Internal control is the process an organisation follows to provide reasonable assurance of the reliability of its financial reporting, its operational effectiveness and efficiency and its overall compliance with laws and regulations. 

Taking its particular circumstances into account, the first step for an organisation is to define its ‘control environment’ – what are its values and ethics; what are its policies and practices; its management culture; organisational structure; the involvement of the Board and audit.

Using these as guide, the overall control objectives can be defined – taking into account the need to balance the need for control with efficiency.  A risk assessment provides further focus, identifying those risks the organisation wishes to reduce and is willing to devote resources to reducing.  This will identify the key business processes where controls are to be applied or assessed.

Internal controls follow two main strategies – preventive or detective.  The first attempts to prevent errors arising at all whilst the latter attempts to identify errors for correction “after the fact”.  Information systems (or applications) are integral to implementing an effective internal control environment as they provide many features for real time prevention and for logging and reporting of exceptions, rejections and reconciliation.  Mapping the controls onto business process maps and other documentation is also key and helps training and performance review.

The controls in place (or desired, if yet to be implemented) can be documented quite simply – process by process.  Such a list provides the checklist for a review of the health or maturity of the internal control regime in the organisation.

Defining and Assessing Internal Controls

Assessment of the control regime first identifies the critical processes and confirms the associated internal controls.  Each control is reviewed and any issues logged.  The risks indicated with each issue are be assessed and a decision taken on the response to the risk.  An action list will result which can form the delivery plan for the next phase of implementation of the control regime.

This summary is taken from a quick survey of what is available on the subject on the Internet.  It aims to pull out the key ideas of what is involved in defining internal controls.  Ideas such as reporting and monitoring – how do management know that the controls are working – also need to be considered in conjunction with this summary.

Free download. MindView Mind Mapping Software. The visual summary (above) was prepared using MindView and the full MindView map may be downloaded as a zip file by clicking the link: Defining and Assessing Internal Controls and saving the file.



A MindManager version of the map may be downloaded from either Biggerplate or Maps for That.



MindView Round Up

April 21, 2011

MV4-BE-Box-Front-medFor anyone interested in MindView and how the application can support you when devising strategy, planning projects or writing an article or report, here is a list of recent subjects covered, most recent first:

  • Managing a plan using task lists and timelines
  • Managing a plan with a Gantt chart
  • Managing a plan using MindView with MS Outlook
  • A simple planning procedure
  • Writing business reports
  • Meeting planning
  • Business continuity planning – crisis planning
  • Developing work procedures
  • Defining strategy and the action to implement it
  • Exporting mind maps to MS Excel.

To view the articles you can either click on the MindView “label” (not the Technorati tag) below this article or click on this link to list all the articles.

Free download. MindView Mind Mapping Software.


If you are interested to try MindView for free just click on the “free download” image here.



Understanding a business process often involves drawing a map or model of the process. 

imageA business process map will show key things about the process: the process trigger; the process steps; the flow of work between process steps; the roles involved. 

Annotations to the map may be used to add helpful detail however too much and the map becomes too busy to be meaningful.

imageWhen a lot of information must be documented, supplement the process map with a text document – let’s call it the “Process Definition”. The Process Definition can hold information about many attributes of the process not apparent from a normal process map.

These attributes include subjects such as:

  • scope and ownership
  • policy and business rules
  • exceptions
  • performance measures, SLAs and targets
  • constraints – internal and external such as regulation
  • issues, risks and opportunities
  • business continuity and audit
  • people skills and training.

Depending on why the process is being mapped and defined, the list of attributes for the process definition may be customised to meet the purpose.

image The suggested list of process attributes in the illustration above is available as a MindManager mind map at either BiggerPlate or There’s A Map For That.  The mind map includes supporting notes, examples, tips and templates for MS Word 2007 and earlier.  Word templates are available to download here, either Word 2007 or Word 97-2003.