PART I - 3

INTERNAL CONTROL FRAMEWORKS,

STANDARDS AND GUIDELINES
• COSO INTERNAL CONTROL INTEGRATED FRAMEWORK (1992)

• INTERNATIONAL ORGANIZATION OF SUPREME AUDIT

INSTITUTIONS (INTOSAI) GUIDELINES FOR INTERNAL
CONTROL STANDARDS FOR THE PUBLIC SECTOR (2004)

• INTERNATIONAL PROFESSIONAL PRACTICES FRAMEWORK –

IIA (2017)

• COSO INTERNALCONTROL INTEGRATED FRAMEWORK (2013)

 
 INTERNAL CONTROL FRAMEWORKS,
STANDARDS AND GUIDELINES

• INTERNAL CONTROL STANDARDS FOR THE

PHILIPPINE PUBLIC SECTOR (ICSPPS) – 2018

• INTERNAL AUDITING STANDARDS FOR THE

PHILIPPINE PUBLIC SECTOR (IASPPS) - 2018
 
 INTERNAL CONTROL
INTEGRATED FRAMEWORK
(COSO 1992)
 INTERNAL CONTROL
OBJECTIVES

 EFFECTIVENESS AND EFFICIENCY OF

OPERATIONS

 RELIABILITY OF FINANCIAL AND

OPERATIONAL REPORTING

 COMPLIANCE WITH LAWS,

REGULATIONS AND CONTRACTS

 SAFEGUARDING OF ASSETS
1
FROM COSO INTERNAL CONTROL - INTEGRATED FRAMEWORK (1992)
INTERNAL CONTROL
COMPONENTS
 CONTROL ENVIRONMENT

 RISK ASSESSMENT

 CONTROL ACTIVITIES

 INFORMATION AND COMMUNICATION

 MONITORING
 THE COSO FRAMEWORKS
INTERNAL CONTROL ENTERPRISE-WIDE RISK
INTEGRATED FRAMEWORK MANAGEMENT(ERM)
FRAMEWORK

1. CONTROL ENVIRONMENT 1. INTERNAL ENVIRONMENT

2. RISK ASSESSMENT 2. OBJECTIVE SETTING
3. CONTROL ACTIVITIES 3. EVENT IDENTIFICATION
4. INFORMATION AND 4. RISK ASSESSMENT
COMMUNICATION 5. RISK RESPONSE
5. MONITORING 6. CONTROL ACTIVITIES
7. INFORMATION AND
COMMUNICATION
8. MONITORING
 Comparing IIA Scope of Work
and COSO Control Objectives
IIA Scope of Work COSO Control Objectives

Operations Reporting Compliance Safeguarding of

Assets
Financial and Operating √
Information
Compliance et al. √

Assets and Information √ √

Safeguarded
Resources used √ √
efficiently/economically
Operations/Programs √
Effective/Efficient
Introduction to the International Standards

The Standards are principles-focused, mandatory

requirements consisting of:
• Statements of basic requirements for the
professional practice of internal auditing and for
evaluating the effectiveness of performance,
which are internationally applicable at
organizational and individual levels.
• Interpretations, which clarify terms or concepts
within the Statements.
Introduction to the International Standards

Attribute Standards address the attributes of

organizations and individuals performing
internal auditing.

Performance Standards describe the nature of

internal auditing and provide quality criteria
against which the performance of these
services can be measured
 NATIONAL GUIDELINES ON
INTERNAL CONTROL
SYSTEMS
(PER DBM CIRCULAR LETTER NO. 2008-8
DATED OCTOBER 23, 2008)
 PURPOSES OF THE NGICS
• THE NGICS WILL SERVE AS A GUIDE
TO THE HEADS OF DEPARTMENTS
AND AGENCIES IN DESIGNING,
INSTALLING, IMPLEMENTING AND
MONITORING THEIR RESPECTIVE ICS
TAKING INTO CONSIDERATION THE
REQUIREMENTS OF THEIR
ORGANIZATION AND OPERATIONS.
 PURPOSES OF THE NGICS
• IT CAN STRENGTHEN ACCOUNTABILITY,
ENSURE ETHICAL, ECONOMICAL,
EFFICIENT AND EFFECTIVE OPERATIONS,
IMPROVE THE QUALITY AND QUANTITY
OF OUTPUTS AND OUTCOMES AND
ENABLE AGENCIES TO BETTER RESPOND
TO THE REQUIREMENTS OF THE PUBLIC
THEY SERVE.
 PURPOSES OF THE NGICS
• IT CAN ALSO HELP AGENCIES
REDESIGN THEIR ICS IF THE
COMMISSION ON AUDIT
(COA) DETERMINES THAT
THE SAME IS INADEQUATE.
 ADMINISTRATIVE ORDER NO. 70
SERIES OF 2003
• SEC. 2. CONDUCT OF INTERNAL AUDIT

