Abstract

With the emergence of mission-critical real-time systems becoming ever more important to the competitive strategies of corporations and their e-business and supply-chain models, an increasing number of process controls are being embedded into information systems, and co-processed with business transaction thus providing for the continuous monitoring of business operations. A parallel trend in the auditing industry is towards continuous auditing, able to provide management with real-time auditing of the functioning of controls and of business transactions, thus enhancing significantly management’s ability to ensure compliance and make key business decisions. Continuous auditing requires that information systems are developed not only to fulfill business requirements but also continuous monitoring of transactions and other compliance and control requirements. This integration of business systems and their controls within a process-centric logic necessitates a likewise integration of their development processes. Subsequently existing tools and techniques for requirements analysis need to be recast within a hybrid and integrated approach dubbed requirement analysis for process-centric continuous monitoring or RA-PCCM, which consists of the concurrent analysis of operational systems, information systems, the control system, and the management system. Whilst efforts exist within the auditing community to outline a process-driven methodology for developing continuous auditing systems, this paper argues for integrating control development for continuous monitoring within the fold of information system development, hence restricting auditors to control monitoring assurance.

Share

COinS