Skip to main navigation
Governor Chris Christie • Lt Governor Kim Guadagno
The Official Web Site For The State of New Jersey
Global Navigation NJHome Services A to Z Departments/ Agencies FAQs
Skip to main navigation
Department of the Treasury
Annual Internal Control Reporting









PHONE: (609) 292-8938


This Circular Letter supersedes Circular Letter 98-02-OMB. The most significant change is the requirement that all state executive agencies use Treasury's Internal Control Questionnaire to perform their annual assessment of internal controls. See the section entitled Assessment of Internal Controls.


The Director of Budget and Accounting has the statutory authority (N.J.S.A.52:27B-37) ".to examine, audit and adjust all encumbrances and statements of indebtedness so presented."

In the interest of a more effective State government, the Office of Management and Budget (OMB) had delegated the pre-audit of payments for goods, services and travel to State agencies. Along with this authority comes a heightened responsibility for the State agencies to maintain effective internal controls.


The purpose of this circular is to require an annual self-assessment of internal controls by State executive branch agencies. This self assessment will help managers evaluate internal controls and identify possible deficiencies within their areas of responsibility. Such an effort will lead to the implementation of more effective controls before problems arise.

The final product of this process, an internal control self-assessment report signed by the agency head and chief financial officer, is to be submitted to the Director of the Office of Management and Budget on or before July 1, annually.

In addition to establishing the annual agency self-assessment of internal controls, this circular:

  • Defines internal control,
  • Establishes responsibility for maintaining effective internal controls, and
  • Describes the activities to be undertaken by OMB to ensure that State executive agencies comply with this Circular Letter.


Internal control is defined as a process, effected by the entity's management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations,
  • Reliability of financial reporting, and
  • Compliance with applicable laws and regulations.

Once objectives are established by management, it must also establish a process that encourages employees to follow and meet the established objectives. Thus, a critical part of the success of the internal control process is the following five components:

Control Environment - It sets the tone of an organization, which influences the control consciousness of its employees. The control environment is the foundation for all other components of internal control because it provides discipline and structure.

Control environment factors include the people of the organization; management's philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people.

Risk Assessment - Risk assessment is the process that the entity must conduct to identify and assess any relevant risk to its objectives. Once this is done, management must determine how the risks should be managed.

The entity must be aware of and deal with the risks it faces. It must set objectives, which are integrated with the program, financial, and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze, and manage the related risks.

Control Activities - Control activities are the policies and procedures that help ensure that management directives are carried out.

Control activities help ensure that the necessary actions are taken to address risks to the achievement of the entity's objectives. Control activities occur throughout the organization and include such things as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets, and segregation of duties.

Information and Communication - These two key elements help management carry out its responsibilities. Management must establish a timely and effective process for relaying information.

Surrounding all internal control activities are information and communications systems. These enable the entity's people to capture and exchange the information needed to conduct, manage, and control its operations. Effective communication must flow down, across, and up the organization as well as to external parties. All personnel within an entity must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system and how individual activities relate to the work of others.

Monitoring - Monitoring is a process that an entity uses to assess the quality of its internal control performance over time.

Ongoing monitoring includes regular management and supervisory activities and other actions taken in the course of daily operations. Any internal control deficiencies should be reported upstream, with serious matters reported to top management.


Agency Heads

Agency heads are responsible for adhering to the statewide internal control policies and adapting them to their agencies' objectives. This helps to ensure a positive control environment and conveys high ethical standards to agency managers.

Division Heads

Division heads are responsible for aligning division objectives with agency policy. Division objectives guide the development and implementation of internal control policies and procedures and ensure consistency with overall agency objectives and the strategic plan. Division heads assign specific responsibility for internal control to program administrators who have a hands-on role in devising and executing internal control policies.

Financial Officers

Financial officers play a particularly significant role in the implementation of financial internal controls. They track and analyze agency performance from a financial perspective. Financial officers are important in preventing and detecting fraudulent reporting. According to the 1992 Treadway Commission report, financial officers have the responsibility to:

  • Help set the tone of ethical conduct,
  • Design, implement, and monitor the financial reporting system
  • Identify unusual situations caused by fraudulent financial reporting,
  • Help establish agency financial objectives, and
  • Help analyze financial risk.


Internal control activities are explicit or implicit in the duties of every staff member including the following:

  • Delivering services to the public,
  • Maintaining financial information, and
  • Inspecting and maintaining physical assets.

In addition, each staff member has the responsibility of communication to higher levels within the agency, regarding the following matters:

  • Problems in operations,
  • Non-compliance with codes of conduct
  • Violations of policy, and
  • Illegal or unethical actions.

Each staff member has the responsibility to resist pressure to participate in improper activities. The internal control system needs to include channels outside normal reporting lines, permitting each staff member to report concerns without fear of reprisal.

Internal Auditors

Within an agency, internal auditors have a direct role in examining the adequacy and effectiveness of internal controls. They also have a responsibility to recommend improvements. Internal auditors have the difficult challenge of remaining objective; they must maintain independence if they are to do their job effectively.

The Standards for the Professional Practice of Internal Auditing established by the Institute of Auditors describe that important role. Internal auditors must be concerned with the following:

  • The reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information,
  • The system established to ensure compliance with policies, plans, procedures, laws and regulations with potential for significant impact operations and reports; determining whether the organization is in compliance,
  • The means of safeguarding assets in verifying, as appropriate, the existence of such assets,
  • The economy and efficiency with which resources are employed, and
  • The operations and programs to ascertain whether results are consistent with established objectives and goals, and whether the operations and programs are being carried out as planned.

The dual nature of an internal auditor's role and the scrupulous maintenance of his or her independence requires that potential conflicts of interest be carefully monitored. At the same time, internal auditors need to recognize their limitations - they do not have primary responsibility for establishing policy or maintaining internal control.

Oversight and Governance

Oversight and governance groups within the Executive Branch include the Office of Management & Budget and the Division of Purchase & Property. These groups set standards and specify procedures for the operation of State programs.


An agency's assessment of internal controls can be performed using a variety of methodologies. The preferred methodology for the State of New Jersey is explained in the report entitled "Internal Control - Integrated Framework." This report was issued by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission. One volume of this report contains evaluation tools for each internal control component.

The Department of the Treasury, Division of Administration, has developed an Internal Control Assessment questionnaire that incorporates the COSO methodology. All executive branch agencies must use this questionnaire in performing their annual internal control assessment unless specifically exempted by OMB. In order to obtain an exemption, the agency head must submit a memorandum to the OMB Director requesting the exemption and explaining in detail how the agency's methodology conforms to the COSO methodology.

Treasury's Internal Control Assessment questionnaire is available through the Department of the Treasury website.


OMB is responsible for:

  • Ensuring that State agencies have established and maintained effective internal controls,
  • Ensuring that State agencies are continually evaluating their internal controls, and
  • Performing post-audits of transactions.

Therefore, the OMB Accounting Operations Unit will periodically visit each State executive agency to review the documentation supporting the assessment of internal controls and to perform audits of transactions.

Charlene M. Holzbaur

Contact Us | Privacy Notice | Legal Statement & Disclaimers | Accessibility Statement
Statewide: NJ Home | Services A to Z | Departments/Agencies | FAQs
Copyright © State of New Jersey, 1996-2010
This site is maintained by the New Jersey Office of Information Technology