This report compiles and analyzes the findings, characterized by shared themes and emerging trends. The study presents a collection of successful practices upon which readers can draw to fashion the approaches that are truly "best" in their own organization. Groundwork for the research of this project was laid by Internal Control — Integrated Framework by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and to a lesser extent, by Guidance on Control by the Criteria of Control Board of the Canadian Institute of Chartered Accountants (CoCo). Offering a conceptual framework, both were considered control models in this best practices report.
Exactly what is internal control and why does your organization need it? According to the Framework, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
More and more, internal control is looked upon as a solution to any number of potential problems. This extensive report gives you the information and perspective you need to design or enhance your own model. After a detailed introduction, several chapters are devoted to case histories or organizations with comprehensive integrated sets of practices and a track record of success. The remaining chapters focus on selected practices deemed to be innovative and capable of adding significant value to their organizations, representative of the most common practices observed, and relatively easy to understand and use as a model.
While diverse, the practices share these common components:
(1) a strong element of self-assessment;
(2) risk assessment thought process.
Many of the respondents said that the greatest benefit was improvement in the controlling process itself, as the "owners" of control understand and accept their responsibility more fully than ever before. Finally, the auditors who evaluated soft controls were met with less resistance than expected. Soft controls may be defined as people's integrity and ethical values; organizational commitment to competence; management's philosophy and operating style; management's understanding and management of risk; and communication.
The result: They found the credibility and stature of the internal audit department significantly improved. Consider the challenge in implementing your own best practices from reading this definitive research.