If you have been reading my blogs and articles, you know I am an advocate of continuous monitoring (CM) and auditing (CA) – in particular when it is designed to provide assurance that business risks are managed and the related controls are operating effectively. While there is value in the detective, after-the-fact identification of defects in transactions, that is looking at the past. Providing assurance on the management of risks through effective controls has a forward-looking perspective. Controls provide comfort that today’s and tomorrow’s risks are managed and activities are and will be performed as intended.
You can download my paper, Continuous Risk and Control Assurance, at https://www.box.net/shared/0zviy39irb .
There have been a few developments:
– a report by the analyst firm Gartner on CA/CM software solutions
– a new publication by KPMG on the topic, and
– affirmation for my ideas.
These are discussed in my latest blog at http://normanmarks.wordpress.com/