Financial internal controls policy

Version number 1.2 | Version effective 10 June 2021
Financial internal controls policy




This policy describes the Department of Education’s (the department’s) system of financial internal controls, in line with Queensland Treasury’s Financial Accountability Handbook (Volume 3: Designing Internal Controls).

Policy statement

The department’s financial internal control structure is aligned with an internationally recognised framework established by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). All departmental business units, including schools, must have an efficient and effective system of financial internal controls.


The department’s system of financial internal controls will:


What this means for the department

Support achievement of objectives

Controls ensure that the department gains maximum value from available resources.

Protect against fraud

Controls protect the department’s assets and information, and protect individuals by guiding actions to comply with regulations.

Support compliance assurance

Controls ensure that the department meets its legislative, policy and procedural compliance requirements.

Maintain quality of information

Controls ensure that accurate, complete, and timely management of accounting information is appropriate for effective decision making.

Be cost effective

The cost of implementing a control will be commensurate with the risk that the control mitigates.


Internal controls may be preventive or detective. Financial internal controls include (but are not restricted to):

  • induction and ongoing training for all staff to ensure that they are aware of their obligations
  • delegations to align expenditure authority with role responsibility
  • segregation of duties (DoE employees only) to require more than one staff member to participate in a financial transaction so that no one individual has sole control and/or visibility over the transaction
  • system controls to restrict individuals’ ability to process transactions based on authority levels and to enforce segregation of duties
  • independent checks (DoE employees only), particularly where the availability of segregation of duties is limited due to small staff numbers
  • physical security (DoE employees only) of assets, information and important forms (known as accountable forms)
  • reconciliations to detect irregularities and errors
  • annual finance control self-assessments (DoE employees only) is a tool to assist schools in monitoring their internal control environment.

Some controls, such as segregation of duties, may be difficult to achieve in small schools or business units because of small numbers of staff. If a control is not possible it must be replaced by a compensating control, for example, by regular independent checking by another school or centre (including a processing centre), or a Senior Finance Officer from the regional office.

Controls exist within three lines of defence, as described in Internal audit: three lines of defence model explained:

  • The first line of defence is formed by managers and staff who identify and manage risk as part of their accountability for achieving objectives. Collectively, they should have the necessary knowledge, skills, information, and authority to operate the relevant controls. This requires an understanding of the department, its objectives, the environment in which it operates, and the risks it faces
  • The second line of defence is provided by functions that oversee or who specialise in compliance or the management of risk. They provide the policies, frameworks, tools, techniques and support to enable risk and compliance to be managed in the first line, monitor to judge how effectively they are doing it, and help ensure consistency of definitions and measurement of risk
  • The third line of defence is provided by internal audit. Sitting outside the risk management processes of the first two lines of defence, its main roles are to ensure that the first two lines are operating effectively and advise how they could be improved. It evaluates, through a risk-based approach, the effectiveness of governance, risk management, and internal control to the Director-General and the Executive Management Board.

Staff members should report any suspicions of breakdowns in internal controls to Integrity and Employee Relations (DoE employees only) if they suspect misappropriation or fraud, or contact Finance Branch (DoE employees only) if they have suggestions to improve controls.

The department’s internal control environment is described annually in the Chief Finance Officer Statement of Assurance. The Statement of Assurance is an annual attestation that internal controls are in place and operating as they are intended.




Detective controls

Controls designed to identify errors or fraud so that they can be appropriately dealt with.

Preventive controls

Controls designed to prevent errors or fraud before they occur.

Segregation of duties

An internal control designed to mitigate errors or fraud by making sure that more than one person is responsible for separate tasks within certain functions.



  • Nil

Other resources

Superseded versions

Previous seven years shown. Minor version updates not included.

1.0 Financial internal controls

Review date

01 July 2024
Attribution CC BY