- Across organizations and industries, while the definitions may vary, the goal of CA/CM is to provide greater transparency into the operations and timelier reporting of concerns.
- Continuous auditing consists of the automated collection of audit evidence and indicators by an internal or external auditor from an entity’s IT systems, processes, transactions, and controls on a frequent or continuous basis. This information enhances auditor capabilities and helps to ensure compliance with policies, procedures, and regulations. In many cases, CA can act as an early warning system by detecting control failures on a timelier basis than traditional approaches.
- In contrast, continuous monitoring is an automated feedback mechanism for management to ensure that the systems and controls have been operating as designed and transactions are processed appropriately. Management can utilize this information to set business rules or tests, using analytics to identify performance gaps or unusual transactions that may suggest control failures. CM allows management to have greater visibility into the organization—enhancing capabilities and entity-level controls while maintaining optimal performance.
Common drivers for CA/CM implementations
CA/CM strategy is influenced by a variety of drivers. Strategic drivers include the pressure to improve governance, a need to improve performance and accountability, as well as the ability to get better visibility into global operations. Operational drivers include the occurrence or risk of fraud and misconduct, Enterprise Resource Planning (ERP) conversion, and the desire to make optimal use of IT investments. External drivers include the expanding regulatory and risk environment, scrutiny from rating agencies, and an uncertain economic environment.