2. Possible Mgmt.

Manipulation
Internal Control - Circumvention of Controls
- override procedures
MODERN DAY BUSINESSES - Ex: UAAP Tix
Characteristics 3. Collusion (“Sabwatan”)
1. Large – conglomerates - concealing a wrongful act
2. Diversified – SM food, retail, property, hotels - based on incompatible function (has
3. Complex Transactions – due to acct standards opportunity to commit fraud and conceal it)
4. Highly competitive industry - Ex: custodian & accountant
5. Stricter Regulation – to avoid scandals 4. Mistakes in Judgment
6. Large liabilities w/ stringent conditions by creditors - errors in judgment
7. Globalized – multinational 5. Human Factor
- errors due to collusion, carelessness, fatigue
DEFINITION OF INTERNAL CONTROL or misunderstanding of instructions
• “An entity’s internal control structure consists of the 6. Projection Risk
policies and procedures established to provide - obsolescence of IC system due to evolving
reasonable assurance that specific entity - what was effective before may not be
objectives will be achieved.” effective for the future
• provides reasonable assurance, not absolute Bottomline: There is no perfect IC structure.
assurance
INTERNAL CONTROL STRUCTURE ELEMENTS
• to minimize the risk of material misstatement
Control Environment
OBJECTIVES OF INTERNAL CONTROL
1. To promote efficiency in operations
- avoid defects, spoilage, etc.
2. To encourage adherence to managerial policies
3. To check accuracy & reliability of financial reports
- auditor wants to see what affects FS
4. To safeguard assets CONTROL ENVIRONMENT
- avoid theft of cash, inventory • “tone at the top”
• umbrella that connects all other elements
Administration Control Accounting Control (1 & 2) • has a collective impact: if control envi is effective,
“comprise the plan of org. and the rest are also effective
“include, but are not limited to the procedures and records
• the culture, attitude and awareness of mgmt. and
the plan of org. and that are concerned w the
procedures and records that safeguarding of assets and the those charged w/ governance of IC
are concerned w the decision reliability of financial records • Factors contributing to effectiveness of the control
process leading to mgmt’s and consequently are envi:
authorization of transactions.” designed to provide 1. Mgmt. Philosophy and Operating Style
reasonable assurance that: - Philosophy: reflects the mgmt.’s attitude
1. To promote operational concerning controls
3. To check accuracy & reliability
efficiency
2. To encourage adherence to
of financial reports - eg: committed leadership, personality of the indiv
4. To safeguard assets (charismatic, authoritative)
managerial policies
By hiring qualified employees, By executing transactions w - Operating Style: reflects the mgmt.’s attitude
customers receive high-qual given specific/general toward taking business risks; aggressive or
goods, seminars/workshops, authorization, access to assets passive on meeting objectives
control over sales activities. only w/ mgmt.’s authorization - eg: if aggressive in meeting target of twice sales
increase, may result in control override or
BASIC CONCEPTS OF INTERNAL CONTROL collusion just to meet this goal
- eg: if passive in meeting target, may lead to lax
MANAGEMENT RESPONSIBILITIES employees or net loss
• in charge of effective IC as to setting up and 2. Organizational Structure
maintaining an effective IC system - relationship, lines of authority and scopes of
• Auditor needs to IC to understand, assess and responsibilities of org. units
evaluate the NTE of procedures - why is this necessary for auditors? to know who
to report to, to find out incompatible functions
REASONABLE ASSURANCE - Types of Incompatible Functions:
• Cost-Benefit consideration a. Authorization (who approves & who executes)
• Cost of IC should not exceed the benefits expected b. Execution (who issues checks & who purchases inv)
c. Recording (who issues checks & who records)
INHERENT LIMITATION OF INTERNAL CONTROL d. Custody (who receives inventory & who keeps inv)
1. Cost-Benefit Consideration - Solid line: direct; Dotted line: indirect; No line: X

