1.

what are the duties and responsibilities of the department head of Internal Audit Service of local government
unit in the Philippines

The duties and responsibilities of the department head of the Internal Audit Service (IAS) in a local government unit
(LGU) in the Philippines can vary depending on the specific LGU's organizational structure and policies. However,
there are certain common roles and responsibilities associated with this position, as outlined in the Local Government
Code of the Philippines (Republic Act No. 7160) and other relevant laws and regulations. Here are some of the typical
duties and responsibilities of the department head of the IAS in an LGU:

1. Establish and Maintain an Internal Audit Function: The department head is responsible for establishing
and maintaining an effective internal audit function within the LGU. This includes developing audit policies,
procedures, and standards in accordance with relevant laws and regulations.
2. Audit Planning and Execution: Develop annual audit plans that outline the scope and objectives of audit
activities. Execute these plans by conducting financial, operational, compliance, and performance audits of
LGU departments and programs.
3. Risk Assessment: Identify and assess the risks facing the LGU, both financial and non-financial. Develop
strategies and audit plans to mitigate these risks.
4. Financial Accountability: Ensure that financial transactions and records of the LGU comply with established
accounting principles and legal requirements. Detect and prevent fraud, mismanagement, and irregularities.
5. Compliance Verification: Verify compliance with laws, regulations, and policies, including procurement and
disbursement regulations. Ensure that government funds are used for authorized purposes.
6. Performance Audit: Evaluate the efficiency and effectiveness of LGU programs and projects. Recommend
improvements and cost-saving measures.
7. Report Generation: Prepare audit reports detailing findings, recommendations, and action plans. Submit
these reports to the LGU's governing body (e.g., Sanggunian Bayan or Sangguniang Panlungsod) and the
LGU's chief executive officer (e.g., Mayor).
8. Follow-Up and Monitoring: Monitor the implementation of audit recommendations and track progress on
corrective actions. Report on the status of recommendations to the governing body and management.
9. Capacity Building: Provide training and guidance to LGU staff on proper financial management, internal
controls, and compliance.
10. Independence and Objectivity: Maintain independence and objectivity in the audit process, free from undue
influence or interference.
11. Coordination: Collaborate with other LGU departments and units to facilitate the audit process and ensure
cooperation in addressing audit findings.
12. Documentation and Records Management: Maintain thorough documentation of audit workpapers, reports,
and correspondence. Safeguard sensitive and confidential information.
13. Professional Development: Stay updated on changes in auditing standards, laws, and regulations through
continuing education and professional development.
14. Ethical Conduct: Adhere to the highest ethical standards in conducting audits and handling sensitive
information.

Mandate
The Internal Audit Services (IAS) is mandated to conduct a separate evaluation or appraisal of internal control system
to determine whether controls are well designed and properly implemented. In the conduct of evaluation, the IAS shall
determine the extent of compliance and assess the adequacy of controls embedded in operating and support
systems/units, as well as evaluate the performance of programs, projects, and activities of the LGU.
Mission
To provide independent, effective, efficient and value adding Internal Audit Services designed to promote
transparency, accountability, efficiency and effectiveness of management and operations of the Provincial
Government for the citizens of Bataan.
Vision
A team of highly competent and multi-disciplinary auditors that provides innovation, integrity and quality audits
designed to add value and improve operations of Provincial Government of Bataan.

Duties and Functions

 1. Ascertain the reliability and integrity of financial and operational information and the means used to identify,
measure, classify, and report such information;
2. Ascertaining the extent of compliance and reviewing the systems established to ensure compliance with
government policies, plans, procedures, laws, and regulations that have an impact on the operations;
3. Ascertaining the extent to which the assets and other resources of the institutions are accounted for and
safeguarded from losses of all kinds;
4. Reviewing and evaluating the soundness, adequacy, and application of accounting, financial, and other
operating controls and promoting the most effective control at a reasonable cost;
5. Reviewing operations or programs to ascertain whether or not results are consistent with established
objectives and goals and whether or not such programs are being carried out as planned;
6. Evaluating the quality or performance of departments in carrying out their assigned responsibilities;
7. Recommending corrective actions on operational deficiencies observed;
8. Conduct whirlwind audit activities;
9. Tabulate feedback collected from internal and external clients of different PGB offices;
10. Monitor the PGB Feedback 360 platforms;
11. Monitor the Audit Observation Memorandums being issued by Commission on Audit to the PGB;
12. Perform such other related duties and responsibilities as may be assigned or delegated by the LCE or as may
be required by law;
13. Conducts the Workforce Requirement Assessments for different offices seeking additional manpower or
replacement of resigned employees; and
14. Performs other tasks as assigned.

