Continuous Controls Monitoring (CCM)
Definition - What does Continuous Controls Monitoring (CCM) mean?
Continuous controls monitoring (CCM) refers to the use of automated tools and various technologies to ensure the continuous monitoring of financial transactions and other types of transactional applications to reduce the costs involved for audits. CCM helps reduce business losses by using effective continuous auditing mechanisms and control monitoring of various aspects of the applications involved. It is mostly considered to be part of continuous auditing where a set of automated procedures monitor the internal controls. Some of the controls monitored by CCM include authorizations, access, system configurations and business process settings.
Techopedia explains Continuous Controls Monitoring (CCM)
Continuous control monitoring has emerged as a way of improving the efficiency of enterprise applications along with the other components of continuous auditing such as continuous data assurance and continuous risk monitoring and assessment. The automated procedures of CCM are responsible for detecting any anomaly in the functionality of the internal controls. CCM is also used to test the security controls placed in the system to prevent unauthorized access and data corruption.
CCM works with data assurance techniques to ensure the data integrity of the applications involved. CCM plays a major role in preventing or mitigating potential losses from the use of a risky business model and helps maintain a powerful regulatory activity in the system. It also saves money by reducing compliance costs, manual monitoring costs and costs incurred due to losses.
CCM along with continuous auditing can be included as a part of the internal audit function of an organization to improve its business process controls.
CCM is very significant for enterprise resource planning systems as it allows meeting governance, risk and compliance (GRC) obligations.
CCM can be easily implemented on structured data. It can make use of control metrics to monitor and evaluate the state of a system. It basically tests the controls to determine whether they are functioning correctly. CCM examines every transaction and reviews the data elements associated with a transaction. The reviews are done by comparing the transaction data with the data tables that define the permissible range and kind of actions allowed for the transaction. Any kind of control breach, error or anomaly that is detected is stored in a database or reported.
Although the initial installation of CCM may seem costly for smaller organizations, the use of CCM is well recognized in both internal and external audits, and also reduces the overall cost of auditing.