An Assessment Model of the Internal Controls System

  • Antonella CappielloEmail author


The chapter focuses on the internal audit function—the third line of defence within the internal control system—whose main purpose is to verify the operational efficacy and efficiency of internal controls. In this regard, an assessment model is proposed, in order to enable the Internal Audit function to express a synthetic opinion of the company’s internal control system on an annual basis. The model is constructed starting from the risk types defined by the company organisational model, identified within the entity-level risks (which affect the overall company structure) and within the process-level risks, which affect individual company processes and are influenced by the former.


Internal audit function Risk governance Risk assessment Internal controls system Inherent risk Residual risk 


  1. Boubakri, N. (2011). Corporate Governance and Issues from the Insurance Industry. Journal of Risk and Insurance, 78(3), 501.Google Scholar
  2. Dell’Atti, S., & Sylos Labini, S. (2019). Il governo societario nelle imprese di assicurazione. Regolamentazione, proporzionalità e gestione del cambiamento. Wolters Kluwer, Milano.Google Scholar
  3. D’Onza, G. (2013). L’internal auditing. Profili organizzativi, dinamica di funzionamento e creazine del valore. Torino: Giappichelli.Google Scholar
  4. ECIIA Insurance Committee. (2019, June). Internal Audit in the Insurance Industry Guidance.Google Scholar
  5. EIOPA—European Insurance and Occupational Pensions Authority. (2018). Failures and Near Misses in Insurance, pp. 1–52. Luxembourg.Google Scholar
  6. Ernst & Young. (2018). Internal Audit in Insurance—Current Market Issues and Trends. Available at:$FILE/EY-internal-audit-in-insurance.pdf.
  7. European Commission. (2002, December). Report on the Prudential Supervision of Insurance Undertakings (Sharma Report). Conference of Insurance Supervisory Services of the Member States of the European Union.Google Scholar
  8. IIA—The Institute of Internal Auditors. (2009). The Role of Internal Auditing in Enterprise-Wide Risk Management. Altamonte Springs, FL: IIA Inc.Google Scholar
  9. IIA—Institute of Internal Auditors. (2013). Guidance on Effective Internal Audit in the Financial Service Sector. Available at:

Copyright information

© The Author(s) 2020

Authors and Affiliations

  1. 1.Department of Economics and ManagementUniversity of PisaPisaItaly

Personalised recommendations