Oversight Keeps Fraud Out

Keep an eye on transactions with Oversight continuous transaction monitoring (image: Fotolia)
Keep an eye on transactions with Oversight's continuous transaction monitoring (image: Fotolia)

In large, complex organizations, fraud is hard to detect and even harder to get to the bottom of. What may seem like an internal scam might in fact be an external spear phishing attack – or vice versa. That’s where Oversight Systems comes in.

Oversight’s continuous transaction monitoring (CTM) ensures that transactions comply with corporate policies and processes. That means that every relevant transaction is analyzed in real time for policy violations or questionable behavior. If any exceptions are found, a business analyst within the company receives an alert.

Eight years, two certifications

Oversight Systems has been in business for eight years and is certified with SAP on two ends. For several years, the company has been a certified data extraction technology partner. And now, as of February 2011, Oversight is an SAP Endorsed Business Solution partner (EBS), the only CTM solution to be endorsed by SAP.

“Being an EBS partner means that our solutions have gone through a similar quality assurance cycle as SAP’s own solutions and have passed a certain quality threshold,” says Patrick Taylor, CEO of Oversight Systems.

In addition, Oversight 6.2, the latest release, is one of the first solutions to have certified integration with the SAP BusinessObjects Process Control application, part of SAP Governance, Risk, and Compliance (GRC).

When Oversight detects a control violation, it sends an alert to the relevant analyst (screenshot: Oversight)
When Oversight detects a control violation, it sends an alert to the relevant analyst (screenshot: Oversight)

Integration and implementation

Companies implement SAP GRC Process Control to maintain compliance with regulatory mandates. For example, a company might create a rule that controls which business systems certain employees are able to access and when that access is allowed. Oversight 6.2 translates that policy into the back-end and makes sure the controls are effective.

At the moment, Oversight 6.2 is certified to integrate with BusinessObjects Process Control 3.0. SAP is working on the 10.0 version and Oversight is currently developing integration with that version as well.

Oversight implementations usually take 30-60 days, but could take longer depending on the number and complexity of business processes that are included. The cost varies as well, but the average return-on-investment is only six months.

Somebody’s always watching

Jimmy Lin, product manager at Oversight Systems, says the recent rash of spear phishing attacks have more and more customers worrying about their company’s overall security. “We’ve had a lot of conversations where clients are not only worried about an access control solution but also about their back-end. They ask us, how do we make sure that we don’t have checks being written to ghost employees or someone setting up a fake vendor?”

To be clear, the focus of Oversight Systems is around internal fraud. Usually a company approaches Oversight Systems with a specific problem in mind – cash leakage or suspicious behavior – but the reason clients continue using the solution is that it becomes a preventative measure. Lin explains, “People know somebody’s always watching, so they’re less likely to try something.”

Companies set up controls in the SAP system and Oversight makes sure they are carried out (screenshot: Oversight)
Companies set up the controls - Oversight makes sure they are carried out (screenshot: Oversight)