Industry Insights

Have you ever wanted the ability to identify potential duplicate payments before they are paid, or spot a conflict of interest before doing business with a company? With continuous auditing, these goals are possible. Other goals you can accomplish are limited only by your available data and creativity.

What Is Continuous Auditing?

Continuous auditing is the routine use of electronic auditing tools and methods. Electronic tools offer advantages over the traditional audit process, such as the ability to effectively and efficiently analyze an entire data set, rather than testing by sampling. They also allow you to automate these processes for repetitive performance, creating the ability to schedule analyses at any time.

How Continuous Is Continuous?

“Continuous” has different meanings depending on the business process audited. For example, you may perform a daily audit of potential duplicate invoices but only search for vendors related to employees once a month. In both situations, the audits are on a routine, continual basis. The key is identifying the risk inherent in the process and determining how quickly you can identify potential problems. That speed is the definition of continuous for that process and is, essentially, the speed of your business.

Continuous Auditing Versus Continuous Monitoring

The phrases “continuous auditing” and “continuous monitoring” are commonly used interchangeably, but differentiating between the two is important for organizations looking to implement continuous auditing. While the underlying principles are very similar, process ownership and problem resolution differ significantly. Internal audit owns the continuous auditing process and provides results to process owners, e.g., accounts payable directors, for resolution. Management is responsible for continuous monitoring and resolution of identified problems.

Despite these differences, the two processes are closely related, and many procedures are the same in both. Therefore, they are inversely related—the more monitoring management performs, the less auditing is needed by internal audit and vice versa.

Case Study

A multibillion-dollar manufacturing company’s internal audit department performed many electronic tests on an ad hoc basis, using sampling to accomplish their goals. It decided to implement continuous auditing for related-party testing and duplicate payment testing within accounts payable. After identifying risks and designing the tests accordingly, the company can now analyze its entire vendor and employee population (more than 100,000 vendors and nearly 10,000 employees) for potential relationships. In addition, it can analyze more than 2 million payment records for potential duplicate payments with 100 percent coverage.

Getting Started

To begin implementing continuous auditing in your organization, there are three key items to address. The first is risk. A well-designed continuous audit program focuses on key organizational risks. You also will need to identify an electronic audit tool that meets your organization’s needs. With multiple tools available, it is important to research tools and consider the features in relation to your organization’s risks and areas of personnel expertise. Finally, determine what data are available in your accounting systems. This may include conversations with your information technology staff and process owners. This process is integral in designing your continuous auditing program.

After addressing these areas, you are ready to embark on the journey to continuous auditing—auditing at the speed of your business. For more information, contact your BKD advisor or .