Code of practice 09
Internal controls
 .
|
We're keen to find out how useful you find our internal controls code of practice and its associated guidance.
Let us know your views by completing our brief questionnaire - it'll only take 5-10 minutes of your time. Many thanks for your help.
Access the survey
The exercise of judgement
- Trustees should, having considered the nature and circumstances of their scheme, decide what internal controls are appropriate to mitigate the key risks they have identified and how best to monitor them. This requires them to exercise judgement, both in assessing the risk profile of the scheme and in designing appropriate controls.
- The extent to which the trustees seek professional advice in this area will again be a matter requiring judgement. The regulator would expect advice to be taken when trustees feel they have insufficient knowledge to complete a risk review.
The need to review risks and internal controls
- Trustees should be prepared to monitor, challenge and review their risk assessment process and outputs. As referred to above, trustees should also ensure that they can recognise when professional advice is required.
- Risk assessment is a continuous process and must take account of a changing environment. It is not simply concluded when an internal control is implemented. Internal controls should be reviewed periodically, at least on an annual basis, or sooner if substantial changes take place, such as a deterioration in funding, change in investment manager, or where a control has been found to be inadequate.
.
.
.