Vendors, consultants, and others have a new term to abuse: CCM/T. It stands for continuous control monitoring/controls. The idea is that by using automated transaction monitoring tools (like SAP BusinessObjects Process Control), you can provide assurance that controls are in place and effective.

In this blog, I argue that CCM/T is a concept without validity. Not all controls lend themselves to automated testing, and testing transactions does not prove controls are in place.

I am fine with the concepts of continuous monitoring of transactions and continuous monitoring of controls - just not with the idea that one provides the other.