Page 469 - ITGC_Audit Guides
P. 469
GTAG — Foundational Continuous Assurance Framework
Foundational Continuous Assurance Framework
The foundational or basic continuous assurance framework encompasses internal audit’s continuous auditing process and
audit testing of continuous monitoring. As the third line of defense in effective risk management and control, internal
audit strives to detect areas of concern within the control framework and, in turn, provide the organization with the highest
practicable level of objective assurance.
Figure 1: Foundational Continuous Assurance Framework
Continuous Assurance achieved through the
internal audit activity’s:
• Audit Testing of First and Second Lines of
Defense Continuous Monitoring.
• Continuous Auditing.
Third Line of Defense:
Internal Audit
Provides Audit Testing of
Independent First and Second
Assurance Lines of Defense
Continuous Continuous
Monitoring Auditing
Through
Second Line Technology-
of Defense:
Functions enabled
Oversee Risks Ongoing Risk
(e.g. Risk Management, Assessment
Compliance) and Ongoing
Control
Continuous Assessment
Monitoring
First Line
of Defense:
Operational
Management
Owns and Manages
Risks
Continuous Auditing
Continuous auditing is achieved through ongoing risk and control assessments enabled by technology-based audit
techniques such as generalized audit software, spreadsheet software or scripts developed using audit-specific software,
specialized audit utilities, CAATs, commercially packaged solutions, and custom-developed production systems.
Technology-based audit techniques should be flexible and scalable to play a key role in optimizing:
4
