Software that supports the internal audit process is nothing new, but the field may be poised to head in a wholly different direction. In the best-case scenario, that direction will lead to more accurate audits, reduced costs for both internal and external audit, and elevated roles for internal audit executives.
Whether that potential will be fully realized is anyone’s guess. But if it is, a developer that announced itself publicly only seven months ago — and which has exactly one customer using its flagship product — could become a central player.
The product, ReliantAuditor, provides “continuous monitoring” and “continuous auditing” of financial, compliance, operational, and IT transactions and internal controls. Its interpretation of “continuous,” though, goes beyond fairly loose industry-standard definitions of the term.
The Institute of Internal Auditors, for example, defines continuous auditing as “any method used by auditors to perform audit-related activities on a more continuous or continual basis.” To the American Institute of Certified Public Accountants, it is “a type of auditing which produces audit results simultaneously with, or a short period of time after, the occurrence of relevant events.”
Since the Sarbanes-Oxley Act was passed, companies have increasingly preferred continuous monitoring and auditing over scheduled monthly or quarterly audits. However, auditing small samples of a company’s transactions and events that are subject to business rules and processes — as many companies still do — fits within the commonly used definitions of continuous.
ReliantAuditor, developed by Laguna Niguel, Calif.-based Reliant Solutions, is designed to monitor and audit 100 percent of transactions and events, rather than a sampling — and in real time, not shortly after events occur.
A number of applications that can be adapted for governance, risk, and compliance (GRC) purposes provide continuous monitoring and auditing in some fashion, but may not achieve a 100 percent audit or work in real time.
Perhaps even more significant is ReliantAuditor’s one-stop-shop approach. Other products can be configured, often with great effort by the user, to audit various specific internal controls — for example, segregation of duties, documentation management, work flow, access to critical transactions, and a multitude of others. But none of them comes close to providing the full range of audit analytics, according to observers of GRC automation.
Some are seeing ReliantAuditor as a breakthrough product because it provides, within a single application, an integrated solution — and one that addresses the specific and evolving needs of audit executives.
“We’re recognizing that internal audit has a different role now that incorporates a lot of the characteristics of the different pieces of software used in the GRC space, and Reliant has packaged a lot of that together,” said Kathleen Wilhide, research director for GRC and BPM solutions at IDC, the business technology research firm. “It’s really targeted in its entire design to be sold into internal audit.”
Filling a Void
Wilhide, a certified public accountant and a former SAP vice president who was responsible for that company’s financial solutions, recently wrote a report outlining the advantages that spring from Reliant’s approach. “The project management and testing tools of the past do not scratch the surface of requirements to tap into enterprise systems on a routine basis, analyze large volumes of transactions based upon business rules, and put these activities and results in the context of enterprise-wide risk and compliance activities,” she wrote.