IT Compliance Permanent Testing

Complying with internal and external compliance regulations has become an increasingly complex challenge in light of the multitude of regulations and requirements that have to be met. Regulatory compliance is audited, e.g. by an auditor or an organization’s internal auditing department, takes place at regular, fixed intervals. 
This approach to auditing is both cost and time intensive and entails a lot of additional work during audit phases. What’s more, these examinations are periodic reviews, often covering several months or even a year. Management’s awareness of compliance quality is often limited to what is revealed within the scope of these audits, and nasty surprises are often the result. 

SKS’s permanent testing concept is our answer to this perennial problem.

Our approach involves designing and implementing a framework for continual testing and reporting. Audit activities, which would otherwise take place at particular points in time, are spread over the course of the entire audit period. For example, random samples that an external auditor would draw to prepare the annual accounts are distributed throughout the respective audit period. 

The advantages to this approach are clear:

  • the results obtained through permanent testing can also be used as a basis for the auditors (rely-on approach), leading to a significant reduction in auditing costs as the auditor will either no longer need to carry out their own examinations or will only need to conduct a significantly reduced number of their own examinations
  • the internal workload is evenly distributed throughout the observation period, eliminating audit-related workload peaks
  • continual testing leads to:
    • improved control performance 
    • control performance optimization potential, which can be identified and implemented over the course of the year within control processes
    • the need to coordinate with auditors is significantly reduced, since the evidence prepared in advance is by in large sufficient 
  • Permanent management reporting on compliance organization status, as opposed to annual reviews with uncertain outcomes
  • Reduced audit workloads thanks to economies of scale, where the number of audit procedures to be performed is not higher than audits at specific points in time

As a result, permanent testing provides the opportunity to generate improved audit results at significantly reduced costs, combined with comprehensive transparency in terms of processes, responsibilities and the current status of implementation.

SKS can also facilitate communication with auditors and the ongoing assessment of results as well as assist with the optimization of the compliance organization and the implementation of best practice approaches.

When it comes to permanent testing in particular, we work across all divisions within the organizations to ensure virtually all bank-specific requirements are covered via permanent testing.