INTERNAL CONTROL SYSTEM OF

THE PHILIPPINE GOVERNMENT

Mr. Franz Martin S. Callano, LPT, MAEd
Doctorand, Cebu Normal University
DEFINITION OF INTERNAL CONTROL
• Internal control refers to the plan of organization and all the coordinated methods
and measures adopted within an organization or agency to safeguard its assets,
check the accuracy and reliability of its accounting data, and encourage adherence
to prescribed managerial policies (Section 123 of Presidential Decree No. 1445, as
amended).
• This legal definition is supplemented by the policy that “all resources of the
government shall be managed, expended or utilized in accordance with law and
regulations and safeguarded against loss or wastage through illegal or improper
disposition to ensure efficiency, economy and effectiveness in the operations of
government. The responsibility to take care that such policy is faithfully adhered
to, rests directly with the chief or head of the government agency concerned“
(Section 1, Chapter 1, Subtitle B, Book V of the Administrative Code of 1987).
DEFINITION OF INTERNAL CONTROL
• The Philippines’ internal control standards is complemented by prevailing international
best practices such as the Guidelines for Internal Control Standards for the Public Sector
issued by the INTOSAI (International Organization of Supreme Audit Institutions).
The INTOSAI Guidelines provide a framework for internal control in the public sector
against which internal control can be evaluated. The framework does not limit or interfere
with the duly granted authority related to the legislative, rule-making, or other
discretionary policy-making powers of an organization.
• The INTOSAI defines internal control as “an integral process that is effected by an entity’s
management and personnel, and is designed to address risks…”. It provides reasonable
assurance that in pursuit of the entity's mission, the following general objectives are
achieved:
• Executing orderly, ethical, economical, efficient and effective operations
• Fulfilling accountability obligations
• Complying with applicable laws and regulations
• Safeguarding resources against loss, misuse and damage
LEGAL BASES
• Philippine Constitution of 1987
• Administrative Code of 1987
• Presidential Decree (PD) 1445, s. 1978
• Administrative Order (AO) No. 119, s. 1989
• Memorandum Order No. 277, s. 1990
• Article 9 (Public Procurement and Management of Public Finances), Chapter II (Preventive
Measures) of the United Nations Convention Against Corruption
RESPONSIBILITY FOR INTERNAL CONTROL
• Section 124 of PD 1445 – it shall be direct responsibility of agency head to install,
implement and monitor sound system of internal control
• Section 1, Chapter 1, Subtitle B, Book V of the Administrative Code of 1987 – all
resources of govt shall be managed, expended or utilized in accordance with law and
regulations and safeguarded against loss or wastage through illegal or improper
disposition to ensure efficiency, economy and effectiveness in govt operations;
responsibility to take care such policy is faithfully adhered to rests directly with chief or
head of agency concerned
• Section 1 of AO 119 dated March 29, 1989 – responsibility for fiscal operations of
offices and agencies of govt to reside primarily with respective Heads of each office,
agency, GOCC and LGU; each and every office, agency, corporation and local government
unit is mandated to strengthen its ICS and/or organize systems and procedures in
coordination with DBM
IC in a Nutshell
• The heads of the government agencies are responsible for ensuring that all resources
entrusted to them are managed and utilized properly and effectively. Thus, the agencies
must set up robust internal controls and establish internal audit functions.
• Internal control and internal audit have been enshrined in Philippine laws since the
1960s. In recent times, the DBM, together with partner-agencies, has been putting flesh
and bone to the policy for internal control and internal audit, through:
• The National Guidelines on Internal Control Systems (NGICs), issued in 2008, which
provide guidance to agency heads in strengthening their internal controls
• The Philippine Government Internal Audit Manual (PGIAM), issued in 2011, which
assists agencies in establishing their internal audit functions
• Initiatives since 2010 that focus on creating awareness and capacitating the
bureaucracy for NGICS and PGIAM, and in setting up internal audit services or units
(IAS/IAU) in agencies.
IC in a Nutshell
• The 2016 PEFA (Public Expenditure and Financial Accountability) assessment notes that
key indicators pertaining to the strength of internal controls have improved. The potential
of internal controls and internal audit as good governance tools can further be actualized
through the following:
• DBM’s current updating of generic manuals on controls pertaining to human resource
management, quality management, and risk management systems
• The scaling up of the PFM (Public Financial Management) Certificate Program to include
internal control and internal audit, and the establishment of means to assess the impact
of trainings conducted
• The government’s measurements of the baseline strength of the agencies’ internal
controls and internal audit
• The newly established the Office of the Comptroller General in the DBM, aimed at
strengthening its oversight function on the agencies’ internal control and internal audit
systems
OBJECTIVES OF INTERNAL CONTROL
• In fulfilling its mandates and mission, an agency must consider and achieve as
well the separate but interrelated general objectives of internal control.
• That public office is a public trust demands that a higher set of general
objectives be established, a step beyond the internal control practices that
prevail in private sector organizations. Hence, internal control in the public
sector must conform to five (5) general objectives:
• Safeguard assets
• Check accuracy and reliability of accounting data
• Ensure economical, efficient and effective operations
• Comply with laws and regulations
• Adhere to managerial policies
COMPONENTS OF INTERNAL CONTROL

