RISK MANAGEMENT

INTRODUCTION

Conteliga distinguish between a control failure which leads to a risk and the control failure which do not lead to a risk. This distinguish helps to priorities the handling of the failure. Every control failure which leads to risk exception should to be handled prior to the control failure which is not leading to the risk.

Every control failure e.g. having an access to development transaction in production may or may not lead to a risk depending upon if the other control e.g. having a development key in production also fail.

Conteliga automatically monitor the control and risk failure, informs the control and risk owners automatically, monitor the execution to fix the issue like ticketing system, allows a control or risk failure as “allowed exception” and avoids reporting them again. Conteliga has an extra review process for the “allowed exceptions”, which asks the owner, if it is still needed and suggest the way to fix the issues. This review is not only for GC-IT check but also for the SoD Conflicts.

A mitigating process control, which is assigned to a risk is executed on the content level automatically so that the “false positive” can be avoided. E.g. if a user changes the vendor master data of vendor “A” via normal or via emergency access and PO of the vendor “B”, then it is a conflict on the transaction level but not in the content level. Conteliga reports the conflicts on the content level, so that such “false positive” are avoided.

Conteliga 100% automate the detection, reporting of the control and risk failures and the mitigation process control are also executed automatically on the content level to avoid “false positives”.

DO YOU KNOW ?

Do you distinguish among risk and control conflict? e.g. having access to development transaction is a control conflict, which may or may not lead to a risk conflict, depending upon if the development key assigned to the user or not ?
Are you investing time fixing the control conflicts which are not leading to a risk conflicts?
Can you prioritize the conflict issues?
Do you have a risk document, which defines the risk with all the logic of controls, status and also the users/roles/System with the conflicts ?
Can you follow up on the control and risk conflicts and can automatically trace if the conflicts reappear?
Do you monitor the control/risk exceptions manually investing on expensive IT consultants and want to automate it in order to reduce process cost and time and increase business satisfaction?
Do you have a reporting to track the changes in risk conflicts?

REQUEST FOR SOLUTION

Conteliga automated workflow solution can implement the risk handling within 1-2 months.