Monday, January 31, 2011

How to update the IIA GTAG for what's new in Continuous Auditing?

Today's blog seeks to assimilate some of the things we heard at the IIA International conference last summer in Atlanta, in advance of this week's IIA Working Group discussions regarding the Global Technology Audit Guide (GTAG) on Continuous Auditing #3. The purpose of the Working Group discussions are to identify areas of the GTAG that require updating, so we are pleased to be able to participate with such an esteemed group of colleagues.

I wrote last summer about the IIA International conference, and how Data Analysis and Continuous Auditing were discussed at that three of the more interesting presentations at that conference. Those presenters Dan Kneer, Steve Biskie (ACL Services) and Robert Mainardi, and each presenter spoke on some combination of Data Analysis, Continuous Auditing, and Continuous Monitoring. Though they used many of the same words and terms, their perspective often seemed quite different.

Is Continuous Auditing about audit project selection and Risk Assessment. Yes. So techniques such as regression analysis, ratio analysis, and other analysis of aggregate data should be considered in any GTAG update. But Continuous Auditing is also about more frequent updates of subjective data, like control self-assessment, surveys, and call program activities. Similarly Continuous Auditing can and should include data analysis of transaction details. And greater frequency of data analysis, to include Visual Reporting also aid greatly in Risk and Control Assessment activity. Perhaps text analytics and analysis of unstructured data too.

Looking forward to this week's Working Group, so we can find some distinctive words to distinguish the various types of Continuous Auditing activities for inclusion in any updates to the GTAG.

Since Continuous Auditing can

Joe Oringel
Visual Risk IQ
Charlotte, NC USA