Continuous monitoring and continuous auditing_ From idea to implementation.pdf
Continuous monitoring and continuous auditing
From idea to implementation
Continuous Monitoring and
Continuous Auditing:
From Idea to Implementation
Most financial and auditing executives are aware of continuous controls monitoring and continuous auditing and of the general benefits of such programs. Yet relatively few enterprises have realized their full potential, particularly at the enterprise-wide level. Deloitte sees the reason for this as twofold: first, executives have not seen a clear, strong business case for establishing either continuous monitoring (CM) or continuous auditing (CA) in their enterprises; second, they lack a clear picture of how
CM or CA would be implemented in their organizations.
A quick definition, to be expanded upon below, may be in order because we have found that some confusion surrounds CM and CA. Although they are often lumped together, perhaps because they are both automated, ongoing processes, they are actually two distinct types of programs. As the name implies, continuous monitoring enables management to continually review business processes for adherence to and deviations from their intended levels of performance and effectiveness. Similarly, continuous auditing enables internal audit to continually gather from processes data that supports auditing activities. The current environment of rising risks, regulatory activity, and compliance costs makes this the ideal time to consider
(or to reconsider) the potential role of CM or CA, or both, in your enterprise. You might also consider what it would take to implement them, what they would look like, how they would operate, and whether to further investigate these modes of monitoring and auditing.
This paper, prepared for internal audit, accounting, financial, and risk management executives, can guide you in these considerations. CEOs, COOs, and board members who share those executives’ concerns about rising risk, regulation, and costs —
From idea to implementation
Continuous Monitoring and
Continuous Auditing:
From Idea to Implementation
Most financial and auditing executives are aware of continuous controls monitoring and continuous auditing and of the general benefits of such programs. Yet relatively few enterprises have realized their full potential, particularly at the enterprise-wide level. Deloitte sees the reason for this as twofold: first, executives have not seen a clear, strong business case for establishing either continuous monitoring (CM) or continuous auditing (CA) in their enterprises; second, they lack a clear picture of how
CM or CA would be implemented in their organizations.
A quick definition, to be expanded upon below, may be in order because we have found that some confusion surrounds CM and CA. Although they are often lumped together, perhaps because they are both automated, ongoing processes, they are actually two distinct types of programs. As the name implies, continuous monitoring enables management to continually review business processes for adherence to and deviations from their intended levels of performance and effectiveness. Similarly, continuous auditing enables internal audit to continually gather from processes data that supports auditing activities. The current environment of rising risks, regulatory activity, and compliance costs makes this the ideal time to consider
(or to reconsider) the potential role of CM or CA, or both, in your enterprise. You might also consider what it would take to implement them, what they would look like, how they would operate, and whether to further investigate these modes of monitoring and auditing.
This paper, prepared for internal audit, accounting, financial, and risk management executives, can guide you in these considerations. CEOs, COOs, and board members who share those executives’ concerns about rising risk, regulation, and costs —