Internal controls constitute a key concept in the auditing domain. In the audit risk assessment process,
auditors evaluate a firm’s internal control system to provide reasonable assurance regarding the achievement
of the entity’s objectives. The present work reflects upon the design of a domain-specific modelling language
for internal controls modelling. It investigates the potentials of an enterprise modelling approach to audit risk
assessment, reconstructs technical terminology in the auditing domain, and discusses design decisions and
design alternatives by means of tentative language specifications.