Internal

Control

Internal control

refers to
the plan of organization and all the
coordinated methods and measures
adopted within an organization or
agency to safeguard assets, check the
accuracy
and
reliability
of
its
accounting data, and encourage
adherence to prescribed managerial
policies. Section 123 of PD No. 1455, as
amended

1. To safeguard the assets of the

firm.
2. To ensure the accuracy and
reliability of
accounting records and
information.
3. To promote efficient, effective,
and
economical
in
the
firms
operations.
4.
To comply with laws and
regulations.
5. To measure adherence with

Modifying
Assumptions
Limitations
Exposures and Risk
Reasonable Assurance
Management
Responsibility
Methods of Data
Processing

Limitatio
possibility of
ns The
s
Circumvention

Management override
Changing conditions

Modifying
Assumptions
Limitations
Exposures and Risk
Reasonable Assurance
Management
Responsibility
Methods of Data
Processing

Reasonable
no system of internal control is perfect
Assurance
and the cost of achieving improved
control should not outweigh the benefits
brought by the internal control system

Modifying
Assumptions
Limitations
Exposures and Risk
Reasonable Assurance
Management
Responsibility
Methods of Data
Processing

Management Responsibility
Management utilizes internal
control to regulate and guide
the firms operations.

Modifying
Assumptions
Limitations
Exposures and Risk
Reasonable Assurance
Management
Responsibility
Methods of Data
Processing

Methods of Data
Processing
Internal control should
achieve the objectives
regardless of the data
processing method used.

Modifying
Assumptions
Limitations
Exposures and Risk
Reasonable Assurance
Management
Responsibility
Methods of Data
Processing

Exposures and Risks

(undesirable events)
Attempts at unauthorized access to the
firms assets.
Fraud perpetuated by persons inside and
outside of the firm.
Errors due to employee incompetence.
Faulty computer programs and
corrupted input data.
Mischievous acts by hackers and threats
from other computer viruses.

Exposures and
Risks
(undesirable events)

Absence or weakness of
control
Destruction of
assets
Theft of assets
Corruption of
information or the
information
system
Disruption of the
information

Levels of control (PDC Control)

1.

Preventive Controls

These are passive techniques

designed to reduce the frequency
of
occurrence
of
undesirable
events.

First line of defense in the control

structure.

2.

Detective Controls

These
are
the
devices,
techniques,
and
procedures
designed to identify and expose
undesirable events that elude
preventive controls.

Second line of defense in the control

structure.

3.

Corrective Controls
These are actions taken to
reverse the effects of errors
detected in the previous step.

Detective control &

corrective control have
an important
distinction between
them.

Components
of
Internal
Control

Control
Environment
Risk
Assessment

Monitoring
Control Activities

Information
and
Communication

Control Environment

Elements
of Control
It integrates
all Environment
internal control system which impacts on its structural an
Integrity
and ethical
values of management
operational
framework.
Structure of organization
It sets the tone for the organization and influences the control awarenes
Participation of the organization s board of directors and
Of its management and employees.
audit committee
Managements philosophy and operating style
Procedures for delegating responsibility and authority
Managemnts method for assessing performance
External influences, such as examinations by regulatory agencies
The organizations policies and practices fro managing its human resources

Components
of
Internal
Control

Control
Environment
Risk
Assessment

Monitoring
Control Activities

Information
and
Communication

Risk Assessment
Risk can
change
from circumstances
such as:
It arise
is theor
overall
process
of risk
Adoption
of a new accounting
principle
thattomay impact
identification,
analysis and
evaluation
operations,
ascertain existing and potential risks and
The introduction
of appropriate
new productresponse
lines or activities
with which
determine the
that
themay
organization
little experience,
affect thehas
successful
achievement of
Significant
rapid growth that strains existing internal controls,etc.
agencyand
objectives.

(in simpler terms) It is the process in

which organizations identify, analyze, and
manage risks relevant to financial
reporting.

