The challenge
You may be experiencing one or more of the following:
- Deficiencies in security or risk controls typically indicate holes in a company's risk management and client fiduciary duties. That may have severe repercussions for the company or you personally.
- The low visibility or "low likelihood of occurrence" make such issues a low priority to correct.
Our advice
Insight
You do not need to implement every single control. Focus on your company's most significant risks and exposures and mitigate those.
Impact and results
Our research and guidance help you prevent these situations:
- Your company may be executing high-risk operations that could damage your reputation or financials.
- Lack of understanding and clarity around your controls. When there is no documentation, business units will interpret and implement controls differently.
- You may have controls (test of design), but nobody follows them (test of effectiveness.)
- You may have controls in place that the departments even follow, but they are not effective in mitigating the real risks.
The roadmap
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the importance of internal controls
We guide you in gaining an understanding of the process of establishing a set of well-designed internal controls.
- Storyboard: Establish an Effective System of Internal IT Controls to Mitigate Risks (ppt)
Assess our company's need for control
You know your company's risk tolerance. Now assess the severity of your operations' risk exposure and create an appropriate level of controls.
- Internal Controls Prioritization Tool (xls)
Establish the controls you need in your company
Once you have created the controls, embed them in your company. The first step here is good communication.
- Audit Log Review Policy (doc)
- Internal Controls Effectiveness Scorecard (xls)
- Internal Controls Communication Plan Template (doc)
Monitor and continuously improve the controls.
Business is dynamic, and so are the risks. Effective monitoring and evaluation of your internal control framework is an ongoing effort. Just make sure you communicate this upfront.
- Internal Controls Monitoring RACI Template (xls)
- Internal Controls Self-Assessment Checklist (doc)
