Discussion sub-question

To arrive at the sub-conclusion conclusion regarding sub-question 1, theoretical and practical findings are compared, which will result in an overview of similarities and contradictories in theory and practice. The chapter is subdivided into three parts; developments in the internal audit process, the concept of continuous auditing, and the interrelationship between continuous- auditing, assurance, and monitoring.

• Developments in the internal audit process

The internal audit is a department or process which evaluates and tests the design, and operational effectiveness of the internal control which is embedded within the organization (Doy et al., 2007; Krishnan, 2005). Additionally, practical findings demonstrate that the internal audit is part of the so-called three lines of defence. However, the distinction between the first, second, and third line is not so obvious at each organization.

There are several developments in the organizational environment, which also impact the role and function of the internal audit and the internal audit process. Therefore, organizations should adapt to these emerging trends and developments. Kogan et al. (1999) argue that these developments are fueling the demand for continuous assurance. However, in practice, there is no demand for continuous assurance. While in practice, the demand for continuous auditing is fueled by the improvement and innovation of the internal audit. Due to the fact, the current internal audit is not able to cover the risks in the future. Furthermore, practical findings indicate that these developments are fueling a changing attitude towards risks. Which implies that the internal audit should adopt a ‘new risk lens’. Striking the balance between mitigating negative outside and downside risks, and optimizing positive outside and upside risks require multifaceted approaches to the organizational ‘portfolio of risk’. Furthermore, the objective of the internal audit reporting is changing from, descriptive, towards predictive and prescriptive reporting. Organizations do improve their internal control by utilizing so-called GRC technologies within the organization. However, implementing continuous auditing described in this research is ‘still a point far on the horizon’.

• The concept of continuous auditing

There are differences and similarities between the theoretical- and practical definition of continuous auditing. Research and development of the concept of continuous auditing started almost 30 years ago. Alles et al. (2008) point out that continuous auditing is one of the rare instances in which innovation in accounting practice has been developed and driven by the academic community, as opposed to the usual model in which researched use data to investigate practices in a particular field.

However, the practical definition is more comprehensive than the theoretical definition. Furthermore, the theoretical definition describes that continuous auditing enables continuous assurance, while in practice there is no demand for continuous assurance. As a result, the practical definition is more in line with the findings in this research, which will be consulted during the research as the definition of continuous auditing, refer to table 8.

Theoretical definition Practical definition

‘Continuous auditing is a concept to bring the audit process closer to the operational process. By utilizing technology to the maximum possible degree of audit automation. Which enables auditors to provide continuous assurance on a

‘The concept of continuous auditing is an audit approach performed by the internal audit to conduct effective integrated auditing and monitoring by utilizing technology to continuously gather data from the operational processes and

The theoretical definition describes the objective of continuous auditing as to provide continuous assurance and to reduce audit costs. While the practical definition describes the objective of continuous auditing is to report event continuous auditing by providing 100% coverage. The practical definition contains additional information regarding the objective and approach of continuous auditing, related to the theoretical definition. So, the practical definition is more comprehensive than the theoretical definition.

In theory, continuous auditing is described as a process of formalizing and standardizing; audit procedures, data, and internal control (Alles et al., 2006; Alles et al., 2008; Chan & Vasarhelyi, 2011; Chiu et al., 2014; Vasarhelyi et al., 2004). However, practical findings provided a more comprehensive in-depth insight regarding continuous auditing. Which led to the development of the continuous auditing framework. The continuous auditing framework consists of four phases, which are described and visualized in the continuous auditing framework. The four phases consist of; data acquisition, data extraction, transformation and loading, data analyzing, and continuous auditing reporting. The continuous auditing framework is an overview based on all the provided practical information regarding continuous auditing, received from interviews with organizations and experts.

• Interrelationship continuous - auditing, assurance, and monitoring

There are several concepts related to the concept of continuous auditing; continuous monitoring and continuous assurance. There are certain similarities between these concepts, nevertheless, these terms are not the same, but these terms are related (Alles et al., 2006). In the literature, there is a clear distinction made between these interrelated concepts. Continuous auditing and continuous monitoring enable and support each other, while continuous assurance is the objective of these concepts (Vasarhelyi et al., 2012). However, in practice, the boundaries between these interrelated concepts are beginning to blend together. Especially, continuous monitoring and continuous auditing are interpreted and utilized as one concept, due to the fact continuous auditing is an extension of continuous monitoring. Thus, in practice, it is identified as one similar concept. Continuous auditing is an extension to the concept of continuous monitoring to test the design and operational effectiveness of internal control, continuous auditing is ‘build’ upon the foundation of continuous monitoring

Furthermore, in theory, continuous assurance is described as one of the objectives of continuous auditing (Chan & Vasarhelyi, 2011). However, in practice, continuous assurance is defined as ‘formal signature’ from an external audit, and at the moment there is no demand for continuous assurance in practice. So, the theoretical development did not correspondent with the practical utilization of continuous auditing.