Continuous Auditing

Myth or Reality?

Robin CloughJanuary 2011

Robin Clough

Robin Clough

Concept of Continuous Auditing

Continuous Auditing Examples

Pro’s and Con’s of Continuous Auditing

Managing Continuous Auditing

Continuous Auditing Solutions

Demo

Myth or Reality?

Questions

Agenda

Concept of Continuous Auditing(definition)

Continuous Auditing is a method used to perform audit-related activities on a continuous basis that covers control and risk assessment. Is generally carried out by Internal Audit and uses CA/CCM software.Continuous (Controls) Monitoring are processes to ensure that policies/processes are operating effectively and to assess adequacy/effectiveness of controls.Is generally carried out by operational/financial management. Audit will independently evaluate.LOTS OF OVERLAP!

Concept of Continuous Auditing(categories)

Applications: • Monitor application settings and changes

• Example is Segregation of Duties settingsTransactions/Master Data: • Testing transactional/master data for evidence of failed, inefficient or missing internal controls

• Example is duplicate payments made to Vendors

Concept of Continuous Auditing(drivers)

Drivers for Continuous Auditing are: • Provide assurance over increasingly complex business processes in high risk areas

• Increase audit oversight and detect issues sooner rather than later

• Eliminate labour intensive work and reduce audit costs

• Under resourced audit teams

• Support immature control areas – CA becomes the control

Examples of Continuous Auditing

Some : • Duplicate payments

• Segregation of duties

• Employee clocking in system

• Compliance

Duplicate payments££££££!!

Is a common area for businesses to focus on. • Notoriously difficult to have bullet proof control over

• Can generate big savings

• Experience has shown a split between audit and business in ownership

• Can usually cover costs of any CA software purchase!

Segregation of Duties

Heavy focus since Sarbanes Oxley. • Can highlight inappropriate mix of duties

• Difficult to set up as requires large investment of time

• Experience has shown a split between audit and business in ownership

• Additional data from OS can highlight sharing of IDs

Employee clocking in

Recent fraud related example. • Employees sharing clocking in cards, clocking each other in!

• Audit developed analytics that read data and highlight potential abuse

• Should transition to business from audit

• Other area to use CA is expenses

Compliance

Compliance team at Hedge Fund responsible for checking trades: • Essential to detect trades that are in breach of rules

• Adopted by dedicated compliance team

• Implementing smarter CA system as currently use spreadsheets

manually

Pro’s and Con’s of Continuous Auditing

What do you think?

Pro’s and Con’s of Continuous Auditing(Pro’s)

• Increase audit coverage/reach• Automated testing allows more time for analysis of findings• Can draw data from different sources• Reduce cost of audits• Assist external audit• Improve business performance• Detect missed flaws in controls – flaws that occur occasionally

Pro’s and Con’s of Continuous Auditing(Con’s)

• Cost• Mixed track record• Hot air?• Time taken to configure and set up• Could create additional work if set up poorly• Likely to be skeptics• Ownership unclear, can straddle departments – creates issues

Managing Continuous Auditing

• Clear strategy / Objectives / Goals• CBA• Clear ownership and direction• Focus on high risk areas, don’t spread too thinly• Start small and grow from there• Ensure that the findings are shared with the business in a constructive

way• Nominate experts/champions

Continuous Auditing Solutions

Taken from Gartner Magic Quadrant for Continuous Controls Monitoring•Embedded: SAP/Oracle•ACL Audit Exchange•Approva•Greenlight Technologies•Infogix•Security Weaver•SymSure (integrates with IDEA )

DemoACL Audit Exchange

Developed by ACL•New release of AX3 on February 7th•Focused on transaction data•Connects to multiple data sources•Has an Exception module which workflows the exceptions•Strong user base in N.America, growing steadily in the UK

ACL

Enterprise Data

SQL

ERP

Automation – built-in analytic scheduler

Server analytic processing powerContent Management – any file type

Access virtually any data source and automate data feeds

Create analytics, perform ad-hoc analysis and remote analysis

Automatically distribute exceptions found during data analysis testing to multiple

business stakeholders

Myth or Reality?

THANK YOU!