Internal Control Framework

COMPONENTS OF INTERNAL CONTROL
• Control environment - the scope and coverage of an organization’s internal control
system which impacts on its structural and operational framework. It integrates all
internal control components, elements and features to influence the direction and
shape of an agency’s strategies and outcomes. This component constitutes essential
internal and external aspects, including the organizational structure, coordinated
methods and measures, discipline, attitudes, and managerial policies.
• Risk assessment - overall process of risk identification, analysis and evaluation to
ascertain existing and potential risks and determine the appropriate response that
may affect the successful achievement of agency objectives. It is the basis for
determining how those risks should be managed, to assess the relative susceptibility
of agencies to uncertainties due to internal and external opportunities and threats,
conscious or unintended abuse, misuse of resources, errors or factors which could
affect operational efficiency.
COMPONENTS OF INTERNAL CONTROL
• Control Activities - are the policies and procedures established to address risks and
to achieve the entity’s objectives. Control activities must be appropriate, cost effective,
comprehensive, reasonable and directly relate to the control objectives and the
agency mission. Appropriate means that the control activity is in the right place and
is commensurate to the risk involved. Cost effective means the cost of
implementation of the control activity should not outweigh its benefits.
Comprehensive and reasonable means that the control activity directly relates to the
control objectives. Finally, the control activities should be doable and function
consistent with the design or plan. Implementation of control activities form part of
the control environment.
• Information and Communication - Information and communication are vital in
attaining the control objectives. They go hand in hand and cut across all other internal
control components. Relevant information must be communicated throughout the
agency, as well as to its network of organizations and sectors.
COMPONENTS OF INTERNAL CONTROL
• Monitoring of Internal Control - Monitoring internal control systems is
aimed at ensuring that controls are operating as intended and that they are
modified appropriately for changes in conditions. Monitoring should also
assess whether, in pursuit of an agency’s mission, the general objectives of
internal control are being achieved.
• Ongoing Monitoring – built into normal, recurring activities of agency/units;
performed regularly and on real-time basis, responds dynamically to changing
conditions and embedded in agency’s operation
• Separate Evaluation – covers evaluation of effectiveness of ICS to ensure that
internal controls achieve desired results based on predefined methods and
procedures
BENEFITS OF A STRONG ICS
• Stronger accountability
• Economical, efficient, effective and ethical, (4 Es) operations
• Improved ability to address risks to achieve general control objectives
• Better systems of responding to needs of citizens
• Better quality of outputs and outcomes
• Effective governance
ELEMENTS OF INTERNAL CONTROL
• Plan of Organization - This comprises the organizational structure and the staffing
complement that enable an organization to carry out its functions. This plan defines
and distributes powers, functions and responsibilities to various units and personnel in
an organization to enable the various parts to meet the overall objectives (Section
38(a), Title 2, GAAM Volume III).
• Coordinated Methods and Measures - Coordinated methods and measures are the
“systems of authorization, policies, standards, accounting systems and procedures and
reports used by the agency to control its operations and resources and enable the
various units to meet its objectives” (Section 38(b), Title 2, GAAM Volume III). These
include systems and work processes integral to the operations of an agency and
consistently applied by all units in the public service. These procedures or activities are
implemented in order to achieve the control objectives of safeguarding resources,
ensuring the accuracy of data and enabling adherence to laws, policies, rules and
regulations.
Sample of Control Methods and Measures
• Delegation of authority and supervision
• Segregationof functions for processing, reviewing, approval,
recording and custody
• Access to resources and records
• Completeness and integrity of transaction documents and reports
• Verification of transactions
• Reconciliation of records and data
CONCEPT OF INTERNAL CONTROL
• Internal Control as an Integral Process
• Series of actions that occur throughout entity’s operations on
ongoing basis (NGICS, p. 8)
• Built in rather than built on (INTOSAI Guidelines for Internal
Control Standards for the Public Sector)
• Not stand alone or separate specialized systems within agency
(Sec. 33, Title 2, GAAM Volume III)
CONCEPT OF INTERNAL CONTROL
• Internal Control is Management Control
• Utilized by management to regulate and guide operations (NGICS,
p. 9)
• Helps managers achieve desired results through effective
stewardship of public resources
LIMITATIONS OF INTERNAL CONTROL
• Provide reasonable – NOT ABSOLUTE – assurance to management
• Can be influenced by outside factors which affect ability to meet
objectives
• Limitations – error of judgement, negligence, fatigue, attitude
INTERNAL AUDIT
• Evaluation of management controls and operations performance
• Determination of degree of compliance with laws, regulations,
managerial policies, accountability measures, ethical standards and
contractual obligations
• Involves appraisal of plan of organization and all coordinated
methods and measures
PHILIPPINE GOVERNMENT INTERNAL AUDIT MANUAL
• Assist agencies in establishing internal audit function
• Guide internal auditors review agencies’ compliance with laws and
policies and performance against agreed-upon objectives,
measures and targets
• Two parts:
• PART I (Guidelines) – outlines basic concepts and principles of internal audit,
and policies and standards to guide agencies in organizing, managing and
conducting effective internal audit.
• PART II (Practices) - contains user-friendly tools, techniques and approaches
to facilitate the conduct of internal audit activities; serves as a tool kit for
Internal Auditors in performance of functions
PHILIPPINE GOVERNMENT INTERNAL AUDIT MANUAL

