The concept of Continuous Control Monitoring (CCM) is vital in the modern data driven business environment. The truth is in the numbers and a continuous monitoring of important business data can uncover trends and instances which highlight process weaknesses and control deficiencies. SatoriCCM is a solution that management puts in place to ensure that its
- Cross System Transactions, and
- Operational Controls
are operating EFFECTIVELY, EFFICIENTLY and ACHIEVING their functions, but most important of all, doing so CONTINUOUSLY.
PoliciesMost controls rely on policies. Policies must either be enforced to create the process and behaviour required, else the policy becomes a guideline. Policies are designed to govern and manage the behaviours and attitude and are a key control of many operations. Most policies can not be created as system controls. For instance: if the policy is that you cannot use your company credit card while on sick leave – how do you ensure this policy is implemented and everyone abides by it as it requires data from 2 different systems?
ProceduresMany controls are simply a procedure that you need to follow e.g.: in order to pay an invoice, a PO must raised first, followed by a GRV being created, then the invoice entered before payment takes place. Often this cannot be checked by the system and simply relies on the process being followed. So if there are payments dates where the invoice and PO were raised after this date – this could be a serious breach, is possibly a fraud, and warrants attention
Cross System TransactionsMany controls rely on checks across various data systems, such as: How do you ensure that a vendor’s bank accounts or details do not match those of an employee? This requires 2 sets of data from 2 disparate systems to be cross matched.
Operational ControlsMost controls are set up as System controls and we rely heavily on these. However, how do we know they work as they were designed to and that they are still working? We hope nothing has changed over the years or the controls has been superseded/changed to work differently. It is not often easy to check every internal system control as many are developed over years, some may be undocumented, or in some cases the person responsible has moved on. An example is is a System setting that dictates Annual Leave cannot be Negative. So if you have 2 days annual leave and you take 5 days, the system sets this to ZERO (not -3). After 2 months you will accrue 2 leave days and be able to abuse the system and take 5 days leave.
ContinuouslyOrganisations are not short of reports or exceptions. By not checking these continuously, how do we know that:
- someone has followed up the exception?
- responsibility for the exceptions has been established?
- that exceptions are not missed?
- how long did it take to resolve?
- what was the cause (is there a trend, root cause)?
- what was the action taken to correct (how often is this the case)?
By using SatoriCCM, management can now monitor all these controls for signs of error, abuse and possible suspicious behavior – daily, weekly, monthly or yearly. In addition, this allows the organisation to proactively identify and correct errors in data and transactions before they become significant or time prevents correction of the issues.
This Continuous Monitoring of the Business Controls and tracking of the exceptions and alerts gives organisations and decision makers greater confidence in the accuracy, consistency, completeness and integrity of data at all times.
The SatoriCCM solution enables a proactive, rather than a reactive approach towards achieving 100% data assurance. This is possible by reducing duplicates and inaccuracies of data when they happen (not weeks/months later), with the view to minimise the risk and fraud within your systems.
Our solution uses powerful software from ACL and Caseware Monitor to automatically extract and run tests on transactional data from underlying systems on a regular and ongoing basis to ensure that all exceptions are managed and followed through to completion and resolution.
Tests can be run across any system to look at any area of focus:
- Master files
- Customer Accounts
- Accounts Payable
- Fraud Detection/Prevention
- Accounts Receivable
- Anti-Money Laundering
Please contact us for more information on the benefits that SatoriCCM can provide for your organisation.