Internal Control Management

Click here to Request a Demo

Overview

Our internal control management solution gives you the tools you need to identify, implement, and assess your internal control system to:

  • Reduce your organization’s exposure to risk
  • Ensure regulatory compliance
  • Measure and improve business process performance

Today’s internal control departments must strike the right balance between risk exposure and business profitability – while complying with complex regulations and working closely with internal audit departments to optimize business processes.

Based on the best practices outlined in international standards and frameworks like COSO, COBIT, and ISO, our internal control management solution covers all phases of internal control and can be configured to fit the structure of your organization. It spans the implementation and maintenance aspects of internal control systems and lets you develop a personalized interface for each user profile.

Internal control system definition phase: Setting up an internal controls library

Defining your organization’s internal control system lets you place controls in the context of your business. Our solution’s graphical tools can be used to link your internal control map to corresponding business processes and risks. This makes it easier to understand the specific business context and risks under which controls must be executed or assessed. The internal controls can also be grouped by regulation or standard. These capabilities enable business process managers and internal controllers to define and document first- and second-level controls while taking into account the relevant business context.

Internal control execution phase

Our solution automates the execution of internal controls via a workflow, leaving your internal controllers free to focus on the most sensitive tasks. Business users can use a checklist or execution campaign to make sure that established rules and best practices have been implemented in business processes. Because the solution automatically generates reports from data in the shared repository, you can easily monitor progress and consolidate results.

Evaluation phase: Carrying out assessment campaigns and testing internal controls

The effectiveness of your organization’s internal control system is evaluated through internal control testing carried out via questionnaires as part of an assessment or self-assessment campaign. Our solution can also be used to organize internal control testing campaigns. These campaigns draw on field data from the execution of internal controls to produce the assessment results. Reports consolidating all measurements are generated automatically, meaning you can make sure that all processes and procedures are aligned with your organization’s internal control strategy.

Remediation phase: Managing deficiencies and implementing action plans

Internal control deficiencies are identified from assessment questionnaires or can be entered directly into the solution. They are categorized and analyzed according to their origin, causes, and impacts, so that the appropriate corrective actions can be taken. The resolution of deficiencies is formalized through the implementation of action plans, whose follow-up and evaluation are made easy thanks to reports and dashboards.

Our internal control management solution is powered by HOPEX, our signature platform that supports all our enterprise governance solutions. Our comprehensive approach gives you a more complete vision of your organization by incorporating internal controls into representations of your company’s assets, capabilities, and strategy, thus enabling more informed decision-making that takes potential threats into account.
Used in conjunction with our other corporate governance solutions, our internal control solution gives your internal controllers an enterprise-wide governance framework and your top executives a 360° view of your operations.

Features

Our internal control management solution is powered by the HOPEX platform. Secure data access, workflows, and reports can be configured for each user profile. The solution is designed to support business process managers and internal control managers at every stage of internal control process implementation.

Our solution helps members of your organization share information and knowledge, and leverage existing standards and documentation, thanks to a shared repository and collaborative workspace where workflows and business reports ensure full data traceability.

The standard configuration is based on recommendations and best practices developed by leading professional organizations, international standards, and MEGA’s extensive experience in the field of internal controls.Our turnkey solution can also be configured to fit your internal control department’s particular structure and methods.

Our internal control management solution covers the entire internal control system implementation process. The standard configuration offers the following features for each user profile.

Internal control system definition phase: Setting up an internal controls library

Defining the internal control systems – Internal controllers

  • The first-level, second-level, and key internal controls are identified
  • Internal controls are categorized by topic and execution method
  • The objectives for internal controls are established
  • Internal controls are documented

Placing internal controls in the context of the business repository – Internal controllers

  • The solution’s graphical tools are used to associate internal controls with the corresponding business processes and risks
  • Internal controls are grouped according to regulation or standard, like COSO, COBIT, or ISO
  • Internal controls are linked to business units

Internal control execution phase

Internal controllers and business process managers

  • Questionnaires are developed with a checklist for each internal control
  • Execution campaigns are planned (including frequency of execution)
  • Execution results are consolidated into reports and tracked

Evaluation phase: Carrying out assessment campaigns and testing internal controls

Carrying out assessment and self-assessment campaigns – Internal controllers

  • Assessment questionnaires are developed from standard templates and lists of questions that can be tailored to suit a given business unit’s structure, operations, and geographic reach
  • Assessment campaigns are planned, carried out, and tracked through workflows
  • An alert engine automatically sends out campaign reminders
  • Results are automatically consolidated into summary reports

Testing internal controls − Business process managers

  • Annual and multi-year internal control testing plans are developed, and internal control testing assignments are outlined based on the testing scope, testers, and recurrences
  • Internal control testing assignments are planned and carried out with automatic alerts sent out through a workflow
  • Work programs are developed by topic
  • An automated process is set up for internal control testing samples
  • Results are automatically consolidated into summary reports

Remediation phase: Managing deficiencies and implementing action plans

Identifying and analyzing deficiencies – Internal controllers

  • Deficiencies are identified and qualified either directly in the solution or using internal control assessment questionnaires
  • Deficiencies are then categorized and analyzed according to their origin, causes, and impacts through reports and consolidated views

Implementing and tracking action plans – Business process managers

  • Action plans and the corresponding deadlines are established and assigned to specific people through a workflow
  • Progress on action plans is tracked through reports and automatic reminders

Benefits

Today’s internal control departments must strike the right balance between risk exposure and business profitability, while complying with complex regulations and working closely with internal audit departments to optimize business processes.

Our internal control management solution helps internal control departments identify, implement, and assess internal control systems so that your organization can:

Reduce your organization’s risk exposure

With our solution, you are aware of your exact residual risk exposure at any time thanks to continuous monitoring and effective self-assessment of internal controls. Action plans are immediately triggered when a target risk exposure crosses a threshold set by your risk management department. This means you keep a constant handle on your organization’s risk exposure.

Ensure regulatory compliance

Our solution stores all assessments and tests carried out on each of your organization’s internal controls, along with the relevant supporting documentation. This ensures traceability and transparency of information on your internal control system – essential for demonstrating compliance to regulators.

Measure and improve business process performance

Many different types of reports, dashboards, and scoring tools are available with our solution, letting you consolidate data from assessments and self-assessments into easy-to-use formats. This helps you measure and track the performance of business processes associated with a given set of internal controls – and pinpoint ways to make the processes more efficient.

Our internal control management solution is powered by HOPEX, our signature platform integrating all MEGA enterprise governance software. That means you get greater synergies and collaborative efforts among departments, as well as a clear, shared view of key information about your organization.
As part of our corporate governance offering, our internal control solution gives your internal controllers an enterprise-wide governance framework and your top executives a 360° view of your operations.

Customers

Read what our customers have to say about working with MEGA on their internal control management projects: