- Continuous monitoring
-
Continuous monitoring is the process and technology used to detect compliance and risk issues associated with an organization's financial and operational environment.
The financial and operational environment consists of people, processes, and systems working together to support efficient and effective operations. Controls are put in place to address risks within these components. Through continuous monitoring of the operations and controls, weak or poorly designed or implemented controls can be corrected or replaced – thus enhancing the organization’s operational risk profile.
Investors, governments, the public and other stakeholders continue to increase their demands for more effective corporate governance and business transparency. Effective corporate governance requires more than attending board and committee meetings where directors and senior managers discuss governance issues from the 50,000 foot level. It takes directors and senior management overseeing the organization with a broader and deeper perspective than in the past. Organizations now must demonstrate they are not only profitable but also ethical, in compliance with a myriad of regulations, and are addressing sustainability.
To be effective, those involved in the organizational governance process must take an enterprise wide view of where the organization has been, where it is and where it could and should be going. This enterprise wide view also must include consideration of the global, national and local economies, the strengths and weaknesses of the organization’s culture, and how the organization approaches managing risk.
Managing risk involves actions beyond establishing and communicating policies and procedures at a high level. It includes understanding the need for (and exercising) both qualitative and quantitative judgment at the governance and operational level on a routine basis (including having an effective system of internal control). The Sarbanes-Oxley Act of 2002 [1] created new and higher level requirements for organizations to establish effective internal controls and to assure compliance on an on-going basis.
As organizations have set about to institute compliance programs they have learned they must come up with new methods for maintaining that compliance. Continuous monitoring is part of the solution. It can be a key component of carrying out the quantitative judgment part of an organization’s overall enterprise risk management. Continuous monitoring is the process and technology used to detect compliance and risk issues associated with an organizations financial and operational activities. It actively identifies, quantifies and reports control failures such as duplicate vendor or customer records, duplicate payments, and transactions that fall outside of approved parameters. A by-product of continuous monitoring is it highlights opportunities to improve operational processes.
Continuous monitoring can be traced back to its roots in traditional auditing processes. It goes further than a traditional periodic snapshot audit by putting in place continuous monitoring of transactions and controls so that weak or poorly designed or implemented controls can be corrected or replaced sooner rather than later.
Timely identification of problems or weaknesses and quick corrective action can help reduce the cost of any required periodic financial, regulatory, and operational reviews to a reasonable level. A Financial Executives International (FEI) March 2005 survey indicated it could cost an average of $4.36 million for a company to test for and ensure year-one compliance with Sarbanes-Oxley Act Section 404 [2]. Continuous monitoring typically includes solutions that address the three operational disciplines known as • Continuous Audit • Continuous Controls Monitoring • Continuous Transaction Inspection
Continuous monitoring systems can examine 100% of transactions and data processed in different applications and databases. The continuous monitoring systems can test for inconsistencies, duplication, errors, policy violations, missing approvals, incomplete data, dollar or volume limit errors, or other possible breakdowns in internal controls. Testing can be done tests for processes like payroll, sales order processing, purchasing and payables processing including travel and entertainment expenses and purchasing cards, and inventory transactions.
With business transactions being executed 24 hours a day, 7 days a week over the web, or at multiple locations on multiple systems around the world, it is daunting to consider how any CFO Chief financial officer or CEO Chief executive officer can effectively attest to the effectiveness of their internal controls. Continuous monitoring offers an additional control method that may help these CEO’s and CFO’s rest a little better at night.
Companies providing continuous controls monitoring include CaseWare International, ACL (software) Services Ltd., Approva, BWise, Oversight Systems, WebMethods from Software AG, Fulcrumway, EventTracker from Prism Microsystems, [3]
Continuous monitoring typically includes solutions that address the three operational disciplines known as
- Continuous Audit
- Continuous Controls Monitoring
- Continuous Transaction Inspection
Categories:
Wikimedia Foundation. 2010.