The challenge
You may be experiencing one or more of the following:
- Deficiencies in security or risk controls typically indicate holes in a company's risk management and client fiduciary duties. That may have severe repercussions for the company or you personally.
- The low visibility or "low likelihood of occurrence" make such issues a low priority to correct.
Our advice
Insight
You do not need to implement every single control. Focus on your company's most significant risks and exposures and mitigate those.
Impact and results
Our research and guidance help you prevent these situations:
- Your company may be executing high-risk operations that could damage your reputation or financials.
- Lack of understanding and clarity around your controls. When there is no documentation, business units will interpret and implement controls differently.
- You may have controls (test of design), but nobody follows them (test of effectiveness.)
- You may have controls in place that the departments even follow, but they are not effective in mitigating the real risks.
The roadmap
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the importance of internal controls
We guide you in gaining an understanding of the process of establishing a set of well-designed internal controls.
- Storyboard: Establish an Effective System of Internal IT Controls to Mitigate Risks (ppt)
Assess our company's need for control
You know your company's risk tolerance. Now assess the severity of your operations' risk exposure and create an appropriate level of controls.
- Internal Controls Prioritization Tool (xls)
Establish the controls you need in your company
Once you have created the controls, embed them in your company. The first step here is good communication.
- Audit Log Review Policy (doc)
- Internal Controls Effectiveness Scorecard (xls)
- Internal Controls Communication Plan Template (doc)
Monitor and continuously improve the controls.
Business is dynamic, and so are the risks. Effective monitoring and evaluation of your internal control framework is an ongoing effort. Just make sure you communicate this upfront.
- Internal Controls Monitoring RACI Template (xls)
- Internal Controls Self-Assessment Checklist (doc)
Buying Options
Business Process Controls and Internal Audit
You may also be interested in these products
Let's Talk More Options To Help You
Tymans Group Guidance & Consulting
Tymans Group guidance and (online) consulting using both established and forward-looking research and field experience in our management domains.
Tymans Group
& Info-Tech
Combo
Get both inputs, all of the Info-tech research (with cashback rebate), and Tymans Group's guidance.
Info-Tech Research
Info-Tech offers a vast knowledge body, workshops, and guided implementations. You can buy Info-Tech memberships here at Tymans Group with cashback, reducing your actual outlay.