Professional Documents
Culture Documents
Internal Control Internal control system means all the policies and
● is the process designed and effected by those procedures (internal controls) adopted by the
charged with governance, management and other management of an entity to assist in achieving
personnel to provide reasonable assurance management's objective of ensuring, as far as
about the achievement of the entity's objectives practicable:
with regard to reliably on financial reporting, ● the orderly and efficient conduct of its business,
effectiveness and efficiency of operations and including adherence to management policies,
compliance with applicable laws and ● the safeguarding of assets,
regulations. ● the prevention and detection of fraud and error,
● It follows that internal control is designed and ● the accuracy and completeness of the accounting
implemented to address identified business records, and the
risks that threaten the achievement of any of ● timely preparation of reliable financial
these objectives. information.
The internal control system extends beyond these 3. Control Activities Principles
matters which relate directly to the functions of the ● The organization selects and develops control
accounting system and consists of the following activities that contribute to the mitigation of
components: risks to the achievement of objectives to
a. the control environment; acceptable levels.
b. the entity's risk assessment process; ● The organization selects and develops general
c. the information system, including the related control activities over technology to support the
business processes, relevant to financial achievement of objectives.
reporting, and communication; ● The organization deploys control activities
d. control activities; through policies that establish what is expected
e. monitoring of controls. and procedures that put policies into action.
- Action & Attitude
4. Information and Communication Principles
FIVE COMPONENTS ● The organization obtains or generates and uses
1. Control Environment Principles relevant, quality information to support the
● The organization demonstrates a commitment to functioning of internal control.
integrity and ethical values. ● The organization internally communicates
● The board of directors demonstrates information, including objectives and
independence from management and exercises responsibilities for internal control, necessary to
oversight of the development and performance support the functioning of internal control.
of internal control. ● The organization communicates with external
● Management establishes, with board oversight, parties regarding matters affecting the
structures, reporting lines, and appropriate functioning of internal control.
authorities and responsibilities in the pursuit of
objectives. 5. Monitoring Activities Principles
● The organization demonstrates a commitment to ● The organization selects, develops, and
attract, develop, and retain competent performs ongoing and/or separate evaluations
individuals in alignment with objectives. to ascertain whether the components of internal
control are present and functioning.
● The organization evaluates and communicates organization to fail to achieve its operational goals. Their
internal control deficiencies in a timely manner are inherent limitations from
to those parties responsible for taking ● Faulty human judgment in decision making
corrective action, including senior management ● Human failures such as simple errors
and the board of directors, as appropriate. ● Ability of management to override internal
control
Design - is how you plan the risk, maglagay ng approval ● Ability of management, other personnel, and/or
third parties to circumvent controls through
Problem: Daily time record nadadaya, time in & time collusion
out hindi namomonitor ● External events beyond the organization’s
control
Control:
- Ung card swipe swipe, ID Scan The importance of Internal Control to Internal
Auditors
Monitor: ● Internal Audit cannot provide assurance on
- Meron pala na maaga time in pero wala pa internal control if auditors do not understand of
talaga sa work the main elements of internal control
● Internal Auditors need a thorough
Effective Internal Control understanding of the different ways of ensuring
● Requires that each of the five components and effective internal control and the type and nature
relevant principles is present and functioning. of controls in operation for example,
● "Present" - the components and relevant Preventative and Detective Controls
principles exist in the design and ● An understanding of the three lines of Defence
implementation of the system of internal control. Model can help IA explain the different roles of
● "Functioning" - the components and relevant IA and management in maintaining effective
principles continue to exist in the operations internal control
and conduct of the system of internal control to ● Internal Audit can help managers understand
achieve specified objectives. that internal control is not just financial control
● That the five components operate in an but Managerial Control in general
integrated and interdependent manner.
The Three Lines of Defence Model
“Dapat both present AND functioning.” ● The First line of Defence
- direct operation of controls by
Internal Control Results in: management (the employees)
Reasonable assurance that the organization: ● The Second line of Defence
● Achieves effective and efficient operations - monitoring and oversight of controls by
● Understands the extent to which operations are management
managed effectively and efficiently when ● The Third line of Defence
external events may have a significant impact - review of the effectiveness of controls
on the achievement of objectives by audit and evaluation
● Prepares reports in conformity with applicable
rules. regulations. and standards or with the
entity's specified reporting objectives ======
● Complies with applicable laws, rules, A. CONTROL ENVIRONMENT
regulations, and external standards The control environment which means the overall
attitude, awareness and actions of directors and
LIMITATIONS management regarding the internal control system and
Internal control cannot prevent bad judgment or its importance in the entity. The control environment has
decisions, or external events that can cause an an effect on the effectiveness of the specific control
procedures. A strong control environment, for 2. Commitment to Competence
example, one with tight budgetary controls and an Competence is the knowledge and skills
effective internal audit function, can significantly necessary to accomplish tasks that define an
complement specific control procedures. However, a employee's job. Commitment to competence
strong environment does not, by itself, ensure the means that management considers the
effectiveness of the internal control system. Factors competence levels for particular jobs in
reflected in the control environment include: determining the skills and knowledge required
● The function of the board of directors and its of each employee and that it hires employees
committees; competent to perform the tasks.
