Ref: A52922, 5.

0 1 of 8
Last Updated: 25/01/2011 3:39 PM
Internal Control
Policy Statement

Ref: A52922, 5.0 2 of 8
Last Updated: 25/01/2011 3:39 PM
Policy name: Internal Control
Policy number: Finance
Key result areas: Finance
Branch: HR and Corporate Services
Responsibility for review: Accountant
Location: Intranet - Policies, Procedures and Manuals
Amendments:
Cross-references: Public Finance and Audit Act 1987
Treasurers Instruction 1, Interpretation and
Application
Treasurers Instruction 2, Financial Management
Treasurers Instruction 19, Financial Reporting
Treasurers Instruction 28, Financial Management
Compliance Program;
Department of Treasury and Finance, Financial
Management Toolkit.
Commissioners Standards.

Review date: December 2012

Approved by:
Chief Executive
Issue date: December 2010

Ref: A52922, 5.0 3 of 8
Last Updated: 25/01/2011 3:39 PM
INTERNAL CONTROL
1. INTRODUCTION
The Chief Executive has a responsibility to establish and maintain an appropriate internal
control environment in accordance with Treasurers Instruction 2 Financial Management.
Internal controls are processes (including elements such as policies, procedures and systems)
that are established, operated and monitored by officers responsible for governance and
management of the public authority, to provide reasonable assurance regarding the
achievement of the public authoritys objectives.
Internal controls are designed to provide reasonable assurance to the responsible Chief
Executive / Governing Authority / management in relation to the:
- effectiveness and efficiency of operations;
- reliability of management, financial and taxation reporting;
- appropriate management and control of risk; and
- compliance with applicable legislation, sub-ordinate legislation and other financial
management policies of the State.
An effective internal control environment involves the systematic review, appraisal and reporting
of financial (including management, taxation and budgetary) and operational control systems
and their effectiveness, including (but not limited to) the:
- relevance of established plans, policies, and procedures and the extent to
- which the public authority is complying with these;
- review of committees, operations and programs and outcomes to ascertain whether
results are consistent with established objectives and goals;
- economy and efficiency with which resources are employed;
- appropriateness of the public authoritys personnel and supervision arrangements;
- integrity of information systems;
- extent to which assets are accounted for and safeguarded from losses (e.g. waste,
extravagance, inefficient administration, fraud or poor value for money);
- appropriateness, reliability and integrity of financial and other management information,
including the ability to identify, measure, classify, report and act upon that information;
- extent to which financial management, financial administration and financial reporting
matters comply with applicable legislation, sub-ordinate legislation and other financial
management policies of the State; and
- monitoring of information and appropriateness of action taken.

