Business, Project management, Transformation

Internal control system – why?

November 22, 2021 by Anja Fritsch No Comments
In our projects we are constantly confronted with the question of what an internal control system (ICS) is and where it is used. This article provides a brief explanation. An ICS is required to monitor and control all legal and regulatory requirements.

These controls are subject to verification requirements and are therefore mandatory for all companies. If no such system is in place in the event of damage, the company faces heavy fines. These are specified in Sections 30 and 130 of the German Administrative Offenses Act (OWiG). These internal controls usually involve a lot of manual work. In addition, business processes should ideally be geared to the regulators and requirements of the companies. This makes it increasingly difficult for an ICS to ensure the necessary monitoring and security.

One proposed solution is a risk control matrix. This matrix shows all process-oriented control measures required for analysis and evaluation. Essential components of this matrix are the description of the control objectives, the implementation of controls, and the expected risks. In addition, it is important to note which compliance measures are in place and who is responsible for them.

An ICS does not necessarily have to be mapped using special software. There are still some companies that work with Excel. All data is entered into an Excel file. The advantage lies not only in the ease of use but also in the familiarity of the program. However, in this case, the disadvantages outweigh the advantages. In particular, transparency and data quality are very low in this case. Access can only be granted to the entire file and not to individual processes. It is also impossible to work on different processes in parallel. In addition, there is the high maintenance effort and the lack of workflows.

With an ICS, on the other hand, responsible persons and authorized users can be stored. In addition, the logging records who changed what and when. In the event of an error, an older version can thus be easily accessed.

In this context, the term digital transformationcomes up again and again. Based on the ICS tasks already mentioned, it is clear that digital transformation and process automation play a very important role. Agile methods such as SCRUM make it possible to actively accompany changes and develop a successful company-wide digitization strategy. An ICS should offer quick adaptation options in order to meet new compliance requirements. These aspects apply to many software providers. Depending on the company, one system or another may be more suitable. We cannot therefore give a general recommendation at this point.

 

 

Share: