Read Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment text version

Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment

A Summary of The IIA's Global Technology Audit Guide

WHITE PAPER

FOREWORD by David Richards President of The IIA

As a chief audit executive, I recognized a growing need for guidance on technology management written specifically for executives to help them keep pace with today's evolving business landscape. When I became president of The Institute of Internal Auditors (IIA) I made it a priority to initiate the development of this type of guidance, which has become the Global Technology Audit Guide (GTAG) series. This white paper is a summary of the third in the GTAG series, Continuous Auditing: Implications

for Assurance, Monitoring, and Risk Assessment, and is intended to provide guidance on gaining

timely, ongoing assurance regarding the effectiveness of risk management and control systems, particularly in light of increasing regulatory and business pressures. The audit profession has been profoundly impacted by several events over the last few years. Though the long-term effects remain to be seen, one thing is certain ­ now is a great time to be an internal auditor! Internal audit skills, talents, and focus on risk and controls assessment can add value in ways never before possible. Sarbanes-Oxley and other regulations around the world have created new demands and opportunities for internal auditing to meet the challenging requirements of compliance. While the opportunities are exciting, the challenges and resulting burden on internal audit departments have been overwhelming for many organizations. The concepts of continuous auditing, monitoring, and assurance, as presented in this white paper and the GTAG upon which it is based, are key to a sustainable, resource-efficient solution. I encourage you to use this white paper and the entire GTAG series as a foundation to assess and build your organization's framework and audit practices for control, compliance, and assurance. I am confident that the combination of these resources will assist you in meeting the challenges of constant change, increasing complexity, rapidly evolving threats, and the need to constantly improve efficiency. The GTAG series is a true testament to what The IIA does best: "Progress Through Sharing."

David A. Richards, CIA, CPA President, The Institute of Internal Auditors, Inc.

TABLE OF CONTENTS

The New Audit Environment .......................................................................................... 1 The Continuous Auditing Approach .............................................................................. 1 Application of Continuous Auditing ............................................................................. 3 Continuous Control Assessment Applications ................................................................... 3 Continuous Risk Assessment Applications ........................................................................ 4 Implementing Continuous Auditing .............................................................................. 5 Implementation Guidelines .............................................................................................. 5 Key Steps In Implementing Continuous Auditing .............................................................. 7 The Need for an Integrated Approach through Continuous Auditing & Continuous Monitoring ..................................................................... 8 Continuous Monitoring..............................................................................................................8 Continuous Auditing ..................................................................................................................8 Continuous Assurance ...............................................................................................................9 Benefits of a Continuous Auditing/Continuous Monitoring Approach ..................... 9 Conclusion...................................................................................................................... 10

The content of this white paper has been sourced and summarized from the third edition of The Institute of Internal Auditors' (IIA's) Global Technology Audit Guide (GTAG) series, Continuous Auditing: Implications for Assurance, Monitoring,

and Risk Assessment, authored by David Coderre. The IIA has granted permission for its use with the sole intent of providing

relevant information to educate and inform readers regarding the subject of continuous auditing. The use of IIA material in no way serves as an endorsement by The IIA of any product or service related to the subject matter.

INTRODUCTION

The need to assure the timely and ongoing effectiveness of risk management and control systems is critical. Organizations are continually exposed to significant errors, frauds, and inefficiencies that can lead to financial loss and increased risk. Moreover, an evolving regulatory environment, increased globalization, market pressure to improve operations, and rapidly changing business conditions require that organizations ensure that internal controls are effective and that risk is being properly mitigated. These new realities are pressuring organizations to improve their methods of performing ongoing evaluation of internal controls by both internal audit and management. This has led to a renewed focus on continuous auditing as well as investigation into methods to embed audit best practices within business processes to transfer ownership of internal controls testing and monitoring to management. This white paper explores the effective uses of technology in support of continuous auditing. It is intended to help auditors maximize the return on investment in technology and to demonstrate the benefits of such investments within a compliance and performance perspective.

