The world has been experience rapid advancements in the field of information communications and technology (ICT) (Best, 2009). As Coderre (2005) asserted, the main purpose of these advancements is to enhance the quality of life by improving the efficiency in which we conduct tasks. To further support this claim, Coderre (2005) stated that firms need to incorporate ICT into their normal operations as a means of enhancing their effectiveness and efficiency. This will greatly enhance the productivity of firms hence enabling them to stand at a competitive edge over their rivals. It is as a result of this realisation that firms all around the globe have incorporated various management information systems (MIS) to enhance their performance in their internal as well as external operating environments.
From a critical point of view, it is evident that the advancement in technology and the digitalisation of operations have changed the manner in which organizations prepare, interpret, and communicate their financial information (Razaee et al., 2002). This is because firms have digitalised their auditing processes hence enabling them to generate their financial information in real-time or near real-time and publishes them online through continuous auditing. Continuous auditing has reduced the time and energy that is required to create financial statements and reports by auditors. With the ease of preparation, interpretation, and presentation of these reports, stakeholders can easily and constantly determine the position of a given firm, its performance as well as the changes in its financial position over time. Based on this advancement in technology, this paper will critically analyse the concept of continuous auditing. As such, the paper will focus on the various aspects of continuous auditing, its requirements, its benefits and shortcomings, and the manner in which internal and external auditors can use this concept to determine the true and fair view of a given organization.
In the contemporary world, firms need to operate in an efficient and transparent manner. As a result, firms need to enforce strict financial controls to ensure that their financial records represent a true and fair view of the company (Kogan, 2004). Furthermore, firms have been facing intense pressure from the increased corporate needs of their institutions as well as the introduction of strict regulations that govern the maintenance and presentation of financial records (O’Riley, 2006). Traditional auditing practices have proved not to be very effective in some instances. For instance, a firm might detect irregularities in its books of records during the mid-year internal auditing process. However, there are high chances that this error or fraud has developed into a disaster since it has been discovered after about six months. In this respect, contemporary firms have developed the need to have auditing systems that incorporate modern technology that monitors and control their financial records in real-time or near real-time.
In this respect, continuous auditing can be defined as the utilization of technology to determine any changes in the risk or control indicators of a given organization (Best, 2009). This system is effective since it accelerates the process of internal auditing by providing information with regards to the changes and deficiencies of financial information in a rapid and systematic manner. Unlike traditional auditing methods that use data samples to generate an audit report, continuous auditing utilizes the entire data population (O’Riley, 2006). Thus, continuous auditing makes the process of risk assessment, planning, auditing, and reporting to be dynamic and responsive to the auditing needs and requirements of a given firm. This ensures that the information that has been generated is concise and hence can be used by the management, shareholders, and other stakeholders for decision making.
Requirements for Continuous Auditing
While considering to adopt continuous auditing in an organization, the management needs to put into consideration the basic requirements to ensure that its implementation is smooth and effective. As Kuhn and Sutton (2010) asserted, it is the duty of the audit manager to critically analyse the changes that the organization will face and the implications that they will have in the normal running and management of the organization. In this respect, Kuhn and Sutton (2010) identified the following requirements:
- Need to determine the priority areas
- Need to develop rules and regulations
- Need to determine the frequency of the process
- Need to develop and configure audit procedures
- Need to conduct follow up exercises
- Communications of the results
From practice, the risk areas of a given organization are usually integrated into the annual audit and risk management program (Kogan, 2004). From this plan therefore, an audit manager can be able to determine high risk areas that require to be highly monitored and controlled. Consequently, the priority that can be assigned to a given department/segment of an organization can be determined by the nature of business that is being conducted. For instance, departments that deal with critical business process are always considered to be high risk areas hence they are highly prioritized (Kuhn and Sutton, 2010).
After these areas have been identified, it is essential to determine the availability of audit data, the cost and benefits of auditing such areas, and the implications of continuously auditing the department/business segment. From this information, the audit manager in conjunction with relevant stakeholders should develop the rules and regulations that will be applied in the process of continuously auditing the data. This is an essential procedure as it will ensure that standardised practices and procedures are applied during the audit process for accountability and consistency purposes (Kogan, 2004). However, since organizations operate in a dynamic environment, it is essential to consistency program, repeat, and to configure these rules to reflect the changing needs and requirements of the organization. This is an essential step as it plays a significant role in the development and implementation of continuous auditing procedures (CAP) within a given firm. As such, internal auditors will have specific rules and guidelines that will be used in the process of error detection and follow up activities (Kuhn and Sutton, 2010). Before continuous auditing can be implemented in an organization, it is also critical to clearly define the follow up process with regards to error detection alarms. In an event of an alarm, O’Riley (2006) asserted that information has to be communicated in a systematic manner. Normally, it is the line manager, the internal auditor, or both of these individuals who should be alerted in the process of treatment of alarms and detection of errors (Kuhn and Sutton, 2010). The final requirement is to communicate the audit result to the clients. This is a critical step and forms the basis of the overall auditing procedure since the information that is generated from an audit procedure is essential in decision making. Therefore, the fact that continuous auditing will provide clients with real-time information or near real-time information, stakeholders will always be in a position of making informed decisions based on the actual performance of the organization.