● Management's philosophy and operating style;
● The entity's organizational structure and 3. Participation by those Charged with
methods of assigning authority and Governance
responsibility; An entity's control consciousness is influenced
● Management's control system including the significantly by those charged with governance.
internal audit function, personnel policies and Attributes of those charged with governance
procedures and segregation of duties. include independence from management, their
experience and stature, the extent of their
The environment in which internal control operates has involvement and scrutiny of activities, the
an impact on the effectiveness of the specific control appropriateness of their actions, the information
procedures. Several factors compromise the control they receive, the degree to which difficult
environment, including: questions are raised and pursued with
1. Communication and Enforcement of Integrity management and their interaction with internal
and Ethical Values and external auditors. The importance of
2. Commitment to Competence responsibilities of those charged with
3. Participation by those Charged with Governance governance is recognized in codes of practice
4. Management's Philosophy and Operating Style and other regulations or guidance produced for
5. Organizational Structure the benefit of those charged with governance.
6. Assignment of Authority and Responsibility Other responsibilities of the governance include
7. Human Resources Policies and Procedures (1) oversight of the design and effective
operation of whistleblower procedures and the
1. Communication and Enforcement of Integrity process for (2) reviewing the effectiveness of
and Ethical Values the entity's internal control.
Integrity and ethical values are essential
elements of the internal control environment. 4. Management's Philosophy and Operating
They affect the design, administration, and onner Style
components of internal control. An entity's This refers to management's attitude towards
ethical and behavioral standards and the manner (a) business risk,
in which it communicates and reinforces them (b) financial reporting,
determine the entity's integrity and ethical (c) meeting budget, profit and other
behavior. Integrity and me values include established goals
management's actions to remove or reduce which all have an impact on the reliability of the
incentives and temptations that might prompt financial statements. Management's approach to
personnel to engage in dishonest, megal, or taking and monitoring business risks, its
unethical acts. They also include the conservative or aggressive selection from
communication of entity values and behavioral alternative accounting principles, its
standards to personnel through policy conscientiousness and conservatism in
statements, a code of conduct, and developing accounting estimates, and its attitude
management's example of appropriate behavior. toward information processing and the
accounting function and personnel are factors An entity's risk assessment process is its process for
that affect the control environment. domino responding to business risks and the results
thereof. For financial reporting purposes, the entity's risk
5. Organizational Structure assessment process includes how management identifies
The responsibilities and authorities of the risks relevant to the preparation of financial statements
various personnel within the organization should that are presented fairly, in all material respects in
be established in such a manner as to (1) assist accordance with the entity applicable financial reporting
the entity in meeting its goals and objectives and framework, estimates their significance, assesses the
(2) ensure that transactions are processed, likelihood of their occurrence, and decides upon actions
recorded, summarized and reported in an to manage them. For example, the entity's risk
accurate and timely manner. Organizational assessment process may address how the entity considers
structure provides the overall framework for the possibility of unrecorded transactions or identifies
planning, directing and controlling operations. and analyzes significant estimates recorded in the
financial statements. Risks relevant to reliable financial
6. Assignment of Authority and Responsibility reporting also relate to specific events or transactions.
Personnel within an organization need to have a
clear understanding of their responsibilities and Risks relevant to financial reporting include external
the rules and regulations that govern their and internal events and circumstances that may occur
actions. Management may develop job and adversely affect an entity's ability to initiate, record,
descriptions, computer system documentation. process, and report financial data consistent with the
It may also establish policies regarding assertions of management in the financial statements.
acceptable business practice, conflicts of interest Once risks are identified, management considers their
and code of conduct. significance, the likelihood of their occurrence, and how
they should be managed. Management may initiate
7. Human Resources Policies and Procedures plans, programs, or actions to address specific risks or it
Perhaps the most important element of an may decide to accept a risk because of cost or other
internal accounting control system is the considerations.
PEOPLE who perform and execute the
established policies and procedures. Personnel Risks can arise or change due to circumstances such as
policies should be adopted by the client to the following:
reasonably ensure that only capable and honest ● Changes in operating environment. Changes
persons are hired and retained. Policies with in the regulatory or operating environment can
respect to employee selection, training, and result in changes in competitive pressures and
supervision should be adopted and implemented significantly different risks.
by the client. The selection of competent and ● New personnel may have a different focus on or
honest personnel does not automatically assure understanding of internal control.
that errors or irregularities will not occur. ● New or revamped information systems.
