SPC’s Risk Management Policy explicitly states that management is responsible for implementing, operating and monitoring the system of internal control, which is designed to provide reasonable but not absolute assurance of achieving business objectives. The approach to internal control includes a number of general and specific risks management processes and policies. The primary control mechanisms are self-appraisal processes in combination with strict accountability for results.