The Role of Continuous Auditing
In the contemporary world, organizations are operating under turbulent conditions. In this respect, it has become critical for the managements as well as the stakeholders to develop and implement strong internal auditing controls within their organizations to ensure that any risks that might occur are managed in an effective and efficient manner. This is because, there are companies that have become victim of various kinds of risks that originate from their internal environment. Enron, for instance, is a prime example of a company that paid dearly as a result of poor internal auditing controls (Best, 2009). Due to this fact, many organizations have incorporated the concept of continuous auditing to control, run and manage their financial operations. This is because, continuous auditing uses technology to test the various controls and data continuously in accordance to the operations of the firm (Marks, 2009).
Given the change in the auditing practice, continuous auditing has taken up most of the roles of traditional auditing as well as developing new roles based on its nature of operations. According to Marks (2009), the main role of continuous auditing is monitor the key performance indicators (KPI) of a given business entity. Managers at various levels of an organization closely monitor KPIs to determine their overall level and efficiency of business operations by determining the overall rate of success or failure of the strategies, initiatives, and programs that have been implemented. Since continuous auditing provides such managers with real-time or near real-time information, they can easily detect any errors or fraud and come up with corrective mechanisms that will put the systems and operations back to track. However, for continuous auditing to be effective and efficient, the KPI monitoring process should be a part of the continuous monitoring process of the firm. Through frequent review of KPIs, the management can implement the information gathered from this process and use it in their quality assurance program that is critical in decision making (Kogan, 2004).
As it has been asserted in this paper, continuous auditing also plays a significant role in the process of continuous risk monitoring and control assurance. With the application of continuous auditing, continuous risk monitoring and control assurance is achieved by the implementation of an enterprise risk management (ERM) system (Marks, 2009). The main purpose of this system is to identify and critically analyse the strategies and objectives that have been set by the assurance program to enhance the overall effectiveness and efficiency of financial transaction within a given firm. This consideration should always be put in place since internal auditing should always be supported by the risk management process of an organization. In this respect, it is therefore critical for frequent audits to be carried out hence the need of an effective and efficient auditing system.
However, as it has been asserted previously in this paper, it is essential for an organization to ensure that its continuous auditing process is up to date. This is due to the fact that the errors and risks that an organization might be exposed to tend to fade with time as new ones come up (Marks, 2009). In this respect, the continuous auditing system should factor in this consideration especially with regards to its risk monitoring and control assurance role. At this point, it is essential to state that the management is the body that has the mandate and full responsibility to monitor the risks that a given organization might fact. The role of internal auditors, on the other hand, is to utilize the information generated from the ERM system to detect any errors or fraud. Therefore, continuous auditing plays a significant role in linking up the information that is generated from financial statements, account balances, and security data to the process of risk management (Marks, 2009). As such, the board and senior managers can use this information to determine the overall risk levels and hence suggest corrective actions to enhance the overall operational efficiency of the firm.
Continuous control is also an essential role of continuous auditing. In an organization, continuous control is achieved via a continuous assurance program that aims at identifying the most significant risks that the firm might be facing at any given time (Marks, 2009). In relation to this, Marks (2009) asserted that the role of a continuous assurance program is to identify and control:
- The areas that are deemed to be very risky in a firm
- Risks that are not frequent in nature but whose repercussions are severe to the operations of a firm
- Risks that might occur in segments that are deemed valuable by key stakeholders
To ensure that continuous auditing achieves its purposes under this role, it is essential for the chief auditor as well as the managers at various levels to define the key controls that will be used to manage the risks within the tolerance levels of the firm (Best, 2009). This is a critical consideration since it will ensure that authorised personnel have a clear understanding of the nature, operation, and impacts of the various controls that are present in a given institution. This is an essential consideration since there are instances where a combination of different control systems are used to contain a given risk.
Fraud detection is also a key role of continuous auditing. Fraud is one of the main risks that firms strive to avoid. It is due to this fact that firms have adopted and implemented various auditing principles and guidelines prevent fraud from occurring as well as detecting it in its earliest form to safeguard the financial position of an organization (Kogan, 2004). In this respect, an organization is expected to have an effective fraud management program that should work hand in hand with the continuous risk and fraud assurance program (Marks, 2009). The combination of these two programs results in an increase in the efficiency of the fraud detection system. As a result, the fraud risks of a given organization will be monitored together with other risks that the organization might be facing. In the process, the firm will develop effective control systems that will monitor and assess these risks. In such a scenario, the controls that will be put in place to assess fraud can be assessed together with the controls that have been put in place to detect and monitor other types of risks. Through data mining and an overall fraud control are the basic techniques that are used to detect frauds under a fraud management assurance program. The operation effectiveness and efficiency of the fraud detection system has thus greatly enhanced the rate at which frauds are detected in an organization. According to Marks (2009), traditional controls and internal audits only detected approximately 42% of the total frauds of a given organization. However, continuous auditing systems have greatly enhanced the level of fraud prevention and detection due to the continuous monitoring and control of operations.
