Skip to Main Content

About

An image of a padlock

Under Chapter 647 of the Acts of 1989, the Comptroller is responsible for developing internal control guidelines for Commonwealth departments. As the Comptroller’s business owners of internal controls, the Statewide Risk Management Team reviews and updates these guidelines which assist departments in developing Internal Control Plans based on a comprehensive assessment of risks that could impede the attainment of departments’ goals and objectives.  Departments are expected to identify and implement policies and procedures to mitigate risks, especially those related to the prevention of fraud, waste and abuse.

​Departments should familiarize themselves with the documentation and tools for best practices provided in the categories below: overall Guidance for Internal Controls, tools to assist in the prevention and detection of Fraud, Waste and Abuse, best practices for departments receiving federal funds, and the Internal Control Questionnaire, a department’s annual certification as to its compliance with applicable laws, regulations and policies regarding internal controls.

New for FY2024: Internal Control Certification

Starting in Fiscal Year 2024, the Office of the Comptroller (CTR) will require each department head to certify through an annual Internal Control Certification (ICC).

The Internal Control Certification will require each department head to certify annually that they have a system of written internal controls, and that training and monitoring is actively in place as part of daily operations to achieve the department’s mission, to ensure compliance with CTR’s published guidance, and to prevent fraud, waste, and abuse of Commonwealth resources.

Each department’s Internal Control Officer, Single Audit Liaison, Chief Financial Officer and General Counsel should work closely with their senior management team to identify appropriate staff to assist with completion of the required certifications for each of the 15 sections of the ICC. Note that the 15 sections of the ICC match the topic sections listed in PowerDMS. We have also uploaded an “ICC Compliance Checklist” to PowerDMS which enables you to download a listing of all the policies, job aids and training materials that are currently posted on PowerDMS. Departments certify that these materials are included as part of their written internal controls, and training and monitoring are actively in place as part of daily operations.

Departments will have until June 28, 2024 to complete the ICC process.

VIEW THE MEMO

Additional resources

Read Frequently Asked Questions about the Internal Control Certification process [PowerDMS login required].

Download a Checklist for successful completion of the Internal Control Certification process [PowerDMS login required].

Internal Control Guide

Guidance for developing, implementing, and monitoring internal controls presentations and training, research, guidance on implementation, examples of how enterprise risk management is used in various entities

VIEW ON bet356英国在线

Guidance From the Office of the Comptroller

COVID-19 Pandemic Response Internal Controls Guidance

Because the COVID-19 Pandemic has affected all departments, the Office of the Comptroller, in consultation with the State Auditor’s Office, is providing two options for updating internal controls.

VIEW MEMO

CTR Cyber

A resource to promote cybersecurity awareness for everyone in your organization, to improve overall cyber hygiene, and to help prevent increasing denial of service (DoS), phishing, malware, and social engineering attacks.

VISIT PAGE

Chapter 647 of the Acts of 1989

Chapter 647

An act relative to improving the internal controls within state agencies

VIEW ON MASS.GOV

Report Unaccounted for State Property or Funds

State agencies must immediately report to the Office of the State Auditor any lost, stolen, or unaccounted for state property or funds

VIEW ON MASS.GOV
An image of the "Fraud Prevention: Everyone's Job" brochure

Combat Fraud, Waste, and Abuse Brochure

Tips for government agencies to fight fraud, waste, and abuse of public funds

VIEW PDF

Other Internal Controls Resources

Association of Government Accountants Enterprise Risk Management Hub

Presentations, research, guidance on implementation, and examples of how Enterprise Risk Management is used in organizations

VISIT AGACGFM.ORG
NASC Internal Control Questionnaires

Guidebook, glossary, and internal control questions from NASC Internal Controls Information Sharing Group

VISIT NASACT.ORG

Fraud Prevention

Whistleblowers

If you have evidence of fraud, waste, or abuse, blow the whistle.

VISIT PAGE
Association of Government Accountants Fraud Prevention Toolkit

AGA's Fraud Prevention Tool provides resources for federal, state, local and tribal government financial managers to use in preventing and detecting fraud.

VISIT AGACGFM.ORG