Efficient internal audit & control principles


Senior management bear a specific responsibility to achieve an efficient internal audit & control implementation. Many companies fail to do so as their senior management doesn’t realize the cost and implications of such a system: they wrongly leave those principles definition with risks experts.

Efficient internal audit & control systems is not granted: such system can be complex and costly. They indeed have a very large spectrum by covering all activities of the company. But on average, senior management doesn’t dig into its principles, leaving the implementation decisions with risk experts.

Risk experts can potentially take COSO as a good leverage for empowerment. Indeed they can make senior management sign obscur decisions for by themselves and operational managers.

Symptoms of an un-efficient internal control system
  • Operational managers, in charge of internal divisions or of subsidiaries, do not understand well the value of the system
  • The result of internal audits are useless in business decisions.
  • Resolution of audit findings are weakly followed and are not taken in managers evaluations
  • The cost of the internal control system is unclear or the cost of┬ácontrols are not negligible compared to the risk covered.
  • General risks are the main risks.

A post for auditors is dedicated to give the details and explain the benefits of this simplification.

This is the first post dedicated to senior management, after several posts dedicated to management or to auditors.

A second post for senior management is also critical to gains efficiency of internal audits.

If you liked this blog, please leave a comment. I plan to consolidate all posts is a white paper: just let me know if you wish to receive it.


Please enter your comment!
Please enter your name here