The Continuous Monitoring Process
The continuous monitoring process, at its very simplest, requires data acquisition, storage/warehousing, and analysis, as well as definition of a violation remediation process.
Data Acquisition
The data and transaction acquisition process facilitates data gathering from multiple disparate systems/applications. It allows for implementation of batch data extractions on a periodic basis (e.g., daily, weekly) based on any partial/changed data according to a defined “data changed” field. This method of extraction normalizes and standardizes data across applications and therefore creates a universal transaction flow. If real-time extractions are performed based on algorithms, the process can be executed without impacting or interrupting application performance.
Data Warehousing
Subsequent to data extraction, a read-only copy of detailed data can be stored, and a complete archived history of all data becomes a permanent record in a compliance monitoring vault. This storage process operates independently of all source systems, and data snapshots are maintained for specific moments in time and states of the business. Therefore, transaction streams can be replayed for retrospective inspection and analysis.
Data Analysis
Inspection of stored data facilitates the identification of data concerns such as internal control issues and segregation of duties. In addition, data comparisons can be executed that identify exact duplicates and/or transactions that ...
Get Sarbanes-Oxley Ongoing Compliance Guide: Key Processes and Summary Checklists now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
