Auditing at the Speed of Business
Author: Jeremy Clopton
Companies are constantly affected by new technologies, regulations and economic conditions. With the speed of these changes, audit committees and management are demanding more of their internal audit functions to provide more and faster assurance. To meet these growing expectations, internal audit groups must be strategic with their resources. They can no longer afford to dedicate significant resources to routine functions rather than focus on new risks arising from these changing environments. Continuous auditing is a good way to provide assurance on high-volume, stable processes like procurement, accounts payable and accounts receivable while reducing your resource requirement.
What Is Continuous Auditing?
Continuous auditing is the routine use of electronic auditing tools and methods. Electronic tools offer advantages over the traditional audit process, such as the ability to effectively and efficiently analyze an entire data set, rather than testing by sampling. They also allow you to automate these processes for repetitive performance, creating the ability to schedule analyses at any time.
How Continuous Is Continuous?
“Continuous” has different meanings depending on the business process audited. For example, you may perform a daily audit of potential duplicate invoices but only search for vendors related to employees once a month. In both situations, the audits are on a routine, continual basis. The key is identifying the risk inherent in the process and determining how quickly you can identify potential problems. That speed is the definition of continuous for that process and is, essentially, the speed of your business.
Continuous Auditing Versus Continuous Monitoring
The phrases “continuous auditing” and “continuous monitoring” are commonly used interchangeably, but differentiating between the two is important for organizations looking to implement continuous auditing. While the underlying principles are very similar, process ownership and problem resolution differ significantly. Internal audit owns the continuous auditing process and provides results to process owners, e.g., accounts payable directors, for resolution. Management is responsible for continuous monitoring and resolution of identified problems.
Despite these differences, the two processes are closely related, and many procedures are the same in both. Many times, internal audit groups can provide significant value to their companies by developing, testing and finalizing a continuous auditing process; once the kinks are worked out, they can provide management with a continuous monitoring process. Continuous auditing and monitoring processes are inversely related—the more monitoring management performs, the less auditing is needed by internal audit. This means internal audit has provided value to the company while reducing the resource commitment needed to maintain assurance over that control environment.
A multibillion-dollar manufacturing company’s internal audit department performed many electronic tests on an ad hoc basis, using sampling to accomplish its goals. It decided to implement continuous auditing for related-party testing and duplicate payment testing within accounts payable. After identifying risks and designing the tests accordingly, the company can now analyze its entire vendor and employee population (more than 100,000 vendors and nearly 10,000 employees) for potential relationships. In addition, it can analyze more than 2 million payment records for potential duplicate payments with 100 percent coverage.
To begin implementing continuous auditing in your organization, there are three key items to address. The first is risk. A well-designed continuous auditing program focuses on key organizational risks. You also will need to identify an electronic audit tool that meets your organization’s needs. With multiple tools available, it is important to research tools and consider the features in relation to your organization’s risks and areas of personnel expertise. Finally, determine what data are available in your accounting systems. This may include conversations with your information technology staff and process owners. This process is integral in designing your continuous auditing program.
After addressing these areas, you are ready to embark on the journey to continuous auditing—auditing at the speed of your business. For more information, contact your BKD advisor.