Posts Tagged ‘Data Gathering’

Continuous Auditing v. Continuous Monitoring

Friday, January 15th, 2010

As recently as December of 2009, I engaged in a conversation with a Director of Internal Audit on what exactly Continuous Auditing and Continuous Monitoring are.  I offered what my interpretation of each was and he did the same.  They were not exact matches.

Even though some articles I have read credit the beginning of at least the theory of Continuous Auditing and Continuous Monitoring being formed as early as the 1980’s (and some the early 1990’s), there still seems to be some debate as to what each encompasses exactly.

Concepts Defined

The Institute of Internal Auditors (IIA) defines Continuous Auditing simply as “any method used to perform audit-related activities on a more continuous or continual basis.”  This article published by defines Continuous Monitoring as company Management (distinguishable from Audit) ensuring that policies, procedures, and business processes are operating effectively and address Management’s responsibility to assess the effectiveness of internal controls.  And yet according to that same article, Richard Chambers, president and CEO of the IIA states, “some would tell you that there is no distinction between the two.”

This article published by the Pennsylvania CPA Journal (which I tend to agree with) makes the distinction even more defined by offering this table:

Continuous Auditing

Performed by Internal Audit

Continuous Monitoring

Performed by Management

Gain audit evidence more effectively and efficiently Improve governance – aligning business / compliance risk to internal controls and remediation
React more timely to business risk Improve transparency and react more timely to make better day-to-day decisions
Leverage technology to perform more efficient internal audits Strive to reduce cost of controls and cost of testing/monitoring
Focus audits more specifically Leverage technology to create efficiencies and opportunities for performance improvements
Help monitor compliance with policies, procedures, and regulations

And even within these two examples, which seem clear and specific as to what each represents, there appears to be a gray area related to whether Audit or Management (or both) should be monitoring compliance with policies, procedures and regulations.

While there may be debate about the specific definitions of Continuous Auditing and Continuous Monitoring, most people seem to agree that both (in one way or another) should be implemented to achieve the highest level of coverage in the most efficient and effective manner.

5 Steps to Implementing Continuous Auditing and Continuous Monitoring

  1. Determine a Champion – Whether you want Audit to work with Management or Management to work with Audit, one individual or department has to be the established leader of change and implementation.  Also essential will be buy-in from all levels of Management across all functions of the company.  This is the new way of doing business (Audit, Compliance and Monitoring) and everyone in the company needs to be on board.
  2. Clearly Defined Approach – Whether you agree with the definitions above or have your own spin on the subject, be definitive with respect to your approach.  Many factors will need to be considered including industry, regulation requirements, fraud awareness, cost structure, people, resources, company culture, etc.
  3. Leverage Technology – As I described here, I find it to be imperative for each Audit Department (and Management level individuals) to be up-to-speed on the latest Computer-Assisted Audit Tools.  The use of these tools is absolutely essential to the successful implementation of Continuous Auditing and Continuous Monitoring.
  4. Start Slow – Like with most endeavors, you will need to ‘test’ the implementation on a few high profile, high risk processes to ensure the proper approach is in place and that you are receiving the sought after benefits.  Areas such as Accounts Receivable, Accounts Payable, General Ledger Journal Entries and Time and Expense Reporting are good places to start and give you an indication of your successes (or failures).
  5. Measure Progress – As the program gets established, you will need to constantly assess whether it is achieving the intended goals of the implementation.  Are costs being recovered?  Are you seeing a return on your investment?  Are controls stronger?  Audit coverage greater, more efficient and most cost effective?  Is fraud coverage better, smarter?  Are you getting quicker indications of anomalies?  If not, adjustments may be necessary.

ACL and IDEA: Don’t Be Afraid

Tuesday, November 10th, 2009

In the August 2009 issue of the Internal Auditor magazine, the Institute of Internal Auditors (IIA) cover story focused on Data Gathering, getting to the right data and analyzing it to benefit the Internal Audit process.  Several data analysis software tools were identified, but the majority of those polled who use them are using four primary tools: ACL (51%), Excel (14%), Access (9%) and IDEA (6%).

Surprisingly, the IIA article suggests that 75% of the respondents have the technical ability and software tools necessary and are incorporating them into their audits.  In my experience, that number is much lower or the use of the audit software tools is not as extensive as it could or should be.  The benefits are too plentiful to ignore and include greater audit coverage, audit efficiency, focusing on problem areas, testing entire populations and fraud detection just to name a few.  In addition, it is the future of audit.  In this time of tight budgets and scarce resources, it is a powerful way to do more with less and do it more cost effectively.  All audit departments should already be using data analysis tools.  If you are behind now, it will only get harder to bring yourself or your department up to speed.

5 Tips to Getting in the Game

Coach Dale wants you to get in the game.
Coach Dale wants you to get in the game.

  1. Just the Facts, Ma’am – Which data analysis software tool offers the best product with the best solutions related to your company’s specific situation?  Ask them.  All software providers will go out of their way to inform you of their product capabilities and provide free demonstrations in person or via webcasts.  Talk to other companies in your industry.  What tools are they using?  How as it impacted their audit process?  Get the facts and make an informed decision.
  2. Rock Star Auditor – Is there a person on your audit staff who already has an excellent grasp of the audit process?  Do they already have technical skills using Excel or Access?  Are they interested in data analysis software?  Talk to them.  Give them the opportunity to prove that the benefit outweighs the cost.  Invest in the best training.  Make it a goal on their annual review.  Empower them.
  3. Batman and Robin – If the Rock Star Auditor is Batman, he/she will need a Robin.  A Robin in this case will be someone who knows where to get the data within the business and can get it in the most usable format.  This can be an IT person, a technical business person or if you are lucky a current auditor who has business experience and understands the company’s ERP.  Getting the proper data in the right format and in a timely fashion is critical to the success of using data analysis software.
  4. Just Do It – Now that you have chosen your data analysis software, your technical champion and his/her partner in crime, make it happen.  Don’t look, just leap.  It may be a struggle at first, but learn your lessons and improve each time.  Start simple.  Get data, analyze it, summarize it, make decisions from it, and conclude or report on it.  Get feedback from the Audit Director and Management.  Share your findings with the entire audit department and publicize how/why using the software was critical to the success of the audit.
  5. Don’t Stop Believing – Data analysis software, like all technology, is just a tool.  One must understand the principles of the audit process initially, but then should be as creative as possible in determining how the tool is applied.  There are endless possibilities.  Be a constant student.  Always be gathering information and learning.  There are extensive user groups for most software tools.  Keep up to date with them.  Contribute to them.  Believe in their capabilities and prove their worth in your company.

Does your company already use data analysis software?  Do you think that data analysis software is a waste of money?  Did I miss anything?  If so, please leave a comment below to let me know.   I would love to hear from you.  To hear more about PBC Global’s use of and abilities related to data analysis software, please contact us HERE.