- You are here:
-
- Home >
- Regulatory guidance >
- Internal controls >
- An example of the scheme risk-management process >
- Monitor and review .
Regulatory guidance
Internal controls
 .
|
 .
|
 .
|
Monitor and review
Purpose
The scheme will now have agreed internal controls in place to mitigate its main risks. The purpose of this stage is to monitor the effectiveness of the controls and to make changes to the controls if they prove inadequate or if new risks arise.
Description
A review of scheme risks and internal controls should not be seen as a one-off exercise. You will need to review the risks on a regular basis to ensure that changing circumstances have not altered any of the existing risks or introduced new risks that now need mitigation.
The circumstances you might need to consider include changes to:
- legislation, eg changes to disclosure requirements;
- scheme membership, eg bulk transfer in due to a scheme merger;
- key staff including scheme administration, eg a change of pension manager;
- delegated services such as third-party administrators;
- scheme structure, eg the introduction of a defined contribution section;
- the trustees' view of acceptable risk and its success criteria; and
- the scheme's operational objectives.
You will also need to consider whether the controls you have in place are still adequate. You should consider whether the control is still mitigating the risk to an acceptable level. The success criteria established earlier in the risk-management process should be used to help make this judgement.
If you use third-party administrators you will need to review their control reports to ensure that their controls are adequate enough not to subject your scheme to unacceptable risk.
Larger schemes are likely to have an internal audit function, an audit committee and structures already in place to mitigate risk. Nevertheless, even the largest schemes can benefit from including a wide ranging review of their risk management policy on a periodic basis.
Outcomes
Regular monitoring and reviewing will ensure that the scheme can be confident that all risks are identified and that major risks are mitigated down to an acceptable level by the implementation of suitable internal controls.
The scheme now complies with the regulatory obligation to establish and operate internal controls which are adequate for the purpose of securing that the scheme is administered and managed in accordance with the scheme rules and the requirements of the law.
|
.
|
.
|
| Related pages |
|---|
| Code of practice 09: Internal controls |
| Related documents |
|---|
| Codes-related guidance: internal control (PDF) |
| Example risk register (PDF) |
| Legislation |
|---|
| The Occupational pension schemes (internal controls) regulations |