Internal Controls
The mechanisms, rules, and procedures an organisation implements to ensure the integrity of financial and operational processes and to prevent fraud.
Internal controls are the operational mechanisms that ensure organisational processes work as intended. They include:
- Preventive controls: stop problems before they occur (approval workflows, access restrictions) - Detective controls: identify problems after they occur (reconciliations, audits, monitoring) - Corrective controls: fix problems once identified (remediation processes, escalation)
The COSO framework (Committee of Sponsoring Organizations) provides the standard model for internal controls, covering: - Control environment - Risk assessment - Control activities - Information and communication - Monitoring activities
In traditional governance, internal controls are primarily detective — they find problems after the fact. Governance infrastructure makes controls primarily preventive — they stop problems at the moment of action.
How Constellation handles this
Constellation transforms internal controls from detective to preventive. Instead of finding problems after the fact, the governance gate prevents violations at the moment of action.