ContinuousControlsMonitoringandContinuousAuditing–.ppt

Continuous Controls Monitoring and Continuous Auditing – an integrated technology approach Topics Continuous Controls Monitoring and Continuous Auditing Definitions, Distinctions, Relationships An integrated approach for CCM and CA Management role and activities Audit’s role and activities Technology requirements Examples Continuous Auditing Shift from traditional approach of periodic cyclical audit processes Method used to automatically perform audit procedures on an ongoing basis Allows audit to provide ongoing risk and control assessments Technology is key Continuous Controls Monitoring Process performed by management to determine whether policies and controls are operating effectively Establishes control objectives and assurance assertions – and uses automated tests to identify activities and transactions that fail to comply with controls Allows management to fix control problems on a timely basis – improves controls and improves operational performance Technology is key CA and CCM – an integrated approach Many of the techniques used in CA and CCM are similar How can both approaches be integrated and how does this affect roles and responsibilities of audit and management? CA and CCM – an integrated approach CA and CCM – an integrated approach Effective use of automated continuous auditing and controls monitoring techniques can substantially reduce the time required for ERM activities and controls testing Helps to make it clear to management that they – and not audit - are primarily responsible for determining effectiveness of controls Audit (internal and external) needs to be able to rely upon the integrity of the Continuous Controls Monitoring process Audit reliance on Continuous Controls Monitoring Validation of control monitoring tests Design Processing Security over access to the CCM system Security over changes to tests and test parameters Processing audit trail Follow up procedures – response to control deficiencies detected Technology req