operational and financial performance goals, and
MODULE 7 (CHAPTER 13) -
INTERNAL CONTROL
OVERVIEW OF INTERNAL CONTROL
NATURE AND PURPOSE OF INTERNAL
CONTROL
Internal Control
● is the process designed and effected by those
charged with governance, management and other
personnel to provide reasonable assurance
about the achievement of the entity's objectives
with regard to reliably on financial reporting,
effectiveness and efficiency of operations and
compliance with applicable laws and
regulations.
● It follows that internal control is designed and
implemented to address identified business
risks that threaten the achievement of any of
these objectives.
COSO DEFINITION
Committee of Sponsoring Organizations (COSO)
Internal control is a process, effected by an entity’s
board of directors, management, and other personnel,
designed to provide reasonable assurance regarding the
achievement of objectives relating to operations,
reporting, and compliance.
Those objectives fall into three categories: (REC)
● Reliability of the entity's financial reporting
● Effectiveness and efficiency of operations
● Compliance with applicable laws and
regulations
Whether an entity achieves its objectives relating to
financial reporting and compliance is determined by
activities within the entity's control. However, achieving
its objectives relating to operations will depend not only
on management's decisions but also on competitor's
actions and other factors outside the entity.
Focuses on Three Objectives (ORC)
● Operations Objectives - The effectiveness and
efficiency of the entity's operations, including
safeguarding assets against loss.
● Reporting Objectives - The internal and
external financial and non-financial reporting.
● Compliance Objectives - The adherence to
laws and regulations to which the entity is
subject.
INTERNAL CONTROL SYSTEM DEFINED
Internal control system means all the policies and
procedures (internal controls) adopted by the
management of an entity to assist in achieving
management's objective of ensuring, as far as
practicable:
● the orderly and efficient conduct of its business,
including adherence to management policies,
● the safeguarding of assets,
● the prevention and detection of fraud and error,
● the accuracy and completeness of the accounting
records, and the
● timely preparation of reliable financial
information.
FIVE COMPONENTS (CRCIM)
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring
COSO I
The first COSO model introduced the definitions of
Internal Control and five components

