Modern Internal Controls Frameworks

We will turn now to a number of powerful models developed in recent years which each set out different ways for an organisation to order the various individual controls into an effective internal control framework. Directors and managers need to be aware of these models and should look to use the one most applicable to their own particular business in order to gain increased assurance over the management of risk, including of course fraud risk.

Overview

Set out below is a brief review of five major control frameworks developed since the early 1990s in the US, Canada and the UK. There have been others developed during this period, of course. For example, in response to the growing importance of the application of information technology (“IT”) to the strategy and business processes of most organisations, an IT governance framework “Control Objectives for Information and Related Technology” (“COBIT”) was developed in 1996 in the US as a reference for developing and managing internal controls and appropriate levels of security in IT. But the five models outlined below provide the key overarching controls frameworks that directors and managers need to be aware of and then to decide which of them is most appropriate for application in their own particular organisations. Each of the frameworks has been updated in response to changing circumstances and recommendations for improvement from time to time.

The majority of these five frameworks take a business-wide ...