New developments in computer software could lead financial executives and accountants to completely change the way they conduct corporate audits. The question is whether that would be a good thing — and whether it could prevent the next Enron.
So-called continuous-auditing software promises to transform the process of financial auditing by changing it from an archival activity that is performed at the end of a month, quarter, or year to a process that could be done on a continuous, nonstop basis. The promise is that this type of system could catch — and stop — illegal financial transactions before any damage is done.
But critics of such software say it blurs the line between auditing and monitoring. That’s a line, they say, that few companies — or their independent auditors — wish to cross. Worse, in their view, is the idea — put forward by some proponents of continuous-auditing software — that the software could actually shut down an entire transactional system whenever it detected a major transgression. That, they fear, wouldn’t just cross the line, it would obliterate it.
Welcome the Auditbot
Even if auditing software were pushed to this limit, could it stop the next Enron or WorldCom? Probably not, say experts. As Don Schulman, leader of the global financial-management solutions practice at PricewaterhouseCoopers Consulting, puts it: “The CEO who wants to cheat and lie can take [a transaction] out of the system and tell the CFO to change it.”
For all that, the basic idea behind continuous-auditing software, sometimes known as “auditbot” technology, is fairly simple: A piece of software runs in concert with standard financial-application suites such as those offered by SAP, Oracle, and PeopleSoft, monitoring each transaction conducted by the suite and watching for violations of the company’s rules and practices. (These rules are programmed in beforehand by the company’s internal audit group or an outside auditor.) If and when the software detects a violation, it issues a warning report or an alert to top management.
Such auditbots are built around a kind of software known as a rule-based system. In contrast to most software, which represents information in a relatively static way, a rule-based system constantly compares one data type with others, using the programmer’s classic “if-then” formulation. For example, a standard computer system for determining the day of the week would simply store calendar information, in effect saying, “Today is Monday and tomorrow is Tuesday.” But for the same task, a rule-based system would compare days, saying, in effect, “If today is Monday, then tomorrow is Tuesday.” In an accounting situation, a rule-based system could formulate: “If an invoice is paid in full, then book the payment as revenue.”
Much of the early work on continuous-auditing software was done in the telecom industry, which, not coincidentally, was one of the first to have real-time electronic records of all its transactions — in this case, telephone calls — on hand. One of these early projects was undertaken at Bell Labs (now AT&T Laboratories) in the mid-1980s and led by a pioneer in the field, Miklos Vasarhelyi, today a professor of accounting and information systems at Rutgers University. The system, called CPAS (Continuous Process Auditing System), was tested over a four-year period but was never implemented. One reason, says Vasarhelyi, was that it raised hackles among other departments. “Our detractors within the company said, ‘This is not auditing, it’s monitoring,’” he recounts. His take? “Auditing is supervision.”