The SymSure™ Monitor

SymSure™ Monitor is a framework to achieve acceptable levels of risk in an organization by monitoring and addressing internal control weaknesses. The solution manages risks and controls from an enterprise level by examining the details of transactions and data files.

Most organizations spend significant time and effort in streamlining their internal controls to meet regulatory requirements, such as, COSO III, Sarbanes-Oxley, Basel II and ISO9000. By implementing SymSure™ Monitor, these efforts can be automated and made repeatable.

Organizations can move away from periodically examining the state of controls to knowing when a control has failed or is about to fail. SymSure monitors transactions and data within business processes to detect exceptions based on business rules and parameters. Once detected, SymSure™ Monitor can alert the relevant users using a variety of contact options such as e-mails and text messaging. All alerts and reports are managed within a comprehensive workflow solution.

The workflow solution is distributed across the enterprise to engage all stakeholders in achieving internal control and compliance objectives.

Issue Management Workflow

Detecting compliance and control breaches is only part of the core objective. The resolution of issues and the associated improvements in the control environment are critical to realizing the value of continuous monitoring. Anyone attempting to monitor business process controls manually can attest to the challenges.

SymSure™ Monitor boasts an impressive collection of simple but effective functionality to manage issues.

These include: 

  • assigning exceptions to specific users for action
  • including users/groups to be alerted for information purposes only
  • setting up an escalation process
  • controlling whether or not the assigned user can close the issue
  • performing all of the above based on conditions

The conditional management of issues is a powerful feature that allows the customer to determine different treatment of exceptions based on predefined criteria. For example, all exceptions for Branch A get routed to Manager A and Branch B to Manager B, and so on. Routing exceptions above US$50,000 to the CFO’s attention; is another example.

Once results are assigned, users can: 

  • review/close
  • reassign
  • comment
  • exempt
  • view history of activities

Review Process

Issues can be reviewed by the user to whom they were assigned. He or she has the option to make comments on actions taken and may attach screenshots, spreadsheets, and other documents, to evidence work done.

Reassigning the issue to another user allows the Manager or Supervisor to manually allocate work to others. All issues reassigned are kept on the assigner’s dashboard until it is closed by the assignee.

Exemptions

SymSure™ Monitor allows for the exemption of specific records as a way of reducing false-positives. Applications that detect issues and allocate work must provide for the reduction of false-positives or the user may become overburdened. Specific records in a report can be exempted or a condition can be applied to exempt them. For example, inactive employees in a report on employees with missing demographics could be exempted by using the condition Employee Status = INACTIVE.

Exemptions are reversible and can be viewed at anytime. This functionality can also be used to extend the business rules used to generate reports without amending scripts.