Risk Identification This refers to the identification of opportunities

and threats to the achievement of the control
objectives.
Risk Analysis

This is the systematic use of information to

identify sources and to estimate the risk

Risk Evaluation

This is the process of evaluating the

significance of the risk and assessing the
likelihood of its occurrence.

Components
of
Internal
Control

Control
Environment
Risk
Assessment

Monitoring
Control Activities

Information
and
Communication

Information and Communication

Information and communication are vital in
attaining the control objectives. They go hand
in hand and cut across all other internal
control components. Relevant information
must be communicated throughout the
agency, as well as to its network of
organizations and sectors.
An effective Accounting information system will:
Identify and record all valid financial transactions
Provide timely information about the transactions in
sufficient detail to permit proper classification and
financial reporting
Accurately measure the financial value of
transactions so their effects can be recorded in the
financial statements
Accurately record transactions in time period in
which they control

Components
of
Internal
Control

Control
Environment
Risk
Assessment

Monitoring
Control Activities

Information
and
Communication

Monitoring
The process by which the quality of
internal control design and operation can
be assessed.
This may be accomplished by separate
procedures or by ongoing activities.
Ongoing
monitoring
occurs in the course of
operations. It is built into the
normal, recurring activities of
an agency and in all its units.
It is performed regularly and
on
a
real-time
basis,
responds
dynamically
to
changing conditions and is
embedded in an agencys
operation. It is aimed at
ensuring that controls are
functioning as intended and
that
they
are
modified

Specific separate
evaluations cover the
evaluation of the
effectiveness of the
internal control system
and ensure that internal
controls achieve the
desired results based on
predefined methods and
procedures.

Components
of
Internal
Control

Control
Environment
Risk
Assessment

Monitoring
Control Activities

Information
and
Communication

Control Activities
These are the policies and procedures
used to ensure that appropriate actions
are taken to deal with the organizations
identified tasks.

Categories of Control Activities

Control Activities

IT Controls

Physical Controls

IT Controls

They relate specifically to the computer environment.

Two broad groups:
1. General Controls pertain to entity-wide
concerns such as control over data center,
organization databases, systems
development, and program maintenance.
2. Application Control ensure integrity of
specific
systems such as sales order
processing, accounts
payable, and payroll
applications.

Physical Controls

They relate primarily to the human activities

employed in accounting systems. These activities
could be purely manual or they may involve the
physical use of computers to record transactions or
Objectives of Segregation of
update accounts.
Duties
tegories of Physical Control ActivitiesSegregation of duties involve
Accounting
records
consist
of
Access
ensure
that
Supervision
is often
called
the
division
ofthe
the
keyaonly
duties
1. controls
To
separate
authorization
Transaction
1. Transaction Authorization
journals,
ledgers,
and
source
authorized
personnel
have
access
compensating
control
as it
forAuthorization
a responsibilities
transaction
from
the
and
among
ensures
2. Segregation of Duties
documents.
These
capture
the
to
the
firms
assets.
Hence,
access
processing
of the
transaction.
compensates
the
absence
of
different
people
to
that all
material
economic
essence
of reduce the
3. Supervision
Independent
verification
procedures
controls
play
ancontrol.
important
role This
in
segregation
of
risk
of
error
or
fraud.
transactions
processed
transactions
and
provide
an
4. Accounting records
2. To the
separate
the responsibility
assess:
achieving
first
objective:
includes
separating
the
by
the
information
audit
trail
of
economic
for
the
custody
of
the
assets
Verification
procedures
are
5. Access Control
1.safeguarding
theassignment
performance
individuals
assets.
resources.
ofofvalid
responsibilities
system
are
and in
from
the
record-keeping
independent
checks
of the
accounting
2. Comparing
physical
assets
with
6. Independent Verification
for
processing,
reviewing,
accordance
with
the
responsibility.

system
to identify errors
and
accounting
recording,
custody
and
managements
misinterpretations.
records
3.objectives
To structure the organization
approval/authorization
of
3. Reconciling
subsidiary
accounts
such that
successful fraud
would
certain
transactions.
with control
require collusion between two or
more
individuals
with
accounts
incompatible
responsibilities.
4. Reviewing
management
reports ,
both