The role of PIC in Continuous Control Monitoring (CCM)

In an era of increasingly complex digital transformation, organizations need more than just building robust internal control systems. They must also ensure these systems operate consistently and can be monitored in real time. Continuous Control Monitoring (CCM) CCM is an approach that enables continuous monitoring of internal controls without having to wait for the periodic audit cycle.

However, no matter how sophisticated the technology implemented in the CCM program, its success still rests on one most human element: Person In Charge (PIC). The role of the PIC in Continuous Control Monitoring is not merely an administrative formality, but rather a strategic function that determines whether each control is truly running according to its objectives.

This article discusses in depth the definition of PIC, its role in the CCM program, its duties and responsibilities, and how to optimize its contribution for more effective and sustainable governance.

What is Person In Charge (PIC)

A Person In Charge (PIC) is an individual formally appointed to oversee, manage, and account for the operation of a specific process, activity, or system within an organization (Aliyah, 2024). In the context of internal control, the PIC has direct authority and accountability for the area under their responsibility.

The main characteristics of an effective PIC include:

• Have a deep understanding of the processes or controls they oversee
• Able to proactively identify risks and anomalies before they develop into serious problems
• Committed to accurate and timely reporting
• Have good cross-functional communication capacity to coordinate with various stakeholders

What is the Role of PIC in CCM Program

In a Continuous Control Monitoring program, the PIC is not simply a liaison between technology and management systems; they are the frontline, ensuring the integrity of control data and the validity of each monitoring finding. The PIC's role in Continuous Control Monitoring encompasses operational, analytical, and communication dimensions.

More specifically, the role of the PIC in the CCM program includes:

• Active monitoring: Monitor the progress of controls periodically using the dashboard or reports generated by the CCM system.
• Data validation: Ensure that the data used as a basis for monitoring is accurate, complete and relevant.
• Escalation of findings: Forward monitoring results that indicate weaknesses or violations to the authorities in a fast and structured manner
• Cross-unit coordination: Be the point of contact between business units, internal audit teams, and management regarding the status of controls being monitored.
• Documentation: Maintain a clean audit trail for reporting purposes, regulatory compliance, and management review.

PIC Duties and Responsibilities in Monitoring Control

The PIC's monitoring responsibilities extend far beyond simply reading daily reports. They encompass the full cycle of planning, execution, reporting, and follow-up. The following details the PIC's duties and responsibilities in monitoring and control:

Planning and Parameter Determination

• Defining the threshold (threshold) which will trigger an alert in the CCM system
• Coordinate with risk and internal audit teams in establishing priority controls that need to be monitored more closely.

Monitoring Implementation

• Carry out CCM supervisory duties routinely according to the agreed frequency, whether daily, weekly or monthly.
• Analyze monitoring results to distinguish between ordinary technical anomalies and indications of real violations that require immediate action.

Reporting and communication

• Prepare periodic control status reports to be submitted to management and the audit committee.
• Documenting every finding, corrective action, and its results in a systematic and verified manner

Follow-Up

• Ensure that improvement recommendations are implemented in a timely manner by the responsible unit.
• Verifying that previously weak controls have been strengthened through the process remediation measurable

The Role of PIC in Maintaining CCM Effectiveness

The role of PIC in maintaining the effectiveness of CCM can be seen from three main dimensions:

1. Compliance Dimension (Compliance) The PIC ensures that all monitoring activities comply with applicable regulations, including OJK regulations for the financial sector, ISO standards, and internal organizational policies. Without consistent PIC oversight, compliance gaps can develop silently, undetected, and eventually become material audit findings.
2. Risk Dimensions (Risk) Through continuous monitoring, the PIC is able to identify emerging risk patterns earlier than with conventional periodic audits. It's important to remember that a risk-based audit approach supported by real-time data significantly improves an organization's ability to prevent losses before they occur.
3. Dimensions of Continuous Improvement An effective PIC not only responds to problems that have already occurred, it also proactively identifies opportunities for control design improvements, driving a never-ending cycle of improvement as risk dynamics continue to change.

Challenges in PIC Management in CCM

Despite its crucial role, managing PICs in CCM programs doesn't always run smoothly. Some common challenges organizations face include:

• Excessive workload: PIC often has other operational duties, so that the CCM supervisor's duties do not receive adequate attention.
• Lack of technical competence: Not all PICs have sufficient understanding of the CCM system used, especially in reading data-based analytical dashboards.
• Resistance to change: CCM implementation often changes existing workflows, triggering resistance from business units that feel oversight is being tightened.
• Limited data access: PICs sometimes do not have sufficient access to cross-system data to perform truly comprehensive monitoring.
• Role ambiguity: Without clear SOPs, PIC monitoring responsibilities may overlap with internal audit or risk management functions, creating accountability confusion.

These challenges emphasize that CCM success is not dependent on technology investment alone. Human resource management and role governance must be given equal importance.

How to Optimize the Role of PIC in CCM

Optimizing the role of the PIC in CCM requires a holistic approach, simultaneously addressing the structure, competencies, and culture of the organization. The following strategic steps can be implemented:

Clear Role Determination

• Create a RACI Matrix (Responsible, Accountable, Consulted, Informed) which explicitly defines the position of the PIC in the CCM ecosystem.
• Ensure each PIC has a written job description that includes specific and measurable CCM supervisor duties.

Continuous Competency Improvement

• Provide regular training on the use of CCM tools, data analysis, and understanding of control frameworks such as COSO or COBIT
• Promote professional certifications such as CISA (Certified Information Systems Auditor) or CIA (Certified Internal Auditor) to strengthen the technical capacity of PIC

Targeted Technology Support

• Provide an intuitive monitoring dashboard so that PICs can understand control status without requiring excessive technical expertise.
• Integrate an automated notification system to help PICs prioritize the most critical findings among the flood of incoming data.

Periodic Performance Evaluation

• Conduct periodic PIC performance assessments based on measurable indicators, such as response rate to findings and timeliness of reporting.
• Use evaluation results as material for continuous improvement in the overall CCM program.

Building a Culture of Accountability

• Create a work environment that values ​​transparency and timely reporting, so that PICs feel supported, not just supervised, in carrying out their duties.
• Involve PICs in the control design review process so they have a sense of ownership (ownership) to the CCM program that it manages

Conclusion

The PIC is the backbone of CCM's success by ensuring effective monitoring and control, adapting to business changes. By addressing challenges and optimizing its role, organizations can maximize the benefits of CCM for superior risk management. Proper implementation will support sustainable governance in the digital age.

Therefore, companies need a system that can help monitor, control, and manage risk in a more structured and sustainable manner. To support this, an audit application is needed. Audithink can be a solution in managing Continuous Control Monitoring (CCM) and audit activities more effectively.

This application is designed to be easily integrated with various company systems, supports real-time monitoring, and helps PIC and audit teams in monitoring controls, reporting findings, and following up in a more measurable manner. Submit a demo now and find out how our app works.