Practice Advisory 2320-4:
Continuous Assurance
Primary Related Standards
2320: Analysis and Evaluation
Internal auditors must base conclusions and engagement results on appropriate
analyses and evaluations.
1. The traditional testing of controls has been performed on a retrospective and cyclical
basis, often months after business activities have occurred, and frequently relies on
historical sampling techniques. Such sample-based audits may not meet the needs
of an organization, especially when the risk profile of an organization may require
more timely information. Because the pace of business and rate of organizational
change require more proactive identification of issues, technology can be leveraged
to identify potential problems and concerns more timely. Internal audit should
consider evaluating control effectiveness continuously, if warranted by the risk profile,
rather than using more traditional periodic historic testing of selected internal controls
and risks in an organization.
2. The IPPF Glossary defines assurance services as an objective examination of
evidence for the purpose of providing an independent assessment on governance,
risk management, and control processes for the organization. Continuous
assurance can best be achieved through a combination of managements continuous
monitoring responsibilities and internal audits continuous auditing activities.
3. Continuous monitoring is a management process that monitors whether internal
controls are operating effectively on an ongoing basis. Higher risk events (e.g.,
unusual or nonrecurring transactions) can be observed and flagged for additional
attention or testing. In addition to continuous monitoring processes, continuous
auditing routines developed by internal auditors, when appropriate, may be
transitioned to management, in which case they become continuous monitoring
procedures performed by management.
4. Many of the techniques management uses to continuously monitor controls are
similar to continuous auditing techniques that may be performed by the internal
auditor. The key to continuous monitoring is that the process should be owned and
performed by management as part of its responsibility to implement and maintain an
effective control environment. Because management is responsible for internal
controls, it should have a means to determine, on an ongoing basis, whether the
controls are operating as designed. By being able to identify and correct control
problems timely, the overall control system can be improved.
5. The annual audit plan should identify areas potentially subject to continuous auditing.
Internal audit should leverage the organizations risk management framework (if one
has been developed) as well as its own risk assessment, to identify these areas. The
Issued: June 2013
2013 The Institute of Internal Auditors
PA 2320-4: Continuous Assurance
www.globaliia.org
frequency of coverage should be based on the risk factors in an area or business
process. Continuous auditing helps internal auditors identify and assess risk and
establish intelligent and dynamic thresholds that respond to changes in the
enterprise. It also contributes to risk identification and assessment.
6. Successful implementation of continuous auditing requires the support of key
stakeholders. The following steps should be considered when developing and
sustaining continuous auditing activities:
Prioritize areas for coverage and select a continuous auditing approach.
Define output requirements.
Select analysis tools, which could be either in-house or vendor-provided software.
Determine scope of continuous auditing routines.
Assess data integrity and prepare data.
Understand managements continuous monitoring approach.
Develop continuous audit routines to assess controls and identify deficiencies.
7. Once the objectives of continuous auditing have been defined, senior management
support should be obtained for the continuous auditing coverage.
8. Data files, such as detailed transaction files, often are only retained for a short time.
Therefore, the internal auditor should make arrangements for retaining appropriate
data. Access to programs/system and data should be arranged well in advance of
the needed time period to avoid interference with the production environment. The
internal auditor should assess the effect that changes to the production
programs/system, including access security, may have on the use of continuous
auditing routines. The internal auditor should obtain reasonable assurance of the
integrity, reliability, usefulness, and security of the continuous auditing routines
through appropriate planning, design, testing, processing, and review of
documentation.
9. The internal auditor should examine the adequacy of managements continuous
monitoring activities. This will determine how much reliance internal audit can place
on the organizations control environment which will impact the nature and frequency
of the audit work to be performed.
10. The internal auditor should consider the objectives of continuous auditing, the risk
appetite of the enterprise, and the level and nature of managements continuous
monitoring, when setting the timing, scope, and coverage of continuous auditing
tests.
11. The frequency of continuous auditing activities will range from real-time to periodic
analysis of detailed transactions, snapshots, or summarized data. The frequency will
depend on the level of risks associated with the system or process being examined
as well as the adequacy of continuous monitoring performed by management and
the resources available. Critical systems with key controls may be subject to realtime analysis of transactional data. The internal auditor should consider the
regulatory requirements and the degree to which management is addressing the risk
Issued: June 2013
2013 The Institute of Internal Auditors
PA 2320-4: Continuous Assurance
www.globaliia.org
exposures and potential impacts. When management has implemented continuous
monitoring systems for controls, internal and external auditors should determine to
what extent they can rely on the continuous monitoring processes to reduce detailed
control testing.
