Skip to Main Content

About

A Massachusetts highway in the autumn

Under Chapter 647 of the Acts of 1989 and M.G.C. c.7A § 9A, the Comptroller is responsible for developing internal control guidelines for Commonwealth departments. The Office of the Comptroller (CTR) reviews and updates these guidelines which assist departments in developing Internal Control Plans based on a comprehensive assessment of risks that could impede the attainment of departments’ goals and objectives.  Departments are expected to identify and implement policies and procedures to mitigate risks, especially those related to the prevention of fraud, waste, and abuse.

Internal controls act as the guardrails that support and enable departments to effectively achieve their missions, while demonstrating proper stewardship and accountability for public resources.

Department Internal Controls Goals

Departments can demonstrate successful commitment to internal controls by building the following goals into their operations to achieve their mission:

  1. A system of written internal controls includes the department specific policies and procedures and incorporates CTR’s published guidance for incurring obligations and fiscal operations.
  2. Controls are actively in place as part of daily operations for each employee and role.
  3. The department implements routine monitoring to verify compliance and effectiveness of controls.
  4. Employees are trained for the specific roles the perform.
  5. Controls support the prevention of fraud, waste, and abuse of Commonwealth resources.

Internal Control Policy

This policy applies to all Commonwealth of Massachusetts departments and includes guidance on minimum internal control requirements including a written system of internal controls, training, monitoring, and integration into daily operations. The policy also outlines the Department Head and Internal Control Officer responsibilities related to Internal Controls and the Annual Department Head Internal Control Certification. Departments are also provided with guidance for reporting of audits, fraud, cyber or other suspicious Issues, and the policy includes references and links to current CTR resources.

VIEW ON POWERDMS

Annual Department Head Internal Control Certification

Each Department Head is required to annually certify internal control compliance through an Internal Control Certification (ICC).

The annual Internal Control Certification will require each department head to certify that they have a system of written internal controls, and that training and monitoring is actively in place as part of daily operations to achieve the department’s mission, to ensure compliance with CTR’s published guidance, and to prevent fraud, waste, and abuse of Commonwealth resources.

Each department’s Internal Control Officer, Single Audit Liaison, Chief Financial Officer and General Counsel should work closely with their senior management team to identify appropriate staff to assist with completion of the required certifications for each section of the ICC, which matches the topic sections for policies, job aids and resources published by CTR in PowerDMS [login required].

Details for completion of each annual Internal Control Certification process are outlined in the current Fiscal Year Annual Department Head Internal Controls Certification Fiscal Year Memo.

VIEW THE MEMO

The cover of the Internal Control Guide

Internal Control Guide

Guidance for developing, implementing, and monitoring a written system of internal controls, and supporting an Enterprise Risk Management (ERM) framework. The guide provides minimum requirements for the Internal Control Plan, Department Head Tone from the Top, training, monitoring, controls, information system security and communication.

VIEW ON POWERDMS

Guidance from the Office of the Comptroller

CTR Compliance Corner

Keeping you safe on your mission. Simple achievable action steps to include in your department’s internal controls.

VIEW TIPS

Cybersecurity Tips

Cybersecurity Tips and Alerts. Please share these updates with co-workers.

VIEW TIPS

CTR Cyber

A resource to promote cybersecurity awareness for everyone in your organization, to improve overall cyber hygiene, and to help prevent increasing denial of service (DoS), phishing, malware, and social engineering attacks.

OPEN PAGE

Other Internal Controls Resources

Association of Government Accountants Enterprise Risk Management Hub

Presentations, research, guidance on implementation, and examples of how Enterprise Risk Management is used in organizations

VISIT AGACGFM.ORG
NASC Internal Control Questionnaires

Guidebook, glossary, and internal control questions from NASC Internal Controls Information Sharing Group

VISIT NASACT.ORG

Fraud Prevention

Whistleblowers

If you have evidence of fraud, waste, or abuse, blow the whistle.

VISIT PAGE
Association of Government Accountants Fraud Prevention Toolkit

AGA's Fraud Prevention Tool provides resources for federal, state, local and tribal government financial managers to use in preventing and detecting fraud.

VISIT AGACGFM.ORG