ITGC Solution
SWAWE CCM
Continuous Control Monitoring
Mitigating controls are designed to compensate residual risks, but how do you effectively monitor them?
The auditors regularly point to shortcomings in the performance and monitoring of ITGC controls in the 4 categories: Access to systems, Access to data, Change management and developments, Operations.
One of the main challenges of ITGC controls concerns the perfect mastery of the user management process: having the ability to prove that this process is clearly described in the appropriate procedures, respected and traced!
Design and execution of ITGC compensatory controls
SWAWE's CCM (Continuous Control Monitoring) module allows you to compile a list of periodic tasks related to mitigating controls so that they are assigned to the dedicated contacts and carried out on the due date (otherwise, a dunning and escalation procedure is customizable).
Once the control is completed, the result is stored and the entire life cycle of each task remains accessible in SWAWE with dashboards ensuring perfect monitoring.
Finally, the level of compliance is also guaranteed by this process!
Design and execution of ITGC controls
To respond effectively to these needs of compliance with the state of the art, the implementation of administrative procedures and periodic controls becomes a necessity.
SWAWE's CCM (Continuous Control Monitoring) module allows you to create a list of periodic tasks related to ITGC controls so that they are assigned to the dedicated contacts and carried out on time (otherwise, a dunning and escalation procedure is customizable).
Once the control is done, the result is stored and the entire life cycle of the task remains accessible in SWAWE with dashboards for perfect tracking.
Finally, the level of compliance is also guaranteed by this process!
SAP Users and Authorization review
Appropriate periodic checks allow user reviews and permissions to be conducted as part of a recertification process.
Like compensatory controls and ITGC controls, it would be a shame to miss SWAWE's CCM (Continuous Control Monitoring) module!
And what about the precious time saved when the auditors come: how much time do your teams spend each year?
Main benefits
Continuous monitoring of controls
A task is sent periodically to the dedicated contact person in order to carry out the control indicated in the task. Customizable reminders ensure continuous controls.
Guarantee of execution of controls
The interlocutor responsible for the task has a deadline for its execution. Once it has been exceeded, it is possible to set up a customizable dunning or escalation procedure to ensure its execution.
Evidence for auditors
Once the control is completed, the result is stored and the entire life cycle of each task remains accessible in SWAWE with dashboards for exhaustive monitoring. Each control carried out is therefore auditable.
Real-time information on the status of controls
The status of tasks related to continuous monitoring is constantly evolving. The dashboards and associated reports continuously read these status changes, providing real-time information.
User Review
One of the recommendations of the audits is to justify a periodic review of user rights, to demonstrate that users have the appropriate rights in relation to their function in SAP.
SWAWE CCM becomes the ideal tool to materialize these controls, with date of the review, name of the interlocutor responsible for the task, actions implemented, storage of evidences...
Key features:
Workflows
To provide a 2nd certification, or to complete the proof of control or to check its content, a workflow with a dedicated contact can be set up.
Customizable reports and dashboards
Graphs and dashboards provide a synthetic view of the monitoring of deadlines and statuses related to controls. These reports can be refined by category, organization, task, period...
Certification of the review by identified approvers
Each task of a control to be performed is attached to a dedicated interlocutor. Via a workflow system, we can set up a certification of the control by a manager or a person responsible for the control.