Continuous Auditing for Compliance & Conduct Risk
Making the shift, from a function most commonly associated with compliance-based work to a forward-looking partner and strategic advisor, require a change in underlying tasks and processes currently performed. Automation and AI make continuous auditing and attestation a possibility.
Audit professionals need to adjust the attest and verification process to keep pace with large amounts of information generated on a nearly continual basis, including structured and unstructured data. To be able to produce a comprehensive audit will mean in practice is that auditing must also focus not only on structured data but also unstructured data generated from various control points like a call centre. Irrespective of the type of data and information generated for a comprehensive audit, real-time data is necessary to make better choices.
Continuous Auditing is a method used by auditors to perform audit-related activities on a more continuous or continual basis. Continuous auditing allows your standard internal audit to continue gathering relevant auditing data long after the audit has passed and continuing to the next audit. Continuous auditing gives auditors the opportunity to objectively and constructively assess the adequacy of management’s ongoing monitoring functions and identify risk areas.
Quarterly guidance or issuing statements periodically, and restricting the flow of information to management and market place creates information asymmetry that is not sustainable in the post royal banking commission business climate.
A Continuous Auditing (“CA”) programme will typically include most if not all the following components:
- Continuous risk monitoring (KRIs), including the monitoring of key performance indicators (KPIs)
- Continuous control monitoring
- A continuous transaction or activity monitoring
- Investigation of potentially inappropriate activities that have been detected
- Continuous reporting to stakeholders
Cognitive View supports continuous monitoring and auditing by providing
1. A framework to identify internal controls and risk (KRI)
2. The infrastructure for continuous compliance and risk monitoring
3. Internal incidence and breach reporting with continuous auditing