Scribd Logo
Upload

Welcome to Scribd!

  • Control, Governance, and Risk Management

    Uploaded by

    Charleene Gutierrez
    94 views4 pages
    must read

    Original Title

    CONTROL, GOVERNANCE, AND RISK MANAGEMENT

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    must read

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    94 views4 pages

    Control, Governance, and Risk Management

    Uploaded by

    Charleene Gutierrez
    must read

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    CONTROL, GOVERNANCE AND RISK MANAGEMENT

    CONTROL
    - as defined by the Institute of Internal Auditors (IIA), “It is the employment
    of all the means devised in an enterprise to promote, direct, restrain, govern and
    check upon its various activities for the purpose of seeing that enterprise
    objectives are met….”

    - as defined by the IIIA Practice Advisory 2100-1, “It is any action taken by
    the management to enhance the likelihood that established objectives and
    goals will be achieved. Controls may be preventive, detective, or directive. The
    concept of a system of internal control is the integrated collection of control
    components and activities that are used by an organization to achieve its
    objective and goals.”
    - as defined by the Committee of Sponsoring Organizations of the Treadway
    Commission (COSO), “Is a process effected by an entity’s board of directors,
    management and other personnel, designed to provide reasonable assurance
    regarding the achievement of objectives in the following categories:
    Effectiveness and efficiency of operations, Reliability of financial reporting,
    compliance with laws and regulations.

    COSO Definition of Control


    1.) Internal Control is a Process
    2.) Internal Control is Effected by People
    3.) Internal Control can be expected to provide only a Reasonable Assurance,
    not Absolute Assurance.
    Limitations on Internal Control:
    - Use of human judgment

    - Controls can be circumvented by collusion


    - Management may inappropriately override controls

    - Cost-benefit consideration
    4.) Internal Control is geared to the Achievement of Objectives in One or More
    Separate but Overlapping Categories

    Components of Internal Control


    1.) Control Environment – the foundation of all other components of internal
    control. It reflects the attitude and actions of the board and management
    regarding the significance of control within the organization. The control
    environment sets the organization’s tone.
    Elements of Control Environment:

    A. Integrity and Ethical Values


    B. Commitment to Competence

    C. Board of Directors or Audit Committee Participation


    D. Management’s Philosophy and Operating Style
    E. Organizational Structure

    F. Assignment of Authority and Responsibility


    G. Human Resource Policies and Practices

    2.) Risk Assessment – is the identification and analysis of relevant risks to


    achievement of objectives, forming a basis for determining how risks should be
    managed.

    3.) Control Activities – are the policies and procedures helping to ensure that
    management directives are executed and actions are taken to address risks
    affecting achievement of objectives. Control devises may be Quantitative or
    Qualitative.
    Elements of Control Activities:
    A. Policy – stated principle that requires, guides, or restricts actions.

    B. Procedures – methods employed to carry out activities in conformity with


    prescribed policies.
    4.) Information and Communication – relevant internal and external information
    should be identified, captured, and communicated in a timely and in
    appropriate forms. Communication of information with the business may take
    many forms and should be two way, both vertically and horizontally.
    Communication of information allows people in the organization to perform their
    duties regarding financial reporting, operations, and compliance.

    5.) Monitoring – is a process that assesses the quality of the system’s performance
    over time. It consists of ongoing monitoring and periodic monitoring. Supervision,
    self-assessments or formal evaluation by internal or external auditors are examples
    of monitoring.

    Types of Control

    As to function they are intended to perform:

    1.) Preventive – are controls intended to deter undesirable events from


    occurring. They are intended to function during an activity or transaction
    because they predict results and take corrective action before the processes are
    completed.
    2.) Detective/ Corrective – are controls that detect and correct undesirable
    events that occurred.

    3.) Directive – are controls that cause or encourage a desirable event to


    occur

    As to nature:
    1.) Financial or Accounting Controls

    2.) Administrative Controls

    Other types:
    1.) Feedback Controls – are controls that obtain information about
    completed activities. They provide information as to whether desired state has
    been attained or maintained.
    2.) Concurrent Control – are controls that adjust ongoing processes. These
    are real time controls that monitor activities.

    3.) Feedforward Controls – are controls that anticipate and prevent


    problems. These controls require long-term perspective.

    Characteristics of Effective Control:


    1.) Economical

    2) Meaningful
    3.) Appropriate
    4.) Congruent

    5.) Timely
    6.) Simple

    7.) Operational

    -End-

    You might also like