The mission statement should guide the actions of the organization, spell out its overall goal, provide

a path, and guide decision-making. It provides "the framework or context within which the company's strategies are formulated." Strategic Plans and SWOT Analysis Strategic plans may look similar because they regularly start with development of a company vision or mission and stated objectives. The company vision and objectives describe what a company will strive to resemble and under what guiding principles it will operate. From these principles, a company analyzes what it does right and what internal challenges it faces in seeking growth. A SWOT analysis could uncover weakness in business policy or processes or the strength of the company marketing objectives. The opportunities and threats are the external factors Examples are a promising new product or negative forces such as foreign competitors that stand in the way of reaching for overseas markets. A company forges goals and a plan of action based on the initial mission statements and a recognition of internal and external factors. Vision Planning Vision planning is the basic template for a strategic plan. A vision plan is more broad-based and can be implemented by companies new to the strategic planning process. Vision planning closely mirrors a standard business goal-setting process: A company creates a vision statement, sets overall objectives, performs a strategic assessments such as a SWOT analysis, lists stated goals, implements a plan to reach the goals and then regularly monitors the goals long the way. The vision planning process yields to a longer term focus, aligning goals and specific planning to time frames that are often years into the future. Scenario Planning Scenario planning relies heavily on a SWOT analysis to determine opportunities and threats and develops strategic plans based on the most probable occurrences. For example, if a company has a strategic vision to develop products to market internationally, a stated objective would be to develop plans for entering a specific overseas market. After a SWOT analysis, the company chooses a specific country but finds that several competitors with similar products have entered that market recently. The company then develops plans to challenge the competitors, researching aggressive marketing efforts in order to introduce a new product that could challenge competitors successfully. In scenario planning, the vision and objectives narrow in focus to address the most pressing threats or the most promising opportunities. Issues Planning Issues planning focuses even more narrowly, addressing one specific challenge an organization faces. Issues planning still utilizes a strategic analysis, but the resulting plan often focuses on internal strengths and weaknesses as opposed to external opportunities or threats. An example would be a smaller organization that is facing the departure of a member of senior management. The organization needs to determine how this departure will affect future direction and develop a plan for either maintaining the current course or setting a new vision statement and objectives. 1.3 IT Organization, Roles and Responsibilities, and Processes Print friendly Email or share Modified January 10, 2012 The IT organization must be defined by considering the requirements of the primary organization it serves. Its placement within the overall structure should be considered based on the scope and breadth of services it is expected to provide to the organization. The organization should have a reporting structure that incorporates IT into planning and decision making at the leadership level. The CIO should be a regular contributing member of the executive leadership team in order to participate in relevant decision processes of the stakeholder groups in order to adequately anticipate technology resource needs, offer advice on technology enabled opportunities, and respond to emergent requirements. Decisions about staffing levels, skills, functions, accountability, authority, and supervision should be derived from these expectations. 1.3.1 Organization 1.3.1.1 Organizational Placement of the IT Function The CIO should be placed in the overall organizational structure based on the scope and breadth of services the IT unit is expected to provide to the organization. In many complex organizations, a matrix reporting relationship among the most senior executive staff under is not unusual. In smaller and less complex organizations, such hierarchies