THE NEW AUDIT ENVIRONMENT

Today, internal audit departments are extensively involved in a wide range of compliance efforts, particularly due to legislation such as Section 404 of the Sarbanes-Oxley Act. These efforts have raised concerns not only about mounting expectations, but also about internal audit's ability to maintain independence and objectivity when evaluating the effectiveness of controls, risk management, and governance processes. Consequently, internal audit faces challenges in a range of areas:

Regulatory compliance and controls

Internal audit value and independence

Fraud detection and control

Availability of skilled resources

Determining appropriate technology solutions To address these challenges, a new approach is essential ­ one that provides a sustainable and cost-effective means to address current and future audit challenges.

THE CONTINUOUS AUDITING APPROACH

Traditionally, internal audit's testing of controls has been performed on a retrospective and cyclical basis, often months, if not longer, after business activities have occurred. The testing procedures were often based on a sampling approach and included activities such as reviews of policies, procedures, approvals, and reconciliations. Unfortunately, this approach only affords internal auditors a narrow scope of evaluation that is often too late to be of real value to business performance or regulatory compliance. In some organizations; however, technology has been employed to perform continuous auditing, a process that automatically performs control and risk assessments on a more frequent basis. Continuous auditing changes the audit paradigm from periodic reviews of a sample of transactions to ongoing audit procedures that test 100 percent of transactions.

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

1

In addition, objectives of the generally accepted framework for the testing and monitoring of internal controls, the COSO Enterprise Risk Management Integrated Framework, encourage audit to approach their activities from a business perspective. These objectives shift the focus of continuous auditing from compliance with controls and regulations to improved efficiency of operations in the organization. As a result, these measures demand not only timely audit procedures, but ones that increase the scope and depth of the audit.

DEFINITIONS

Continuous auditing is a method used by auditors to perform audit-related activities on a continuous basis. Activities range from continuous control assessment to continuous risk assessment. Technology plays a key role in making it a viable option through automation.

Continuous monitoring of controls is a process that management puts in place to ensure that its policies and procedures are adhered to, and that business processes are operating effectively. Continuous monitoring typically involves automated continuous testing of all transactions within a given business process area against a suite of controls rules.

COSO Enterprise Risk Management (ERM) Framework

Continuous auditing is a unifying framework for audit functions and methodology. It supports micro-audit issues, such as detailed transaction testing to assess the effectiveness of controls, and macro-audit issues, such as using risk identification and assessment to prepare the annual audit plan. It also addresses the mid-level requirements, such as the development of audit objectives for individual audits. A continuous auditing approach allows internal auditors to:

Fully understand critical control points, rules and exceptions

Perform control and risk assessments in real-time or near real-time

Analyze key business systems for anomalies at the transaction level

Examine data-driven indicators of control deficiencies and emerging risk

Integrate analysis results into all aspects of the audit process The power of continuous auditing lies in the intelligent, uninterrupted testing of controls and risks that results in timely notification, follow-up and remediation of gaps and weaknesses. By changing the overall approach in this way, auditors will develop a better understanding of their business environment and the potential risks to their company to support compliance and drive business performance.

Continuous assurance is the combination of activities performed by internal audit to independently evaluate internal controls and risk management, and to assess management's controls monitoring activities.

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

2

APPLICATION OF CONTINUOUS AUDITING

The pressure on audit to do more with less is increasing. Some of the most difficult challenges are for audit to:

Provide timely assurance on the effectiveness of internal controls

Better identify and assess levels of risk

Quickly identify non-compliance with regulations and policies These are all areas where continuous auditing can be applied. Enabling technologies can range from spreadsheet software or scripts developed using audit-specific software, to commercial packaged solutions or custom-developed systems. The selected solution should be flexible and scalable, allowing auditors to start in one area and to then increase the scope, scale, and frequency of analysis. Continuous auditing activities range from continuous control assessment to continuous risk assessment. Applications for each area are described below.

