Software that supports the internal audit process is nothing new, but the field may be poised to head in a wholly different direction. In the best-case scenario, that direction will lead to more accurate audits, reduced costs for both internal and external audit, and elevated roles for internal audit executives.

Whether that potential will be fully realized is anyone's guess. But if it is, a developer that announced itself publicly only seven months ago — and which has exactly one customer using its flagship product — could become a central player.

The product, ReliantAuditor, provides "continuous monitoring" and "continuous auditing" of financial, compliance, operational, and IT transactions and internal controls. Its interpretation of "continuous," though, goes beyond fairly loose industry-standard definitions of the term.

The Institute of Internal Auditors, for example, defines continuous auditing as "any method used by auditors to perform audit-related activities on a more continuous or continual basis." To the American Institute of Certified Public Accountants, it is "a type of auditing which produces audit results simultaneously with, or a short period of time after, the occurrence of relevant events."

Since the Sarbanes-Oxley Act was passed, companies have increasingly preferred continuous monitoring and auditing over scheduled monthly or quarterly audits. However, auditing small samples of a company's transactions and events that are subject to business rules and processes — as many companies still do — fits within the commonly used definitions of continuous.

ReliantAuditor, developed by Laguna Niguel, Calif.-based Reliant Solutions, is designed to monitor and audit 100 percent of transactions and events, rather than a sampling — and in real time, not shortly after events occur.

A number of applications that can be adapted for governance, risk, and compliance (GRC) purposes provide continuous monitoring and auditing in some fashion, but may not achieve a 100 percent audit or work in real time.

Perhaps even more significant is ReliantAuditor's one-stop-shop approach. Other products can be configured, often with great effort by the user, to audit various specific internal controls — for example, segregation of duties, documentation management, work flow, access to critical transactions, and a multitude of others. But none of them comes close to providing the full range of audit analytics, according to observers of GRC automation.

Some are seeing ReliantAuditor as a breakthrough product because it provides, within a single application, an integrated solution — and one that addresses the specific and evolving needs of audit executives.

"We're recognizing that internal audit has a different role now that incorporates a lot of the characteristics of the different pieces of software used in the GRC space, and Reliant has packaged a lot of that together," said Kathleen Wilhide, research director for GRC and BPM solutions at IDC, the business technology research firm. "It's really targeted in its entire design to be sold into internal audit."

Filling a Void
Wilhide, a certified public accountant and a former SAP vice president who was responsible for that company's financial solutions, recently wrote a report outlining the advantages that spring from Reliant's approach. "The project management and testing tools of the past do not scratch the surface of requirements to tap into enterprise systems on a routine basis, analyze large volumes of transactions based upon business rules, and put these activities and results in the context of enterprise-wide risk and compliance activities," she wrote.

"What has been lacking," she continued, "is timely, context-based analytics that can provide audit teams with a continuous view of risk and control issues while at the same time providing audit evidence to support an auditor's risk assessment and findings."

Reliant comes prepackaged with a large library of controls based on commonly used business rules and processes. While it accommodates customization, a selling point is the opportunity to get up and running quickly. Wilhide is buying it. "The value is that it has these predelivered controls and business rules, which makes it much quicker to implement," she said.

Added Heriot Prentice, director of standards and guidance for The Institute of Internal Auditors, "Most of the [GRC software] products are not ones that you can just plug in and they suddenly run. If this new package is something that's quite intuitive and doesn't take a lot of end-user knowledge to get the thing working, it will have a huge advantage."

Vision of Transparency
ReliantAuditor is the brainchild of Dipak Shah, a retired investment banker. The product's genesis goes back to his days in that business, where he said he routinely observed accountants exiting companies just as deals were scheduled to go through. "Often there was an audit-related issue that came up at the 11th hour during the due diligence," he told CFO.com. "I started to wonder why there was no clear-cut visibility [on audit issues]."

Shah developed a vision of a continuous auditing tool that would provide complete transparency on all business processes and internal controls to a company's internal and external auditors, C-level executives, and operational managers.

• 1
• 2
• 3
• next »