3. Functioning of the Audit Committee
- Audit Committee: composed of members of the
board who are not officers of the entity helps the
board in discharging its responsibilities
particularly in overseeing accounting & financial
reporting policies and practices
- Independent view of the company
- appoints auditor, puntahan ng auditor, calls
attention of mgmt., safeguards the auditor
- Ineffectiveness/Lack may adversely affect the
control envi
4. Methods of Assigning Authority & Responsibility
- proper assignment of authority and responsibility
is achieved through a clear organizational
structure w proper delegation
- there should be strict compliance w code of
conducts that deal w business practices and
conflicts of interest
- eg: Specific job descriptions to clarify different
responsibilities w/in the entity
5. Mgmt. Control Methods
- relate to frequent evaluation of entity’s
performance whether they are hitting targets
- Responsibility Centers:
a. Cost Center: purchasing, legal, HR
b. Revenue Center: achieve objective of
company, more revenue
c. Profit Center: both revenue & cost
d. Investment Center: revenue, cost, profit, any
asset
- Tools: budgets, key performance indicators,
mission and vision, balance scorecard
- Management Control Systems:
o Define responsibility centers responsible for
specific targets
o Establish methods to measure actual
performance & variances from planned
performance (e.g. monthly reporting)
o Investigate variances & take corrective action
6. Personnel Policies & Practices
- objectives of IC are achieved based on
competence and integrity of personnel
- Auditor’s way to appraise the quality of client
personnel’s work to observe their work.
1) Forced vacation/leave – to know irregularities
2) Annual personal rotation – change of branch
3) Bonding of employees in trust position –
insurance against loss from dishonest employees
(usually high positions)
7. Various External Influences
- impact of gov’t regulation on entity’s operations
- stricter gov’t regulation, more effective IC
- non-observance may lead to criminal/civil
offense, ipasara, payment of fees
I. INFORMATION & COMMUNICATION
• Accounting system is the form, records,
procedures and devices used to process and
record transactions resulting in the accumulation
of account balances that are to be used for
financial and managerial reporting.
• the business process related to the financial
reporting system – accounting to record, process
and report business transactions and events
II. CONTROL ACTIVITIES
• An entity may have a very strong or effective
control envi and an adequate accounting system
and yet, its internal control structure does not
operate effectively.
• Control Procedures:
1. Assurance that only authorized transactions are
executed.
- authorization of transactions must come from
BOD
- routine decisions re. operations may be
delegated to mgmt.
A. General Authorization
o pertains to any transaction that conforms to
a specified condition
B. Specific Authorization
o pertains to a single/specific transaction
- Authorizations are issued by the proper officer
acting w/in his/her scope of authority.
- The transactions executed complied w terms of
authorization.
- Validity of the transactions recorded in the FS
may depend if an officer acted w/in authority.
- Authority is normally referred in board resos & by
reading job responsibility
2. Appropriate segregation of functional duties.
- limit the opportunities for fraudulent act
- no person should have control of two or more
functional responsibilities
- Incompatible Functions: a person can commit an
irregularity and conceal it, thus functions must be
delegated to different persons
a. Authorization
- based on general or specific authority
- must come from BOD first; routine decisions
on ope may be delegated to mgmt.
- refer to board reso or job responsibility
b. Execution
- ensure that transactions are executed w/in
bounds of given authority
- steps: authorization, initiation, approval,
execution and recording
c. Recording
- record transactions as they aspire
- only properly approved & executed should
be recorded
- risk of recording fictitious transactions if
there is no system of proper approval &
execution
d. Custody
- maintenance of records of accountabilities
for assets and a periodical recon w actual
assets
- eg. petty cash custodian for PCF, monthly
PCF count
 - periodic reconciliation to determine
accountability cs. actual assets in custory
(monthly PCF cound)
- system of investigating & resolving
discrepancies
3. Adequate documents and records to help ensure
proper recording of transactions and events.
- Accurate and reliable financial reporting depends,
to a large extent, on the adequacy of documents
and other acct records.
- Transactions are initially recorded in source
documents. As transaction occurs, proper
document should be prepared to reflect the
nature & authorization.
- to efficiently indicate that the transactions