Continuous Control Assessment Applications

Through technology-enabled analytics, audit can assess the internal control framework and provide independent assurance of its adequacy to the audit committee and senior management. Continuous control assessments need not be run in real-time. The frequency of analysis will depend on the level of risk and the degree to which management is monitoring the controls. Identification of control deficiencies While it is generally accepted that management is responsible for monitoring, designing, and maintaining controls, The Institute of Internal Auditors Standard 2120.A1 states, "audit should assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvements." The identification of control weaknesses and gaps is critical to supporting regulations such as Sarbanes-Oxley Section 404. Depending on the degree to which management is monitoring internal controls, auditors may be expected to do more thorough continuous control assessments. Continuous control assessment of transactional data against internal controls can rapidly highlight errors and anomalies, which can be reported to management for immediate action. It can also contribute to the reliability and integrity of financial and operational information, and to the efficiency and effectiveness of operations. Uncover fraud, waste, and abuse The use of technologies that support continuous control assessment can assist audit in examining detailed transactions, as well as summarized data, to identify anomalies and other indictors of waste, abuse and fraud. For example, audit can leverage data to identify instances where contracting authority was exceeded or avoided. For example, in payroll, it can be used to identify bogus employees or unusual rates of pay.

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

3

Continuous Risk Assessment Applications

While management has responsibility to develop and maintain a system to identify and mitigate risk, auditors are responsible for identifying and evaluating exposure to risk and contributing to the improvement of risk management and control. It is the responsibility of the CAE to establish risk-based plans and to determine the priorities of internal auditing activity consistent with the organization's goals. Audit can use continuous risk assessment to identify and assess changing levels of risk in these two related activities. This allows audit to assess management's risk mitigation activities and to support the development of objectives for individual audits and the annual audit plan. Continuous risk assessment is not a static system. The identification of indicators and assessment of their use and value are key tasks. Internal and external risks must continually be assessed so that potential risks are communicated and addressed in a timely and appropriate manner. The CAE must determine how the audit results will be used in the enterprise risk management activity. Audit plan development Continuous risk assessment enables the CAE to apply a more strategic context to audit plans. It also provides high-level support that allows the data-driven identification and assessment of risk indicators. Additionally, continuous risk assessment supports the establishment of the audit "universe" and the collection of quantitative data, enabling audit to focus on high-priority risk and to better allocate scarce audit resources. Annual audit plans may not be sufficiently responsive to changing levels of risk in a rapidly evolving business environment. However, through technology-assisted activities, it is easy to update risk assessments and to monitor risk indicators on an ongoing basis. Individual audit support Continuous risk assessment contributes to individual audits by supporting the identification and assessment of risk and the development of scope and objectives. Further, it can be used to determine audit locations and specific criteria, such as lines of inquiry. The primary difference between the use of continuous risk assessment to develop the enterprise-wide annual audit plan and to support individual audits is the degree to which detailed information is used to identify and assess risk. The enterprise-wide audit plan may only require summary-level information for each entity. On an individual audit level, on the other hand, more detailed information is required to identify risk at a level that supports the definition of the audit scope and the development of audit objectives. In a conventional audit, the scale and scope of analytical review procedures is limited by the type and amount of data that can be collected by traditional techniques. Continuous auditing, in contrast, has the potential to increase the quantity and scope of data available to the auditor.

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

4

Audit recommendation follow-up By linking data-driven indicators to recommendations, auditors can use continuous risk assessment to determine if recommendations have been implemented and if they are having the desired effect. In particular, if continuous risk assessment were used to identify and assess risk as part of the development of the audit scope and objectives, the same indicators can be used to evaluate the impact of the implementation of the audit recommendations.

IMPLEMENTING CONTINUOUS AUDITING

The notion of continuous auditing is not a difficult concept. Nevertheless, widespread continuous auditing has not been implemented by auditors, and senior management has not fully accepted nor funded the necessary technology. Successful implementation requires buy-in by all involved and a phased approach that addresses critical business systems. While each organization is unique, there are a number of common steps that must be carefully planned and managed when introducing continuous auditing.

