Use Case: Internal Controls System

Alyne provides tailored Control Sets for both Internal Controls System and an Enterprise Risk Management to help organisations confidently achieve good corporate governance and to quickly assess levels of maturity.

Introduction

Good governance of an enterprise has two core tools at its disposal - an Internal Controls System (ICS) and an Enterprise Risk Management (ERM) System. Ideally these two systems are also fully integrated - creating a Plan-Do-Check-Act (PDCA) cycle for corporate governance. These requirements are not new for most enterprises, however the solutions in place may be approaching the end of their life cycles with many emerging new requirements. Many Alyne customers leverage our Software as a Service (SaaS) both for ICS and ERM use cases and we have observed some common challenges and success factors. 

Common Challenges

  • Extensive Control Framework
    Many organisations manage control frameworks with hundreds or even thousands of controls making it essentially unmanageable. Multiple iterations with many stakeholders created a framework with high redundancy on various levels of detail. This will fail both in management cost and control effectiveness.
     
  • Abstract Controls
    Taking standards, laws and regulations and generating controls based on abstract requirements often create abstract controls that do not provide sufficient guidance to the organisation.

  • Low Awareness
    Especially corporate governance related frameworks may suffer from the “ivory tower syndrome” in which only a small group of people are aware of the controls and fail to gain traction and awareness in the organisation. Broadening the audience is essential for the ICS to be effective. 

Success Factors

  • M-A-U-S Controls
    Define your controls to be Measurable (evidence can quantify effectiveness), Atomic (only defines one aspect), Understandable (written in language understood by recipients) and  Specific (defines a clear rule).

  • Targeted Control Set
    Define your set of controls to achieve a specific objective such as comply with certain standards or reduce fraud potential in process X. Be clear about the objective and do not simply add controls for completeness sake.

  • Consolidate Governance
    Especially with corporate governance it is important to gain synergies from other control frameworks such as IT governance, ISMS, data privacy, sustainability and others in order to avoid duplication of effort for the business.
ZurückWeiter
Karl Viertel

Related Posts

Blog thumbnail

SOX Compliance – Background, Requirements and Facilitating Technology

After some of the worst accounting scandals in history, the United States Congress passed the Sarbanes-Oxley Act (SOX) in 2002. In this article, we will discuss the background of SOX, the requirements of internal controls mentioned in Section 404 of the Act, and how compliance technology can facilitate a more efficient and agile process.
Blog thumbnail

IT Vendor Management - Zentrales Management und Risikosteuerung

Im Zuge von Digitalisierung, Automatisierung und Kostenreduzierung werden IT-Dienstleistungen ausgelagert. Daraus erwächst die Frage: Wie können Lieferanten und einhergehende Lieferantenrisiken angemessen gesteuert werden? Dieser Artikel befasst sich mit den Verpflichtungen, denen Organisationen beim Management von Dienstleistern Dienstleistungen gegenüberstehen. Und den Funktionalitäten mittels derer Vendormanagement-Prozesse in Alyne transparenter, kollaborativer und effizienter gestaltet werden können - alles innerhalb einer Plattform.
Blog thumbnail

Alyne RegTech Partnerships - Lessons Learned to Take into 2021

Alyne's Partnership program has developed significantly over the course of the last few years. 2020 proved to be a successful testing and learning experience for Alyne and our partners. It was a year for sense-checking and putting in place structure and strategy for our partnerships that can scale with Alyne and our ambitious global growth plans for 2021 and beyond.