Business is complex. Exponential growth and change in regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, disruptive technology, and business data impedes organizations. Keeping complexity and change in sync is a significant challenge for boards, executives, as well as governance, risk management, and compliance (GRC) functions throughout the business.

Issues and Problems

Business is no longer defined by traditional brick-and-mortar walls. Physical buildings and conventional employees no longer define organizations. The organization is an interconnected mesh of relationships and interactions that span business boundaries.

Complexity grows as these interconnected relationships, processes, and systems nest themselves in intricacy. Distributed business operations complicates the organization as it attempts to remain competitive with shifting business strategy, technology, and processes while keeping current with changes in risk and regulatory environments around the world.

Managing control activities in disconnected silos leads the organization to inevitable failure. What may seem like an insignificant risk in one part of the organization may very well have a different appearance when other risks are factored. Organizations with siloed and manual processes for control management rely on a range of documents, spreadsheets, and emails that are inefficient, out-of-sync, ineffective, lack agility, and are inadequate to manage internal controls. Reactive, document-centric, and manual processes fail to actively manage controls in the context of business strategy and performance, and leave the organization blind to intricate relationships of risk across the business.

Organizations fail and are encumbered by unnecessary complexity because they manage controls around specific issues, without regard for a common integrated strategy and architecture. Organizations are tasked to provide an integrated view of internal controls across finance, IT, and business processes and operations.


Organizations today are required to comply with an increasing number of regulations, policies and procedures. This drives the need for ongoing internal control monitoring in organizations. The traditional regulation/policy/procedure-specific internal control management software solutions have become less effective, as they are not integrative and hence can create inconsistencies and even contradictory internal control processes. Executive officers are specifically required to demonstrate effective internal control practices, and to ensure corporate transparency and visibility into the business. The internal control process is continuous and needs to be repeated periodically and closely monitored. Management is personally responsible for an adequate level of internal control, and this responsibility requires significant management attention and allocation of time and effort.

Single Internal Control Management Function

A scope that provides a single internal control management function that coordinates and manages controls across operations and finance has specific issues and challenges which are: Providing an integrated strategy and view of financial and operational controls across the organization. .Increasing confidence in risk coverage and the complexity of interconnectedness of risk and controls .Capturing business changes with updated and changing controls .Combining finance and operational control teams and revamping processes .Focusing on key controls that could cause the organization to overlook other controls .Managing the human element in controls management .Expanding regulatory requirements for internal control management such as GDPR, FPCA, PCAOB pressures .Addressing a lack of resources while being tasked with more internal control responsibilities across operational controls .Keeping controls aligned with business processes and a changing environment .Implementing a system/technology to manage all controls across the organization .Integrating controls into daily workflow particularly when transitions occur with staff and turnover

Controls are critical throughout business strategies, operations, and processes. Internal control management has become a critical foundation for enterprise GRC.

The correct controls that are operationally effective are the linchpin to assure that the organization can reliably achieve objectives while addressing uncertainty and acting with integrity (OCEG definition of GRC).


As organizations mature their approach to internal control management they are seeing more intersections with risk, compliance, and audit processes which require a more thorough strategy for managing controls in the context of the organization. Reactive and stove-piped approaches to internal controls management leave the organization not seeing the big picture of how controls interrelate with each other, risks, and compliance obligations. This means the organization wastes resources on managing controls as separate assessments and projects instead of as an integrated whole. Defining strategy, managing operations, and addressing organization change requires agility in internal control management to provide assurance to boards, executives, GRC professionals, as well as the line of business.

As business becomes increasingly complex in a changing business and risk environment – that struggles with growing regulations, globalization, and distributed operations – organizations need a blueprint for effective, efficient and agile internal control management. This requires organizations to design internal management into the organization as an integrated part of strategy and operations supported by an integrated internal control information architecture that allows organizations to have a 360° situational awareness of internal controls in context of business strategy and operations.

GOLDENHORN eGRC Internal Control Management provides an integrated and consilience solution on effective internal control management strategies in a dynamic business and risk environment.

An effective internal control system is an important component of GRC and provides appropriate security for achieving goals in the following categories: .Robustness of business processes .Reliability of financial reporting .Regulations and standards compliance


The GOLDENHORN eGRC Internal Control Management is one of reliable solutions in the GRC market that provides a comprehensive and integrated framework for managing internal controls in a multi-subsidiary environment. The Internal Control Management enables enterprises to define control testing plans, assign control tests to designated internal controllers, schedule internal control tests, collect internal control test results, document recommendations, manage action requests, remediation plans, and present summarizing dashboards of internal control outcomes.

The GOLDENHORN eGRC Internal Control Management supports all types of control tests, including internal control tests, operational control tests, and IT control tests. The GOLDENHORN eGRC ICM is aimed at efficient internal control monitoring execution and ensures integration of the internal control process with the risk and compliance management system. With our MultiTenant technology, multi-subsidiary organizations can now manage their internal control efforts centrally within an easy and flexible environment.

You can use Internal Control Management as a standalone GRC solution or integrate it in GOLDENHORN eGRC with existing submodules for e.g. Operational Risk Management, Internal Audit Management, Compliance Management, Continual Improvement Management etc. Since the methodology is aligned, data from cyclical internal control tests and acyclic ones are seamlessly integrated. This generates a greater scope of information and a better foundation for making decisions regarding changes.

Creating custom reports is considerably simplified with GOLDENHORN eGRC.


Support of the complete internal control management process

Flexible internal control planning and scheduling

Implement complex approval processes with dynamic cases and workflows

Remind contributors to complete measures

Use vast capabilities to present insights gained through internal control management

Visualize extracts from current internal control data graphically at any time

Generate individual reports for different target stakeholders


Integration of specific controls and standards (e.g. COSO, Cobit, Regulative Requirements)

Simple, self-service advanced Internal Control Management reporting.Implementation of controls on process, service and entity levels

Test of design and effectiveness by VVM – Validation and Verification Manager

System-supported development of controls.Standalone or unified with Operation Risk Management, Internal Audit Management, Continual Improvement Management and other GRC processes

GOLDENHORN BPM process workflow-driven dashboards with information on current internal control tests and tasks.

Internal control and test model registers

Internal Control allocation planning

Flexible authorization system based on roles and groups

Tracking for measures, internal control findings, reviews and action requests

Collection of various information such as costs, time spent, responsibilities or criticality for individual measures

Flexible reporting

Critical Success Factors

Drive control documentation (including verification and validation model documentation) through GOLDENHORN BPM and use it as the foundation for modifying existing controlsGain a complete overview of controls and their correlations to risksGenerate reports on quality and effectivenessRun validation and verification model cases for controls at regular intervalsFull transparency of overall process via integrated control testing-trailTrack measures for improvementProvides unique ability to include manual and automated monitoring techniques into one solutionGain transparency by identifying weak spots in controls across all processes


Thanks to the modular configurations of GOLDENHORN eGRC ICM with different submodules and features:

> Internal Control Knowledge Management System

> Internal Control Case Management – Engagement Management

> Internal Control Case Management – Request Fulfillment

> Internal Control Planning Management

> Internal Control Scheduling

> Internal Control – Process and Operational

> Internal Control – Compliance

> Internal Control – Enterprise Architecture

> Internal Control – Vendors&Suppliers

> Internal Control – External Service Provider

> Internal Control – Bank Branch Office

> Internal Control – FirstLevel Assurance (Self Assurance)

> Internal Control Testing Management

> Internal Control Finding Management

> Internal Control Performance Management

> Internal Control Financial Cost Management

> Internal Control Integration for Sampling

> Internal Control Analytics and Reporting