ABSTRACT
This chapter examines the methods and processes facilitated by continuous monitoring to ensure that crucial policies, processes, and internal controls are both adequate and operating effectively. Traditionally, internal auditing has focused data analysis on a sample basis and gained insight from transactional data that exists in individual systems in order to perform its work. Continuous monitoring enables management to continually review business processes for adherence to and deviations from their intended levels of performance and effectiveness. Monitoring to ensure the ongoing effectiveness of controls designed to ensure the integrity, confidentiality, and fraud-resistance of IT systems is commonly under-resourced or even ignored by the executives responsible for ensuring effective risk management and good governance. In order for any monitoring to be effective, there must be a standard or baseline against which the results of the monitoring can be compared. Only then can the auditor detect deviations from the norm in terms of the effectiveness of control operation.