COSO II
COSO II focus on internal control in the context of risk
management
COSO III
COSO III introduces a principles based approach and
the need for regular monitoring
ELEMENTS OF INTERNAL CONTROL (SNGO)
Control structures vary significantly from one company
to the next. Factors such as size of the business, nature
of operations, the geographical dispersion of its
activities, and objectives of the organization affect the
specific control features of an organization. However,
certain elements or features must be present to have a
satisfactory system of control in almost any large scale
organization.
The internal control system extends beyond these
matters which relate directly to the functions of the
accounting system and consists of the following
components:
a. the control environment;
b. the entity's risk assessment process;
c. the information system, including the related
business processes, relevant to financial
reporting, and communication;
d. control activities;
e. monitoring of controls.
- Action & Attitude
FIVE COMPONENTS
1. Control Environment Principles
● The organization demonstrates a commitment to
integrity and ethical values.
● The board of directors demonstrates
independence from management and exercises
oversight of the development and performance
of internal control.
● Management establishes, with board oversight,
structures, reporting lines, and appropriate
authorities and responsibilities in the pursuit of
objectives.
● The organization demonstrates a commitment to
attract, develop, and retain competent
individuals in alignment with objectives.
● The organization holds individuals accountable
for their internal control responsibilities in the
pursuit of objectives.
2. Risk Assessment Principles
● The organization specifies objectives with
sufficient clarity to enable the identification and
assessment of risks relating to objectives.
● The organization identifies risks to the
achievement of its objectives across the entity
and analyzes risks as a basis for determining
how the risks should be managed.
● The organization considers the potential for
fraud in assessing risks to the achievement of
objectives.
● The organization identifies and assesses
changes that could significantly impact the
system of internal control.
3. Control Activities Principles
● The organization selects and develops control
activities that contribute to the mitigation of
risks to the achievement of objectives to
acceptable levels.
● The organization selects and develops general
control activities over technology to support the
achievement of objectives.
● The organization deploys control activities
through policies that establish what is expected
and procedures that put policies into action.
4. Information and Communication Principles
● The organization obtains or generates and uses
relevant, quality information to support the
functioning of internal control.
● The organization internally communicates
information, including objectives and
responsibilities for internal control, necessary to
support the functioning of internal control.
● The organization communicates with external
parties regarding matters affecting the
functioning of internal control.
5. Monitoring Activities Principles
● The organization selects, develops, and
performs ongoing and/or separate evaluations
to ascertain whether the components of internal
control are present and functioning.
 ● The organization evaluates and communicates
internal control deficiencies in a timely manner
to those parties responsible for taking
corrective action, including senior management
and the board of directors, as appropriate.
Design - is how you plan the risk, maglagay ng approval
Problem: Daily time record nadadaya, time in & time
out hindi namomonitor
Control:
- Ung card swipe swipe, ID Scan
Monitor:
- Meron pala na maaga time in pero wala pa
talaga sa work
Effective Internal Control
● Requires that each of the five components and
relevant principles is present and functioning.
● "Present" - the components and relevant
principles exist in the design and
implementation of the system of internal control.
● "Functioning" - the components and relevant
principles continue to exist in the operations
and conduct of the system of internal control to
achieve specified objectives.
● That the five components operate in an
integrated and interdependent manner.
“Dapat both present AND functioning.”
Internal Control Results in:
Reasonable assurance that the organization:
● Achieves effective and efficient operations
● Understands the extent to which operations are
managed effectively and efficiently when
external events may have a significant impact
on the achievement of objectives
● Prepares reports in conformity with applicable
rules. regulations. and standards or with the
entity's specified reporting objectives
● Complies with applicable laws, rules,
regulations, and external standards
LIMITATIONS
Internal control cannot prevent bad judgment or
decisions, or external events that can cause an
organization to fail to achieve its operational goals. Their
are inherent limitations from
● Faulty human judgment in decision making
● Human failures such as simple errors
● Ability of management to override internal
control
● Ability of management, other personnel, and/or
third parties to circumvent controls through
collusion
● External events beyond the organization’s
control
The importance of Internal Control to Internal
Auditors
● Internal Audit cannot provide assurance on
internal control if auditors do not understand of
the main elements of internal control
● Internal Auditors need a thorough
understanding of the different ways of ensuring
effective internal control and the type and nature
of controls in operation for example,
Preventative and Detective Controls
● An understanding of the three lines of Defence
Model can help IA explain the different roles of
IA and management in maintaining effective
internal control
● Internal Audit can help managers understand
that internal control is not just financial control
but Managerial Control in general
The Three Lines of Defence Model
● The First line of Defence
- direct operation of controls by
management (the employees)
● The Second line of Defence
- monitoring and oversight of controls by
management
● The Third line of Defence
- review of the effectiveness of controls
by audit and evaluation
======
A. CONTROL ENVIRONMENT
The control environment which means the overall
attitude, awareness and actions of directors and
management regarding the internal control system and
its importance in the entity. The control environment has
an effect on the effectiveness of the specific control
procedures. A strong control environment, for
example, one with tight budgetary controls and an
effective internal audit function, can significantly
complement specific control procedures. However, a
strong environment does not, by itself, ensure the
effectiveness of the internal control system. Factors
reflected in the control environment include:
● The function of the board of directors and its
committees;
● Management's philosophy and operating style;
● The entity's organizational structure and
methods of assigning authority and
responsibility;
● Management's control system including the
internal audit function, personnel policies and
procedures and segregation of duties.
The environment in which internal control operates has
an impact on the effectiveness of the specific control
procedures. Several factors compromise the control
environment, including:
1. Communication and Enforcement of Integrity
and Ethical Values
2. Commitment to Competence
3. Participation by those Charged with Governance
4. Management's Philosophy and Operating Style
5. Organizational Structure
6. Assignment of Authority and Responsibility
7. Human Resources Policies and Procedures
1. Communication and Enforcement of Integrity
and Ethical Values
Integrity and ethical values are essential
elements of the internal control environment.
They affect the design, administration, and onner
components of internal control. An entity's
ethical and behavioral standards and the manner
in which it communicates and reinforces them
determine the entity's integrity and ethical
behavior. Integrity and me values include
management's actions to remove or reduce
incentives and temptations that might prompt
personnel to engage in dishonest, megal, or
unethical acts. They also include the
communication of entity values and behavioral
standards to personnel through policy
statements, a code of conduct, and
management's example of appropriate behavior.
2. Commitment to Competence
Competence is the knowledge and skills
necessary to accomplish tasks that define an
employee's job. Commitment to competence
means that management considers the
competence levels for particular jobs in
determining the skills and knowledge required
of each employee and that it hires employees
competent to perform the tasks.
3. Participation by those Charged with
Governance
An entity's control consciousness is influenced
significantly by those charged with governance.
Attributes of those charged with governance
include independence from management, their
experience and stature, the extent of their
involvement and scrutiny of activities, the
appropriateness of their actions, the information
they receive, the degree to which difficult
questions are raised and pursued with
management and their interaction with internal
and external auditors. The importance of
responsibilities of those charged with
governance is recognized in codes of practice
and other regulations or guidance produced for
the benefit of those charged with governance.
Other responsibilities of the governance include
(1) oversight of the design and effective
operation of whistleblower procedures and the
process for (2) reviewing the effectiveness of
the entity's internal control.
4. Management's Philosophy and Operating
Style
This refers to management's attitude towards
(a) business risk,
(b) financial reporting,
(c) meeting budget, profit and other
established goals
which all have an impact on the reliability of the
financial statements. Management's approach to
taking and monitoring business risks, its
conservative or aggressive selection from
alternative accounting principles, its
conscientiousness and conservatism in
developing accounting estimates, and its attitude
toward information processing and the
 accounting function and personnel are factors
that affect the control environment.
5. Organizational Structure
The responsibilities and authorities of the
various personnel within the organization should
be established in such a manner as to (1) assist
the entity in meeting its goals and objectives and
(2) ensure that transactions are processed,
recorded, summarized and reported in an
accurate and timely manner. Organizational
structure provides the overall framework for
planning, directing and controlling operations.
6. Assignment of Authority and Responsibility
Personnel within an organization need to have a
clear understanding of their responsibilities and
the rules and regulations that govern their
actions. Management may develop job
descriptions, computer system documentation.
It may also establish policies regarding
acceptable business practice, conflicts of interest
and code of conduct.
7. Human Resources Policies and Procedures
Perhaps the most important element of an
internal accounting control system is the
PEOPLE who perform and execute the
established policies and procedures. Personnel
policies should be adopted by the client to
reasonably ensure that only capable and honest
persons are hired and retained. Policies with
respect to employee selection, training, and
supervision should be adopted and implemented
by the client. The selection of competent and
honest personnel does not automatically assure
that errors or irregularities will not occur.
However, adequate personnel policies, coupled
with the design concepts suggested earlier in this
section, enhance the likelihood that the client's
policies and procedures will be followed.
B. ENTITY'S RISK ASSESSMENT PROCESS
Risk Assessment is the "identification, analysis, and
management of risks pertaining to the preparation of
financial statements". For example risk assessment may
focus on how the entity considers the possibility of
transactions not being recorded or identifies and assesses
significant estimates recorded in the financial statements.
An entity's risk assessment process is its process for
domino responding to business risks and the results
thereof. For financial reporting purposes, the entity's risk
assessment process includes how management identifies
risks relevant to the preparation of financial statements
that are presented fairly, in all material respects in
accordance with the entity applicable financial reporting
framework, estimates their significance, assesses the
likelihood of their occurrence, and decides upon actions
to manage them. For example, the entity's risk
assessment process may address how the entity considers
the possibility of unrecorded transactions or identifies
and analyzes significant estimates recorded in the
financial statements. Risks relevant to reliable financial
reporting also relate to specific events or transactions.
Risks relevant to financial reporting include external
and internal events and circumstances that may occur
and adversely affect an entity's ability to initiate, record,
process, and report financial data consistent with the
assertions of management in the financial statements.
Once risks are identified, management considers their
significance, the likelihood of their occurrence, and how
they should be managed. Management may initiate
plans, programs, or actions to address specific risks or it
may decide to accept a risk because of cost or other
considerations.
Risks can arise or change due to circumstances such as
the following:
● Changes in operating environment. Changes
in the regulatory or operating environment can
result in changes in competitive pressures and
significantly different risks.
● New personnel may have a different focus on or
understanding of internal control.
● New or revamped information systems.
Significant and rapid changes in information
systems can change the risk relating to internal
control.
● Rapid growth. Significant and rapid expansion
of operations can strain controls and increase the
risk of a breakdown in controls.
● New technology. Incorporating new
technologies into production processes or
information systems may change the risk
associated with internal control.
● New business models, products, or activities.
Entering into business areas or transactions with
 which an entity has little experience may
introduce new risks associated with internal
control.
● Corporate restructurings. Restructurings may
be accompanied by staff reductions and changes
in supervision and segregation of duties that may
change the risk associated with internal control.
● Expanded foreign operations. The expansion
or acquisition of foreign operations carries new
and often unique risks that may affect internal
control, for example, additional or changed risks
from foreign currency transactions.
● New accounting pronouncements. Adoption of
new accounting principles or changing
accounting principles may affect risks in
preparing financial statements.
The basic concepts of the entity's risk assessment
process are relevant to every entity, regardless of size,
but the risk assessment process is likely to be less
formal and less structured in small entities than in
larger ones. All entities should have established
financial reporting objectives, but they may be
recognized implicitly rather than explicitly in small
entities. Management may be aware of risks related to
these objectives without the use of a formal process but
through direct personal involvement with employees and
outside parties.
Considerations Specific to Smaller Entities
Many small entities are carried out entirely by the
engagement partner (who may be a sole practitioner).
In such situations, it is the engagement partner who,
having personally conducted the planning of the audit,
would be responsible for considering the susceptibility
of the entity's financial statements to material
misstatement due to fraud and error.
C. INFORMATION SYSTEM, INCLUDING THE
BUSINESS PROCESSES FINANCIAL
REPORTING AND COMMUNICATION
An information system consists of infrastructure
(physical and), software, people, procedures, and data.
Infrastructure and software will be absent, or have less
significance, in system exclusively or primarily manual.
Many information systems make use of IT.
The Information System, Including Related Business
Processes, Relevant to Financial Reporting
The information system relevant to financial reporting
objectives, which includes the accounting system,
consists of the procedures and records designed and
established to:
● Initiate, record, process, and report entity
transactions (as well as events and conditions)
and to maintain accountability for the related
assets, liabilities, and equity;
● Resolve incorrect processing of transactions, for
example, automated suspense files and
procedures followed to clear suspense items out
on a timely basis;
● Process and account for system overrides or
bypasses to controls;
● Transfer information from transaction
processing systems to the general ledger;
● Capture information relevant to financial
reporting for events and conditions other than
transactions, such as the depreciation and
amortization of assets and changes in the
recoverability of accounts receivables; and
● Ensure information required to be disclosed by
the applicable financial reporting framework is
accumulated, recorded, processed, summarized
and appropriately reported in the financial
statements.
Journal Entries
An entity's information system typically includes the use
of standard journal entries that are required on a
recurring basis to record transactions. Examples might
be journal entries to record sales, purchases, and cash
disbursements in the general ledger, or to record
accounting estimates that are periodically made by
management, such as changes in the estimate of
uncollectible ac receivable.
An entity's financial reporting process also includes the
use of non-standard journal entries to record
non-recurring, unusual transactions or adjustments."
Examples of such entries include consolidating
adjustments and entries for a business combination or
disposal or nonrecurring estimates such as the
impairment of an asset. In manual general ledger
systems, non-standard journal entries may be identified
through inspection of ledgers, journals, and supporting
documentation. When automated procedures are used to
maintain the general ledger and prepare financial
statements, such entries may exist only in electronic
form and may therefore be more easily identified
through the use of computer assisted audit techniques.
Related Business Processes
An entity's business processes are the activities
designed to:
● Develop, purchase, produce, sell and distribute
an entity's products and services;
● Ensure compliance with laws and regulations;
and
● Record information, including accounting and
financial reporting information.
Business processes result in the transactions that are
recorded, processed and reported by the information
system. Obtaining an understanding of the entity's
business processes, which include how transactions are
originated, assists the auditor obtain an understanding of
the entity's information system relevant to financial
reporting in a manner that is appropriate to the entity's
circumstances.
Accordingly, an information system encompasses
methods and records that:
● Identify and record all valid transactions.
● Describe on a timely basis the transactions in
sufficient detail to permit proper classification of
transactions for financial reporting.
● Measure the value of transactions in a manner
that permits recording their proper monetary
value in the financial statements.
● Determine the time period in which transactions
occurred to permit recording of transactions in
the proper accounting period.
● Present properly the transactions and related
disclosures in the financial statements.
Communication involves providing an understanding
of individual roles and responsibilities pertaining to
internal control over financial reporting. It includes an
understanding of individual roles and the extent to which
personnel understand how their activities in the reporting
information system relate to the work of others and the
means of reporting exceptions to an appropriate higher
level within the entity. per communication channels help
ensure that exceptions are reported and acted on.
Communication takes such forms as policy manuals,
accounting and financial reporting manuals, and
memoranda (3) Communication also can be made
electronically, orally, and through the actions of
management. (EOA)
Application to Small Entities
Information systems and related business processes
relevant to financial reporting in small entities are
likely to be less formal than in larger entities but their
role is just as significant. Small entities with active
management involvement may not need extensive
descriptions of accounting procedures, sophisticated
accounting records, or written policies. Communication
may be less formal and easier to achieve in a small
entity than in a larger entity due to the small entity's size
and fewer levels as well as management's greater
visibility and availability.
D. CONTROL ACTIVITIES
Control activities are the policies and procedures that
help ensure that management directives are carried
out, for example, that necessary actions are taken to
address risks that threaten the achievement of the entity's
objectives. Control activities, whether within IT or
manual systems, have various objectives and are applied
at various organizational and functional levels.
The major categories of control procedures are: (PIP)
A. Performance Review
B. Information Processing Controls
1) Proper authorization of transactions and
activities
2) Segregation of duties
3) Adequate documents and records
4) Safeguards over access to assets; and
5) Independent checks on performance
C. Physical controls
A brief discussion of these control procedures follows:
A. Performance Review
In a performance review management uses accounting
and operating data to assess performance, and it then
takes corrective action. Such reviews include:
● comparing actual performance (or operating
results) with budgets, forecasts, prior period
performance, or competitors' data or tracking
major initiatives such as cost-containment or
cost-reduction programs to measure the extent to
which targets are being met.
 ● investigating performance indicators based on
operating or financial data, such as quantity or
purchase price variances or the percentage of
returns to total orders.
● reviewing functional or activity performance,
such as relating the performance of a manager
responsible for a bank's consumer loans with
some standard, such as economic statistics or
targets.
Personnel at various levels in an organization may make
performance reviews. Performance reviews may be used
by managers for the sole purpose of making operating
decisions. For example, managers may analyze
performance data and base operating decisions on them
because the data are consistent with their expectations.
This type of review improves the reliability of the
data. However, when managers follow up on
unexpected results determined by a financial reporting
system, performance reviews become a useful control
over financial reporting.
B. Information Processing Controls
Information processing controls are policies and
procedures designed to require authorization of
transactions and to ensure the accuracy and
completeness of transaction processing.
Control activities may be classified according to the
scope of the system they affect.
General controls are control activities that prevent or
detect errors or irregularities for all accounting
systems. General controls affect all transaction cycles
and apply to information processing as a center,
hardware and systems software acquisition and
maintenance, and backup and recovery procedures.
Application controls that pertain to the processing of that
pertain to the processing of a specific type of Transaction,
such a payroll, or sales and collections. These controls
help ensure that transactions that occurred, are
authorized, completely and accurately recorded and
processed. Examples of application controls include
checking the arithmetical accuracy of records, maintaining
and reviewing accounts and trial balances, automated
controls such as input data and numerical sequence checks,
and manual follow-up of exception reports.
General IT controls are policies and procedures that relate
to many applications and support the effective functioning
of application controls by helping to ensure the continued
proper operation of information systems. General
IT-controls commonly include controls over data center
and network operations; system software acquisition,
change and maintenance; access security; and application
system acquisition, development, and maintenance. These
controls apply to mainframe, miniframe, and end-user
environments. Examples of such general IT-controls are
program change controls, controls that restrict access to
programs or data, controls over the implementation of new
releases of packaged software applications, and controls
over system software that restrict access to or monitor the
use of system utilities that could change financial data or
records without leaving an audit trail.
Internal controls relating to the accounting system are
concerned with achieving objectives such as:
● Transactions are executed in accordance with
management's general or specific authorization.
● All transactions and other events are promptly
recorded in the correct amount, in the appropriate
accounts and in the proper accounting period so as
to permit preparation of financial statements in
accordance with an identified financial reporting
framework.
● Access to assets and records is permitted only in
accordance with management's authorization.
● Recorded assets are compared with the existing
assets at reasonable intervals and appropriate
action is taken regarding any differences.
Control activities related to the processing of
transactions may be grouped as follows: (ADC)
(1) proper authorization,
(2) design and use of adequate documents and records,
and
(3) independent checks on performance,
1. Proper authorization of transactions and activities
As suggested earlier, authorization for the execution of
transactions flows from the stockholders to management
and its subordinates. Before a transaction is entered into
with another party, certain conditions must usually be met.
As part of the evaluation of the potential transaction,
documentation will be created. The auditor uses this
documentation to determine whether business transactions
are properly authorized. For example, the purchase of
inventory may create a purchase order, a receiving report,
and a vendor invoice. By inspecting these documents and
comparing them with company policy, the auditor may be
reasonably satisfied that a business transaction was
authorized and executed in a manner consistent with
company policy.
2. Segregation of duties
An important element in designing an internal accounting
control system that safeguards assets and reasonably
ensures the reliability of the accounting records is the
concept of segregation of responsibilities. No one person
should be assigned duties that would allow that person to
commit an error or perpetuate fraud and to conceal the error
or fraud. For example, the same person should not be
responsible for recording the cash received on account and
for posting the receipts to the accounting records.
3. Adequate documents and records
The use of adequate documents and records allow the
company to obtain reasonable assurance that all valid
transactions have been recorded.
4. Access to assets
The resources of a client can be protected by the
establishment of physical barriers and appropriate
policies. For example, inventories may be kept in a
storeroom, or negotiable instruments may be placed in a
safe deposit box. Appropriate company policies are adopted
so that only authorized persons have access to company
resources. Safeguarding of assets is more than
establishing physical barriers. A client should design its
internal accounting control system so that documents
authorizing the movement of assets into an organization or
out of an organization are adequately controlled.
5. Independent checks on performance
The objective of a well-designed internal accounting
control system is the adoption of procedures that
periodically compare the actual asset with its recorded
balance. Regardless of the effectiveness of an internal
control system, some transactions may not be accurately
recorded, and some assets may be misappropriated. An
important part of an internal accounting control system is to
determine the effectiveness of recording policies and asset
access policies. This is accomplished by periodic counts of
assets by the client and comparing the counts to the
balances in the general ledger account. Examples are the
count of inventory and the preparation of monthly bank
reconciliation.
C. Physical Controls
Controls that encompass:
● The physical security of assets, including adequate
safeguards such as secured facilities over access to
assets and records.
● The authorization for access to computer programs
and data files.
● The periodic counting and comparison with
amounts shown on control records (for example,
comparing the results of cash, security and
inventory counts with accounting records).
The extent to which physical controls intended to prevent
theft of assets are relevant to the reliability of financial
statement preparation, and therefore the audit, depends on
circumstances such as when assets are highly susceptible to
misappropriation.
The concepts underlying control activities in small entities
are likely to be similar to those in larger entities, but the
formality with which they operate varies. Further, small
entities may find that certain types of control activities are
not relevant because of controls applied by management.
For example, management's retention of authority for
approving credit sales, significant purchases, and
drawdown's on lines of credit can provide strong control
over those activities, lessening or removing the need for
more detailed control activities. An appropriate segregation
of duties often appears to present difficulties in small
entities. Even companies that have only a few employees,
however, may be able to assign their responsibilities to
achieve appropriate segregation or, if that is not possible, to
use management oversight of the incompatible activities to
achieve control objectives.
E. MONITORING OF CONTROLS
Monitoring, the final component of internal control, is the
process that an entity uses to assess the quality of internal
control over time. Monitoring involves assessing the design
and operation of controls on a timely basis and taking
corrective action as necessary. Management monitors
controls to consider whether they are operating as intended
and to modify them as appropriate for changes in
conditions. In many entities, internal auditors evaluate the
design and operation of internal control and communicate
information about strengths and weaknesses and
recommendations for improving internal control.
Some monitoring activities may include communications
from external parties. For example, customers implicitly
corroborate sales data by paying their bills or raising
questions. Also, bank regulators, other regulators, and
outside auditors may communicate about the design or
effectiveness of internal control.

