Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Continuous Auditing
Organizational Readiness
What Needs To Be Done
Making It Happen
Clyde Rogers
clyde.rogers@sympatico.ca 1
Research & Information Sources
Professional Experience – Senior Director,
Continuous Auditing at Major Bank
Industry – Barclay’s, RBS, Wells Fargo,
Citigroup, RBC, Fleet
Organizations – IIA & ADR
External Firms – Deloitte, KPMG, E&Y
Academic – Centre for Continuous
Auditing – Rutgers, U of Waterloo
2
Guiding Principles - Mindset
Improve Efficiency and/or Effectiveness –
Needs to Business Case, Be Important,
$’s, Benefits
COSO/COCO Frameworks, Enterprise Wide
Risk Management, Control Self-
Assessment
Changing Regulatory Requirements – SOX,
Basel
Partner with Client & Governance Groups
Validate - Cross Organization Roles &
Responsibilities & Acceptance
3
Guiding Principles – Mindset
Client Monitors & Manages Risk and
Compliance
Audit Gets Assurance From Client &
Partner Processes as well as Independent
Testing
Information Technology is an Enabler –
Larger Than That
Staged and Incremental Implementation –
Business Line & Phases
4
Success Drivers
Promoted/Championed by Senior
Executive – Chief Auditor & Business Line
Executive
Focus On a “Quick Win” – Business Line
Readiness – Operating Models
Business Line Buy-In also Influences
Governance and Support Groups
Leverage/Benchmark to Industry & Non-
Industry Leaders and Best Practices
5
CM – CA Model/Processes
Advisory
Whistle Operational
Support
Staffing Blower Losses
Lines
Issues Key
Performance
Early
Warning
Systems Risk
Teams
Continuous
ContinuousAuditing Warehouse
Auditing Warehouse
External/
Regulatory
NIAP
Traditional Auditing
Traditional Auditing Strong
Risk and Frequency Model No Action
Risk and Frequency Model or Satisfactory
Suggested
Quarterly
Action Proceed with audit Requires Audit
Planning
As scheduled Improvement and
Prior Audit
Reporting
Results
6
Business Line Profile
Standard Operating Environment – 1,000
locations – National – 4 Segmented Client
Offers
Confusion/Duplication Between Functions
in Roles & Responsibilities – 4 Major Risk
Teams
Quick Win – Risk Teams – Duplication &
Costs
Conflicting Reporting to Clients &
Stakeholders
7
Benefits – Phase I – Risk Teams
Align Risk Teams Coverage to Meet the Needs of
all Groups – 1 Group – Audit Leverages (QA)
Roles & Responsibilities Defined and Aligned to
Changing and Emerging Regulatory
Requirements – SOX, Basel
Improve Effectiveness & Efficiency – Less Branch
Disruption – Also $2 million Savings
Move to Continuous Monitoring/Auditing Model –
Foundational to Phase II – Further Benefits
8
Phase I
Q2 2005 Q1 2006
SOX
Q1Basel
2005
SOX
W/M
Reduced On-site Testing Through: Basel
Compliance
• Changing/adding/deleting tested activities
• Identifying duplication Compliance
• Migrating duplicated testing to FRS
Internal
InternalAudit
Audit
• Eliminating migrated testing from groups
Internal Audit
• Developing process to audit FRS
• Focusing on routine activities
Business Risk • Processes review with product groups Business Risk
9
Benefits – Phase II - EWS
Leverage Information Technology - Consists of Data
Mining and Analytics
Whole Portfolios – Holistic View – Real Time
Additional Efficiencies - $5 million
Major Step Towards Continuous Monitoring/Auditing
Model
Monitoring Capability Enhanced:
- Reduces Onsite Testing
- Risk Indicators/Trends To Support On-site Testing
- Improves Earlier Identification – More Predictive
10
Phase II
Q1 ‘07
SOX
Basel
W/M
On-site testing
SOX
Compliance Reduced On-site Testing Through: Basel
• Develop central monitoring capability W/M
Compliance
Internal Audit • Enhanced technology platform
Internal Audit
• Leverage existing knowledge (NRM/EWS/CRS)
Internal Audit/Basel
• Central monitoring for select activities
Business Risk
• Further on-site testing eliminated
Business Risk
• Majority of on-site testing migrated to FRS
11
12