Most CCOs and compliance practitioners understand the need for continuous monitoring. Whether it be as a part of your overall monitoring of third-parties, employees, or to test the overall effectiveness of internal controls and compliance, continuous monitoring is clearly a part of a best practices compliance program. Further, while most compliance practitioners are aware of the tools which can be applied for continuous monitoring, they may not be as aware of how to engage in the process. Put another way, how do you develop a methodology for building a continuous controls monitoring process that yields sustainable, repeatable results?
Joe Oringel, co-founder and principal at Visual Risk IQ uses a five-step process. The steps are: 1) brainstorm, 2) acquire and map data, 3) write queries, 4) analyze and report, and 5) refine and sustain. If you can establish your extraction and mapping rules, using common data models within your organization, you can use them to generate risk and performance checks going forward. Finally, through thoughtful use of continuous monitoring parameters, you can create metrics that you can internally benchmark your compliance regime against over time to show to any regulators who might come knocking.
Three key takeaways:
- Create a process to monitor your controls.
- Use a compliance SME to work with your internal controls specialist to develop queries from the compliance perspective.
- Finally, do not forget the feedback loop nature of the process by integrating your results going forward.