What Price, Internal Control?

At what point does the cost of investing in internal control outweigh the benefits of avoiding the risk of fraud, waste or poor outcomes performance? Is there a trade-off balance point?

Recently, I attended a highly informative presentation by the Auditor General for Queensland, Andrew Greaves. Andrew is well credentialed with significant experience at Federal and State levels in audit practice. The theme of his address was “Internal control is your friend” and as he shared his thoughts I found myself nodding in strong accord with his very practical approach to modern corporate risk management. In fact, he carefully weaved together the themes of risk management and internal control to emphasise the need for senior management of any organisation to consider the balance of resourcing internal control systems and activity with achieving outcomes appropriate to the organisation’s risk profile, a risk appetite and tolerance.

Finding a balance between internal control and business performance.

There are various models that can be used to represent this balance such as the diagram in this article. The key is to judge where the point of balance is for any given organisation. Given the emphasis in public sector organisations on the stewardship of public money, that balance might be more in one direction than for private sector organisations.


 Evolution of audit practice from transactions to outcomes.

Interestingly, the Queensland Audit Office approach to its role has been evolving over many years from the traditional transaction checking approach of the 1960s and 1970s, through the systems based approach of the 80s and 90s, to more lately a performance-based approached focusing on how well public sector organisations manage and control the resources allocated to them to deliver the policy and service outcomes sought by the governing bodies. This will inevitably explore in each case how well internal control assists, rather than constrains, the organisation’s performance in delivering outcomes.

The website of the QAO illustrates this approach by explaining the objectives of some of the audits currently in progress.

  • Tourism and growth development -“whether the Queensland Tourism Strategy and other action plans are effective in delivering the government’s growth agenda.”
  • Water infrastructure assets -“whether Queensland water infrastructure assets are being effectively managed and maintained to contribute to a secure and sustainable water supply and meet agreed levels of service”
  • Fraud risk management by departments -“the appropriateness of fraud risk management policies and procedures”… Including “cost effectiveness of the controls designed to prevent fraud…”


Auditor-General reports control weaknesses in Government Departments.

The QAO’s ability to broaden its focus may yet require some narrower brief to begin with. Other interesting information on the QAO website concerning the Auditor General’s report to the Queensland Parliament in June 2012 reveals the following examples

  • Control weaknesses have been identified in 13% of the 196 State Departments and agencies that were audited, with 221 significant control issues being reported to those charged with the governance of these entities.
  • An increase in the number of Departments failing to maintain adequate financial controls with 11 Departments found to be lacking in control elements operating at a level to minimise the risk of fraud occurring.


In defence of the Public Sector which is under greater scrutiny than its private sector counterparts, I would suggest that a similar sample of private sector organisations would be likely to return similar results.

Join our newsletter

We won’t spam you, you will receive regular updates on relevant topics. 

  • This field is for validation purposes and should be left unchanged.