Internal control framework standard

Purpose

Provide ministries, offices, special funds and accounts, and appropriations outlined in the Financial Administration Act that are governed by the Core Policy and Procedures Manual (the CPPM) with the mandatory requirements and practices regarding establishing internal controls.

CPPM Chapter 2: General and Financial Management states internal controls as a key component of government’s financial management framework as well as the responsibilities for oversight on internal control systems. Ministries must carry out proper delegation of authority and establish internal controls that are aligned with the B.C. Internal Control Framework (ICF) (PDF) (government access only)

What is an Internal Control Framework?

A system of policy, processes, and structures designed to help an organization achieve its objectives by providing reasonable assurance that its assets are safeguarded, financial reporting is reliable, and applicable laws and regulations are followed. (ICF p.9)

Key Components:

1. Control Environment - the set of standards, processes, and structures in place within an organization that guides people at all levels on their responsibilities for internal controls and decision making. (ICF p.10)
2. Risk Assessment - the dynamic and iterative process to identify and analyze risks that may hinder the achievement of objectives. (ICF p.22)
3. Control Activities - actions established through policies and procedures that help ensure risks are managed, and objectives are achieved. (ICF p.27)
4. Information & Communication - actions ensuring relevant information is identified, shared, and communicated across all levels of the organization to support effective internal controls. (ICF p.31)
5. Monitoring - timely ongoing and periodic reviews to assess whether internal controls are present, functioning effectively, and adapted as needed. (ICF p.36)

Why Internal Controls Matter

Internal controls are foundational to all financial processes and key to meeting an organization’s objectives. (ICF p.4)

Risk Management: They identify and mitigate risks to achieving an organization’s goals.

Operational Efficiency: They promote consistency, accountability, and transparency.

Public Trust: They strengthen confidence in government financial stewardship.

Compliance: They ensure adherence to laws, policies, and ethical standards.

Roles and Responsibilities for Internal Controls

In the B.C. Government, internal controls are a shared responsibility, with each role contributing to the design, implementation, operation, and monitoring of controls.

For further information about other groups’ role and responsibilities in the internal control framework, refer to the complete B.C. Internal Control Framework.

Comptroller General: Acts as the steward of the B.C. Internal Control Framework, responsible for the integrity of the government’s financial management systems. Provides guidance, tools, and oversight to ministries and agencies.

Ministers: Accountable for achieving their mandates and ensuring their ministries operate within the B.C. Internal Control Framework. Each minister signs an accountability statement tied to their service plan.

Deputy Ministers (DMs) and Assistant Deputy Ministers (ADMs): Oversee day-to-day operations, ensuring that internal controls are embedded in business processes and aligned with strategic objectives.

Executive Financial Officers (EFOs) / Chief Financial Officers (CFOs):

• Lead the financial management function within their ministry.
• Ensure the accuracy and completeness of financial reporting.
• Sign annual representation letters to the OCG, attesting to the integrity of financial data.
• Oversee risk assessments, control evaluations, and monitoring activities.

Public Service Employees (ICF p.8)

• Accountable for executing assigned tasks in accordance with internal control policies and procedures.
• Required to complete mandatory training (for example, ethics, fraud awareness, privacy).
• Participate in performance evaluations that include adherence to internal control responsibilities.

Applying the B.C. Internal Control Framework in Practice

The B.C. Internal Control Framework (ICF) (PDF) (government access only) provides a comprehensive guide on matters to consider at the different stages of control development, evaluation, and maintenance. To ensure internal controls are well designed, maintained, and effective, roles and responsibilities must be defined.

There are four stages to an internal control lifecycle, which are illustrated below in Figure 1.

Figure 1: Internal Control Lifecycle (ICF p.5-6)

Example – Tracking Grant Payments

1. Plan:
   Ministry CFO defines the following objectives, risks, and control design to track grant payments:
   1. Objectives - ensure that all grant payments are paid to correct and genuine recipients, the appropriate amount of grant funding is paid to each recipient, overall awarded grant funding does not exceed approved funding.
   2. Risks - grant payments are paid to fraudulent or incorrect recipients, inappropriate grant amounts are paid, awarded grant funding exceeds approved funding.
   3. Control design - controls that verify eligible recipients, define payment schedules, reconcile payments to approved amounts.
       
2. Perform:
   Ministry staff process payments in accordance with established schedules. Amounts to be paid are verified by a knowledgeable Qualified Receiver (QR) and approved by an appropriate Expense Authority (EA), who must be separate individuals, before being issued to eligible recipients.
    
3. Monitor:
   Payments are regularly reviewed to confirm they are accurate and issued to eligible recipients. Staff track, reconcile, and investigate variances to ensure grant payments made are well supported and do not exceed approved funding. Performance of monthly 3-way reconciliation of system generated reports, manual tracking sheets, and budgeted amounts to track grant funding issued. Monitoring results are reported to the Ministry CFO or delegate who signs off on these reports.  
    
4. Improve:
   Adjust controls if incorrect payment amounts are issued or payments are issued to ineligible recipients, to improve reporting tools and processes. Renew QR and EA training to ensure individuals understand their roles and responsibilities. Ensure that reconciliations are completed timely and approved by the Ministry CFO or delegate.