The Treasury

Global Navigation

Personal tools


Making Use of the CIPFA TICK Scores: Guidance for Departments

4  Do internal controls get applied with sufficient competency?

Department staff should be sufficiently competent to fulfil the internal control responsibilities associated with their roles.

Competence in this respect means:

  • having sufficient understanding of how changes in the department's objectives, external and internal environment, strategy, activities, processes, and systems affect its exposure to risk
  • knowing how risks can be treated with appropriate controls, in line with the department's risk management strategy and policies on internal control
  • knowing the principles of the segregation of duties to ensure that incompatible duties are properly segregated, so that no individual has total control over a transaction
  • being able to implement and apply controls, monitor their effectiveness, and deal with any insufficiently covered risks, as well as with possible control weaknesses or failures
  • having sufficient capabilities available to evaluate and improve individual controls, and
  • being able to execute or review the evaluation and improvement of the organisation's internal control system.

Suggested Response

Leadership that is concerned about the CIPFA TICK survey assessment of this principle are likely to look to their internal assurance staff for assistance. While professional internal audit staff can support the department as coaches and provide on-the-job training on risk management and internal control, they need senior-level management sponsorship and financial support to serve in these roles. With this sponsorship, departments can make the necessary make, lease or buy decisions to enhance the level of internal control competence to desired levels within the department.

Page top