The main aim of the Internal Control Policy is:
To ensure that the SACE Board of South Australia maintains effective internal controls in
the operations of the organisation.
To ensure that adequate policies are in place for the prevention of error and fraud with the
SACE Boards financial transactions and records.
Ref: A52922, 5.0 4 of 8
Last Updated: 25/01/2011 3:39 PM
To ensure that the Board and staff members are provided with concise guidelines regarding
the SACE Boards internal control responsibilities and functions.
To ensure that the SACE Board complies with its responsibilities consistent with the SACE
Act, Public Service requirements and other Acts.
The SACE Board of South Australia recognises the need to have in place a framework to
demonstrate sound financial governance of its business operations. The SACE Board believes
that the setting and reviewing of policy is a prime responsibility and should provide a clear,
consistent and transparent basis for initiation, development, review, management and reporting
of the SACE Boards finance policy documents to ensure the efficient and economic use of
public resources.
1.1 APPLICATION OF THIS POLICY AND PROCEDURE
The policy and procedure relates to all Financial Management activities conducted at the SACE
Board of South Australia.
2. POLICY PRINCIPLES
The following principles will apply:
Internal controls must be maintained for sound practices and the efficient and effective
management of the SACE Board.
Adequate policies must be in place for the prevention of error and fraud with the SACE
Boards financial transactions and records.
3. RELEVANT LEGISLATION
The Board operates under the authority of the SACE Board of South Australia Act 1983, as
amended in 1983, 1990, 2007, and 2008.
Treasurers Instruction 28 Financial Management Compliance Program identifies the following
areas as a part of the financial management compliance program:
Compliance with applicable financial management legislation; sub-ordinate legislation
and other mandatory requirements of the State.
Assessment of policies, procedures, systems and internal controls for income, expense,
asset, liability, budgetary and reporting activities.
An effective financial management compliance program will include an assessment of the public
authorities compliance with financial management, financial administration and financial
reporting matters contained within:
Relevant legislation
Public Finance and Audit Act 1987, Appropriation Act (annual act), Public Sector
Management Act 1995, State Procurement Act 2004, Public Corporations Act 1993,
South Australian Government Financing Authority Act, Statutory Authorities enabling
legislation, and Commonwealth and State Taxation Legislation.
Sub-ordinate legislation
Treasurers Instructions, Commissioners Standards and Code of Conduct, and State
Procurement Board Policies.
Other financial management policies/requirements of the State
Ref: A52922, 5.0 5 of 8
Last Updated: 25/01/2011 3:39 PM
Department of Treasury and Finance Circulars, Department of Premier and Cabinet
Policies and Circulars, Leasing Guidelines, Cash Alignment Policy,
Monthly Monitoring Requirements, Government endorsed contractual arrangements,
Government endorsed Information System Management Framework including
Information, Communication and Technology policies and standards, State Records
requirements.
4. RESPONSIBILITIES
Chief Executive Officer
The Chief Executive is responsible for:
The development of adequate internal controls and for their implementation, evaluation
and review in respect to all of the functions as far as practicable that:
o financial records and other relevant information and records data bases
completely and accurately reflect the actual operational activities and the timely
preparation of reports;
o assets are safeguarded from unauthorised use or disposition;
o irregularities are prevented, if they occur are able to be detected and corrected.
implementation of this policy and for ensuring all employees are aware of the policy;
approval of relevant procedures to support the implementation of this policy;
ensuring that managers and employees comply with the policy;
management of breaches of this policy;
development and implementation of associated procedures of an internal control
framework as necessary to ensure that the objectives of Board are achieved in an
orderly and efficient manner.
promotion of a best practice approach in support of effective business practices and
properly functioning controls.

