A leading multilateral financial institution in the USA and a specialized agency of the United Nations, headquartered in Washington, DC, with members from more than 184 countries.

This institution embarked on a three-year program to modernize its technology platforms, and streamline core business functions including business processes, procedures, internal controls, and supporting systems. They had already implemented a platform consisting of i-flex product offerings, FLEXCUBE and Reveleus. These technological changes had resulted in substantial transformation in their internal processes and procedures. Further to this, they planned to document their Internal Control Framework. This entailed recording business, technology and operational procedures, risks arising therefrom and related internal controls/risk mitigation measures. They wished to create an exhaustive list of application controls existing in the platform, too. Although, Sarbanes Oxley Act is not applicable to this organization, they wished to adopt the guidelines of the Act, so also, the principles of the Committee of Sponsoring Organizations (COSO), and the Control Objectives for Information and Related Technology (CoBIT). Developing such a framework would later help them in annual external audits.

Our consultants, equipped with extensive expertise in the BFSI segment, were engaged by the customer organization to develop and document their Internal Control Framework. The knowledge and experience gained from the implementation of the platform further helped add value to this project. The project team analyzed financial statements to identify significant accounts and high risk areas. They studied various information sources to understand specific business practices and nuances, as well as the platform that had just been implemented. Knowledge gleaned from interviews, discussions and walkthroughs afforded an in-depth understanding of the processes and risks involved. The team identified typical business scenarios, related control objectives/risks and control procedures. They designed a template for documenting an Internal Control Framework and incorporating best practices of the Sarbanes Oxley Act/COSO/CoBIT framework. The salient features of the Internal Control Framework that were developed are described below.

	incorporation of the spirit of Sarbanes Oxley Act and the COSO and CoBIT frameworks
	exhaustive controls documentation (about 1,500 control points across various areas)
	two sets of documentation - a detailed baseline framework from the process owner/management perspective, and another one from an external auditor perspective
	comprehensive documentation of application and technology controls, operational, procedural and monitoring controls
	development of control structures for contemporary areas such as software change management, escrow management, upload controls, and international auditing standards compliance
	basis for management assertion of financial statements and internal controls
	assignment of control quality for the identification of areas of improvement/high risk areas
	identification of key controls for testing purposes
	mapping of significant accounts and processes for assessing the impact of any errors
	recommendation of the industry's best practices
	review and endorsement of the internal control framework

Benefits: i-flex's consultants developed an exhaustive internal control framework incorporating more than 1,500 control points. On the whole, the benefits accrued by the customer included:

	detailed internal control framework documentation, which can be 'sliced and diced' according to user requirements
	extensive coverage of application controls in the i-flex platform
	documentation templates designed to help in the extraction and analysis of useful information
	strong foundation to further build upon the internal control framework--from an operational and management perspective, as well as from an external auditor perspective
	useful tool for implementing, evaluating and monitoring controls
	identification of areas for improvement based on assignment of control quality
	valuable suggestions for improvement based on industry's best practices
	provides an option of using a structured repository in the future