may not be necessary and a direct reporting relationship to the CEO is feasible. The important point is that it should not matter to whom the CIO reports, as long as the position is adequately incorporated into the organizations leadership team decision-making processes. It is also important to distinguish between the role of the CIO and the most senior centralized line management function of the centralized IT function (VP, Director, etc.) Regardless of whether the IT functions are managed in a highly centralized or decentralized manner, the role of the CIO must be recognized as that of the Chief Information (technology) Officer. The responsibilities and authority of this role should span any direct reporting structures and cross over organizational boundaries to encompass any and all IT functions of the organization, so that the CIO is responsible for the organizations total IT footprint as it relates to policy, compliance, security, and risk management of IT-enabled functions regardless of any decentralized line management of departmental IT functions. 1.3.1.2 Management Structure Decisions about the appropriate balance of a centralized vs. decentralized resource pool of staffing and budget resources is directly related to the expectations of the organization. The centralized IT organization structure must be defined by considering the requirements of the primary organization it serves. 1.3.1.3 IT Continuous Improvement Expectations As with all administrative and educational support functions in higher education organizations, the Commission on Colleges expects units to engage in systematic planning and assessment processes to assure institutional effectiveness [See SACS Core Requirement 3.3. Processes for planning, assessing, and improving services must be documented. IT processes and services should be periodically and systematically assessed for effectiveness, and opportunities for improvement should be incorporated into the planning process and implemented over time. 1.3.2 IT System Ownership and Responsibilities Shared governance between a service provider and their customers requires that roles and responsibilities be established and communicated across the organization to appropriately define who is responsible for what. At the highest level, every IT application and service should have an Executive Sponsor identified. This individual should be the senior person in the organization who cares whether the application or service is operable and who champions its use to provide business and/or educational value to the organization. For most infrastructure services, such as the local area network, the CIO is that Executive Sponsor. For most business and educational support systems, the CxO to whom the support function reports is normally the Executive Sponsor. This designation is usually heavily dependent on the organizational structure. Executive Sponsors should appoint a functionally responsible designee as a primary liaison between the IT service unit and the customers served by the system or service provided by IT. For instance, the VP of Enrollment Management, who is the Executive Sponsor for the Banner Student Information System, might appoint the Registrar as the day-today functional liaison between customers of Enrollment Management and IT for provisioning of services and support for the tool. The information technology (IT) department in most corporations today faces a phenomenon that can be compared to an IT black hole or an IT investment paradox. While investments in IT have been steadily growing in the last two decades, business sponsors often have a question: Are the benefits/returns from the IT investments as high as initially expected? As a business discipline, IT has become crucial to most organizations for achieving their business goals as well as differentiating the company from the competition (see Figure 1). Achieving market leadership is increasingly a function of getting the right data inputs from the field, interpreting the raw data and passing this value-added information to the strategic decision- makers. The quality of business intelligence decides the fate of many organizations. If companies are to survive and prosper in today's competitive environment, the corporate IT portfolio-planning function needs to plan IT initiatives strategically. They must use performance measures that are derived from the overall strategies of their business. Figure 1: Role of IT in the Enterprise Overview of the Balanced Scorecard

Historically, performance measurement systems for most businesses have been financial in nature. However, in many business situations, financial indicators don't tell the entire story. Comparing two companies with similar financial situations but in completely different market environments could be disastrous. The originators of the balanced scorecard concept, Robert S. Kaplan and David Norton, saw the necessity for a framework to obtain and implement feedback on the effectiveness of any company's strategies within the organization. They coined the term "balanced scorecard" in a series of articles for the Harvard Business Review in the mid- 1990s. Instead of focusing solely on a company's financial goal, this tool requires decision-makers to consider the impact of strategic decisions on staff, customers and the organization's function. More specifically, the balanced scorecard model offers a way for a corporation to gain a wider perspective on its strategic decisions by considering the impact on finances, customers, internal processes and employee learning. The analysis takes into account financial and nonfinancial measures, internal improvements, past outcomes and ongoing requirements as indications of future performance. To measure success in organizational performance, you must view the organization from the following perspectives: Customer perspective Financial perspective Internal business process perspective Learning and growth perspective The four perspectives should contain measures that have a unity of purpose directed toward achieving an integrated business strategy for the organization. Every measure selected should be part of a link of cause-and- effect relationships, ending in financial objectives that ultimately affect the growth of the organization. A well-defined scorecard should contain a good mix of outcome measures (or long-term targets) along with performance drivers to track the progress in the short term. Usually, outcome measures are generic in nature (e.g., employee productivity, user satisfaction) and are lagging indicators. In contrast, performance drivers are usually company-specific measures that reveal the effectiveness of the company strategy. A word of caution here in spite of capturing multiple perspectives, the balanced scorecard must still retain a strong emphasis on financial outcomes if the tool is to be accepted by senior management. In fact, according to Kaplan and Norton, if a company's improved operation performance fails to get converted into overall improved financial performance, the managers responsible for the balanced scorecard should rethink the company's strategy or its implementation plans. Utilizing the Balanced Scorecard in the IT Environment Let us now examine how the balanced scorecard can be successfully applied in the IT department of any business organization. Typically, the IT department can use the balanced scorecard approach to assess the impact of the organization's business strategy (e.g., entering a new business line or product category) on the existing IT portfolio. It can further determine how the IT organization can align itself to support the organization's overall objectives. Alternatively, IT could use the scorecard tool to track its own departmental initiatives, such as how moving to a different hardware platform would affect the department's processes, budget, training requirements and the user groups it serves within the corporation. IT departments can apply the balanced scorecard to help keep their business-focused initiatives on track with the overall business plan of the enterprise. In fact, leading- edge IT solutions in the e-commerce, customer relationship management (CRM), supply chain management or data warehousing/decision support software (DSS) areas will be accepted into the corporate world only when viewed as enablers of the overall business plan of the traditional enterprise. IT managers developing a balanced scorecard for their projects should take the following steps to develop measurable goals in each of the model's four areas of concern (see Figure 2): Figure 2: Overview of the Information Management Scorecard Financial Contribution: Determine the overall business value of the IT department after weighing the overall cost of an IT project against the benefits it will deliver. Customer Focus: Consider the impact of IT projects on the customers of information.

