topleft
topright

Unified Framework

Basis for a Unified Framework

Operational Goals

Operations Overview
Supply Chain Event Management (SCEM)
Business Activity Monitoring (BAM)
Implementation
Fast Track with Categoric
Procurement and Operations
ERP Solutions

Governance

Overview and Stakeholders
Compliance Frameworks, Regulations and Bodies
Continuous Audit
Intelligent Controls Assurance

By Business Role

Business Role Overview
The Board
Audit Committee
Senior Management
Internal Audit
Risk Management
Compliance
Operations
I.S. and I.T.
Continuous Auditing
The concept of Continuous Auditing is no longer simply an idealized vision of how organizations would prefer to monitor and control the most important information and systems within their business.

The reality is that Categoric’s technology is not only capable of doing this but has been delivering continuous auditing solutions for several years.


What is Continuous Auditing?

“A methodology that enables independent auditors to provide written assurance on a subject matter using a series of auditors’ reports issued simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter.” (AICPA)


In the modern fast-moving business environment it is often the case that the need for high-quality information that can be used for the purposes of managerial decision making is as great, if not greater, than the need for reliable historical financial statements.

Categoric - Solutions for GRC, BAM and SCEM

  • The approach can work alongside conventional audit procedures - the audit approach can be segmented between tests that are suitable for continuous audit and those that are not
  • Data analysis still has a role – where the audit tests are not predicted in advance and will depend on the profile of the data
  • Categoric’s solution provides real-time monitoring of client systems
  • Re-uses the creative design effort as many processes will be similar
  • Automation is required to contain costs – continuous audit by wholly manual methods is usually very expensive
  • Provides much more than data analysis which is point-in-time, backward-looking and less suitable for auditing controls
  • Gives both a big picture and a drill down view
  • Enables monitoring for control failures, producing exception reports, calculating regular KPIs


Businesses need reassurance that the information produced for decision making is both accurate and reliable and that the control procedures in place are effective.

 

In this context the role of audit is evolving - moving away from the historic, backward looking and rather isolated financially driven testing to a more fluid business function and this is provoking a shift in the focus of some audit activities.

A more detailed view of the benefits from this shift is contained in the sections "Intelligent Controls Assurance"  and "Basis for a Unified Framework" .

Conventional audit (both statutory audit and internal audit) has the following characteristics:

  • Testing is periodic – either interim & final visits for a legal entity (statutory audit) or cyclical audits of particular locations or systems (internal audit)

  • Control effectiveness improves after audit visit and recommendations for improvements are actioned

  • Effectiveness declines between visits due to entropy – changes in systems, personnel, behavior or external forces

  • Overall trend is below expectation

Without technology audit can be manually intensive and complex


Continuous audit has, by contrast, the following characteristics:

  • Testing is continuous – controls are monitored changes noted as they happen

  • Control failure is detected and fixed almost immediately so that the period of ineffectiveness is minimized

  • New controls can be identified and tested as they arise, adapting the audit approach to changed circumstances

  • Effectiveness of controls is maintained

  • Overall trend is upward and much closer to the expected level of effectiveness


Additional benefits include:

  • Workload is spread more evenly to aid resource planning

  • Able to provide a more frequent opinion

Continuous auditing technology investment reduces on going cost and effort


Continuous Auditing may be considered therefore as the collection of methods used by various audit "owners" in performing their activity on a more continual basis. This need not actually be in real time (unless this is desired), but at a frequency that makes sense for the particular requirements arising from that specific activity - for example, a segregation of duties control may be monitored at one minute intervals, a financial control may be monitored daily, a KPI may be monitored weekly etc.

Embraced by any number of areas
The concept of Continuous Auditing and Monitoring can be embraced by any number of areas within a business:

  • Risk management can use this methodology to look at past trends and comparisons within an individual process or system as well as in conjunction with others generally within the enterprise - for performance of an individual depot as well as in comparison with all other depots etc. It can be used as an early warning system if risk profiles change unexpectedly.

  • Compliance will benefit from continuous controls assessment by being able to provide assurance to the Audit Committee and Senior Management as to whether the controls are working or not and will be able to highlight control weaknesses and violations.

  • Apart from the benefits outlined below, Internal audit can take a risk based approach and can use the output from other areas to decide if an audit intervention is required.

  • Operations can use continuous monitoring to ensure that its business processes are operating properly and to automate responses to exceptions.
     

Continuous Auditing therefore holds together and supports a broad range of disciplines and activities within the organizations. It can assist with a risk-based approach to deciding the overall audit plan as well as with specific individual audit objectives.

It also supports the automation of "follow up" reports on the audit function's recommendations. This means that audit can track specific data driven measures of performance and see if management has implemented them, if they have been successful etc - and, by proxy, the Audit Committee is similarly empowered and is able to exert greater control.


    Example audit tests

    • Key Performance Indicators
      • Monthly extraction of general ledger balance
      • Stock wastage comparison by depot
      • Calculated ratios

    • Standing Data Monitoring
      • Changes to standard cost or standard price master files
      • Accounts payable standing data changes - bank details
      • System setting changes - controls disabled, credit limit changes

    • Exception Reporting
      • Credit limit breaches
      • Branch banking variations
      • Large, round sum or out of hours adjusting journal

    • Security Monitoring
      • Out of hours logins, login failures
      • Segregation of duties failure
      • Unusual changes to access rights, new super user created

    Benefits for the organisation

    • No need to download data – the approach is self supporting and can extract data if required for data analysis

    • Automated exception report production – instead of running exception reports when required and reviewing for exceptions, this happens automatically, with an email notification of anything that needs to be dealt with

    • Focus on key issues – alerted to exceptions at the level of granularity desired

    • Deal with issues when they are fresh – fix control failures as they happen, not when they are reported after reviewing historical data

    • Demonstrate good governance – using a leading edge audit approach


    Benefits for Internal Audit

    • Automate testing for SOX etc – testing system controls by manual methods may be prohibitively expensive

    • Automate time consuming tests – tests of controls as well as transactions

    • React when controls stop working – instead of repeatedly testing that a control is working

    • Spread workload over the year – improvements to staff scheduling, reduced peaks and troughs

    • Greater depth of audit for the same cost – audit larger amounts of a population and down to a greater level of detail, including preventative controls

    • Proactive approach to solve problems as they occur – providing more value to business

    • Enable remote auditing and possibly reduce travel costs
 
[ Back ]
Copyright 2007 WKD Solutions Limited Incorporating Categoric Software  (View Site Map)