Automation of control monitoring is the application of technology to allow continuous or high-frequency, automated monitoring of controls to validate the effectiveness of controls designed to mitigate risk1.

Automation of control monitoring can provide benefits such as increased test coverage, improved timeliness, reduced risk velocity, greater visibility, improved consistency, and the ability to identify trends23.

However, automation of control monitoring also involves costs such as the acquisition, implementation, maintenance, and updating of the technology, as well as the training and support of the staff who use it45.

Therefore, the primary consideration when assessing the automation of control monitoring is the cost-benefit analysis of automation, which compares the expected benefits and costs of automation and determines whether the benefits outweigh the costs or vice versa45.

The other options are not the primary consideration, but rather secondary or tertiary factors that may influence the decision to automate or not. For example, the impact due to failure of controland the frequency of failure of control are aspects of the risk assessment that may indicatethe need for automation, but they do not provide the basis for evaluating the feasibility and desirability of automation45. Similarly, the contingency plan for residual risk is a component of the risk response that may include automation as a risk mitigation strategy, but it does not measure the effectiveness and efficiency of automation45. References =

2: A Practical Approach to Continuous Control Monitoring, ISACA Journal, Volume 2, 2015

3: Continuous Controls Monitoring: The Next Generation Of Controls Testing, Forbes Technology Council, June 2, 2022

1: Making Continuous Controls Monitoring Work for Everyone, ISACA Now Blog, June 13, 2022

4: Controls Automation - Monitoring vs. Operation - Part 3, Turnkey Consulting, July 29, 2021

5: What’s Continuous Control Monitoring and Why Is It Important?, MetricStream Blog, October 15, 2019