PGIAM revised 2020

LEGAL BASES FOR INTERNAL AUDIT
• RA 3456 (Internal Auditing Act of 1962), as amended by RA No. 4177 – first
mandated creation of Internal Audit Service (IAS)
• PD 1 - abolished IAS but functions were merged with Management Division (MD)
of Financial and Management Service (FMS) of departments
• Administrative Code of 1987 – re-established IAS in DPWH, included internal
audit function under DOF-CFMO
• AO 119, s. 1989 – mandated government entities to strengthen their ICS and
organize systems and procedures in coordination with DBM
• MO 277, s. 1990 – directed DBM to promulgate necessary rules, regulations and
circulars for strengthening ICS of government agencies, GOCCs and LGUs
• AO 278, s. 1992 & AO 70, s. 2003 – provided authority for creation of IAS and its
functions, duties and activities
LEGAL BASES FOR INTERNAL AUDIT
• DBM Budget Circular 2004-4 – highlighted policy guidelines in organization,
staffing of IAS
• DBM-CSC Joint Resolution No. 1, s. 2006 – provided for creation of IAS/IAU
with its functions in line with EO 366
• DBM Circular Letter No. 2008-5 – provided guidelines in organization of IAS
and clarified its functions, and rank and salary grade of head of IAS
• DBM Circular Letter No. 2008-8 – provided that IAS to be composed of (1)
Management Audit Division and (2) Operations Audit Division
FUNCTION OF IAS/IAU
• Advise DS/HoA or Governing Body/Audit Committee on matters relating to
management control and operations audits
• Conduct management and operations audits of Dept/Agency/GOCC/GFI
functions, programs, projects, activities with outputs, and determine degree of
compliance with mandate, policies, government regulations, established
objectives, systems and procedures/processes and contractual obligations
• Review and appraise systems and procedures, organizational structures, asset
management practices, financial and management records, reports and
performance standards of department proper, bureaus and regional offices
• Analyze and evaluate management deficiencies and assist top management by
recommending realistic courses of action (what not how)
Which Agencies May Organize IAS/IAU?
• Departments
• Agencies attached to a department for policy and program coordination
• GOCCs (Government-Owned and Controlled Corporations) and GFIs
(Government Financial Institutions)
Organization of IAS
• Service–level headed by a Director IV in Departments
• With 2 Divisions:
• Management Audit Division – evaluate achievement of control objectives to
include safeguarding of assets, checking accuracy and reliability of
accounting data, adherence to managerial policies, compliance with laws,
rules and regulations
• Operations Audit Division – evaluate extent of compliance and ascertain
effective, efficient, ethical and economical execution of operations
TYPES OF AUDIT
• Compliance audit – evaluation of degree of adherence with laws,
regulations, managerial policies and operating procedures,
including compliance with accountability measures and ethical
standards and contractual obligations
• Management audit – evaluation of effectiveness of ICs adopted in
operating and support services units/systems, determine whether it
achieves control objective over specific period of time; review and
appraisal of systems and processes, organizational structure and
staffing, operations and management practices, records, reports
and performance standards of agencies/units covered
TYPES OF AUDIT
• Operations audit – evaluation of outcome, output, process and
input to determine whether government operations, including
management and personnel structure in programs/projects are
effective, efficient, ethical and economical; organization, programs,
