Continuous auditing (CA) and continuous monitoring (CM) methods are ideal to address evolving, complex risk environment, meet ever-changing regulatory, business, and industry requirements and can form one of your core tools for an integrated GRC.
This session will discuss key success factors required for implementing continuous auditing and continuous monitoring techniques in organisations.
  • Application of systems thinking to risk management – the linkage between people, process and technology when implementing continuous auditing & continuous monitoring
  • Implementation from an auditing perspective
  • When will this arise? (could be part of the continuous auditing/monitoring techniques, whistleblower or dawn raid)
  • Important to forensically gather evidence (especially in important matters like FCPA investigations)
  • CF tools can help ID important data (deleted files, etc)
  • ED tools can help analyze larger amounts of active data




Scott Warren, Managing Director, Kroll Ontrack

Felix Fung, Head of Risk Management, Bank Sinopac

Lionel Choong, Acting CFO, Global Regency



Lionel Choong

"We need to build an ethical/professional culture in our companies as it is not possible to regulate or legislate ethical behaviour.  Ensuring sound ethical practices requires participation-and even leadership- from all ranks.  The CFO occupies a focal point of that leadership and are guardians of company Accounting & Other Records & Internal Control Systems (AORICS) and partner to CEO and the board.  This dual part of stewardship and strategist provides the CFO a key role in disseminating ideas and attitudes on ethical practice throughout the company.
We need governance & compliance in order to ensure transparency and accountability to provide assurance that “we are actually doing what we say we’re doing.”  The rewards of transparency/visibility in decision making is to preserve company’s reputation, higher credibility, public confidence and enhanced valuation.
We can spend time like Enron did in having an impressive detailed code of conduct/ethics which is circumvented but rather need to promote a culture of principles-based approach to provide companies with a "moral compass" by which to navigate its business-as a Preventative measure.
We then need to rely on AORICS  to mitigate compliance risk, detect and correct any irregularities-Detective/Corrective.  Critical to this systems based approach is the implementation of Enterprise risk/performance management systems to provide Biz Insight and tracking compliance."
For further information, please contact:
Felix Fung
System thinking as a supplementary tool to continuous auditing and continuous monitoring
Implementing continuous auditing needs full understanding of whole operations in an organization. We need to identify sub-systems that can feed audit information constantly in a cost effective way. 
To understand the whole operations, it is more effective to analyze big and small systems using system thinking. Systems possess several characteristics: Emergency, Hierarchy, Control and Communication. Also, we can understand the operations through root definition analysis: CATWOE. 
C for Customer 
A for Actor 
T for Transformation process
W for Worldview 
O for Owner
E for Environment
After all, we list down all the systems and operations; identify controls and risks behind operations; prioritize them with risk ratings. Using system thinking, it is an effective way to organize all the system and subsystems within an organization, and devise good mechanism for operational risk control and continuous auditing.  
For further information, please contact:

Leave a Reply

You must be logged in to post a comment.