continuous controls monitoring and continuous auditing – an integrated technology approach
DESCRIPTION
Continuous Controls Monitoring and Continuous Auditing – an integrated technology approach. John Verver CA, CISA, CMC VP Professional Services ACL Services Ltd. Topics. Continuous Controls Monitoring and Continuous Auditing Definitions, Distinctions, Relationships - PowerPoint PPT PresentationTRANSCRIPT
Continuous Controls Monitoring and Continuous Auditing – an integrated technology approach
John Verver CA, CISA, CMC
VP Professional Services
ACL Services Ltd
Topics
Continuous Controls Monitoring and Continuous AuditingDefinitions, Distinctions, Relationships
An integrated approach for CCM and CA
Management role and activities
Audit’s role and activities
Technology requirements
Examples
Continuous Auditing
Shift from traditional approach of periodic cyclical audit processes
Method used to automatically perform audit procedures on an ongoing basis
Allows audit to provide ongoing risk and control assessments
Technology is key
Continuous Controls Monitoring
Process performed by management to determine whether policies and controls are operating effectively
Establishes control objectives and assurance assertions – and uses automated tests to identify activities and transactions that fail to comply with controls
Allows management to fix control problems on a timely basis – improves controls and improves operational performance
Technology is key
CA and CCM – an integrated approach
Many of the techniques used in CA and CCM are similar
How can both approaches be integrated and how does this affect roles and responsibilities of audit and management?
CA and CCM – an integrated approach
CA and CCM – an integrated approach
Effective use of automated continuous auditing and controls monitoring techniques can substantially reduce the time required for ERM activities and controls testing
Helps to make it clear to management that they – and not audit - are primarily responsible for determining effectiveness of controls
Audit (internal and external) needs to be able to rely upon the integrity of the Continuous Controls Monitoring process
Audit reliance on Continuous Controls Monitoring
Validation of control monitoring testsDesignProcessing
Security over access to the CCM system
Security over changes to tests and test parameters
Processing audit trail
Follow up procedures – response to control deficiencies detected
Technology requirements for Integrated Approach
Comprehensive range of standard control tests
Configurability of additional tests
Ad hoc analysis to support CCM and CA process
Ability to access and monitor data, transactions and activities from across the enterprise
Security and control over CCM process
Auditability of CCM process
Integration with ERM software
ACL Experience
Increasing recognition by internal audit and operational management that CCM process should be owned by management
Internal audit designing procedures around CCM processes
External auditing firms beginning to consider issues of CCM audit reliance – security and control of CCM process a significant concern
ROI argument for CCM repeatedly validated