Internal Control Maturity Level

Does a Code of Conduct exist, regarding acceptable business practices and expected standards of ethical behavior, kept in line with legislation and regulation, communicated to all employees and contractors?

Is a formal up-to-date delegation of authority (DOA) matrix covering the whole operating entity in place? Which defines the specific authorities that are being delegated by the Group/local Board and/or GM to the lower level of management within various areas and functions; the delegations' boundaries, including strategic, structural, financial, information systems and contract-related authorities for staff; the delegation limits, qualitative and quantitative

Is a career development framework defined to manage talent, with focus on critical positions for the necessary competencies and training for their assigned duties? On the job training and formal training are utilized as and when necessary to sustain the competencies level of the employees.

The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed

The organization considers the potential for fraud in assessing risks to the achievement of objectives.

The organization identifies and assesses changes that could significantly impact the system of internal control.

An Internal Control Framework exist, that highlights control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.

The organization selects and develops general control activities over technology to support the achievement of objectives and has reach a high level of maturity of people, process and technology with the majority of controls automated

The organization deploys control activities through policies that establish what is expected and procedures that put policies into place, with clear definition of roles and responsabilities throughout the processes

The organization obtains/generates and uses relevant, quality information to provide internal control with valuable information to fully play it's preventive and detective role

The organization internally communicates information, including objectives and responsibilities related to internal control compliance, to raise awareness among staff at all levels. It also communicates to staff financial, reputational consequences of non compliance with internal control requirements

The organization communicates with external parties regarding matters affecting the functioning of internal control (regulators, Investors, other stakeholders.

Does your organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning and to measure the level of maturity of people process and technology with regards to internal control requirement

The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate