An effective internal control system should correspond with the size of the organization and the challenges it is facing. We support our clients in elevating their internal control systems, designing appropriate controls and perform reviews of the internal processes in order to identify improvement opportunities.
What is Internal Control and why is it so important?
Internal control is any action that helps to protect the organization from the effects of undesirable events, detects them and allows them to be appropriately corrected. Internal controls may include, in particular, internal policies and operating procedures, used tools and IT applications, implemented both at the entity and process levels.
Internal Control challenges
Internal control system is one of the key elements of the governance and management system and as such should be tailored to the size and challenges of the organization.
An effective internal control system:
1 Supports achievement of strategic objectives and operational targets.
2 Ensures that policies, procedures, processes, tasks and other aspects of the organization's operations, facilitate in an effective and efficient way meeting of its operational goals.
3 Helps to ensure the quality of internal and external reporting.
4 Is compliant with applicable laws and regulations.
5 Reduces exposure to the risk of fraud.
6 Adequately responds to identified material risks that threaten business objectives.
Benefits from introducing support for internal control function
Improved structure of management, operational and supporting processes
Internal controls aligned to exposures to the major risks
In-depth knowledge of the internal control system for the purpose of supervisory board and audit committee reporting
KPMG internal control advisory services
We support our clients in evaluation of their internal control systems, designing internal controls aligned with the organizations’ profiles, size and objectives and perform reviews of internal process in order to identify improvement opportunities.
Evaluation of corporate governance and internal control system
Assessment of the internal control system and the key components of corporate governance can be used to determine the maturity level of the organization. Our procedures and tools aim to identify existing gaps or inefficiencies and provide recommendations helping our clients to develop the effective internal control and governance systems. Our reviews are tailored to specific clients’ needs and profiles and are based on:
- Internal Control – Integrated Framework (COSO) model published by the Committee of Sponsoring Organizations of the Treadway Commission;
- Best Practice for GPW Listed Companies 2021 (Best Practice 2021; Polish: Dobre Praktyki Spółek Notowanych na GPW 2021).
Business process reviews and mapping
We support our clients in reviewing their internal processes and perform an analysis of the adequacy and completeness of internal regulations and related internal controls. The aim of the review is to identify gaps, inefficiencies or improvement opportunities and provide recommendations supporting efforts to streamline internal processes.
We can help to prepare process documentation, such as policies and procedures, process maps (flowcharts) and responsibility assignment matrix (so-called RACI / RASCI matrix) for the analyzed processes.
Development of corporate governance regulations
Our multidisciplinary teams support supervisory and management boards in assessing key elements of the company's corporate governance. Our approach combines an analysis of the binding legal framework, incl. soft laws specific for a given sector or market, together with an assessment of the systems and processes in-place, which can help to develop sound corporate governance structure.
We can help to develop key corporate regulations such as:
- regulations of the management board, supervisory board or its committees, e.g. audit committee or risk management committee,
- organizational structure, incl. responsibilities and duties of the key corporate functions,
- rules regarding representation granting powers of attorney,
- decision and authorization matrices for the key business processes,
- audit firm selection policy and the policy on permitted non-audit services performed by the audit firm.
Segregation of duties analysis (SOD conflicts)
The reliance of proper flow of the business processes upon IT systems highlights the risks arising from the lack of proper oversight and segregation of duties (SoD) in terms of accessing them. Granting employees with excessive system access rights, inadequate to their business roles and assigned duties, may result in increased risk of error or even fraud.
We support our clients in:
- identifying and analyzing existing segregation of duties (SoD) conflicts within a process or function, including suggesting actions aiming to eliminate or reduce the resulting risks,
- development and improvement of the SoD conflict matrix and internal regulations, including policies, considering granting access rights and segregation of duties.
Support in conducting tests of controls over financial reporting (ICoFR, SOX)
Our professionals work closely with our clients to support them in implementing and testing internal controls over financial reporting (ICoFR), by offering the following services:
- readiness assessments to determine the level of compliance with Sarbanes-Oxley Act Section 404 (US SOX) and other related regulations (Euro-SOX, J-SOX),
- documentation and testing assistance for the management to support their assessment of the organization’s internal control system, including support in completing tests of design and implementation of controls as well as tests of effectiveness of the internal controls.
Contract compliance services
We support our clients in conducting audits in areas such as royalties, licensing, distribution agreements, advertising, digital content and more. We analyze the complexities and nuances of a range of business contracts, processes and procedures in order to help companies recover revenue misstated in self-reporting statements while maintaining and improving relationships with their business partners.
Related services
Submit request for proposal (RFP)
Learn more about how KPMG knowledge and technology can help your business.
Click to start