Internal control goes beyond statutory compliance requirements; it helps entities build trust, confidence, and reputation in achieving strategic business outcomes.  How has the trend of transformation in entities impacted internal control?

Internal control

Accountancy, finance, and internal audit professionals, in whatever role they discharge, are fundamental players, together with others, in the control frameworks of their entities. Yet all entities face many challenges. They need to rapidly transform to ensure that they address the difficult operating environment of the 2020s.

To do this, they are increasingly using technology and data. Data-driven insights are essential to enable management to react quickly and take decisive action. That action is across an increasingly broad horizon, as stakeholders require disclosures that cover not only financial objectives, but also those that address non-financial areas such as actions in relation to climate change and human capital.

The purpose of internal control

The survey respondents had a strong alignment to the IIA’s Three Lines Model demonstrating the interrelated governance roles of the board, management, and internal auditors to assure and achieve effective internal controls over financial – and more recently – sustainability reporting. Yet as entities undertake their transformational journeys, so a key skill shortage among those enacting the internal controls was highlighted. 50% of survey respondents ranked this as a key issue.

Internal control and transformation

There are many drivers impacting internal control in entities.


Transformation is an on-going activity for many entities. The report comments that there is a need to ensure that internal control and risk-management frameworks are agile and fit for purpose in a business environment that is increasingly expanding in scope with rapidly evolving technologies such as Cloud computing, artificial intelligence, blockchain and process mining. Non-financial disclosures are increasing being brought into the scope of internal control, which brings its own implications.

The nature of rapid change requires adaptive and agile leadership and project focus. Internal control must be integral to these advancements. The application of technology is also evolving as entities embrace the ‘fourth industrial revolution’ and connected technologies.

It is a change not only in the nature of control but a shift from a more static view to one that focuses more on near-real-time data flows, continuous and automated. 52% of respondents highlighted that increased data flows had improved their internal controls. There is also recognition of shared objectives, such as those concerned with governance over the integrity of data, and alignment to a dynamic risk culture that reacts to rapidly evolving operating models.

The skills mix required to address internal control is shifting and requires a broader range of expertise than may traditionally have been the case across all functions focused on internal controls.

The report discusses all these perspectives and makes recommendations in six areas.