Anti-corruption, anti-bribery, anti-money laundering programs policies and procedures and even export control systems are seemingly in a constant state of evolution. Many companies are struggling with the challenge of implementing effective controls and monitoring risks across a spectrum that could include the three above listed compliance areas as well as others. One area which is evolving into a minimum best practices requirement for compliance is that of Continuous Monitoring (CM).
While many companies will look at CM as a software solution that can assist your company in managing risk; provide reporting metrics and, thereby, insights across an organization, it should be viewed more holistically. You will need to take many disparate systems, usually across a wide international geographic area, which may seem like an overwhelming process. However help is at hand from an article in the November 2011 issue of the Compliance Week Magazine, entitled “Mission Impossible? Six steps to continuous monitoring”, where author Justin Offen discusses his six-point program to ensure that your “CM solution doesn’t become part of the problem” rather than a solution.Know your global IT footprint. Offen believes that the challenges with integrating “disparate data often prevent CM discussions from even getting off the ground.” Rather it is important to understand how CM will be incorporated into your company’s overall IT strategy as well as your compliance strategy. This advocates that this inquiry begins with understanding what your current IT structure is and what it is anticipated to be in 3 and 5 years. Once you identify your global IT footprint you can determine which system will be the best fit. Define scope and necessary resources. The author believes that you need to determine what your goal is; begin by identifying your needs and then prioritize them. You should perform a risk analysis and then rank the risks ...Zum vollständigen Artikel