Internal Control is now extended with Enterprise Risk Management
We have now finalized the development of our second version of CN Internal Control supporting the digitalization of the internal control process. In the first version of CN Internal Control (IC) the key focus was basically to deliver a strong platform from where companies could make the control process more focused, better documented and dynamic.
Now we are introducing Enterprise Risk Management as an enlargement of CN Internal Control. This new module is designed to define and document the company’s overall risks to be mitigated and monitored throughout the year. Enterprise Risk Management provides an enterprise-wide perspective on the present risk situation measured against both the likelihood and severity of the actual risk coming into play.
To run an enterprise risk management process and to enable continuous risk assessments it is critical to ground the effort on data related to points in the organisation where the risk is concrete. Through either a top down approach or a bottom up approach there should be a link between the enterprise risks defined and controls being executed throughout the organisation.
CN Internal Control as an interactive management tool
To make CN Internal Control an interactive management tool, we have now integrated Enterprise Risk Management with the actual controls being conducted. This means that you at any time can list your company’s key enterprise risks and monitor the ability to mitigate the risk through the control process.
Hereunder are some examples of enterprise risks to be monitored:
- Liquidity – potential that entity will be unable to acquire the cash required to meet short or intermediate-term obligations.
- IT Security – security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.
- Outsourcing – third-party relationships increase the exposure of organizations to new risks and potential compliance failures that may result in fines, lawsuits, or reputational damage.
- Tax Compliance – as tax compliance becomes increasingly complex and heavily monitored we as an organisation must be at the forefront of changes to manage the obligations strategically.
IC extended to enterprise risk management
Enterprise risk is the exposure a company or organization must factor to mitigate the potential of incidents lowering profits or leading it to fail. If you have been following our communication around the Internal Control functionality, you will have noticed that our focus has been on optimizing the process of internal controls.
Now we are implementing an overall layer to the controls defining the company’s corporate risks, with a clear description of why a specific risk is a threat to the company’s operation and what the audit objectives would be. The audit objectives will be the guideline of which controls are relevant to be developed or adopted to mitigate the overall risk.
The key functionality in Enterprise Risk Management (ERM) is the ability to link the actual controls to be executed mitigating the corporate risk. Therefore, when a risk is linked to multiple controls, the ERM module will accumulate the execution of the controls providing you with a traffic light indicator and actual percentage of to what extent the (processed & approved) controls linked to mitigate the corporate risk are conducted.
Furthermore, the risks will be categorized in the following standard risk categories; Strategic Risk, Compliance Risk, Operational Risk, Financial Risk or Reputational Risk. You can also choose to define your own categories. To support reporting as well as dashboards views including different trends analysis, the individual risks will have further data defined such as Risk Owner, Severity and Likelihood.
Introducing the risk map
As you can see in the example image provided, Digitalization is a major risk that is likely to happen in your organization. Therefore, looking at the Risk Map you will notice that your Internal Controls relating to Digitalization is not working as they should and you can then immediately report back to the people responsible for that given risk in order to make sure that it will not be neglected.
Follow us on LinkedIn and get instant access to our newest articles and posts about SAP and Compliance.
Interested to learn more….?
We always look forward presenting Internal Control to present customers, possible new customers, partners and network. So, if you want to learn more, have questions or would like to see a live demo of CN Internal Control please contact us.
