Internal control and corporate governance

Internal control comprises all actions and procedures aimed at ensuring the achievement of objectives. Internal control is an integral part of an organisation’s management and governance, i.e. continuous management and monitoring of operations and finances.  Effective internal control is typically based on international frameworks for internal control, including:  

  • COSO IC (internal control framework)

  • or COSO ERM, an internal control model with integrated enterprise risk management) 


According to the COSO model, the Board of Directorsmanagement and other personnel are all responsible for the control framework of the organization.  The purpose is to produce reasonable certainty of the following objectives being achieved: 

  • The effectiveness and efficiency of operations 

  • The reliability of financial and non-financial reporting 

  • Compliance with laws and regulations. 

In many organizations, internal control and risk management processes are complemented by corporate governance structures: 

Similar recommendations for internal control are are also available for other types of organisations, including financial sector entities, foundations, municipalities, and government agencies and institutions. For example, the Association of Finnish Municipalities has published guidelines for the implementation of internal control and risk management in municipalities

In addition, the controller function of the Ministry of Finance has drawn up recommendations on best practices in internal control and risk management for government agencies and institutions

In some organisations, internal audit supports the senior management and the Board of Directors in assessing the effectiveness of internal control. Internal audit is focused on the internal control of the entire organisation’s operations and risk management, as well as management and governance processes (in Finnish) 

We help you with: 

  • The assessment and development of internal control  

  • The assessment and development of corporate governance structures 

  • Reporting on internal control and risk management 

  • Preparing an internal control assessment and confirmation statement 

  • The development of risk management 

  • Internal audit