Skip to main content

4 Key Findings from the Internal Control Management by Design Workshop

Internal Audit
Internal Controls
4 Key Findings from the Internal Control Management by Design Workshop
2 min read
Published: April 24, 2018
Last Updated: April 25, 2023

Internal control management has become a critical foundation for corporate governance, risk management, and compliance (GRC). Recently, Workiva sponsored several full-day workshops, led by internal controls expert Michael Rasmussen of GRC 20/20 Research, LLC. The agenda focused on effective internal control management techniques that can be applied across the organization as part of broader GRC strategies.

Here are four of the top takeaways from the Internal Control Management by Design Workshops.

An ever-changing controls environment. Constant connectedness of information through technology. These are just a few factors that bring greater complexity to the internal audit function. With questions of ownership, accuracy, and accessibility on the rise, today's teams need to maintain a consistent and detailed record of changes for internal controls.

Attendees generally agreed that consistency is one of the primary challenges of the current environment. Consistency comes from finding the right balance across many areas, including:

  • Internal (i.e., controls and business processes) and external environments (such as regulatory changes and agency pressures)
  • Internal and external audit
  • Identifying risks and demonstrating confidence in the control-risk alignment
  • Key controls focus vs. other controls
  • Automation and the human element

Internal controls is moving from a decentralized to centralized approach. It is important to note that centralizing is not just about the process, but also resources. Teams are looking for more ways to effectively share information across departments in order to be more efficient and accountable.

The ever-changing controls environment is a challenge for compliance professionals today, and it appears it will continue well into the future. Attendees discussed emerging regulatory trends on the edges of the market, including General Data Protection Regulation (GDPR), cyberrisk, and continued pressure from the PCAOB.

Overall, the workshop series acknowledged that today's internal audit environment is becoming increasingly complex. Centralizing processes, data—especially that which may be redundant across teams—and resources are key to creating a repeatable, sustainable solution that can respond to the demands of today's controls environment. The right risk management technology enables teams to connect data and information, maintain a detailed record of documentation, and engage stakeholders.

For future educational opportunities, check out our schedule of events, which includes upcoming SOX and internal control workshops.

You May Also Like

Online registration is currently unavailable.

Please email events@workiva to register for this event.

Our forms are currently down.

Please contact us at

Our forms are currently down.

Please contact us at