This study examines internal control challenges in Malaysian government projects, drawing on Public Accounts Committee (PAC) reports from 2019 to 2022. The focus on this period stems from the shift in PAC chairmanship from government to opposition, which enhanced perceived independence. However, the literature suggests that the PAC’s success depends more on collaborative decision-making than on the chairman’s political affiliation. Analyzing 29 government agencies across various sectors revealed recurring weaknesses in internal controls. The study employed the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control-Integrated Framework (ICIF) to systematically identify these weaknesses. A content analysis method was used to examine the themes, which were grouped into five ICIF components: control environment, risk assessment, control activities, information and communication, and monitoring. Weaknesses in the control environment include conflicts of interest, compromised ethical values, inadequate governance, and a lack of accountability and transparency. Risk assessment deficiencies were found in financial risk management, procurement and acquisition risks, geopolitical and strategic risks, intellectual property and technology risks, and project management risks. Control activity weaknesses involved poor resource and process management, non-compliance, and flawed decision-making. Information and communication issues included poor documentation, inadequate system integration and data sharing, limited stakeholder engagement, weak communication protocols, and poor information management. Monitoring deficiencies were noted in regulatory compliance, contract management, financial oversight, monitoring systems, and disbursement tracking. Addressing these weaknesses in internal controls is crucial for minimizing the risks of fraud, waste, and loss of public trust