Professional Documents
Culture Documents
Continuous Monitoring Activity
Continuous Monitoring Activity
Continuous Monitoring Activity
Background
The control owner must summarize the continuous monitoring activities that
they have in place to monitor the ongoing effectiveness of a control in a
continuous monitoring plan (CMP) which is recorded in helios. The design
of the CMP is therefore critical in order to ensure that the right activities are
placed.
Continuous Monitoring
Scope:-
1) All key controls linked to a very high or high inherent risk or locally
significant risks must be subject to continuous monitoring.
2) Relevant country Risk Management Meeting (RMM) must approve the
classification of locally significant risks with the expectation this is only a
small number of risks.
Who:-
Control owners are accountable for continuous monitoring of the design and
operating effectiveness of key controls and must attest to the performance of their
continuous monitoring and the current effectiveness of their controls environment.
This accountability cannot be delegated.
Control owners must evidence continuous monitoring attestation for SOX key
controls on at least on an annual basis.