followed standard procedures
- Audit Trail
o physical documents present in a particular
transaction
o source document à acct records à FS
- Auditors determine whether audit trail is complete
by reviewing the policy manuals in authorizing,
executing and recording.
- Chart of Accounts
o complete list of accounts used by the entity
& informative details like account
code/number, account description, how to
use
o facilitates efficient and uniform recording
4. Limited access to assets and records.
- limit access only to authorized personnel
- adequate physical control over certain valuable
forms & documents such as blank forms and
accounting records to allow assignment of
responsibilities
A. Direct Access to Assets
o actual use or misappropriation of assets
o ex: clarification (?) of cash or invty items
B. Indirect Access to Assets
o use of documents to manipulate or
misappropriate assets
o ex: using blank check to misappropriate
cash
5. Provision for periodical review to determine
compliance and necessary revision.
- compliance w control policies & procedures
should be monitored on a continuing basis to
have an assurance that the control system
continues to function effectively
- if the comparison reveals that the recorded
accountability & actual assets do not agree, it
indicates an error or a possible concealment of
an irregularity
- MONITOR AT REGULAR INTERVALS
o determine if control policies and
procedures are still functioning effectively
o whether it can still detect irregulation on a
timely basis
o system of reconciling accountabilities w
actual assets in custody
o investigate, report and resolve deficiencies
- What can be the cause of the discrepancy?
How to resolve errors or irregularities noted
during the monitoring process?
Factors that affect the frequency of monitoring?
- ex: presence of internal audit function, to avoid
opportunity to conceal the irregularity committed,
system of corrective measures should be there
INTERNAL CONTROL IN SMALL BUSINESS
• Disadvantage: not have enough number of
employees to effect proper segregation of duties &
responsibilities
• Owner’s active participation in managing the
business’ affairs can help mitigate the risk of
irregularities
• Risk of loss caused by irregularities can be
eliminated if the owner is doing all the work, though
it is impractical most of the time.
CONSIDERING INTERNAL CONTROL
IN A FINANCIAL STATEMENT AUDIT
• Misstatement
o error or irregularity that either individually or
when aggregated with other errors or
irregularities would be material to the FS as a
whole
• Audit Risk = Inherent x Control x Detection
• Auditor’s Objective:
o to evaluate the effectiveness of IC in
preventing or detecting misstatements
• Auditor does not provide an opinion as to the
effectiveness of the ICs, rather it evaluates
whether it is effective in preventing misstatements
to occur in the FS.
• Assessment of Control Risk affects NTE of
substantive tests year-end
OBTAINING AN UNDERSTANDING
OF INTERNAL CONTROL STRUCTURE
• In planning the audit, the auditor should perform
procedures to obtain knowledge about the design
of the internal control structure and determine
whether relevant policies and procedures have
been placed in operation.
• How? Previous expi w company, prior year working
papers, inquiries of personnel, inspection of docu &
other acct records, direct observation of
procedures
A. Control Envi
o obtain knowledge abt mgmt’s and BOD’s
attitude, awareness and actions about control
envi
o ex: lack of oversight from BOD or actions from
mgmt. may cast doubts abt reliability of acctg
data
B. Accounting System
o adequate & well-organized is essential in
producing reliable financial data that
accurately reflect assertions of mgmt.
 o info to be gathered by the auditors by
understanding the entity’s acctg. system
C. Control Procedures
o Since most control procedures are integrated
into the control envi & acctg system,
knowledge abt control procedures can be
obtained while obtaining an understanding of
the other two control elements.
o important to understand policies and
procedures that are significant enough to
prevent misstatements in FS
TRANSACTION CYCLES
• Transaction Cycles
o policies and procedures for processing a grp
of related transactions through the acctg
system
• Understanding the acctg. system will provide
knowledge abt entity’s transaction cycles
• Most auditors go by transactions cycles, and not by
individual accounts.
DIFFERENT CYCLES
1. Treasury-Financing Cycle
- Capital Expenditure Cycle
- capital stocks, bank loans, bonds payable,
investments
2. Purchasing-Disbursement Cycle
- Expenditure Cycle
- acquisition of raw materials, machineries,
services, similar transaction
3. Payroll Cycle
- direct labor, salaries, withholding taxes,
collective bargaining agreement provisions
4. Conversion Cycle
- Production Cycle
- materials, storage, materials in process,
costing of sales & invty
5. Revenue-Receipt Cycle
- sales, AR, cash receipts
