9.8 - Manage internal controls
PCF ID: 10735 | Elements: 19 | Metrics Available: Y | Benchmarkable: 4
Definition
Administering internal controls. This process requires the organization to manage entity's board of trustees, management, and other personnel in order to offer judicious assurance about the achievement of effectiveness, proficiency of operations, and reliability of financial reporting.
Overview
This process group covers manage internal controls within the broader context of Manage Financial Resources.
Process Hierarchy
Processes
| ID | Process | PCF ID | Sub-elements | Metrics |
|---|---|---|---|---|
| 9.8.1 | Establish internal controls, policies, and procedures | 10762 | 5 | Y |
| 9.8.2 | Operate controls and monitor compliance with internal controls policies and procedures | 10763 | 6 | Y |
| 9.8.3 | Report on internal controls compliance | 10764 | 4 | Y |
9.8.1 - Establish internal controls, policies, and procedures
PCF ID: 10762
Definition: Forming rules and regulations to ensure the achievement of effectiveness, proficiency of operations, and reliability of financial reporting.
| ID | Activity | PCF ID | Tasks | Metrics |
|---|---|---|---|---|
| 9.8.1.1 | Establish board of directors and audit committee | 10914 | 0 | N |
| 9.8.1.2 | Define and communicate code of ethics | 10915 | 0 | N |
| 9.8.1.3 | Assign roles and responsibility for internal controls | 10916 | 0 | N |
| 9.8.1.4 | Define business process objectives and risks | 11250 | 0 | N |
| 9.8.1.5 | Define entity/unit risk tolerances | 11251 | 0 | N |
9.8.1.1 - Establish board of directors and audit committee
Definition: Establishing board of directors and auditing committee in order to assign roles and responsibilities for internal controls.
9.8.1.2 - Define and communicate code of ethics
Definition: Outlining and communicating a code of ethics act responsibly.
9.8.1.3 - Assign roles and responsibility for internal controls
Definition: Defining roles, responsibilities, and accountabilities for effectiveness and proficiency of operations and reliability of financial reporting.
9.8.1.4 - Define business process objectives and risks
Definition: Outlining the objectives and risks associated with a process. Delineate process goals. Determine the risks attached to it. Determine what the process is meant to accomplish, potential issues, a timeline of potential risks, the scope and potential impact of risks, etc.
9.8.1.5 - Define entity/unit risk tolerances
Definition: Outlining the risk tolerance levels of individual units, as well as the organization as a whole. Determine the specific maximum risk to take in quantitative terms for each relevant risk subcategory, including strategic, operational, financial, and compliance risks.
9.8.2 - Operate controls and monitor compliance with internal controls policies and procedures
PCF ID: 10763
Definition: Incorporating planning, management, operations, and monitoring of internal control mechanism policies and procedures in order to manage internal controls. Design and implement control activities. Monitor control effectiveness. Remediate control deficiencies. Create compliance functions. Operate compliance functions. Implement and maintain technologies and tools to enable the internal controls-related activities.
| ID | Activity | PCF ID | Tasks | Metrics |
|---|---|---|---|---|
| 9.8.2.1 | Design and implement control activities | 10917 | 0 | N |
| 9.8.2.2 | Monitor control effectiveness | 10918 | 0 | N |
| 9.8.2.3 | Remediate control deficiencies | 10919 | 0 | N |
| 9.8.2.4 | Create compliance function | 10920 | 0 | N |
| 9.8.2.5 | Operate compliance function | 10921 | 0 | N |
| 9.8.2.6 | Implement and maintain controls-related enabling technologies and tools | 10922 | 0 | N |
9.8.2.1 - Design and implement control activities
Definition: Defining and executing policies, procedures, techniques, and mechanisms and actions taken to minimize risk.
9.8.2.2 - Monitor control effectiveness
Definition: Overseeing the activities for internal controls. Observe the effectiveness of policies, procedures, techniques, and mechanisms actions taken to minimize risk.
9.8.2.3 - Remediate control deficiencies
Definition: Taking corrective measures for policies, procedures, techniques, and mechanisms actions taken to minimize risk. (Conduct in accordance with Monitor control effectiveness [10918] in order to determine and rectify the control deficiencies.)
9.8.2.4 - Create compliance function
Definition: Developing a compliance function for internal controls. Monitor trading activity. Avoid conflicts of interest. Safeguard compliance with guidelines at brokerage houses. Avoid money laundering and potential tax evasion.
