top of page
  • Julien Haye

Innovate or Regulate: Rethinking Control Implementation for Sustainable Growth

Effective control management

Maintaining a resilient control environment is essential for sustainable growth, innovation and risk management. A good control framework not only safeguards an organisation but also provides a solid foundation for growth, while ensuring regulatory compliance.

What is a Good Control?

A good control is a set of procedures, policies, and practices designed to manage risks and ensure compliance with internal and external standards and laws, rules and regulations. It acts as a safety net, preventing financial, operational, and reputational setbacks. A robust control framework also contributes to an organisation's resilience by ensuring it can adapt swiftly to unforeseen challenges. For example, in the financial industry, stringent KYC (Know Your Customer) and AML (Anti-Money Laundering) controls are crucial for preventing financial crime and maintaining regulatory compliance.

Mistakes in Control Implementation

Implementing controls can be a delicate task, and mistakes can be costly. Common pitfalls include overcomplicating processes, neglecting employee training, and failing to adapt controls to evolving business needs. Businesses must also consider ethical implications in their control frameworks. For instance, in the healthcare sector, a common mistake is failing to update data security controls to keep up with advances in technology, leaving patient information vulnerable to breaches.

Organic Growth and Control

Organic growth refers to the expansion of a company through internal means, such as increased sales or improved operational efficiency, rather than through mergers or acquisitions. In such organisations, controls often develop in tandem with business operations. This can lead to a more tailored and adaptable control framework, but it also poses the risk of overlooking critical control points. Organisations must also foster innovation while ensuring that risk is managed effectively. This is especially relevant in industries like fintech and biotechnology, where innovation drives competitiveness. An example can be seen in the technology start-up space, where companies that experience rapid user adoption may struggle to implement adequate security controls, potentially leading to data breaches.

End-to-End Understanding

To establish effective controls, an end-to-end understanding of the business process is crucial. This means comprehensively mapping out each step of a process, from initiation to completion. This in-depth knowledge allows for the identification of key control points and helps ensure that controls are implemented where they are most needed. This also helps to reduce complexity and simplify the control environment. In manufacturing, for example, an end-to-end understanding of the production process is crucial for implementing quality control measures that ensure products meet industry standards.

Assessment: Functional vs. End-to-End

Functional assessments focus on specific departments or processes, evaluating controls within their individual contexts. While this approach can be useful for fine-tuning specific areas, it may miss broader organisational risks arising from team handovers, among other factors. End-to-end assessments, on the other hand, provide a comprehensive view of control effectiveness across the entire organisation, ensuring that controls are integrated and harmonised, but might miss some specific control activities not covered in the end-to-end process. In the retail industry, functional assessments might focus on inventory management controls in individual stores, while an end-to-end assessment would evaluate the effectiveness of inventory controls across the entire supply chain.

Control vs. Process

Controls and processes are interdependent but distinct. Processes are the series of steps taken to accomplish a task or goal, while controls are the mechanisms put in place to manage risks within those processes. A well-designed control framework enhances process efficiency and reliability. For example, in the aviation industry, maintenance processes are accompanied by stringent controls to ensure the safety and airworthiness of aircraft.


In a constantly evolving business and regulatory environment, a robust control framework is indispensable for effective risk management. Understanding the nuances of control implementation is crucial for sustainable success. Staying ahead of global regulatory trends is also crucial. By striking a balance between adaptability and control, businesses can navigate growth with confidence and resilience. Remember, controls are not a hindrance to progress but a safeguard for the journey ahead.

This article is part a series article on Aevitium’s Integrated Risk Framework, which is designed to unlock both strategic and operational management of risks, driving value creation, effective risk taking and optimisation of risk resources across your organisation. This modular approach delivers ambitious yet targeted solutions, fostering critical thinking and guiding your people through a transformative journey. Get in touch to know more!

42 views2 comments




Insightful article on 'Innovate or Regulate: Rethinking Control Implementation for Sustainable Growth.' The emphasis on an end-to-end understanding of business processes caught my attention. How do you think organizations can strike the right balance between adaptability and control in their journey towards sustainable success?


My short answer: reduce the need for controls. The longer answer, 1) understand what drives the need for controls and 2) review the portion of the control environment designed to address the how a process is run, not what the process does. Here is simplified example: an end-to-end payroll process might have 10 manual steps leading to manual sensitive data transfers between teams and vendors; 80% of the controls are designed to address the data transfer via data reconciliations and processing, and the remaining 20% of controls to protect the data. The 80% could be partially or entirely removed if the process were to be redesigned and automated.

bottom of page