Under Chapter 647 of the Acts of 1989, the Comptroller is responsible for developing internal control guidelines for Commonwealth departments. As the Comptroller's business owners of internal controls, the Risk Management Team reviews and updates these guidelines which assist departments in developing Internal Control Plans based on a comprehensive assessment of risks that could impede the attainment of departments' goals and objectives. Departments are expected to identify and implement policies and procedures to mitigate risks, especially those related to the prevention of fraud, waste and abuse.
Departments should familiarize themselves with the documentation and tools for best practices provided in the categories below: overall Guidance for Internal Controls, tools to assist in the prevention and detection of Fraud, Waste and Abuse, best practices for departments receiving federal funds under the American Recovery and Reinvestment Act (ARRA), and the Internal Control Questionnaire (ICQ) which is a department's annual certification as to its compliance with applicable laws, regulations and policies regarding internal controls.
Internal Control Guide: Guidance for developing, implementing, and monitoring internal controls.
presentations and training (PPT and video interviews), research, guidance on implementation, examples of how ERM is used in various entities
AGA's Enterprise Risk Management Hub: Presentations, research, guidance on implementation, and examples of how Enterprise Risk Management is used in organizations.
The National Association of State Comptrollers (NASC): Internal Control Self-Assessments tools assist in determining whether the proper controls are in place for various business processes, but should be evaluated for application under the user's unique circumstances.
Massachusetts State Auditor Chapter 647 Form
Report on Unaccounted for Variances, Losses, Shortages, Thefts of Funds or Property as Required by Chapter 647, Acts of 1989