Continuous Auditing: A New Instrument in the CFO’s Toolbox

In the past decade, rapid technological developments have led to the widespread adoption of enterprise resource planning systems. These ERP platforms not only allow different functional areas of a business to share data, but also enable businesses to generate financial information in real time.

Such developments have fundamentally altered how businesses operate, and present both challenges and opportunities for CFOs and auditors.

That’s because traditional audit methods have, to a significant extent, not kept up with these developments. Many audit procedures that are used today remain manual in nature, and are often costly in terms of both time and money. To a large degree, it is as a result of these associated costs that audits are only conducted on an annual basis today.

One emerging automation concept/technology that is gaining prominence in audit is the continuous audit.

A cost-effective method of incorporating a continuous audit might be to develop a continuous audit system that is programmed to trigger an audit after a certain number of accounts-receivable transactions have been made in the ERP system

Seven dimensions

According to the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants, continuous audit is “a methodology that enables independent auditors to provide written assurance on a subject matter, for which an entity’s management is responsible, using a series of auditors’ reports issued virtually simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter.”

While the idea of the continuous audit is not new - it was introduced almost 20 years ago, and key conceptual elements of continuous auditing have largely remained intact since then – auditors have, up till now, faced many challenges in implementing it.

However, with rapid advancements in information technology, the growth of big data, and the increasing adoption of data analytics in business in recent years, the widespread implementation of continuous auditing by both internal and external auditors is within the reach of many companies today.

Building on traditional practices in auditing, continuous auditing introduces innovation along seven key dimensions to enable real time assurance and enhancement of the reliability of real time financial information.

Dimension 1: Continuous real-time audits

Real-time audits that occur continuously represent the goal of continuous audits. For example, a cost-effective method of incorporating a continuous audit might be to develop a continuous audit system that is programmed to trigger an audit after a certain number of accounts-receivable transactions have been made in the ERP system.

Dimension 2: Proactive audit models

Audits have traditionally been conducted on an annual basis. When audits are only conducted once a year, material errors, omissions, or fraud can often go undetected for long periods before they are flagged by an audit.

Conversely, continuous audits are conducted on a continuous basis. This would allow auditors to proactively detect and look into exceptions as they occur, rather than react to them long after they have occurred – as is frequently the case with traditional audits. 

Dimension 3: Automation

Traditional audits rely heavily on manual procedures and are thus often time and labor-intensive. The automation of audit procedures in a continuous audit can substantially reduce these constraints.

In order to increase the effectiveness of the automation process, it is important to ensure the standardization of data collection and the formalization of internal control policies.

The standardization of data collection would increase the gains that can be made from automation by reducing the time spent by the auditor on manually cleaning data before the performance of automated audit procedures.

Further, the formalization of internal control policies would provide well defined procedures that the automated procedures could follow to ensure that they can run smoothly, without any human intervention.

A continuous audit would consider the entire population of transactions in both monitoring and testing. This would enhance the effectiveness of the audit, and raise the probability of detecting material errors, omissions, fraud, and internal control violations

Dimension 4: Evolution of the work of auditors

In a continuous audit environment, much of the audit task will be automated. Hence, the bulk of the auditor’s work will be focused on more complex activities, such as those dealing with estimates and judgement verification, where he or she would need to display judgment and professional skepticism.

To a large extent, the main role of the auditor in a continuous audit environment would involve investigating and resolving exceptions generated by the continuous auditing system.

Dimension 5: Nature, timing, and extent of auditing

The continuous auditing methodology substantially alters the nature of traditional audit-testing.

In traditional audits, manual internal control and substantive detailed testing are performed periodically to evaluate managers’ assertions. In contrast, continuous auditing can be divided into two distinct but complimentary aspects: continuous controls monitoring (CCM) and continuous data assurance (CDA).

CCM refers to the process where the continuous auditing system continuously monitors internal controls for violations, while CDA refers to the process where transactional data is continuously tested for anomalies.

The timing of the performance of various audit tasks is different in a continuous audit. In traditional audits, internal control testing typically takes place in the planning stage of the audit, while substantive detail testing takes place in the fieldwork stage.

In contrast, both internal controls monitoring and transaction data testing should occur at the same time in a continuous audit.

The scope of the continuous audit is also more extensive than traditional audits. The labor- and time-intensive nature of traditional audits makes it impractical to include the whole population of transactions in testing. Instead, a representative sample of the whole population is often used.

In comparison, a continuous audit would consider the entire population of transactions in both monitoring and testing. This would enhance the effectiveness of the audit, and raise the probability of detecting material errors, omissions, fraud, and internal control violations within the continuous audit environment.

Dimension 6: Data modelling and data analytics

Analytical procedures in traditional audits typically employ basic statistical techniques such as ratio and trend analyses. In comparison, more sophisticated data modelling and analytics techniques are used in continuous audit. 

In particular, data modelling and data analytics are applied to transaction data and account balances for monitoring and testing in the continuous auditing environment.

Dimension 7: Nature and timing of audit reports

In traditional audits, audit reports are issued, after every audit, on an annual basis. In the continuous auditing environment, information generated by an ERP system is assumed to be free of material errors, omission, or fraud unless an audit exception report indicates otherwise.

Undeniably, organizations have become more complex today. They have elaborate and integrated business processes, and often also have to deal with ever increasing legislation and regulations. Like all other aspects of business, the audit function must evolve to keep up with these complexities.

While continuous audit remains very much an emerging field, broad forces that will shape its evolution and nature are rapidly coming into focus. Consequently, the demand for the continuous audit will certainly continue to grow in the coming years.

About the Author

Clarence Goh is Visiting Assistant Professor of Accounting (Practice) at the School of Accountancy, Singapore Management University.

Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern