Experience of Leading Edge Organizations with CA CM Understanding

Experience of Leading Edge Organizations with CA/CM: Understanding the Challenges around People, Process and Technology

The Audit Maturity Model (1) Stage 1 Stage 3 Stage 4 Traditional Audit Objectives Stage 2 Emerging Maturing Continuous Audit a. Assurance on the financial reports presented by management a. Effective control monitoring a. Tooling a. Manual processes & separate IT audit a. Spots of IT and financial / OA audit integration a. Approach a. Traditional interim and year-end audit a. Traditional plus some key monitoring processes a. b. Case by case basis Data is captured during the audit process a. Repeating key extractions on cycles a. none a. Audit management software Work paper preparation software a. IT/Data access Audit Automation b. b. Verification of the quality of controls and operational results a. b. Auditing links financial to operational processes Usage of alarms as evidence Continuous control monitoring a. Most of audit automated a. Audit by exception Systematic monitoring of processes with data capture a. Automated monitoring module Alarm and followup process a. Complete data access Audit data warehouse, production, finance, benchmarking and Continous error history monitoring and immediate response c. b. Audit by exception Improvements in the quality of data Creation of a critical metacontrol structure

The Audit Maturity Model (2) Stage 1 Stage 2 Stage 3 Stage 4 Traditional Audit Emerging Maturing Continuous Audit and management sharing a. Independent and adversarial a. Independent with some core monitoring shared a. Management of audit functions a. Financial organization supervises audit and matrix to BOD a. Some degree of coordination between the areas of risk, auditing and compliance IT audit works independently a. Financial ratios at sector level a. b. Analytic methods a. Financial ratios a. b. c. Shared systems and resources where natural process synergies allow IA and IT audit coordinate risk management IA shares with IT audit automatic audit processes a. Purposeful Paralel systems and common infrastructures a. KPI level monitoring Structural continuity equations Monitoring at transaction, account and fiancnial report account level a. Centralized and integrates with risk management, compliance and SOX/ layerd with external audit. High level of reliance. Corporate models of the main sectors of the business Early warning system b.

The Audit Maturity Model (4)