Operational Excellence: Define the core internal processes of the IT department that determine operational excellence. Organization Maturity: Determine whether the organization promotes learning and growth among employees to meet future technology challenges. For example, in the customer perspective, the following measures can be considered as performance drivers for the IT scorecard: System availability Responsiveness on development requests Timely delivery of new applications Similarly, the IT department may invest significantly in employee training in order to boost overall department productivity. Top managers in IT cannot measure whether their overall strategy is effective without tracking both actual training days as a performance driver measure, as well as the outcome measures in the form of employee productivity (e.g., function points). Implementing the Information Management Scorecard Figure 3 depicts a typical information management (IM) scorecard. During the initial stage, the IM scorecard is a shared vision for a corporate IT strategy that the entire organization is trying to achieve. It is a shared strategic framework used for sharing best practices that facilitate synergies across the organization. Figure 3: Example of an Information Management Scorecard However, the shared vision is only the starting point because organizations can benefit only when the strategic initiatives identified in the scorecard are implemented by the IT organization. Companies need to begin by identifying the strategic initiatives that focus on: Continuous improvement programs (e.g., improving software process maturity, improving data quality, etc.) Reengineering and transformation programs (e.g., introduction of new software packages, major application redesign, etc.) These strategic initiatives will close the gap between ambitious plans set forth in the scorecard and the current performance levels in the organization. The cause-and-effect relationships between the various measures in the IM scorecard enable the organization to embark on a strategic learning process. While implementing the scorecard in the organization, the strategic feedback and learning process is a critical factor in determining the success of the IT initiatives in the organization. Ultimately, the strategic feedback/learning mechanism helps the organization adapt the information management strategy to emerging conditions in the business environment (see Figure 4). Figure 4: Role of Feedback/Learning Process in Scorecard Initiatives The IM scorecard objectives should be communicated throughout the IT department in order to maximize employee commitment. In addition, individual objectives of IT employees should be linked to the IM scorecard for maximum effectiveness because often individuals in different parts of the organization cannot understand how their individual pieces fit together. Understanding the correlation between two or more measures enhances cross-functional systems thinking for individual managers across divisions and could lead to further performance improvements. To achieve long-term success, the IM scorecard must be integrated with other management systems/monitoring mechanisms in the IT organization. During the capital budgeting process, IT managers should use the IM scorecard as a key mechanism for tracking progress on strategic initiatives. IT portfolio planning should also include corrective steps identified from the IM scorecard to ensure alignment of future investments and discretionary spending plans with company-wide priorities.

DATA BASE MANAGEMENT SYSTEM The audit of DBMS creates particular problems as the two principal CAATs , test data and audit software , tend to work unsatisfactorily on programs and files contained within such system. The auditor may, however, be able to use embedded audit facilities . Close liaison with the internal auditor may provide audit comfort. The auditors should if possible be involved at the evaluation, design and development stages, so that they are able to determine their audit requirements and identify control problems before implementation.

46. SMALL COMPUTER SYSTEM Control problems in small computer systems The problems surrounding PCs can be grouped as ; Lack of planning over the acquisition and use of PCs; Lack of documentary evidence ; Lack of security and confidentiality . 47. COMPUTER FRAUD Input fraud : Processing fraud; Fraudulent use of computer system; Output fraud; 48. FACTORS- RISK TO COMPUTER FRAUD Increase in computer literacy Communications e.g. telephone and PCs and hackers Reduction of internal Improvements in quality of software and increase in implementation of good software has not kept pace with improvements in hard ware 49. COUNTERACT COMPUTER FRAUD Planned approach to counteract computer fraud. All staff should be properly trained and should fully appreciate their role in computer function Management policy on fraud should be clear and firm A study should be carried to examine where the company is exposed to possible fraud A company should map out

an approach or plan in each area of the business to tackle and prevent fraud. 50. CONTROLS TO PREVENT COMPUTER FRAUDS As with a control system, three areas to examine are; prevention, detection and correction Access to the computer terminals and other parts of the computer should be restricted Access to sensitive areas of the system should be logged and monitored Errors logs and reports should be monitored and investigated on regular basis Staff recruitment should include careful vetting ,include taking up all references Expert systems software may be used to monitor unusual transactions 51. DEVELOPMENTS IN COMPUTERIZED ENVIRONMENT Many auditors are now finding their clients conducting business through the internet . As always, the principle audit concern , will be controls over the use of the internet and the strength of audit evidence obtained through the internet

