Continuous Controls Monitoring and Continuous Auditing an integrated
- Slides: 11
Continuous Controls Monitoring and Continuous Auditing – an integrated technology approach John Verver CA, CISA, CMC VP Professional Services ACL Services Ltd
Topics Continuous Controls Monitoring and Continuous Auditing à Definitions, Distinctions, Relationships An integrated approach for CCM and CA Management role and activities Audit’s role and activities Technology requirements Examples
Continuous Auditing Shift from traditional approach of periodic cyclical audit processes Method used to automatically perform audit procedures on an ongoing basis Allows audit to provide ongoing risk and control assessments Technology is key
Continuous Controls Monitoring Process performed by management to determine whether policies and controls are operating effectively Establishes control objectives and assurance assertions – and uses automated tests to identify activities and transactions that fail to comply with controls Allows management to fix control problems on a timely basis – improves controls and improves operational performance Technology is key
CA and CCM – an integrated approach Many of the techniques used in CA and CCM are similar How can both approaches be integrated and how does this affect roles and responsibilities of audit and management?
CA and CCM – an integrated approach
CA and CCM – an integrated approach Effective use of automated continuous auditing and controls monitoring techniques can substantially reduce the time required for ERM activities and controls testing Helps to make it clear to management that they – and not audit - are primarily responsible for determining effectiveness of controls Audit (internal and external) needs to be able to rely upon the integrity of the Continuous Controls Monitoring process
Audit reliance on Continuous Controls Monitoring Validation of control monitoring tests à Design à Processing Security over access to the CCM system Security over changes to tests and test parameters Processing audit trail Follow up procedures – response to control deficiencies detected
Technology requirements for Integrated Approach Comprehensive range of standard control tests Configurability of additional tests Ad hoc analysis to support CCM and CA process Ability to access and monitor data, transactions and activities from across the enterprise Security and control over CCM process Auditability of CCM process Integration with ERM software
ACL Experience Increasing recognition by internal audit and operational management that CCM process should be owned by management Internal audit designing procedures around CCM processes External auditing firms beginning to consider issues of CCM audit reliance – security and control of CCM process a significant concern ROI argument for CCM repeatedly validated
Jitsmi
Continuous control monitoring tools
Manual auditing and computerized auditing
Continuous control monitoring definition
Ifta audit manual
General controls vs application controls
He who controls the past controls the future
Continuous auditing examples
Continuous auditing
Continuous auditing workflow
Continuous auditing automation
Continuous auditing workflow
