Conteliga distinguish between a control failure which leads to a risk and the control failure which do not lead to a risk. This distinguish helps to priorities the handling of the failure. Every control failure which leads to risk exception should to be handled prior to the control failure which is not leading to the risk.
Every control failure e.g. having an access to development transaction in production may or may not lead to a risk depending upon if the other control e.g. having a development key in production also fail.
Conteliga automatically monitor the control and risk failure, informs the control and risk owners automatically, monitor the execution to fix the issue like ticketing system, allows a control or risk failure as “allowed exception” and avoids reporting them again. Conteliga has an extra review process for the “allowed exceptions”, which asks the owner, if it is still needed and suggest the way to fix the issues. This review is not only for GC-IT check but also for the SoD Conflicts.
A mitigating process control, which is assigned to a risk is executed on the content level automatically so that the “false positive” can be avoided. E.g. if a user changes the vendor master data of vendor “A” via normal or via emergency access and PO of the vendor “B”, then it is a conflict on the transaction level but not in the content level. Conteliga reports the conflicts on the content level, so that such “false positive” are avoided.
Conteliga 100% automate the detection, reporting of the control and risk failures and the mitigation process control are also executed automatically on the content level to avoid “false positives”.