SAP BusinessObjects has published a thought leadership paper that focuses on why continuous auditing by itself is incomplete and may lack relevance to an entity’s key risks.

The paper, “A Look into the Future: The Next Evolution of Internal Audit—Continuous Risk and Control Assurance,” instead reasons that a top-down and risk-based approach should be used to drive a program where internal audit provides its stakeholders with continuous assurance that the organization’s critical risks are managed within organizational tolerances and related controls are operating effectively.

Norman Marks, vice president of governance, risk, and compliance for SAP BusinessObjects Division tells Compliance Week that this is achieved by a combination of continuous risk monitoring, continuous auditing of controls and testing of data (which includes continuous fraud detection), performance of periodic manual testing where necessary, and the continuous reporting of risk and control health to management and the board.

The paper can be dowloaded here.