Internal Control Framework
Minnesota law requires the head of each executive branch state agency design, implement, and maintain an effective system of internal control within the agency. The law requires that the system:
- Safeguard public funds and assets and minimize incidences of fraud, waste, and abuse;
- Ensure that programs are administered in compliance with federal and state laws and rules; and
- Require documentation of internal control procedures over financial management activities, provide for analysis of risks, and provide for periodic evaluation of control procedures to satisfy that these procedures are adequately designed, properly implemented, and functioning effectively.
The law requires the Commissioner of Minnesota Management and Budget (MMB) adopt internal control standards and policies. The Commissioner adopted the U.S. Government Accountability Office's established definitions of internal controls, standards, internal control components, principals, and attributes. The document that contains this information is known as the Green Book. The Green Book framework is widely accepted and is the adopted framework for the State of Minnesota. The Green Book serves as the basis for all internal control matters related to executive branch state agencies.
Internal Control is a process developed by an agency to provide reasonable assurance that the following categories of goals will be achieved:
- Operations - effectiveness and efficiency of operations.
- Reporting - reliability of reporting for internal and external use.
- Compliance - compliance with applicable laws, regulations, contracts, and grant agreements.
- Safeguarding - safeguarding public funds and assets to minimize incidences of fraud, waste, and abuse.
The Green Book approaches internal control through a hierarchical structure of five components and seventeen principals. The Green Book also contains additional information in the form of attributes.
The five components of internal control are control environment, risk assessment, control activities, information and communication, and monitoring. The five components of internal control apply to all goal categories and all levels of the organizational structure. The seventeen principals support the components of internal control. Attributes provide further explanation of the principals and documentation requirements. Each tab below represents one of the five internal control components.