To provide real-time assurance, auditors must rely on continuous auditing. Although the need for continuous auditing is readily apparent, not many auditors have experience in implementing or relying on it. The purpose of this writing is to illustrate how Chan and Vasarhelyi's (2011) stages of continuous auditing might be instantiated in a highly automated procure-to-pay process using the Krishnan et al. (2005) notation for representing controls in business process diagrams. In Stage 1, existing processes and controls are examined to identify the monitoring and testing that is suitable for continuous auditing and confirm sufficient data access. In Stage 2, metrics for evaluating transaction data are defined. In Stage 3, rule-based analytics are developed as benchmarks for determining internal control violations. In stage 4, an audit-by-exception approach is described for determining the level of material errors, omissions, and other anomalies.

You do not currently have access to this content.