Implementation Guidelines

The CAE must recognize that continuous auditing changes the audit paradigm, including the nature of evidence, timing, procedures, and level of effort, which places new demands on the audit department. These demands can best be met when the following key implementation guidelines are established. Gain executive-level support Audit committee and senior management support should be obtained once continuous auditing objectives are defined. The audit committee and senior management should be informed of the pre-conditions, in particular the access requirements, as well as how and when results will be reported. If this is not done, the legitimacy of the continuous auditing activity may be questioned and the process slowed when anomalies are identified and managers are contacted for explanations. Determine scope and frequency of testing The CAE should first consider the objectives of continuous auditing, the risk appetite of the organization, the level and nature of management monitoring, and enterprise risk activities when determing the timing, scope, and coverage of continuous auditing tests. The next step is to determine how often the continuous auditing tests will be run. The frequency will range from real-time, or near real-time, review of detailed transactions, to periodic analysis of detailed transactions, snapshots or summarized data. There is no simple answer to how often continuous auditing tests should be run, except to say that more often is better than less. An important consideration is the fact that the automation of continuous auditing tests lowers the cost of performing risk assessments and control verification.

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

5

Identify information sources and gain access While this step is similar to that undertaken for any audit or control review, the main objective is to avoid being constrained by old modes of thinking. The CAE should have a clear understanding of the objectives before defining information requirements. First, identify `what' needs to be accomplished. `How' this is done can be determined at a later stage. Getting access to the right data is essential to the successful implementation of continuous auditing. The CAE must identify the business applications to which audit requires access and determine those that are most critical. The next step is working with system owners to negotiate access rights, which often requires good working relationships with IT management. In addition, all auditors must be aware of the importance of identifying internal and external electronic sources of information. For example, auditors doing fieldwork may discover applications developed by end-users that could be of use for continuous auditing. Understand business processes and identify key controls and risks Once main data sources are identified, audit must understand the information systems and supported business processes. A basic understanding can be obtained from existing documentation. Build audit skill-set Audit must have properly trained and knowledgeable personnel to support continuous auditing. In particular, auditors developing and maintaining continuous auditing applications need to have a strong understanding of the systems being accessed and the underlying systems and functions generating the transactions being monitored. Ensure integrity of data Initially, audit needs to perform an assessment of the integrity of business system data. The extent of this assessment, which is key to balancing over-auditing against under-auditing, will depend on the consequences of relying on faulty results and determining the amount of testing and verification necessary to reduce audit risk to an acceptable level. Manage and report results One of the practical challenges of implementing a continuous auditing or monitoring system is ensuring the efficient response to control exceptions and risks that are identified. When a continuous auditing or monitoring system is first implemented, it is not unusual for a large number of exceptions to be identified. The continuous auditing system needs to allow the adjustment of parameters to identify control deficiencies or risks that are of significant concern. In addition, the nature of the audit response to the exceptions will vary, and not all will require an audit or immediate action. The results should be prioritized and acted upon as required.

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

6

The following table summarizes the key steps in implementing continuous auditing:

Key Steps in Implementing Continuous Auditing

Continuous Auditing Objectives

Define the objectives for continuous auditing

Obtain and manage senior management support

Ascertain the degree to which management is performing its monitoring role

Identify and prioritize areas to be addressed and types of continuous auditing to be performed

Identify key information systems and data sources

Understand the underlying business processes and application systems

Develop relationships with IT management Data Access and Use

Select and purchase analysis tools

Develop access and analysis capabilities

Develop and maintain auditor analysis skills and techniques

Assess data integrity and reliability

Cleanse and prepare the data Continuous Control Assessment

Identify critical control points

Define control rules and exceptions

Design technology-assisted approach to test controls and identify deficiencies

Continuous Risk Assessment

Define entities to be evaluated

Identify risk categories

Identify data-driven indicators of risk/performance

Design analytic tests to measure increased risk

Report and Manage Results

Prioritize results and determine the frequency of the continuous auditing activities

