The design of fully integrated internal control systems in public government: Reflections from the case of Regione Lombardia

Journal title MANAGEMENT CONTROL
Author/s Enrico Guarini, Francesca Magli, Mauro Martinelli
Publishing Year 2022 Issue 2022/2 Language Italian
Pages 27 P. 63-89 File size 540 KB
DOI 10.3280/MACO2022-002004
DOI is like a bar code for intellectual property: to have more infomation click here

Below, you can see the article first page

If you want to buy this article in PDF format, you can do it, following the instructions to buy download credits

Article preview

FrancoAngeli is member of Publishers International Linking Association, Inc (PILA), a not-for-profit association which run the CrossRef service enabling links to and from online scholarly content.

The design of internal control functions in Italian governments has been strongly influenced by the legislation that has driven a fragmentation of control activities. Over the years, such an approach has prevented the development of a complete internal control and risk management system. Furthermore, the absence of a sound organizational model feeds the lack of structured processes of risk management and control, the lack of an integrated information system, and problems of coordination with the multi-layered system of external controls. This article proposes a framework for the re-design of the internal control system in governments within the perspective of fully integration of administrative processes, information, and risk management. This is done by utilizing the insights provided by the empirical verification of the three lines of defense model conducted at the regional government of Lombardy in Italy.

Keywords: Internal control systems, Public government, Regional government, Risk management, Information systems

