Internal control assessment

Agencies use internal control as part of their management systems and as an instrument in the preparation of matters. The purpose of internal control is to support organisations in the achievement of their objectives. Internal control is a key component in good governance and it covers both the organisations’ own activities and the tasks that they must perform by law, under agreements or under other obligations. The agency’s senior manage-ment is responsible for arranging internal control and risk management and it also approves the assessment and statement of assurance of internal control as laid down in section 65 of the State Budget Decree (1243/1992).

Internal control assessment framework

The Internal Audit Committee of the Advisory Board for Internal Control and Risk Management has prepared an assessment framework to support the internal control assessment process. It replaces the recommendation on basic approach to internal control and risk management in central government agencies and off-budget entities and assessment of internal control and risk management (broad and simplified framework) issued by the council in 2005. Feedback on the assessment framework and the instructions received from agencies and the lessons learned during the framework piloting stage have been considered in the preparatory process.

The assessment framework is intended to serve as a benchmark against which organisations can compare their own internal control and risk-management practices and identify areas where major improvements are needed. The framework is based on the COSO 2013 model. The framework has been adjusted to take account of the central government control and management system. The description of internal control is divided into five areas as set out in the framework: 1. Control environment, 2. Risk assessment, 3. Control measures, 4. Information and communication 5. Monitoring activities. The components are further divided into principles and objectives describing the principles. The objectives have been formulated in accordance with the general requirements applying to central government laid down in the State Budget Act and Decree, the Administrative Procedure Act and the State Civil Servants Act.

The framework is a recommendation and it can be adjusted in accordance with the needs of the operating unit concerned and the terminology it uses. The way in which the assessment framework is used depends on such matters as the organisation’s management system, operating practices and size as well as its internal control arrangements. The framework should be used as applicable and the number of areas for assessment should be adjusted and the objectives formulated in accordance with the organisation’s own activities, guidelines and target setting.

Internal control assessment framework (Excel file)

Instructions for using the internal control assessment framework

Contact details

Esko Mustonen, Deputy Government Controller-General
Tel. +358 2955 30345
[email protected]

Heli Iirola, Ministerial Adviser
Tel. +358 2955 30241
[email protected]