What is the internal control?
Knowledge building with GBTEC

The Internal Control

The internal control consists of the necessary processes to detect risks that are potentially harmful to an organization and to avoid them by adhering to a compelling framework. Embedding the internal control in an organization is fundamental for compliance with internationally applicable regulations (e.g. COSO framework) or national procedures (e.g. MaRisk in Germany).


ics software

The internal control cycle

The internal control cycle describes the six stages which are used by the internal control of an organization in order to review the measures of governance, risk management and compliance. Furthermore, it is the basis to initiate improvement measures. The tasks, competencies and responsibilities for the process participants are transparently defined for each individual stage. The first stage of the internal control is the (1) scoring, where the processes of an organization are identified and delimited. The objective of the scoring is to qualitatively and quantitatively evaluate processes based on their possible effects and to set review rhythms. This is followed by the (2) risk-control-identification, where a risk control matrix is established to make sure all process risks are covered with key controls. With the (3) control-design-assessment, the internal control examines the adequacy of the key controls, i.e. whether a defined control is suitable for reducing or averting the corresponding process risk. During the (4) testing stage, the internal control determines whether a control is feasible, reasonable and effective according to the pre-defined specifications. The (5) measures for optimization can be derived from previous steps. Both the effectiveness and adequacy of controls are critically reviewed and optimization requirements are defined so that controls can withstand future examination. With the (6) re-testing previous tests are repeated to ensure improved effectiveness and adequacy. Since the processes of an organization are subject to constant change, an effective internal control must regularly re-start with the scoring and run through the whole cycle again.

COSO framework - the standard for internal controls

The COSO Framework (Commitee of Sponsoring Organizations of the Treadway Commission) forms the basis for internal controls in organizations. This internationally recognized framework describes the governance of financial reporting. Compliance with the COSO guidelines, verifying the effectiveness of a company‘s financial reporting, is required by law in many countries around the world (e.g. SOX in the United States). The current "Enterprise Risk Management" framework contains the following elements: Governance & Culture, Strategy & Objectives, Performance, Control & Revision and Information, Communication & Reporting.

ics internal control system
Source: Committee of Sponsoring organizations of the treadway commission, 2017 Enterprise Risk Management – Integrated Framework

A secure basis for the internal revision

Audits and control measures of the internal revision aim at a continual improvement of business processes, making them more transparent as well as defining preventing actions against malicious acts. With the internal control as a basis, the internal revision organizes its workflows in accordance with the relevant guidelines (e.g. MaRisk in Germany) and organizational requirements. This way, the internal revision gains an overview of critical business areas as well as infrastructures and can consistently pass through the compliant and targeted controls.

With BIC Platform, organizations automate their internal controls

Internal controls benefit from the documentation of all relevant content and coherences in a central, common location in BIC Platform. Risks, controls and responsibilities are directly incorporated into the process. In addition, the IT architecture, the organizational structure and the risk structure can easily be modeled and requirements derived.

The governance, risk and compliance module BIC GRC contains predefined rules for workflows of the internal control, which run according to desired specifications. In BIC GRC, managers, revisors and auditors are being informed about upcoming workflows. At that, the tool covers the entire cycle: Identification of risks and controls, execution of controls, tests of design and effectiveness as well as action management.

A comprehensive dashboard for automatic monitoring of the current risk situation, including measure tracking, rounds off the functionality of the software. With integrated reports and detailed documentation, organizations always gain an overview of all risks and controls within the company. The software supports the continuous improvement process (CIP). Moreover, the internal revision benefits from real-time data for audits and gathers optimization potential directly in the system.

With BIC GRC to an automated, internal control.
Find out more about BIC GRC now!

The combination of modern technology, intuitive user interface and fast implementation makes working with BIC GRC so easy. Automated GRC processes ensure a functioning internal control that protects you from threats and ensures compliance. Want to learn more about BIC GRC? No problem!

Corporate Governance Icon

Governance, Risk and Compliance
with BIC GRC

Manage the areas Governance, Risk and Compliance centrally in just one tool. With BIC GRC, you can monitor your risks holistically, automatically carry out control measures and comply throughout all of your processes with your compliance requirements.

Discover BIC GRC

Usability Icon

30 days for free

Discover the benefits of a holistic Governance, Risk and Compliance tool in our 30-day free trial. Say goodbye to risk management using Excel and learn how BIC GRC enables efficient and process-based GRC Management within your company.


Do you have
any questions?

Do you have any questions about our products or services? Our experts will gladly assist you and look forward to your request.