Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
www.bibiconsulting.com
We have heard the term “continuous auditing’’ The AICPA defines it as “the technologies
many times over the last few years, but do we and processes that allow an on-going re-
really know what it means? Is it the same as con- view and analysis of business information
tinuous control monitoring or continuous assur- on a real time basis. Continuous auditing
ance? Or is it a term used to describe the use of will require specialized skills of audit per-
Computer Assisted Audit Techniques (CAATs)? sonnel to monitor information electronical-
Have we tried to implement it, or know of some- ly and incorporate the use of intelligent
one who already done so? Is it for real, or just an- agents, computer modeling, and other
other fancy term auditors like to use? software tools. Continuous auditing will
give end users of information more timely
When I first heard of the term, the first thing that assurance that the information is correct
came to my mind was: real- time! To find out if and may eventually lead to continuous re-
this is a true presentation of the term, let’s first porting where financial information is up-
find out how continuous auditing is defined. dated and published as events occur.”
A leading continuous auditing expert,
What is continuous auditing? Rutgers University professor Miklos Va-
sarhelyi, calls it "an audit that happens
immediately after or closely after a partic-
There are many definitions for continuous audit-
ular event."
ing; a few of them are listed below:
From the above definitions, we can conclude that
According to The Institute of Internal Au- the objective of continuous auditing is to provide
ditors' (The IIA) Global Technology Audit real or near real time reporting on audit issues, and
Guide (GTAG 3) continuous auditing is that technology plays a vital role in the success of
defined as any method used by auditors to the implementation of continuous auditing.
perform audit - related activities( includ- Now that we have an understanding of continuous
ing control and risk assessments) on a auditing, let’s review some of the definitions for
more continuous(occurring without inter- continuous control monitoring.
ruption) or continual (occurring at re-
peated intervals.) basis.
What is Continuous Control Monitoring?
A 1999 research report co-sponsored by
the American Institute of Certified Public
Accountants (AICPA) and the Canadian IIA’s GTAG 3 defines it as:
Institute of Chartered Accountants (CICA) “A process that management puts in
defines continuous audit as: “a methodol- place to ensure that its policies, proce-
ogy that enables independent auditors to dures, and business processes are operat-
provide written assurance on a subject ing effectively.”
matter using a series of auditors' reports I read a definition in a KPMG publication
issued simultaneously with, or a short pe- which I thought provides a good overview
riod of time after, the occurrence of events of the term:
underlying the subject matter.’’ “Continuous control monitoring is an au-
tomated feedback mechanism for man-
agement to ensure that the systems and
Computer assisted audit techniques (CAATs) The first model of continuous auditing was de-
refers to software used by auditors to enhance veloped by AT&T Bell Laboratories in 1989 to
the audit process. CAATs can be classified into evaluate the billing system within the company.
four broad categories: Since that time, CA has evolved and more or-
Data analysis software ganizations have adopted it in the United States
Network security evaluation soft- and Canada. A 2008 survey by KPMG shows
ware/utilities. that 26% of respondents indicated that they
OS and DBMS security evaluation have already implemented CA, while 43% of
software/utilities respondents indicated there intent to implement
Software and code testing tools. it during the coming three years.
Can an audit department claim that it adopts The above data suggest that CA is gaining mo-
continuous auditing just because it uses mentum, but also that organizations need to ac-
CAATs? The answer is no. The use of CAATs celerate its adoption. I have not seen data on the
is an essential part of the continuous audit application of CA outside the United States, but
process, but it is not a continuous audit by it- my feeling is that the rest of the world is way
self. To illustrate, the use of CAATs to review behind the U.S especially in the developing
accounts payable (data mining function) during countries including the Middle East.
a scheduled audit does not mean that an organi-
zation is implementing continuous auditing un- The Future:
less this review is performed on a continues or
continual basis and involves risk and control While most of the organizations around the
assessments. A one-time audit using CAATs world have not yet started to adopt and imple-
does not represent continuous auditing. ment continuous auditing, other organizations
are already looking beyond CA.
Prerequisites for Continuous Auditing: As with the trend of internal audit, continues
In order to implement an efficient and effective auditing will be shifting from a control –centric
continuous audit program, the following condi- model to a risk- centric model by adopting what
tions should exist; the IIA calls the Continuous Risk and Control
Availability of proper technology at the Assurance (CRCA) model, which will takes
company and internal audit levels. continuous auditing and monitoring to a new
Continuous auditing is heavily depend- level. It is a top-down model that starts with en-
ent on technology. terprise goals and objectives, and moves on to
Management support and buy-in. risks to the objectives, assessment and testing
Accessibility of data. of the controls required to manage the risks,
Competence of auditors. and data mining that can provide indicators of
risk and control health. The objective is to pro-
vide continuous risk and control assessment to
Benefits of Continuous Auditing: the management and board by taking real –time
A presentation by the IIA on GTAG 3 lists the audit technologies to the next level.
following benefits for CA:
Increased scope of audit activities.
Increased ability to mitigate risk.
Reduced financial errors and potential
for fraud.
Sustainable and cost – effective means
to support compliance and control as-
sessment.