REPORT SCRIPT

Okay, Good afternoon everyone. So, lets jump to anther part of the topic which we will talk about
internal control.

As according to the manual, Internal Control is an integral process that is effected by an agency’s
management and personnel, and is designed to address risks and provide reasonable assurance that in
pursuit of the agency’s mission, the general objectives are being achieved

Kung maalala mo pa, nadiscuss n ani sir about the internal control. Sa binigay na definition ay
magkapareho lang ang definition nito compare sa discussion ng internal control in the audit process that
was discussed in the previous semester. However, ang pagkakaiba nila ay ang internal control na
ididscuss ko ngayon ay para sa agencies or organizations in the government.

So ang Agency’s Internal Control System (AICS) ay binubuo ng mga plano ng organisasyon at lahat ng mga
pamamaraan at hakbang na pinapatibay sa loob ng ahensya upang matiyak ang kaayusan.

For example, this internal control should provide reasonable assurance regarding the achievement of
agency’sobjectives in the following categories:

 Effectiveness and efficiency of operations;

 Reliability of financial reporting;
 Compliance with applicable laws and regulations; and,
 Safeguarding of assets.

In other work, if the internal control is strong, we will able to determine that the policies, processes,
tasks and other aspect of the organisation is effective and efficient. It is also help to ensure to have a
quality and reliable financial reporting. And it is also help the organisation to ensure compliance with the
laws and regulation. And lastly, internal control helps in safeguarding assets against theft and
unauthorized use, acquisition and disposal

In internal control, we have 5 components. Which are the control environment, risk assessment, Control
Activities, Information and communication and Monitoring. To make short, the components of internal
control is CRIME.

Control Environment – sets the tone of an organization, influencing the control consciousness of its
staff. It is the foundation for all other components of internal control, providing discipline and
structure

control environment this refers to the overall situation of a company it can include things like tone at
the top so management's attitude the structure of the organization the structure and attitude of the
board of directors and their financial reporting policies and procedures

so, basically ito yung tinatawag na foundation ng internal control dahil yung sinsabi dito na tone of the
top. Ibig sabihin ito yung mga attitudes ng mga nasa taas na posisyon. For example, if these people is
very ethical and sinusund ang mga internal control ng maayos, in that way naapektuan nila ang
environment which is their workplace at naiinplunwensiyahan nila ang mga nasa lowest management na
gawin din ang kanilang ginagawa. To make it short. To be a leader, you should lead by example.
In control environment, there are 5 principles. These are the following,

1. Management and staff demonstrate personal and professional integrity and ethical values;
makikita natin ang kung paano ba maattain or paano mag act with integrity and ethical values sa
code of ethics. Ang code of ethics ay binubuo ng mga guidelines and best practices kung paano
maging honesty, paano magkaroon ng integrity at paano maging isang professional.
2. Management sets the “tone at the top” (i.e. management’s philosophy and operating style);
sabi ko nga kanina, ang tope at the top is ito yung mga attitude ng mga nasa mataas na posisyon
na nakakainfluensiya sa environment
3. Management establishes an appropriate government organizational structure; there must have
proper assigning of responsibilities. Technically, dapat ang mga responsibilities nila ay clear na
sakanila as early as in hiring.
4. Management and staff exhibit commitment to competence; and, we can attain our
competence through ETE which is stand for education, training, and experience.
5. Management establishes human resource policies and practices. Dito, tinignan kung paano ang
hiring system ng isang ahensiya. I think the best advise is, sa umpisa palang ay dapat strict na sa
hiring qualification para at the end of the day, maiiwasan natin ang problem. Basically, ang hiring
is by stage.

Risk Assessment – process of identifying and analyzing relevant risks to the achievement of the
agency’s objectives and determining the appropriate response.

risk assessment this refers to what risk does the company or organization face in other words what are
the potentials for fraud or what are the potentials for not meeting business objectives

We have 3 principles in risk assessment.

1. Management identifies and defines appropriate objectives and risk tolerance in specific and
measurable terms;
2. Management identifies, evaluates and assesses agency’s risks; and,
3. Management determines appropriate response to the identified, evaluated, and assessed
agency’s risks.

Sa isang organisasyon ay mayroon risk at ito ay inevetible. Dapat natin malaman yung mga possible risk
sa isang organisasayon. Dahil itong mga risk na ito ay mga sagabal sa objectives ng organization para ma
achived.

Importatenteng malaman yung risk para maasses nila if suffiecient ba yung internal control na na
implement. If hindi, mag dedetermine sila ng mas appropriate na internal control to mitigate this
agency,s risk.

Control Activities – The policies and procedures established to address risks and to achieve the
agency’s objectives. The procedures that an organization puts in place to treat risk.

control activities these are the policies and procedures designed to address the risks that exist in the
organization so for example internal controls could be the policies and procedures related to recording a
transaction only paying an invoice that reconciles to a purchase order and things of that nature
so after mo maidentify ang risk ng isang agency department, dito magiisip kana ng mga contrl activities
paano ba natin maiiwasan yung risk nay un to achieve our objectives.

