Global Technology Audit Guide: Continuous Auditing

advertisement
Continuous Auditing
Global Technology Auditing Guide 3
Twelfth Continuous Auditing and Reporting Symposium
Rutgers Business School
November 3, 2006
www.theiia.org
Institute of Internal Auditors
The Institute of Internal Auditors is a global professional
association with more than 122,000 members, and is
recognized as the internal audit professions leader in
certification, education, research and technical guidance.
Its mission includes:
•Advocating and promoting the value that internal audit
professionals add to their organizations;
•Providing comprehensive professional educational and
development opportunities;
•Researching, disseminating, and promoting to
practitioners and stakeholders knowledge;
•Educating practitioners and other relevant audiences on
best practices in internal auditing; and
•Bringing together internal auditors from all countries to
share information and experiences.
www.theiia.org
GTAG
Written primarily for the chief internal audit executive
(CAE) and audit supervisors, the guides address concerns
of the board of directors and chief-level executives.
Each Global Technology Audit Guide (GTAG) is written in
straightforward business language to address timely
issues related to information technology management,
control, or security.
GTAG is a ready resource series for chief audit executives
to use in the education of members of the board and
audit committee, management, process owners, and
others regarding technology-associated risks and
recommended practices.
www.theiia.org
What This Guide Covers
• Role of continuous auditing in today’s
internal audit environment
• Relationship of continuous auditing,
continuous monitoring, and continuous
assurance
• The application and implementation of
continuous auditing
• Benefits of a continuous, integrated
approach
www.theiia.org
Role of Continuous Auditing
• Today’s audit challenges
– Regulatory compliance & controls
– Internal audit value and independence
– Availability of skilled resources
– Determining appropriate technology solutions
• Need for timely, ongoing assurance over risk
management and control systems
• Role of continuous auditing
– Provides more frequent, more timely, analyses to
better manage control deficiencies and risk
www.theiia.org
Gaining Clarity: Some Definitions
• Continuous Auditing
– Method used to perform audit-related activities on a
continuous basis – includes control and risk assessment
– Performed by Internal Audit
• Continuous Monitoring
– Processes to ensure policies/processes are operating
effectively and to assess adequacy/effectiveness of
controls
– Performed by operational/financial management; audit
independently evaluates adequacy of management
activities
• Continuous Assurance
– Combination of continuous auditing and audit oversight
of continuous monitoring
www.theiia.org
Relationship of Continuous
Auditing/Monitoring/Assurance
• Role of continuous auditing dependent on
management’s role in continuous monitoring of controls
– Inverse relationship: the
greater the role of
management, the less of
a direct role of internal
audit
• True continuous assurance
– Depends on effective monitoring
by management of internal
controls and Audit’s
independent assessment of that
function
www.theiia.org
Application Areas
• Continuous control assessment
– Identification of control deficiencies
– Identification of fraud, waste, abuse
• Continuous risk assessment
– Examination of consistency of processes
– Development of enterprise audit plan
– Support to individual audits
– Follow-up on audit recommendations
www.theiia.org
Key Steps to Implementation
• Establish audit objectives and requirements
• Gain executive-level support
• Ascertain degree to which management is
performing monitoring role
• Select appropriate technology solutions
• Identify information sources and gain access
• Understand business processes and identify key
controls and risks
• Build audit skill set
• Manage and report results
www.theiia.org
Benefits
•
•
•
•
•
•
Increased scope of audit activities
Increased ability to mitigate risk
Reduced cost of internal control assessment
Increased confidence in financial results
Improvements to financial operations
Reduced financial errors and potential for
fraud
• Reduced revenue leakage for improved
bottom-line results
• Sustainable and cost-effective means to
support compliance
www.theiia.org
Download