Operational risk management

Easily identify, measure, control and monitor the operational risks of your organization→


security risks

Ensures the confidentiality, integrity and availability of your information assets →



Keep track of all regulations and regulations that your organization must comply with →


Anti-Money Laundering

Easily identify, establish controls, and monitor AML risks→



Improve your internal audit processes, support regulatory compliance, and generate value for your organization through continuous improvement →

What will you learn? Learn with our experts about critical topics on Risk Management that will be useful in your daily work.

Piraní Academy

How to carry out the evaluation of the internal control system

written by Maria Camila Arévalo, On September 09, 2020

Within risk management, having an internal control system is something fundamental that all organizations should have. This process must be led by senior management or board of directors and those responsible for each area, in order to provide security for the fulfillment of the objectives, but above all for the efficiency of the processes, the reliability of financial information and compliance. of legal requirements.

It should be noted that effective internal control depends on good organization. Reducing the level of errors and threats helps the objectives of the control system to be fulfilled correctly as mentioned above.

In the following article we will give you some tips that you should take into account to carry out a correct evaluation of internal control.

What is the internal control?

The internal control environment is the environment that influences the members of an organization and the control of their activities. This environment is the basis of corporate risk management, as it provides discipline and structure, in addition, it impacts all components of risk management.

This is composed of plans, methods, principles, standards, procedures and mechanisms that are responsible for verifying and evaluating all the operations carried out by the company, also identifying how the information and resources of the company are stored. itself and if this meets the objectives of the company.

It is here where the company decides to establish the methodology that seeks to protect the organization and its reputation, in order to prevent any type of risk that could endanger the company or prevent the fulfillment of the objectives.

It must be borne in mind that this is a task that involves all company personnel.

Methodology that can be applied

  • Know in depth the processes carried out by the company for its usual development.
  • Identification of the irregularities that are occurring.
  • Investigate how the current operation of internal controls is and how these influence the financial information and general information of the company.
  • Identify if a failure in one of these controls can affect the operations of the company.
  • Definition of the purposes of the controls.
  • Carry out tests to determine if the controls are working properly.
  • Evaluation of the effectiveness of the controls.
  • If deficiencies are found, work to improve or propose new controls.

Activities that can be implemented for the evaluation of controls


General Review

In this stage, a general identification is sought through documents, interviews, meetings of managers or persons in charge to know in detail how the control system is planned.

Detailed review

Here we seek to identify more in-depth information through organizational manuals, procedures, inspections and more direct interviews with those responsible in order to know how each of the established controls works.

Preliminary evaluation

Verify if the controls proposed are adequate and the expected effect is emerging and if so, be able to make improvements or changes to obtain the expected results.

Advantages of evaluating internal control

  • Protects the resources and processes of the company in order that the necessary processes are implemented to mitigate the risks that may appear.
  • It seeks that the operations are effective and efficient through the execution of functions that are already established to guarantee the correct functioning of the company.
  • It focuses on all the activities carried out being focused on the fulfillment of organizational objectives.
  • It allows the adequate controls, monitoring and evaluation of risk management to be carried out.
  • It gives the possibility to define strategies focused on risk prevention and in turn to identify and correct the threats that make the company present.
Money Laundering and Terrorism Financing Prevention Manual
Try Pirani For FREE NOW
Download a free Excel Risk Matrix Template
Free e-book Prevention & Correction of Human Error For Risk Management

Leave us your comments