（2005）Reasons to Adopt Continuous Controls Monitoring and Auditing.pdfVIP

12 Reasons to Adopt Continuous Controls Monitoring and Auditing *Editors Note: Reprinted by permission of Jefferson Wells Important Considerations Before You Do Management and audit professionals have long understood that continuous monitoring of business activities could help reduce errors and detect unapproved or inappropriate activities more quickly. Indeed, continuous controls monitoring (CCM) and continuous controls auditing (CCA) have roots reaching back to at least the 1980s. Until recently, most companies have not had access to the technological resources required to embrace CCM or CCA. Adding impetus to CCM and CCA was enactment of The Sarbanes-Oxley Act of 2002 (SOX). SOX Section 302 requires management to certify that its internal controls are adequate and its financial reports are properly stated. Additionally, Section 404 of SOX requires management to evaluate its internal controls and render an opinion on them. Initial compliance with SOX Sections 302 and 404 required companies to act quickly and the cost of compliance was high. In May 2007, the Public Company Accounting Oversight Board (PCAOB) addressed concerns regarding the cost of SOX compliance by adopting a new Auditing Standard No. 5 (AS5). AS5 states that external auditors “should be able to rely on self-assessment and, more generally, the monitoring component of internal control, provided the monitoring component is properly designed and operates effectively.” Additionally, AS5 encourages external auditors to “use the work of others to obtain evidence about the design and operating effectiveness of controls.” These “others” may include company personnel, not only internal auditors but third parties working under the direction of management or the audit committee. Due to the large volume of transactions in most businesses and because most businesses employ multiple software packages throughout the company, monitoring internal controls has been a largely manual process in t