What is Continuous Controls Monitoring for Transactions (CCM-T)?
posted by Anna Mar, December 22, 2011Continuous Controls Monitoring for Transactions (CCM-T) is a Governance, Risk and Compliance (GRC) technology. CCM-T monitors enterprise transactions to improve financial controls and automate financial audits. There are 4 typical functions of a CCM-T system:
1. Transaction monitoring – continuous transaction and access rule verification.
2. Separation of duties – implements separation of duties controls (the employees that execute transactions must be different from those who audit transactions).
3. Remediation management – escalates exceptions and tracks remediation processes (remediation & exception workflows).
4. Reporting and Analytics – audit dashboards, reports and analytics.
How mature are CCM-T technologies?
Continuous controls monitoring is an emerging technology. Many vendors offer incomplete solutions or products with limited compatibility.What's the value of CCM-T technologies?
There are three key value propositions for CCM-T:1. Reduce losses from fraud and financial errors.
2. Reduce legal penalties and damage to reputation from failure to comply with rules and regulations.
3. Reduce the cost of audits.
Examples
CCM-T continuously monitors financial controls. This allows a business to react quickly to fraud and financial errors. CCM-T can detect:invalid employee expenses
duplicate payments
invalid sales commissions
unusual payments
suspicious financial transactions
invalid warranty claims
invalid discounts
By handling control exceptions as they occur — auditor and regulator trust is enhanced.
Implementation of CCM-T
CCM-T products are often tightly-bound to one or two ERPs and financial systems. If all your financial transactions flow through a supported ERP — implementation of CCM-T is often quick and painless. Otherwise, expensive customizations may be required — dramatically reducing your ROI for CCM-T.Some CCM-T products lack the functionality required to monitor complex transactions over multiple disparate systems. It's best to ask your CCM-T vendor if they can monitor such transactions.
Enterprise Architecture (EA) is supposed to help manage IT risks
— but is it possible that EA itself introduces new risks? |
Yes, architect is a verb. Some dictionaries list it as a verb and others do not. The ones that don't haven't caught up with the modern usage of the word architect. |
Recently on Simplicable
What Big Data Really Meansposted by John SpaceyThe 3 things you need to know to cut through the big data hype. |
The 5 Levels of Enterprise Integrationposted by Anna MarEnterprise Integration has traditionally focused on moving data from one database to another. Recent technology trends have challenged this approach. |
Do "Real" Architects Dislike Technology Architecture?posted by Anna MarGo to any job site and query architect — you'll be hard pressed to find the adverts for construction architects in the sea of job postings for technology architects. |
101 Game Design Principles for Social Mediaposted by Anna MarThe convergence of social media, software and gaming. |