Serbia - public sector accounting review : report on the enhancement of public sector financial reporting

The government’s public financial management (PFM) Reform Program 2016-2020 foresees the gradual transition of public sector financial reporting from a cash basis to an accrual basis of accounting and the application of International Public Sector Accounting Standards (IPSAS). This will significantly improve the quality of financial information and should enable better informed decision-making, more efficient use of public funds and resources and improved fiscal performance. This Report on the Enhancement of Public Sector Financial Reporting is one output of the Serbia Public Sector Accounting Reform Technical Assistance project funded by the Swiss State Secretariat for Economic Affairs (SECO) through the Strengthening Accountability and Fiduciary Environment (SAFE) Trust Fund under the Public Sector Accounting and Reporting Program (PULSAR) which provides support for the development and implementation of public sector accounting standards. This report supports the development of a plan towards that goal by assessing the institutional framework for public sector accounting as well as the gap between Serbian public sector generally accepted accounting principles (PS GAAP) and IPSAS

REQUIREMENT ANALYSIS FOR PROCESS-CENTRIC CONTINUOUS MONITORING

With the emergence of mission-critical real-time systems becoming ever more important to the competitive strategies of corporations and their e-business and supply-chain models, an increasing number of process controls are being embedded into information systems, and co-processed with business transaction thus providing for the continuous monitoring of business operations. A parallel trend in the auditing industry is towards continuous auditing, able to provide management with real-time auditing of the functioning of controls and of business transactions, thus enhancing significantly management’s ability to ensure compliance and make key business decisions. Continuous auditing requires that information systems are developed not only to fulfill business requirements but also continuous monitoring of transactions and other compliance and control requirements. This integration of business systems and their controls within a process-centric logic necessitates a likewise integration of their development processes. Subsequently existing tools and techniques for requirements analysis need to be recast within a hybrid and integrated approach dubbed requirement analysis for process-centric continuous monitoring or RA-PCCM, which consists of the concurrent analysis of operational systems, information systems, the control system, and the management system. Whilst efforts exist within the auditing community to outline a process-driven methodology for developing continuous auditing systems, this paper argues for integrating control development for continuous monitoring within the fold of information system development, hence restricting auditors to control monitoring assurance

E-Commerce Audit Judgment Expertise: Does Expertise in System Change Management and Information Technology Auditing Mediate E-Commerce Audit Judgment Expertise?

A global survey of 203 E-commerce auditors was conducted to investigate the perceptions about the potential determinants of expertise in E-commerce audits. We hypothesize and find evidence indicating that information technology and communication expertise are positively related to expertise in E-commerce audit judgment. We also find that system change management expertise and information technology audit expertise mediate this relationship.E-commerce Audit Judgment, IT Audit, Structural Equations Modeling

Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

Continuous monitoring of enterprise risks: A delphi feasibility study

A constantly evolving regulatory environment, increasing market pressure to improve operations, and rapidly changing business conditions are creating the need for ongoing assurance that organizational risks are continually and adequately mitigated. Enterprises are perpetually exposed to fraud, poor decision making and/or other inefficiencies that can lead to significant financial loss and/or increased levels of operating risk. Increasingly, Information Systems are being harnessed to reinvent the risk management process. One promising technology is Continuous Auditing, which seeks to transform the audit process from periodic reviews of a few transactions to a continuous review of all transactions. However, the highly integrated, rapidly changing and hypercompetitive business environment of many corporations spawns numerous Enterprise Risks that have been excluded from standard risk management processes. An extension of Continuous Auditing is Continuous Monitoring, which is used by management to continually review business processes for unexpected deviations. Using a Delphi, the feasibility and desirability of applying Continuous Monitoring to different Enterprise Risks is studied. This study uncovers a significant relationship between the perceived business value of Continuous Monitoring and years of experience in Risk Management and Auditing, determines that all key architectural components for a Continuous Monitoring system are known, and indicates that Continuous Monitoring may be better suited for monitoring computer crime than monitoring strategic risks such as the loss of a competitive position

Characteristics of the Audit Processes for Distributed Informatics Systems

The paper contains issues regarding: main characteristics and examples of the distributed informatics systems and main difference categories among them, concepts, principles, techniques and fields for auditing the distributed informatics systems, concepts and classes of the standard term, characteristics of this one, examples of standards, guidelines, procedures and controls for auditing the distributed informatics systems. The distributed informatics systems are characterized by the following issues: development process, resources, implemented functionalities, architectures, system classes, particularities. The audit framework has two sides: the audit process and auditors. The audit process must be led in accordance with the standard specifications in the IT&C field. The auditors must meet the ethical principles and they must have a high-level of professional skills and competence in IT&C field.informatics audit, characteristic, distributed informatics system, standard

-THE EFFECTIVENESS OF FORENSIC ACCOUNTANTS IN STRENGTHENING INTERNAL CONTROL OF BUISNESS ORGANIZATIONS IN NIGERIA (A STUDY OF SELECTED BUISNESS ORGANIZATIONS IN NIGERIA)

The research work examined the effectiveness of forensic accountants in strengthening internal control of business organizations in Nigeria. Companies were chosen due to the important role they play in increasing the level of economic activity. The study aimed at investigating how fraud can be managed and handled in business organizations. The research work is a survey research and the sampling technique employed was the purposive sampling with a sample of jive companies that was selected. A total of 100 copies of questionnaire were distributed to the staff of the selected business organizations. The data collected were analyzed using Statistical Packages for Social Sciences (SPSS). All the hypotheses were tested using Regression Analysis. The results of the empirical findings showed that internal control and its components play a significant role in controlling fraud in business organizations. it is recommended that internal control should be undertaken with effective continuous monitoring of the controls and companies should be stricter with compliance to control procedures

Internal Audit versus Internal Control and Coaching

AbstractThis article is not intended only as a brief parallel between internal audit and internal control but it aims to point their importance for any economic entity and moreover to point the benefits it may provide.Based on the assumption that internal audit does not mean control and the auditors are no adversaries to an entity, it is well known that internal audit is a management assistance tool, allowing the decision makers in an entity to better manage its activities; it assesses all management resolutions meant to ensure their normal and efficient operation, and not lastly it creates added value