Home / / Internal controls can help meet business goals, says ISACA

Internal controls can help meet business goals, says ISACA

IT and business control policies can not only minimize risk but help create value, according to report

Internal controls can help meet business goals, says ISACA
Process controls like COBIT 5 can ensure that businesses achieve goals and minimize risk, according to ISACA.

Internal control policies can help companies to get value from their business processes, as well as minimizing business risk, according to a new report from ISACA.

The IT industry association has published a new report that illustrates how proper internal controls such as COBIT 5 can ensure that organisations define and achieve their goals, as well as manage their risk exposure.

The white paper, titled ‘Internal Control Using COBIT 5', assesses the role internal control can play in a well-run enterprise and contends that internal control often is misunderstood in the business world.

"Some enterprises see implementing internal controls as cumbersome, but with a properly executed, business-oriented internal control framework, they will have a clear path to achieving desirable outcomes and mitigating damaging consequences," said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, chair of ISACA's board of directors and group director of information security for INTRALOT.

"Effective internal control can keep business units from unintentionally undermining each other's objectives," said Dimitriadis. "Without a mechanism for central oversight, decisions made at the individual business-unit level might counteract or adversely impact other areas. This is the essence of internal control: to provide that oversight and the holistic viewpoint."

ISACA defines internal controls as "the policies, procedures, practices and organisational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected." In a business context, control typically refers to how activities are monitored and directed.

The paper describes a well-designed internal control environment as one ensuring that resources are used appropriately, legal compliance occurs, and financial information and reporting are reliable. Enterprises are encouraged to use internal controls as a mechanism to be certain that value is created from an array of practice areas covering functions such as IT, enterprise risk management and finance. Multiple layers within an organisation are encouraged to share ownership of the process.

COBIT 5-a business framework for the governance and management of enterprise IT -identifies systematic goal-setting as a key aspect of establishing a well-designed internal control environment. COBIT 5 pinpoints seven enablers that help enterprises accomplish their internal control goals and deliver value to stakeholders:

  1. Principles, policies and frameworks

  2. Processes

  3. Organisational structures

  4. Culture, ethics and behavior

  5. Information

  6. Services, infrastructure and applications

  7. People, skills and competencies

COBIT 5 also supplies guidance about selecting controls that fit the goals of an organization. The process of determining control selection consists of three phases - identifying goals, determining opportunity/risk gaps and defining coverage. Once specific controls addressing the gaps have been identified, enterprises benefit from establishing a budget, success metrics and other factors that assist implementation.

According to the white paper, enterprises must regularly assess their internal control framework. Changing technologies, evolving business processes and updates to organisational structure dictate that internal control must be adaptable over time.

Follow us to get the most comprehensive IT solutions delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.