Business owners, executives and entrepreneurs are constantly faced with the challenge of monitoring the activities of the organization in an effort to avoid economic losses and financial calamities. Developing and monitoring key performance indicators (KPIs) is one way this is done. However, KPIs require data. The ability to capture and properly analyze numerous data. This is primarily why larger organizations have an internal audit department. However, for smaller organizations, the costs of internal auditors is prohibitive.
Hence, Continuous Control Monitoring emerged.
What is Continuous Control Monitoring?
Continuous Control Monitoring is the use of automated tools and other technologies to monitor business transactions as they occur. It is often used to ensure ongoing tracking of financial transactions and applications similar to having internal auditors at much lower costs. Some of the controls CCM are designed to monitor provides assurance that information related to business operations is appropriate, appears reasonable and is consistently prepared.
Along with data assurance techniques, CCM ensures data integrity of applications to mitigate possible losses from risky business models. It helps maintain regulatory compliance in the system and save money compared to manual monitoring.
How CCM Works
CCM retrieves data elements from a transaction database and reviews them. It conducts complete data scan for errors, breaches, anomalies and segregation of duties.
CCM compares the data it has pulled to a set of tables containing the standards for the type of transactions being analyzed, such authorizations, credit limits and approvals, completeness as well as any other attributes which should be completed as per a standard transaction. The tables are customized per functional departments such as payroll, customer orders, travel, accounts payable and inventory. When CCM detects control problems, it reports them to management in real time.
What Are the Benefits of CCM?
Businesses who apply CCM get the following benefits:
- Testing of internal controls
- Enhanced fraud detection
- Improved efficiency of operations
- Lower business risks
- Sustained compliance through ongoing testing of compliance programs
- Timely reporting to management when controls break down
Priorities of CCM Implementation
As for the controls to monitor, priorities are based on risk ratings or return on investment. Below are some of the items that could be tested by CCM:
- Accuracy of transactions that add to inventory
- Authorization of supplier invoices to be paid
- Completeness of sales orders
- Credit memos for unpaid customer invoices
- Issuance of sales invoices within a pre-determined number of hours of shipment
Steps for CCM Implementation
Businesses can kick off CCM Implementation with the following steps:
- Define control assurance scope per risk assessment and establish control priorities
- Identify controls per industry frameworks like COBIT 5, ITIL and COSO
- Identify the goals of the controls and their respective financial statement assertions
- Define metrics that suggest failure or success of each assertion
- Determine the frequencies of processes to conduct tests in real time
- Create processes that manage notifications, alarms, regarding failed assertions and
- Create processes to correct control weaknesses
How Much Does CCM Cost?
The cost of a CCM must be measured over a period of time similar to how organizations measure shutdown or discontinued operations. Although there may be a substantial initial investment, it must be weighed against the longer-term savings derived from lower manual internal control reviews, lower operating costs due to gains in efficiency and lower audit costs.