Professional Documents
Culture Documents
Internal Control Toolkit 1-2-gdns
Internal Control Toolkit 1-2-gdns
Control
achieving its objectives, rather than focusing on
financial and compliance objectives.
T
here is a renewed focus on internal
control around the world because of Internal control applies to the public sector as
numerous recent and public much as the private sector. Public sector executive
breakdowns in internal controls management are held accountable for the
affecting a variety of organisations. These resources under their control and the results that
breakdowns have resulted in financial losses as are achieved.
well as enormous loss of reputation and
customers. Internal control is the responsibility of everyone
in the organisation and is an integral part of all the
Internal control has been re-defined to become management processes, techniques and tools used
more compatible with the current business by an organisation to achieve its strategic
environment. Internal control is defined as: objectives.
8
NSW TREASURY TPP97 - 3
Risk Management
Internal Control Risk Management and Internal Control Guidelines
9
NSW TREASURY TPP97 - 3
Risk Management
Internal Control Risk Management and Internal Control Guidelines
The generic strategies may be adapted to allow Responsibility for an organisation's self
you to develop strategies specific to your assessment process can be delegated to an internal
organisation, to assist you to move towards best project manager, or alternatively consultants can
practice. be used to provide additional objectivity.
10
NSW TREASURY TPP97 - 3
Risk Management
Internal Control Risk Management and Internal Control Guidelines
Control Environment
u Management and staff internal control practices u Skills and experience
that safeguard the achievement of organisation u Management information
objectives. u Integrity and ethics
u Perception of internal control
u Reporting of significant deficiencies
Analyse Risks
u Assessment and management of risks that could u Functions and tasks
jeopardise the achievement of organisation u Assess risks
objectives u Manage risks
Establish Controls
u Incorporation of internal control principles and u Control procedures
practices into all other organisation systems
Monitoring
u Management's procedures for reviewing the u Monitoring
effectiveness of the internal control system
Internal Audit
u The role and responsibilities of internal audit in u Roles, responsibilities and strategies
enforcing compliance with internal control u Competency and performance measurement
within the organisation u Co-ordination with other review functions
11
NSW TREASURY TPP97 - 3
Risk Management
Internal Control Risk Management and Internal Control Guidelines
There are various techniques you can use to gather u clearly assigned responsibility to CEO's agent
the self-assessment data, namely: to carry out the project
12
NSW TREASURY TPP97 - 3
Risk Management
Internal Control Risk Management and Internal Control Guidelines
Internal audit has a role to play in terms of In addition to defining and agreeing the objectives
assessing its own role and functions; being and scope of the work to be performed, it will be
independently assessed and receiving feedback necessary to gather key statistics, background
from other assessors on its operations and information and performance indicators.
contribution to the business; and possibly in co-
ordinating the organisation's planning for future
improvement. Step 2 - Conduct self-assessment
This is where the bulk of the work is done.
Alternatively, if such resources are not available
Interviews, workshops and surveys can be used to
within the organisation, specialist consultants may
gather the data on organisation performance
be engaged to assist in the conduct and
against the matrix. This is then aggregated to form
management of the project.
an overall picture of your organisation.
There is, of course, no hard and fast rule as to who
Depending on the extent of differences in the self
in the organisation, and how many, should
assessment, this process of aggregating responses
complete the matrix. The selection of candidates
may require a workshop to air differences and
for self-assessment will vary on the circumstances
reach some form of consensus wherever possible.
of the individual organisation, depending on a
number of factors, including the size of the Differences of opinion between different groups
organisation, number of business units, and the and levels are important and need to be noted,
existing level of awareness of internal control in questioned, justified and resolved. These
relation to best practice. Assessments can be differences may be based on different experiences
carried out across the whole organisation or in of the internal control process or on different
business units; and at senior management, middle interpretations of the wording. Discussion of
management and operational staff levels. differences is a healthy practice and one that raises
consciousness of the importance and value of
A step - by - step approach to using the self-
internal control. Documentation or other
assessment matrix and tools
corroborating evidence, both in terms of policy and
practice, will be important in resolving these
The recommended approach for conducting the
differences.
control self-assessment is shown in the diagram on
page 16. Each phase of the approach is described
Use the matrix, the response sheets and the wheel
below.
to record your self-assessments.
13
NSW TREASURY TPP97 - 3
Risk Management
Internal Control Risk Management and Internal Control Guidelines
Step 3 - Refine internal control goals Step 5 - Develop action plans for
The indicative goals set in Step 1 now need to be
change
refined. Goals will vary for the different elements Using the Strategies for Improvement tool
of internal control, depending on the existing levels provided, you need to adapt these generic
of performance. risk profile and key processes strategies to your organisation's purpose and
applying in your organisation. For example, you situation, based on the action priorities identified in
may want to be at "Best Practice" for the Control Step 4.
Environment element, though you are prepared to
accept a lower level in terms of the Information Action plans should be simple and focused on
and Communication element. improving internal control performance in line
with organisation strategic objectives. Reporting
Use the -wheel- for recording goals. should cover:
Use the "wheel" to highlight gaps and indicate u an implementation plan including
priorities. responsibilities and timetable.
14
NSW TREASURY TPP97 - 3
Risk Management
Internal Control Risk Management and Internal Control Guidelines
15
NSW TREASURY TPP97 - 3
Risk Management
Internal Control Risk Management and Internal Control Guidelines
Step 3 w Ensure profile and w Review indicative goals w Confirmed agency goals for
comparative profile are from Step 1 internal control
Refine internal representative of self-
w Confirm agency goals for
control goals assessments
internal control
Step 4 w Ensure areas for w Identify priority areas for w Priority areas for internal
improvement are identified improvement against control improvement
Analyse and strengths highlighted internal control goals
performance
groups
16
NSW TREASURY TPP97 - 3