IIA Canada National Conference 2023

4.5 How to implement a Continuous Assurance Program in your organization?

05 Oct 2023
10:15 – 11:05
DAY 3 - TRACK 4 - SESSION 5

4.5 How to implement a Continuous Assurance Program in your organization?

Level: Basic

Internal Audit’s traditional approach to evaluating the effectiveness of risk management and internal controls has been retrospective, with testing of controls performed on a cyclical basis, often several months after business activities have occurred. However, considering the evolving role of Internal Audit, advancement in technology and the organization need to respond to changing and emerging risk, there is a need to include ongoing risk and control assessments or continuous assurance using data analytics.

This presentation will showcase, at a basic level, a practical approach to the implementation of continuous assurance. The presentation will highlight the benefits and challenges during implementation, specific examples of data analytics tests that can be implemented to identify unusual patterns and detect red flags, investigation process and reporting and insights in the transitioning of continuous auditing techniques to management to enhance continuous monitoring activities.


COVID-19 has placed a number of challenges on organizations worldwide, with the risk and control environment changed significantly compared to pre- COVID-19. With most of the staff working remotely and trying to keep the lights on, there has been an increased risk of fraud and override of controls due to changes in the processes and the economic downturn. Management and Internal Auditors can play a critical role in assessing the risks, including fraud risks, by implementing a data analytics program. The presentation will also highlight the importance and challenges of implementing a fraud analytics program in the organization to prevent and detect fraud.  It will provide specific examples of fraud analytics tests that can be implemented in this current environment to identify unusual patterns and detect red flags, investigation processes and reporting.