Article
State government internal control frameworks: Lessons from ARMICS
Nov. 14, 2025 · Authored by Christopher Kalafatis, Randy Sherrod, Peter Tsengas
In today’s dynamic public sector environment, internal control frameworks are more than just compliance tools; they’re strategic assets. Whether you're managing fiscal operations, overseeing human resources or safeguarding information technology (IT) systems, a robust internal control framework can elevate your agency’s performance, accountability and resilience. In addition, a strong internal control framework can help limit the opportunity for fraud. One standout example is Virginia’s Agency Risk Management and Internal Control Standards (ARMICS), a program that offers a comprehensive blueprint for risk management and control evaluation across state agencies.
Whether your agency works with state-mandated programs like ARMICS or is considering implementing an internal control framework for the very first time, we invite you to join us as we explore the benefits, challenges, and essential steps of implementing an internal control framework to transform your public sector governance.
Why internal control frameworks matter
Internal control frameworks are structured systems designed to ensure effective and efficient operations, reliable financial reporting and regulatory compliance. In the public sector, where transparency and stewardship are paramount, these frameworks serve as the backbone of impactful governance.
Key benefits
- Structured framework for internal controls: Frameworks like ARMICS provide a clear methodology for identifying, assessing and mitigating risks. This structure promotes consistency across departments and aligns with the Committee of Sponsoring Organizations of the Treadway Commission (COSO) principles.
- Enhanced accountability: By requiring documentation and regular evaluation of controls, agencies foster a culture of responsibility and transparency across all levels (staff and leadership).
- Strategic alignment: Internal controls help agencies align risk management with strategic objectives, improving decision-making and resource allocation.
