INTERNAL CONTROL- eto yung ginagawa ng employees or ng entity, and yung mga tao within the entity to achieve

the
entity’s objective.

3 primary entity’s objective

1. Reliable yung financial report na pinoprovide ng entity.

2. Effective and efficient yung pag ooperate ng business.
3. Kelangan sumusunod sila sa batas, or compliance with laws and regulations.

Achievement of objectives also include

 Adherence to management policies- Para makasunod yung company sa policy na siniset ng

management. Mamonitor, maimplement o masigurado natin na sumusunod ang employees sa
policies.
 Safeguarding assets- ma maintain natin yung securities ng assets para hindi siya manakaw.
 Prevention and detection of fraud and error- madetect pag may nangyareng fraud or error.
 Accuracy and completeness of accounting records
 Timely preparation of financial information

Internal control is not an end itself. Instead, it is a means of achieving the entity’s objectives. It is also accomplished by
people at every level of organization, including management, those charged with governance, and entity’s staff
personnel. Meaning, from the top to the bottom, hindi lang yung top at hindi lang yung bottom kasi it has to be
accomplished by people at every level. It applies to all.

LIMITATIONS OF INTERNAL CONTROL

-Internal control can provide an entity with reasonable assurance about achieving the entity’s financial reporting
objectives.

-Meaning, kahit gaano man kaeffective yung internal control, meron at merong pa ding possibility na baka hindi niya
maggawa yung trabaho niya. Hindi siya absolute assurance tulad ng auditing. Yung internal control ay hindi 100% na
maachieve natin yung objectives. Kasi nga dahil don sa tinatawag natin na limitations, may mga bagay na kahit gaano ayusin
yung pag design ng internal control, kung gaano man tayo ka effective sa pag i-impliment ng internal control ay merong pa
ding possibility na magkaroon ng problema.

INHERENT LIMITATIONS- Mga factors kung bakit di natin maabot yung 100% nay un.

1. Human Error- Ang nag iimplement ay tao.

Example of Human error
 Misunderstanding- Mali yung pagkakaintindi
 Faulty judgment- Mali yung judgement
 Carelessness
 Distraction- may iba siyang iniisip
 Fatigue- pagod, bumaba yung kanyang productivity. Hindi lagging nasa best condition yung mga
employee.
2. Employee Collusion- Sa internal control ay meron tayong tinatawag na Segregation Duties. Dapat iba ang gumagawa
nito, iba yung gumagawa ng ganyan. Dapat magkahiwalay yung incompatible duties para mabawasan yung error. The
problem is mababawasan yung effectiveness ng segregation of duties, kung nagkaroon ng sabwatan or tinatawag na
sabwatan or yung tinatawag nga na employee collusion. Mahirap siyang I prevent ng internal control.
3. Management Override- Si management kaya niyang I bypasss or di siya dadaan sa tamang process. Hindi siya dadaan sa
internal control.
For small entities, segregation of duties may be limited but management oversight may be more effective.

RESPONSIBILITES OVER CONTROLS

MANAGEMENT RESPONSIBILITIES
-Is responsible for designing, implementing, and maintaining effective internal control over financial reporting.
-Management need to maintain sufficient and appropriate internal control documentation.
-Dapat meron siyang documented policy.
AUDITOR RESPONSIBILITY
 Siya ang nag u audit ng FS, so meaning kelangan niyang I assess yung mga risk of material
misstatement thru obtaining an understanding of the entity and its environment, including the entity’s
internal control.
 Kelangan alamin ng auditor yung internal control ng client.

CONTROLS RELEVANT TO THE AUDIT

An entity’s objectives and controls are directly related however not all of these objectives and controls are relevant to
the audit.

-Meaning, yung controls pwede siyang tungkol as compliance, financial reporting, effectiveness and efficiency of
operations.

- Hindi relevants yung objectives and controls. Dahil don hindi natin kelangang alamin lahat ng internal control, yung
mga related lang sa financial reporting.

Paano natin madedetermine na relevant ang isang internal control sa audit natin?

Factors to determine a control’s relevance to audit

 Materiality and significance of related risk-

 Nature and characteristics of the entity and it’s internal control- ano yung nature and characteristics ng
internal control, kung siya ba ay about operations.
 Legal and regulatory requirements- ano ang requirements g batas sa entity na yan.
 Kaya niyang i-Prevents, i-detects, and i-corrects material misstatements

RISK ASSESSMENT: UNDERSTANDING INTERNAL CONTROL

The auditor shall evaluate the design of those controls and determine whether they have been implemented.

 Kelangan munnag alamin ni auditor kung paano ba ang design ng internal control.

Evaluate the design- meaning, capable of effectively preventing, or detecting and correcting material misstatements.

-Kelanan ding alamin ni auditor kung na implement ba at ginagamit yung internal control.

