National Public Sector Internal Control Authority

​

Home of the Integrity Protection
Classification (IPC) Rating

 

ISO provides standardized ratings for fire departments, helping risk pools and insurance companies with underwriting decisions. Credit rating agencies (e.g., Fitch, Moody's, and S&P) provide government credit ratings to help others assess a government's risk of default on debt. The National Public Sector Internal Control Authority (NPSICA) is the national authority responsible for classifying public-sector fraud risk vulnerability. This classification rating allows governments to demonstrate leadership in integrity protection, identify what they are doing well, identify their vulnerabilities to real-world fraud risks, and promote trust and accountability with their governing body, external auditors, credit rating agencies, employees, and the public. 

​

Real World Fraud Risks

Public sector organizations face persistent and evolving fraud risks, including embezzlement, ransomware, social engineering, and other misuse of public funds, assets, and systems. These risks affect all public entities and, if not effectively managed, can lead to significant financial losses, operational disruptions, and the erosion of public trust. Even in governments with clean audits, policies in place, and trusted employees, hundreds of embezzlements, ransomware attacks, social engineering schemes, and other fraud incidents occur each year, costing millions of dollars. 

​

Different Than a Financial Statement Audit

Annual financial audits support financial accountability, but they are not designed to identify fraud risks. Audit reports state that auditors do not express an opinion on the effectiveness of an organization’s internal controls, and that the responsibility for establishing and maintaining effective internal controls remains with management. As a result, a clean audit opinion does not indicate that fraud-prevention and fraud-detection controls are appropriately in place or that fraud risks are unlikely to occur or persist without detection. 

​

Integrity Protection Classification (IPC) Rating 

The Integrity Protection Classification (IPC) rating is a proprietary, comprehensive, standardized rating system used to identify and communicate a public-sector organization’s vulnerabilities to real-world fraud risks across seven key areas. These ratings reflect how effectively an organization establishes, applies, and manages controls to protect public funds, assets, and systems from fraud-related events, and how likely such activity is to occur and persist undetected. An Integrity Protection Classification rating is valid for three (3) years from the date of issuance. Governments that improve controls and reduce their fraud risk vulnerabilities can apply for a re-evaluation at any time.  

​​​

The Integrity Protection Classification rating scale ranges from 1 to 9 and reflects increasing levels of fraud risk vulnerability within the public sector organization. Lower IPC ratings indicate stronger fraud protection and a greater likelihood that fraud events will be prevented or detected through robust, best-practice oversight and control activities. Higher IPC ratings indicate elevated fraud risks and a greater likelihood that fraud could occur and remain undetected without targeted intervention.

​

IPC 1 – Superior Fraud Risk Vulnerability Controls
IPC 2 – Excellent Fraud Risk Vulnerability Controls
IPC 3 – Good Fraud Risk Vulnerability Controls
IPC 4 – Moderate Fraud Risk Vulnerability Controls
IPC 5 – Elevated Fraud Risks
IPC 6 – High Fraud Risks
IPC 7 – Severe Fraud Risks
IPC 8 – Extreme Fraud Risks
IPC 9 – Critical Fraud Risks