The Accountant
The Accountant is responsible for:
Ensuring that employees are familiar with the policy;
Development and implementation of relevant procedures to support the implementation
of this policy;
Monitoring compliance with the policy and procedures;
Ensuring that the Chief Executive is provided with information when breaches of this
policy or discrepancies are identified;
Monitoring and reporting any costs associated with the administration of this policy and
procedures within their teams and/or areas of responsibility.
3.4. Employees
Employees are responsible for:
Familiarising themselves with this policy.
Ensuring compliance with the policy.
Ref: A52922, 5.0 6 of 8
Last Updated: 25/01/2011 3:39 PM
Conducting their duties in accordance with internal control policies, procedures and
practices of SACE Board. They are also responsible for reporting to management
instances where they consider that internal control procedures are inadequate or are
not being met.
5. POLICY STATEMENT
The SACE Board is committed to ensuring that internal control functions are effective to provide
a high standard of corporate governance and the minimisation of risk.
Internal control is integral to effective risk management of SACE Board operations, a system to
ensure that SACE Board is managed efficiently and effectively, with appropriate policies and
procedures that promote the achievement of its goals and objectives.
The purpose of internal control is to provide assurance that the internal risks faced by the SACE
Board are contained to acceptable levels. It should be recognised that in practical terms a
certain level of risk will always exist within organisations.
An effective internal control environment will provide the means by which the SACE Board can
successfully address and mitigate many risks, not only those of a financial nature. The Internal
Control System should be defined in respect to the financial, political, human resource,
technical, information and technological operations of the SACE Board.
Internal control comprises those management policies, procedures and practices which
collectively ensure that the level of internal risk of an organisation is contained so that its
objectives are achieved in an orderly and efficient manner. Effective internal control will
safeguard the assets and resources, with adherence to policies designed to ensure the
accuracy and reliability of SACE Board records.
This policy describes the purpose and the major factors to be considered in the development of
an effective internal control framework. Factors such as the management structure,
organisational behaviours, other policies, procedures, records and methods of reporting that are
necessary to collectively ensure that the financial and non-financial operations of the SACE
Board are conducted in a proper manner.
Internal control is not concerned with risk management as it applies to matters external to the
operations of the SACE Board. Specifically, internal control is not concerned with risks faced by
the Board including potential disasters or political, economic and environmental risks.
The Chief Executive is responsible for the implementation of the Policy and the development
and implementation of associated procedures that support the principles of the Policy.
Ref: A52922, 5.0 7 of 8
Last Updated: 25/01/2011 3:39 PM
6. INTERNAL CONTROL ENVIRONMENT
Internal control and risk management are key components of a sound governance framework,
in addition to leadership, long-term planning, compliance, resource allocation, accountability
and transparency.
Strategies to maintain sound internal controls are based on risk analysis of the internal
operations of the SACE Board, with a focus on the key elements of:
Organisation Environment - the structure and broad policies adopted to manage the
organisation and assist employees to carry out their roles and functions. An effective
and transparent internal control environment is built on the following key areas:
integrity and ethics
policies and delegated authority
levels of responsibilities and authorities
audit practices
information system access and security
management operating style
human resource management and practices.
Information System - the methods and procedures used to collect, collate and distribute
financial and non-financial information. The Information System comprises all of the
records and reporting methods of the SACE Board used to maintain accountability for
assets, liabilities, revenue and expenses and for the achievement of the objectives of the
SACE Board.
Processing System - the mechanisms in place to ensure that transactions are captured,
checked and verified. The Processing System with control procedures including policies,
delegated authority levels, system procedures and practices should be established to
achieve the objectives of this policy. The use of technology with automated controls will
strengthen the internal control environment.
7. BENEFITS OF INTERNAL CONTROL
A sound internal control framework will provide the following benefits:
effective operation - all financial and non-financial data, records, information databases and
other material are complete and accurate, protected from loss or damage and able to be
readily accessed for the preparation of timely reports;
a clear view of risk nature and impact of inherent risk has been identified, assessed and
contained to an acceptable level;
agreement as to which priorities are to be managed;
cost saving through efficiency gains;
identify and discourage irregularities discrepancies and anomalies are minimised, and
able to be promptly detected and corrected;
Ref: A52922, 5.0 8 of 8
Last Updated: 25/01/2011 3:39 PM
safeguard of assets and resources - assets are only used for authorised purposes and are
not subject to improper removal or sale.
8. LIMITATIONS OF INTERNAL CONTROL
A sound system of internal control will provide management, and the SACE Board, with a
high degree of confidence that the operations are effectively managed and all resources are
properly deployed. However there are limits to the level of certainty.
Limitations include:
controls are designed for routine transactions abnormal or non-routine
transactions may bypass control mechanisms;
the internal control system is operated by people, so there is potential for
human error with mistakes as a result of lack of attention, carelessness,
improper judgement, lack of knowledge or misunderstanding of instructions;
people may act together in collusion to undermine the system of internal control;
employees may abuse a delegation or responsibility to override the internal
control system;
the cost of implementing some controls may be greater than the benefit;
over time, internal controls may become ineffective because of changes to
procedures or practices.
9. ELEMENTS OF INTERNAL CONTROL
Internal control systems will vary depending on the operating environment, such as size and
nature, type of operation, level of autonomy or other practical implications.
Aspects of an effective control framework will include:
Delegation of authority
Documented policies and procedures
Trained and qualified employees
System controls
Effective process review
Regular internal audits
Documentation of risk identification and assessment
Regular liaison with auditor and legal advisors