Contact Us:

Contact us to learn more about our products.

Request A Demo:

See our products live in action by requesting a demo of our technology.

Home » Solutions » Database Activity Monitoring » Continuous Controls Monitoring

Continuous Controls Monitoring

Monitor changes and identify exceptions

While multiple definitions exist for “Continuous Controls Monitoring,” CCM is best characterized by typical attributes, namely:

  • Objective of ensuring Compliance Controls are operating as intended
  • Process involves assessing adequacy and effectiveness of controls
  • Oversight and evaluation of controls is executed continuously
  • May involve observing full population of items being monitored
  • Generally performed by operational/financial management
  • Audit (internal or external) independently evaluates efficacy of management activities
  • End result of continuous assurance on status of controls
NOTE:  CCM is usually applied in environments of automated systems.  It may be applied to operational transactions, systems security, software configuration, privileged users, application settings, master data or application users.
 
Lumigent's AppGRC and Audit DB products address Continuous Controls Monitoring in different but complementary manners.
 

How AppGRC addresses CCM: 

  • In Lumigent’s context, “controls” focus on application settings, master data and security settings (the monitored items), because these “control” and are the foundation and drivers of proper software computations and processing for generation of accurate and meaningful results
  • AppGRC continuously checks the systems recovery or re-do logs for changes to monitored items
  • It does so against the full population of changes, i.e., 100%, and without snapshot limitations
  • It detects, records and reports the before-and-after value of all changes to designated reviewers
  • Such reviewers validate whether changes were approved, accurate and/or appropriate
  • If not, reviewers investigate and initiate remedial actions as needed
  • Outcome is good integrity of the settings and master data, and in turn, output integrity
  • For AppGRC, the above also applies to security settings that control proper provisioning

How Audit DB addresses CCM:    

  • While AppGRC focuses on the drivers of an application system, AuditDB continuously tracks what actions or commands are executed by users (especially privileged ones)
  • Audit DB tracks data changes directly to unique privileged user IDs, also with before/after values
  • Regarded as “trusted” users, Audit DB helps ensure privileged user activities are above suspicion
  • Like AppGRC, a thorough and detailed forensic audit trail is produced by Audit DB
  • Because redo logs irrefutably capture changes, Audit DB helps ensure that privileged user cannot circumvent detection of their database activities

Both AppGRC and Audit DB satisfy auditor and regulatory requirements (such as Sarbanes Oxley Internal Control) for continuous monitoring that focuses on controls over effective change management, system parameter integrity and/or application results integrity.