IAS Performs the Following Responsibilities:

 MANAGEMENT AUDIT
Audit the effectiveness of LGU’s internal controls adopted in the operating and support service units/systems
to determine whether or not they achieve the control objectives over a period of time or as of a specific date.
 OPERATIONS AUDIT
Audit the LGU’s operations and processes, including the efficiency and effectiveness of its programs and
services, to identify opportunities for improvement.
 COMPLIANCE AUDIT
Audit the LGU’s compliance with laws, regulations, and policies, including procurement and financial
management policies.

Objective
•Risk assessment is a key requirement of the planning phase of an audit.

•We perform risk assessment procedures to obtain an understanding of the entity and its environment, including the
entity’s controls, to identify and assess the risks of material misstatement, whether due to error or fraud, at the
financial statement and relevant assertion levels, which aids us in designing further audit procedures.

•The objective of this presentation is to provide an overview of the risk assessment process as it relates to the planning
of the audit.

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an
organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Audit risk (also referred to as residual risk) as per ISA 200 refers to the risk that the auditor expresses an
inappropriate opinion when the financial statements are materiality misstated. This risk is composed of:

 Inherent risk (IR), the risk involved in the nature of business or transaction. Example, transactions
involving exchange of cash may have higher IR than transactions involving settlement by cheques. The
term inherent risk may have other definitions in other contexts.;[1]
 Control risk (CR), the risk that a misstatement may not be prevented or detected and corrected due to
weakness in the entity's internal control mechanism. Example, control risk assessment may be higher in
an entity where separation of duties is not well defined; and
 Detection risk (DR), the probability that the auditing procedures may fail to detect existence of a material
error or fraud. Detection risk may be due to sampling error or non-sampling error.[2]
Audit risk can be calculated as:
AR = IR × CR × DR

The components of audit risk are illustrated below,

where the cloud represents the accounting system
and the rain drops are misstatements. The
likelihood of misstatements occurring is inherent
risk. The probability that internal controls (1st
umbrella) may not prevent or detect misstatements
is control risk. The probability that audit
procedures (2nd umbrella) may not detect material
misstatements is detection risk. The probability
that the financial statements may include material
misstatements is audit risk.

Risk-Based Audit Approach

The audit risk model provides a risk-based audit
approach to assess the risks of material
misstatement to determine the scope of audit
procedures to perform. Higher risk areas would
require more audit work as compared to lower risk
areas.

Risks of Material Misstatement and Detection Risk

In the risk model, audit risk (AR) is usually set at a low level of 5% (i.e. 95% confidence that the financial statements
do not contain any material misstatements). The auditor assesses the risks of material misstatement (inherent and
control risks) and then solves the model for detection risk.

Detection risk is inversely related to the risks of material misstatement. For example, when the inherent and control
risks are assessed as High (IR=100%, CR=80%), the detection risk would need to be Low (DR=6%) to ensure that
audit risk is kept at a low level. This would increase the assurance required from substantive tests.

Alternatively, when the inherent and control risks are assessed as Low (IR=40%, CR=25%), a higher level of detection
risk (DR=50%) is acceptable while maintaining audit risk at a low level. This would reduce the assurance required
from substantive tests.

The degree of assurance (%) is the confidence level and can be used in statistical sampling to calculate the sample size
for substantive tests. The sample size is determined using statistical sampling tables or audit software

Quantitative Audit Risk Matrix

An alternate form of the audit risk model is the “Audit Risk Matrix“, where IR (x-axis) and CR (y-axis) are assessed
as Low, Moderate or High and each rating is assigned a risk percentage¹. The combination of IR x CR in the risk
matrix determines the level of RMM, i.e. if IR=High and CR=Low, then RMM=Moderate (25%). Therefore, DR=20%
(.05/.25) and the substantive assurance required is 80% (100% – DR).
Internal controls can serve two purposes: to protect a business from accounting fraud, asset loss, or similar financial
reporting failures; and to assure that the business meets its regulatory compliance obligations.

