Internal controls and integrated risk management – a summary of recent changes.

Being unaware of the law is not a valid reason to break it and similarly, allowing your internal controls to become unfit for purpose is no excuse for non-compliance.

Every company is obliged to keep up with changing formal – and informal – requirements and circumstances, regardless of size or sector.

A good risk manager should understand how external factors can steer a company’s approach to risk management

When circumstances change, new risks may arise. So, companies should reassess their exposure to risk, and any regulatory changes, and review their internal controls accordingly.

A recent example is how companies adapted to the pandemic. A major, and in some cases, complete transition to remote working meant risk managers had to create new internal control frameworks.

Some recent key changes to risk management

Changes to external circumstances, regulations and specific risk has triggered certain changes to how companies approach risk management. Some recent trends include:

  • The role and scope of internal control within companies has increased significantly. While such measures and procedures were the domain of large companies, internal control is now carried out in companies of all sizes.
  • Internal control reports are treated as important operational and planning documents.
  • Now that comparable methods for carrying out audits are common, it’s easier to collate results year on year, or over designated time periods, and chart a company’s exposure and defense against risks year on year.
  • Particularly since the pandemic, integrated risk management (IRM) is indispensable for business continuity and robust business operations, especially at manufacturing companies.

Striking a balance between risk and reward

Today’s financial crisis, supply chain issues and the fallout from the armed conflict in Ukraine bring a sharp focus on risk management.

Many companies take a balanced approach to risk – meaning that success comes with a measure of risk. Companies must strike a balance between ambition and risk. A company that takes no risks will be unsuccessful, but too much risk may undermine success.


Companies should track and understand external as well as internal factors. Technology improvements such as automation, workflow and data analysis allow companies to apply IRM not only to minimize and manage risks but also as a strategic input for business planning.

Adaptive GRC is a modern tool that provides process automation and can be fully customized to account for all risks.

This approach makes it possible to monitor changes, react in the shortest possible time as well as process large volumes of data.