CIRCULAR 2009-001 T O : All Heads of Departments, Bureaus, Offices, Agencies and Instrumentalities of the National Government, Heads of Local Government Units, Managing Heads of Government-Owned and/or Controlled Corporations and their Subsidiaries, COA Assistant Commissioners, COA Directors, COA Auditors, Technical Audit Specialists, and All Others Concerned. Restatement with amendment of COA Circular 87-278 and COA Memorandum 2005-027 re: submission of copy of government contracts, purchase orders and their supporting documents to the Commission on Audit

SUBJECT:

1.0

RATIONALE 1.1 Under Commission on Audit Circular Nos. 76-34 and 87-278, the audited agencies are required to furnish the Auditor with a copy of perfected contracts and purchase orders within five (5) working days upon approval together with the supporting documents for review. To facilitate the review and evaluation process, particularly on the technical aspects, COA Memorandum No. 91-704 was issued and was later restated and updated by COA Memorandum No. 2005-027, defining the documentary and information requirements, and providing therein the checklists for all types of technical evaluation covered by the memorandum. These issuances notwithstanding, it has been observed that management's submission of copies of perfected contracts and supporting documents within the prescribed period had not been complied with and is, at times, lacking in basic supporting documents. In view of these circumstances and the irregularities discovered in government contracts, it has become imperative to reiterate the submission of the requirements to implement a systematic and effective review process with a view of generating timely and relevant audit results.

1.2

2.0

COVERAGE 2.1 This circular shall cover all contracts, purchase orders and the like, entered into by any government agency irrespective of amount involved.

3.0

SUBMISSION AND REVIEW PROCESS 3.1 Contracts 3.1.1 Within five (5) working days from the execution of a contract by the government or any of its subdivisions, agencies or instrumentalities, including government-owned and controlled corporations and their subsidiaries, a copy of said contract and each of all the documents forming part thereof by reference or incorporation shall be furnished to the Auditor of the agency concerned. In case of agencies audited on an engagement basis, submission of a copy of the contract and its supporting documents shall be to the Auditor of the mother agency or parent company, as the case may be. 3.1.2. The copies of documents required to be submitted shall include but not limited to the following: a. b. c. d. e. f. g. h. i. j. k. 1. m. n. o. p. q. r. s. t. u. v. 3.1.3 3.1.4 Invitation to Apply for Eligibility and to Bid; Letter of Intent; Eligibility Documents and Eligibility Data Sheet; Eligibility Requirements; Results of Eligibility Check/Screening; Bidding Documents (Sec. 17.1, IRR-A, RA 9184); Minutes of Pre-bid Conference, if applicable; Agenda and/or Supplemental Bid Bulletins, if any; Bidders Technical and Financial Proposals; Minutes of Bid Opening; Abstract of Bids; Post Qualification Report of Technical Working Group; BAC Resolution declaring winning bidder; Notice of Post Qualification; BAC Resolution recommending approval; Notice of Award; Contract Agreement; Performance Security; Program of Work and Detailed Estimates; Certificate of Availability of Funds, Obligation Request; Notice to Proceed Such other documents peculiar to the contract and/or to the mode of procurement and considered necessary in the auditorial review and in the technical evaluation thereof.

For technical review purposes, submission of contracts and their supporting documents shall furthermore be guided by the specific documentary requirements outlined in the attached checklist marked as Annexes A to T of this circular. The Auditor shall review the contract within a period ranging from five (5) to twenty (20) working days from receipt, depending

on the complexity of the contract. The auditorial review shall consist in the evaluation of compliance with the requirements of applicable laws, rules and regulations, completeness of documentary requirements and an initial evaluation that the contractual covenants are not disadvantageous to the government. Without waiting for the lapse of the period herein established, the Auditor concerned shall call the immediate attention of management regarding defects and deficiencies noted in the contract and suggest such corrective measures as are appropriate and warranted. Where the defect or deficiency is not susceptible of rectification and renders the contract totally or partially void, the head of the agency shall be notified within twenty-four (24) hours from such determination indicating the reasons therein. 3.1.5 Within five (5) working days after the auditorial review, the Auditor shall forward th`e contract and its supporting documents for technical review to the Technical Audit Specialist (TAS) assigned in the auditing unit/cluster or to the Regional Technical Services Office (RTSO), as the case may be, accompanied by the relevant checklist of documentary requirements mentioned in item 3.1.3 hereof The TAS shall complete the technical review thereof as follows: Contract Amount P5 million and below Above P5 million up to P20 million Above P20 million 3.1.7 Period 5 working days 14 working days 21 working days

3.1.6

The procedures and timelines herein outlined shall also apply to supplementary contracts, variation orders and the like.

