Internal Control System Software: Selection & Most Important Criteria

The Internal control system has over time gained a reputation as an essential management system in companies. While its initial focus was on ensuring completeness and correctness of financial reporting, today it encompasses many other aspects too – from dealing with operational risks, to ensuring that business processes are carried out properly, and more. Considering its wide and highly important array of application scenarios, hardly any internal control system can truly function efficiently without proper tool support. Any organizational ICS set-up that builds on non-specialist tools, such as spreadsheets or manual checklists, will eventually face difficulties with successful implementation and sustainable execution.

Due to the large number of software providers, however, the process of selecting a suitable tool has now become a challenge for many organizations. Apart from the cost factor, which certainly plays a major role in the selection process, the tool should also be optimally tailored to your individual needs, in order to deliver the desired added-value. So before you start looking for an ICS provider, it makes sense to start with a list of key criteria, i.e. – a list of your major requirements.

Preview of BOC Group’s ICS criteria catalogue

You’re probably already familiar with the basic requirements of an ICS system – including that your controls need to be recorded and described. You likely also know that they must be assigned to certain assets in your company, and that their implementation needs to be planned and controlled. But: if you define your criteria catalogue in this manner, you will have a hard time handling it efficiently, and at the same time making sure that you’ve adequately covered all important aspects.

For this reason, we’ve created a summary of the most important criteria and requirements that we have often come across in recent years with customers. If you find the below overview helpful, make sure to also download a copy of our criteria catalogue – to get an additional hand in comparing your ICS software vendors based on your prioritization. 

Most criteria catalogues group requirements along the following 12 key dimensions:

1. Integrated ICS management and information linkage

2. Transfer, capture and scoping

3. Authorization concept

4. Audit compliance and version management

5. Assessments and evaluations

6. Workflows

7. Notifications, status reports and reminders

8. Dashboards

9. Monitoring, logging and historization

10. Data processing, storage and validation

11. Customization, integrations and extensions

12. Individual and flexible reporting

We have listed specific requirements of each key dimension for you. Further requirements for an internal control system software can be found in our detailed criteria catalogue, which you can download free-of-charge below.

A modern ICS solution should provide an integrated view of controls, risks, processes and compliance requirements. Instead of managing these elements in isolated systems or spreadsheets, organizations benefit from a centralized platform where all relevant information is interconnected.

An integrated system allows companies to:

• connect risks, controls and processes

• maintain transparency across compliance activities

• ensure consistency of documentation

• support collaboration across departments

This integration significantly improves transparency and reduces manual effort in maintaining control documentation.

An ICS solution should make it easy to capture and structure control information. Organizations must be able to document controls, assign responsibilities and define the scope of each control activity.

Important capabilities include:

• structured capture of control information

• assignment of control owners and responsibilities

• documentation of control objectives and scope

• centralized management of control documentation

Efficient data capture reduces administrative effort and ensures consistency across the internal control framework.

A well-defined authorization concept is essential for ICS software. Sensitive compliance information should only be accessible to authorized users.

The software should allow organizations to define:

• role-based access rights

• permissions for editing or viewing information

• approval workflows for changes

• clear responsibilities across the organization

This ensures that compliance information remains secure while still allowing collaboration across teams.

Internal control documentation must be auditable and traceable. ICS software should therefore provide strong version management and documentation capabilities.

Key features include:

• version control for control documentation

• traceability of changes

• complete audit trails

• historical documentation of updates

These features are particularly important during internal or external audits.

An effective ICS requires regular assessments of controls. Software should support the evaluation of control effectiveness and enable organizations to track assessment results.

Typical capabilities include:

• execution of control assessments

• documentation of test results

• evaluation of control effectiveness

• follow-up actions for identified issues

This helps organizations ensure that controls are functioning as intended.

Workflow capabilities are essential for managing internal control activities efficiently. ICS software should support structured workflows for documentation, reviews and approvals.

Typical workflow features include:

• automated approval processes

• task assignments and responsibilities

• status tracking for control activities

• escalation mechanisms when required

Workflows help standardize processes and ensure accountability across teams.

To ensure that control activities are performed on time, the system should support automated notifications and reminders.

Important capabilities include:

• automated notifications for upcoming tasks

• reminders for pending control activities

• status updates for responsible users

• overview reports of control execution

These features help organizations maintain compliance schedules and avoid delays.

Dashboards provide an overview of the current status of the internal control system. They allow management and compliance teams to quickly identify risks, issues and trends.

Typical dashboard features include:

• visual overview of control status

• monitoring of assessment results

• risk and compliance indicators

• customizable management views

Dashboards improve transparency and support decision-making.

Continuous monitoring is an important component of effective control systems. ICS software should allow organizations to track control activities and maintain historical records.

Typical features include:

• monitoring of control execution

• logging of system activities

• historical documentation of changes

• traceability of past control results

This enables organizations to demonstrate compliance and maintain transparency.

Internal control data must be stored securely and processed reliably. ICS software should ensure consistent data management and validation.

Important capabilities include:

• centralized data storage

• validation of entered information

• structured data management

• secure handling of compliance data

Reliable data management improves the quality of compliance reporting.

Organizations often need to adapt ICS software to their specific compliance requirements. Therefore, flexibility and integration capabilities are important.

Key capabilities include:

• customizable control frameworks

• integration with existing systems

• extension options for additional functionality

• flexible configuration of workflows and reports

This allows organizations to align the system with their governance structures.

Reporting is a core component of internal control management. ICS software should enable organizations to create customized reports for management, auditors and regulators.

Typical reporting features include:

• flexible reporting formats

• automated report generation

• dashboards and compliance summaries

• export capabilities for audits and reviews

Effective reporting supports transparency and informed decision-making.

There’s undoubtable evidence that an internal control system software can do wonders for your ICS practice. To ensure that you go with the right tool for your needs, a thorough assessment of various vendors is essential. Our free criteria catalogue spreadsheet can help you do that efficiently. Be sure to grab your free copy and don’t hesitate to reach out to one of our experts to discuss your individual needs and next steps!