Recently I have had opportunities to visit with various organizations and speak with controllers, auditors, and fraud examiners about some of the challenges they see in the area of assuring compliance with prescribed business processes. With many organizations facing reduced resources assigned to “maintaining control” the case is strong for finding ways to use technology to be on guard 24/7 in order to keep a “watchful eye.”

For those who have heard about continuous controls monitoring but are wondering about its value, the topic is neatly discussed in two separate CFO.com articles. These articles are titled “Internal Auditing: The 24/7 Approach” and “The 24/7 Audit.”

Here are several key ideas excerpted from in the articles, which I think you may find useful in increasing your understanding of the concept of continuous auditing/controls monitoring and considering how it might be useful to your organization.

• “Definitions for that [continuous auditing] vary widely; the Institute of Internal Auditors, for one, calls it ‘any method used by auditors to perform audit-related activities on a more continuous or continual basis.’ Increasingly, though, individual practitioners see the cutting edge as auditing 100% of data relating to transactions, processes, policies, or whatever else is to be audited, rather than reviewing small samplings at longer intervals, as many organizations still do.”

• “… with just statistical data samplings being audited, savings were still falling through the cracks.”

• “The continuous-auditing system has produced ‘incredible’ efficiencies in identifying inappropriate purchases and people without authority to use cards.”

• “The time it takes to roll out such a system is surprisingly short.”

• “The difference between internal auditing and controls management … is in the level of granularity. We’re down at the data level, looking transaction by transaction, where typically an audit, depending on its objective, might just review a process and not get as deep into the data details … .”

• “Many companies start slowly, using off-the-shelf software to monitor select high-risk areas such as corporate credit-card purchases or accounts-receivable transactions. Others are integrating the monitoring into existing enterprise systems, for use by both operations and audit.”

The articles also have an interesting comparison of the benefits of and obstacles to getting continuous auditing “right.”

Check out the articles … they might just jog your thought processes! ###