Continuous audit: Can it supercharge your controls and risk assessment?
Continuous audit is emerging as an effective strategy for managing and minimizing organizational risk. The Journal of Accountancy noted in 2017 that organizations “are investing time and money in continuous auditing,” — but what does this approach mean in practice?
How does continuous audit work? How does a continuous monitoring audit help you mitigate risk, and how can audit management software support you?
What Is Continuous Audit?
The internal audit process is a key aspect of an organization’s risk management strategy. Internal auditors are often known as the “third line of defense” against corporate risk because they provide independent assurance of risk management controls.
Internal audit usually follows a set timetable, a cyclical process that takes place to a specific schedule. An auditor or audit team collates data on risks and controls, and publishes findings.
Continuous audit, conversely, is an “always on” audit process.
How Does Continuous Auditing Work?
Rather than a person manually completing audit tasks, a continuous monitoring audit is supported by technology, automatically assessing and delivering findings at very regular intervals. This enables constant risk awareness, which augments the traditional internal audit process and supports internal audit teams in their work.
When Is Continuous Auditing Used?
Often, continuous audits are focused on new processes or procedures. The continuous audit process provides a quick and early indication of the procedures’ success — in contrast to traditional internal audits, which can take place months after a business process or activity has happened.
Continuous auditing and monitoring can also bolster internal audit in priority areas identified by the business, acting as a second layer of control and assessment for critical processes or functions.
What Are the Benefits of Continuous Audit?
It’s worth exploring the advantages and disadvantages of continuous audit. What are the benefits, and are there any downsides to implementing continuous audit techniques?
Benefits of continuous audit include:
- Errors, fraud or non-compliant activity is immediately detected. Unlike a time-bound audit, the continuous audit process allows any errors, omissions or fraud to be identified swiftly.
- As a result, the potential for harm is minimized, making mitigation and remediation easier.
- The chances of noncompliance are also reduced, minimizing the potential for reputational damage or financial penalties.
- Audit work can be planned proactively, and auditors’ time managed. A key advantage of continuous audit is that peaks and troughs of demand can be avoided, making the audit process more efficient.
- Up-to-date data is always available. Whether it’s to comply with external reporting requirements or for your own internal audit reporting, continuous audit gives you instant access to accurate and current data. Accounts can be prepared faster, and you have assurance that their content is watertight.
- It positions the auditor as valued business advisor. Continuous audit brings auditors close to business processes and enables the audit team to suggest improvements, tweaks and remedial actions in a way that timetabled audit does not.
Clearly, there are significant benefits to implementing a continuous audit process. Are there any disadvantages? Potentially, set-up costs can be an obstacle. And as with any technology-led approach, a human overlay will ensure the continuous audit process isn’t over-reliant on technology at the expense of common sense.
7 Steps to an Effective Continuous Audit
It’s generally accepted that there are six steps to an effective continuous audit process, as recognized in this paper from Rutgers University. In our analysis, we’ve added a seventh that we believe will help to make your continuous monitoring audit more rigorous, robust and easier.
- Establish priority areas. Look not just at new procedures but any other processes critical to your business strategy, maybe carrying out a materiality assessment to determine key priorities.
- Determine the rules for your continuous audit process; the parameters that guide your monitoring. These rules will need to consider factors like legal or external reporting requirements alongside internal compliance controls.
- Decide how regular your monitoring will be. “Continuous” is slightly misleading; it's rare that monitoring is truly continuous. The cadence of your monitoring is something you will need to decide. A cost-benefit analysis, and an assessment of how frequently new data is available, will help to determine your monitoring frequency.
- Monitor and tweak your parameters. Your continuous audit frequency and rules need to be determined before you start. But they should also be revisited once you’ve carried out continuous auditing for a set period. Consider whether your triggers are set at the right levels; are you overreacting to risks with few costs?
- Determine your follow-up process. What happens when an error is identified, or an alarm is triggered during the continuous audit process? Who does the alarm flag to? What do they need to do in response? How does the communication process work? Are there steps that should be taken — for instance, to cross-check and verify data — before a trigger is acted on? What is the escalation process?
- Share the results of the continuous audit process. How will you communicate the ongoing findings? At what intervals, and via what means?
- Identify the tools and technologies that can support you. Artificial intelligence, machine learning and robotic processes transform how data is collected and analyzed. Explore their potential to supercharge your data analytics and continuous audit process.
Harness Continuous Audit to Future-Proof Your Audit Process
Internal audit teams must step up as organizations’ risk profiles grow more complex and challenging. Moving from time-bound reactive audit processes to at-your-fingertips data and insight means capitalizing on the benefits continuous audit can deliver.
Doing this, and making the best use of the technologies that can support you, enables internal auditors to play a valued role in corporate governance, acting as a partner to the C-suite and board and proactively tackling emerging risks.
Read more in our free eBook, Future-Proofing Internal Audit.