  1. Allegrini M., D’Onza G. (2011), Corporate governance, risk management e responsabilità sociale fra presente e future dell’attività di internal auditing, Management Control, 1, pp. 151-178. DOI: 10.3280/MACO2011-001007.
  2. Badia F., Galeone G., Ranaldo S. (2021), La crisi COVID-19 come “crash test” per i sistemi di controllo aziendali: il caso di un’azienda di trasporto pubblico locale, Management Control, 1, pp. 57-80. DOI: 10.3280/MACO2021-001004
  3. Bantleon U., D’Arcy A., Eulerich M., Hucke A., Pedell B., Ratzinger-Sakel N.V.S. (2019), Coordination challenges in implementing the three lines of defense model, International Journal of Audit, 25, pp. 59-74.
  4. Bivona E. (2019). Sistema di Controllo Interno e prevenzione delle infiltrazioni della criminalità organizzata, Management Control, Suppl. 1, pp. 51-68. DOI: 10.3280/MACO2019-SU1004
  5. Castellano N., Magnaghi E. (2019), Tratti di innovazione nei sistemi di controllo e risk management, Management Control, 3, pp. 5-10. DOI: 10.3280/MACO2019-003001
  6. COSO (1992), Internal control – Integrated framework, The Institute of Monitoringors, -- https://www.coso.org.
  7. COSO (2004), ERM-Enterprise Risk Management framework, Executive summary, -- https://www.coso.org/Documents/COSO-ERM-Executive-Summary.pdf.
  8. COSO (2017), Enterprise Risk Management – Integrating with Strategy and Performance, Executive Summary, -- https://www.coso.org/Documents/2017-COSO-ERM-Integrating-withStrategy-and-Performance-Executive-Summary.pdf (ultimo accesso: 2/9/2020).
  9. D’Onza G., Rigolini A., Brotini F. (2016), Esiste una strategia di Internal Auditing che crea valore? Un’analisi empirica del contesto italiano, Management Control, 1, pp. 125-148.
  10. Davies H., Zhivitskaya M. (2018), Three Lines of Defence: A Robust Organising Framework, or Just Lines in the Sand? Global Policy, 9(Suppl. 1), pp. 34-42.
  11. Decaux L., Sarens G. (2015), Implementing combined assurance: insights from multiple case studies, Managerial Auditing Journal, 30, pp. 56-79.
  12. Deloitte (2017), Three lines of Defense. Time to rethink and reframe the model, Deloitte Tax and Counsulting, Luxembourg.
  13. ECIIA/FERMA (2010), Guidance on the 8th EU Company Law Directive article 4, -- https://www.iia.nl/SiteFiles/ECIIA%20FERMA.pdf.
  14. European Commission (2014), Compendium of the public internal control systems in the EU Member States, Luxembourg: Publications office of the European Union, -- https://op.europa.eu/en/publication-detail/-/publication/f5d1aca3-f349-11e6-8a35-01aa75ed71a1.
  15. European Commission (2017a), Public Internal Control Systems in the European Union. The three lines of defense in a Public Sector Environment, PIC Working Group, Discussion Paper no. 9, Ref. 2017-2. Documento estratto nel 2019 da: -- https://ec.europa.eu/info/strategy/eu-budget/protection-eu-budget/public-internal-control_en.
  16. European Commission (2017b), Public Internal Control Systems in the European Union. Illustrating essential Internal Control elements, -- https://www.pempal.org/sites/pempal/files/event/2018/Internal%20Audit%20COP%20Events/Oct29_Tbilisi%2C%20Georgia/files/2017-1_illustrating_essential_ic_elements_final.pdf.
  17. EY (2013), Maximizing value from your lines of defense. A pragmatic approach to establishing and optimizing your LOD model. Insights on governance, risk and compliance.
  18. Garlatti A., Pezzani F. (2000), I sistemi di programmazione e controllo negli enti locali: progettazione, sviluppo e impiego, Etas, Milano.
  19. Greco G., Presti C., Marchi L. (2019), Il sistema di controllo interno: evoluzione e prospettive, in Greco G., Marchi L. (a cura di), Nuove prospettive su governance, audit, risk e performance management, Giappichelli, Torino.
  20. Guest G., Namey E., Mitchell M. (2013), Collecting qualitative data, SAGE, Thousand Oaks, USA.
  21. IIA (2013), The three lines of defence in effective risk management and control, -- https://global.theiia.org/standards-guidance/recommended-guidance/Pages/The-Three-Lines-of-Defense-in-Effective-Risk-Management-and-Control.aspx (20/12/2021).
  22. IIA (2013), The three lines of defense in effective risk management and control, Altamonte Springs/Fl: The Institute of Internal Auditors.
  23. INTOSAI (1992), Guidelines for Internal Control Standard for the Public Sector, -- https://www.issai.org/wp-content/uploads/2019/08/intosai_gov_9100_e.pdf (ultimo accesso 20/12/2021).
  24. Johnson J.C., Avenarius C., Weatherford J. (2006), The active participant-observer: Applying social role analysis to participant observation, Fields Methods, 18(2), pp. 111-134.
  25. KPMG (2012), The Convergence Evolution: Global Survey into the Integration of Governance, Risk and Compliance, KPMG, Switzerland.
  26. La Rosa F. (2018), Il contributo dei controlli sull’informativa contabile al processo di creazione del valore, in Caldarelli A., Marchi L. (a cura di), Il sistema di controllo interno nelle imprese non grandi, FrancoAngeli, Milano.
  27. Lamboglia R. (2011), Un’analisi della letteratura sulla valutazione del Sistema di controllo interno: stato dell’arte e prospettive future, Management Control, 2, pp. 105-131.
  28. Laurenti A., Orlandi L., Panebianco M. (2010), Un nuovo ruolo per funzioni di controllo interno in azienda: il modello della Compliance integrata, Economia e diritto del terziario, 3, pp. 593-612.
  29. Luburic R. (2017), Strengthening the Three Lines of Defence in Terms of More Efficient Operational Risk Management in Central Banks, Journal of Central Banking Theory and Practice, 6, pp. 29-53.
  30. Luburic R., Perovic M., Sekulovic R. (2015), Quality management in terms of strengthening the “three lines of defence” in risk management-process approach, International Journal for Quality Research, 9(2), pp. 243-250.
  31. Marchi L., Greco G. (2016), Percorsi di integrazione tra auditing e controllo di gestione, Management Control, 3, pp. 5-7.
  32. Michelon G., Bozzolan S., Beretta S. (2011), La disclosure sul sistema di controllo interno come meccanismo di monitoraggio: evidenze empiriche da differenti contesti istituzionali, Management Control, 1, pp. 125-149.
  33. Pavan A. (2019), Controllo interno e di gestione nella prospettiva del valore, Management Control, Suppl. 1, pp. 5-12. DOI: 10.3280/MACO2019-SU1001
  34. Persiani N. (2002), Modelli di programmazione e sistemi di controllo interno nella pubblica amministrazione, FrancoAngeli, Milano.
  35. PWC (2017). The three lines of defence model of tomorrow. -- https://www.pwc.nl/nl/assets/documents/pwc-3linesofdefencemodel.pdf (ultimo accesso 20/12/2021).
  36. Ruud T.F. (2019), Reflections on the Three Lines of Defense, EU Internal Audit, November 24th.
  37. Stake R.E. (1995), The art of case study research, Sage, Thousand Oaks, USA.
  38. Udding A. (2016), Three lines of defence: a panacea? -- https://axveco.com/three-lines-of-defence-a-panacea/ (ultimo accesso 20/12/2021).
  39. Yin R.H. (2015), Case study Research. Design and Methods, 5 ed., Sage, Thousand Oaks, USA.

Enrico Guarini, Francesca Magli, Mauro Martinelli, La prospettiva del "Sistema di Controllo Interno Integrato2 nella Pubblica Amministrazione: riflessioni a partire dal caso Regione Lombardia in "MANAGEMENT CONTROL" 2/2022, pp 63-89, DOI: 10.3280/MACO2022-002004