The event provided opportunity to reconnect with friends and colleagues from most of the CA / CCM software firms, from academia, and most importantly, with other early adopters of CA / CCM. Most attendees had already committed to some level of CA / CCM at their firms, each with varying levels of success. Some observations from the presentations:
- External auditors opine on a balance sheet as of one day each year. Not much continuous about that. Internal Auditing should be leading the charge for Continuous Auditing.
- Most CCM applications focus on a single application - P-Card, Procure to Pay, or Journal Entry review, likely because of simpler data models and availability of commercial software. Exceptions are IBM (Order to Cash) and HP (IT General Controls)
- Organizations that are the best candidates for CCM are those that have a zero tolerance for Compliance exceptions and also a relentless desire for Continuous Improvement.
- Internal audit can be the CA / CCM learning lab for the rest of Company. See Terry Hickman's presentation (Proctor & Gamble) for more information.
- Most savings realized by audit teams through Continuous Auditing are re-directed toward emerging risks and increasing coverage.
- Continuous auditing and data analytics jobs are out there, but the quantity and quality of applicants has been below expectations, according to several hiring managers.
- New software entrants such as SymSure for IDEA and ACL's Audit Exchange 2 (AX2) are sparking new projects in CA, as their price point is a marked improvement relative to more comprehensive CCM tools that have previously been available.
Our presentation emphasized some of the challenges of defining Continuous Auditing. At some organizations, the term means Continuous Risk Assessment. At others, it means Control Assessment of configurable controls or Control Assessment of Transactions. If people that are doing CA / CCM use the same words for different activities, it's hard for others to follow this leadership. For more information on the conference, see: Rutgers WCAS.
Did you attend? What were your key take-aways. All comments are welcomed!
Joe Oringel
Visual Risk IQ
Charlotte NC, USA
Did you attend? What were your key take-aways. All comments are welcomed!
Joe Oringel
Visual Risk IQ
Charlotte NC, USA
1 comment:
I often struggle with practical application of Miklos' theoretical concepts of where this area might move. But I did latch on to his view of cont auditing as an aggregation of cont data audit, cont controls monitoring, and cont risk monitoring/assessment. Also, I think the candid discussion about the scarcity of needed skills in new hires by firms or companies was informative & challenging. We're all seeking that grail of a candidate who has written/verbal/non-verbal communication cred, biz awareness, IT tech savvy, DNA to ask 2nd/3rd questions, etc. + ability to RETAIN that person if ever located & hired.
Post a Comment