AUDIT ANALYTICS AUDIT
1JWn3ix
1JWn3ix
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ESSAY 6: MANAGING RISK AND THE <strong>AUDIT</strong> PROCESS<br />
profile. The authors also contend that CRMA should ideally be fully<br />
integrated within a structure that includes both Continuous Controls<br />
Monitoring (CCM) and Continuous Data Assurance (CDA) such that a<br />
robust system of continuous auditing is ultimately achieved (figure 6-1).<br />
Figure 6-1: Integrated Components in Continuous Auditing<br />
(Vasarhelyi, Teeter, Krahel 2010)<br />
In practice, there might be an initial tendency to implement one or more<br />
of the modules in a mutually exclusive manner. For instance, an<br />
organization might elect to adopt CRMA as part of a risk management<br />
initiative but not incorporate it with CCM or CDA at that point. While<br />
this will certainly be beneficial, eventual integration of all three<br />
components will produce synergistic effects. For example, as the CCM<br />
module identifies internal control failures and other issues, this<br />
information can be provided as input to the CRMA program, thus<br />
potentially impacting one or more of the risk measures being monitored,<br />
as well as offering evidence pertaining to whether revision of the risk<br />
profile and corresponding metrics (for example, key risk indicators) is<br />
advisable. Furthermore, as risk measures fluctuate in the CRMA system,<br />
this information can serve as input to the CCM module, allowing it to<br />
proactively address changes in business risk (Moon 2014a). While the<br />
CRMA architecture can add value by itself, it can be fully leveraged when<br />
combined with CCM and CDA to provide a complete system of<br />
continuous auditing and monitoring.<br />
131