An audit evaluates the accuracy of a company’s financial statements and the effectiveness of its internal control
system to identify control weaknesses. In addition, audits typically include some form of substantive testing, which
tests for risks of material misstatements and errors. These substantive audit procedures review, test, and analyze a
company’s financial records.

Substantive testing is an audit that looks for flaws in financial records. These tests are required to prove that a
company’s financial records are comprehensive, valid, and accurate. It’s an important concept in audits and internal
control, so in this post we’ll explore all its related issues.

What Is Substantive Testing?

Substantive testing is the phase of an audit where the auditor gathers samples to identify any material misstatements in
the client’s accounting records or other data. This is required to verify that a company’s financial records are
complete, relevant, and accurate.

Substantive audit procedures prove that each material assertion in the financial statements is true. That said, tests may
also reveal monetary errors or misstatements in the recording or presentation of transactions and balances.
Substantive testing is performed according to Generally Accepted Auditing Standards (GAAS). These standards
require the auditor to understand the relevant audit controls and to assess whether those controls effectively prevent
(or at least detect and correct) material misstatements that may appear in the financial statements.

The Goal of Substantive Testing

The main goals of substantive testing is to provide reasonable assurance about the validity and correctness of financial
reporting or to identify material misstatements. Substantive procedures are therefore designed to obtain audit
evidence about the completeness, accuracy, and validity of the data produced by the accounting system.

Types of Substantive Tests

There are three types of substantive tests, explained below.

 Analytical procedures. Substantive analytical procedures compare several financial and operational data sets
to examine whether trends and relationships are consistent. These techniques are intended to alert you to
potential issues with your financial records, which you can then investigate further.
 Test of details of transactions. A test of transactions focuses on the individual transactions that make up an
account balance. This test of details is done to check for the accuracy of the financial statement transactions.
Auditors typically choose a sample to test whether the details match the transaction recorded in a company’s
books.
 Tests of details of balances. A test of balances is done to check whether any material misstatement exists in
the balances of the financial statements’ accounts. This test of details tries to demonstrate that the tests of
control and the substantive tests related to transactions are all reasonable.

Best Practices for Substantive Testing

The auditor determines the tests’ nature, scope, and timing to assure that they meet an acceptable level of risk
detection.

 Nature. This relates to the efficacy and type of audit procedure an auditor uses based on whatever level of risk
is acceptable. The lower your risk level is, the more expensive and extensive your audit procedures will be.
Conversely, the procedures are less expensive (and less effective) when the acceptable level of risk is higher.
 Extent. This is the quantity of evidence an auditor gathers, depending on how much substantive testing is
conducted. Procedures requiring more tests and larger sample sizes are frequently needed when acceptable
risk is low. When your risk levels are high, processes require fewer tests and smaller sample sizes.
 Timing. This relates to how the timing of an audit event might change due to the acceptable risk level. For
example, the auditor may perform audits in the middle of the month if controls are solid and the expected
level of risk identification is minimal. Conversely, the auditor may audit closer to month- or year-end if the
expected risk is high.

What Is Control Testing?

Control testing is an audit procedure used to determine whether internal controls effectively prevent or discover
material misstatements at the appropriate assertion level.

Control tests determine whether a policy or practice is well-designed to prevent or detect significant misstatements in
a financial statement. The operating effectiveness of controls focuses on three questions: how is the control applied, is
it consistently applied during the year, and who applies it?

The Goal of Control Testing

Control testing’s ultimate goal is to evaluate the performance of the internal control system to improve the
organization’s operations, financial reporting, and compliance.
With these objectives in mind, an auditor uses several evaluation techniques to understand control procedures. For
example, using a risk-based approach to audit testing, an auditor can focus on areas where risk is most likely to occur,
identify problems, and recommend improving the control effectiveness.

