Code of practice 09
Internal controls
 .
|
We're keen to find out how useful you find our internal controls code of practice and its associated guidance.
Let us know your views by completing our brief questionnaire - it'll only take 5-10 minutes of your time. Many thanks for your help.
Access the survey
Limitations
- Trustees should be aware that an internal controls framework is not infallible and will not eliminate error or fraud from pension schemes. At any stage in a process where judgement is involved, the possibility of error remains. Similarly, the failure to understand how or why a particular control is operating, or more seriously, collusion to circumvent a control, will always be a risk that cannot be eradicated entirely.
Governance
- In both the corporate and not-for-profit sectors, the assessment of risk and the attention given to internal controls are seen as important features of good governance. Trustees may wish to demonstrate their own good practice in this area by making a positive statement (in their Trustees' Annual Report, for example), confirming that they have considered the key risks affecting their scheme together with the effectiveness of controls implemented to mitigate these risks.
- The extent to which internal controls are documented will be a matter for the trustees to consider. The regulator would recommend that arrangements and procedures in respect of key internal control systems are documented as part of the routine business processes of the scheme but recognises that the formalisation of controls will vary from scheme to scheme.
- A number of third party administrators are obtaining independent reviews of their internal controls and are actively providing their clients with copies of the assurance reports. Trustees should read and understand these reports to establish the adequacy of controls used by the organisations to whom they outsource various functions. This will also include assurance reports produced by the scheme's investment manager and custodian.
.
.
.