What Needs to be Included in Your Written System of Internal Controls
Your written system of internal controls includes documented policies and procedures that guide your daily operations. These controls help advance your mission while ensuring compliance and accountability. Key components should include:
-
Internal Control Plan
-
Department Policies, Procedure, Checklists, Job Aids
-
CTR Published Guidance (Fiscal Year Memos, Policies, Job Aids, Trainings)
-
External State/Federal Frameworks and Requirements (e.g. federal grant agency and federal grant fiscal regulations; Executive Office of Technology Services and Security Information Security policies and standards)
-
Training and Monitoring Protocols
Department policies and procedures should incorporate applicable regulations and guidance from the Office of the Comptroller and other relevant state and federal sources. Auditors will ask for evidence of how these policies and standards are being implemented within your specific environment, including your users and systems. Your written system of internal controls should also reflect ongoing training, active monitoring, and how daily operations help prevent fraud, waste, and abuse of Commonwealth resources.
Action Steps
-
Your Internal Control Officer and Chief Fiscal Officer should review your written system of internal controls to ensure it is current and supports compliance goals. They can also help verify that the department head is accurately certifying compliance in the annual Internal Control Certification.
Bookmark our new CTR Compliance Corner as your one-stop shop for alerts and success factors that you can integrate into your daily operations to keep you safe on your mission.