12. When continuous auditing routines are changed, the internal auditor should conduct
a review of the changes for integrity, reliability, usefulness, and security. The internal
auditor should document the results of this review prior to placing reliance on the
revised continuous auditing routines.
13. Once the continuous auditing routines have been executed, the internal auditor
should review the results to identify transactions that fail the control tests. Increased
risk levels can be identified by comparative analysis (i.e., comparing one process to
other processes, one entity to other entities, or running the same tests and
comparing results over time). One of the challenges of implementing a continuous
auditing or monitoring system is the efficient response to control exceptions and risks
that are identified. When a continuous auditing or monitoring system is implemented,
it is common for a large number of exceptions to be identified that, upon investigation,
prove not to be a concern. The continuous auditing system needs to allow the test
parameters to be adjusted so that such exceptions do not result in alerts or
notifications. Once the process of identifying such false positives is performed, the
system increasingly can be relied on to only identify control deficiencies or risks of
significant concern.
14. If a control breakdown and/or risk concern is identified through continuous auditing, it
should be reported to management. Resultantly, the internal auditor should request a
management response outlining the action plan and date, as applicable. Once the
appropriate action has been taken, the internal auditor may consider using the
continuous auditing program again to verify that the remediation addressed the
control weakness and reduced the level of risk.
15. The internal auditor should review the efficiency and effectiveness of the continuous
auditing programs periodically. Additional control points or risk exposures may need
to be added and others may be deleted based on more current risk assessments.
Thresholds, control tests, and parameters for various analytics may need to be
tightened or relaxed.
16. The continuous auditing process should be documented sufficiently to provide
adequate audit evidence. Refer to Practice Advisory 2330-1: Documenting
Information for additional guidance.
Issued: June 2013
Issued: June 2013
2013 The Institute of Internal Auditors
PA 2320-4: Continuous Assurance
www.globaliia.org
Potrebbero piacerti anche
- ManagementLetter - Possible PointsDocumento103 pagineManagementLetter - Possible Pointsaian joseph100% (3)
- 5031.dl - Nine Elements Required For Internal Audit Effectiveness in The Public Sector PDFDocumento49 pagine5031.dl - Nine Elements Required For Internal Audit Effectiveness in The Public Sector PDFaian josephNessuna valutazione finora
- 5031.dl - Nine Elements Required For Internal Audit Effectiveness in The Public Sector PDFDocumento49 pagine5031.dl - Nine Elements Required For Internal Audit Effectiveness in The Public Sector PDFaian josephNessuna valutazione finora
- Classic Red Catalog PDFDocumento18 pagineClassic Red Catalog PDFaian josephNessuna valutazione finora
- Writing Effective Audit ReportDocumento165 pagineWriting Effective Audit Reportaian josephNessuna valutazione finora
- Pa 2320-3 PDFDocumento4 paginePa 2320-3 PDFaian joseph100% (1)
- Pa 2120-3 PDFDocumento2 paginePa 2120-3 PDFaian josephNessuna valutazione finora
- Apply DLSU admissionDocumento2 pagineApply DLSU admissionaian josephNessuna valutazione finora
- Internal Audit ManualDocumento68 pagineInternal Audit ManualALAINXHIGNESSE100% (11)
- 2015training Calendar - 0 PDFDocumento5 pagine2015training Calendar - 0 PDFaian josephNessuna valutazione finora
- Internal Audit Competency FrameworkDocumento31 pagineInternal Audit Competency Frameworkaian joseph100% (1)
- 8 Things To Consider Before Pursuing A Graduate Degree - DevexDocumento11 pagine8 Things To Consider Before Pursuing A Graduate Degree - Devexaian josephNessuna valutazione finora
