Accueil
Article actuel

Internal Control vs Application Risks

Auteur de l’article :
Publié le
November 21, 2025
Lecture :
mins
[background image] image of an innovation lab (for an ai developer tools business)

The implementation of internal control when implementing new financial solutions is an important dimension of implementation. Why? Because, on the one hand, controls generate costs. On the other hand, the lack of controls can also generate substantial direct and indirect costs.

What is important is to maintain a balance between control resources and risk. It is also necessary to ensure that controls are maintained, evaluated and even improved on an ongoing basis after they are in place. To do this, we have designed an approach inspired by the CoSO (Committee of Sponsoring Organizations) methodology, integrating the following three axes: processes, risks, controls. How to reduce the application risks of a solution through internal control?

Internal control vs application risks: the PlanAxion approach

The next few lines present our approach to reduce the application risks of a solution through internal controls. By following the steps of our approach, you will be in a position to maximize and facilitate the implementation of your solution.

1 — Determine the business processes included in the process. 2 — Establish the control objectives sought, such as:

  • The availability of information
  • Integrity of Information
  • Confidentiality of information
  • The Preservation of Assets
  • Compliance with standards and regulations
  • Etc.

3 - Make an association between the processes and the control objectives applicable to each of them.

4 - For each of the control process/objective combinations, determine the risks, without considering the controls in place.

5 - For each risk, determine and qualify the controls in place or to be implemented. The controls are qualified according to the following criteria:

  • Key/secondary
  • Manual/semi-automated/automated
  • Detection/prevention
  • Centralized/decentralized

6 - Evaluate each of the risks identified. This evaluation is carried out in the following manner: Calculated risk = probability of occurrence × impact and applied to each of the risks, taking into account the evaluation of the controls in place.

For illustrative purposes, let's take the example of fire risk. On the one hand, the aim of the smoking ban is to reduce the risk of occurrence without reducing the impact of potential damage. On the other hand, the installation of sprinklers does not reduce the probability of occurrence, but rather the impact of possible damage.

Example of applying calculated risk

Contrôle interne vs risque calculé

7 - Switch to “Continuous Improvement” mode

  • Establish a process for periodic risk assessment
  • Make improvements to controls by taking into account the related implementation costs in relation to the calculated risk.

With foresight, application risks can be reduced by implementing internal controls. Our Proven Approach Allows Us To Be Very Successful in Implementing Solutions (business, ERP, Oracle, etc.).