Recent international regulations have placed the need for monitoring internal controls at the top of the boardroom agenda. Having controls in place is a basic business requirement, but it is no longer enough. Controls break down over time, they don’t always operate as designed, and they often fail to keep up with businesses as they, and their operations and strategies, change. Monitoring these internal controls allows management to be alerted quickly about factors that can have significant effects on their businesses.
Monitoring Internal Control Systems and IT, a new publication from ISACA, helps enterprises design and implement monitoring processes of key controls to reach their business goals and objectives. It provides practical guidance on how to monitor information technology (IT) controls and how to apply IT to support and sustain monitoring activities. The publication also examines continuous monitoring and how it can lead to quicker detection of control failures, resulting in saved time and expense.
According to the Committee of the Sponsoring Organizations of the Treadway Commission (COSO), monitoring is the set of tasks implemented to help ensure that internal controls continue to operate effectively. Even though automated monitoring of controls can bring significant benefits, enterprises still face challenges including complex IT environments, key controls that are difficult to identify, and the difficulty of data extraction and analysis. Monitoring Internal Control Systems and IT offers a road map to help organizations address these challenges.
The ISACA publication offers case studies and examples to clearly illustrate how an enterprise can implement automated IT monitoring activities to address other business problems and even identify the root cause behind ineffective controls. It also offers practical tools such as a sample worksheet that helps professionals develop a strategy on how best to leverage automation to monitor key controls.
“In addition to improving compliance and reducing costs, continuous monitoring can also be used to help prevent fraud,” said Ken Vander Wal, CISA, CPA, chair of the publication’s development team. “With organizations clearly demonstrating an increased focus on the monitoring of controls, they reduce the opportunity for illegal or unethical activities.”
Continuous monitoring of controls is important for enterprises of all sizes, according to the ISACA guide.
“While the benefits of continuous monitoring might seem more obvious in large organizations, small-to-medium enterprises can also benefit from building monitoring of their most important controls directly into their operating processes and IT solutions,” said Russ Gates, President of Dupage Consulting LLC and a contributor to the publication. “Management can gain more timely and reliable insight about the effectiveness or failure of a key control. This can have a direct effect on the bottom line.”