Monitoring activities may include using information from

communications from external parties that may indicate
problems that highlight areas in need of improvement.
Customers implicitly corroborate billing data by paying
their invoices or complaining about their charges. In
addition, regulators may communicate with the entity
concerning matters that affect the functioning of internal
control, for example, communications concerning
examinations by bank regulatory agencies. Also,
management may consider communications relating to
internal control from external auditors in performing
activities.

Application to Small Entities

Ongoing monitoring activities of small entities are more
likely to be informal and are typically performed as a part
of the overall management entity's operations.
Management's close involvement in operations one
identifies significant variances from expectations and
inaccuracies in manas data leading to corrective action to
the control.
 - Arise generally when the principles of
MODULE 8 (CHAPTER 14 & accounting are not taken into consideration
15) - FRAUD AND ERROR while recording a transaction. It arises on
account of ignorance of accounting principles.
b. Clerical Errors
INTRODUCTION
- Arise on account of negligence of the
In the previous chapters, corporate governance has been
accounting staff. This type of error is further
described as the process by which the owners and
divided as: (OCDC)
various of stakeholders of an organization exert control
- errors of omission,
through requiring accountability for the resources
- errors of commission,
entrusted to the organization.
- duplicating errors and
- compensating errors.
This chapter introduces fraud risk and errors and how
- Clerical Error - more on staff error
they can be reduced if not totally avoided by having
effective internal control - a tool of good corporate
TYPES OF MISSTATEMENTS
governance.
a. Misstatements arising from misappropriation of
assets
Fraud is an intentional act involving the use of
b. Misstatements arising from fraudulent financial
deception that results in a material misstatement of the
reporting
financial statements. Two types of misstatements are
relevant to auditors' consideration of fraud:
1. Misstatements arising from misapplication of
(a) misstatements arising from misappropriation of
assets
assets, and
● Involve the theft of an entity's assets where the
(b) misstatements arising from fraudulent financial
effect of the theft causes the financial statements
reporting.
not to be presented, in all material respects, in
conformity with GAAP.
Intent to deceive is what distinguishes fraud from
● Misappropriation of assets can be accomplished
errors. Auditors routinely find financial errors in their
in various ways, including embezzling receipts,
client's books, but those errors are not intentional.
stealing assets, or causing an entity to pay for
goods or services that have not been received.
Fraud - intentional
● Misappropriation of assets may be accompanied
Error - unintentional
by false or misleading records or documents,
possibly created by circumventing controls. The
FRAUD
scope of this section includes only those
The willful misrepresentation made with an intention of
misappropriations of assets for which the effect
deceiving others. It is a deliberate mistake committed in
of the misappropriation causes the financial
the accounts with a view to get personal gain. In
statements, not to be fairly presented, in all
accounting, fraud means two things: (DM)
material respects, in conformity with GAAP.
a. Defalcation involving misappropriation of
● Theft or defalcation
either cash or goods
—
b. Fraudulent manipulation of accounts
1. Misstatements arising from misappropriation of
assets
ERROR
Asset misappropriation occurs when a perpetrator
Error refers to unintentional misstatements or
steals or misuses an organization's assets. Asset
misdescriptions in the records or books of accounts by
misappropriations are the dominant fraud scheme
the book keeper. In other words, they are unintentional
perpetrated against small businesses and the
mistakes arising on account of negligence or ignorance.
perpetrators are usually employees. Asset
Errors may be basically of two types : (PC)
misappropriations can be accomplished in various ways,
a. Principal Errors
including (1) embezzling cash receipts, (2) stealing
assets, or (3) causing the company to pay for goods or
services that were not received.
Asset misappropriation commonly occurs when
employees:
● Gain access to cash and manipulate accounts to
cover up cash thefts.
● Manipulate cash disbursements through fake
companies.
● Steal inventory or other assets and manipulate
the financial records to cover up the Fraud.
2. Misstatements arising from Fraudulent Financial
Reporting
● Intentional misstatements or omissions of
amounts or disclosures in financial statements
designed to deceive financial statement users
where the effect causes the financial statements
not to be presented, in all material respects, in
conformity with generally accepted accounting
principles (GAAP).
● Fraudulent financial reporting may be
accomplished by the following: (RSP)
- Manipulation, falsification, or
alteration of accounting records or
supporting documents from which
financial statements are prepared
- Misrepresentation in or intentional
omission from the financial statements
of events, transactions, or other
significant information
- Intentional misapplication of
accounting principles relating to
amounts, classification, manner of
presentation, or disclosure
— ● Management compensation schemes
2. Misstatements arising from Fraudulent Financial
Reporting
The intentional manipulation of reported financial results
to misstate the economic condition of the organization
is called fraudulent financial reporting. The perpetrator
of such a fraud generally seeks gain through the rise in
stock price and the commensurate increase in personal
wealth. Sometimes the perpetrator does not seek direct
personal gain but instead uses the fraudulent financial
reporting to "help" the organization avoid bankruptcy or
to avoid some other negative financial outcome. Three
common ways in which fraudulent financial reporting
can take place include:
1. Manipulation, falsification, or alteration of
accounting records or supporting documents.
2. Misrepresentation or omission of events,
transactions, or other significant information.
3. Intentional misapplication of accounting
principles.
*Mostly mga gumagawa nito is yung mga
knowledgeable sa accounting standard
THE FRAUD TRIANGLE (IOR)
The Fraud Triangle characterizes incentives,
opportunities and rationalizations that enable fraud to
exist.
There are three conditions generally present when fraud
occurs. The three elements of the fraud triangle are:
(RIO)
1. Incentive to commit fraud
2. Opportunity to commit and conceal the fraud
3. Attitudes/Rationalization the fraud – the
mindset of the fraudster to justify committing
1. Incentives or Pressures to Commit Fraud
Incentives relating to asset misappropriation include:
● Personal factors, such as severe financial
considerations.
● Pressure from family, friends, or the culture to
live a more lavish lifestyle than one's personal
earnings allow for
● Addictions to gambling or drugs
The incentives include the following for fraudulent
financial reporting:
● Other financial pressures for either improved
earnings or an improved balance sheet
● Debt covenants
● Pending retirement or stock option expirations
● Personal wealth tied to either financial results or
survival of the company
● Greed for example, the backdating of stock
options was performed by individuals who
already had millions of pesos of wealth through
stock.

