1 / 11

Continuous Controls Monitoring and Continuous Auditing – an integrated technology approach

Continuous Controls Monitoring and Continuous Auditing – an integrated technology approach. John Verver CA, CISA, CMC VP Professional Services ACL Services Ltd. Topics. Continuous Controls Monitoring and Continuous Auditing Definitions, Distinctions, Relationships

brody-harris
Download Presentation

Continuous Controls Monitoring and Continuous Auditing – an integrated technology approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Continuous Controls Monitoring and Continuous Auditing – an integrated technology approach John Verver CA, CISA, CMC VP Professional Services ACL Services Ltd

  2. Topics • Continuous Controls Monitoring and Continuous Auditing • Definitions, Distinctions, Relationships • An integrated approach for CCM and CA • Management role and activities • Audit’s role and activities • Technology requirements • Examples

  3. Continuous Auditing • Shift from traditional approach of periodic cyclical audit processes • Method used to automatically perform audit procedures on an ongoing basis • Allows audit to provide ongoing risk and control assessments • Technology is key

  4. Continuous Controls Monitoring • Process performed by management to determine whether policies and controls are operating effectively • Establishes control objectives and assurance assertions – and uses automated tests to identify activities and transactions that fail to comply with controls • Allows management to fix control problems on a timely basis – improves controls and improves operational performance • Technology is key

  5. CA and CCM – an integrated approach • Many of the techniques used in CA and CCM are similar • How can both approaches be integrated and how does this affect roles and responsibilities of audit and management?

  6. CA and CCM – an integrated approach

  7. CA and CCM – an integrated approach • Effective use of automated continuous auditing and controls monitoring techniques can substantially reduce the time required for ERM activities and controls testing • Helps to make it clear to management that they – and not audit - are primarily responsible for determining effectiveness of controls • Audit (internal and external) needs to be able to rely upon the integrity of the Continuous Controls Monitoring process

  8. Audit reliance on Continuous Controls Monitoring • Validation of control monitoring tests • Design • Processing • Security over access to the CCM system • Security over changes to tests and test parameters • Processing audit trail • Follow up procedures – response to control deficiencies detected

  9. Technology requirements for Integrated Approach • Comprehensive range of standard control tests • Configurability of additional tests • Ad hoc analysis to support CCM and CA process • Ability to access and monitor data, transactions and activities from across the enterprise • Security and control over CCM process • Auditability of CCM process • Integration with ERM software

  10. ACL Experience • Increasing recognition by internal audit and operational management that CCM process should be owned by management • Internal audit designing procedures around CCM processes • External auditing firms beginning to consider issues of CCM audit reliance – security and control of CCM process a significant concern • ROI argument for CCM repeatedly validated

More Related