Annex 2. Summary of observations on the internal control framework
Information for this annex should be drawn from the PEFA assessment only. No new information should be collected. Where there is no information to provide a summary of findings, the table should include the words ‘no information available from the PEFA assessment’.
| Internal control components and elements | Summary of observations |
|---|---|
| 1. Control environment | |
| 1.1 The personal and professional integrity and ethical values of management and staff, including a supportive attitude toward internal control constantly throughout the organisation | |
| 1.2. Commitment to competence | |
| 1.3. The “tone at the top” (i.e. management’s philosophy and operating style) | |
| 1.4. Organisational structure | |
| 1.5. Human resource policies and practices | |
| 2. Risk assessment | |
| 2.1 Risk identification | |
| 2.2 Risk assessment (significance and likelihood) | |
| 2.3 Risk evaluation | |
| 2.4 Risk appetite assessment | |
| 2.5 Responses to risk (transfer, tolerance, treatment or termination) |
|
| 3. Control activities | |
| 3.1 Authorization and approval procedures | |
| 3.2 Segregation of duties (authorizing, processing, recording, reviewing) | |
| 3.3 Controls over access to resources and records | |
| 3.4 Verifications | |
| 3.5 Reconciliations | |
| 3.6 Reviews of operating performance | |
| 3.7 Reviews of operations, processes and activities | |
| 3.8 Supervision (assigning, reviewing and approving, guidance and training) | |
| 4. Information and communication | |
| 5. Monitoring | |
| 5.1 Ongoing monitoring | |
| 5.2 Evaluations | |
| 5.3 Management responses |
