top of page
pexels-photo-6693646.jpeg

Internal controls
review (ICR)

01.

01.

​

The framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as "a process effected by an entity's Board of Directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories 

​

 *Effectiveness and efficiency of operations;

 *Reliability of financial reporting

 *Compliance with applicable laws and regulations

​

ICR is an overall assessment of the internal control system and its adequacy of each business area in an organization to address the relevant risks. Through control review, an organization's resources are directed, monitored, and measured in an effective manner. It plays an important role in protecting the organization's tangible and intangible resources. We determine the effectiveness of companies control environment through performing walkthroughs of organizations controls matrices, Segregation of duties, controls to safeguard their assets, authorization and approval processes etc.

​

02.

​

What typically happens during an internal controls review:

Planning and Scoping: The review begins with planning and scoping activities to determine the objectives, scope, and methodology of the review. This may involve identifying key business processes, risks, and control objectives to be assessed.

Documentation Review: The internal controls review entails reviewing documentation related to the organization's internal controls, such as policies, procedures, manuals, and other relevant documentation. This helps gain an understanding of the control environment and identify areas for further evaluation.

Risk Assessment: We assesses the organization's risk profile and identifies key risks that could impact the achievement of business objectives. This may involve analyzing historical data, conducting interviews with key personnel, and assessing the adequacy of existing controls to mitigate identified risks.

Testing and Evaluation: We perform tests of internal controls to evaluate their design and operating effectiveness. This may include walkthroughs, observations, inquiry, and testing of transactions to determine whether controls are operating as intended and effectively mitigating risks.

Findings and Recommendations: Based on the results of testing and evaluation, wer identify any deficiencies or weaknesses in the internal controls system and provide recommendations for improvement. Findings may be categorized by severity and prioritized based on the level of risk they pose to the organization.

Reporting: The findings and recommendations are documented in a report, which is typically communicated to management and stakeholders. The report may include an executive summary, detailed descriptions of findings, recommendations for remediation, and management responses or action plans.

Follow-Up: After the internal controls review, management is responsible for implementing corrective actions to address identified deficiencies and strengthen the internal controls environment. The internal controls auditor may follow up to ensure that remediation efforts are effective and that recommendations are implemented in a timely manner.

bottom of page