The internal control system forms the basis of every governance system. It is an essential component of risk defense and describes the set of all controls of a company for compliance with guidelines and defense against damage. All controlling and steering departments involved in the management of risks base their work directly or indirectly on the Internal Control System.
Cyclical risk management
Use the Risk-Control Matrix to document all compliance risks in your organization.
The scope of the ICS is derived from the relevant business processes identified on the basis of quantitative and qualitative selection criteria.
In a comparison of the risks and controls per business process, deficits are identified and improvement measures are defined in order to achieve the company-specific control objectives. This results in a detailed control description in order to implement the measures accordingly and to ensure traceability.
mode of operation
The regular reconciliation of risks and controls is a cross-sector task in the governance of the company.
One of the essential prerequisites is that the relevant risks are defined in a uniform or comparable manner and that the mitigating effects of the controls and protective measures are measured in a uniform or comparable manner. The use of an integrated platform with a common data model helps to keep the statements comparable.
Performing control tests helps you verify the effectiveness and design of controls.
In the system, all performed controls are recorded by the process/risk owner and regularly confirmed by the control manager.
Thanks to complete documentation of the controls and control tests, ICS reporting can be used to identify optimization potential in the controls and to initiate corrective measures. In addition, the management can be continuously informed about the status of the ICS.