What is Continuous Controls Monitoring (CCM) and how is it different than what Supervizor does?

As a concept, Continuous Controls Monitoring (CCM) has been around for more than two decades and represents a shift in how organizations approach auditing and risk management.  The core concept behind CCM is that it involves the use of technology to automate the monitoring of internal controls on an ongoing, or near real-time, basis. This contrasts with traditional audits, which typically involve periodic, sample-based testing. 

The benefits for audit are immense and include: 

• Enhanced Risk Detection: CCM enables organizations to identify control weaknesses and potential risks as they occur, rather than after the fact. It allows for the monitoring of entire populations of transactions, rather than just samples, leading to more accurate risk assessments. 

• Increased Efficiency: Automation reduces the reliance on manual testing, freeing up audit resources to focus on higher-value activities, such as strategic risk analysis. It streamlines the audit process by providing continuous evidence of control effectiveness. 

• Improved Compliance: CCM helps organizations maintain continuous compliance with regulatory requirements by providing ongoing monitoring of key controls. It strengthens internal controls, reducing the likelihood of compliance violations. 

• Near Real-time Visibility: CCM provides real-time or near real-time visibility into the effectiveness of internal controls, enabling organizations to respond quickly to emerging risks. It promotes greater transparency across the organization. 

CCM moves audit from a reactive state, to a more proactive one. Allowing for issues to be addressed before they become substantial problems. This results in more effective control over risks, improved compliance, and increased audit efficiency. 

Where did Continuous Controls Monitoring (CCM) come from? 

The underlying idea of continuous monitoring of controls has evolved alongside advancements in technology. As businesses became more complex and regulations increased, the need for more frequent and efficient control assessments grew. 

While it is hard to pinpoint where the term CCM came from, the Big Four accounting firms have been instrumental in developing and popularizing its practices. Also organizations like ISACA (Information Systems Audit and Control Association) have played a role in defining and promoting CCM, though focusing more on information systems governance, control, and security aspects and how such is a key component of effective Governance, Risk, and Compliance (GRC) strategies. 

So how is what Supervizor does differ from CCM?  

Well, it’s not that different. It’s an enabling technology to achieve CCM in the financial realm. CCM is a broad concept that encompasses a wide range of controls, including financial, operational, and compliance-related ones. Supervizor on the other hand is a software platform that applies the principles of continuous monitoring specifically to financial risk. The platform focuses on analyzing financial transactions to detect anomalies, fraud, and errors.  It uses AI and pre-built controls to automate the identification of financial risks.   And it is designed to give very quick "time to value" by automatically preparing and cleansing data from disparate data sources and using hundreds of ready-to-use controls to find risk. 

While CCM is a methodology, Supervizor is a specific software solution designed to execute that methodology within a financial context. 

Check out Supervizor for CCM 

Is your organization exploring how to implement a CCM methodology? If so, take a look at Supervizor and see how it is driving the efficiency and effectiveness of internal audit teams and their businesses.