2. Opportunities to Commit Fraud
One of the most fundamental and consistent findings in
fraud research is that there must be an opportunity for
fraud to be committed. Although this may sound obvious
that is, "everyone has an opportunity to commit fraud" -
it really conveys much more. It means not only that an
opportunity exists, but either there is a lack of controls or
the complexities associated with a transaction are such
that the perpetrator assesses the risk of being caught as
low. Some of the opportunities to commit fraud that the
top management should consider include the following:
● Significant related-party transactions
● A company's industry position, such as the
ability to dictate terms or conditions to suppliers
or customers that might allow individuals to
structure fraudulent transactions
● Management's inconsistency involving
subjective regarding assets or accounting
estimate
● Simple transactions that are made complex thro
recording process
● Complex or difficult to understand transactions,
such as financial derivatives or special-purpose
entities
● Ineffective monitoring of management by the
board, either because the board of directors is
not independent or effective, or because there is
a domineering manager
● Complex or unstable organizational structure
● Weak or nonexistent internal controls
3. Rationalizing the Fraud
For asset misappropriation, personal rationalizations
often revolve around mistreatment by the company or a
sense of entitlement (such as, "the company owes me!")
by the individual perpetrating the fraud. Following are
some common rationalizations for asset
misappropriation:
● Fraud is justified to save a family member or
loved one from financial crisis.
● We will lose everything (family, home, car and
so on) if we don't take the money.
● No help is available from outside.
● This is "borrowing", and we intend to pay the
stolen money back at some point.
● Something is owed by the company because
others are treated better.
● We simply do not care about the consequences
of our actions or of accepted notions of decency
and trust; we are for ourselves.
For fraudulent financial reporting, the rationalization can
range from "saving the company" to personal greed, and
may include the following:
● This is one-time thing to get us through the
current crisis and survive until things get better.
● Everybody cheats on the financial statements a
little; we are just playing the same game.
● We will be in violation of all of our debt
covenants unless we find a way to get this debt
off the financial statements.
● We need a higher stock price to acquire
company XYZ, or to keep our employees
through stock options, and so forth.
RISK FACTORS CONTRIBUTORY TO
MISAPPROPRIATION OF ASSETS
Misappropriation of assets involves the theft of an
entity's assets and is often perpetrated by employees in
relatively small and immaterial amounts. However, it
can also involve management who are usually more able
to disguise or conceal misappropriations in ways that
are difficult to detect.
Misappropriation of assets can be accompanied in a
variety of ways including:
● Embezzling receipts (for example,
misappropriating collections on accounts
receivable or diverting receipts in respect of
written-off accounts to personal bank accounts).
● Stealing physical assets or intellectual property
(for example, stealing inventory for personal use
or for sale, stealing scrap for resale, colluding
with a competitor by disclosing technological
data in return for -payment).
● Causing an entity to pay for goods and services
not received (for example, payments to fictitious
vendors, kickbacks paid by vendors to the
entity's purchasing agents in return for inflating
prices, payments to fictitious employees).
● Using an entity's assets for personal use (for
example, using the entity's assets as collateral
for a personal loan or a loan to a related party).
Misappropriation of assets is often accompanied by
false or misleading records or documents in order to
conceal the fact that the assets are missing or have been d. Inadequate job applicant screening of
pledged without proper authorization. employees with access to assets.
A. Incentives / Pressures e. Inadequate record keeping with respect
1. Personal financial obligations may create to assets.
pressure on management or employees with f. Inadequate system of authorization and
access to cash or other assets susceptible to theft approval of transactions (for example, in
to misappropriate those assets. purchasing
2. Adverse relationships between the entity and g. Inadequate physical safeguards over
employees with access to cash or other assets cash, investment inventory, or fixed
susceptible to theft may motivate those assets.
employees to misappropriate those assets. For h. Lack of complete and timely
example, uavere relationships may be created by reconciliations of assets.
the following: i. Lack of timely and appropriate
a. Known or anticipated future employee documentation of transactions, for
layoffs. example, credits for merchandise
b. Recent or anticipated changes to returns.
employee compensation or benefit j. Lack of mandatory vacations for
plans. employees performing key control
c. Promotions, compensation, or other functions.
rewards inconsistent with expectations. k. Inadequate management understanding
of information technology, which
B. Opportunities enables information technology
1. Certain characteristics or circumstances may employees to perpetrate a
increase the susceptibility of assets to misappropriation.
misappropriation. For example, opportunities to l. Inadequate access controls over
misappropriate assets increase when following automated records, including controls
situations exist: over and review of computer systems
a. large amounts of cash on hand or event logs.
processed.
b. inventory items that are small in size, of C. Attitudes / Rationalizations
high value, or in high demand. 1. Disregard for the need for monitoring or
c. fixed assets which are small in size, reducing risks related to misappropriation of
marketable, or lacking observable assets.
identification of ownership. 2. Disregard for internal control over
misappropriation of assets by overriding existing
2. Inadequate internal control over assets may controls or by failing to correct known internal
increase the susceptibility of misappropriation of control deficiencies.
those assets. For example, misappropriation of 3. Behavior indicating displeasure or
assets may occur because of the following: dissatisfaction with the entity or its treatment of
a. Inadequate segregation of duties or the employee.
independent checks. 4. Changes in behavior or lifestyle that may
b. Inadequate oversight of senior indicate assets have been misappropriated.
management expenditures, such as 5. Tolerance of petty theft.
travel and other reimbursements.
c. Inadequate management oversight of RISK FACTORS CONTRIBUTORY TO
employees responsible for assets, for FRAUDULENT FINANCIAL REPORTING
example, inadequate supervision or Fraudulent financial reporting may be accomplished by
monitoring of remote locations. the following:
 ● Manipulation, falsification (including forgery),
or alteration of accounting records or supporting
documentation from which the financial
statements are prepared.
● Misrepresentation in, or intentional omission
from, the financial statements of events,
transactions or other significant information.
● Intentional misapplication of accounting
principles relating to amounts, classification,
manner of presentation, or disclosure.
Fraudulent financial reporting involves intentional
misstatement including omissions of amounts or
disclosures in financial statements to deceive involves
intentional misstatements including statement users. It
can be caused by the efforts of management to manage
perceptions as to the entity's performance and
profitability. Such earnings management may start out
with small actions or inappropriate adjustment
assumptions and changes in judgments by management.
Pressures and incentives may lead these actions to
increase to the extent that they result in fraudulent
financial reporting. Such a situation could occur when,
due to pressures to meet market expectations or a desire
to maximize compensation based performance,
management intentionally takes positions that lead to
fraudulent financial reporting by materially misstating
the financial statements. In some entities, management
may be motivated to reduce earnings by a material
amount, to minimize tax, or inflate earnings to secure
bank financing.
Fraud, whether fraudulent financial reporting or
misappropriation of assets, involves incentive or
pressure to commit fraud, a perceived opportunity to do
so and some rationalization of the act.
A. Incentive / Pressure
Incentive or pressure to commit fraudulent financial
reporting may exist when management is under pressure,
from sources outside or inside the entity, to achieve an
expected (and perhaps unrealistic) earnings target or
financial outcome — particularly since the consequences
to management for failing to meet financial goals can be
significant.
B. Opportunities
A perceived opportunity to commit fraud may exist
when an individual believes internal control can be
overridden, for example, because the individual is in a
position of trust or has knowledge of specific
weaknesses in internal control.
Fraudulent financial reporting often involves
management override of controls otherwise may appear
to be operating effectively. Fraud can be committed by
management overriding controls as:
● Reading fictitious journal entries, particularly
close to the end of an reporting period, to
manipulate operating results or achieve other
objectives.
● Inappropriately adjusting assumptions and
changing judgments used to estimate account
balances.
● Omitting, advancing or delaying recognition in
the financial statements of events and
transactions that have occurred during the
reporting period.
● Concealing, or not disclosing, facts that could
affect the amounts recorded in the financial
statements. Engaging in complex transactions
that are structured to misrepresent the financial
position or financial performance of the entity.
● Altering records and terms related to significant
and unusual transactions.
C. Rationalizations
Individuals may be able to rationalize committing a
fraudulent act. Some individuals possess an attitude,
character or set of ethical values that allow them
knowingly and intentionally to commit a dishonest act.
However, even otherwise honest individuals can
commit fraud in an environment that imposes
sufficient pressure on them.
RESPONSIBILITY FOR THE PREVENTION AND
DETECTION OF FRAUD
1. Management Responsibility
● Although AAS4 focuses on the auditor's
responsibilities with respect to fraud and error,
the primary responsibility for the prevention
and detection of fraud and error rests with both
those charged with governance and the
 management of an entity. The respective ● Mas mataas yung risk sa FRAUD.
responsibilities may vary from entity to entity.
● The management is responsible for Absolute assurance - 100% Walang mali
establishing a control environment and Reasonable assurance - 99%
maintaining policies and procedures by
implementing and ensuring continued operation Free from material misstatement - would not alter
of accounting and internal control systems, decision
which are designed to prevent fraud and error.
● Such systems reduce but do not eliminate the AUDITOR RESPONSIBILITY FOR DETECTING
risk of misstatements, Accordingly, management ERRORS, FRAUDS AND ILLEGAL ACTS
assumes responsibility for any remaining risk.
Responsible for Must Communicate
Preventive control - walang pang nangyari Detection? Findings?
Ex. Convenience store- mag hihire ka ng Material Immaterial Material Immaterial
security guard para ma prevent Errors Yes No Yes (Audit No
Committee)
Detection control - meron ng nangyari Fraud Yes No Yes (Audit Yes (One
Ex. CCTV para ma check Committee) level
above)
Management Illegal Yes No Yes (Audit Yes (One
- Responsible in detecting the fraud and Acts (Direct Committee) level
error Effect) above)

Auditor If the error, fraud and illegal acts is material the

- hindi mali ang hinahanap mo
- Chinecheck mo lang if in accordance sa
operation manual and if accordance to
standard
2. Auditor Responsibility
● As regards the auditors', the standard states that
when planning and performing audit procedures
and evaluating and reporting the results thereof,
the auditor should consider the risk of material
misstatements in the financial statements
resulting from fraud or error.
auditor must take responsibility in correcting and
reporting this.
The primary responsibility for the prevention and
detection of fraud rests with both those charged with
governance of the entity and management. It is important
that management, with the oversight of those charged
with governance, place a strong emphasis on fraud
prevention, which may reduce opportunities for fraud to
take place, and fraud deterrence, which could persuade
individuals not to commit fraud because of the
likelihood of detection and punishment.