and projects involves an evaluation of whether or not expected
results were achieved and targets were attained.
Compliance Audit Flow Diagram
Management Audit Flow Diagram
Operations Audit Flow Diagram
Sample Internal Control/Internal Audit
• Report of Cash Collections and Deposits was only signed by the
Collecting Officer and not by the Chief of the Cash Unit
• File of Order of Payment by Cash Unit is incomplete
• Official
receipts listed in Report of Cash Collections and Deposits
are not sequential
• No policy to safeguard issuance of checks such as prohibition of
signing of checks in advance and maintenance of file of names and
specimen signatures or initials of persons authorized to approve
transactions
• Separationof cash custodian and signing of checks functions was
not observed
Sample Internal Control/Internal Audit
• Cash reports are prepared monthly instead of daily as required by
COA
• No periodic training on cash management control, cash flow and
other relevant trainings being provided to personnel concerned
• No policy on rotation of staff in Cash Unit
COMMISSION ON AUDIT
• The Commission on Audit (COA) is the
Philippines' Supreme State Audit Institution. The
Philippine Constitution declares its
independence as a constitutional office, grants it
powers to audit all accounts pertaining to all
government revenues and expenditures/uses of
government resources and to prescribe
accounting and auditing rules, gives it exclusive
authority to define the scope and techniques for
its audits, and prohibits the legislation of any law
which would limit its audit coverage.
MANDATE OF COA
• The Commission on Audit shall have the power, authority, and duty to examine,
audit, and settle all accounts pertaining to the revenue and receipts of, and
expenditures or uses of funds and property, owned or held in trust by, or
pertaining to, the Government, or any of its subdivisions, agencies, or
instrumentalities, including government-owned or controlled corporations with
original charters, and on a post-audit basis:
• Constitutional bodies, commissions and offices that have been granted fiscal
autonomy under the Constitution;
• Autonomous state colleges and universities;
• Other government-owned or controlled corporations and their subsidiaries; and
• Such non-governmental entities receiving subsidy or equity, directly or indirectly,
from or through the Government, which are required by law or the granting
institution to submit to such audit as a condition of subsidy or equity.
THE ROLE OF COA IN THE ASSESSMENT OF THE INTERNAL
CONTROL SYSTEM
• The Constitution, as well as the Administrative Code of 1987 provides that, “where the
internal control system of the audited agencies is inadequate, the COA or the
Commission on Audit may adopt such measures, including temporary or special pre-
audit, as necessary and appropriate to correct the deficiencies.
• When then could one say that an internal control system is inadequate. Title 2, Volume
III of the GAAM deals with the internal control system and provides the guidelines. It
was clarified that these guidelines are not mandatory. They are advisory, suggested or
recommended guidelines. As such, it is still the primary responsibility of the head of
the agency to install, implement and monitor an adequate system of internal control,
which includes internal auditing. Relatedly, therefore, the COA assesses the adequacy
of the internal control system and may adopt measures that are deemed necessary
and appropriate to correct the deficiencies of such system.
Functions Related to Internal Control Among the Operating/Implementing Units,
Management Division/Management Unit (MD/MU) and Internal Audit Service/Internal
Audit Unit (IAS/IAU)

