Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
After making circles in the academic networks for years, continuous auditing is now within reach for businesses looking to derive greater value from their auditing processes. Its implementation is no more complex and the benefits are real. By adopting the right auditing tools, developing a complete system with technological adequacy and an environment conducive to its application, every organization can gain from continuous auditing.
The concept of automated audit procedures with real time or near real time has been in picture since early 80’s. However, it stayed unnoticed for about a decade due to lack of technical resources and expertise and got attention only after the Sarbanes-Oxley Act brought urgency to the audit function.
Earlier accepted as an academic concept, continuous auditing performs control and risk assessments automatically on a continuous basis - it changes the audit strategy from periodic reviews of a sample of transactions to ongoing audit testing of 100 percent of transactions.
Not only does it enable auditors to detect control gaps and weaknesses within a much shorter time (almost instantaneous) but also makes remediation faster. Unlike the traditional audit model, where a long period of time passes before the issuance of the audit report, largely making the crucial information redundant and delaying corrective actions on audit findings.
Perhaps, in the present scenario, the traditional audit systems calls for an overhaul. Keeping in mind the imperfections exposed by the current financial crisis, organizations today are not just asking internal audit to take on a more strategic role but also require internal audit groups to refocus their efforts from compliance to better business performance.
Whatever the reasons, companies have advanced for inaction or ignorance in the past, increasing regulatory demands, compliance requirements, the push for real-time financial reporting and resource-snapping manual audits are propelling them towards adopting principles of continuous auditing. Not to forget the proliferating information systems in the current business environment calling for the management and review of vastly increased volumes of data and transactions; further the rapid pace of business requiring prompt identification of, and response to, control issues and regulations requiring the timely disclosure of control deficiencies and management assertions.
If today’s internal auditors control audit activities, they also keep an eye on a company’s risk profile and play a key role in identifying areas to improve risk management processes. However, if they do not have a thorough understanding of the business processes and associated risks, auditors can only perform traditional audit checklist-based tasks. Continuous auditing provides auditors with an opportunity to go beyond the confines of traditional audit approaches and the limitations of sampling, lengthy reviews of audit reports and delayed remediation.
Continuous auditing is not a technological tool; it’s a methodology that enables independent auditors to provide written assurance on a subject matter using a series of auditor’s reports issued simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter, as per the CICA/AICPA report.
If rapid technological advancements have made this concept more feasible for the organizations to adopt, its implementation is still a concern. Evidently, the adoption does not only require a mindset change in the traditional audit department but requires the audit department to:
How does Continuous Auditing fit with the integrated GRC paradigm?
Most organizations are exposed to governance, compliance and operational risks on a continuous basis. Coupled with the current economic, regulatory and social climate, these risks have propelled an integrated approach to corporate governance, compliance management and risk management to a top business priority.
Internal auditors have long maintained their companies’ financial accountability and integrity and provided the much needed assurance to the management, the board and the audit committee. Recently, however, to address the rapidly evolving and often complex risk environment and meet ever-changing regulatory, business, and industry requirements, auditors can use continuous audits to monitor controls and transactions in real time.
With continuous auditing, the audit routines are performed not only at year-end but quarterly, monthly, daily in real time detecting frauds and enforcing corrective actions instantaneously, creating significant competitive advantage and unexpected benefits for the businesses.
Undoubtedly, the motivating factors for offering continuous auditing are high. What stand’s in the way indeed are the technological limitations- as technology can play an enabling role for continuous auditing.
Already, organizations are implementing solutions to make environment conducive for continuous auditing.
GRC Platform: An integrated platform-based approach to Governance, Risk and Compliance processes enables continuous auditing in many ways. It not only provides a common framework to manage all compliance requirements faced by an organization but also enables organizations to identify, assess, quantify, monitor and manage their risk in real-time bases on a centralized information system, making way for speedy flow of data and quick responses to events mandatory continuous auditing.
With automated information flows, assessments and testing, and remedial assignments, a GRC Platform ensures effective communications, collaboration, across the enterprise eliminating any deviation and errors as well as redundant activities, and reduces overall friction auditing may have with other organization processes.
Next-Generation Internal Audit Software Application: A next-generation Internal Audit software application supports all audit-related activities in an organization-managing audit schedules, auditing working papers, conducting ad-hoc audits, documenting audit findings, drafting audit reports and recommendations, summarizing audit findings and presenting to the top management, and driving corrective action plans.
Such application can power continuous auditing as it allows easy access to data and improves visibility within the audit team as well as between auditors and auditees leading to quicker response times for improved efficiencies. With a rich set of dashboards and reports, it rolls up information across multiple dimensions such as risk profiles, areas of compliance, business units and business processes with the ability to drilldown to view data at granular levels. This allows auditors to determine when and where to apply continuous auditing. Key elements of continuous auditing that the audit tool facilities are;
After making circles in the academic networks for years, continuous auditing is now within reach for businesses looking to derive greater value from their auditing processes. Its implementation is no more complex and the benefits are real.
By adopting the right auditing tools, developing a complete system with technological adequacy and an environment conducive to its application, every organization can gain from continuous auditing.