Home | Contact Us | Register
ProductsSolutionsServicesResourcesCustomersPartnersCompany

Internal Control Management (ICM) Architecture

Products

Business Proposition 
Compliancy ICM Software 
Features & Benefits 
Configuration Offerings 
Architecture 
BPM Differentiating Value 
Enterprise Integration 

Related Links

The Compliancy difference

Configuration offerings

Critical attributes for an automation solution

Why a BPM-based solution makes a difference

Assess your control maturity

Customer testimonials and case studies

Frequently Asked Questions

Brochures

Whitepapers

Compliance and ERM source links

Register for updates about Compliancy

Contact us ....

 

 

Compliancy’s Internal Control Management (ICM) is a single platform solution built on a robust business process management architecture as an integrated system for easier implementation and management with the ability to be integrated and scaled with your business processes.

ICM Architecture Component Overview

The following diagram provides an illustration of the key integrated modules that provide complete and more thorough real-time control of your internal control processes:

The following capabilities are available utilizing ICM:

  • Internal Control Management (ICM) portal – provides a complete Web based system for easy, authorized access to the system based on a granular access authorization and clear segregation of duties.

  • Real-Time Dashboard and On-Demand Reporting - Consolidated Dashboard with real-time visibility, filtered view of control types, and easy drill-down access to detail. 

Compliancy provides graphical feedback about the status of each incident of a workflow process. You'll always be able to tell, at a glance, the status of the incident, what steps have been completed, when they were completed, which steps are currently active, and for how long.  Alerts can be generated based on specific criteria to provide an early notification of potential issues and risks.

 

Compliancy generates statistical information about workflow processes.  It tells you how long, on average, it takes to complete a process or a particular task within a process.  It also tells you the cost of implementing a process, and the cost of each step in the process. This statistical information enables you to measure the effectiveness of a process and improve it.

 

Analyze and distribute control results, status and details with on-demand reporting with built in reports to cover most reporting requirements and customizable to fit your specific needs.

 

Performance data can be easily exported to your favorite analytical reporting tool for detailed analysis. This approach allows you to leverage sophisticated analytical tools and resources for comprehensive analysis of your security. Analytical tools as simple as Excel or comprehensive as SAS or Crystal Decisions can be used.

  • Real-Time Continuous Control Monitoring - An automated process that analyzes completed tasks and/or its data to generate issues or alerts that a control has been violated or to provide the status on identified controls execution.
  • Identification/Assessment Processes - Ability to define templates for customized forms and workflows for collecting information and asssessing risks, compliance requirements or any operational process that can then feed into the control process implementations.  
  • Consolidated Controls Management – Define, implement and access a consolidated view of all control information, including accounts, processes, controls, assertions and documents in an easy to navigate relational tree format.  Complete automation of control procedures at the entity, process and transaction level. 
  • Control Automated Procedures (CAPs) -  Define and execute tasks that automate and capture information related to a control.  A control can have many CAPs to ensure the client is complying with the indicated control.  A CAP can be scheduled or executed on-demand.
  • On-Demand Testing/Audit Management Process tasks that can be scheduled or executed on-demand to test that the control is being performed as documented.  This can be done either during execution or via sampling of completed tasks. A complete set of audit processes can be performed and report created on-demand.  The reports can be organized in various ways based on the audit, but typically the audit shows all activities that were considered out of the "tolerances" that you set and can also be compared with data from other systems.
  • Certification Management – Process task management of controls to determine if they are still mitigating their associated risks with defined accountability.  Records every control decision, approval, test point and other control certifications. 
  • Issues Management – An automated process that provides a systematic approach to issue resolution from detective or preventative identification to automated routing for issue resolution across people in a collaborative framework. 
  • Documentation Management – The management of policies, procedures and other documents utilized in control processes and the documenting/reporting of the control processes, certifications, testing and audits.  ICM provides its own document versioning system or can be integrated with existing Document Management System (DMS).
  • Customizable Templates – A library of commonly used workflow templates for compliance controls to enable quick out-of-the-box startup with the ability to customize existing templates and build new templates for specific requirements.
  • Integrated Business Process Management Engine (BPM) – A complete full featured underlying business process automation engine that provides more robust workflow creation and management.  This allows the automation and management of integrated control points at the transactional level that can be integrated into a company’s business processes. 

Top

System Infrastructure

Compliancy employs .Net and Ultimus to create a robust process management architecture. Since most enterprises depend on a related set of business processes, the Compliancy architecture has been structured around Process Objects that can be developed, tested, implemented and updated independently, without impacting other parts of the application. This approach provides enormous advantages in flexibility and scalability (see the section on Process Object Model).

