Alert Enterprise : Solutions : Compliance & Risk Management, Enterprise CCM

Enterprise Continuous Controls Monitoring

Organizations can benefit from building controls into their normal business processes. This allows organizations to identify and monitor key controls more effectively. Adding controls to processes after they are in place is often cumbersome and viewed as a nuisance. Most of these cannot scale to the needs of the organization and tend to fall by the way side. Traditional controls automation solutions have been focused on financial controls. However enterprise-level continuous controls monitoring (CCM) extends this automation to include operational controls, general computing controls, access controls, data controls, transactional controls and change management controls.

AlertEnterprise delivers an Enterprise CCM solution that goes one step further to deliver continuous monitoring for IT and business processes combined with physical access controls and industrial controls to monitor access to facilities, critical assets and industrial processes (in the case of asset-intensive industries).

Seamless Integration with Major ERP Systems
Unlike integration between applications that usually involves exchanging data or transferring files, automating controls for processes managed within ERP requires a tighter integration at the business process level. This pre-supposes a core understanding of the target ERP application and the security authorization models that it uses. AlertEnterprise has developed a library of automated controls for common processes like Procure-to-Pay, Order-to-Cash and Financial Controls like General Accounting, Project Systems and Fixed Assets. AlertEnterprise delivers rule sets out-of-the-box for major ERP vendors like SAP, Oracle, PeopleSoft (now Oracle), JD Edwards (now Oracle), and Hyperion (now Oracle). Additionally support for non-IT controls to monitor physical access can be combined with directory services like Active Directory and LDAP. For example this capability can help ascertain if terminated employees still have system or facility access.

Business processes and applications: HR, Procure-to-Pay, Order-to-Cash, General Ledger
Out-Of-The-Box rules for major ERP providers – SAP, Oracle, PeopleSoft, JD Edwards, etc.
Non-IT integration with Facilities and Physical Access

Continuous Monitoring for Transactions and Process Controls (including Segregation of Duties)
AlertEnterprise offers continuous monitoring of transactions. A rule-based risk engine is used and rules can be linked to compliance areas as well for complete SOD analysis and reporting. Transactions underway in ERP and non-ERP systems are continuously monitored in real-time or specified intervals. For some high priority failures, alerts can be generated and remediation scripts are provided to handle these alerts. This helps with timely fraud detection and resolution. The solution goes a step further and can even help prevent some of these risks based on policies. If a payment is made to a blocked vendor, AlertEnterprise looks up the time period defined for testing the control. The system would compare all the vendors in the vendor master table with a blocked flag and check the payment master table to see if a payment record exists for those vendors.

SOD Root Cause Analysis and Risk Visualization
Ability to alert on policy or compliance violations
Monitoring in real-time or specified intervals

Configuration Change/ Master Data Monitoring
AlertEnterprise supports application configuration control checks. The rule engine enables definitions of condition for performing changes to critical configurations and tables etc. For instance, configuration changes to thresholds for quantity of items being received into inventory that might result in the over-delivery of items to the warehouse would result in alerts being generated. Rules can be linked to policies and regulations as well to report compliance gaps. An event-based trigger would initiate automated remedial scripts when an exception rule is met or a business rule is violated. In addition to configuration monitoring, AlertEnterprise offers the ability to perform continuous monitoring on master data such as vendor master, customer master, employee master etc., from ERP and non-ERP systems. As an example vendor addresses and employee addresses in master data can be compared, if there is a match an alert can be generated to help prevent fraud.

Rules based support to detect changes in application configurations
Ability to place controls related to master data
Support for multi-level reporting to detect and prevent fraud

Solutions

Industry Solutions

	Industries
	Smart Grid/ Utilities
	Oil & Gas
	Chemicals
	Transportation
	Nuclear
	Pharmaceuticals
	Healthcare
	Public Sector
	Federal Government
	Defense and Intelligence
	Public Safety
	Airport Security
	State & Local Government
	Regulations and
	Standards
	NERC CIP
	CFATS
	Sarbanes-Oxley
	FERC Codes of Conduct
	ANSI/ISA 99
	NIST SP800-XX
	FISMA
	HSPD-12
	HIPAA
	OSHA
	OFAC