Vendors, consultants, and others have a new term to abuse: CCM/T. It stands for continuous control monitoring/controls. The idea is that by using automated transaction monitoring tools (like SAP BusinessObjects Process Control), you can provide assurance that controls are in place and effective.
In this blog, I argue that CCM/T is a concept without validity. Not all controls lend themselves to automated testing, and testing transactions does not prove controls are in place.
I am fine with the concepts of continuous monitoring of transactions and continuous monitoring of controls – just not with the idea that one provides the other.