 

Compliancy is Web services enabled based on the .Net platform.  This provides an easy method to integrate with other applications and services.

 

On a lower level, Compliancy uses Microsoft .Net and Ultimus at its core for high volume and secure transaction processing. Compliancy makes use of Windows 2000/2003 .Net Architecture and technology for scalability, dynamic load distribution, and redundancy.

 

The .Net architecture provides many significant benefits:

  • Compliancy becomes a part of the Windows 2000/2003 operating system. Compliancy uses Ultimus to manage the business logic as it pertains to the application and uses .Net and the Windows Clustering and Load Balancing Technologies for the allocation of resources, scalability, security, and reliability.
  • Compliancy is reliable and highly scalable. Windows 2000 has successfully performed more than 700 million transactions per day.
  • .Net allows for ease in upgrades and maintenance.
  • .Net allows Compliancy to focus on its core application, leaving Microsoft to focus on resource management, transactional integrity and redundancy.

Compliancy scales from small to large environments. By virtue of the component-based architecture, the Compliancy Server makes use of several Windows 2000 clustering and high-availability options that suit high volume, mission-critical installations.

 

For large applications, the Multiple Clustered Server configuration can be used. Large installations need to scale to handle the highest number of concurrent users and processes. Compliancy uses three technologies provided by Windows 2000 for near-linear scalability and to assure high-availability.

  • Network Load Balancing distributes the load of incoming HTTP request to a cluster of IIS servers. This benefits large installations with many users and HTML forms.  The server cluster also provides the first layer of Fail-over Redundancy by compensating for IIS server outages through dynamically redistributing the connections to alternate servers if necessary.
  • Application Load Balancing: .Net provides the Compliancy components the ability to balance objects across a cluster of servers.  New process or step incidents spawn new instances that are automatically spawned on cluster nodes by the Microsoft Application Center COM+ router based on processor utilization. .Net also provides the second layer of fail-over infrastructure.
  • Fail-over Redundancy: Compliancy is also enabled for a 2-server shared-disk Fail-over Redundancy Setup in conjunction with the Windows 2000/2003 Advanced Server.

In this case, single-server application or hardware outages lead to a fail-over migration onto the surviving server. Such redundant configurations can guard against unplanned downtime with very little additional administrative efforts.

Top

Process Object Model (POM)

The Process Object Model is a unique approach to application architecture. It provides the maximum flexibility for developing and configuring custom applications to meet the exact requirements for today's applications.

 

The concept of breaking applications into manageable and reusable components is not new. It is found in the component model (COM and CORBA) and in Object Oriented Programming such as C# and C++. POM takes this same concept at the application level.

 

With Compliancy, your security application is developed in components called processes. Each process is completely independent and can be developed, modified and upgraded without affecting other processes.

 

Each process is developed or modified using a graphical development tool. It can be designed and tested completely independent of the rest of the application. Once testing is complete, it is "installed" within the application using the Administrator.

 

It is given a version number that uniquely identifies it. Transactions and activities involving this process can be monitored and tracked independent of other processes within the application.

 

Changes can be made to each process without any impact on other processes or the rest of the applications. When an update has been completed, it is tested and installed.

This replaces the existing version(s) with the new version with a new number. Activities involving previous versions that are yet to be completed continue on the previous version until all have been completed.

 

POM allows you to build flexible applications to meet your exact requirements. It provides the ultimate in application scalability and makes it possible to build on previous development in an incremental fashion.

Top

Web services

One of the most difficult, timely and costly IT activities is application integration. Tying together applications such as CRM, ERP, SCM, SFA, Financial and custom developed applications has enormous benefits in improving productivity and information while reducing cycle times and cost.

 

Compliancy utilizes standards based XML Web services to enabled integration with other applications such as SAP, Seibel and Microsoft BizTalk.  

 

Compliancy will even talk to Microsoft Office applications or custom developed applications using Web services and XML, all without programming, scripting or macros.

 

Any stage within a Compliancy process can be a direct interface to another Web services or XML-enabled application.  Compliancy fully automates this and has the capability to synchronize with another application by waiting for a response to be posted or launch a process with this technique. 

 

Tight integration with Microsoft BizTalk also ensures managed integration with most common applications.

Top

For more information contact us at info@compliancysoftware.com or call +1-919-342-6212

Copyright (©) 2006-2008 Compliancy Software. All rights reserved.