Similar to audit processes, there are reports made by different Internal Control departments and units (e.g. Branch Control Unit, Internal Sanitary Inspection, Quality Control Department, etc.).
The logic is more or less compatible with Audit Reports, but typically these controls have different scope and methodology that usual Internal Audit Departments, as well as the output, the reports created by these control units.
Why this should be treated separately from Audit Reports, since they use much in common?
First, you don’t wont to bother Internal Control with the form of Audit Report which is not common to Internal Control; they rather use their own way of reporting. Remember earlier remarks on applications that force you to change your way of doing business? You don’t want application to force you on anything; instead, make the application fit into your process.
Second, there might be completely different process organization, so cannot be applied the very same Hierarchy. Simplified, Auditors cannot interfere with Internal Controls findings, although they can be allowed for read-only access to all the issues.
So, you define new Hierarchy applicable to your organization and your internal processes of Internal Controls. Then, you define special type of complex atoms – Internal Control Report, which have different type of information, other than Audit Report. And finally, you define the access rules in accordance with the required scope of data visibility.
Reporting engine, i.e. majority of existing reports, can be reused or additionally modified to cover Internal Controls Reports. Basically, there are much in common with Internal Audit Reports except the specific rules that are applied in that particular process.
Now, remember the remarks on comprehensive reporting? There comes the power of flexibility of FURIA atoms and uniform reporting engine! You can now mix and match Audit Reports with Internal Control Reports to examine all the issues related to some particular department or some particular process. You are now able to measure and compare the impact that is produced by absence or weak functionality of proper controls in some particular parts of your organization, without having engaging multiple units to make these reports for you into some interpreted “overall reports”. Let the data speaks for itself, regardless of its source!