Management
Operating/
Reference Divisions/Management IAS/IAU
Implementing Units
Units
• Performance review and • Review whether internal • Appraise whether
improvement of controls are applied at all controls are well
operations, processes levels within and across designed and properly
and activities the agency and sector implemented;
Nature and
• Compliance review and • Recommend measures • Determine the
Purpose of Review
improvement of for management adequacy of internal
operations, processes improvement. control or whether it is
and activities. achieving the
objectives.
Functions Related to Internal Control Among the Operating/Implementing Units,
Management Division/Management Unit (MD/MU) and Internal Audit Service/Internal
Audit Unit (IAS/IAU)

Management
Operating/
Reference Divisions/Management IAS/IAU
Implementing Units
Units
• Performance is reviewed on a • Organizational structure, • Management audit and
regular basis. If actual operations performance
accomplishments do not meet
manpower, and
audit to determine the
established objectives or operations; extent of compliance
standards, the processes and • Existing methods, • Depends primarily on the
activities established to
systems and assessment of the risks, the
achieve the objectives should
Scope, Coverage be reviewed to determine if procedures/processes; effectiveness of the on-
and Frequency • On-going and recurring going monitoring, and the
improvements are needed
Operations, processes and adequacy of internal control
• activities. • Takes place “after the fact”
activities are periodically
reviewed to ensure that they and covers a complete cycle
are in compliance with current of operations to determine
regulations, policies, processes the control effectiveness
and other requirements. over a specific time
Functions Related to Internal Control Among the Operating/Implementing Units,
Management Division/Management Unit (MD/MU) and Internal Audit Service/Internal
Audit Unit (IAS/IAU)

Management
Operating/
Reference Divisions/Management IAS/IAU
Implementing Units
Units
• Institute process • Report management review • Submit an Internal Audit
results to the Financial & Report to the Head of
improvements to meet
Management Service (FMS) Agency or the Audit
objectives or standards Committee of the Governing
Head
to achieve efficiency Board;
• Submit recommendations
and effectiveness in for management
• Advise the Department
Secretary or the Audit
operations improvement to the FMS
Actions To Be Committee of the Governing
• Institute process Head, as necessary Board on all matters relating
Taken improvements to • Conduct trainings on the to management control and
achieve compliance application of operations audit;
with regulations, improvements; • Analyze and evaluate
• Provide staff supervision management deficiencies
policies, procedures and and assist top management
over the implementation of
other requirements. by recommending realistic
management
courses of action.
improvements.
REFERENCES
• Internal Control System. Retrieved at
https://pagba.com/wp-content/uploads/2014/09/Strengthening-of-Internal-Contr
ol-.
pdf
• National Guidelines on Internal Control Systems. Retrieved at
https://www.dbm.gov.ph/wp-content/uploads/SPIB-ICIA/3.%20NGICS.pdf
• Internal Control Executive Summary. Retrieved at https://
www.dbm.gov.ph/wp-content/uploads/Executive%20Summary/2016/Internal%20C
ontrol.pdf

• Philippine Government Internal Audit Manual. Retrieved at https://

www.dbm.gov.ph/wp-content/uploads/2012/03/PGIAM.pdf
• Commission on Audit. Retrieved at https://lawphil.net/administ/coa/coa.html
• Commission on Audit Mandate. Retrieved at https://