Back to top anchor

Internal Controls

Under the Public Finance Act 1989 the Treasury is responsible for establishing and maintaining a system of internal control designed to provide reasonable assurance that the transactions recorded are within statutory authority and properly record the use of all public financial resources by the Government reporting entity.

Internal control is defined as "the process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity's objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations." This is the definition used by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and is the definition applied by the International Auditing and Assurance Standards Board (IAASB).

Responsibilities of Government Reporting Entities

Government reporting entities are any entity which must be consolidated into the financial statements of the Government and include departments, state-owned enterprises and Crown entities.

All Government reporting entities are responsible for establishing a system of internal control designed to provide reasonable assurance as to the integrity and reliability of financial reporting.

Tools and Guidance

  • Making Use of the ICAT Scores: Guidance for Departments (April 2016). Treasury’s annual assessment of internal controls (ICAT) focuses on nine principals that can highlight a number of areas where the practical application of internal control often fails in many organisations. This guidance document discusses each of these principles and provides guidance on actions to take if the results of the ICAT survey are not aligned with the department's risk appetite.
  • Evaluating and Improving Internal Control in Organizations (IFAC) (June 2012) - The Professional Accountants in Business (PAIB) Committee has issued this new International Good Practice Guidance, which highlights areas where the practical application of existing internal control standards and frameworks often fails in many organisations. This document has been used as the basis of the ICAT assessment.
  • CIPFA Financial Management Model (2016) - CIPFA's Financial Management (FM) Model is an online diagnostic toolkit for assessing the financial management of a public sector organisation.
  • Departmental Internal Control Evaluation - Treasury has specified in its Departmental Internal Control Evaluation document a set of policy expectations that it expects departments to practice. While the expectations have a departmental focus they may be helpful to all organisations.

Responsibility of the Treasury

Each year the Secretary to the Treasury must ensure that the system of internal controls across all Government reporting entities has operated effectively throughout the reporting period. The Secretary's attestation is based on the following assurance processes:

  1. Representations from Chief Executives and Chief Financial Officers, and
  2. Treasury internal control assessments of departments (ICAT).

The ICAT process (called CIPFA TICK for the 2013-2015 period) uses nine principles that represent good practice for evaluating and improving internal control systems. These principles are not formulated to design and implement an internal control system, for which other existing guidelines are referenced, but to facilitate the evaluation and improvement of existing internal control systems by highlighting a number of areas where the practical application of such guidelines often fails in many organisations.

ICAT (previously CIPFA TICK) Results

Other Useful links


Contacts for Enquiries

Catherine Manning | Fiscal Reporting
Tel: +64 4 917 6906
Email: [email protected]

Elizabeth Rogers | Fiscal Reporting
Tel: +64 4 907 6280
Email: [email protected]
Last updated: 
Thursday, 21 July 2022