Managing your compensating controls

By Jan Hurda, Consider Solutions Ltd.

You have an SOD tool up and running in your environment with a few critical systems connected.  Most likely a risk-based assessment of SOD rules has been conducted and a common understanding and agreement achieved across business, IT, compliance functions and external audit. 
All your functional authorizations (e.g. SAP roles) now pass all SOD checks and you have fixed many of your user violations by reducing or reorganising user access. But still you have many remaining user SOD violations.

•    How can you manage and mitigate the risk posed by those residual violations? 
•    What is a compensating control and what does it look like?
•    What are the main cost drivers behind compensating controls?
•    How to turn cost drivers into opportunities?

Continuous Audit - Technology Enabled Continuous Assurance

by Dan French, CEO Consider solutions,presented at the NACACS Conference in Las Vegas, May 2011

‘Continuous Audit’ has been discussed and written about for decades. Conferences are run and books get written on the subject. But to this day, the definition is hard to pin down and there is quite a lot of semantic debate about what it is and is not. This debate is most fierce when exploring the perceived differences between Continuous Audit and Continuous Monitoring. Continuous Audit and Continuous Monitoring require technology, but they are not technology projects, they are business change programs. This white paper provides insight, experience and best practice as well as challenging some assumptions.

Managers should behave as if they were owners

By Alan Cane
Published: July 8 2009 16:34 | Last updated: July 8 2009 16:34
Copyright The Financial Times Limited 2009

No man is a hero to his valet, it is said, and few chief executives are heroes to their chief information officers. Here’s a reason why.
The first green shoots of recovery might be starting to appear, albeit tentatively, and with them fears that nothing has been learned and that further measures will have to be imposed on companies to prevent greed, unreasonable optimism and stupidity from hurling the global economy into another mess.

Five Ways Continuous Controls Monitoring (CCM) Is Supporting Risk-Management Programs

by John Becker, Chief Executive Officer at Approva.

By providing an objective way to monitor risks on a continuous basis CCM is helping CFOs make the transition their boards are demanding: from a focus on controls to a focus on risk; from a backward-facing posture to a more strategic forward-looking approach; and from a cost-driven mentality to a performance-driven viewpoint.

Dan French of Consider Solutions presented at IACON 2010 'Taking the Internal Audit Profession Forward' on the topic of 'Continuous Auditing: Technology Enabled Continuous Assurance'.

Global Consumer Goods

The senior management of this client aspired to a complete, continuous, repeatable and sustainable business and IT controls monitoring strategy. Continuous Controls Monitoring (CCM), rather than periodic, sample-based reviews and reporting, was needed to achieve the efficiencies and effectiveness required for global processes and controls to provide genuine, demonstrable financial assurance to the board.

T-Mobile UK, with a nudge from the Sarbanes-Oxley Act, found a better way to monitor and manage access controls with its ERP system.

Two hundred years of forward thinking

In the financial sector in particular, organisations that are able to use technology to innovate and enhance their business practices will gain competitive advantage. This case study examines Schroders’s decision to develop a fresh approach to its intranet, utilising Consider Solutions’ experience of building collaborative knowledge networks.

 … the revenue perspective

By: Steve Rooney

For most companies the effectiveness of how cash flow is managed is a key factor in the overall financial management of the business and, for some companies, can make the difference between success and failure. Getting paid and getting paid as soon as possible means your company has the cash it is due and can make that cash work to sustain and work for the business.

Similarly, discounting policy can have a major impact on revenues … not all business may be good business. If you end up discounting too far and eroding your margins you may be maintaining revenues at the expense of profit.