A key distinction of BAM dashboards is the fact they are instantaneous, dynamic, and in real time. Others,
            such as BI dashboards, are refreshed periodically and thus have some static nature to them, and are not
            available in real time continuously.

            Due to the proprietary nature, such as the choice and criteria of KPIs, BAM systems could require a great
            deal of customizing. There are industry-standard BAMs — such as banking, manufacturing, and certain
            service industries — that require less customization. Usually, BAM systems require a sophisticated
            implementation; therefore, entities often hire a BAM expert who specializes in installing BAM systems.
            Modern BAM systems operate, and are independent of, the need for BPrM or other similar tools and
            techniques. They can process high volumes of underlying technical events and present results
            dynamically, bypassing the need for intervening systems or tools.

            For instance, assume a bank is interested in minimizing the amount of money it borrows overnight from
            a central bank. Each day, interbank transfers are communicated and executed via automation by a set
            time. A failure of one or more transactions could cost the bank an excessive amount of interest charged
            by the central bank. A BAM solution could be programmed to process each transaction message and
            wait for confirmation; if within a stated period of time no confirmation occurs, the BAM could send an
            alert. The alert would cause someone to initiate a manual intervention to either investigate the delay or
                                                                        19
            start a transaction to cover the event before it becomes costly.

            Continuous monitoring techniques and applicable tools
            Continuous monitoring (CM) is the system of processes and technology used to ensure compliance and
            avoid risk issues associated with an entity’s financial and operational systems. CM involves people,
            processes, and technology that work together to detect weak or poorly designed controls, allowing
            management to correct or replace them.

            Continuous monitoring tools usually address one or more of the following types of continuous
            monitoring: audit, transaction analysis, controls monitoring, or reporting. CM focuses primarily on the
            quantitative side of controls and risk issues.

            Generally, these tools “sit” on the operational system and continually inspect each transaction based on
            criteria and parameters of what constitutes an anomaly, and usually some degree of failure or error. Low
            degree alerts are sent to files, or emailed to a responsible party, for resolution. Moderate degree
            problems would receive greater and more urgent attention. High degree would create an instant alert to
            someone, and immediate attention would be given to the problem (for example, identification of a
            fraudulent journal entry).

            Some continuous monitoring examples of interest to CITPs include identify, quantify, and report on
            control failures such as duplicate vendor records, duplicate payments of same vendor’s invoice, and
            disbursement transactions that fall outside approval criteria. In fact, CITPs are critical to the development
            and operations of effective CM programs because of their unique ability to identify control points and


            19
              Illustration adapted from http://en.wikipedia.org/wiki/Business_activity_monitoring, accessed August 28, 2019.

            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-32