CONTINUOUS AUDITING

Global Technology Auditing Guide 3

Presented by Melanie Cloran

Introduction to Continuous Auditing

Traditionally, internal audit testing has been

performed on a retrospective and cyclical

basis, often months after business activities

have occurred.

Testing is typically based on a sampling

approach.

Introduction of Continuous Auditing

Continuous auditing is a method used to

perform control and risk assessments

automatically on a more frequent basis.

Changes the audit paradigm from periodic

reviews of a sample of transactions to ongoing

audit testing of 100 percent of transaction.

Allows for immediate follow-up and

remediation.

Development of Continuous Auditing

1960s - The origins of automated control testing began with the implementation of embedded audit modules.

1990s -Popularity rose as managers and auditors looked for efficient ways to test effectiveness of internal controls.

Current and most visible drivers for continuous auditing techniques is the high cost of regulatory compliance.

Key Concepts

Key goal of continuous auditing is to ensure the effectiveness of all controls and support the mitigation of risk.

Continuous auditing measures specific attributes that, if certain parameters are met, will trigger auditor-initiated actions.

Two main activities: Continuous Control Assessment Continuous Risk Assessment

Key Activities

Continuous control assessment Identification of control

deficiencies. Where there is an identified risk,

is there a control? Continuous risk assessment

Requires knowledge of organizations business processes.

Examination of consistency of processes.

Focused on question “What could go wrong?”

Increased level of risk may point to a deficient or nonexistent control.

Assessment

of Risks

Assessment of Control

s

Results

Results

Control and Risk

Control and risk represent opposite sides of the

same coin.

Controls exist to mitigate risk; identification of

control deficiencies highlight areas of potential

risk.

By examining risk, auditors can identify areas

where controls are needed and/or not working.

Relationship of Continuous Auditing/Monitoring/Assurance

Role of continuous auditing is dependent on management’s efforts in continuous monitoring of controls. Inverse relationship:

the greater the role of management, the less of a direct role from internal audit

Implementation

Establish audit objectives and requirements Gain executive-level support Ascertain degree to which management is

performing monitoring role Select appropriate technology solutions Identify information sources and gain access Understand business processes and identify

key controls and risks Build audit skill set Manage and report results

Benefits

Increased ability to mitigate risks. Reductions in the cost of assessing

internal controls. Reductions in financial errors and the

potential for fraud. Increased confidence in financial results. Improvements to financial operations. Sustainable and cost-effective means to

support compliance

Examples Continuous Auditing of Accounts Payable

Identification of duplicate payments

Identification of invoices going to suspense

accounts

Identification of vendors that were created by and

used by a single user

Identification of invoices that do not reference a

purchase order

Percentage of manual checks

SummaryContinuous Auditing

A method used to perform control and risk assessments

automatically on a more frequent basis

Measures specific attributes that, if certain parameters are

met, will trigger auditor initiated actions

Process revolves around two activities:

Continuous control assessment

Continuous risk assessment

Depth depends on extent to which management performs

continuous monitoring