Inherent Limitations of an Audit This involves a commitment to creating a culture of

● An auditor cannot obtain absolute assurance
that material misstatements in the financial
statements will be detected. The auditor is able
to obtain only a reasonable assurance that
material misstatements in the financial
statements will be detected.
● The risk of not detecting a material
misstatement resulting from fraud is higher
than the risk of not detecting a material
misstatement resulting from error.
honesty and ethical behavior which can be reinforced
by an active oversight by those charged with
governance. In exercising oversight responsibility, those
charged with governance consider the potential for
override of controls or other inappropriate influence over
the financial reporting process, such as efforts by
management to manage earnings in order to influence
the perceptions of analysts as to the entity's performance
and profitability.
CHAPTER 15: ERRORS AND
IRREGULARITIES IN THE
TRANSACTION CYCLES OF THE
BUSINESS ENTITY
- Common fraud and error
While businesses in different individuals can have
striking different characteristics, most have some
fundamental conceptual characteristics and practices in
common.
The three basic business transaction cycles include
1. Sales and Collections Cycle
2. Acquisitions and Payments Cycle
3. Payroll and Personnel Cycle
Accounts Involved -
S - Sales, AR & Cash
A - Cash, AP & Purchases
P - Cash & Payroll account
Management should establish controls to ensure that
these transactions are appropriately handled and
recorded. However, if internal controls are not properly
implemented, or are overridden, fraud and errors may
occur. This chapter presents the errors and fraudulent
activities that could result if there is poor internal
control.
I. SALES AND COLLECTIONS CYCLE
I. Errors in recording sales and collections transactions
II. Frauds in Sales and Collections
A. Fraudulent Financial Reporting
B. Misappropriation of Assets (SLK)
1. Skimming
2. Lapping
3. Kiting
1. Errors in Recording Sales and Collections
Transactions Errors in recording sales include
mechanical errors, such as using a wrong piece
or wrong quantity, recording sales in the wrong
period (cutoff errors), a bookkeeper's failure to
understand proper accounting for a transaction,
and so on. Internal controls are designed to
prevent or detect many of these kinds of errors.
2. Frauds in Sales and Collections Frauds in sales
generally relate to fraudulent financial reporting.
In contrast, frauds in cash collections relate to
misappropriation of assets, typically
accomplished by clerks or management-level
employees.
A. Fraudulent financial reporting
Fraudulent financial reporting involving sales typically
results in overstated sales or understated sales returns
and allowances. Managers under pressure to achieve
high profits may inflate sales to meet target profits
established by senior managers, to obtain bonuses, to
retain the respect of senior managers, or even to keep
their jobs. The following methods can be used to
increase sales fraudulently:
● Recording fictitious sales (creating fictitious
documents, sales invoices, and so on)
● Recording valid transactions twice
● Recording in the current period sales that
occurred in the succeeding period (improper
cutoff)
● Recording operating leases as sales
● Recording deposits as sales
● Recording consignments as sales
● Recording sales when the chance of a return is
likely
● Following revenue recognition practices that are
not in accordance with PFRS
● Recognizing revenue that should be deferred
B. Misappropriation of Assets: Withholding Cash
Receipts
1. Skimming
This refers to the act of withholding cash receipts
without recording them. An example is when a cashier
in a retail store does not ring up a transaction and takes
the cash. Another example is when an employee who has
access to cash receipts and maintains accounts receivable
records can record a sale at an amount lower than the
invoice amount. When the customer pays, the employee
takes the difference between the invoice and the amount
recorded as a receivable. Detection of unrecorded cash
receipts is very difficult however, unexplained changes
in the gross profit percentage or sales volume may
indicate that cash receipts have been withheld.
2. Lapping
This technique is used to conceal the fact that cash has
been abstracted; the shortage in one customer's account
is covered with a subsequent payment made by another
customer. An employee who has access to cash receipts
and maintains accounts receivable can engage in
lapping. Routine testing of details of collections
compared with validated bank deposit slips should
uncover this fraud.
3. Kiting
This is another technique used to cover cash shortage or
to inflate cash balance. Kiting involves counting the
cash twice by using the float in the banking system.
(Float is the gap between the time the check is deposited
or added to an account and the time the check clears or is
deducted from the account it was written on). Analyzing
and verifying cash transfers during the days surrounding
year-end should reveal this type of fraud.
“Intentionally writing a check for a value greater than
the account balance from an account in one bank, then
writing a check from another account in another bank,
also with non-sufficient funds, with the second check
serving to cover the non-existent funds from the first
account.”
II. ACQUISITIONS AND PAYMENTS CYCLE P
TO P
1. Errors in the acquisitions and payments cycle
2. Frauds in the acquisitions and payments cycle
A. Paying for fictitious purchases
B. Receiving kickbacks
C. Purchasing goods for personal use
1. Errors in the Acquisitions and Payments Cycle
The following may occur in the acquisitions and
payments cycle:
● Failing to record a purchase in the proper period
(cutoff errors)
● Recording goods accepted on consignment as a
purchase Misclassifying purchases of assets and
expenses
● Failing to record a cash payment
● Recording a payment twice
● Failing to record prepaid expenses as assets
Entities normally design controls to prevent these errors
from occurring or to detect errors if they do occur. When
such controls exist, auditors test the controls to assess
their effectiveness. If the controls are not effective,
auditors should perform substantive tests to determine
that the financial statements do not contain material
misstatements that arose because of possible errors.
2. Frauds in the Acquisitions and Payments Cycle
a. Paying for Fictitious Purchases
This involves the perpetrator creating a fictitious invoice
(and sometimes a receiving report, purchase order and so
forth) and processing the invoice for payment.
Alternatively, the perpetrator can pay the invoice twice.
b. Receiving Kickbacks
In this scheme, a purchasing agent may agree with a
vendor to receive a kickback (refund payable to the
purchasing person on goods or services acquired from
the vendor).
This is usually done in return for the agent's ensuring
that the particular vendor receives an order from the
firm. Often a check is made payable to the purchasing
agent and mailed to the agent at a location other than his
or her place of employment. Sometimes the purchasing
agent splits the kickback with the vendor's employee for
approving and paying it. Detecting kickbacks is difficult
because the buyer's records do not reflect their existence.
However, when vendors are required to submit bids for
goods or services, the likelihood of kickbacks is reduced.
c. Purchasing Goods for Personal Use
Goods or services for personal use may be purchased by
executive or purchasing agents and charged to the
company's account. To execu such a purchase, the
perpetrator must have access to blank receiving reports
and purchase approvals or must connive with another
employee. Fraud involving the purchase of goods for
personal use is more likely to go unnoticed when
perpetual records are not maintained.
III. PAYROLL AND PERSONNEL CYCLE
1. Errors
2. Frauds involving Payroll
A. Fictitious employee
B. Excess payments to employees
 C. Failure to record payroll of actual production can also be helpful in
D. Inappropriate assignment of labor costs detecting excess payments to employees.
to inventory
c. Failure to Record Payroll
Historically, errors and irregularities involving payroll Companies having difficulty meeting profit
have been reported to occur frequently and are largely targets or not-for profit entities having difficulty
undetected. managing costs and expenses might fail to
record a payroll. The omission of payroll
1. Errors difficult to hide unless a similar amount of
The most errors that can occur in the payroll and revenues or receipts has been omitted.
personnel cycle are Analytical procedures can be performed to test
a. paying employees at the wrong rate, the reasonableness of payroll cost. can be
b. paying employees for more hours than they
worked, d. Inappropriate Assignment of Labor Costs to
c. charging payroll expense to the wrong accounts, Inventory
and A company having difficulty meeting profit
d. keeping terminated employees on the payroll. targets might assign to inventory labor costs that
should have been charged to expense. Analytical
Good internal control can be established to prevent these procedures such as comparing costs incurred to
errors from occurring and to detect them if they do budgeted cost and verification of valuation of
occur. inventory are some of the useful techniques in
detecting such fraud.
3. Frauds involving Payroll
The major payroll-related frauds include Dapat sa operating expenses!
a. Fictitious Employees
Adding fictitious employees to the payroll is one
of the most common defalcations. Detecting
fictitious employees on the payroll is very
difficult; but auditors do sometimes perform a
surprise payoff as a deterrent to this form of
defalcation. Alternatively, the auditor may turn
the check distribution over to an official not
associated with preparing payroll, signing
checks, or supervising workers. Personnel files
and the employees' completed time cards and
time tickets may also be examined to
substantiate the existence of absent employees.

b. Excess Payments to Employees

Increasing the rate above that approved or
paying employees for more hours than they
worked are the most common ways of paying
employees more than they are entitled to
receive. These practices can be substantially
reduced by requiring personnel department
officials to authorize changes in pay rates and by
monitoring total hours worked and paid for.
Analytical procedures that focus on cost per unit
 3. Centralize receiving of cash to the extent
MODULE 9 (CHAPTER 16 & practical.
17) - INTERNAL CONTROL 4. Record cash receipts on a timely basis.
5. Encourage customers to obtain receipts and
AFFECTING ‘A-L-E’ observe cash register totals.
6. Deposit cash receipts daily.
CHAPTER 16: INTERNAL CONTROL 7. Make all disbursements by check or electronic
funds transfer, with the exception of small
AFFECTING ASSETS expenditures from petty cash.
8. Have monthly bank reconciliation prepared by
INTERNAL CONTROL OVER CASH employees not responsible for the issuance of
TRANSACTIONS checks or custody of cash. The completed
Most of the processes relating to cash handling are the reconciliation should be reviewed promptly by
responsibility of the finance department, under the an appropriate official.
direction of the treasurer. These processes include 9. Monitor cash receipts and disbursements by
handling and depositing cash receipts; signing checks; comparing recorded amounts to forecasted
investing idle cash; and maintaining custody of cash, amounts and investigating variances from
marketable securities, and other negotiable assets. In forecasted amounts.
addition, the finance department must forecast cash
requirements and make both short-term and long-term There should be separate record keeper (CAR) -
financing arrangements. segregation of duties

Ideally, the functions of the finance department and CAR

the accounting department should be integrated in a CUSTODY, AUTHORIZATION, RECORDING
manner that provides assurance that:
1. All cash that should have been received was in CHECK:
fact received, recorded accurately and deposited Beg Balance
promptly. Cash Receipts
2. Cash disbursements have been made for (Cash Disbursement)
authorized purposes only and have been Ending Balance
properly recorded.
3. Cash balances are maintained at adequate, but CASH RECEIPT CONTROLS
not excessive, levels by forecasting expected
cash receipts and payments related to normal
operations. The need for obtaining loans for
investing excess cash is thus made known on a
timely basis.

