Considering the current environment of rising risks, regulatory activity, and compliance costs, one of the popular market trends the latest years next to data analytics and business information management is Continuous Monitoring and Continuous Auditing.
Continuous Monitoring and Continuous Auditing seeks to add value by improving compliance and supporting business goals. From a technology perspective, it enables a high degree of automation to monitor systems and data, and implements closed-loop mechanisms for any exceptions detected. As a monitoring mechanism, Continuous Monitoring and Continuous Auditing helps to detect irregularities in system configurations, processes and data, either from a risk or a performance perspective.
Continuous Monitoring is a feedback mechanism used by management to ensure that controls operate as designed and that transactions are processed as described. This monitoring is the responsibility of management and can form an important component of the internal control structure. On the other hand, Continuous Auditing is the collection of audit evidence and indicators by either the external auditor or the internal auditor in IT systems, processes, transactions and controls on a frequent or continuous basis throughout the period.
The potential values of Continuous Monitoring and Continuous Auditing are various:
- Enhanced governance and more timely oversight of compliance across the enterprise
- Improved efficiency and effectiveness of the control environment through automation, leading to cost-reduction opportunities
- Business improvement through reduced errors and improved error remediation, allowing reallocation of resources to value-adding activities
- The ability to report more comprehensively on compliance with internal and regulatory requirements
- Financial and non-financial ROI
Business intelligence platforms can often provide realtime operational performance data and financial ERP data that is often difficult to replicate due to the complexities of the source data. The analytical tools, such as ACL, IDEA or SAS, or the more dedicated monitoring tools like SAP GRC, BWise, Oversight, EMF and Approva can be used to consolidate the various data elements into a single comprehensive model. The key is to normalize the data into meaningful standard measures so that different parts of the enterprise can be compared to one another using ratio analysis, say per 100 employees. Once in place, Internal Audit can include this information to identify areas of risk, or to confirm empirically what has been identified through management interviews and control risk self-assessments.
While continuous auditing of specific business processes provides value in and of itself, the greatest value lies in the ability to assess the state of the enterprise as whole through the continual assessment of data-driven key risk indicators. In order to get this work, Continous Monitoring and Continuous Auditing typically consists of functionality such as data extraction from source systems, data analysis, case management and reporting. It is about identifying and controlling financial and operational risks embedded in business systems at runtime from a risk view.
One of the other benefits that can be realized through the adoption of Continuous Monitoring and Continuous Auditing is increased detection and prevention of fraud. Today’s tax and welfare agencies are increasingly facing new and sophisticated methods of tax evasion and welfare fraud. For example, IT Services major Capgemini, together with leading analytics providers SAS, recently launched the solution Trouve to combat this. As Capgemini promises, Trouve (video) helps you to significantly reduce tax evasion as well as welfare fraud and error, while reducing the burden on honest citizens and improving productivity.
Through advanced digital technology and analytics, agencies can confront their challenges head on with the help of a more complete picture of the taxpayer or claimant, the ability to build more sophisticated risk factors/models, which pinpoint high risk case, the ability to risk and intervene as part of the core processing value chain, preventing fraudulent payments or acting much more quickly to recover the money. And well, the solution, combining business and IT change has all the elements of a Continuous Monitoring and Continuous Auditing tool:
Data provisioning (extraction) – the ability to obtain, integrate, cleanse and match data from internal, other government, and third party sources in order to build a citizen centric view
- Case management to progress cases using workflows, capturing the outcomes in order to inform compliance strategy, risk factors/models and operational best practices
- Analytic capability applying a range of techniques including risk rules, anomaly detection and entity link analysis to understand the characteristics of a new type of fraud; how to spot the fraud; and to develop and refine deterministic and predictive risk factors/models that can be automated, incorporating feedback from the outcome of each intervention
- SAS dashboard and reporting capabilities for a range of KPIs, including size of debt, age, roll rate, write offs and cost to recover
Continuous monitoring is a big one next to or part of Business Intelligence, Analytics and Information Management.