Introduction of Internal Control Structures

Introduction of internal control structures (internal control system) or effectiveness checks of existing internal control structures and systems

An internal control system (ICS) is an essential accompanying measure to the internal audit to ensure the conformity and cost-effectiveness of business processes, the safeguarding of corporate assets, and the maintenance of in-house guidelines. The most widely known approach to an ICS is the COSO model.

Even though a formalized ICS is not a must for companies, it is generally acknowledged that an effective ICS sustainably mitigates risks and provides a good basis for documentation to analyze identified deviances in the follow up.

Even though many companies follow certain similar business processes which means that the controls can be adapted across the entire company, we recommend each client to individualize their ICS according to their risk profile and business model. Using a templated ICS standard often shows up lack of effectiveness of some controls. Given that every company, even within the same sector, has its own individual organizational and procedural peculiarities, these need to be considered when putting in place an ICS. Even in business units of the same company, it may be necessary to adapt control structures.

Murat Üranüz
CEO

+41 44 585 35 55
mail@equia-ag.ch

Contact us

Our Services

  • Designing an ICS catering to your specific needs

  • Effectiveness checks of your existing ICS structures including “Design Check”

Designing an ICS catering to your specific needs

equia helps you to build up formalized ICS structures that take into consideration your company’s individual needs. We take the time to get to know your company and your people so that we can clearly understand the specific needs and reflect these in the design of the ICS. We decide together with you, which topics veer from the usual standard and that the ICS should focus on (e.g. fraud and corruption prevention, adherence to compliance requirements, complex business processes) and design the appropriate control activities.

The definition or description of the control represents the design and is elementary, since its purpose is the management or avoidance of a certain risk. equia’s cross-functional process know-how, and the wealth of experience garnered from conducting many internal investigations and auditing activities, as well as our expertise in identifying corporate risk guarantees that we design your corporate controls in a way that sustainably mitigates the inherent risks of a business process.

Effectiveness checks of your existing ICS structures including “Design Check”

The effectiveness of internal controls is only guaranteed if followed as described in terms of frequency, accountability, documentation etc. and is appropriate to mitigate the inherent risk. Even the tiniest deviation could result in a supposedly ideal control losing its effectiveness, and thereby, its effect on the operative business.

To tackle exactly such situations, equia offers its clients an option to just check existing ICS structures to judge their effectiveness. We do this in a two-pronged approach, first analysing each control description to judge if it is effective enough to adequately manage the associated risks (“Design Check”). Where this is not so, an immediate correction of the control description is required. In such cases, an audit of operational controls becomes redundant, as it will anyway fail in terms of effectiveness and thus impact.

Even for those control descriptions that appear appropriate in the so-called Design Check, we test their operative effectiveness. Where the control description includes management testings, these are analyzed and validated for conformity. equia additionally conducts independent tests on a sample basis, comparing the results with those of management testing. Deviations are documented with supporting documents at the control level. For you as a client, this means that the evaluation of each individual control is independently verifiable.

The results from our effectiveness tests are presented to you in the form of a report where we also make recommendations on how to optimize the efficiency and effectiveness of specific controls thereby leading to the overall improvement of the ICS.

Get in touch with us!

Questions about our consulting services? Want to discuss a specific case? Contact us!