The product, ReliantAuditor, provides "continuous monitoring" and "continuous auditing" of financial, compliance, operational, and IT transactions and internal controls. Its interpretation of "continuous," though, goes beyond fairly loose industry-standard definitions of the term.

The Institute of Internal Auditors, for example, defines continuous auditing as "any method used by auditors to perform audit-related activities on a more continuous or continual basis." To the American Institute of Certified Public Accountants, it is "a type of auditing which produces audit results simultaneously with, or a short period of time after, the occurrence of relevant events."

Since the Sarbanes-Oxley Act was passed, companies have increasingly preferred continuous monitoring and auditing over scheduled monthly or quarterly audits. However, auditing small samples of a company's transactions and events that are subject to business rules and processes — as many companies still do — fits within the commonly used definitions of continuous.

ReliantAuditor, developed by Laguna Niguel, Calif.-based Reliant Solutions, is designed to monitor and audit 100 percent of transactions and events, rather than a sampling — and in real time, not shortly after events occur.

A number of applications that can be adapted for governance, risk, and compliance (GRC) purposes provide continuous monitoring and auditing in some fashion, but may not achieve a 100 percent audit or work in real time.

Perhaps even more significant is ReliantAuditor's one-stop-shop approach. Other products can be configured, often with great effort by the user, to audit various specific internal controls — for example, segregation of duties, documentation management, work flow, access to critical transactions, and a multitude of others. But none of them comes close to providing the full range of audit analytics, according to observers of GRC automation.

Some are seeing ReliantAuditor as a breakthrough product because it provides, within a single application, an integrated solution — and one that addresses the specific and evolving needs of audit executives.

"We're recognizing that internal audit has a different role now that incorporates a lot of the characteristics of the different pieces of software used in the GRC space, and Reliant has packaged a lot of that together," said Kathleen Wilhide, research director for GRC and BPM solutions at IDC, the business technology research firm. "It's really targeted in its entire design to be sold into internal audit."

Filling a Void

Wilhide, a certified public accountant and a former SAP vice president who was responsible for that company's financial solutions, recently wrote a report outlining the advantages that spring from Reliant's approach. "The project management and testing tools of the past do not scratch the surface of requirements to tap into enterprise systems on a routine basis, analyze large volumes of transactions based upon business rules, and put these activities and results in the context of enterprise-wide risk and compliance activities," she wrote.

"What has been lacking," she continued, "is timely, context-based analytics that can provide audit teams with a continuous view of risk and control issues while at the same time providing audit evidence to support an auditor's risk assessment and findings."

Reliant comes prepackaged with a large library of controls based on commonly used business rules and processes. While it accommodates customization, a selling point is the opportunity to get up and running quickly. Wilhide is buying it. "The value is that it has these predelivered controls and business rules, which makes it much quicker to implement," she said.

Added Heriot Prentice, director of standards and guidance for The Institute of Internal Auditors, "Most of the [GRC software] products are not ones that you can just plug in and they suddenly run. If this new package is something that's quite intuitive and doesn't take a lot of end-user knowledge to get the thing working, it will have a huge advantage."

Vision of Transparency

Reliant Auditor is the brainchild of Dipak Shah, a retired investment banker. The product's genesis goes back to his days in that business, where he said he routinely observed accountants exiting companies just as deals were scheduled to go through. "Often there was an audit-related issue that came up at the 11th hour during the due diligence," he told CFO.com. "I started to wonder why there was no clear-cut visibility [on audit issues]."

Shah developed a vision of a continuous auditing tool that would provide complete transparency on all business processes and internal controls to a company's internal and external auditors, C-level executives, and operational managers.

In February 2006, he met Bill Hagerman, executive director of internal audit at Mindspeed Technologies, a publicly held semiconductor and networking solutions provider. Shah, as it turned out, was working in the very direction Hagerman wanted to go.

After going through Mindspeed's first year of Sarbanes-Oxley compliance in 2005, Hagerman had told his boss that a fully automated audit solution would be far preferable to the more manual documentation and testing processes he had used. He got approval to purchase software for the task, and started looking into what was available.

"I made the decision right off the bat that I wasn't going to buy five applications to do everything I needed — but there was nothing out there that consolidated everything," he said. "Then I ran into Dipak through a mutual acquaintance, and he shared the same vision I had."

In February 2006, he met Bill Hagerman, executive director of internal audit at Mindspeed Technologies, a publicly held semiconductor and networking solutions provider. Shah, as it turned out, was working in the very direction Hagerman wanted to go.

After going through Mindspeed's first year of Sarbanes-Oxley compliance in 2005, Hagerman had told his boss that a fully automated audit solution would be far preferable to the more manual documentation and testing processes he had used. He got approval to purchase software for the task, and started looking into what was available.

"I made the decision right off the bat that I wasn't going to buy five applications to do everything I needed — but there was nothing out there that consolidated everything," he said. "Then I ran into Dipak through a mutual acquaintance, and he shared the same vision I had."

Waiving aside that optimism, Wilhide said, "You are going to see internal audit move in this direction, but five years is way too short — that's not the way the world works." Still, she added, Reliant is "on to something. There's no question about it."

Source : CFO - Journal - A Leading journal for CFO around the world.