（2008）Auditor Ethics for Continuous Auditing and Continuous Monitoring.pdfVIP

Copyright © 2008 Information Systems Audit and Control Association. All rights reserved. www.isa . Auditor Ethics for Continuous Auditing and Continuous Monitoring By Jill Josep h Daigle, CISA, CIA, CISSP, Ronald J. Daigle, Ph.D., CPA, and James C. Lamp e, Ph.D., CPA nformation technology (IT) auditors within internal audit Prior to considering the use of ACL, Amedisys had met its departments are in a position to add great value to their section 404 compliance needs by establishing a compliance Iorganizations. Many IT auditors have found that department at the corporate level, assigning a Sarbanes-Oxley continuous auditing (CA) and continuous monitoring (CM) manager in the accounting department and assigning provide effective control assessments at very low marginal Sarbanes-Oxley compliance for IT-related matters to the cost. Managers have also quickly recognized the value added compliance manager in the IT department. Specific scripts by CA and CM. However, a common unrecognized ethical were designed, developed, maintained and used on a recurring dilemma exists when an IT auditor provides both CA and basis by the IT auditors, which further assisted with meeting CM: the potential for losing long-term auditor independence Sarbanes-Oxley compliance. and obj ectivity because of the different purposes each service The ACL scripts were recognized as being so useful for has within an organization. testing key controls that management became interested in This article describes an occurrence of this dilemma that