4 Key Findings from the Internal Control Management by Design Workshop

Internal control management has become a critical foundation for corporate governance, risk management, and compliance (GRC). Recently, Workiva sponsored several full-day workshops, led by internal controls expert Michael Rasmussen of GRC 20/20 Research, LLC. The agenda focused on effective internal control management techniques that can be applied across the organization as part of broader GRC strategies.

Here are four of the top takeaways from the Internal Control Management by Design Workshops.

1. It is time to accept change as a constant

An ever-changing controls environment. Constant connectedness of information through technology. These are just a few factors that bring greater complexity to the internal audit function. With questions of ownership, accuracy, and accessibility on the rise, today's teams need to maintain a consistent and detailed record of changes for internal controls.

2. The current controls environment is all about balance

Attendees generally agreed that consistency is one of the primary challenges of the current environment. Consistency comes from finding the right balance across many areas, including:

• Internal (i.e., controls and business processes) and external environments (such as regulatory changes and agency pressures)
• Internal and external audit
• Identifying risks and demonstrating confidence in the control-risk alignment
• Key controls focus vs. other controls
• Automation and the human element

3. Controls would benefit from a centralized environment

Internal controls is moving from a decentralized to centralized approach. It is important to note that centralizing is not just about the process, but also resources. Teams are looking for more ways to effectively share information across departments in order to be more efficient and accountable.

4. There is no "more of the same"

The ever-changing controls environment is a challenge for compliance professionals today, and it appears it will continue well into the future. Attendees discussed emerging regulatory trends on the edges of the market, including General Data Protection Regulation (GDPR), cyberrisk, and continued pressure from the PCAOB.

Overall, the workshop series acknowledged that today's internal audit environment is becoming increasingly complex. Centralizing processes, data—especially that which may be redundant across teams—and resources are key to creating a repeatable, sustainable solution that can respond to the demands of today's controls environment. The right risk management technology enables teams to connect data and information, maintain a detailed record of documentation, and engage stakeholders.

For future educational opportunities, check out our schedule of events, which includes upcoming SOX and internal control workshops.