Types of Control Tests

 Concurrent test. The auditor tests the understanding of a process to check the effectiveness of the control
policy or practice. These tests are performed based on the discretion of the auditor. For example, auditors may
inquire about the budgeting system to verify users’ familiarity with the processes.
 Planned test of control. An auditor will look for evidence of proper and consistent application of control
policies and procedures throughout the audited year.

Best Practices for Control Testing

The following best practices can help you test controls more effectively.

 Prioritize testing of controls. Large organizations routinely have hundreds or even thousands of documented
controls. For each control under consideration, determine its effect on the organization to determine the nature
and frequency of testing. In addition, consider the specific regulations or compliance standards that the
organization must follow, such as the Sarbanes-Oxley Act (SOX) or General Data Protection Regulation
(GDPR). Requirements for these standards will often guide the testing process and determine which controls
to test first.
 Design an appropriate test for each control. The nature of the control often determines the testing approach.
For example, if the organization relies on controls to mitigate significant risks, you should test those controls
more frequently. You may also evaluate the design of the control before testing its operation.
 Documenting and tracking identified problems. An essential aspect of control testing is quickly remedying
issues encountered during testing. Always check corrections by rerunning the test program after allowing time
for the remediation to verify that all problems have been resolved.

How Do the Main Objectives of Tests of Controls and Substantive Procedures Differ?
When we talk about control tests, we refer to audit procedures that verify the operating effectiveness of controls
related to preventing or detecting material misstatements. That is not the same as substantive testing, which (as we
described above) is a phase in the audit process to determine the fairness of financial information.

For objectives, control testing evaluates the performance of the internal controls that govern the accounting system. At
the same time, substantive testing provides sufficient appropriate audit evidence on the completeness, accuracy, and
validity of the actual data produced by the accounting system.

Control testing is completed before substantive testing, and results from control testing will influence the scope of
substantive testing. For example, if an auditor determines that an organization’s controls are weak, he or she may
recommend more thorough substantive testing. In this sense, we can say that the procedures are different but related.

While each procedure has its purpose in audits, both audit techniques are essential for the risk management of internal
controls of a business.

What Are Substantive Procedures?

Substantive procedures refer to the audit tests or methods auditors use to assess your business’s financial statements.
These procedures aim to provide conclusive evidence for verifying the completeness, accuracy, existence, occurrence,
measurement, and valuation (audit assertions) of the financial records of your business.

The primary objective behind performing substantive procedures is to assure that there are no material misstatements
in your company’s financial records and that all the relevant information is correctly disclosed. These procedures
include the following activities:
  Testing the applicable classes of transactions, account balances, and disclosures;
 Reconciling the financial statements and accompanying notes to the underlying accounting records;
 Evaluating material journal entries and other adjustments made during the preparation of the financial
statements;
 Making inquiries about any suspicious transactions.

What Are Examples of Substantive Analytical Procedures?

Substantive analytical procedures use plausible relationships to evaluate the numbers in financial statements. For
example, an auditor may expect payroll to be 30 percent of total expenses simply because you have seen that ratio in
the past.

Based on that plausible relationship (the percentage of payroll to total expenses) the auditors can then search for and
create evidence by using percentages and comparisons to the prior year.

Another way to think of it: numbers usually behave in specific ways, so an auditor can use these relationships to form
audit opinions when reviewing your company’s financial statements.

Here are some common examples of substantive analytical procedures:

 To test occurrence, the auditor can compare monthly sales of the current year to the previous year. He or she
can also compare the percentage of expenses to sales for the current year with that of the prior year.
 To test cut-off, the auditor can compare profit margins from the last few months of the audit period to those
after the period-end.
 To test solvency and going concern, the auditor can compare the current ratio to that of the previous year.
 To test accuracy and occurrence, the auditor can compare the current year’s profit margins with those of the
previous period.
 To test the completeness and accuracy of pension or post-employment benefit plans, the auditor can
divide the actual value of plan assets by the actual accrued liability and compare it to the prior year.
 To test the financial strength and going concern of an entity, the auditor can divide the total debt by the
total assets and compare it to the prior year.
 To test inventory existence and occurrence, the auditor can divide the cost of goods sold by the average
inventory and compare it to the prior year.