A detailed study of the business processes of the

company is necessary in developing the most efficient
control procedures, but there are some general
guidelines to good cash handling practices in all types of
business.
These guidelines for achieving internal control over
cash may be summarized as follows: Establishment of Responsibility
1. Do not permit any one employee to handle a Only designated personnel are authorized to handle cash
transaction from beginning to end. receipts (cashiers)
2. Separate cash handling from record keeping.
Documentation Procedures
Use remittance advice (mail) receipts), cash register
embezzlement
tapes or computer records, and deposit slips
of cash.

Segregation of Duties 2. Failure to Fraud: -Inadequate

Different individuals receive cash, record cash receipts. record receipts -A cashier fails supervision of
and hold the cash from cash sales to ring up and cashiers; failure
record cash to encourage
Human Resource Controls sales and customers to
Bond personnel who handle cash require employees to embezzles the obtain cash
take vacations; conduct background checks cash. receipts.

Independent Internal Verification Error:

Supervisors count cash receipts daily, assistant treasurer -A bookkeeper -Inadequate
compares total receipts to bank deposits daily accidentally controls for
omits the reconciling cash
Physical Controls recording of the register tapes
Store cash in safes and bank vaults, limit access to receipts from and accounting
storage areas: use cash registers one cash records;
register for the inadequate
POTENTIAL MISSTATEMENTS - CASH day. controls for
RECEIPTS reconciling
1. Recording fictitious cash receipts bank accounts.
2. Failure to record receipts from cash sales
3. Failure to record cash from collection of 3. Failure to Fraud: -Lack of
accounts receivable record cash -A cashier segregation of
4. Early (late) recognition of cash receipts- "cutoff from collection embezzles cash duties between
problems" of accounts payments by personnel who
receivable customers on have access to
Description of Examples Internal receivables, cash receipts
Misstatement Control without and those who
Weakness or recording the make entries
Factors that receipts in the into the
Increase the customers' accounts
Risk of the accounts. receivable
Misstatement records.
-A bookkeeper
1. Recording Fraud: -Lack of accidentally -Lack of
fictitious cash -Overstating segregation of who has accesssegregation of
receipts cash receipts on duties of the to cash receipts
duties between
the books by functions of embezzles cashpersonnel who
transferring access to cash collected fromhave access to
cash between and record customers and cash receipts
bank accounts keeping; no writes off theand those who
without effective review related make entries
appropriate of bank receivables. into the
recording of the reconciliations. accounts
transfer to cover Error: receivable
up an -A bookkeeper records.
accidentally
 Only designated personnel are authorized to sign checks
fails to record -Inadequate
(treasurer) and approve vendors
payment on a reconciliations
receivable. of subsidiary
Documentation Procedures
records of
Use prenumbered checks and account for them in
accounts
sequence: each check must have an approved invoice;
receivable with
require employees to use corporate credit cards for
the general
reimbursable expenses: stamp invoices "paid"
ledger control
account.
Segregation of Duties
4. Early (late) Fraud: -Ineffective Different individuals approve and make payments; check
recognition of -Holding the
board of signers do not record disbursements
cash receipts- cash receipts
directors, audit
"cutoff journal open to committee, or Human Resource Controls
problems" record next
internal audit Bond personnel who handle cash: require employees to
year's cash
function; "tone take vacations; conduct background checks
receipts as
at the top" not
having occurred conductive to Independent Internal Verification
in this year. ethical conduct; Compare checks to invoices; reconcile bank statement
undue pressure monthly
to show
Error: improved Physical Controls
-Recording cash financial Store blank checks in safes, with limited access; print
receipts based position. check amounts by machine in indelible ink
on bad
information -Failure to list POTENTIAL MISSTATEMENTS - CASH
about date of and deposit cash DISBURSEMENTS
receipt. receipts on a 1. Inaccurate recording of a purchase or
timely basis disbursement
2. Duplicate recording and payment of purchases
3. Unrecorded disbursements
CASH DISBURSEMENT CONTROLS

Description of Examples Internal

Misstatement Control
Weakness or
Factors that
Increase the
Risk of the
Misstatement

1. Inaccurate Fraud: -Inadequate

recording of a -A bookkeeper segregation of
purchase or prepares a check duties of record
CASH DISBURSEMENT CONTROLS disbursement to himself and keeping and
➔ Generally, internal control over cash records it as preparing cash
disbursements is more effective when having been disbursements,
companies pay by check or electronic funds issued to a or check signer
transfer (EFT) rather than by cash. major supplier. does not review
and cancel
Establishment of Responsibility
 Error: supporting identical
-A disbursement documents. amount.
is made to pay
an invoice for -Ineffective
INTERNAL CONTROL OVER FINANCIAL
goods that havecontrol for
INVESTMENTS
not beenmatching
The most important group of financial investments,
received. invoices with
consists of marketable stocks and bonds because they
receiving
are found more frequently and usually are of greater
-Disbursements documents
peso value than the other kinds of investment holdings.
for travel and before
Other types of investments often encountered include
entertainment disbursements
commercial paper issued by corporations, mortgages
are improperly are authorized.
and trust deeds, and the cash surrender value of life
included with
insurance policies.
merchandise -Ineffective
The internal auditors also must be concerned with
purchases. accounting
derivatives that are used to hedge various financial and
coding
operational risks or for speculation. Derivatives are
procedures may
financial instruments that "derive" their value from other
result from
financial instruments, underlying assets, or indexes. For
incompetent
example, a simple derivative would involve a
accounting
commitment by a company to purchase a commodity at a
personnel,
certain price at some point in the future. Other
inadequate chart
derivatives are much more complex, involving, for
of accounts, or
example, relationships between fluctuations in European
no controls over
interest rates and the price of copper.
the posting
process.
The major elements of adequate internal control over
2. Duplicate Error: -Ineffective financial investments include the following:
recording and -A purchase is controls for 1. Formal investment policies that limit the nature
payment of recorded when review and of investments in securities and other financial
purchases an invoice is cancellation of instruments. (establishment of formal
received from a supporting investment policies)
vendor and documents by
recorded again the check 2. An investment committee of the board of
when a signer. directors that authorizes and reviews financial
duplicate investment activities for compliance with
invoice is sent investment policies. (Review and approval of
by the vendor. investment activities by the investment
committee of the board of directors)
3. Unrecorded Fraud: -Ineffective
disbursements -In conjunction control over 3. Separation of duties between the executive
with recorded record keeping authorizing purchases and sales of securities and
(but deposited) for and access derivative instruments, the custodian of the
cash receipts, an to cash. securities, and the person maintaining the
employee writes records of investments.
and chases an Separation of duties among employees
unrecorded A. Authorizing purchases and sales
check for the B. Having custody of the securities
C. Maintaining records
 review by an investment committee of the board of
4. Complete detailed records of all securities and directors.
derivative instruments owned and the related
provisions and terms. (Detailed records of all POTENTIAL MISSTATEMENTS FINANCIAL
securities owned and the related revenue from INVESTMENTS
interest and (dividends)) 1. Misstatement of recorded value of investments
5. Registration of securities in the name of the 2. Unauthorized investment transactions
company. 3. Incomplete recording of investments
6. Periodic physical inspection of securities on
hand by an internal auditor or an official having
Description of Examples Internal
no responsibility for the authorization, custody, Misstatement Control
or record keeping of investments.
Weakness or
7. Determination of appropriate accounting for
Factors that
complex financial instruments by competent
Increase the
personnel.
Risk of the
Misstatement
In many concerns, segregation of the functions of
custody and record keeping is achieved by the use of an Misstatement Error: -Inadequate
independent safekeeping agent, such as a stockholder, of recorded -Failure to accounting
bank or trust company. Since the independent agent has value of record changes manual;
no direct contact with the employee responsible from investments in market values incompetent
maintaining accounting records of the investments in of investments. accounting
securities, the possibilities of concealing fraud through personnel.
falsification of the accounts are greatly reduced. If Fraud:
securities are not placed in the custody of an independent -Misstatement of -Ineffective
agent, they should be kept in a bank safe-deposit box the value of board of
under the joint control of two or more of the company's closely held directors, audit
officials. Joint control means that neither of the two investment. committee, or
custodians may have access to the securities except in internal audit
the presence of the other. A list of securities in the box function; not
should be maintained in the box, and the deposit or conducive to
withdrawal of securities should be recorded on this list ethical conduct;
along with the date and signatures of all persons present. undue pressure
The safe-deposit box rental should be in the name of the to meet earnings
company, not in the name of an officer having custody of targets.
securities.
Unauthorized Fraud: -Inadequate
Complete detailed records of all securities and derivative investment -An employee segregation of
instruments owned are essential to satisfactory control. transactions with access to duties of record
keeping for and
These records frequently consist of a subsidiary record securities
custody of
for each security and derivative instrument, with such coverts them for securities.
identifying data as the exact name, face amount or par personal use.
value, certificate number, number of shares, date of
acquisition, name of broker, cost, terms and any interest
Incomplete Error: a. Inadequate
or dividend payments received. Actual interest and
recording of -Failure to accounting
dividends should be compared to budgeted amounts, and
investments record derivative manual;
significant variances should be investigated. The agreements incompetent
purchase and sale of investments often is entrusted to a which are
responsible financial executive, subject to frequent embedded in
 POTENTIAL MISSTATEMENTS - REVENUE /
other accounting
agreements. RECEIVABLES
personnel.
1. Recording unearned revenue
b. Inadequate
2. Early (late) recognition of revenue - "cutoff
monitoring
error"
by internal
3. Recording revenue when significant
auditors.
uncertainties exist
4. Recording revenue when significant services
INTERNAL CONTROL OVER RECEIVABLES still must be performed by seller
Accounts receivable include not only claims against 5. Overestimation of the amount of revenue
customers arising from the sale of goods or services, but earned.
also a variety of miscellaneous claims such as loans to
officers or employees, loans to subsidiaries, claims
Description of Examples Internal
against various other films, claims for tax refunds and
Misstatement Control
advantages to suppliers.
Weakness or
Factors that
Sources and Nature of Notes Receivable
Increase the
Notes receivable are written promises to pay certain
Risk of the
amounts at future dates. Typically, notes receivable is
Misstatement
used for handling transactions of substantial amount:
these negotiable documents are widely used. In banks Recording Fraud: Ineffective
and other financial institutions, notes receivable usually unearned 1. Recordingboard of
constitutes the single most important asset. revenue fictitious sales directors, audit
without committee, or
Internal Control of Accounts Receivable and receiving ainternal audit
Revenue customer order function; undue
To understand internal control over accounts receivable or shipping the pressure to meet
and revenue, one must consider the various components, goods. earnings targets.
including the control environment, risk assessment, "top
monitoring, the accounting) information and 2. Intentional management
communication system, and control activities. over shipment action" not
of goods. conductive to
Control Environment ethical conduct.
Because of the risk of intentional misstatement of
revenues, the control environment is very important to
effective internal control over revenue and receivables. Errors: Ineffective
Of particular importance is an independent audit 1. Recording billing process
committee of the board of directors that monitors sales based on in which billing
management's judgments about revenue recognition the receipt of is not tied to
principles and estimates, as well as an effective internal orders from shipping
audit function. Management should establish a tone at customers rather information.
the top of the organization that encourages integrity and than the
ethical financial reporting. These ethical standards shipment of Ineffective
should be communicated and observed throughout the goods. controls for
organization. Also, incentives for dishonest reporting, 2. Inaccurate testing invoices,
such as undue emphasis on meeting unrealistic sales or billing and or ineffective
earnings targets, should be eliminated. recording of input validation
sales. checks and
computer
 3. Recording reconciliations payment is reporting;
cash that to ensure the contingent upon incompetent
represents a accuracy of the customer chief accounting
liability (e.g.,
databases. receiving officer.
receipt of a
customer's financing or
deposit) as Inadequate selling the
revenue. accounting goods to another
manual; party
incompetent (e.g.,
accounting consignment
personnel. sales).

