Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November 3, 2006 www.theiia.org Institute of Internal Auditors The Institute of Internal Auditors is a global professional association with more than 122,000 members, and is recognized as the internal audit professions leader in certification, education, research and technical guidance. Its mission includes: •Advocating and promoting the value that internal audit professionals add to their organizations; •Providing comprehensive professional educational and development opportunities; •Researching, disseminating, and promoting to practitioners and stakeholders knowledge; •Educating practitioners and other relevant audiences on best practices in internal auditing; and •Bringing together internal auditors from all countries to share information and experiences. www.theiia.org GTAG Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices. www.theiia.org What This Guide Covers • Role of continuous auditing in today’s internal audit environment • Relationship of continuous auditing, continuous monitoring, and continuous assurance • The application and implementation of continuous auditing • Benefits of a continuous, integrated approach www.theiia.org Role of Continuous Auditing • Today’s audit challenges – Regulatory compliance & controls – Internal audit value and independence – Availability of skilled resources – Determining appropriate technology solutions • Need for timely, ongoing assurance over risk management and control systems • Role of continuous auditing – Provides more frequent, more timely, analyses to better manage control deficiencies and risk www.theiia.org Gaining Clarity: Some Definitions • Continuous Auditing – Method used to perform audit-related activities on a continuous basis – includes control and risk assessment – Performed by Internal Audit • Continuous Monitoring – Processes to ensure policies/processes are operating effectively and to assess adequacy/effectiveness of controls – Performed by operational/financial management; audit independently evaluates adequacy of management activities • Continuous Assurance – Combination of continuous auditing and audit oversight of continuous monitoring www.theiia.org Relationship of Continuous Auditing/Monitoring/Assurance • Role of continuous auditing dependent on management’s role in continuous monitoring of controls – Inverse relationship: the greater the role of management, the less of a direct role of internal audit • True continuous assurance – Depends on effective monitoring by management of internal controls and Audit’s independent assessment of that function www.theiia.org Application Areas • Continuous control assessment – Identification of control deficiencies – Identification of fraud, waste, abuse • Continuous risk assessment – Examination of consistency of processes – Development of enterprise audit plan – Support to individual audits – Follow-up on audit recommendations www.theiia.org Key Steps to Implementation • Establish audit objectives and requirements • Gain executive-level support • Ascertain degree to which management is performing monitoring role • Select appropriate technology solutions • Identify information sources and gain access • Understand business processes and identify key controls and risks • Build audit skill set • Manage and report results www.theiia.org Benefits • • • • • • Increased scope of audit activities Increased ability to mitigate risk Reduced cost of internal control assessment Increased confidence in financial results Improvements to financial operations Reduced financial errors and potential for fraud • Reduced revenue leakage for improved bottom-line results • Sustainable and cost-effective means to support compliance www.theiia.org