What is Continuous Controls Monitoring for Transactions (CCM-T)?posted by Anna Mar, December 21, 2011
Continuous Controls Monitoring for Transactions (CCM-T) is a Governance, Risk and Compliance (GRC) technology. CCM-T monitors enterprise transactions to improve financial controls and automate financial audits. There are 4 typical functions of a CCM-T system:
1. Transaction monitoring – continuous transaction and access rule verification.
2. Separation of duties – implements separation of duties controls (the employees that execute transactions must be different from those who audit transactions).
3. Remediation management – escalates exceptions and tracks remediation processes (remediation & exception workflows).
4. Reporting and Analytics – audit dashboards, reports and analytics.
How mature are CCM-T technologies?Continuous controls monitoring is an emerging technology. Many vendors offer incomplete solutions or products with limited compatibility.
What's the value of CCM-T technologies?There are three key value propositions for CCM-T:
1. Reduce losses from fraud and financial errors.
2. Reduce legal penalties and damage to reputation from failure to comply with rules and regulations.
3. Reduce the cost of audits.
ExamplesCCM-T continuously monitors financial controls. This allows a business to react quickly to fraud and financial errors. CCM-T can detect:
invalid employee expenses
invalid sales commissions
suspicious financial transactions
invalid warranty claims
By handling control exceptions as they occur — auditor and regulator trust is enhanced.
Implementation of CCM-TCCM-T products are often tightly-bound to one or two ERPs and financial systems. If all your financial transactions flow through a supported ERP — implementation of CCM-T is often quick and painless. Otherwise, expensive customizations may be required — dramatically reducing your ROI for CCM-T.
Some CCM-T products lack the functionality required to monitor complex transactions over multiple disparate systems. It's best to ask your CCM-T vendor if they can monitor such transactions.
... or how I learned to stop worrying and love big boxes.|
The history of Enterprise Architecture is ripe with failures. This one was massive .|
How would you explain web security to your grandmother?|
I watch you, you watch me — and 7 other common governance pitfalls.|