- 09 Sean de La RosaDocumento7 pagine09 Sean de La Rosaaian josephNessuna valutazione finora
- Revised IRR RA 9184 2009Documento114 pagineRevised IRR RA 9184 2009Budz OlbesNessuna valutazione finora
- Cafeteria Audit ProgramDocumento3 pagineCafeteria Audit Programaian josephNessuna valutazione finora
- Sec Memo 11, s2008Documento5 pagineSec Memo 11, s2008aian josephNessuna valutazione finora
- Working Capital, Credit and Accounts Receivable Management: Reference: ETM Chapter 6 & 7 STFM Chapter 5 & 6Documento31 pagineWorking Capital, Credit and Accounts Receivable Management: Reference: ETM Chapter 6 & 7 STFM Chapter 5 & 6sandeep949Nessuna valutazione finora
- CIA HandbookDocumento40 pagineCIA Handbookwrapables79100% (4)
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeDa EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeValutazione: 4 su 5 stelle4/5 (5783)
- The Yellow House: A Memoir (2019 National Book Award Winner)Da EverandThe Yellow House: A Memoir (2019 National Book Award Winner)Valutazione: 4 su 5 stelle4/5 (98)
- Never Split the Difference: Negotiating As If Your Life Depended On ItDa EverandNever Split the Difference: Negotiating As If Your Life Depended On ItValutazione: 4.5 su 5 stelle4.5/5 (838)
- Shoe Dog: A Memoir by the Creator of NikeDa EverandShoe Dog: A Memoir by the Creator of NikeValutazione: 4.5 su 5 stelle4.5/5 (537)
- The Emperor of All Maladies: A Biography of CancerDa EverandThe Emperor of All Maladies: A Biography of CancerValutazione: 4.5 su 5 stelle4.5/5 (271)
- Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceDa EverandHidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceValutazione: 4 su 5 stelle4/5 (890)
- The Little Book of Hygge: Danish Secrets to Happy LivingDa EverandThe Little Book of Hygge: Danish Secrets to Happy LivingValutazione: 3.5 su 5 stelle3.5/5 (399)
- Team of Rivals: The Political Genius of Abraham LincolnDa EverandTeam of Rivals: The Political Genius of Abraham LincolnValutazione: 4.5 su 5 stelle4.5/5 (234)
- Grit: The Power of Passion and PerseveranceDa EverandGrit: The Power of Passion and PerseveranceValutazione: 4 su 5 stelle4/5 (587)
- Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaDa EverandDevil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaValutazione: 4.5 su 5 stelle4.5/5 (265)
- A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryDa EverandA Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryValutazione: 3.5 su 5 stelle3.5/5 (231)
- On Fire: The (Burning) Case for a Green New DealDa EverandOn Fire: The (Burning) Case for a Green New DealValutazione: 4 su 5 stelle4/5 (72)
- Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureDa EverandElon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureValutazione: 4.5 su 5 stelle4.5/5 (474)
- The Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersDa EverandThe Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersValutazione: 4.5 su 5 stelle4.5/5 (344)
- The Unwinding: An Inner History of the New AmericaDa EverandThe Unwinding: An Inner History of the New AmericaValutazione: 4 su 5 stelle4/5 (45)
- The World Is Flat 3.0: A Brief History of the Twenty-first CenturyDa EverandThe World Is Flat 3.0: A Brief History of the Twenty-first CenturyValutazione: 3.5 su 5 stelle3.5/5 (2219)
- The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreDa EverandThe Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreValutazione: 4 su 5 stelle4/5 (1090)
- The Sympathizer: A Novel (Pulitzer Prize for Fiction)Da EverandThe Sympathizer: A Novel (Pulitzer Prize for Fiction)Valutazione: 4.5 su 5 stelle4.5/5 (119)
- Her Body and Other Parties: StoriesDa EverandHer Body and Other Parties: StoriesValutazione: 4 su 5 stelle4/5 (821)
- Avon-Strategic Management CaseDocumento56 pagineAvon-Strategic Management Casebrownshuga100% (2)
- Professional Practice NotesDocumento5 pagineProfessional Practice NotesSHELLA MARIE DELOS REYESNessuna valutazione finora
- Week 6-7 Let's Analyze Acc213Documento5 pagineWeek 6-7 Let's Analyze Acc213Swetzi CzeshNessuna valutazione finora
