Why?
- Controls are invented ad-hoc, often after an audit
- There is no comprehensive overview of which controls are executed by whom
- Some similar controls are executed several times in different departments, covering the same risks
- Some risks are covered with various controls, which is a loss of money
- Most risks are not covered by any control
For big multinationals, enterprise GRC applications are implemented. However, for most organizations only some controls of SoD issues are managed. Whatever the size, the scope, etc., every internal controls project starts by documenting the controls in text files and or spreadsheets. But, without appropriate tool, it is clear that those uses of unstructured data formats are and will remain ineffective and inefficient.
Functionality
Using CSI Controls Organizer, you will have the most comprehensive and flexible tool that helps you to set up, implement and monitor a business control framework. Whatever the (ERP) application is, CSI Controls Organizer facilitates you to become in control!
This easy-to-use application helps you to set up and document a business control framework by means of a structured, process- and risk-oriented methodology. This methodology is transparent, easy to understand, and flexible enough to tailor to a variety of organizations with industry- or organization-specific risk patterns.
The multi-user CSI Controls Organizer facilitates the implementation of your controls design by making use of dedicated best-practice controls repositories, leading to significant timesaving's for you.
Once your business control framework is implemented, the tool will help you to monitor and assess your control structure to assure continuous existence of your controls and/or compliance to internal and external requirements (such as Sarbanes-Oxley). In case of a SAP system the tool can even automatically perform checks on implemented SAP application controls!
Important Features
- CSI Controls Organizer is process based and contains already a pre-defined business process decomposition that allows you to make a quick start and, if necessary, can be adapted to the specific client situation
- Different implementation scenarios, varying from stand-alone to a multi-user / client-server implementation
- Implementation and monitoring of ‘who should perform which control step with which priority and frequency’, including registration of control findings
- Strong and flexible reporting functionality that allows you to filter on different criteria for issuing management reports and follow-up monitoring
- Several best practice controls database (e.g. for SAP Enterprise) can flexibly be attached preventing you to ‘re-invent the wheel’
- The tool enables you to link ‘evidence’ in a flexible way
- Free tables and fields that can be used for client specific requirements
- Apart from the use for business control frameworks, CSI Controls Organizer can also be used for other purposes, such as setting up internal audit programs, self-assessments and security and controls monitoring programs