Continuous Auditing. What This Guide Covers. What This Guide Covers. What This Guide Covers. Environment Check. A Brief History

Transcription

1 Continuous Auditing Global Technology Auditing Guide 3 Brief history Environment check COSO ERM Benefits Key concepts 2 Relationship of continuous auditing, continuous monitoring, and continuous assurance Areas for application Key steps to implementing 3 4 A Brief History Origins of automated control testing began in 1960s Adopting computer-assisted audit tools and techniques Ongoing automated data analysis Data analytics Environment Check Regulatory compliance & controls Internal Audit value & independence Availability of skilled resources Technology Fraud 5 6 1

2 COSO Enterprise Risk Management (ERM) Framework Role of Continuous Auditing Need for timely, ongoing assurance over risk management and control systems 7 8 Role of Continuous Auditing Provides more frequent, more timely, analyses to better manage control deficiencies and risk Benefits Helps evaluate monitoring by management Can identify and assess areas of risk Assist in developing audit plan Independence from systems and monitoring 9 10 Continuous Auditing Method used to perform auditrelated activities on a continuous basis includes control and risk assessment Performed by Internal Audit Continuous Monitoring Processes to ensure policies/processes are operating effectively and to assess adequacy/effectiveness of controls Performed by operational/financial management; audit independently evaluates adequacy of management activities

3 Continuous Assurance Combination of continuous auditing and audit oversight of continuous monitoring Continuum of Continuous Auditing dependent on management s role in continuous monitoring of controls Inverse relationship: the greater the role of management, the less of a direct role of internal audit True continuous assurance Depends on effective monitoring by management of internal controls and Audit s independent assessment of that function

4 Identification of control deficiencies Example: Financial controls P-cards Example: System controls segregation Example: Security controls access logs Identification of fraud, waste, abuse Example: brainstorming Example: analytics Continuous auditing More practical examples: Examining transactional data Reviewing summarized data Employing comparative analysis Testing totals by general ledger account Continuous risk assessment Example: Risk-based Auditing sites Development of audit plan Support to individual auditing Follow-up on audit recommendations Define audit objectives Gain executive-level support Ascertain degree to which management is performing monitoring role Identify & prioritize audit areas

5 Identify information sources and gain access Understand business processes and application systems Data Access and Use Select & purchase tools Develop capabilities Develop skills Assess data integrity Prepare and access data Manage & Report Results Select few areas Decide on frequency Get management involved Decide on report method & response Access to personal information Conclusion Examples from audience Appendix A on Accounts Payable Appendix C on Self-assessment 29 5