4. The IAS shall conduct the audit in

conformity with International Standards for
the Professional Practice of Internal
Auditing.
 NATIONAL GUIDELINES ON
INTERNAL CONTROL SYSTEMS
(NGICS)
• 3.5.2 Separate Evaluation
Paragraph 4
The IAS provides assistance to the
Department Secretary or the governing body and
performs functions delegated by the head of
agency. Its auditees are not its customers; neither
the Department Secretary nor the governing body
is the auditor’s client. The Internal Audit Service
does not provide assurance nor consulting service.
 DEFINITION OF INTERNAL CONTROL11
“ A process, effected by an entity’s board of directors,
management and other personnel,” designed to
provide reasonable assurance regarding the
achievement of objectives in the following categories:
.
• Effectiveness and efficiency of operations.
• Reliability of Financial and Operational Reporting.
• Compliance with applicable laws, regulations and
contracts.
• Safeguarding of assets.

1
COSO Internal Control –Integrated Framework Definition (1992)
 DEFINITION OF INTERNAL CONTROL22
“ A process, effected by an entity’s board of directors,
management and other personnel,” designed to address
risks and to provide reasonable assurance that in the
pursuit of the entity’s mission, the following general
objectives are achieved:
.
• Executing orderly, ethical, economic, effective and
efficient operations.
• Fulfilling accountability obligations.
• Complying with applicable laws and regulations.
• Safeguarding resources against loss, misuse and
damage.
2
INTOSAI Guidelines for Internal Control Standards for Public Sector (2004)
 DEFINITION OF
INTERNAL AUDITING3
“AN INDEPENDENT AND OBJECTIVE
ASSURANCE AND CONSULTING ACTIVITY
DESIGNED TO ADD VALUE AND IMPROVE AN
ORGANIZATION’S OPERATIONS. IT HELPS AN
ORGANIZATION ACCOMPLISH ITS OBJECTIVES
BY BRINGING A SYSTEMATIC, DISCIPLINED
APPROACH TO EVALUATE AND IMPROVE THE
EFFECTIVENESS OF RISK MANAGEMENT,
CONTROL AND GOVERNANCE.

3
INTERNATIONAL PROFESSIONAL PRACTICES FRAMEWORK -IIA (1999)
 DEFINITION OF
INTERNAL AUDITING44
“THE EVALUATION OF MANAGEMENT
CONTROL AND OPERATIONS PERFORMANCE
AND THE DETERMINATION OF THE DEGREE OF
COMPLIANCE WITH LAWS, REGULATIONS,
MANAGERIAL POLICIES AND CONTRACTUAL
OBLIGATIONS. IT IS THE APPRAISAL OF THE
PLAN OF ORGANIZATION AND ALL THE
COORDINATE METHODS AND MEASURES TO
RECOMMEND COURSES OF ACTION ON ALL
MATTERS RELATING TO MANAGEMENT
CONTROL AND OPERATIONS AUDIT.
4
PHILIPPINE GOVERNMENT INTERNAL AUDIT MANUAL (2011), DEFINITION
IN “THE ADMINISTRATIVE CODE OF 1987” AND P.D. 1445
 INTERNAL CONTROL
OBJECTIVES
COSO INTOSAI
• EFFICIENCY AND • EXECUTING ORDERLY,
EFFECTIVENESS OF ETHICAL, ECONOMICAL,
OPERATIONS; EFFICIENT AND EFFECTIVE
OPERATIONS;
• RELIABILITY OF • FULFILLING
OPERATIONAL AND ACCOUNTABILITY
FINANCIAL REPORTING; OBLIGATIONS;
• COMPLIANCE WITH LAWS, • COMPLYING WITH
REGULATIONS AND APPLICABLE LAWS AND
CONTRACTS; REGULATIONS;
• SAFEGUARDING OF • SAFEGUARDING RESOURCES
ASSETS AGAINST LOSS, MISUSE AND
DAMAGE.
 INTERNAL CONTROL
COMPONENTS
COSO INTOSAI
1. CONTROL 1. CONTROL
ENVIRONMENT ENVIRONMENT
2. RISK ASSESSMENT 2. RISK ASSESSMENT
3. CONTROL 3. CONTROL
ACTIVITIES ACTIVITIES
4. INFORMATION AND 4. INFORMATION AND
COMMUNICATION COMMUNICATION
5. MONITORING 5. MONITORING
INSTITUTE OF INTERNAL AUDITORS
(IIA)

INTERNATIONAL STANDARDS
FOR THE PROFESSIONAL
PRACTICE OF INTERNAL
AUDITING (Standards)
INSTITUTE OF INTERNAL AUDITORS
(IIA)

