Companies spend millions of dollars developing and documenting their processes, policies, and controls, yet have little visibility into whether they’re being followed. With thousands of transactions to screen and systems being accessed by hundreds or thousands of employees whose statuses change daily, the process of monitoring for breaches—either accidental or intentional—can be both expensive and overwhelming. A strategic and automated approach is, therefore, essential.
Continuous controls monitoring (CCM) is the process of automatically monitoring systems to identify and resolve breaches to established controls. By giving companies the ability to inspect 100% of their transactions through an automated process, CCM ensures that compliance programs are always on—rather than being periodic, retrospective exercises.
As a result, organisations can empower employees to address risks daily, while demonstrating that they are committed to transparency and have a well‑defined process in place. The latter becomes especially important if authorities seek evidence of good‑faith efforts to prevent illegal activity.
Read more: Success factors of a governance, risk and compliance plan
Continuous compliance
Using CCM, the company can monitor operations across the organisation—from access and configuration controls to master data and transaction controls—to identify which activities and individuals are likely to become problematic and flag them for additional attention.
With CCM, indicators of theft or fraud are immediately flagged for process owners, who can investigate rules put in place to specifically guard against high‑risk activities such as round‑tripping, unauthorized shipments, inappropriate credits or discounts, and transaction splits.
The company can also monitor anomalies in financial statements, so irregularities ranging from capitalization mistakes and intercompany transfers to manual postings and journals get the extra attention they deserve. Transactions that don’t check out can be remediated within the same system.
In addition, CCM allows employees to monitor for red‑flag activities, like a sudden increase in consulting fees in a country where business is not normally conducted, and to investigate potential fraud by matching sales order line items to lists of sanctioned goods.
Employees can thoroughly investigate suspicious transactions as they happen, rather than months later, and take steps to address any issues that arise before problems escalate. Investigative tools also allow employees to compile the facts relevant to suspicious business situations, and then escalate issues in accordance with a pre‑determined workflow. Dashboards and reports provide transparency and a complete audit trail of any actions taken.
Infographic: Top 5 risks for CFOs in 2017
Control freaks are good for business
CCM solutions help companies make good on the promise of robust internal monitoring and reporting policies, while providing increased visibility and control of transactions across the enterprise. They also provide well‑defined communications processes and accountability for the inevitable exceptions and policy violations that arise. The result: companies can account for risk on a daily basis and foster a culture of compliance.
A robust continuous monitoring solution allows companies to minimize the risk of noncompliance and security breaches by providing a holistic view of data and user access across multiple business environments. Organisations can save hundreds of hours each audit cycle by replacing laborious preparation activities and sleuthing with audit‑ready reports that demonstrate compliance. Automated reviews and documented sign‑off also help streamline external audits and cut the cost of compliance.
With so much at stake, the ability to monitor 100% of company transactions is no longer a nice‑to‑have—it has become a business necessity.