Early (late) Fraud: Ineffective Recording Fraud: Ineffective

recognition of Holding the board of revenue when Recording board of
revenue - sales journal directors, audit significant franchise directors, audit
"cutoff error" open to record committee, or services still revenue when committee, or
next year's sales internal audit must be the franchises internal audit
as having function; not performed by are sold even function; not
occurred in the conducive to seller though an conducive to
current year. ethical conduct; obligation to ethical conduct;
undue pressure perform undue pressure
to meet sales significant to meet sales
targets. services still targets.
exists.
Error: Ineffective
Recording sales cutoff
in the wrong procedures in Error: Aggressive
period based on the shipping Amount of attitude of
incorrect department. revenue earned management
shipping on franchises is toward financial
information. miscalculated reporting;
incompetent
Recording Fraud: Ineffective chief accounting
revenue when Recording sales board of officer.
significant when the directors, audit
uncertainties customer is committee, or Overestimation Fraud: Ineffective
exist likely to return internal audit of the amount of 1. Misstating board of
the goods. function; not revenue earned. the percentage directors, audit
conducive to of completion of committee, or
ethical conduct; several projects internal audit
undue pressure by a function; not
to meet sales construction conducive to
targets. company using ethical conduct;
the percentage incompetent
of completion individuals
Error: Aggressive method revenue involved in the
Recording sales attitude of recognition. estimation
when the management process.
customer's toward financial
 The term inventories is used in this chapter to include:
1. goods on hand ready for sale, whether the
2. Aggressive
merchandise of a trading concern or the finished
Overestimating attitude of
goods of a manufacturer;
the percentage management
2. goods in the process of production; and
of completion toward financial
3. good to be consumed directly or indirectly in
on projects by a reporting;
production, such as raw materials, purchased
construction incompetent
parts, and supplies.
company using personnel
the involved in the
Internal Control over Inventories and Cost of Goods
percentage-of estimation
Sold
completion accounting
The importance of adequate internal control over
method of process.
inventories and cost of goods sold from the viewpoint of
revenue
both management and the auditors can scarcely be
recognition.
overemphasized. In some companies, management
stresses controls over cash and securities but pays little
INTERNAL CONTROL OVER NOTES attention to control over inventories. Since many types
RECEIVABLE of inventories are composed of items not particularly
As previously stated, a basic characteristic of effective susceptible to theft, management may consider controls
control consists of the subdivision of duties. As applied to be unnecessary in this area. Such thinking ignores the
to notes receivable, this principle requires that: fact that controls for inventories affect nearly all the
1. The custodian of notes receivable does not have functions involved in producing and disposing of the
access to cash or to general accounting records. company's products.
2. The acceptance and renewal of notes be
authorized in writing by a responsible official POTENTIAL MISSTATEMENTS - INVENTORY /
who does not have custody of the notes. COST OF GOODS SOLD
3. The write-off of defaulted notes be approved in 1. Misstatement of inventory costs
writing by responsible officials and effective 2. Misstatement of inventory quantities
procedures adopted for subsequent follow-up of 3. Early (late) recognition of purchases (cutoff)
such defaulted notes. problems"

INTERNAL CONTROL OVER INVENTORIES Description of Examples Internal

AND COST OF GOODS SOLD Misstatement Control
The interrelationship of inventories and cost of goods Weakness or
sold makes it logical for the two topics to be considered Factors that
together. The controls that assure the fair valuation of increase the
inventories are found in the purchases (or acquisition) risk of the
cycle. These controls include procedures for selecting Misstatement
vendors, ordering merchandise or materials, inspecting
goods received, recording the liability to the vendor, and Misstatement of Fraud: Ineffective
authorizing and making cash disbursements. In a inventory costs 1. Intentional board of
manufacturing business, the valuation of inventories also misstatement of directors, audit
is affected by the production (or conversion) cycle, in production costs committee, or
which various manufacturing costs are assigned to assigned to internal audit
inventories, and the cost of inventories is then inventory. function; "tone
transferred to the cost of goods sold. 2. Intentional at the top" not
misstatement of conductive to
Sources and Nature of Inventories and Cost of Goods inventory ethical conduct;
Sold prices. undue pressure
 to meet earnings physical
targets. inventory

Errors: Ineffective cost Early (late) Froud: Ineffective

1. The accounting recognition of Intentional board of
assignment of system; failure purchases-cutoff recording of directors, audit
direct labor to update problems" committee, or
purchases in the
costs, direct internal audit
standard costs subsequent
material costs, function; "fone
on a timely period. at the top not
or factory basis. conducive to
overhead to Error: ethical conduct;
inventory items Ineffective input Recording undue pressure
is inaccurate. validation purchases of the to meet earnings
2. Erroneous targets.
controls on the current period in
pricing of database of the subsequent Ineffective
inventory. inventory costs; period. accounting
ineffective procedures that
supervision of do not tie
the personnel recorded
that enter the purchases to
costs on the receiving data.
final inventory
schedule. .
INTERNAL CONTROL OVER PROPERTY,
Misstatement of Fraud: Ineffective PLANT AND EQUIPMENT
inventory 1. Items are physical The term properly, plant and equipment includes all
quantities stolen with no controls over tangible assets with a service life of more than one year
journal entry inventories. that are used in the operation of the business and are not
reflecting the acquired for the purpose of resale.
theft. Ineffective
2. Inventory board of Three major subgroups of such assets are generally
quantities in directors, audit recognized:
locations not committee, or 1. Land, such as property used in the operation of
visited by internal audit the business, has the significant characteristic of
auditors are function; "tone not being subject to depreciation.
systematically at the top" not 2. Buildings, machinery, equipment (BME) and
overstated. conducive to land improvements, such as fences and parking
ethical conduct; lots, have limited service lives and are subject to
undue pressure depreciation.
to meet earnings a. Leasehold improvements; whichever is
targets. lower
3. Natural resources (wasting assets), such as oil
wells, coal mines, and tracts of timber, are
Errors: Ineffective subject to depletion as the natural resources are
1. Miscounting controls or extracted or removed.
of inventory by supervision of
personnel physical Acquisitions and disposals of property, plant and
involved in inventory equipment are usually large in dollar amount, but
concentrated in only a few transactions. Individual items 3. A reporting procedure assuring prompt
of plant and equipment may remain unchanged in the disclosure and analysis of variances between
accounts for many years. authorized expenditures and actual costs.
4. An authoritative written statement of company
Internal Control over Plant and Equipment policy distinguishing between capital
The amounts invested in plant and equipment represents expenditures and revenue expenditures. A dollar
a large portion of the total assets of many industrial minimum ordinarily will be established for
concerns. Maintenance, rearrangement and depreciation capitalization; any expenditures of a lesser
of these assets are major expenses in the income amount automatically classified as charges
statement. The total expenditures for the assets and against current revenue.
related expenses make strong internal control essential to 5. A policy requiring all purchases of plant and
the preparation of reliable financial statements. Errors in equipment to be handled through the purchasing
measurement of income may be material if assets are department and subjected to a standard routine
scrapped without their cost being removed from the for receiving, inspection and payment.
accounts, or if the distinction between capital and 6. Periodic physical inventories designed to verify
revenue expenditures is not maintained consistently. The the existence, location and condition of all
losses that inevitably arise from uncontrolled methods of property listed in the accounts and to disclose
acquiring, maintaining, and retiring plant and equipment the existence of any unrecorded units. 7. A
are often greater than the losses from fraud in cash system of retirement procedures, including
handling. serially numbered retirement work orders
(bottom), stating reasons for retirement and
In large enterprises, the auditors may expect to find an bearing appropriate approvals.
annual plant budget used to forecast and control
acquisitions and retirements of plant and equipment. POTENTIAL MISSTATEMENTS - INVESTMENTS
Many small companies also forecast expenditures for IN PROPERTY, PLANT AND EQUIPMENT
plant assets. Successful utilization of a plant budget 1. Misstatement of acquisitions of property, plant
presupposes the existence of reliable and detailed and equipment
accounting records for plant and equipment. A detailed 2. Failure to record retirements of property, plant
knowledge of the kinds, quantities and condition of and equipment.
existing equipment is an essential basis for intelligent 3. Improper reporting of unusual transactions.
forecasting of the need for replacements and additions to
the plant.
Description of Examples Internal
Misstatement Control
Other key controls applicable to plant and equipment
Weakness or
are as follows:
Factors that
1. A subsidiary ledger consisting of a separate
Increase the
record for each unit of property. An adequate
Risk of the
plant and equipment ledger facilitate the
Misstatement
auditor's work in analyzing additions and
retirements, in verifying the depreciation
provision and maintenance expenses, and in Misstatement Fraud: Undue pressure
comparing authorizations with actual of acquisitions Expenditures to meet earnings
expenditures. of property, for repairs and targets.
2. A system of authorization requiring advance plant and maintenance
executive approval of all plant and equipment equipment expenses
acquisitions, whether by purchase, lease or recorded as
construction. Serially numbered capital work property, plant Inadequate
orders are a convenient means of recording and equipment accounting
authorizations. acquisitions to manual;
 overstate incompetent
income. accounting
personnel. CHAPTER 17: INTERNAL CONTROL
Error: AFFECTING LIABILITIES AND
Purchases of EQUITY
equipment
erroneously
INTERNAL CONTROL OVER ACCOUNTS
reported in
PAYABLE
maintenance
● Accounts payable is used to describe short-term
and repairs
obligations arising from the purchase of goods
expense
and services in the ordinary course of business.
account.
● Invoices and statements from supplies usually
evidence accounts payable arising from the
Failure to Error: Inadequate purchase of goods and services and most other
record An asset that accounting liabilities.
retirements of has been policies, e.g., ● Accrued liabilities generally accumulate
failure to use overtime and management must make
property, plant replaced is
retirement work
and equipment. discarded due to accounting estimates of the year-end liabilities. /
orders.
its lack of value,
without an The term accounts payable (often referred to as
accounting vouchers payable for a voucher system) is used to
entry. describe short-term obligations arising from the
purchase of goods and services in the ordinary course of
business. Typical transactions creating accounts payable
Improper Error: Inadequate include the acquisition on credit of merchandise, raw
reporting of A "gain" accounting materials, plant assets and office supplies,
unusual recorded on an manual;
transactions. exchange of incompetent Other sources of accounts payable include the receipt of
nonmonetary accounting services, such as legal and accounting services,
assets that lacks personnel. advertising, repairs and utilities. Interest bearing
commercial obligations should not be included in accounts payable
substance. but shown separately as bonds, notes, mortgages, or
installment contracts.

