Browse Prior Art Database

System For Managing Audit/Process Compliance

IP.com Disclosure Number: IPCOM000018781D
Original Publication Date: 2003-Aug-07
Included in the Prior Art Database: 2003-Aug-07
Document File: 2 page(s) / 105K

Publishing Venue

IBM

Abstract

Our solution proposes several changes to how an organization maintains an audit ready posture and can monitor their compliance to various policies. We define an audit ready organization as one which: performs consistent self reviews of its compliance, maintains integrity of results by restricting and tracking modifications, and has readily available, understandable and verifiable reports of their audit posture. Our system facilitates all of these requirements. First, reviews are defined in a schedule and created according to a specific definition. Data integrity is ensured by disallowing any human manipulation from the time it is provided to the time it enters the data warehouse. Finally, the data is well defined and checked for validity making actions based on various audit patterns easy to automate

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

System For Managing Audit/Process Compliance

Context & Challenges

In most companies, audits performed by independent auditors are the primary method for assessing compliance to policy. While this method has many advantages (such as separation of duties), there are also several challenges:

Organizations cannot wait several months before an assessment can be conducted

by an independent auditor. This is a shift from periodic, large, third party audits, to "continuous auditing" or self-audits. Continuous audits produce large amounts of data. This flood of data must be

constantly organized to accomodate business intelligence activities. The analysis and actions performed by the organization must be readily available

and produced with minimum turn around time. "Put simply, the less time people have to massage or 'spin' information, the less

likely they are to do so; the fewer people that tell a story, the closer it remains to the original truth" (Gartner). Reviews should preferably be conducted by those people and systems as close to the source as possible. These results should be fed directly into a pipeline where they are protected from manipulation. At all times, the system should ensure data integrity by restricting modifications and recording by whom, what, and when any modifications are made.

Solution

Reviews are created on a pre-determined schedule that conforms to organizational policies, and are also tracked to completion by the system. Instead of a single auditor, in most cases, all mangers in the organization are eligible to conduct self-review. This method spreads the responsibility for audit readiness to all employees. To move an organization from a reactive mode to a proactive/predictive mode, reviews are conducted on a regular schedule. The consistent self-reviews educate employees as to the various...