After making circles in the academic networks for years, continuous auditing is now within reach for businesses looking to derive greater value from their auditing processes. Its implementation is no more complex and the benefits are real. By adopting the right auditing tools, developing a complete system with technological adequacy and an environment conducive to its application, every organization can gain from continuous auditing.Download an Insight
The concept of automated audit procedures with real time or near real time has been in picture since early 80’s. However, it stayed unnoticed for about a decade due to lack of technical resources and expertise and got attention only after the Sarbanes-Oxley Act brought urgency to the audit function.
Earlier accepted as an academic concept, continuous auditing performs control and risk assessments automatically on a continuous basis - it changes the audit strategy from periodic reviews of a sample of transactions to ongoing audit testing of 100 percent of transactions.
Not only does it enable auditors to detect control gaps and weaknesses within a much shorter time (almost instantaneous) but also makes remediation faster. Unlike the traditional audit model, where a long period of time passes before the issuance of the audit report, largely making the crucial information redundant and delaying corrective actions on audit findings.
Perhaps, in the present scenario, the traditional audit systems calls for an overhaul. Keeping in mind the imperfections exposed by the current financial crisis, organizations today are not just asking internal audit to take on a more strategic role but also require internal audit groups to refocus their efforts from compliance to better business performance.
Whatever the reasons, companies have advanced for inaction or ignorance in the past, increasing regulatory demands, compliance requirements, the push for real-time financial reporting and resource-snapping manual audits are propelling them towards adopting principles of continuous auditing. Not to forget the proliferating information systems in the current business environment calling for the management and review of vastly increased volumes of data and transactions; further the rapid pace of business requiring prompt identification of, and response to, control issues and regulations requiring the timely disclosure of control deficiencies and management assertions.
If today’s internal auditors control audit activities, they also keep an eye on a company’s risk profile and play a key role in identifying areas to improve risk management processes. However, if they do not have a thorough understanding of the business processes and associated risks, auditors can only perform traditional audit checklist-based tasks. Continuous auditing provides auditors with an opportunity to go beyond the confines of traditional audit approaches and the limitations of sampling, lengthy reviews of audit reports and delayed remediation.
Implementing Continuous Auditing
Continuous auditing is not a technological tool; it’s a methodology that enables independent auditors to provide written assurance on a subject matter using a series of auditor’s reports issued simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter, as per the CICA/AICPA report.
If rapid technological advancements have made this concept more feasible for the organizations to adopt, its implementation is still a concern. Evidently, the adoption does not only require a mindset change in the traditional audit department but requires the audit department to:
- Obtain audit committee and senior management support for the implementation of continuous auditing
- Enable audit tools and technology necessary to rapidly access, analyze, communicate and review the information
- Implement data analysis techniques and tools for audit projects
- Ensure that continuous auditing is adopted as part of an integrated, consistent approach to risk-based auditing
- Manage and respond to the results of continuous auditing, determining appropriate use, follow-up, and reporting mechanisms
How does Continuous Auditing fit with the integrated GRC paradigm?
Most organizations are exposed to governance, compliance and operational risks on a continuous basis. Coupled with the current economic, regulatory and social climate, these risks have propelled an integrated approach to corporate governance, compliance management and risk management to a top business priority.
Internal auditors have long maintained their companies’ financial accountability and integrity and provided the much needed assurance to the management, the board and the audit committee. Recently, however, to address the rapidly evolving and often complex risk environment and meet ever-changing regulatory, business, and industry requirements, auditors can use continuous audits to monitor controls and transactions in real time.
With continuous auditing, the audit routines are performed not only at year-end but quarterly, monthly, daily in real time detecting frauds and enforcing corrective actions instantaneously, creating significant competitive advantage and unexpected benefits for the businesses.
Undoubtedly, the motivating factors for offering continuous auditing are high. What stand’s in the way indeed are the technological limitations- as technology can play an enabling role for continuous auditing.
Already, organizations are implementing solutions to make environment conducive for continuous auditing.
GRC Platform: An integrated platform-based approach to Governance, Risk and Compliance processes enables continuous auditing in many ways. It not only provides a common framework to manage all compliance requirements faced by an organization but also enables organizations to identify, assess, quantify, monitor and manage their risk in real-time bases on a centralized information system, making way for speedy flow of data and quick responses to events mandatory continuous auditing.
With automated information flows, assessments and testing, and remedial assignments, a GRC Platform ensures effective communications, collaboration, across the enterprise eliminating any deviation and errors as well as redundant activities, and reduces overall friction auditing may have with other organization processes.
Next-Generation Internal Audit Software Application: A next-generation Internal Audit software application supports all audit-related activities in an organization-managing audit schedules, auditing working papers, conducting ad-hoc audits, documenting audit findings, drafting audit reports and recommendations, summarizing audit findings and presenting to the top management, and driving corrective action plans.
Such application can power continuous auditing as it allows easy access to data and improves visibility within the audit team as well as between auditors and auditees leading to quicker response times for improved efficiencies. With a rich set of dashboards and reports, it rolls up information across multiple dimensions such as risk profiles, areas of compliance, business units and business processes with the ability to drilldown to view data at granular levels. This allows auditors to determine when and where to apply continuous auditing. Key elements of continuous auditing that the audit tool facilities are;
- Ad-hoc audits and unscheduled audits: In addition to following the annual audit schedule, audits can be triggered on an ad-hoc basis based on need judgment or external events.
- Corrective action: Continuous auditing requires corrective actions to be implemented faster which can be achieved by escalating issues at different levels depending on their severity as soon as they are found and without causing any confusion or duplications that might break the process.
- Meeting deadlines: The escalated issues can be immediately referred to the concerned department for a corrective action without waiting for the audit report submission and review process to complete enforcing aggressive deadlines on action plans.
- Skill set call out: Finding the right auditor for a particular job can be quite daunting in a complex business environment. An audit tool enables this as a push button away, making peer reviews, and expert advice easier and streamlined.
- Flexibility in reporting: Executive can access audit reports continuously while the audit is being carried out. Auditors can generate and distribute partial audit reports if they want to flag and highlight certain sections or areas much before the final report is published.
- Continuous monitoring: Internal auditing software also enables continuous monitoring by providing technology and interfaces to detect compliance and risk issues associated with financial and operational environment.
- Continuous reporting: By utilizing XBRL open standard, audit application facilitates continuous auditing by providing a way to release audit-related information on a near real-time basis to external agencies and regulators.
After making circles in the academic networks for years, continuous auditing is now within reach for businesses looking to derive greater value from their auditing processes. Its implementation is no more complex and the benefits are real.
By adopting the right auditing tools, developing a complete system with technological adequacy and an environment conducive to its application, every organization can gain from continuous auditing.