1
www.theiia.org
Continuous Auditing
Global Technology Auditing Guide 3
2
What This Guide Covers• Brief history • Environment check• COSO ERM• Role of continuous auditing • Benefits• Key concepts
3
What This Guide Covers• Relationship of continuous auditing,
continuous monitoring, and continuous assurance
4
What This Guide Covers• Areas for application
• Key steps to implementing
5
A Brief History• Origins of automated control testing
began in 1960s• Adopting computer-assisted audit
tools and techniques• Ongoing automated data analysis• Data analytics
6
Environment Check• Regulatory compliance & controls• Internal Audit value & independence• Availability of skilled resources• Technology• Fraud
Va ACL Users Group Meeting Intro to Continuous Auditing February 8, 2006
By Gary L. Martin Henrico County Internal Audit
2
7
COSO Enterprise Risk Management (ERM) Framework
8
Role of Continuous Auditing• Need for timely, ongoing assurance
over risk management and control systems
9
Role of Continuous Auditing• Role of continuous auditing
–Provides more frequent, more timely, analyses to better manage control deficiencies and risk
10
Benefits• Helps evaluate monitoring by management• Can identify and assess areas of risk• Assist in developing audit plan• Independence from systems and monitoring
11
Gaining Clarity: Some Definitions
Continuous Auditing–Method used to perform audit-
related activities on a continuous basis – includes control and risk assessment
–Performed by Internal Audit
12
Gaining Clarity: Some Definitions
Continuous Monitoring–Processes to ensure policies/processes
are operating effectively and to assess adequacy/effectiveness of controls
–Performed by operational/financial management; audit independently evaluates adequacy of management activities
Va ACL Users Group Meeting Intro to Continuous Auditing February 8, 2006
By Gary L. Martin Henrico County Internal Audit
3
13
Gaining Clarity: Some Definitions
Continuous Assurance–Combination of continuous auditing
and audit oversight of continuous monitoring
14
Continuum of Continuous Auditing
15
Relationship of Continuous Auditing/Monitoring/Assurance
• Role of continuous auditing dependent on management’s role in continuous monitoring of controls–Inverse relationship: the greater
the role of management, the less of a direct role of internal audit
16
Relationship of Continuous Auditing/Monitoring/Assurance
17
Relationship of Continuous Auditing/Monitoring/Assurance
True continuous assurance –Depends on effective monitoring by
management of internal controls and Audit’s independent assessment of that function
18
Relationship of Continuous Auditing/Monitoring/Assurance
Va ACL Users Group Meeting Intro to Continuous Auditing February 8, 2006
By Gary L. Martin Henrico County Internal Audit
4
19
Application AreasContinuous control assessment
– Identification of control deficiencies• Example: Financial controls P-cards• Example: System controls segregation• Example: Security controls access logs
20
Application AreasContinuous control assessment
– Identification of fraud, waste, abuse• Example: brainstorming• Example: analytics
Continuous auditing
21
Application AreasContinuous control assessment
–More practical examples:• Examining transactional data• Reviewing summarized data• Employing comparative analysis• Testing totals by general ledger account
22
Application AreasContinuous risk assessment
–Example: Risk-based Auditing sites–Development of audit plan–Support to individual auditing–Follow-up on audit recommendations
23
Key Steps to Implementation
• Define audit objectives• Gain executive-level support• Ascertain degree to which
management is performing monitoring role
24
Key Steps to Implementation
• Identify & prioritize audit areas
Va ACL Users Group Meeting Intro to Continuous Auditing February 8, 2006
By Gary L. Martin Henrico County Internal Audit
5
25
Key Steps to Implementation
• Identify information sources and gain access
26
Key Steps to Implementation
• Understand business processes and application systems
27
Data Access and Use
• Select & purchase tools• Develop capabilities• Develop skills• Assess data integrity• Prepare and access data
28
Manage & Report Results
• Select few areas• Decide on frequency• Get management involved• Decide on report method & response• Access to personal information
29
Conclusion
• Examples from audience• Appendix A on Accounts Payable• Appendix C on Self-assessment
Va ACL Users Group Meeting Intro to Continuous Auditing February 8, 2006
By Gary L. Martin Henrico County Internal Audit