Run the tests on a regular and timely basis

Identify control deficiencies or increased levels of risk

Prioritize results

Initiate appropriate audit response and make results known to management

Manage results including tracking, reporting, monitoring, and follow-up

Evaluate the results of the actions taken

Monitor and evaluate effectiveness of continuous auditing process ­ both the analysis (e.g. rules/indicators) and the results achieved ­ and vary the test parameters as required

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

7

THE NEED FOR AN INTEGRATED APPROACH THROUGH CONTINUOUS AUDITING AND CONTINUOUS MONITORING

In light of the concerns of CAEs regarding the burden of compliance efforts, the scarcity of resources, and the need to maintain audit independence ­ an integrated approach to continuous auditing by audit and continuous monitoring by management is ideal. If auditors do their job ­ verifying controls and risk ­ and management does their job ­ develop and monitor controls, and manage risk ­ the organization will have a higher level of assurance that controls are working, that risks are being managed, and that decision-making information has integrity.

Continuous Monitoring

Continuous monitoring typically addresses management's responsibility to assess the adequacy and effectiveness of controls. Many continuous monitoring techniques are similar to those that may be performed in continuous auditing by internal audit. The key to continuous monitoring is that the process should be owned and performed by management. Since management is responsible for internal controls, they should have the means to determine, on an ongoing basis, whether the controls are operating as designed. The ability to identify and correct control problems on a timely basis improves the overall control system.

Continuous Auditing

There is an inverse relationship between the adequacy of management's continuous monitoring activities and audit's continuous auditing activities. Audit's approach to any amount of continuous auditing is dependent upon the extent to which management has implemented continuous monitoring. In areas where management has not implemented continuous monitoring, audit should apply detailed testing by employing continuous auditing techniques.

Management Response Comprehensive monitoring of internal controls

Little monitoring of controls

Reduced effort

Significant effort/greater resources

Audit Effort

Where management performs continuous monitoring on a comprehensive basis, internal audit no longer needs to perform the same detailed techniques otherwise applied under continuous auditing. Instead, the auditor should perform procedures to determine whether they can rely upon the continuous monitoring process.

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

8

Continuous Assurance

Audit assurance is a statement as to the adequacy and effectiveness of controls and the integrity of information. The continuous monitoring of controls by management is at the core of effective assurance strategies; however, audit must also ensure that management activities are adequate and effective. Internal audit provides assurance services by performing objective examinations of evidence. Continuous assurance can be provided when audit performs uninterrupted control and risk assessment, such as continuous auditing, and evaluates the adequacy of management's continuous monitoring activities.

Con ti nuo us Ass uran ce R e sul ts o f Con ti nuo us Audi ti ng a nd Con ti nuo us Mon it or in g Proce ss

AU D I T

Audit Testing of CM

Continuous Auditing

M A N AG E M E N T

Continuous Monitoring

Activities, Transactions and Events Business Systems and Processes

Continuous Auditing, Monitoring, and Assurance (Conceptual Model)

BENEFITS OF A CONTINUOUS AUDITING/CONTINUOUS MONITORING APPROACH

In carrying out its stewardship role, management has primary responsibility for assessing risk and managing controls within an organization. Internal audit is responsible for identifying and evaluating the effectiveness of the organization's risk management system and controls as implemented by management. The outcomes of continuous auditing and monitoring (by management) are similar and involve notifications or alerts indicating controls deficiencies or higher risk levels. Management's response to these notifications can be to immediately remediate a control deficiency and to correct an erroneous transaction. The audit response may range from an immediate audit of the identified control system to flagging an area for a future audit activity. One of the greatest advantages of continuous auditing is its independence from the underlying operational and financial systems and the monitoring performed by management. This autonomy improves management and control frameworks and provides mechanisms that auditors can use to support their independent review and assessment activities.

