Today, organisations are dealing with an unprecedented range of new challenges and risks that require many of them to revisit and take a new look at Enterprise Risk Management. The King III Report on Corporate Governance recommends that: “The board should ensure that management monitors the risk management plan effectively and continually”.
Due to the complexity of most organisations and the ongoing focus on costs, there is an increased focus on adopting innovative ways to assess and manage risk while enhancing performance.
Organisations are increasingly making use of improved business process understanding and knowledge of financial, operational and compliance risks to improve governance, manage risk and improve overall market and stakeholder trust.
Many organisations have found it efficient and cost effective to implement automated controls within their IT systems to assist with the management of these risks.
Advances in technology are making it possible to continuously monitor or audit the business architecture of organisations through robust data analysis procedures (data analytics).
Organisations that have moved to a continuous monitoring and auditing environment experienced early benefits in fraud risk management and procurement. In addition to the financial benefits that can be achieved from implementing a continuous monitoring and auditing framework, organisations may experience the following benefits:
- Improved organisational ability to ensure compliance with regulations and employees’ compliance with internal policies and procedures
- Increased detection and prevention of fraud and misconduct and a reduction in the number of such incidents
- Reduced time required to conduct audits and investigations and the establishment of standardised audit results.
Tracking results can help organisations evaluate the improvement of the control environment over time. Continuous auditing and monitoring can operate at various levels of automation and business architecture.
In many instances, implementing continuous monitoring/auditing is seen as a technology-driven initiative. Although technology is a key driver, the success of continuous monitoring and auditing is highly dependent on the people and process aspects of the implementation. From a people and process perspective, the implementation usually brings about a cultural change in the organisation by enhancing the type, speed and visibility of information on risk and performance, which in turn has a significant impact on how business decisions are made and monitored.
The successful implementation of continuous monitoring and auditing takes commitment. Organisations can expect a variety of challenges, possibly the biggest being an organisation’s resistance to change and corporate culture regarding effective risk management.
Given the increasingly complex legislative and compliance requirements facing business today, continuous monitoring/ auditing is a fantastic approach to assist organisations in managing risks. While appropriate technologies also need to be considered, certain cultural and process changes are required for a continuous approach to be effective. This will enable organisations to better appreciate the benefits a continuous monitoring/auditing approach offers.