Article Preview
TopIntroduction
In the current organizational context in which competition is part of daily life, there is a constant need for more timely, relevant and reliable information to help the management team with the decision making, achieve the planned objectives and foresee prospects for the future.
In this context, Continuous Assurance has been asserting itself and assuming an increasingly important role within organizations, as a function of management support and to ensure the economic and efficient use of resources and the effectiveness of organizations, areas where the potential impact of new risks, caused by the constant change, fierce competition and widespread access to global information, are more sensed (Vasarhelyi, Alles & Williams, 2010).
The audit is defined as a systematic process of objective gathering and evaluation of evidence on organizational data and transactions to verify their compliance with the established standards and criteria. The communication of auditing findings to stakeholders is an assurance service. However, assurance is a much broader concept because it includes all professional services that ensure the quality of the information or its context, for decision makers (Soltani, 2007). The IFAC (International Federation of Accountants) defined the assurance services as those which allow a practitioner to express a conclusion designed to increase the level of confidence of the intended users other than the responsible party about the result of the evaluation or measurement of a subject matter against the given criteria (IFAC, 2004).
Continuous Assurance is defined as the application of emerging information technologies to the standard techniques of auditing, both mandatory periodic auditing and internal auditing. In that view, Continuous Assurance presents itself as a new step in the evolution of transaction auditing from manual techniques to automated methods. The term “continuous” does not mean hard real-time, but in a timely way to be use-effective, considering, respecting and being consistent with the pulse and rhythm of each organizational transaction and process (Vasarhelyi, Alles & Williams, 2010).
Continuous Assurance has thrived within organizations as a set of services involved in diagnosing certain situations, including the company's viability, allegations of fraud and illegal acts, assessing the economy, efficiency and effectiveness of organizations (Morais, 2008; Vasarhelyi, Alles & Williams, 2010).
The known cases of fraud at companies like Lehman Brothers, A-Tec, Madoff, Kaupthing Bank, Enron, WorldCom, Parmalat, Tyco, Xerox, among others, led these organizations and their stakeholders to bankruptcy or to very compromising situations. Despite the different and varied approaches to combat fraud and cybercrime (Murthy, Vishnuprasad & Rahul, 2010) and to improve the operational performance (Zhongxian, Ruiliang, Qiyang & Ruben, 2010), the fraud has caused huge losses to investors in recent years, leading also to the loss of financial credibility and integrity. Similarly, the independent audit service also seems to have suffered a heavy blow because of these frauds. Some contextual and socio-economic factors, such as national wealth, transparency levels, staff training and tertiary education enrolment have influenced the information security threats and controls (Princely, 2015).
In this scenario, Continuous Assurance emerges as a set of services which aims to restore the credibility of auditing, allowing at the same time organizations to meet the requirements of regulations (Murcia, Souza & Borba, 2008; Vasarhelyi, Alles & Williams, 2010).
The work presented in this paper is framed in a more comprehensive research project which intends to develop a solution with Continuous Assurance services for the real-time monitoring and auditing of organizational transactions at a very low-level (Marques, Santos & Santos, 2012a, 2013b). Thus, this paper presents, promotes and validates a model which allows to evaluate an information system with Continuous Assurance services (Marques, Santos & Santos, 2013a).