Print Article

Understanding the difference between auditing and monitoring


The following statements made me ask myself what the difference between auditing and monitoring is:-

  • Increasingly, we are now seeing larger TCSPs looking to establish in-house or outsourced internal audit functions and
  • This is partly being driven by regulators as AML laws and regulations will often require an independent AML internal audit to be conducted and
  • Many firms are looking at how to combine these efforts to deliver greater levels of assurance.

Here are some thoughts to answer my question


Ongoing monitoring should be

  • A continuous control, monitoring process and method to detect compliance risk issues associated with an organisation’s operations.

Ongoing monitoring program responsibilities include:-

  • Keeping current with changes in rules, regulations, and applicable laws;
  • Developing internal controls, policies, and procedures to comply with them;
  • Training staff on these rules; and
  • Taking steps to monitor or verifying compliance with these new guidelines.

Monitoring programs will have tests for:-

  • Inconsistencies,
  • Duplication,
  • Errors,
  • Policy violations,
  • Missing approvals,
  • Incomplete data,
  • [$/£] transaction/volume limit errors and/or
  • Other possible breakdowns in internal controls.

Monitoring techniques may include:-

  • Sampling protocols permit program managers to identify and review variations from an established baseline.


Ongoing auditing entails:-

  • Reviewing the continuous monitoring process and verifying it is effective in achieving the desired outcome.

When it comes to high-risk compliance areas within an operation, audit objectives are to:

  • Verify that managers are meeting their obligations for ongoing monitoring; and
  • Validate that the process is achieving desired outcomes; this includes confirming that controls are in place and functioning as intended or identifying weaknesses in the program that need to be addressed.

An audit must be an independent and objective review, which means it should be done by people external to the program area to be audited and can be done by:-

  • The compliance office,
  • Internal or audit department,
  • Other program managers, or any combination thereof.
  • External reviewers, such as consultant experts or operational auditors, can also be used.


  • In any case, the Compliance Officer should ensure that the monitoring and auditing are taking place and doing what they should be doing.

Sourced from =


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email