Visual Risk IQ presented a session on Continuous Controls Monitoring (CCM) at the IIA's District Conference in Greensboro on March 14, and we had nearly 100 people join us for a dialog about how to get started with CCM and/or Continuous Auditing (CA). Several of the audience had seen us at either Triad or Charlotte CCM / CA training sessions, either alone or with ACL, Oversight, or Apex Analytix.
So to create some distinction from other CPE sessions we've made, we focused mostly on the maturity model and recommended first steps to move from current state toward a mature, highly frequent and in-depth process for risk and control assessment. We de-emphasized that the technology components and emphasized the importance of audit process, risk assessment approach, gaining buy-in from business process owners, training for IA staff. The non-technology components of embarking on a project.
Something very interesting happened. The Q&A was more lively. The audience was highly engaged, and a couple of audit directors came up to us after the presentation to thank us for NOT talking so much about software. It seems they hear (way too often) about the ways Brand X, Brand Y, or Brand Z software can make their audit function better. But their experience is that any prior technology investments are often short-lived because the technology often requires other changes to be made, and those changes are not well understood or sustained.
So we'll continue to talk about our experiences and approach to CA and CCM, including how more modern software can often help. But any discussion of software will be a late bind, and we'll start with emphasizing how audit functions can achieve marked increases in productivity, simply by better utilizing tools they already have.
Feel free to write or comment, and we'll share our presentation with you if you were unable to attend the Conference in Greensboro.
Joe Oringel
Visual Risk IQ
Charlotte NC, USA
www.visualriskiq.com
Sunday, March 16, 2008
Wednesday, March 12, 2008
Defining Continuous-ness. One more reason why I love my mother-in-law
Donna, my mother-in-law, is a terrific lady. I remember meeting my then future in-laws less than a month after my wife and I began dating. They were fun, light-hearted, and affectionate toward their immediate family, extended family, and each other. Throughout literally dozens of moves across the country through a military career, they remain in touch with their many friends. Often via Donna's holiday letter. Which brings me to continuous auditing. Really.
This year, as she has during their forty-plus years of marriage, Donna recounted an update of their family's travels, joys, and important life events. Included in this years business was an update on my immediate family and a brief mention of my new business. "Joe has started a business focused on continual auditing..." Which brought about an interesting discussion about continuous-ness and continual.
Our dictionary makes a clear distinction between continuous and continual. "In precise usage, continual means 'frequent, repeating at intervals' and continuous means 'going on without pause or interruption" and provides instruction to "Avoid using continuous or continuously as a way of describing something that occurs at regular or seasonal intervals: in the sentence, "The White House's tree-lighting ceremony has been held continuously since 1923, the word continuously should be replaced with continually or annually."
So my mother-in-law is right. After all, we're trying to help our clients update the frequency of their risk and control assessments to be quarterly or monthly. And to assess some key controls as frequently as weekly or daily. But not to assess risk or controls without pause or interruption.
My partner Kim Jones and I have often talked about how continuous auditing should be about working smarter, not harder. Doing more with less. So stay tuned and see how we can begin to make this new label stick.
Joe Oringel
Visual Risk IQ
Charlotte NC, USA
This year, as she has during their forty-plus years of marriage, Donna recounted an update of their family's travels, joys, and important life events. Included in this years business was an update on my immediate family and a brief mention of my new business. "Joe has started a business focused on continual auditing..." Which brought about an interesting discussion about continuous-ness and continual.
Our dictionary makes a clear distinction between continuous and continual. "In precise usage, continual means 'frequent, repeating at intervals' and continuous means 'going on without pause or interruption" and provides instruction to "Avoid using continuous or continuously as a way of describing something that occurs at regular or seasonal intervals: in the sentence, "The White House's tree-lighting ceremony has been held continuously since 1923, the word continuously should be replaced with continually or annually."
So my mother-in-law is right. After all, we're trying to help our clients update the frequency of their risk and control assessments to be quarterly or monthly. And to assess some key controls as frequently as weekly or daily. But not to assess risk or controls without pause or interruption.
My partner Kim Jones and I have often talked about how continuous auditing should be about working smarter, not harder. Doing more with less. So stay tuned and see how we can begin to make this new label stick.
Joe Oringel
Visual Risk IQ
Charlotte NC, USA
Subscribe to:
Posts (Atom)
