Science Research in Information Systems. Springer, Berlin.
- Shin, I. H., Lee, M. G. and Park, W. (2013) Implementation of the continuous auditing system in the ERP-based environment. Managerial Auditing Journal, 28(7), 592–627.
- Shin, M. S., Jeon, H. S., Ju, Y. W., Lee, B. J. and Jeong, S. P. (2015) Constructing RBAC based security model in u-healthcare service platform. The Scientific World Journal, 2015.
- Singh, K. H. et al. (2011) Proactive fraud detection in enterprise systems. In: Proceedings of the 2nd International Conference on Business and Information: Steering Excellence of Business Knowledge. University of Kelaniya, Faculty of Commerce and Management Studies.
- Singh, K. H. et al. (2013). Automating vendor fraud detection in enterprise systems. The Journal of Digital Forensics, Security and Law, 8(2), 7-28.
- Singh, K. H., Best, P. J., Bojilov, M. and Blunt, C. (2014) Continuous Auditing and Continuous Monitoring in ERP Environments: Case Studies of Application Implementations. Journal of Information Systems, 28(1), 287–310.
- Valarini, E. and Pohlmann, M. (2019) Organizational crime and corruption in Brazil; a case study of the “Operation Carwash” court records. International Journal of Law, Crime and Justice, 59, 1-15.
- Van der Aalst, W., Van Hee, K., Van der Werf, J. M., Kumar, A. and Verdonk, M. (2011) Conceptual model for online auditing. Decision Support Systems, 50(3), 636-647.
- Vasarhelyi, M. A., Alles, M. A. and Kogan A. (2004) Principles of analytic monitoring for continuous assurance. Journal of Emerging Technologies in Accounting, 1(1), 1–21.
- Vasarhelyi, M. A., Alles, M. G., Kuenkaikaew, S. and Littley, J. (2012) The acceptance and adoption of continuous auditing by internal auditors: A micro analysis. International Journal of Accounting Information Systems, 13(3), 267–281.
- Vaz, P. V. C. and Espejo, M. M. S. B. (2015) From text to context: management accounting use in micro and small companies under the theoretical perspective of Bakhtin. Revista de Contabilidade e Organizacões, 9(24), 31-41.
- Veasey, T. J. and Dodson, S. J. (2014) Anomaly detection in application performance monitoring data. International Journal of Machine Learning and Computing, 4(2), 120.
- Wang, J., Shan, Z., Gupta, M. and Rao, H. R. (2019) A Longitudinal Study of Unauthorized Access Attempts on Information Systems: The Role of Opportunity Contexts. MIS Quarterly, 43(2).
- Wolter, C., Miseldine, P. and Meinel, C. (2009) Verification of Business Process Entailment Constraints Using SPIN. In: F. Massacci, S. T. Redwine Jr. and N. Zannone (eds.) ESSoS 2009 - LNCS 5429, Springer, 1-15.
- Xia, H. et al. (2014) Role Refinement in Access Control: Model and Analysis. INFORMS Journal on Computing, 26(4), 866-884.
- Zadeh, A. H., Akinyemi, B. A., Jeyaraj, A. and Zolbanin, H. M. (2018) Cloud ERP Systems for Small-and-Medium Enterprises: A Case Study in the Food Industry. Journal of Cases on Information Technology, 20(4), 53-70.
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-5fd524fd-1598-424d-847d-3431ec5090d2