1 / 20

Continuous Auditing Myth or Reality? Robin Clough January 2011

Continuous Auditing Myth or Reality? Robin Clough January 2011. Robin Clough. Robin Clough. Agenda. Concept of Continuous Auditing (definition).

Download Presentation

Continuous Auditing Myth or Reality? Robin Clough January 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Continuous AuditingMyth or Reality?Robin CloughJanuary 2011

  2. Robin Clough Robin Clough

  3. Agenda

  4. Concept of Continuous Auditing (definition) Continuous Auditing is a method used to perform audit-related activities on a continuous basis that covers control and risk assessment. Is generally carried out by Internal Audit and uses CA/CCM software. Continuous (Controls) Monitoring are processes to ensure that policies/processes are operating effectively and to assess adequacy/effectiveness of controls. Is generally carried out by operational/financial management. Audit will independently evaluate. LOTS OF OVERLAP!

  5. Concept of Continuous Auditing (categories) Applications: • Monitor application settings and changes • Example is Segregation of Duties settings Transactions/Master Data: • Testing transactional/master data for evidence of failed, inefficient or missing internal controls • Example is duplicate payments made to Vendors

  6. Concept of Continuous Auditing (drivers) Drivers for Continuous Auditing are: • Provide assurance over increasingly complex business processes in high risk areas • Increase audit oversight and detect issues sooner rather than later • Eliminate labour intensive work and reduce audit costs • Under resourced audit teams • Support immature control areas – CA becomes the control

  7. Examples of Continuous Auditing Some : • Duplicate payments • Segregation of duties • Employee clocking in system • Compliance

  8. Duplicate payments ££££££!! Is a common area for businesses to focus on. • Notoriously difficult to have bullet proof control over • Can generate big savings • Experience has shown a split between audit and business in ownership • Can usually cover costs of any CA software purchase!

  9. Segregation of Duties Heavy focus since Sarbanes Oxley. • Can highlight inappropriate mix of duties • Difficult to set up as requires large investment of time • Experience has shown a split between audit and business in ownership • Additional data from OS can highlight sharing of IDs

  10. Employee clocking in Recent fraud related example. • Employees sharing clocking in cards, clocking each other in! • Audit developed analytics that read data and highlight potential abuse • Should transition to business from audit • Other area to use CA is expenses

  11. Compliance Compliance team at Hedge Fund responsible for checking trades: • Essential to detect trades that are in breach of rules • Adopted by dedicated compliance team • Implementing smarter CA system as currently use spreadsheets manually

  12. Pro’s and Con’s of Continuous Auditing What do you think?

  13. Pro’s and Con’s of Continuous Auditing (Pro’s) • Increase audit coverage/reach • Automated testing allows more time for analysis of findings • Can draw data from different sources • Reduce cost of audits • Assist external audit • Improve business performance • Detect missed flaws in controls – flaws that occur occasionally

  14. Pro’s and Con’s of Continuous Auditing (Con’s) • Cost • Mixed track record • Hot air? • Time taken to configure and set up • Could create additional work if set up poorly • Likely to be skeptics • Ownership unclear, can straddle departments – creates issues

  15. Managing Continuous Auditing • Clear strategy / Objectives / Goals • CBA • Clear ownership and direction • Focus on high risk areas, don’t spread too thinly • Start small and grow from there • Ensure that the findings are shared with the business in a constructive way • Nominate experts/champions

  16. Continuous Auditing Solutions • Taken from Gartner Magic Quadrant for Continuous Controls Monitoring • Embedded: SAP/Oracle • ACL Audit Exchange • Approva • Greenlight Technologies • Infogix • Security Weaver • SymSure (integrates with IDEA )

  17. Demo ACL Audit Exchange • Developed by ACL • New release of AX3 on February 7th • Focused on transaction data • Connects to multiple data sources • Has an Exception module which workflows the exceptions • Strong user base in N.America, growing steadily in the UK

  18. ERP ACL Enterprise Data Automation – built-in analytic scheduler Server analytic processing power Content Management – any file type SQL Automatically distribute exceptions found during data analysis testing to multiple business stakeholders Access virtually any data source and automate data feeds Create analytics, perform ad-hoc analysis and remote analysis

  19. Myth or Reality?

  20. THANK YOU!

More Related