STATEMENT ON INTERNAL CONTROL Contents: Scope Key Points Background Format of the SIC Developing the System of Internal Control Significant Internal Control Issues New Bodies External Audit Annex: Pro-forma Statement on Internal Control
Scope 1. This section gives guidance on the Statement on Internal Control (SIC) to be provided by Accountable Officers alongside the annual accounts of all bodies subject to to which the Scottish Public Finance Manual (SPFM) is directly applicable.
Key Points 2. The SIC should be the end result of a risk management process that is embedded in the planning, operational, monitoring and review activities of the body, these activities being the critical elements of the statement. 3. The completion of a SIC should be informed and supported by an assurance framework consistent with that described in the section of the SPFM on Certificates of Assurance. 4. If significant internal control developments have been, or are, necessary to correct weaknesses, an outline of the actions taken, or proposed, should be included in the SIC.
Background 5. Accountable Officers are responsible for maintaining a sound system of internal control that supports the achievement of the body's policies, aims and objectives, and regularly reviewing the effectiveness of that system. The "system of internal control" is that part of risk management which responds to the risks surrounding the achievement of the body's policies, aims and objectives. Accountable Officers are required to make an annual statement - the "Statement on Internal Control" (SIC) - alongside the accounts of the body and in accordance with this guidance. The SIC should be the end result of a risk management process that is embedded in the planning, operational, monitoring and review activities of the body, these activities being the critical elements of the statement. Production of the SIC should not be conducted as an "add-on" end of year activity. It should be noted that the SIC covers the accounting period and the period up to the date of signature.
Format of the SIC 6. A pro-forma SIC is provided in the Annex to this section. Accountable Officers may need to amend the opening paragraph of the pro-forma SIC to give a meaningful description of the boundaries of their accountabilities. In particular relevant sponsored bodies may need to reflect the relationship with the Scottish Government and the role of the sponsored body's Board. Whilst all SICs must encompass at least the responsibilities of the Accountable Officer, those bodies which have governance arrangements involving a wider base may consider preparing a SIC which encompasses those wider arrangements. The completion of a SIC should be informed and supported by an assurance framework consistent with that described in the section of the SPFM on Certificates of Assurance.
Developing the System of Internal Control
7. Changes to the system of internal control during the year does not prevent the preparation of a SIC recording that processes have been in place all year; indeed, change is frequently a good indicator of management's commitment to good risk management as they develop and update the processes to keep them effective. When material changes have been made in the course of the year, they should be reflected in the SIC. If an element of the strategic risk management process has been absent for a material period of time in the year, a body will only be able to make a qualified SIC for the relevant period.
Significant Internal Control Issues
8. If significant internal control developments have been, or are, necessary to correct weaknesses, an outline of the actions taken, or proposed, should be included in the SIC. The purpose of this disclosure is to deliver assurance that significant internal control issues have been, or are being, addressed and that the SIC is a balanced reflection of the actual control position.
9. A single definition of a "significant internal control issue" is not possible. Accountable Officers will need to exercise judgement in deciding whether or not a particular issue should be regarded as falling into this category. Factors which may be helpful in exercising that judgement include: - the issue seriously prejudiced or prevented achievement of a key target;
- the issue has resulted in a need to seek additional funding to allow it to be resolved, or has resulted in significant diversion of resources from another aspect of the business;
- the external auditor regards it as having a material impact on the accounts;
- the Audit Committee advises it should be considered significant for this purpose;
- the Head of Internal Audit reports on it as significant, for this purpose, in their annual opinion on the whole of risk, control and governance;
- the issue, or its impact, has attracted significant public interest, or has seriously damaged the reputation of the body.
10. At the time of preparing the SIC for a particular year, disclosure of information about a significant internal control issue might prejudice the outcome of a special investigation (possibly preventing successful prosecution in a case of fraud, or inhibiting a disciplinary case against members of staff). In such circumstances, the SIC should record that there are issues which cannot be disclosed because to do so would prejudice the outcome of an investigation. In such cases, the external auditors should be made aware of the background.
New Bodies
11. When new bodies are established it is highly unlikely that such bodies will be able to make a SIC stating that all the elements of the strategic risk management process have been in place for the whole of the first accounting period. In such circumstances: - the SIC for the first accounting period should give a brief explanation of how the body has come into existence, including reference to any responsibilities inherited from other bodies, and set out an outline timetable for work to be done to implement the elements of the strategic risk management process;
- subsequent SICs should refer to progress against that timetable, particularly explaining any material delays against plan.
External Audit
12. The SIC is subject to review by external auditors. The review will be directed at considering the completeness of the disclosures and identifying any inconsistencies between the disclosures and the information that the auditors are aware of from their work on the financial statements and other work. Back to top Page Published / Updated: October 2008 |