Internal Control workflow

Choose an Internal Control workflow if you need to create narratives and evaluate the design and effectiveness of controls.

Components

Notes

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.

Objectives

Objectives are the key goals of a project or framework, and the organizing containers for work done within a project or framework. Each objective states the subject matter under examination and how performance will be assessed.

Narratives

A narrative is a description of an objective or area under review. Narratives are also known as policies, process descriptions, or control guides.

Risks

A risk is an effect of uncertainty on an objective, with the effect having a positive or negative deviation from what is expected. Risks are organized by objective, and can be associated with one or more controls.

Controls

A control is a program, policy, routine, or activity that is intended to mitigate a risk. Controls are organized by objectives, and can be associated with one or more risks.

Risk Control Matrix

The Risk Control Matrix serves as the project plan and is composed of identified risks and corresponding controls. You create a Risk Control Matrix by identifying the risks within the objective, and identifying the controls that mitigate those risks

Walkthroughs

A walkthrough is a series of steps you perform to establish the reliability of controls and test the design of controls. Each control you define has a corresponding walkthrough that is used to verify that the control is designed appropriately.

Test Plan

A test plan is a document that details how controls are assessed. Test plans identify the testing method or type of evidence obtained, specify the total sample size (split amongst testing rounds), and illustrate test steps or attributes.

Tests

A test is an assessment that ensures the operating effectiveness of internal controls within an organization. Each control you define has a corresponding test (or series of tests, if there are multiple testing rounds).

When should I use an Internal Control workflow?

If you need to define objectives, narratives, risks, and controls, and perform walkthroughs of controls and/or multiple testing rounds, use an Internal Control workflow.

Internal Control workflows are appropriate for more complex types of projects where:

  • a narrative may be completed in order to gain understanding of the goals of the project
  • key controls within the process are identified
  • walkthroughs are done to verify the controls are designed appropriately
  • control testing is done to verify controls are operating effectively

Internal Control workflows work well for:

  • Sarbanes-Oxley
  • Internal Control reviews
  • SOC audits