INTERNATIONAL
PROFESSIONAL PRACTICES
FRAMEWORK (IPPF 2017)
Introduction to the International Standards

Internal auditing is conducted in diverse legal

and cultural environments; within organizations
that vary in purpose, size, complexity, and
structure; and by persons within or outside the
organization. While differences may affect the
practice of internal auditing in each
environment, conformance with The IIA’s
International Standards for the Professional
Practice of Internal Auditing (Standards) is
essential in meeting the responsibilities of
internal auditors and the internal audit activity.
Introduction to the International Standards
The purpose of the Standards is to:

1. Delineate basic principles that represent the

practice of internal auditing.
2. Provide a framework for performing and
promoting a broad range of value-added internal
auditing.
3. Establish the basis for the evaluation of internal
audit performance.
4. Foster improved organizational processes and
operations.
Introduction to the International Standards

The structure of the Standards:

Attribute Standards

Performance Standards
Introduction to the International Standards

The Standards are principles-focused, mandatory

requirements consisting of:
• Statements of basic requirements for the
professional practice of internal auditing and for
evaluating the effectiveness of performance,
which are internationally applicable at
organizational and individual levels.
• Interpretations, which clarify terms or concepts
within the Statements.
Introduction to the International Standards

Attribute Standards address the attributes of

organizations and individuals performing
internal auditing.

Performance Standards describe the nature

of internal auditing and provide quality
criteria against which the performance of
these services can be measured
Introduction to the International Standards

Assurance Services involve the internal

auditor’s objective assessment of
evidence to provide an independent
opinion or conclusions regarding an
entity, operation, function, process,
system, or other subject matter. The
nature and scope of the assurance
engagement are determined by the
internal auditor.
Introduction to the International Standards
There are generally three parties involved in
assurance services; (1) the person or group directly
involved with the entity, operation, function,
process, system, or other subject matter – the
process owner, (2) the person or group making the
assessment – the internal auditor, and (3) the persons
or group using the assessment – the user. Examples
may include financial, performance, compliance,
system security, and due diligence engagements.
Introduction to the International Standards

Consulting Services are advisory in

nature, and are generally performed at
the specific request of an engagement
client. The nature and scope of the
consulting engagement are subject to
the agreement with the engagement
client.
Introduction to the International Standards

Consulting services generally involve two

parties: (1) the person or group offering the
advice – the internal auditor, and (2) the person
or group seeking and receiving the advice – the
engagement client. When performing consulting
services the internal auditor should maintain
objectivity and not assume management
responsibility. Examples include counsel,
advice, facilitation, and training.
 INTERNAL CONTROL
INTEGRATED FRAMEWORK
(COSO 2013)
 COSO INTERNAL CONTROL
INTEGRATED FRAMEWORK (2013)
INTERNAL CONTROL
STANDARDS FOR THE
PHILIPPINE PUBLIC SECTOR
(ICSPPS) – 2018
The Philippine Internal Control
Framework is relevant and applicable to
all government agencies, the manner in
which management applies it will vary
widely with the nature of operations and
a number of agency specific factors.
These factors include:
 the organizational structure;
 risk profile;
 operating environment;
 size complexity;
 activities; and
 degree of regulation.
As it considers the agency’s specific
situation, management will make a series
of choices regarding the complexity of
processes and methodologies deployed to
apply the internal control framework
components.
INTERNAL AUDIT
STANDARDS FOR THE
PHILIPPINE PUBLIC SECTOR
(ICSPPS) – 2018
• MISSION

“TO ENHANCE AND PROTECT

ORGANIZATIONAL VALUE BY
PROVIDING RISK-BASED AND
OBJECTIVE ASSURANCE,
ADVICE AND INSIGHT.”
 CORE PRINCIPLES
• Demonstrates integrity;
• Demonstrates competence and due professional
care;
• Is objective and free from undue influence
(independence)
• Aligns with the strategies and objectives, risks of
the government agency;
• Is appropriately positioned and adequately
resourced;
 CORE PRINCIPLES
• Demonstrates quality and continuous
improvement;
• Communicates effectively;
• Provides risk-based assurance;
• Is insightful, proactive, and future-focused; and
• Promotes improvement of government
operations.
 Attribute Standards

• 1000 – 1010 Purpose, Authority and Responsibility

• 1100 – 1130 Independence and Objectivity
• 1200 – 1230 Proficiency and Due Professional Care
• 1300 – 1322 Quality Assurance and Improvement
Program
 Performance Standards

• 2000 – 2060 Managing the Internal Audit Activity

• 2100 – 2130 Nature of Work
• 2200 – 2230 Engagement Planning
• 2300 – 2340 Performing the Engagement
• 2400 – 2450 Communicating Results
• 2500 Monitoring Progress
• 2600 Communication the Acceptance of Risks