ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > More Organizations Are Implementing Continuous Auditing/Continuous Monitoring

More Organizations Are Implementing Continuous Auditing/Continuous Monitoring

| Published: 6/18/2012 9:00 AM | Permalink | Email this Post | Comments (0)
Miklos A. Vasarhelyi, Ph.D., Silvia Romero, Ph.D., Siripan Kuenkaikaew, CISA, and Jim Littley
In recent years, companies have started adopting continuous auditing/continuous monitoring (CA/CM). We made this determination regarding the levels of adoption of CA/CM by internal auditors based on the results of a PricewaterhouseCoopers (PwC) survey in 2007 and a subsequent study conducted by the CarLab in 2009.

At the time the PwC survey was carried out, some internal audit groups conducted manual and quarterly procedures, which they called CA/CM. However, since that time, organizations have started adopting what we consider to be real CA/CM—that is, conducting computerized auditing of transactions as they occur. However, the rate of adoption has been slower than what was anticipated by the PwC survey. Different factors have affected implementation. For example, given its cost, management and internal auditors may need to understand what aspects of CA/CM adoption will benefit their organizations and their performance. The successful experience of others might trigger adoption as well.

After the PwC survey took place, we had the opportunity to explore these factors by interviewing internal auditors in nine leading internal audit organizations, which implemented CA/CM. Most organizations that participated in the CarLab study are Fortune 250 companies. We obtained very insightful and valuable information from the internal audit teams who shared the stories about their CA/CM implementation and explained how their systems work. Although organizations have mentioned different problems, which range from technology, personnel and regulations, the internal auditors interviewed weight higher the advantages derived from CA/CM, and keep improving their systems. The responses suggest that although in the initial stages of adoption for many, CA/CM enhances internal audits. The question that remains is whether the continuous monitoring performed by internal auditors is enough or if both continuous monitoring and external continuous auditing are needed.

Read Miklos Vasarhelyi, Silvia Romero, Siripan Kuenkaikaew and Jim Littley’s recent Journal article: 
Adopting Continuous Auditing/Continuous Monitoring in Internal Audit,” ISACA Journal, volume 3, 2012


There are no comments yet for this post.