Internal and External Auditing Function
As it has been asserted in this paper, it is the duty of the management of any given organization to assess the risk that its organization might face. From this assessment, the management should thus design and implement effective control systems (Coderre, 2005). The information that is thus gathered from the internal audits is presented to the audit committee as well as senior level managers to determine the state of risk of an organization. With this information, therefore, the management can come up with effective controls, measures, and policies that will solve any problems that the firm might be facing and enhance its overall level of operations. Other than using this information for decision making, this information is also crucial especially in determining whether the operations of a given firm conform to the standards, rules, and regulations that have been set up by a statutory body or the government (Coderre, 2005).
However, managers have the key responsibility of monitoring the internal controls of their organizations. In this respect, the operational environment of a given forms can be easily analyzed through continuous auditing (Kogan, 2004). As Coderre (2005) asserted, the effort that the management puts in place to ensure the operations are effective and efficient play a significant role in determining the continuous auditing approach that external auditors will use. For instance, if the process of control by the management is rigorous and detailed, external auditors will not conduct detailed tests via the continuous auditing approach. Instead, they will place a great emphasis on the effectiveness of the procedures that the management did put in place to monitor and control its activities. The results that will be arrived at will thus determine the intensity of the overall auditing process, its scope, as well as its frequency. Therefore, continuous auditing is an effective tool that can be used by the management, internal auditors and external auditors to determine the true and fair view of a given organization.
The Future of Continuous Auditing
While the concept of continuous auditing is relatively new, it is expected to further develop in order to meet the changing needs and requirements of firms by utilizing new technology. At the present moment, the continuous auditing systems that have been put in place do not operate on an ongoing basis due to the technicality and costs that might be incurred to support such a system. It is due to this fact that most continuous auditing system generate near real-time data (Brynes, 2012). In this respect, the current systems are thus not in a position of detecting errors and frauds in an optimized manner. Therefore, continuous auditing systems need to develop real-time solutions in order to enhance the level of assurance that is provided to the audit committee, the management, and other stakeholders.
To realise this vision, many scholars have come up with proposals that utilize information technology to enhance the overall auditing process. The proposed systems will be able to continuously capture information from disparate data systems hence detecting any form of irregularities or fraud as they occur. Consequently, these proposed systems will be in a position of assessing and analyzing financial transactions as they are conducted. This is considered as a proactive approach in auditing since it will ensure that any form of irregularity is detected when it is committed hence protecting an organization from adverse outcomes that might affect its sustainability and in the short run and in the long run.
Continuous auditing has been designed to overcome the drawbacks of traditional auditing by utilizing technology to generate real-time or near real-time financial information. As such, this concept has enhanced the overall of monitoring and assessment of financial information by detecting any forms of errors and fraud that pose danger to the running and management of a given firm. Through this approach, firms can therefore detect any errors or frauds in their earlier forms and hence bring about corrective measures to restore the normal their functionality. This is essential as it ensures that firms in the contemporary world will operate in accordance to their policies and frameworks to achieve their set missions, goals, and objectives. Through continuous auditing, therefore, firms can make sound decisions that will enable them to stay on a competitive edge over their rivals and hence become sustainable in the short run and in the long run.
Brynes, P. (2012). ‘Evolution of Auditing: From the Traditional Approach to the Future.’ AICPA, 1(1), 1-9.
Best, P.,(2009). ‘Continuous Fraud Detection in Enterprise Systems through Audit Trial Analysis.’ Journal of Digital Forensics, Security, and Law, 4(1), 39-60.
Coderre, D. (2005). ‘Continuous Auditing: Implications for Assurance, Monitoring, and Risk Control.’ GTAG, 1(1), 1-32.
Kogan, A. (2004). ‘Principles of Analytic Monitoring for Continuous Assurance.’ Journal of Emerging Technologies in Accounting, 1(1), 1-21.
Kuhn, J. and Sutton, S. (2010). ‘Continuous Auditing in ERP System Environments: The Current State and Future Directions.’ Journal of Information Systems, 24(1), 91-112.
O’Riley, A. (2006). ‘Continuous Auditing: The Wave of the Future.’ The Corporate Board, 1(1) 24-26.
Marks, N. (2009). ‘Beyond Continuous Auditing.’ International Auditor, 1(1), 51-55.
Rezaee, Z., Sharbatoghlie, A., Elam, R., and McMickle, P. (2002). ‘Continuous Auditing: Building Automated Auditing Capability.’ Auditing: A Journal of Practice and Theory, 21(1),147-163.