ABSTRACT
Management is responsible for the establishment and monitoring of objectives, risks, and controls. Internal auditors are responsible for reviewing programs and processes, but should not co-manage business operations. Both Continuous Monitoring (CM) and Continuous Auditing (CA) typically rely on Information Technology (IT)-enabled tools to monitor processes, transactions, and accounts to improve the effectiveness of internal auditors and management. CA can augment internal audit's efficiency by honing into questionable activities for further research, rather than spending a great deal of time sampling transactions wondering if anything will be identified. CM is done by management and CA is done by internal auditors, whose mandates overlap in their oversight role over risks and controls. CM and CA require usable data, a risk-mindset, coordination with control owners and timely remediation. These continuous procedures can improve governance, risk management, and compliance while reducing cost.
