Support of the internal control function

Internal control system is one of the key elements of the governance and management system and as such should be tailored to the size and challenges of the organization. 

Assessment of the internal control system and the key components of corporate governance can be used to determine the maturity level of the organization. Our procedures and tools aim to identify existing gaps or inefficiencies and provide recommendations helping our clients to develop the effective internal control and governance systems. Our reviews are tailored to specific clients’ needs and profiles and are based on:

• Internal Control – Integrated Framework (COSO) model published by the Committee of Sponsoring Organizations of the Treadway Commission;
• Best Practice for GPW Listed Companies 2021 (Best Practice 2021; Polish: Dobre Praktyki Spółek Notowanych na GPW 2021).

We support our clients in reviewing their internal processes and perform an analysis of the adequacy and completeness of internal regulations and related internal controls. The aim of the review is to identify gaps, inefficiencies or improvement opportunities and provide recommendations supporting efforts to streamline internal processes.

We can help to prepare process documentation, such as policies and procedures, process maps (flowcharts) and responsibility assignment matrix (so-called RACI / RASCI matrix) for the analyzed processes.

Our multidisciplinary teams support supervisory and management boards in assessing key elements of the company's corporate governance. Our approach combines an analysis of the binding legal framework, incl. soft laws specific for a given sector or market, together with an assessment of the systems and processes in-place, which can help to develop sound corporate governance structure.

We can help to develop key corporate regulations such as:

• regulations of the management board, supervisory board or its committees, e.g. audit committee or risk management committee,
• organizational structure, incl. responsibilities and duties of the key corporate functions,
• rules regarding representation granting powers of attorney,
• decision and authorization matrices for the key business processes,
• audit firm selection policy and the policy on permitted non-audit services performed by the audit firm.

The reliance of proper flow of the business processes upon IT systems highlights the risks arising from the lack of proper oversight and segregation of duties (SoD) in terms of accessing them. Granting employees with excessive system access rights, inadequate to their business roles and assigned duties, may result in increased risk of error or even fraud. 

We support our clients in:

• identifying and analyzing existing segregation of duties (SoD) conflicts within a process or function, including suggesting actions aiming to eliminate or reduce the resulting risks,
• development and improvement of the SoD conflict matrix and internal regulations, including policies, considering granting access rights and segregation of duties.

Our professionals work closely with our clients to support them in implementing and testing internal controls over financial reporting (ICoFR), by offering the following services:

• readiness assessments to determine the level of compliance with Sarbanes-Oxley Act Section 404 (US SOX) and other related regulations (Euro-SOX, J-SOX),
• documentation and testing assistance for the management to support their assessment of the organization’s internal control system, including support in completing tests of design and implementation of controls as well as tests of effectiveness of the internal controls.

We support our clients in conducting audits in areas such as royalties, licensing, distribution agreements, advertising, digital content and more. We analyze the complexities and nuances of a range of business contracts, processes and procedures in order to help companies recover revenue misstated in self-reporting statements while maintaining and improving relationships with their business partners.