9 Questions for your Continuous Controls Monitoring Vendor
posted by Anna Mar, December 22, 2011Continuous Controls Monitoring (CCM and CCM-T) can have significant payback for your organization. However, there's a big difference between vendors.
Before making a purchase, it's important to determine the capabilities of prospective CCM tools to control and audit your organization's financial transactions. These 9 questions will help you to differentiate between CCM products.
1. What ERP / financial systems is your product compatible with?
Continuous Controls Monitoring tools are often tightly-bound with the control libraries of ERP and financial software products. When customization is required CCM implementation can be expensive.2. Does your product have cross platform capabilities?
Some vendors have trouble monitoring controls and auditing complex transactions that span multiple systems. Some also have difficulties aggregating data to provide consolidated audit analytics.3. Does your product support near realtime transaction monitoring? Audit monitoring? Audit Analytics?
Some products are better suited to monthly and quarterly monitoring and audit reporting.4. How often does your product generate false positives?
5. Does your product support end-to-end remedial and exception workflows?
6. Can users configure their own custom audit analytics?
7. What out-of-the-box controls do you provide for our ERP/ financial software?
8. What out-of-the-box audit reports do you provide? Do you support on-the-fly analytics?
9. What features do you have to support CCM Segregation of Duties (CCM SOD)?
A digital signature embedded in information that can be tied to a source such as an individual or an IP address. |
Recently on Simplicable
The Big List of Information Security Threatsposted by John SpaceyUnderstand the threats to your organization. |
8 Enterprise Architecture Risksposted by Anna MarEnterprise Architecture (EA) is supposed to help manage IT risks — but is it possible that EA itself introduces new risks? |
Security Through Obscurityposted by Anna MarSecurity through obscurity is generally considered a bad idea ... |