continuous auditing myth or reality? robin clough january 2011
DESCRIPTION
Continuous Auditing Myth or Reality? Robin Clough January 2011. Robin Clough. Robin Clough. Agenda. Concept of Continuous Auditing (definition). - PowerPoint PPT PresentationTRANSCRIPT
Concept of Continuous Auditing
Continuous Auditing Examples
Pro’s and Con’s of Continuous Auditing
Managing Continuous Auditing
Continuous Auditing Solutions
Demo
Myth or Reality?
Questions
Agenda
Concept of Continuous Auditing(definition)
Continuous Auditing is a method used to perform audit-related activities on a continuous basis that covers control and risk assessment. Is generally carried out by Internal Audit and uses CA/CCM software.Continuous (Controls) Monitoring are processes to ensure that policies/processes are operating effectively and to assess adequacy/effectiveness of controls.Is generally carried out by operational/financial management. Audit will independently evaluate.LOTS OF OVERLAP!
Concept of Continuous Auditing(categories)
Applications: • Monitor application settings and changes
• Example is Segregation of Duties settingsTransactions/Master Data: • Testing transactional/master data for evidence of failed, inefficient or missing internal controls
• Example is duplicate payments made to Vendors
Concept of Continuous Auditing(drivers)
Drivers for Continuous Auditing are: • Provide assurance over increasingly complex business processes in high risk areas
• Increase audit oversight and detect issues sooner rather than later
• Eliminate labour intensive work and reduce audit costs
• Under resourced audit teams
• Support immature control areas – CA becomes the control
Examples of Continuous Auditing
Some : • Duplicate payments
• Segregation of duties
• Employee clocking in system
• Compliance
Duplicate payments££££££!!
Is a common area for businesses to focus on. • Notoriously difficult to have bullet proof control over
• Can generate big savings
• Experience has shown a split between audit and business in ownership
• Can usually cover costs of any CA software purchase!
Segregation of Duties
Heavy focus since Sarbanes Oxley. • Can highlight inappropriate mix of duties
• Difficult to set up as requires large investment of time
• Experience has shown a split between audit and business in ownership
• Additional data from OS can highlight sharing of IDs
Employee clocking in
Recent fraud related example. • Employees sharing clocking in cards, clocking each other in!
• Audit developed analytics that read data and highlight potential abuse
• Should transition to business from audit
• Other area to use CA is expenses
Compliance
Compliance team at Hedge Fund responsible for checking trades: • Essential to detect trades that are in breach of rules
• Adopted by dedicated compliance team
• Implementing smarter CA system as currently use spreadsheets
manually
Pro’s and Con’s of Continuous Auditing(Pro’s)
• Increase audit coverage/reach• Automated testing allows more time for analysis of findings• Can draw data from different sources• Reduce cost of audits• Assist external audit• Improve business performance• Detect missed flaws in controls – flaws that occur occasionally
Pro’s and Con’s of Continuous Auditing(Con’s)
• Cost• Mixed track record• Hot air?• Time taken to configure and set up• Could create additional work if set up poorly• Likely to be skeptics• Ownership unclear, can straddle departments – creates issues
Managing Continuous Auditing
• Clear strategy / Objectives / Goals• CBA• Clear ownership and direction• Focus on high risk areas, don’t spread too thinly• Start small and grow from there• Ensure that the findings are shared with the business in a constructive
way• Nominate experts/champions
Continuous Auditing Solutions
Taken from Gartner Magic Quadrant for Continuous Controls Monitoring•Embedded: SAP/Oracle•ACL Audit Exchange•Approva•Greenlight Technologies•Infogix•Security Weaver•SymSure (integrates with IDEA )
DemoACL Audit Exchange
Developed by ACL•New release of AX3 on February 7th•Focused on transaction data•Connects to multiple data sources•Has an Exception module which workflows the exceptions•Strong user base in N.America, growing steadily in the UK
ACL
Enterprise Data
SQL
ERP
Automation – built-in analytic scheduler
Server analytic processing powerContent Management – any file type
Access virtually any data source and automate data feeds
Create analytics, perform ad-hoc analysis and remote analysis
Automatically distribute exceptions found during data analysis testing to multiple
business stakeholders