(1) A council must
ensure that appropriate policies, practices and procedures of internal control
are implemented and maintained in order to assist the council to carry out its
activities in an efficient and orderly manner to achieve its objectives, to
ensure adherence to management policies, to safeguard the council's assets,
and to secure (as far as possible) the accuracy and reliability of council
records.
(2) The policies,
practices and procedures of internal financial control under
subsection (1) must be in accordance with a standard or document (such as
a model relating to financial controls) adopted by the regulations.
(3) A council must
ensure that appropriate policies, systems and procedures relating to risk
management are implemented and maintained in order to assist the council to
carry out its activities in an efficient and orderly manner to achieve its
objectives, inform appropriate decision making, facilitate appropriate
prioritisation of finite resources and promote appropriate mitigation of
strategic, financial and operational risks relevant to the council.