DOCUMENTING THE UNDERSTANDING
OF THE INTERNAL CONTROL STRUCTURE
• must be documented in the working papers
• more complex IC structure and more extensive
procedures performed to obtain the understanding
à more extensive documentation
IC QUESTIONNAIRE (ICQ) METHOD
- series of questions answerable by “Yes”, “No”, “Not
Applicable”
- Yes: satisfactory control
No: potential weakness (errors or irregularities)
Advantages Disadvantages
Easy to accomplish May contain many
irrelevant controls
IC weakness easily “Not Applicable” is not
detected by “No” answer helpful in evals
NARRATIVE MEMORANDUM METHOD
- written description of the control procedures of an
entity
Advantages Disadvantages
Can adapt to diff. types of May not be direct to the
businesses point
Time consuming
FLOWCHART METHOD
- graphic display of the origin, processing and
distribution of documents and segregation of
functional duties
- graphical approach to understanding the IC
structure of the entity
- Flowcharts allow the graphical presentation of the
logical sequence of each IC process w/in the entity
Advantages Disadvantages
For entities w/ Time consuming
computerized systems
PERFORMING A WALK-THROUGH TEST
(TRANSACTION WALKTHROUGH)
• process of understanding the entity’s IC structure
by examining a transaction and trace its
processing from start to finish
• Walkthroughs
o to determine if the auditor’s understanding of
the IC structure is correct/accurate
ASSESSING CONTROL RISK
(TEST OF CONTROLS)
• auditor’s evaluation of the effectiveness of the
internal control policies & procedures in preventing
or detecting material misstatements in the FS
• Control risk (CR) for each relevant assertion may
be assessed either at the max or at less than the
max level
ASSESSING CR AT THE MAX LVL
- no reliance on the entity’s IC structure to prevent
material misstatements in FS
- cause: significant weaknesses in control envi &
accounting system
- testing control would not restrict the extent of
substantive tests at year-end
- omit tests of controls (irrelevant)
- substantive test at year-end w/ increased scope
ASSESSING CR AT LESS THAN THE MAX LVL &
PERFORMNG TESTS OF CONTROLS
- intention to rely on the effectiveness of the entity’s
IC structure to prevent material misstatements in
the FS
- perform test of controls to provide basis for
reliance
- Test of Controls provide evidence as to:
1. Effectiveness of design policies & procedures
2. Operating effectiveness of such policies &
procedures
- Results of TOCs determine the NTE of substantive
tests
- Procedures in TOC
Design 1. Inquiries of appropriate personnel
Effectiveness 2. Inspection of documents & reports
 3. Observation of the application of • results of TOCs determine the NTE of year-end
specific internal control structure procedures
policy or procedure What if based on the results of TOC, the auditor
Operational concluded that his reliance on IC structure is wrong,
4. Reperformance of procedures
Effectiveness what should the auditor do?
• Substantive Test Procedures à Adjust the NTE of substantive procedures in the audit
o test of controls that are detailed tests of program
balances
o Objective: to test the existence of the
transaction and accuracy of amount
• Dual-Purpose Test COMMUNICATING IC STRUCTURE DEFICIENCES
o TOC + Substantive Test
o very efficient test of transaction DANGER SIGNALS
- indications of a breakdown/weaknesses in IC
• Reportable Conditions
AUDIT EVIDENCE IN TEST OF CONTROLS o deficiencies in IC Structure
o must be communicated to the senior mgmt. &
TYPES OF EVIDENCE BOD (its audit committee)
Without Audit Trail • Material Weakness in the IC
- inquiry & observation o a significant IC deficiency
With Audit Trail • Management Letter
- inspection & performance o auditor’s written communication of reportable
conditions, esp. that have material impact in
SOURCE OF EVIDENCE the FS
- indirectly < directly by auditor o not req’d to suggest corrective measures how
- inquiry of mgmt. < auditor’s personal observation to correct or rectify

TIMELINESS OF EVIDENCE
- Normally, TOC is done during the interim period;
hence, update assessment of controls for the
remaining period
1. When the audit evidence was obtained.
2. The portion of the audit period the evidence
applies.

INTERRELATIONSHIP OF EVIDENTIAL MATTER

- auditor should consider the aggregate effect of
various evidential matter obtained in evaluation

DOCUMENTING THE ASSESSMENT OF CR

• for the NTE of documentation

SUMMARY OF PROCEDURES IN CONSIDERING

INTERNAL CONTROL IN A FS AUDIT
1. Obtain an understanding of the IC structure
elements
2. Document the understanding using the ff tools:
3. For each relevant assertion pertaining to a
significant account balance or transaction class,
assess CR based on knowledge obtained in the
understanding of the IC structure elements.
4. CR max lvl
• no further TOCs
• no reliance on IC
• extensive year-end procedures
CR less than max lvl:
• provide basis for reliance
• perform TOCs