The COSO framework defines Internal Controls as “Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”
Some key principles on controls:
- Controls are designed to mitigate the risks identified and to enhance the governance in the day-to-day operations;
- In the design of controls, it is essential that clear objectives are set in terms of what the control is expected to achieve; and
- The control objectives inform the design of the control and measurements must be in place to test the effectiveness of the controls so designed.
Enablement refers to the environment supporting the achievement of the overall goals and objectives of the organization.
The 3 components of Enablement include:
- People – Having the right people doing the right things in the right way
- Methods and practices – building methods and practices to support efficient and effective ways of doing business within the constraints of a clearly defined performance management and risk framework. Focusing on ‘must have’, rather than ‘nice to have’ principles
- Technology – Finding the right balance in the use of technology to provide and enhance the quality and flow of information to enable better ways of working
Ensuring that these components work together in an integrated way enhances overall performance while at the same time limiting unnecessary costs.
