1. Technical Field
The present invention relates to continuous control monitoring using a complex event processing environment.
2. Discussion of the Related Art
In modern enterprise Information Technology (IT) structure, the management and the shareholders receive relatively limited value from traditional audit processes for the following reasons: First, historical, rather than current data is used to assess the level of unmitigated risk in the business processes. Controls deficiencies that are identified have typically occurred in the past and remained unaddressed and therefore seriously undermine the processes control health. Clearly, the more current the data for determining unmitigated risk, the greater the value to management and shareholders due to reduced potential for loss, waste, and mismanagement. Second, traditional auditors are significantly hampered in their detection of serious and pervasive risk, including fraud. Many businesses operate in an environment where data for various business processes are processed using disparate applications. Without appropriate technology, auditors lack the ability and time to efficiently extract the relevant data, and then effectively compile and analyze it for risk relationships otherwise unidentified. This limitation creates additional exposures to management and shareholders that loss, waste, and mismanagement can occur and remain undetected for extended periods of time. Traditional audits are generally cyclical with significant time gaps between engagements, which exacerbate the amount of time that risks can occur and not be corrected.
One emerging solution is continuous control monitoring (CCM). This approach aims to provide the following three objectives: (1) continuous monitoring in the sense that real time data delivered as soon as a transaction is carried out; (2) exhaustive monitoring in the sense that all data sources are monitored simultaneously; and (3) a high level of responsiveness to certain changes tracked, such as audit violation.
Several attempts have been made so far to provide CCM capabilities for audit systems. However, none of the solutions are capable of delivering all of the aforementioned three objectives which are the essential conditions for implementing a so-called “True” CCM. Thus, currently available audit systems which lack real-time monitoring, do not have access to 100% of the data, or do not allow responding as soon as an audit violation is tracked, do not address the specific issues involved in CCM as applied to the audit domain.