Digital Testing of Controls
BAAR automates your IT risk and compliance monitoring which greatly helps with your IT risk audits.
Technology Risk and Compliance monitoring:
-
Technology Risk and Compliance monitoring is a multi-dimensional challenge
-
Technology and Risk Management teams spend a significant amount of time identifying issues instead of focusing on resolving them
-
Checking for compliance with internal controls and processes is normally an ‘Event’ that takes place as organizations get closer to Audits or visits from Regulators
-
Using an automated or semi-automated ‘Process’ will allow organizations to deploy their resources more efficiently
Technology Risk and Compliance monitoring:
-
Validate and monitor user access to infrastructure components and tools
-
Ensure servers conform to organizational hardening standards
-
Access to databases is via a middleware (unless it is an approved exception)
-
Web Service passwords follow organizational security standards
-
Source code does not have any authentication credentials (passwords) in clear text
-
Validate that changes made to production follow organizational standards
-
Monitoring should be an ongoing ‘Process’ and not an ‘Event’
-
Provide a mechanism to identify and assign Outliers found in the above to operational resources so they can be re-mediated
-
Better manage risk and resources
-
Not just find issues but remediate them as well. All this done with the required approvals and workflow for the same
We aim to provide a solution for the following (and more):
An example of the dashboards provided are as follows:
-
Executive dashboard
-
Operational Team Dashboard:
