Lately, there has been a significant resurgence in the topic of Continuous Auditing and Continuous Monitoring (CA/CM) in operational and financial circles. The main focus of this talk has been with a view toward leveraging these approaches and technologies to better manage business risk. Much of this interest is driven by the increased expectations management and audit committees have to gain better insight into business performance and better manage risk. So it’s understandable that attention has turned toward those whose mandate it is to evaluate and improve the effectiveness of risk management, control and governance processes – Internal Audit.
According to The Institute of Internal Auditors (IIA), the official definition of its profession is: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Many are familiar with the definition in terms of the systematic, disciplined approach to evaluating controls and governance. It is, after all, what many internal audit departments have been asked to do in a post-Sarbanes-Oxley world. But with a significant realignment in the business world owing to the financial crisis, concern over internal controls assurance from a legislative perspective is taking a back seat to effective risk management and improving overall business performance. That’s where the other half of the definition of internal auditing comes in, the value-add consulting internal auditing can provide to help improve an organization’s operations and overall risk management processes.
You can read the full article “Auditors Don’t Just do Audits” here.