Zum Hauptinhalt springen

The Future of Controls. Becoming a Control Intelligent Organisation

Introduction

In business, nothing happens without risk. The challenge is that the risk landscape is constantly changing. Organisations are often in a state of flux, regulations and standards continue to evolve and new forms of external risks are forever emerging in a seemingly unending game of “cat and mouse.” To stay ahead, organisations are increasingly investigating predictive risk sensing - but many are still in their infancy of exploring this and not able to keep up with the pace of change. To drive stability and success amidst dynamic and often unpredictable business conditions, controls therefore play a critical role. Now more than ever, it is imperative for organisations to become “Control Intelligent". 

Becoming Control Intelligent

In fact, controls have always played a significant role in managing risks; they are the repeatable processes by which organisations “get things done” while protecting their assets, operations, reputation and resources from vulnerabilities. Now, it is critical that organisations become ''Control Intelligent'': creating and maintaining a control environment that provides continuous, flexible and comprehensive risk management to future-proof the organisation. It’s especially critical that controls allow organisations to operate effectively, efficiently and with great agility in response to changing circumstances.

Leading Control Intelligent organisations are paving the way and providing a guide, as shown in Deloitte’s latest Future of Controls benchmarking survey. This report contains data and insights from more than 500 global organisations across industry sectors: highlighting the behaviours, best practices and technology ecosystems that Control Intelligent organisations share. Highly Control Intelligent organisations succeed at applying internal controls to bolster resilience, stay future-ready and ultimately flourish even amid volatility and uncertainty.

What goes into being Control Intelligent?


Deloitte’s Control Intelligent (CI) Index is composed of five key elements:


  • Controls strategy and governance
  • Controls operating model, culture and capability
  • Risk and controls framework and operational maturity
  • Controls technology, automation and digitisation
  • Controls monitoring and assurance framework

Based on combining these factors, a CI Index is established, reflecting the overall maturity across an organisation’s control environment. Deloitte’s Future of Controls benchmark survey shows a clear correlation between Control Intelligent organisations and a high CI Index.

Using the Deloitte CI Index effectively, organisations can gain valuable insights, set realistic improvement goals and implement targeted initiatives to enhance their maturity levels. This in turn will help drive organisational excellence, improved performance and greater competitive differentiation.

Control Intelligent Index

An organisation’s controls journey varies based on its strategy, the maturity of its controls environment, the level of regulatory compliance pressure it endures and the specific industry trends it needs to manage. A straightforward comparison against a standard maturity framework does not provide true insight into the maturity of its controls journey. It also does not help organisations understand and prioritise areas of focus in a meaningful way.

The Deloitte Control Intelligent Index (CI Index) is data-driven, helps provide meaningful comparisons with other organisations and supports a sustainable future. The CI Index helps organisations assess their current controls state and maturity and define, design and implement a bold, positive and fit-for-purpose Future of Controls programme.


There are five key elements and 20 associated parameters to calculate the CI Index. The five key elements are:


  • Strategy and governance: Linkage to organisation strategy, tone at the top, risk management strategy
  • Operating model, culture and capability: Three lines of defence, controls ambassadors in first line, controls culture, controls experience and training
  • Risk and controls framework and operational maturity: Process and risk control matrix (RCM) documentation, risk and controls standards, guidance and templates, internal controls and performance status.
  • Controls technology, automation and digitisation: Controls digitisation level; digitisation obstacles; prioritised use of technology; governance, risk and compliance (GRC) tool
  • Controls monitoring and assurance framework: Risk and controls indicators, controls testing frequency, external auditor reliance, level of assurance effort, traceability of control results

The CI Index is measured based on the above key elements and parameters on a scale of 1-4, with 4 representing the highest level of maturity.

 

Control Intelligent organisations are leading a bold and positive future

Deloitte’s Future of Controls benchmarking survey data shines light on how Control Intelligent organisations are driving a bold, digitally enabled Future of Controls journey and enabling growth whileprotecting value. They all follow five key common principles and support the 10 key themes derived from the survey data. These principles and themes largely transcend industry sectors (whetherhighly or less regulated) and revenue/size, highlighting common pathways to greater resilience and success.


  1. Controls design principles are aligned with the organisation strategy and purpose. They are not only protecting the organisation but also creating value in a consistent and co-ordinated manner.
  2. A consistent and strong tone at the top reiterate the need for and value of controls, with controls embedded in key decisions - whether it is strategic decision making or for designing and delivering transformative programmes.
  3. Control what matters, balancing between trust, prescriptive rules and procedures for controls and monitoring.
  4. Controls are truly owned and operated by the first line with as many “controls ambassadors” embedded in the first line, who are supported through a continuous “controls capability” enhancement focus. There is a strong collaboration between the first and second line and across teams through these controls ambassadors - breaking down silos and ensuring that everyone is working towards a common goal.
  5. Digitisation is a priority for every part of the controls lifecycle, enabling controls and control processes to operate more efficiently, effectively and with greater agility. There is a strong commitment to continuous improvement, using data and analytics to proactively identify areas for improvement and adapt quickly to changing circumstances.


  1. A strong “tone at the top” and strategy alignment help drive controls culture and maturity.
  2. A higher number of “controls ambassadors” in the first line supports better controls culture and maturity.
  3. An experienced controls team and regular training enhance risk and controls maturity.
  4. Co-sourced/outsourced controls functions support better controls training across the organisation.
  5. High controls maturity correlates to share price improvement.
  6. Enriched process documentation and risk assessment enhance risk and controls maturity.
  7. Higher controls automation drives higher controls maturity.
  8. Aligning controls with organisational strategy supports improved automation of controls.
  9. Elevated external auditor reliance on management testing is linked to controls maturity.
  10. Co-sourced/outsourced controls function supports efficiency in controls testing.

Although some of the above principles and themes may sound elementary and easy and have been in discussion in the risk management parlour, a significant percentage of organisations are still far from following and embedding them properly - highlighting the need for greater focus on technology-driven controls education and controls culture.

The way forward


So, how can your organisation become “Control Intelligent” as a means to stay future-ready? The Future of Controls journey will vary from organisation to organisation based on the maturity of the controls environment, the level of regulatory compliance pressure they endure and the specific industry trends they need to manage. However, irrespective of the level of maturity and transformation, the way forward starts by understanding which principles need improvement and how you can align your controls to each one. Deloitte’s CI Index can help.

Perhaps most pressingly, there is also an opportunity to effectively harness technology to enhance efficiency, reduce errors and achieve these principles. Organisations must make it a necessity to pursue digitisation in every aspect of the controls lifecycle.

Becoming “Control Intelligent” is also more than just setting control strategies, evaluating risk frameworks and considering the project to be “one-and-done.” The Future of Controls represents a continuous journey: one that embeds the above principles and themes into everyday work, leadership approaches and organisational DNA. By taking the right steps to action, organisations benefit from a flexible control framework that empowers and protects them today and drives resilience and success far into the future.

Click here to download the full report

Fanden Sie dies hilfreich?

Vielen Dank für Ihr Feedback

Wenn Sie helfen möchten, Deloitte.com weiter zu verbessern, füllen Sie bitte folgendes aus: 3-min-Umfrage