Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens

Research output: Contribution to journalArticlepeer-review

165 Scopus citations


In this paper we report on the approach we have developed and the lessons we have learned in an implementation of the monitoring and control layer for continuous monitoring of business process controls (CMBPC) in the US internal IT audit department of Siemens Corporation. The architecture developed by us implements a completely independent CMBPC system running on top of Siemens' own enterprise information system which has read-only interaction with the application tier of the enterprise system. Among our key conclusions is that "formalizability" of audit procedures and audit judgment is grossly underestimated. Additionally, while cost savings and expedience force the implementation to closely follow the existing and approved internal audit program, a certain level of reengineering of audit processes is inevitable due to the necessity to separate formalizable and non-formalizable parts of the program. Our study identifies the management of audit alarms and the prevention of the alarm floods as critical tasks in the CMBPC implementation process. We develop an approach to solving these problems utilizing the hierarchical structure of alarms and the role-based approach to assigning alarm destinations. We also discuss the content of the audit trail of CMBPC.

Original languageEnglish (US)
Pages (from-to)137-161
Number of pages25
JournalInternational Journal of Accounting Information Systems
Issue number2
StatePublished - Jun 2006

All Science Journal Classification (ASJC) codes

  • Management Information Systems
  • Accounting
  • Finance
  • Information Systems and Management


  • Automation
  • Continuous auditing
  • Continuous monitoring of business processes
  • Control settings
  • Controls
  • Formalization
  • Monitoring
  • Reengineering


Dive into the research topics of 'Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens'. Together they form a unique fingerprint.

Cite this