Evaluating Information Systems with Continuous Assurance Services

Evaluating Information Systems with Continuous Assurance Services

Rui Pedro Marques, Henrique Santos, Carlos Santos
DOI: 10.4018/IJISSS.2016070101
(Individual Articles)
No Current Special Offers


Nowadays there is a need for real-time awareness to assure conformity of organizational transactions to increase their reliability and to mitigate organizational risk. In this context, Continuous Assurance has assumed an important role as a management goal and in ensuring improved effectiveness of organizations. Some information systems already support Continuous Assurance services, but disposable data require extra effort to make them useful for management purposes. Hence, this paper presents a model constituted of three dimensions and one requirement aiming to evaluate an information system with Continuous Assurance services. The Delphi method was used to validate this model, assuring the relevance of inclusion of these dimensions and requirement. This method also validated a set of metrics to be included in each dimension and requirement which were also proposed for the model. Thus, this paper presents the results and conclusions of this study and contributes to disseminate a valid instrument to effectively evaluate information systems with Continuous Assurance Services.
Article Preview


In the current organizational context in which competition is part of daily life, there is a constant need for more timely, relevant and reliable information to help the management team with the decision making, achieve the planned objectives and foresee prospects for the future.

In this context, Continuous Assurance has been asserting itself and assuming an increasingly important role within organizations, as a function of management support and to ensure the economic and efficient use of resources and the effectiveness of organizations, areas where the potential impact of new risks, caused by the constant change, fierce competition and widespread access to global information, are more sensed (Vasarhelyi, Alles & Williams, 2010).

The audit is defined as a systematic process of objective gathering and evaluation of evidence on organizational data and transactions to verify their compliance with the established standards and criteria. The communication of auditing findings to stakeholders is an assurance service. However, assurance is a much broader concept because it includes all professional services that ensure the quality of the information or its context, for decision makers (Soltani, 2007). The IFAC (International Federation of Accountants) defined the assurance services as those which allow a practitioner to express a conclusion designed to increase the level of confidence of the intended users other than the responsible party about the result of the evaluation or measurement of a subject matter against the given criteria (IFAC, 2004).

Continuous Assurance is defined as the application of emerging information technologies to the standard techniques of auditing, both mandatory periodic auditing and internal auditing. In that view, Continuous Assurance presents itself as a new step in the evolution of transaction auditing from manual techniques to automated methods. The term “continuous” does not mean hard real-time, but in a timely way to be use-effective, considering, respecting and being consistent with the pulse and rhythm of each organizational transaction and process (Vasarhelyi, Alles & Williams, 2010).

Continuous Assurance has thrived within organizations as a set of services involved in diagnosing certain situations, including the company's viability, allegations of fraud and illegal acts, assessing the economy, efficiency and effectiveness of organizations (Morais, 2008; Vasarhelyi, Alles & Williams, 2010).

The known cases of fraud at companies like Lehman Brothers, A-Tec, Madoff, Kaupthing Bank, Enron, WorldCom, Parmalat, Tyco, Xerox, among others, led these organizations and their stakeholders to bankruptcy or to very compromising situations. Despite the different and varied approaches to combat fraud and cybercrime (Murthy, Vishnuprasad & Rahul, 2010) and to improve the operational performance (Zhongxian, Ruiliang, Qiyang & Ruben, 2010), the fraud has caused huge losses to investors in recent years, leading also to the loss of financial credibility and integrity. Similarly, the independent audit service also seems to have suffered a heavy blow because of these frauds. Some contextual and socio-economic factors, such as national wealth, transparency levels, staff training and tertiary education enrolment have influenced the information security threats and controls (Princely, 2015).

In this scenario, Continuous Assurance emerges as a set of services which aims to restore the credibility of auditing, allowing at the same time organizations to meet the requirements of regulations (Murcia, Souza & Borba, 2008; Vasarhelyi, Alles & Williams, 2010).

The work presented in this paper is framed in a more comprehensive research project which intends to develop a solution with Continuous Assurance services for the real-time monitoring and auditing of organizational transactions at a very low-level (Marques, Santos & Santos, 2012a, 2013b). Thus, this paper presents, promotes and validates a model which allows to evaluate an information system with Continuous Assurance services (Marques, Santos & Santos, 2013a).

Complete Article List

Search this Journal:
Volume 15: 1 Issue (2024)
Volume 14: 4 Issues (2022): 3 Released, 1 Forthcoming
Volume 13: 4 Issues (2021)
Volume 12: 4 Issues (2020)
Volume 11: 4 Issues (2019)
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing