Internal control plans are physical documentation of a unit's material business processes and financial transaction cycles. They comprise process narratives and workflow diagrams, a materiality and risk assessment, and a management response plan, all developed using a standard set of templates.
To determine what controls to implement, units must assess and document all key financial transaction cycles and underlying business processes, conduct a materiality and risk assessment based on the unit’s operational objectives. Following that process, units must identify potential internal control and operational risks that currently exist and develop a corrective action plan to mitigate all significant risks identified. See Designing Internal Controls for information on developing internal control activies to mitigate risks.
The design of internal control processes and procedures must focus on resonding to the risk assessment conducted by unit heads or their designees and address these six key policy areas: