This paper develops the concept and explores key issues in an alternate audit approach called the Continuous Process Audit Methodology (CPAM). The paper focuses on an implementation of this methodology, the Continuous Process Audit System (CPAS), developed at AT&T Bell Laboratories for the AT&T internal audit organization. Features of the methodology may also be applicable to external audit functions. The paper is divided into three sections. In the remainder of the Introduction, changes in management information systems (MIS) that affect traditional auditing are discussed. In the second section, CPAM and CPAS are described and contrasted with the traditional audit approach. The audit implications related to the introduction of a CPAS-like technology also are examined. The last section discusses some of the knowledge issues involved in the implementation of a CPAS application and suggests paths for future work.

Technology and the Auditor

Traditional auditing (both internal and external) has changed considerably in recent years, primarily as a result of changes in the data processing environment [Roussey, 1986; Elliott, 1986; Vasarhelyi and Lin, 1988; Bailey et al., 1989]. These changes have created major challenges in performing the verification and attestation functions2 . These changes and the resulting technical challenges created for auditors are summarized in Table 1. For example, the introduction of technology precluded auditors from directly reading data from its source (magnetic tape) and, unlike paper and indelible ink, this source could be modified without leaving a trace (phases 1 and 2 in Table 1); the advent of time sharing and data communications has allowed continuous access to data from many locations (phase 3) creating access exposures; database systems have added more complexity to auditing due to the lack of obvious mapping between the physical and logical organization of data (phase 4).