Home > Risk > Continuous auditing: putting theory into practice

Continuous auditing: putting theory into practice

January 28, 2011 Leave a comment Go to comments

One internal auditing topic that has been of great interest to me over the years is that of continuous auditing. I believe that the technique offers a great opportunity for internal auditing to move to the next level of service and value to its stakeholders – providing them with the assurance they need, when they need it.

I have previously shared a paper I wrote on a concept I call Continuous Risk and Control Assurance, and received excellent feedback for it.

Recently, I was asked to contribute a chapter on continuous auditing to a forthcoming internal auditing book. I was happy to do so, and can share the draft with you for comment.

Both of these documents can be downloaded from my LinkedIn profile page (in the Norman Marks’s Files section, where I have several documents of interest available for download including a report from KPMG on continuous auditing). Direct links to the two documents are:

Do the views in these papers match with yours? Have you achieved broad success in your continuous auditing program (i.e., it is not limited to a focus on fraud detection, or errors in transactions, but extends to multiple business risks)?

  1. Keith Ouellette
    January 28, 2011 at 2:12 PM

    Sorry, Norman. Your links to the documents are to the same file. I agree with most of your positions and appreciate your good work on educating us all about GRC.I have been lurking about for a while now on this subject. It needs the attention that you give it! Keep up the good work.

  2. Norman Marks
    January 28, 2011 at 2:14 PM

    Keith, please try again. I just checked and the links work fine.

  3. John Taratuta
    February 17, 2011 at 6:36 PM

    There are signs of a coming convergence of the compliance, risk, and the audit functions. With that having been said, however, how the model or “blend” may look in several years, organization to organization, or even within an organization will be anyone’s guess. The ‘silos’ may turn into bunkers. If anything, it might be in the area of Key Risk Indicators (KRIs) – still the tea leaves and goat’s entrails of Risk Management – where much work needs to be done with KPIs specific to a particular environment. I enjoyed both of the downloads. Thanks for posting them.

  1. January 28, 2011 at 12:25 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: