Continuous monitoring and auditing are automated feedback tools used to monitor processes, transactions, IT systems and controls on a frequent or continuous basis. These methodologies assist in detecting inconsistent practices, outliers, anomalies and other factors that could negatively affect a business.
Continuous monitoring allows management to consistently review their business processes and procedures for adherence to, or deviation from, expected levels of performance. This enables management to determine where it should be focusing attention and resources to improve processes, address risks, implement corrective actions or launch initiatives to better facilitate the achievement of business goals.
Continuous auditing allows Internal Audit to repeatedly gather data from processes, transactions and accounts that support auditing activities. This enables Internal Audit to determine more accurately where to focus attention and resources to improve the quality of audits and increase support from management. It is not intended to replace traditional auditing, but rather to be used as a tool in implementing standard procedures that will enhance audit methodologies and overall effectiveness.
Examples of continuous monitoring and auditing include:
- Monitoring of access to sensitive data
- Review of deposit and loan activity for missing information or unusual activity outside of company policy and limits
- Monitoring of pricing overrides or customer discounts
- Review of transaction logs for unusual or suspicious activity (security logs, journal entry logs, etc.)
- Review of payroll, P-card and travel and entertainment transactions for outliers
- Monitoring of overrides to key company metrics that may drive operational performance and/or regulatory reporting
Continuous monitoring and auditing can enable an organization to adapt more quickly and effectively to changes in the regulatory and risk environment. In implementing these processes, management and Internal Audit will gain greater visibility into the organization by obtaining and analyzing up-to-date information, increasing the scope of audit coverage and detecting errors before financial impact is realized. Continuous monitoring and auditing assist in providing assurance over processes that are high in value or risk and allow for flexibility in an ever-changing regulatory environment.