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

9

Continuous auditing helps audit to evaluate management's monitoring function, allowing the CAE to provide the audit committee and senior management with independent assurance that control systems and audit processes are working effectively. It also identifies and assesses areas of risk, providing information to auditors that can be communicated to management in support of risk mitigation. The expected benefits of a continuous auditing framework include:

Increased ability to mitigate risks

Reductions in the cost of assessing internal controls

Increased confidence in financial results

Improvements to financial operations

Reductions in financial errors and potential fraud

Increased profitability While the greatest gains in efficiency can be achieved by maximizing the use of technology, continuous auditing is not without its challenges. The technology needs to be understood, as do underlying business processes and systems, and it needs to be controlled. Auditors must have access to the data and software tools as well as the techniques and knowledge necessary to make intelligent use of vast amounts of financial and non-financial information.

CONCLUSION

In light of today's challenges, it is imperative that the CAE find new ways to respond effectively to the demands of a rapidly changing business environment and the burden of growing regulatory compliance requirements on internal audit. The integrated approach of continuous auditing and continuous monitoring, enabled by technology, is key to a sustainable, cost-effective, and resource-efficient solution. These challenges can be viewed as an opportunity for the CAE to offer tremendous value to the organization. Internal audit is uniquely positioned to provide the organization with assurance that it is in compliance with regulations such as Sarbanes-Oxley. Moreover, the integrated approach discussed in this paper can assist in reducing the overall cost of compliance by improving the efficiency of business processes and the audit function. The return on this investment is quickly realized through improvements to an organization's bottom-line results, based on the timely identification of increased risk, errors, and fraud, and the creation of a stronger internal control environment across the enterprise.

ACL, the ACL logo, the ACL logo with the text "Data you can trust. Results you can see." are trademarks or registered trademarks of ACL Services Ltd. The IIA and The IIA Logo are trademarks or registered trademarks of The Institute of Internal Auditors. All other trademarks are the property of their respective owners.

© 2005 ACL Services Ltd. WP/GTAG/181105

10

About The IIA GTAG Series This white paper is a summary of The IIA's Global Technology Audit Guide, entitled

Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment, authored

by David Coderre, Royal Canadian Mounted Police. Contributors included John G. Verver, ACL Services Ltd., and J. Donald Warren, Jr., Center for Continuous Auditing, Rutgers University. The GTAG is the third in a series and is available at www.theiia.org and www.acl.com/gtag.

About The IIA The Institute of Internal Auditors (IIA) is the internal audit profession's global voice, recognized authority, acknowledged leader, chief advocate, and principal educator worldwide. Established in 1941, The IIA serves members from all around the world in internal auditing, governance, internal control, IT auditing, government auditing, education, and security. The world's leader in certification, education, research, and technological guidance for the profession, The Institute sets the International Standards for the Professional Practice of Internal Auditing and provides various levels of accompanying guidance; certifies professionals through the globally recognized Certified Internal Auditor® (CIA®) and specialty certifications in government, control selfassessment, and financial services; presents leading-edge conferences, seminars for professional development, and Web-based training; produces forward-looking educational products; offers quality assurance reviews, benchmarking, and consulting services; and creates growth and networking opportunities for specialty groups. For more information about The IIA, please visit www.theiia.org.

About ACL Services Ltd. ACL is the leading global provider of Business Assurance Analytics to financial executives, compliance professionals, and auditors. Combining market-leading data analytics software and professional services expertise, ACL solutions give organizations confidence in the accuracy and integrity of transactions and the effectiveness of internal controls underlying increasingly

ACL Headquarters T +1 604 669 4225 F +1 604 669 3557 acl.com [email protected]

complex business operations. Since 1987, ACL's proven technology has enabled financial decision-makers to assure controls compliance, reduce risk, detect fraud, enhance profitability, and achieve fast payback. ACL delivers its solutions in more than 130 countries through a global network of ACL offices and channel partners. Our customers include 70 percent of the Fortune 500 companies and nearly 65 percent of the Global 500, as well as hundreds of national, state, and local governments, and the Big Four public accounting firms.

Information

Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment

14 pages

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

31603


Notice: fwrite(): send of 204 bytes failed with errno=32 Broken pipe in /home/readbag.com/web/sphinxapi.php on line 531