● At zero; wala na dapat sa record
● Fully depreciation pero ginagamit padin;
carrying value is 0, cost = acc dep’n ; nasa
record padin
Invoices and statements from supplies usually evidence
accounts payable arising from the purchase of goods or
services and most other liabilities. However, accrued
liabilities (sometimes called accrued expenses)
generally accumulate over time, and management must
make accounting estimates of the year-end liability. Such
estimates are often necessary for salaries, pensions,
interest, rent, taxes and similar items.

In thinking about internal control over accounts payable,

it is important to recognize that the accounts payable of
one company are the accounts receivable of other
companies. It follows that there is little danger of errors
being overlooked permanently since the client's creditors
will generally maintain complete records of their
received. matching
receivables and will inform the client if payment is not
invoices with
received. This feature also aids auditors in the discovery
receiving
of fraud, since the perpetrator must be able to obtain and
documents
respond to the demands for payment. Some companies,
before
therefore, may choose to minimize their record keeping
disbursements
of liabilities and to rely on creditors to call attention to
are authorized.
any delay in making payment. This viewpoint is not an
endorsement of inaccurate or incomplete records of Misappropriati Fraud: -Ineffective
accounts payable, but merely recognition that the on of purchases -Goods are controls for
self-interest of creditors constitutes an effective control ordered but matching
in accounting for payables that is not present in the case delivered to an invoices with
of accounts receivable. inappropriate receiving
address and documents
Discussion of internal control applicable to accounts stolen. before
payable may logically be extended to the entire purchase disbursements
or acquisition cycle. are authorized.

POTENTIAL MISSTATEMENTS ACCOUNTS Duplicate Error: -Ineffective

PAYABLE recording of -A purchase is controls for
1. Inaccurate recording of a purchase or purchases recorded when review and
disbursement an invoice is cancellation. of
2. Misappropriation of purchases received from a supporting
3. Duplicate recording of purchases vendor and documents by
4. Late (early) recording of cost of purchase "cutoff recorded again the check
problems" when a signer.
duplicate
invoice is sent
Description of Examples Internal
Control by the vendor.
Misstatement
Weakness or
Factors that Late (early) Fraud: -Ineffective
increase the recording of -Purchases board of
Risk of the cost of journal "closely directors, audit
Misstatement committee, or
purchase early" with this
internal. audit
"cutoff period's function; "tone
Inaccurate Fraud: -Inadequate
problems" purchases ot the top" not
recording of a -A bookkeeper segregation of
recorded as conducive to
purchase or prepares a check duties of record
having occurred ethical conduct;
disbursement to himself and keeping and undue pressure
in subsequent
records it as preparing cash to meet earnings
period.
having been disbursements, target.
issued to a or check signer
major supplier. does not review INTERNAL CONTROL OVER OTHER DEBTS
and concel Business corporations obtain substantial amounts of
Error: supporting their financial resources by incurring debt and issuing
-A disbursement documents. capital stock. The acquisition and repayment of capital is
is made to pay
sometimes referred to as the financing cycle. This
an invoice for -Ineffective
goods that have transaction cycle includes the sequence of procedures for
controls for authorizing, executing, and recording transactions that
not been
involve bank loans, mortgages, bonds payable, and
capital stock as well as the payment of interest and
dividends.
INTERNAL CONTROL OVER DEBT
1. Authorization by the Board of Directors
Effective internal control over debt begins with the
authorization to incur the debt. The bylaws of a
corporation usually require that the board of directors
approve borrowing. The treasurer of the corporation will
prepare a report on any proposed financing, explaining
the need for funds, the estimated effect of borrowing
upon future earnings, the estimated financial position of
the company in comparison with others in the industry
both before and after the borrowing, and alternative
methods of raising the funds. Authorization by the board
of directors will include review and approval of such
matters as the choice of a bank or trustee, the type of
security, registration with the SEC, agreements with
investment bankers, compliance with requirements of the
state of incorporation, and listing of bonds on a
securities exchange. After the issuance of long-term
debt, the board of directors should receive a report
stating the net amount received and its disposition as, for
example, acquisition of plant assets, addition to working
capital, or other purposes.
2. Use of an Independent Trustee
Bond issues are always for large amounts usually many
millions of pesos. Therefore, only relatively large
companies issue bonds: small companies obtain
long-term capital through mortgage loans or other
sources. Any company large enough to issue bonds and
able to find a ready market for the securities will almost
always utilize the services of a large bank as an
independent trustee.
The trustee is charged with the protection of the
creditors' interests and with monitoring the issuing
company's compliance with the provisions of the
indenture. The trustee also maintains detailed records of
the names and addresses of the registered owners of the
bonds, cancels old bond certificates and issues new ones
when bonds change ownership, follows procedures to
prevent over issuance of bond certificates, distribute
interest payments, and distributes principal payments
when then bonds mature. Use of an independent trustee
largely solves the problem of internal control over bonds
payable. Internal. control is strengthened by the fact that
the trustee does not have access to the issuing company's
assets or accounting records and the fact that the trustee
is a large financial institution with legal responsibility
for its actions.
3. Interest Payments on Bonds and Notes Payable
Many corporations assign the entire task of paying
interest to the trustee for either bearer bonds or
registered bonds. Highly effective control is then
achieved, since the company will issue a single check for
the full amount of the semiannual interest payment on
the entire bond issue.
INTERNAL CONTROL OVER OWNERS'
EQUITY
The three principal elements of strong internal control
over share capital and dividends:
1. the proper authorization of transactions by the
board of directors and corporate office,
2. the segregation of duties in handling these
transactions (preferably the use payments), and
3. the maintenance of adequate records.
INTERNAL CONTROL ON EQUITY (control over
owner’s equity)
1. Control of Share Capital Transactions by the Board
of Directors
All changes in share capital accounts should receive
formal advance approval by the board of directors. The
board of directors must determine the number of shares
to be issued and the price per share; if an installment
plan of payment is to be used, the board must prescribe
the terms. If plant and equipment, services, or any
consideration other than cash is to be accepted in
payment for shares, the board of directors must establish
the valuation on the noncash assets received. Transfers
from retained earnings to the Share Capital and Paid-in
Capital accounts, as in the case of stock dividends, are
initiated by action of the board. In addition, stock splits
and changes in par or stated value of shares require
formal authorization by the board.
Authority for all dividend actions rests with the
directors. The declaration of a dividend must specify not
only the amount per share but also the date of record and
the date of payment.
2. Independent Registrar and Stock Transfer Agent
In appraising internal control over share capital, the first
question that the auditors consider is whether the
corporation employs the services of an independent
share registrar and a share transfer agent or handles its
own capital share transactions. Internal control is far
stronger when the services of an independent share
registrar and a stock transfer agent are utilized because
the banks or trust companies acting in these capacities
will have the experience, the specialized facilities, and
the trained personnel to perform the work in an expert
manner. Moreover, by placing the responsibility for
handling share capital certificates in separate and
independent organizations, the corporation achieves to
the fullest extent the internal control concept of
separation of duties.
Internal Control over Dividends
The nature of internal control over the payment of
dividends, as in the case of stock issuance, depends
primarily upon whether the company performs the
function of dividend payment itself or utilizes the
services of an independent dividend-paying agent. If an
independent dividend-paying agent is used, the
corporation will provide the agent with a certified copy
of the dividend declaration and a check for the full
amount of the dividend. The bank or trust company
serving as stock transfer is usually appointed to
distribute the dividend, since it maintains the detailed
records of shareholders. The agent issues dividend
checks to the individual shareholders and sends the
corporation a list of the payments made. The use of an
independent fiscal agent is to be recommended from the
stand-point of internal control, for it materially reduces
the possibility of fraud or error arising in connection
with the distribution of dividends.
In a small corporation that does not use the services of a
dividend-paying agent, the responsibility for payment of
dividends is usually lodged with the treasurer and the
secretary. After declaration of a dividend by the board of
directors, the secretary prepares a list of shareholders as
of the date of record, the number of shares held by each,
and the amount of the dividend each is to receive. The
total of these individual amounts is proved by
multiplying the dividend per share by the total number of
outstanding shares.
Dividend checks controlled by serial numbers are dawn
payable to individual stockholders in the amount shown
on the list described above. If the shareholders ledger is
maintained on a computer master file, the dividend
checks may be prepared by the computer directly from
this record. The stockholder list and dividend checks are
submitted to the treasurer for approval and signature.
The checks should be reconciled by the treasurer with
the total of shares outstanding and mailed without again
coming under control of the officer who prepared them.
Cash in the amount of the total dividend is then
transferred from the general bank account to a separate
dividend bank account. As the individual dividend
checks are paid from this account and returned by the
bank, they should be matched with the check stubs or
marked paid in the dividend check register. A list of
outstanding checks be prepared monthly from the open
stubs or open items in the checks register. This list
should agree in total with the balance remaining in the
dividend bank account. Companies with numerous
shareholders prepare dividend checks in
machine-readable form, so that the computer may
perform the reconciliation of outstanding checks.
Questions
1. What are the relevant accounts related to debt
obligations?
2. What are the relevant accounts related to
stockholders' equity transactions?
3. Identify common transactions affecting
stockholders' equity accounts.
4. Identify fraud risks associated with debt
obligations.
5. Identify fraud risks associated with stockholders
equity accounts.