However, adequate personnel policies, coupled Significant and rapid changes in information
with the design concepts suggested earlier in this systems can change the risk relating to internal
section, enhance the likelihood that the client's control.
policies and procedures will be followed. ● Rapid growth. Significant and rapid expansion
of operations can strain controls and increase the
B. ENTITY'S RISK ASSESSMENT PROCESS risk of a breakdown in controls.
Risk Assessment is the "identification, analysis, and ● New technology. Incorporating new
management of risks pertaining to the preparation of technologies into production processes or
financial statements". For example risk assessment may information systems may change the risk
focus on how the entity considers the possibility of associated with internal control.
transactions not being recorded or identifies and assesses ● New business models, products, or activities.
significant estimates recorded in the financial statements. Entering into business areas or transactions with
which an entity has little experience may
introduce new risks associated with internal The information system relevant to financial reporting
control. objectives, which includes the accounting system,
● Corporate restructurings. Restructurings may consists of the procedures and records designed and
be accompanied by staff reductions and changes established to:
in supervision and segregation of duties that may ● Initiate, record, process, and report entity
change the risk associated with internal control. transactions (as well as events and conditions)
● Expanded foreign operations. The expansion and to maintain accountability for the related
or acquisition of foreign operations carries new assets, liabilities, and equity;
and often unique risks that may affect internal ● Resolve incorrect processing of transactions, for
control, for example, additional or changed risks example, automated suspense files and
from foreign currency transactions. procedures followed to clear suspense items out
● New accounting pronouncements. Adoption of on a timely basis;
new accounting principles or changing ● Process and account for system overrides or
accounting principles may affect risks in bypasses to controls;
preparing financial statements. ● Transfer information from transaction
processing systems to the general ledger;
The basic concepts of the entity's risk assessment ● Capture information relevant to financial
process are relevant to every entity, regardless of size, reporting for events and conditions other than
but the risk assessment process is likely to be less transactions, such as the depreciation and
formal and less structured in small entities than in amortization of assets and changes in the
larger ones. All entities should have established recoverability of accounts receivables; and
financial reporting objectives, but they may be ● Ensure information required to be disclosed by
recognized implicitly rather than explicitly in small the applicable financial reporting framework is
entities. Management may be aware of risks related to accumulated, recorded, processed, summarized
these objectives without the use of a formal process but and appropriately reported in the financial
through direct personal involvement with employees and statements.
outside parties.
Journal Entries
Considerations Specific to Smaller Entities An entity's information system typically includes the use
Many small entities are carried out entirely by the of standard journal entries that are required on a
engagement partner (who may be a sole practitioner). recurring basis to record transactions. Examples might
In such situations, it is the engagement partner who, be journal entries to record sales, purchases, and cash
having personally conducted the planning of the audit, disbursements in the general ledger, or to record
would be responsible for considering the susceptibility accounting estimates that are periodically made by
of the entity's financial statements to material management, such as changes in the estimate of
misstatement due to fraud and error. uncollectible ac receivable.
C. INFORMATION SYSTEM, INCLUDING THE An entity's financial reporting process also includes the
BUSINESS PROCESSES FINANCIAL use of non-standard journal entries to record
REPORTING AND COMMUNICATION non-recurring, unusual transactions or adjustments."
An information system consists of infrastructure Examples of such entries include consolidating
(physical and), software, people, procedures, and data. adjustments and entries for a business combination or
Infrastructure and software will be absent, or have less disposal or nonrecurring estimates such as the
significance, in system exclusively or primarily manual. impairment of an asset. In manual general ledger
Many information systems make use of IT. systems, non-standard journal entries may be identified
through inspection of ledgers, journals, and supporting
The Information System, Including Related Business documentation. When automated procedures are used to
Processes, Relevant to Financial Reporting maintain the general ledger and prepare financial
statements, such entries may exist only in electronic memoranda (3) Communication also can be made
form and may therefore be more easily identified electronically, orally, and through the actions of
through the use of computer assisted audit techniques. management. (EOA)
● At zero; wala na dapat sa record Invoices and statements from supplies usually evidence
● Fully depreciation pero ginagamit padin; accounts payable arising from the purchase of goods or
carrying value is 0, cost = acc dep’n ; nasa services and most other liabilities. However, accrued
record padin liabilities (sometimes called accrued expenses)
generally accumulate over time, and management must
make accounting estimates of the year-end liability. Such
estimates are often necessary for salaries, pensions,
interest, rent, taxes and similar items.