Successful organizations that adopt risk management and compliance disciplines use an Internal Control System to define risks and controls for their business processes. This article focuses on one aspect of implementation: how to automatically schedule internal controls, based on a custom risks and controls framework.
Like business process management, risk management is principally a broad management discipline that can be applied in almost any industry. In practice, drivers such as compliance regulations, have led to risk management becoming more mature in specific industries, such as banking and insurance.
A key technique in risk management implementation is to develop a risks and controls framework that identifies risks and the associated controls that address those risks. Each control corresponds to a task that addresses the risk associated with the control. These tasks are part of the work of risk management: checking whether risks have materialized and deciding whether to take corrective action.
Control tasks are often repeated periodically as part of an ongoing risk management process. In this approach, each control defines a frequency for these checks. The result of this is an Internal Control System that defines a control process as well as a set of controls to perform.
Organizations that use anto manage risk typically perform three related activities:
A risks and controls framework is the core of an Internal Control System and includes a risk register or list of identified risks. When you model business processes, you can use business process models to identify and indicate where and when risks occur. The next level of detail is to identify internal controls for each risk.
Internal controls define the periodic tasks for identifying and handling risks. Each control typically refers to the risk it helps manage. In an Internal Control System, each control includes several additional attributes:
In practice, you need software tools to manage this information, and to actually schedule the controls in a way that makes it possible to keep track of which controls have been performed.
Software tools likehelp you manage risks and controls definitions. You can define custom attributes and link risk, controls, and process models. This combination of a defined framework and software tools that capture these definitions makes it possible to maintain a single, up-to-date risks and controls framework for the organization. The next step is workflow automation.
A well-managed Internal Control System defines controls and relates them to identified risks, but doesn’t do anything by itself. The benefits come from actually applying the controls. For recurring monthly controls, this means scheduling tasks for employees.
Scheduling internal control tasks manually is error-prone and time-consuming, which is why successful organizations automate scheduling. You can use workflow automation to automatically schedule internal controls as follows.
This automated approach makes the process more reliable, and reduces the cost of scheduling, not least because. As well as the direct benefits of automation, delivers another important benefit: management visibility.
When you automatically schedule internal controls using workflow automation, the software’s reporting capabilities give managers the information they need to do their jobs. These reports summarize current and past control cases, such as:
Most importantly, flexible reporting allows risk managers to choose their own feedback mechanisms. This feedback is vital input for improvements to the underlying Internal Control System and overall risk management approach.
Risk management is a fundamental management technique in all organizations, but not every organization successfully drills down via an Internal Control System to the benefits of automated controls. Signavio’smakes this possible, using to automatically schedule internal controls. Try it for yourself! Register for our .