Академический Документы
Профессиональный Документы
Культура Документы
Page 1
So how does a technology-focused audit approach specifically improve an organizations overall risk
management efforts? There is increasing recognition that the primary focus in terms of enterprise risk
management should be in the areas of strategic and overall business risks, rather than on financial,
compliance and operational risks. This makes good sense but does not mean that financial and
operational risks can be ignored.
The role that audit can play in these latter areas is to help drive some of the best practices of audit and
assurance processes into the business. The areas of continuous auditing and monitoring are good
examples of this. When audit departments implement automated continuous auditing, the benefits of
providing timely notification of control risks and anomalies to management often become apparent. The
next logical step can be for management to take on responsibility for similar processes in the form of
continuous control monitoring. This can become a key component of financial and operational risk
management strategy, allowing management to continually assess risks and the effectiveness of the
controls for which they are responsible.
Page 2
For those audit departments that are implementing continuous auditing and monitoring, the involvement
of the business can be critical to the process. Many aspects of continuous auditing can be performed
relatively autonomously. When business management is provided with regular results from the audit
process or takes on responsibility for continuous monitoring, then the relationship between audit and
management will change. Such processes as response to exceptions, remediation of control weaknesses
and escalation of issues require clearly defined and agreed responsibilities and working procedures.
When incorporating technology as part of the typical audit process, many of the best practices are the
same as for implementation of any technology including, for example, setting objectives, planning, system
design, technology selection, role assignment, training, quality and control processes, collaboration
processes, security, measuring results, among others. While business process areas usually have crossfunctional teams dedicated to the successful implementation of technology, this is often not the case for
audit. The tendency can be for audit technology to be selected and implemented in far more of an
unstructured and unplanned way. This brings us back to the issue of audit leadership giving a clear
mandate and setting expectations for technology to become a strategic component of the audit approach.
Overcoming Challenges
A recent Protiviti survey identified that the technology areas of data analysis, continuous auditing and
fraud monitoring were the sectors among all audit domain areas where improved knowledge and skill
sets were most needed. This is a good indication that the top challenges are simply that not enough
auditors know how to actually apply current technologies in an efficient, effective way. Education and
training clearly have a key role to play in overcoming these challenges, as well as turning to outside
expert resources for assistance.
The selection of technology itself is also a key issue for overcoming challenges. Many audit departments
rely on a variety of home-grown systems to manage and maintain audit processes and documentation.
General-purpose software is still widely used for many audit processes, from maintaining working papers
to performing analysis. Audit and assurance processes are specialized activities with unique
requirements, and there is a strong argument to use an integrated platform technology that has been
specifically designed for that purpose.
One risk of ignoring the importance of technology to the audit process is that internal audit will not
manage to keep up with professional standards and best practices. There have been numerous surveys
and reports by The Institute of Internal Auditors (The IIA) and professional audit service firms that
emphasize the critical importance of technology to support audits changing mandate. Audit departments
that are slow to embrace technology risk falling behind in the quality of the assurance activities that they
provide.
Another likely outcome is that, audit will under-deliver value to the organization. Recent years have
produced some tremendous success stories of audit departments that have used technology to transform
the role of internal audit and contribute to the performance of the organization at a new level. Those audit
departments that ignore the importance of technology are the most likely to under perform.
Page 3
Protiviti (www.protiviti.com) is a global business consulting and internal audit firm composed of
experts specializing in risk, advisory and transaction services. The firm helps solve problems in
finance and transactions, operations, technology, litigation, governance, risk and compliance.
Protivitis highly trained, results-oriented professionals provide a unique perspective on a wide
range of critical business issues for clients in the Americas, Asia-Pacific, Europe and the Middle
East.
Protiviti has more than 60 locations worldwide and is a wholly owned subsidiary of Robert Half
International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member
of the S&P 500 index.
Page 4