html5-img
1 / 19

CONTROL ACTIVITY MANAGER (CAM)

CONTROL ACTIVITY MANAGER (CAM). Presentation Demo. Inherent complexity of controls: Organizations need controls to manage security processes and procedures Controls are distributed In time: varying frequencies (regular and irregular)

rosine
Télécharger la présentation

CONTROL ACTIVITY MANAGER (CAM)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CONTROL ACTIVITY MANAGER (CAM) Presentation Demo

  2. Inherent complexity of controls: • Organizations need controls to manage security processes and procedures • Controls are distributed • In time: varying frequencies (regular and irregular) • Across the organization: numerous control owners in disparate units • Controls support multiple objectives and regulatory and compliance frameworks. Efficiently managing the overlap can be cost effective. The Situation

  3. Limited assurance and disruptive audits: • How can you be assured, in real time, that controls are operating effectively and continuously, without exception? (No audit surprises?) • Micro-manage control owners and activities? Detailed checklists and reviews? • How do you demonstrate the operating effectiveness of controls to auditors in a way that is minimally disruptive to daily business operations? • Interview each control owner and collect evidence? The Problem

  4. Be proactive and efficient • Manage control activities by exception only • Identify and resolve problems, don’t waste time on effective controls • Monitor operating effectiveness of controls in real time • See problems as they arise not during or just before an audit • Collect evidence of effectiveness during control execution • Be proactive. Don’t scramble to accommodate audits The Solution

  5. Control Activity Manager (CAM): • Distributes activities and notifies owners of responsibilities • Enforces regular execution • Provides monitoring to ensure continuous operation • Notifies of exceptions as they arise • Allows push-button reporting for audit preparation • Minimizes audit disruption • Creates a hierarchical zip file of control activity details and supporting evidence The Mechanism

  6. Increased cost-effectiveness, efficiency and assurance: Maximizes real-time assurance of control effectiveness, risk management Minimizes cost of control activity/owner management Minimizes cost of audit preparation The Benefits

  7. How Does CAM Fit Into the Business? Business Processes Manual Processes Ticketing/ Support CRM ERP / Acctg HRIS Custom App • Create Workflows • Schedule Tasks • Capture Evidence • of Completion CAM ManualMonitoring Controls Internal/ External Auditors Export Evidence

  8. CAM vs Other GRC Solutions The Compliance Project Cycle Scope Processes Document Process Flows ID Risks Design Controls CAM Implement, Manage & Monitor Controls Manage Controls Test Controls • Most GRC packages try to handle all phases and manage to do so somewhat superficially • We chose a narrow focus and decided to go deeper...

  9. The following slides present CAM’s major screens and describe the key functions and features of each. welcome to cam

  10. The application is web based, so no installation of hardware or software is required. login screen

  11. CONTROL OWNER’S VIEW As in Outlook, the activity window corresponds to the task selected from the Inbox, providing detailed information about the task itself. Within the activity window, the control owner uploads evidence of task completion. Control owners receive email alerts that tasks are due or overdue and are directed to the CAM application. Tasks appear in an Outlook-style inbox, which is divided and grouped by task completion status. One or more evidence requirements can be defined. A task cannot be completed until all requirements are met.

  12. MANAGER’S VIEW A dashboard-style view provides manager users with status of all tasks. The manager view displays all tasks and task properties on the same screen. Each status metric can be clicked on for additional drill-down information.

  13. DRILL DOWN VIEW Drilling down shows more detailed task information in a screen similar to the control owner’s view. A quick look at the activity window shows what evidence was uploaded and when.

  14. EVIDENCE EXPORTING Simply by selecting the date range and choosing the activities on which to report, the system will create a .ZIP file containing all of the relevant evidence, easily presentable to auditors or regulators for inspection.

  15. SETUP Setup is as easy as filling out a few fields and can take literally minutes to complete.

  16. Try CAM free for 60 days! Afterward, pay only $15/user/month! Questions? Comments? Email: info@illumant.com OFFER

  17. Example: Controls Testing without CAM • Assumptions: • Controls for one unit (e.g. IT) of small-medium size org: > 50 • Hours/cost to test per control on average: • Internal consultants: 2 hours each * $100/hour (minimum) = $200 per control • Employees: 2 hours each * $50/hour - $100 per control • External auditors (regulators): 2 hours each * $100/hour = $200 per control • Total: $500 per control • Cost: • 50 controls * $500 control = $25,000 per year (or more) • Costs increase quickly • Higher rates, more departments, more controls, • Regulators and auditors and clients … Return on Investment (ROI)

  18. Example: Controls Testing with CAM • Assumptions: • Controls for one unit (e.g. IT) of small-medium size org: > 50 • Hours/cost to test per control on average: • Internal consultants: eliminated • Employees: 1 hour each * $50/hour - $100 per control (half) • External auditors (regulators): 1 hour each * $100/hour = $100 per control (half) • Total: $200 per control • Cost: • 50 controls * $200 control = $10,000 per year • Savings: • $15,000 per year minimum • Savings increase with # of controls, departments, fees, etc. Return on Investment (ROI)

  19. Intangibles: • Reduced risk through greater oversight • Decreased business disruption due to audits • Increased assurance at all organizational levels: • board, executives, managers • Reduced stress: • employee well-being, job satisfaction, employee retention Return on Investment (ROI)

More Related