Approach 4.0 for Internal Controls Specialist
The internal controls specialist, especially those with CICS - Certified Internal Control Specialist certification, cannot be supporting actors, they need to be protagonists, leading the dissemination and application of the best management practice structures in their organization, supporting management in this process structural changes, allowing the company to maintain its competitive advantage.
For this,
internal control professionals must innovate their approach in the activities
of modeling, implementation or evaluation of operational processes, risk
management and internal control system.
Having a
more holistic view of the company, aligning the market, strategy and operation,
is a fundamental requirement for the specialist. He needs to see and understand
the meaning of the "parts" in the "whole" business, making
sense throughout the operation's ecosystem.
In addition to all the technical and managerial training that this professional must have, he needs to include, in his activities, new structured models, breaking paradigms and expanding his coverage and vision beyond the controls
Thinking
about encouraging some reflections and also contributing to these changes, I
describe in the diagram, some attributes, which I consider essential, and which should be
part of this approach which I called, for lack of creativity, as 4.0, alluding
to the fourth industrial revolution that focuses on increased efficiency and
productivity using physical cyber systems, automation, IOT, cloud and others.
Let's take a look in these attributes:
1. Evaluation of the organizational structure based on a business vision, so that it can promote the alignment of the capital applied in the operational organization with the planned strategic return,
2. Application of structured and disciplined methodology to evaluate processes and activities, considering the inclusion of agile principles and values,
3. Add a review of the performance of the governance, compliance and integrity program as a requirement in the processes, tasks and environment assessment and validation programs,
4. Use of data science techniques and tools in its processes for surveying and testing the efficiency and effectiveness of the internal control system, such as for database validation and information security,
5. Strengthen the vision of strategic and operational risks inherent to the corporation, paying special attention to the emerging risks, whether in the management of data processing technology applied to operational processes, in innovation, in the market, or in other dimensions that may impact the organization's ability not to achieve its mission,
6. Identify the best management practices that can be considered as paradigms for improving performance and innovation, promoting them in the structure, strengthening the control environment and perfecting the fundamentals of corporate governance, risk management, internal control systems, compliance and / or other related activities.
As you may see, the adoption of these attributes, in the activity of internal controls,
requires a change of “mindset”, not only of the professionals of internal
controls, but also of the management, at all levels.
Every
change generates reaction and resistance, so that in order to be successful
they must be planned, including in this plan a robust process of sensitizing
the structure for the promotion and justification of awareness and culture of
efficiency, risks and controls, mitigating the risk of not being successful in
this change.
I end this
article with a phrase that always helps me when I'm making some excuse for not
changing, which is:
"Change
is the law of life, those who look only to the past, or to the present will be
forgotten in the future" J.F Kennedy