ICS & RCM Study Guide
1. What is ICS (Internal Control System)?
ICS is a framework of rules, policies, and procedures used by organizations to ensure:
- Asset protection
- Reliable financial reporting
- Operational efficiency
- Regulatory compliance
2. Objectives of ICS
- Operational Efficiency
- Reliable Reporting
- Compliance with Laws
- Asset Safeguarding
- Fraud Prevention
3. Areas of ICS (COSO Framework)
- Control Environment: Company ethics, structure
- Risk Assessment: Identifying risks
- Control Activities: Processes to mitigate risks
- Information & Communication: Data sharing and reporting
- Monitoring: Continuous review of control effectiveness
4. Types of Internal Controls
| Type |
Purpose |
Example |
| Preventive |
Stops errors before they occur |
Approval workflows |
| Detective |
Identifies errors after they occur |
Audits, reconciliations |
| Corrective |
Fixes identified problems |
Data backups, corrective entries |
5. What is RCM (Risk Control Matrix)?
RCM is a tool that links business risks to internal control activities. It includes:
- Risk description
- Control activity
- Control owner
- Frequency of control
- Control type
6. Objectives of RCM
- Identify and document risks
- Map controls to risks
- Support control testing
- Aid in compliance (e.g., SOX)
7. Types of RCM
- By Process: P2P, O2C, R2R
- By Risk Type: Financial, Operational, Compliance
- By Control Type: Preventive, Detective, Corrective
8. Example RCM Tables
P2P (Procure to Pay)
| Risk |
Control Activity |
Type |
Owner |
Frequency |
| Unauthorized purchases |
Manager approval of POs |
Preventive |
Procurement Manager |
Per transaction |
| Duplicate vendor payments |
System blocks duplicate invoice numbers |
Preventive |
AP Clerk |
Daily |
| Goods paid for but not received |
3-way match (PO, GRN, Invoice) |
Preventive |
AP Team |
Per transaction |
O2C (Order to Cash)
| Risk |
Control Activity |
Type |
Owner |
Frequency |
| Incorrect billing |
Invoices auto-generated from sales orders |
Preventive |
Billing Supervisor |
Per transaction |
| Bad credit customers |
Credit check before order approval |
Preventive |
Sales Manager |
Per order |
| Delayed collections |
Aged receivables review and follow-up |
Detective |
Finance Manager |
Weekly |
R2R (Record to Report)
| Risk |
Control Activity |
Type |
Owner |
Frequency |
| Misstatements |
Ledger reconciliations |
Detective |
Finance Manager |
Monthly |
| Unapproved entries |
Journal entry approval |
Preventive |
GL Team |
Per entry |
| Missed period cutoff |
Month-end checklist |
Detective |
Financial Controller |
Monthly |
Published by
Blogger
He is an accountant based in Kathmandu, Nepal. He holds an MBS and an LLB degree. In his free time, he enjoys cycling, hiking, reading, gardening, and spending time with friends and family. He is passionate about learning and sharing his knowledge with others.
Disclaimer: The majority of the content provided is generated by AI and is intended for educational purposes only. We are not liable for any losses, financial or otherwise, that may result from using this information. Users are advised to consult official and authoritative sources for verification and to make well-informed decisions.
