- You are here:
-
- Home >
- Codes of practice >
- Internal controls >
- The assessment of risk .
The Pensions Regulator
- Reporting breaches of the law
- Notifiable events
- Funding defined benefits
- Early leavers
- Reporting late payment - money purchase
- Reporting late payment - personal pensions
- Trustee knowledge and understanding
- MNT / MND
- Internal controls
- Modification of subsisting rights
- Dispute resolution
| Keep up to date | ||
| News-by-email | ||
| RSS news feed |
|
|
Codes of practice
Code of practice 09
Internal controls
 .
|
We're keen to find out how useful you find our internal controls code of practice and its associated guidance.
Let us know your views by completing our brief questionnaire - it'll only take 5-10 minutes of your time. Many thanks for your help.
 .
|
 .
|
 .
|
The assessment of risk
- Before implementing an internal controls framework, we recommend that the trustees should determine the various functions and activities carried out in the running of the scheme and then identify the key risks associated with those functions and activities.
- The extent to which schemes are exposed to risk will vary from one scheme to another. To help identify areas where the scheme is exposed to undue levels of risk, and to enable trustees to establish and examine the adequacy of existing key internal controls, the trustees may wish to consider undertaking a risk review.
- An effective risk review will assist trustees in identifying a wide range of both internal and external risks affecting the scheme and will provide a mechanism to detect weaknesses at an early stage. Internal controls will help mitigate risk to members' benefits and will also provide a framework against which compliance with the scheme rules and legislation can be monitored. Adherence to these controls will help ensure that risks are identified and addressed before affecting another part of a process or jeopardising the achievement of the schemes objectives. Implementing adequate internal controls will therefore assist the trustees in achieving these objectives.
- The regulator recommends that trustees carry out a risk based review. It recognises that such an approach will initially focus on those areas where the impact and incidence of a failure relating to internal controls is high. Many trustees already use risk based methodology as a tool for highlighting exposure to risk and to help develop an adequate internal controls framework. Therefore, many schemes may already have adequate internal controls.
- The diagram below provides one approach to the risk review process and summarises the stages involved in establishing and operating an adequate internal controls environment.
The scheme risk management cycle
Source: based on Watson Wyatt business management cycle
|
.
|
.
|
.
|
| Related documents |
|---|
| Code of practice 09: Internal controls (PDF) |
| Related pages |
|---|
| Supporting guidance to be read in conjunction with the code: Internal controls guidance |