KRI Adoption as Part of Continuous Risk Monitoring and Assessment among Internal Audit Departments in Germany

Abstract:

Continuous auditing as new audit methodology has been discussed in theory for more than 20 years and increasingly enters business practices in Germany. Looking at the methodology.s subdisciplines, we notice significant differences in their adoption in practice. While subdiscipline continuous data assurance and continuous controls monitoring appear to be rather popular, continuous risk monitoring and assessment seems to be implemented rather seldom. As decisive differentiator, continuous risk monitoring and assessment makes use of key risk indicators, while the other two subdisciplines use key performance indicators instead. We therefore hypothesize that the low adoption rate of continuous risk monitoring and assessment is effected by the popularity of key risk indicators. In a field study, we carried out interviews with auditors of eight German companies from five different industries to learn about  their understanding of  key  risk  indicators in general, as well as of perceived advantages, preconditions, and weaknesses of key risk indicators. We find that auditors have a slight pessimistic attitude towards continuous risk monitoring and assessment and key risk indicators. This is mostly attributable to the interviewees. Perception of key risk indicators being imprecise and of continuous risk monitoring and assessment requiring additional resources for proper functioning. Also, key risk indicators  are seen as sound supplement,  but not as substitute for traditional risk identification activities.