9.8.2.5 - Operate compliance function
Definition: Administering operational activities of a compliance function.
9.8.2.6 - Implement and maintain controls-related enabling technologies and tools
Definition: Implementing and maintaining the compliance technological systems or equipment that are control-enabled.
9.8.3 - Report on internal controls compliance
PCF ID: 10764
Definition: Reporting on internal controls compliance to the appropriate authority, including IT regulations and pertinent data.
| ID | Activity | PCF ID | Tasks | Metrics |
|---|---|---|---|---|
| 9.8.3.1 | Report to external auditors | 10923 | 0 | N |
| 9.8.3.2 | Report to regulators, share-/debt-holders, securities exchanges, etc. | 10924 | 0 | N |
| 9.8.3.3 | Report to third parties | 10925 | 0 | N |
| 9.8.3.4 | Report to internal management | 10926 | 0 | N |
9.8.3.1 - Report to external auditors
Definition: Reporting to external auditors. This process requires the organization to report to external auditors about the regulations for any critical data that the organization is holding.
9.8.3.2 - Report to regulators, share-/debt-holders, securities exchanges, etc.
Definition: Reporting to regulators, shareholders, debt holders, securities exchanges, etc. about IT regulations and pertinent data.
9.8.3.3 - Report to third parties
Definition: Reporting to suppliers, customers, and partners that are doing business with the company about IT regulations and pertinent data.
9.8.3.4 - Report to internal management
Definition: Reporting to internal management (all employees, directors, and management) about IT regulations and pertinent data.
Change Summary (v7.2.1 vs v6.1.1)
Changes indicated by:
+XXXXX- New element added-XXXXX- Element removedcXXXXX- Element changedNEW- Newly introduced
Complete Element List with Definitions
All 19 elements
| ID | Name | Definition |
|---|---|---|
| 9.8 | Manage internal controls | Administering internal controls. This process requires the organization to manage entity's board of ... |
| 9.8.1 | Establish internal controls, policies, a... | Forming rules and regulations to ensure the achievement of effectiveness, proficiency of operations,... |
| 9.8.1.1 | Establish board of directors and audit c... | Establishing board of directors and auditing committee in order to assign roles and responsibilities... |
| 9.8.1.2 | Define and communicate code of ethics | Outlining and communicating a code of ethics act responsibly. |
| 9.8.1.3 | Assign roles and responsibility for inte... | Defining roles, responsibilities, and accountabilities for effectiveness and proficiency of operatio... |
| 9.8.1.4 | Define business process objectives and r... | Outlining the objectives and risks associated with a process. Delineate process goals. Determine the... |
| 9.8.1.5 | Define entity/unit risk tolerances | Outlining the risk tolerance levels of individual units, as well as the organization as a whole. Det... |
| 9.8.2 | Operate controls and monitor compliance ... | Incorporating planning, management, operations, and monitoring of internal control mechanism policie... |
| 9.8.2.1 | Design and implement control activities | Defining and executing policies, procedures, techniques, and mechanisms and actions taken to minimiz... |
| 9.8.2.2 | Monitor control effectiveness | Overseeing the activities for internal controls. Observe the effectiveness of policies, procedures, ... |
| 9.8.2.3 | Remediate control deficiencies | Taking corrective measures for policies, procedures, techniques, and mechanisms actions taken to min... |
| 9.8.2.4 | Create compliance function | Developing a compliance function for internal controls. Monitor trading activity. Avoid conflicts of... |
| 9.8.2.5 | Operate compliance function | Administering operational activities of a compliance function. |
| 9.8.2.6 | Implement and maintain controls-related ... | Implementing and maintaining the compliance technological systems or equipment that are control-enab... |
| 9.8.3 | Report on internal controls compliance | Reporting on internal controls compliance to the appropriate authority, including IT regulations and... |
| 9.8.3.1 | Report to external auditors | Reporting to external auditors. This process requires the organization to report to external auditor... |
| 9.8.3.2 | Report to regulators, share-/debt-holder... | Reporting to regulators, shareholders, debt holders, securities exchanges, etc. about IT regulations... |
| 9.8.3.3 | Report to third parties | Reporting to suppliers, customers, and partners that are doing business with the company about IT re... |
| 9.8.3.4 | Report to internal management | Reporting to internal management (all employees, directors, and management) about IT regulations and... |
Back to: Category 9.0 - Manage Financial Resources | APQC PCF Overview | Full Glossary