Implementing Internal Controls in Strategic Planning
The term “controls,” originally used in the GRC (Governance, Risk, Compliance) domain to describe mechanisms for managing risks and ensuring compliance, is now applied more broadly to strategic planning. In this context, controls act as standard responses to specific situations. In this article, we’ll share best practices for setting up controls, their practical use, and organizing libraries of controls.
In essence, a “control” is a response or prevention mechanism used to manage risk and ensure compliance.
From the automation perspective, a control might be as simple as an action plan with aligned progress metrics or as complex as a hierarchical set of controls and sub-controls, each with its own set of metrics, risk estimations, mitigation plans, contextual dependencies, and owners.
Controls have specific application areas, defining when certain controls should be activated.
Automating Internal Controls with Functional Scorecards
Controls have specific components:
Conditions that trigger the control.
Internalmechanics to ensure the control works properly (progress metrics, supporting documentation, responsible persons).
The results of applying a control are recorded for accountability and to provide inputs for a learning loop.
Let’s explore some practical tools to apply controls to the GRC aspect of strategic planning.
Setting Up Controls
At the initial stage, our goal is to properly map the past experiences of the management team into controls or formal response mechanisms.
Identifying the Rationale of the Control
The basics of identifying a control include giving it a meaningful name and explaining its purpose in the description. Linking a control to previous events or regulatory requirements that led to its creation is also valuable.
In BSC Designer:
Use the Add button to create a new item.
Identify the control via the name and description fields.
Cross-link the control with relevant past goals, events, or regulatory requirements.
Additional Properties of a Control
Organizations follow their own standards of control definition, implying specific properties for controls or associated action plans.
In BSC Designer:
Define required properties of controls via custom fields.
The new fields will be available for controls, metrics, and initiatives.
Owner of Control – Automation Control Communications
Most controls require some level of human intervention. Even if a control is expected to execute successfully, it’s good to have someone oversee it. For example, software maintainability controls may automate updates, but an IT specialist is needed to resolve conflicts if an update fails.
In BSC Designer:
Add responsible persons for the control as users; assign the person to a team.
Assign the person or team as the owner of the control via the Owner field.
Use Metrics for Controls
A control is well-defined when at least two metrics are clearly specified:
The efficiency metric.
The effectiveness metric.
The efficiency metric ensures the control is implemented according to established standards, while the effectiveness metric ensures the control achieves the desired results.
For example, in incident reporting:
The efficiency metric might be the “% of personnel trained in incident reporting.”
The effectiveness metric might be “the number of incidents reported” or “% of incidents not communicated properly.”
In BSC Designer:
Use the Add button to add metrics inside the Control item.
Adjust the metric type on the Context tab: the efficiency metric is a leading metric, and the effectiveness metric is a lagging one.
More complex controls require time for application and need periodic revision. For example, the effectiveness of incident reporting training needs regular validation.
In BSC Designer:
Use the Update Interval setting of the indicator to schedule regular revisions.
Add Action Plans
Applying controls involves following specific prevention or response actions, similar to classical project management with due dates, budgets, and responsible persons. Additionally, we can track the status and progress of the action plan.
In BSC Designer:
Use the Initiative tool to add action plans to the controls.
Align risks and efficiency metrics with the initiative.
Assign an owner to the initiative; the person will receive notifications when the status changes.
What is an Initiative and How to Add it to a Goal in Strategic Planning
Alexis is the CEO of BSC Designer. With over 20 years of experience in strategic planning, he assists organizations in articulating and executing their strategies. He is the author of ‘10 Step KPIs System‘ and ‘5 Step Strategy Deployment System‘, and has written over 100 articles on the topics of strategy and performance.
This website uses cookies to improve your experience.AcceptRead More
Privacy Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.