Problem:
Poorly defined or manual (e.g., email) processes cause delays in the identification, assessment, and correction of incidents (control failures). These delays can magnify the financial, regulatory, reputational, security, or performance impact of incidents that would otherwise be minor.
Even when incidents are promptly identified, they often go unreported, whether intentionally or not.
Insufficiently precise alerts flag too many potential incidents and do not prioritize them, delaying or even preventing the identification of a control weakness, its root cause, and its impact.
Once a systemic control issue is identified, there is no central place where members of different teams can document it and track its progress toward resolution.
What do we build into EagleEye 365?
- Real-time reports of incidents (control exceptions)
- Incidents are automatically prioritized and ranked, based on a calculated risk score for each.
- Incident alerts can be created and configured to trigger only when a transaction meets a certain set of conditions, or only when it exceeds a predetermined threshold.
- Incident response policies and procedures can be configured and automated within EagleEye 365.
Benefit:
Less time spent documenting and investigating “false flags.”
Fewer distractions from overly intrusive alerts.
Faster identification, assessment, tracking, and resolution of systemic control issues.
More efficient and reliable reporting of control weaknesses for compliance executives, internal auditors, external auditors (e.g., for SOX 404 reporting) and regulators.