CONTINUOUS AUDITING
Global Technology Auditing Guide 3
Presented by Melanie Cloran
Introduction to Continuous Auditing
Traditionally, internal audit testing has been
performed on a retrospective and cyclical
basis, often months after business activities
have occurred.
Testing is typically based on a sampling
approach.
Introduction of Continuous Auditing
Continuous auditing is a method used to
perform control and risk assessments
automatically on a more frequent basis.
Changes the audit paradigm from periodic
reviews of a sample of transactions to ongoing
audit testing of 100 percent of transaction.
Allows for immediate follow-up and
remediation.
Development of Continuous Auditing
1960s - The origins of automated control testing began with the implementation of embedded audit modules.
1990s -Popularity rose as managers and auditors looked for efficient ways to test effectiveness of internal controls.
Current and most visible drivers for continuous auditing techniques is the high cost of regulatory compliance.
Key Concepts
Key goal of continuous auditing is to ensure the effectiveness of all controls and support the mitigation of risk.
Continuous auditing measures specific attributes that, if certain parameters are met, will trigger auditor-initiated actions.
Two main activities: Continuous Control Assessment Continuous Risk Assessment
Key Activities
Continuous control assessment Identification of control
deficiencies. Where there is an identified risk,
is there a control? Continuous risk assessment
Requires knowledge of organizations business processes.
Examination of consistency of processes.
Focused on question “What could go wrong?”
Increased level of risk may point to a deficient or nonexistent control.
Assessment
of Risks
Assessment of Control
s
Results
Results
Control and Risk
Control and risk represent opposite sides of the
same coin.
Controls exist to mitigate risk; identification of
control deficiencies highlight areas of potential
risk.
By examining risk, auditors can identify areas
where controls are needed and/or not working.
Relationship of Continuous Auditing/Monitoring/Assurance
Role of continuous auditing is dependent on management’s efforts in continuous monitoring of controls. Inverse relationship:
the greater the role of management, the less of a direct role from internal audit
Implementation
Establish audit objectives and requirements Gain executive-level support Ascertain degree to which management is
performing monitoring role Select appropriate technology solutions Identify information sources and gain access Understand business processes and identify
key controls and risks Build audit skill set Manage and report results
Benefits
Increased ability to mitigate risks. Reductions in the cost of assessing
internal controls. Reductions in financial errors and the
potential for fraud. Increased confidence in financial results. Improvements to financial operations. Sustainable and cost-effective means to
support compliance
Examples Continuous Auditing of Accounts Payable
Identification of duplicate payments
Identification of invoices going to suspense
accounts
Identification of vendors that were created by and
used by a single user
Identification of invoices that do not reference a
purchase order
Percentage of manual checks
SummaryContinuous Auditing
A method used to perform control and risk assessments
automatically on a more frequent basis
Measures specific attributes that, if certain parameters are
met, will trigger auditor initiated actions
Process revolves around two activities:
Continuous control assessment
Continuous risk assessment
Depth depends on extent to which management performs
continuous monitoring