1. Management designs control activities which are appropriate, function consistently according
to plan throughout the period, cost effective, comprehensive, reasonable and directly relate to
the control objectives and to address risks;
2. Management develops control activities which include a range of diverse policies and
procedures; and, to diverse policies and procedure. Halibawa nito ay ang physical control and
segregation of duties. Where in sa physical control ay nagseset tayo ng mga securities sa ating
mga asset at sa segregation ng duties naman ay ang pagtihati ng responsibility sa organisation.
Sa segregation of duties ay magkakaiba ng employee sa CARE. Means ibang employee sa
Custody, Authorize, recording at sa evaluation. In that way, para maiiwasan ang confusion of
responsibilities.
3. Management develops an effective information technology control activities. The use of the IT
is to solve complex business concern with advanced hardware and up to date software
applications. It is also help to enabling decision making easier trough data driven data extracted
from the latest tools.

Information & Communication – effective processes and systems that identify, capture and report
operational, financial and compliance-related information in a form and timeframe that enable people
to carry out their responsibilities.

1. Management develops and maintains reliable and relevant financial and non-financial
information;
2. Management communicates information throughout the agency; and,
3. Management communicates information with external parties.

Monitoring – the process that assesses the quality of the internal control system’s performance over
time.

1. Management establishes and operates activities to monitor the internal control system and
evaluates the results; and,
2. Monitoring activities ensure that audit findings and recommendations are adequately and
promptly resolved.

Para masabi natin na strong yung internal control ng isang organisation ay dapt present lahat ng limang
componesnts nito. In case na wala yung isang, there is a big possibilities na magkakaraon ng mga risks in
the future.

So, paano ba natin malalaman if the internal control is strong or weak. In that case gagamit tayo ng
Agency-Level Controls Checklist ALCC. Ito ay checklist wheter yes or no in the corresponding statement.
After matapos ang Agency-Level Controls Checklist isusumarize ang lahat ng sagot and it is already part
of the preliminary assessment. After masumarize, The auditor should be able to identify which areas of
internal control activities must be tested as a result of the preliminary evaluation.
To guide the auditor in evaluating the critical internal control processes to be tested, the procedures
can be designed in the form of a checklist questionnaire. An example of a checklist questionnaire for
cash receipts is attached as Appendix 2-3A.

HOW TO TEST INTERNAL CONTROL DESIGN.

In selecting controls to test, key controls must be considered. Important or key controls address the
risk of a material misstatement. Testing internal control design determines whether the control is
designed in a way that would prevent or detect an error or fraud.

In management, madaming internal control ang meron sakanila. However, yung auditor dapat iselect
lang niya yung mga internal control na importatnte sa auditors conclusion dahil if tinets mo lahat, it
probably na hindi mo matapos yung engagement on time.

If yung internal control is naachied niya or nasatisfied niya yung control objective niya. That internal
control is effective. For example, yung isang employee ay nakatoka sa journal entry recording and
approval habang yung isa naman ay nagrerevie at nagapprove ng transaction. This is example is
segregation of duties.

The Control Design may be tested in the following manner:

i. Inquiring – ask appropriate people;

ii. Observing – watch them do the operation or do the particular steps; and,
iii. Inspecting relevant documents – get a copy of the report, look through the pages or items and
the comments that the reviewer made.

There are two types of controls, preventive controls and detective controls.

i. Preventive Controls are designed to discourage errors or irregularities from occurring.

From the word itself, prevent which means priniprevent na magoocur yung rist. Sa preventive control is
dinedecrease niya na magoccur ang error at fraud

Examples of preventive controls are:

i. Segregation of Duties – Duties are segregated among different people to reduce the risk of error
or inappropriate action;
ii. Approvals, Authorizations, and Verifications– Management authorizes employees to perform
certain activities and to execute certain transactions within limited parameters;
iii. Security of Assets (Preventive and Detective) – Access to equipment, inventories, securities, cash
and other assets is restricted; assets are periodically counted and compared to amounts shown
on control records.

ii. Detective Controls are designed to find errors or irregularities after they have occurred.

Yung is priniprevent niya itong pangalwa naman ay dinidetect niya yung errors or faud sa mga
transactions.

Examples of detective controls are:

 1. Review of Performance – dito is more on comparison. Management compares information about
current performance to budgets, forecasts, prior periods, or other benchmarks.
2. Reconciliations – An employee relates different sets of data to one another, identifies and
investigates differences, and takes corrective action, when necessary;
3. Physical Inventories – Annual or Semi-annual; dito is binibilang nila yung inventories para
madetect nila yung may magsira
4. Audits – Internal or External

External Auditor, in this case COA Auditors, can also use the works of Internal Auditors, when they
have determined that the internal audit function is likely to be relevant to the audit. The guidance on
the use of the works of Internal Auditors and in assessing their objectivity is provided under ISSAI
1610.

Kailan ba natin masasabi na ang internal auditor is ang fubnction niya ay relevant sa audit.

The internal auditor may be presumed to be objective if the following criteria are met and the internal
auditor’s function is established by legislation or regulation:

 The internal auditor is accountable to top management and to those charged with governance;
 The internal auditor reports the audit results both to top management and those charged with
governance; Ang kinikilalang boss ng internal auditor ay yung mga nasa top management
example the board of director at hindi kung sino sino siya nagrereport.
 The internal audit unit is located organizationally outside the staff and management function of
the unit under audit;
 Dapat ang ang internal auditor ay walang political pressure para magawa niya yung audit na
walang kinikilingan.
 The top management permits internal auditors to audit operations for which they have
previously been responsible for to avoid any perceived conflict of interest; and,
 The internal auditor has access to those charged with governance.