We are in the process of implementing this. IAD is part of the holding company and to my knowledge, we have not sought management buy-in at the bank. We are a bank with less than 200mm in assets.
We are breaking down the annual branch audit into components that can be done on a continuous basis. We also took a look at audits that are on a two or three year rotation, and picked out areas from those audits that might need to be reviewed more frequently and could be easily reviewed by a simple query. Finally, we picked out high risk areas and areas with a lot of recent findings and recommendations and added audit steps that could be done of a periodic basis (such as quarterly or monthly). We are not purchasing special software, given our size. As you can see, this would not be like continuous auditing in a larger organization, but we think that it will help detect issues before they get out of hand.