Operational risk management

Easily identify, measure, control and monitor the operational risks of your organization→


security risks

Ensures the confidentiality, integrity and availability of your information assets →



Keep track of all regulations and regulations that your organization must comply with →


Anti-Money Laundering

Easily identify, establish controls, and monitor AML risks→



Improve your internal audit processes, support regulatory compliance, and generate value for your organization through continuous improvement →

What will you learn? Learn with our experts about critical topics on Risk Management that will be useful in your daily work.

Piraní Academy

What elements should an internal control environment include?

written by Juan Pablo Calle, On October 30, 2019

What elements should an internal control environment include?

The internal control environment is one that influences the members of an organization and the control of its activities. This environment is the baseline of corporate risk management, providing discipline and structure, as well as impacting all components of risk management.

For this control environment to work, the following elements need to be integrated.

Management philosophy

All entities should have a consistent risk management philosophy. This has to do with the assignment of responsibilities that facilitate the fulfillment of the company's objectives and mission. It is also important to establish whether adequate risk management is favored over the search for profitability.

Risk appetite

The institution must determine whether it is willing to expose itself to a high risk in order to achieve its objectives or whether, on the contrary, it opposes it. Before planning or conducting business, the different units of the organization must evaluate the implementation of the processing measures necessary for proper management.

Governing board

It is important to have a governing board that is sensitive and committed to risk management, and which exercises its supervisory functions in a relevant manner. Therefore, the board must have the experience and reputation of decision-making, as well as independence from management.

Integrity and ethical values

Determining ethical and behavioral values allows you to maintain the consistency of the control environment. In this regard, entities must ensure that the company's values are binding on all collaborators; that is, that they are extended to all organizational units and related companies. It should also aim to promote socially responsible business and support the trust of stakeholders.

Commitment to skills

The organization must conduct a proper analysis of the skills of its employees and, based on this assessment, focus on improving the knowledge and abilities of the company's human resources.

Organizational structure

It is essential that each entity establishes a structure with clearly defined responsibilities. Therefore, it should have a governing board, management units, an audit committee, a compliance officer, and specialized units to support management.

Assignment of authority and responsibility

The people who are part of the organization must be authorized to do their jobs. Therefore, hierarchical levels are essential to decide and supervise. Thus, decision-making powers will be centralized and decentralized.

Human resource standards

Establishing practices for contracting, guidance, training, coaching and compensation is a fundamental process of the internal control environment. Similarly, entities should determine the mechanisms and rules for sanctioning non-compliance by members of the organization.

Money Laundering and Terrorism Financing Prevention Manual

Try Pirani For FREE NOW
Download a free Excel Risk Matrix Template
Free e-book Prevention & Correction of Human Error For Risk Management

Leave us your comments