Main Menu

Developing An Internal Control Manual


cube risk COSO internal control_CROPPEDMany times problems arise at governmental entities due to the lack of appropriate internal controls or failure to follow already established internal controls. Here are two particular instances discovered when assisting government entities with internal audit and fraud investigations.

City X – City X did not have internal controls established to ensure that recreational league fees paid to the parks department were properly safeguarded, accounted for and deposited. The city parks director collected these fees and was responsible for depositing them into the city bank account – without any additional oversight. As a result, the city parks director was able to steal approximately $15,000 over a three-year period in fees paid by residents for recreational leagues.

City Y – City Y had established internal controls that were documented in its policies and procedures manual, over the drawdown of federal grant funds it was owed. However, the manual was seldom referred to and eventually forgotten over time. So, City Y was actively looking into finding out why they had failed to draw down in a timely manner more than $6 million in federal funds owed. It was discovered that an accountant, who had been hired in the past year, was not told about the controls established and documented in the policies and procedures manual, making the internal controls a moot point.

These are just a couple of examples that show the need to document internal controls. This article will define what internal controls are, discuss why a manual is critical for local government, and outline the steps to develop a manual and the related components.

Internal Control

It is crucial to define what internal control is before delving any further into the topic of an internal control manual. The best and most widely accepted definition of internal control comes from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) that was founded in 1992 and issued the Internal Control Integrated Framework.

MML quote

COSO defines internal control as:

“A process, effected by an entity’s board of directors, management and other personnel. This process is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.”

This definition translates well to local government entities by simply replacing “board of directors” with “elected officials” in the first line above. The definition also focuses on the fiduciary responsibilities of local government entities to ensure the effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulation.

MML Figure 1

Why Develop An Internal Control Manual

Government officials are accountable to the public. They have been entrusted with four main fiduciary responsibilities. The first is the responsibility to comply with all federal, state and local laws and regulations. The second is the responsibility to properly handle and safeguard public funds. Their third responsibility is to operate in an efficient and effective manner. Finally, government officials are responsible for achieving results.

The Government Finance Officers Association (GFOA) recommends that every governmental entity document accounting policies and procedures in order to enhance accountability and consistency. GFOA further recommends that this documentation:

  • Delineate the authority and responsibility of all employees, especially the authority to allow transactions and the responsibility for the safekeeping of assets and records.
  • Indicate which employees are to perform which procedures.
  • Explain the design and purpose of control-related procedures to increase employee understanding and support of controls.

Effective internal controls can assist every aspect of government operations by assuring compliance with applicable laws and regulations, safeguarding public funds, ensuring operational effectiveness and efficiency, and monitoring the achievement of results. Good governance through accountability and recommended practice dictate that local government entities develop internal control manuals.

Steps for Developing An Internal Control Manual

As depicted in Figure 1 (above), there are six key steps to developing an internal control manual. It is critical that these steps be followed in the order presented. With each step, there are several keys that should be considered as presented in Figure 2 below.

MML Figure 2

Components Of An Internal Control Manual

An Internal Control Manual should at a minimum contain the following sections detailed below.

  • Introduction – The introduction should include the purpose, scope and authority of the manual. It should provide a discussion of how to use the manual, as well as whom to contact with questions related to the manual and internal controls.
  • Internal Control Basics – This section should provide a definition of internal control and emphasize the importance of internal controls in the organization. It also should explain management’s responsibility for internal controls.
  • Fraud Awareness – This section should define fraud and its characteristics. It also should identify each employee’s responsibility for fraud reporting, as well as how to report fraud to management.
  • Control Activities – This section is the heart of the manual and should identify procedures and critical internal controls within key processes such as:
    • Revenue – Taxes, fines, fees, etc.
    • Procurement
    • Expense disbursement
    • Human resources and payroll
    • Treasury
    • Financial reporting
    • Fixed assets
    • Regulatory compliance – including grants

Information systems and security

A properly developed and implemented Internal Control Manual will not solve all issues faced by an organization, but it can certainly assist in anticipating, preventing and controlling many problems that could arise.


Download the PDF


If you have any questions about your government entity's internal controls, please contact Ron Steinkamp, at 314.983.1238 or


Back to Page