Professional Documents
Culture Documents
INTERNAL CONTROL
Prepared by Marco Fernando L. Ng, CPA, CIA, CFE, CGMA
Marco Fernando L. Ng CPA, CIA, CFE, CGMA
Managing Partner Direct Tel : 0922-856-0648
M. Ng & T. Lopez Partnership Firm Tel Landline : 045-322-8033
Angeles City, Pampanga Email :mtpf.marcong@gmail.com
Background Experience
• Marco is the Managing Partner of M. Ng & T. Lopez Marco has performed various audit services and fraud investigation namely to the following
Partnership Firm, one of the dynamic accounting and industry:
assurance firm in Angeles City.
Importer/Distributor – Managed the forensic audit of a partnership, engage in importing and
• Marco is one of founders of the Firm which started on
distribution of animal and pet products, relating to allegation of misappropriation of cash
November 2013. Prior to this, he started his career with
collections and diversion of partnership funds by the managing partner and employees. The
one of the big 4 firms in the Philippines where he spent 4
project entailed performing procedures to establish the amount involved in the said employee
years conducting external audit engagement with Public
fraud.
and Private companies. Then he joined the biggest
auditing firm in the Philippines where he spent 3 years
Multinational Company – Managed the independent review of costing methodology and analysis
doing Fraud Investigation and Dispute services for large
of costing data of a multinational company based in the Philippines, with export business to other
multinational companies and state auditors of the
countries. The review was made to support a dispute in another country involving the
Philippines. And finally he spent 3 years conducting
multinational company. The project entailed procedures in documenting cost allocation process
external and internal audit work in New York and Los
and gathering information regarding the computation of gross margin and earnings before taxes
Angeles California for one Hedge Funds and Private
Equity Funds with one of the largest US firm.
Government sector –supervised the development and preparation of a fraud audit manual to be
Skills and affiliation integrated in the regular audit of Government agencies. These project required review of the
• Marco is Certified Fraud Examiner (CFE), Certified current state of fraud auditing within the audit institution, developing and preparing the fraud
Internal Auditor (CIA), Certified Public Accountant (CPA) audit manual, developing of training materials, and conducting of training programs of selected
Both in the Philippines and in the US, and a Chartered state auditors.
Global Management Accountant.
Health Service - Supervised and helped assist the forensic audit of a private hospital relating to
• Marco has maintained his membership with the allegation of improper of cash collections made by the company’s procurement manager from
Association of Certified Fraud Examiner (ACFE), Institute external sales agents.
of Internal Auditors (IIA), American Institute of 2
Accountants (AICPA), Chartered Institute of Management
Accountants (CIMA), and Philippines Institute Certified
Public Accountants (PICPA).
COURSE OBJECTIVES
Appreciate Internal Controls
Assess the Company’s Internal Control using the
COSO Framework
Perform Internal Control Assessment
Formulate audit program for internal control
testing and substantive testing
WHAT IS INTERNAL CONTROL?
In its broadest form, internal control is defined as a
process typically established at the organization’s
highest level such as the board of directors and through
its management and associates, provides the
stakeholders with assurances that the company’s
reporting is reliable, efficient, and in compliance with
existing regulations and legal requirements.
WHAT IS INTERNAL CONTROL? CONT…
Internal control is what we do to see that the
things we want to happen will happen
And the things we don’t want to happen won’t
happen.
PRIMARY OBJECTIVES OF THE INTERNAL
CONTROL
Preventive controls
Detective controls
Corrective controls
The entity's
identification and
analysis of relevant
risks to achievement of
its objectives.
COSO's Enterprise
risk management
(ERM) framework
COSO ERM FRAMEWORKS
Presence or Absence of Environmental Controls:
Exposure for the organization from simple embarrassment to
moderate economic loss or bankruptcy
Top-Down Leadership:
Involves all the employees in a company
COSO ERM FRAMEWORKS
Those charged
with Governance
Control Functions
Authorization
Minimize abuse and
Ethical Risk due to too
much Power!
Segregation
Of Duties
Recording
Custody
CONTROL PROCEDURES:
SEPARATION OF DUTIES
Spreadsheet controls
Deterrents to
prevent physical
access. Incorrect
Access controls to Password
prevent getting into
computer system.
Backup and
recovery procedures
Personnel are likely to
forget or
intentionally fail to
follow procedures,
or they may become
careless unless
someone observes
and evaluates their
performance.
COSO FRAMEWORK:
INFORMATION AND COMMUNICATION
• The identification, capture, and exchange of
information in the form and time frame that enables
people to carry out their responsibilities.
COSO FRAMEWORK:
MONITORING
• Risk Management
Philosophy
Future • Risk Culture
• Risk Appetite
INTERRELATED COMPONENTS OF INTERNAL CONTROL
• Ongoing Activity
• Integrated with
Future Company’s Strat Plan
• Inherent and Residual
Risk consideration
INTERRELATED COMPONENTS OF INTERNAL CONTROL
• Focuses on Reporting
and Compliance
Now Controls
• Internal and External
information
Executive Management
Environmental
Controls (Board of Directors)
(Management
Controls)
Business Systems
SYSTEMS
Environment and Related
Controls
TRANSACTION
Transaction Within Applications
Activities and Related Routine Transactions -- Nonroutine
Transactions
Controls Processing Methods for Transactions
CEO
Top
CFO COO
Day to Day
Transaction
Originates
Output
Procedures for Processing Transaction
Three categories
Internal control deficiency
Significant deficiency
Material weaknesses
Human error
Collusion
Management override
Cost/benefit analysis
There is often a trade-off between the cost and the
effectiveness of internal controls.
The concept of reasonable assurance recognizes that
the cost of an entity’s internal control should not exceed
the benefits that are expected to be derived.
QUESTION #4