For an effective controls assurance framework to exist, it is very important that management ensures continous monitoring and auditing of controls. In a nutshell, continous auditing embodies continous evaluation of controls, continous risk management, and continous monitoring of controls. TOne widely accepted definition of continous auditing is

"Continous auditing can be defined as any method used by the auditors to perform audit activites on a more continous or continual basis"

Management needs to understand that continous auditing not only involves continous auditing, but also a continous control assessment and risk assessment. Some of the clients I have served have taken continous auditing to a totally different level, by automating continous auditing through technology. Many softwares are available in the market which can be used for identification of exceptions, anamolies, data analysis, testing of controls, gathering evidence etc. The entire premise of continous auditing is to audit the controls and activites as and when they happen. It acts as an early warning mechanism, whereby management are intimated of control exception at a very early stage. Internal audit can effectively take up continous auditing and incorporate the same in their annual internal audit plan.

Related Posts on Sarbanes Oxley

Documentation Supporting Management Assessment of Internal Controls
Identifying Significant Processes for Sarbanes Oxley
Total Cost of Internal Controls
Controls Over Financial Closing Process