3.2 Purchase Orders 3.2.1 A copy of any purchase order irrespective of amount, and each and every supporting document, shall, within five (5) working days from issuance thereof, be submitted to the Auditor concerned. Within the same period, the Auditor shall review and point out to management defects and/or deficiencies, if any, in the same manner provided in the second and third sentences of item 3.1.4 hereof In case of doubt as to the reasonableness of the price of the items purchased, the Auditor shall conduct a canvass thereof making use of price references provided, among others, by legitimate suppliers, the Procurement Service, the Technical Services Office, other government agencies with similar procurement and those posted in the internet.

3.2.2

4.0

PENALTY CLAUSE 4.1 Any unjustified failure of the officials and employees concerned to comply with the requirements herein imposed shall be subject to the administrative disciplinary action provided in (a) Section 127 of Presidential Decree No. 1445; (b) Section 55, Title I-B, Book V of the Revised Administrative Code of 1987; and (c) Section 11 of Republic Act No. 6713. Upon receipt of information or discovery by the auditor of such failure by management to comply with the required submission, an Audit Observation Memorandum shall be issued by him calling the attention of the latter, and requesting compliance, else the transactions covered by the unsubmitted documents be suspended in audit and the penalty prescribed by law under 4.1 be enforced.

4.2

5.0

REPEALING CLAUSE All COA circulars and memoranda inconsistent herewith are hereby revoked, amended or modified accordingly. EFFECTIVITY This circular shall take effect 15 days after its publication in two (2) newspapers of general circulation in the Philippines.

6.0

REGISTRY OF PUBLIC INFRASTRUCTURES (RPI) INSTRUCTIONS A. This form shall be accomplished as follows:

1. 2. 3. 4. 5. 6. 7. 8.
C. D. E. F.

LGU name of the province/city/municipality Name of Public Infrastructure name of public infrastructure classified as Highways, Roads, Bridges, Sea Walls, etc. Sheet No. sheet/page number Date date of the Journal Entry Voucher (JEV) or date of the document which is used as basis of entry in the Registry JEV No. assigned JEV No. Description specifications such as length, type and other information related to the infrastructures Location exact location such as Barangay, Municipality and Province/City Amount cost of the public infrastructure when it was transferred from Regular Agency books based on the JEV

B. This Registry shall be used to record through a memorandum entry the cost of public infrastructure transferred from the Agency books. In case the public infrastructures are destroyed due to fortuitous events, the said infrastructures shall be dropped from the Registry The dropping of said infrastructures shall be recorded through a memorandum entry. At year-end, it shall be footed. The total amount shall be posted directly to the Summary. It shall be maintained by the Accounting Unit and kept in a perpetual manner. No new sheet shall be prepared unless the preceding one is used up.

COA Technical Audit Specialists hold first national convention; Speaker Villar is guest

The Technical Audit Specialist (TAS) of the Commission on Audit will hold their first national convention on May 24-25, 2000 with House Speaker Manuel B. Villar, Jr. as Guest of Honor and Keynote Speaker. The theme of the convention which will be held at the DAP Convention Center in Tagaytay City, is "COA Technical Audit Specialists -- Facing the Challenges of the New Millennium." COA Chairman Celso D. Gangan and Commissioners Raul C. Flores and Emmanuel M. Dalman; Cavite Governor Ramon Revilla, Jr. and Tagaytay City Mayor Francis Tolentino will also grace the convention's opening ceremonies. Speaker Villar is expected to call upon COA's technical auditors to formulate new policies and programs that will help further improve the national fiscal situation; continue their partnership with the national government in nation-building; and sustain their interest in initiating economically and socially relevant activities. Aimed at keeping the Technical Services Office abreast with the latest in technologies and industry practices relative to its functions as COA's technical arm, the convention will be participated in by TSO's 350 selected Technical Audit Specialist from the COA central and regional offices. COA-TSO Director Marieta SF Acorda, chair of the convention steering committee, said the convention will also serve as a fitting venue fir the discussion of various issues that have to be addressed to achieve uniformity in the procedures and in the application of rules and regulations relative to technical evaluation and audit of government projects and expenditures. The affair will also feature the launching of the Philippine Association of Technical Audit Specialist (PATAS), TSO Assistant Director and steering committee vice chairperson Elizabeth Zosa said.