- SCDL Solved International Finance AssignmentsDocumento19 pagineSCDL Solved International Finance AssignmentsShipra GoyalNessuna valutazione finora
- Demantra and ASCP Presentation PDFDocumento54 pagineDemantra and ASCP Presentation PDFvenvimal1Nessuna valutazione finora
- Week 008-Module How To Identify A Target Market and Prepare A Customer ProfileDocumento16 pagineWeek 008-Module How To Identify A Target Market and Prepare A Customer ProfileWenzel ManaigNessuna valutazione finora
- Binod RajwarDocumento3 pagineBinod RajwarSHYAMA AUTOMOBILESNessuna valutazione finora
- Apparel Merchandising - Types of BuyersDocumento24 pagineApparel Merchandising - Types of BuyersNithyaprakashNessuna valutazione finora
- Bhakti Chavan CV For HR ProfileDocumento3 pagineBhakti Chavan CV For HR ProfileADAT TestNessuna valutazione finora
- How To Think Like A Marketing Genius - Table of ContentsDocumento10 pagineHow To Think Like A Marketing Genius - Table of Contentsbuymenow2005Nessuna valutazione finora
- PLDT Vs - Estranero, GR No.192518, Oct 15, 2014 FactsDocumento2 paginePLDT Vs - Estranero, GR No.192518, Oct 15, 2014 FactsHoreb FelixNessuna valutazione finora
- CM1 PAS1 Presentation of Financial StatementsDocumento16 pagineCM1 PAS1 Presentation of Financial StatementsMark GerwinNessuna valutazione finora
- Financial Accounting Report (Partnership - Group 2)Documento20 pagineFinancial Accounting Report (Partnership - Group 2)syednaim0300Nessuna valutazione finora
- Project Report On HR Policies and Its Implementation at Deepak Nitrite LimitedDocumento64 pagineProject Report On HR Policies and Its Implementation at Deepak Nitrite LimitedRajkumar Das75% (4)
- Sustainable Supply Chain Evolution and FutureDocumento42 pagineSustainable Supply Chain Evolution and Futureatiqa tanveerNessuna valutazione finora
- ERP Software For Doctor. Complete Management Software For Hospital.Documento71 pagineERP Software For Doctor. Complete Management Software For Hospital.Jyotindra Zaveri E-Library67% (3)
- Rain Bird International: 6991 E. Southpoint Road Tucson, AZ 85756 United States Fed Tax ID: 95-2402826Documento7 pagineRain Bird International: 6991 E. Southpoint Road Tucson, AZ 85756 United States Fed Tax ID: 95-2402826Alejandra JamboNessuna valutazione finora
- Meaning of Transfer PricingDocumento2 pagineMeaning of Transfer Pricingpanda_alekh100% (1)
- Case InstructionsDocumento4 pagineCase InstructionsHw SolutionNessuna valutazione finora
- Abinaya Tex Industry OverviewDocumento24 pagineAbinaya Tex Industry Overviewselvi abrahamNessuna valutazione finora
- CHARTERED ACCOUNTANTS EXAMINATIONS T5: TAXATIONDocumento21 pagineCHARTERED ACCOUNTANTS EXAMINATIONS T5: TAXATIONMosesNessuna valutazione finora
- What Informal Remedies Are Available To Firms in Financial Distress inDocumento1 paginaWhat Informal Remedies Are Available To Firms in Financial Distress inAmit PandeyNessuna valutazione finora
- Free SWOT Analysis Template MacDocumento1 paginaFree SWOT Analysis Template MacGirish Des ManchandaNessuna valutazione finora
- SOP FinalDocumento16 pagineSOP FinalAvinash SinghNessuna valutazione finora
- ISO 14000 Understanding, Documenting and Implementing Slides R8.02.05Documento195 pagineISO 14000 Understanding, Documenting and Implementing Slides R8.02.05Tanuj MadaanNessuna valutazione finora
- Group Assignment Cafes Monte Bianco Final V2Documento13 pagineGroup Assignment Cafes Monte Bianco Final V2Linh Chi Trịnh T.Nessuna valutazione finora
- ResumeChaturyaKommala PDFDocumento2 pagineResumeChaturyaKommala PDFbharathi yenneNessuna valutazione finora
- Ethics in Advertising and Marketing: Presenting byDocumento54 pagineEthics in Advertising and Marketing: Presenting byParihar BabitaNessuna valutazione finora
- Last Resort (Case)Documento3 pagineLast Resort (Case)Aisha BashirNessuna valutazione finora
- Effective Talent Management & Succession Planning OptimizationDocumento4 pagineEffective Talent Management & Succession Planning OptimizationdaabhiNessuna valutazione finora