Procedures may include

 Inquiry of entity personnel

  Observing the aplications of controls
 Inspecting the documents and reports
 Tracing transaction thru the system

DOCUMENTATION OF UNDERSTANDING

The auditor shall document his understanding of internal control para maverify na naiintidihan niya talaga through

Three ways to document internal control

1. Standardized Internal Control Questionnaires- para siyang survey na ibibigay niya sa mga auditors or sa team,
may mga tanong doon na existing ba yung ganito yung internal control, meron bang segregation of duties?
Sino ang nagpaprocess ng write off, and then may mga yes or no na questions.
Advantages- easy to prepare and can easily identify deficiencies. It is design para kapag may internal control
weakness or kapag nag no ka, meaning internal control weakness yun.
Disadvantages- it lacks flexibility and to be filled mechanically.
2. Written Narratives- idedescribe niya yung mga naintindihan niya.
Advantages- show the level of auditor’s understanding.
Disadvantages-deficiencies cannot be easily identified
3. Flow charts-through diagram
Advantages- it provides clearer and more specific portrayal of the client’s system.
Disadvantages- sufficient understanding of flowcharts and deficiencies cannot be easily identified. Kasi
kelangan mo ng sufficient understanding ng flowcharts, alam mo kung paano gumawa o mag interpret ng
flowcharts.And dapat kabisado mo yung different symbols.

After documentation doon ginagawa dapat ni auditor yung walk-throughs para maverify kung tama ba understanding
niya.

TEST OF CONTROLS- determine the operating effectiveness ng internal control.

-The auditor shall design and perform tests of controls to obtain sufficient appropriate evidence as to the operating
effectiveness of controls when:

-Meaning, chinicheck mo kung nadedetermine talaga or kung maayos ba talaga yung buong internal control.

A. When the auditors assessment of risk of material misstatement includes an expectation that the controls are
operating effectively.

-Below maximum yung control risk natin, meaning effective yung internal control. Pag maganda yung design of
internal control saka tayo gagawa g test of control.

B. Substantive procedures alone cannot provide sufficient appropriate evidence.

-Hindi sapat yung substantive test lang, kaya magpeperform din ng test of control.

Strong design- perform test of controls, aalamin natin kung maganda yung pagkakaimplement kaya magpeperform
ng test of controls.

Weak design- do not perform test of controls, mas extensive yung substantive
 Test of controls procedures may include:

1. Inquiry of entity personnel

2. Observing the application of controls
3. Inspecting the documents and reports
4. Reperforming control activities
COMPONENTS OF INTERNAL CONTROL
1. Control environment- Normally ung culture ng entity.
Components;
 The auditor shall evaluate whether:
a. Management, with the oversight of those charged with governance, has created and maintained a
culture of honesty and ethical behavior.
b. The strengths in the control environment elements collectively provide an appropriate foundation
for the other components of internal controls. Meaning, yung control environment nga yung
foundation, pag pangit ang control environment kahit maganda yung iba, ineffective ang internal
control.
Control environment ang nagseset ng tone/tono ng isang organizations.
A satisfactory control environment is not an absolute deterrent to fraud- Kahit gaano kaganda
yung control environment ay hindi ibig sabihin ay 100% ay deterrent na sa fraud.

Ang control environment ay nag I start sa top level management, hindi naman kasi pwede na ang magset ng tone ay
ang mga low level employee.

 Merong proper communication and enforcement of integrity and ethical values.

-Kelangan yung nasa taas ay kelangan nilang I communicate.
 Merong commitment to competence
 Imotivate na kelangang galingan.
 Merong participation ng governance
Generally yung BOD, sila yung nag ooverseeing ng
 Kung ano ang management piloshopy and Operating Style
 Ano ang organizational structure.
 Paano inaasign yung authority and responsibility.
-Kelangang maintindihan ng mga personnel yung objectives ng company and they contribute to those
objectives and kanilang accountability.
 And paano yung policies ng human resources and pratices
 Merong proper process of recruitment, orientation, training, evaluation, promotion, counseling,
compensation and remedial actions.
2. Entity’s risk assessment process- kelangan yung entity meron siyang risk assessment process. Pano niya
inaassess yung risk.
 Identify Business Risk
 Estimating the Significance of the Risks
 Assessing the likelihood of occurrence
 Decide the actions
3. Information system and communication- Paano niya ginagawa yung kanyang information system and paano
iya kinocommunicate yung mga information nay un.
-Pano shinishare yung information nay un within the entity, different departments, segments.

 Infrastructure (physical and hardware components)

  Software
 People
 Procedures
 Data
4. Control activities – yung mismong policies and procedures na inimplement niya.
-kung paano minomonitor yung buong internal control.
 Authorization
 Performance reviews
 Information Processing
 Physical Controls
 Segregation of duties- Kelangang I segregate and authorizing transactions, Recording transactions,
Custody of assets.