2. Possible Mgmt.

Manipulation
Internal Control - Circumvention of Controls
- override procedures
MODERN DAY BUSINESSES - Ex: UAAP Tix
Characteristics 3. Collusion (“Sabwatan”)
1. Large – conglomerates - concealing a wrongful act
2. Diversified – SM food, retail, property, hotels - based on incompatible function (has
3. Complex Transactions – due to acct standards opportunity to commit fraud and conceal it)
4. Highly competitive industry - Ex: custodian & accountant
5. Stricter Regulation – to avoid scandals 4. Mistakes in Judgment
6. Large liabilities w/ stringent conditions by creditors - errors in judgment
7. Globalized – multinational 5. Human Factor
- errors due to collusion, carelessness, fatigue
DEFINITION OF INTERNAL CONTROL or misunderstanding of instructions
6. Projection Risk
 “An entity’s internal control structure consists of the
- obsolescence of IC system due to evolving
policies and procedures established to provide
- what was effective before may not be
reasonable assurance that specific entity
effective for the future
objectives will be achieved.”
Bottomline: There is no perfect IC structure.
 provides reasonable assurance, not absolute
assurance
INTERNAL CONTROL STRUCTURE ELEMENTS
 to minimize the risk of material misstatement
Control Environment
OBJECTIVES OF INTERNAL CONTROL
1. To promote efficiency in operations
- avoid defects, spoilage, etc.
2. To encourage adherence to managerial policies
3. To check accuracy & reliability of financial reports
- auditor wants to see what affects FS
4. To safeguard assets CONTROL ENVIRONMENT
- avoid theft of cash, inventory  “tone at the top”
 umbrella that connects all other elements
Administration Control Accounting Control (1 & 2)  has a collective impact: if control envi is effective,
“comprise the plan of org. and the rest are also effective
“include, but are not limited to the procedures and records  the culture, attitude and awareness of mgmt. and
the plan of org. and that are concerned w the
those charged w/ governance of IC
procedures and records that safeguarding of assets and the
are concerned w the decision reliability of financial records  Factors contributing to effectiveness of the control
process leading to mgmt’s and consequently are envi:
authorization of transactions.” designed to provide 1. Mgmt. Philosophy and Operating Style
reasonable assurance that: - Philosophy: reflects the mgmt.’s attitude
1. To promote operational
3. To check accuracy & reliability concerning controls
efficiency - eg: committed leadership, personality of the indiv
of financial reports
2. To encourage adherence to
managerial policies
4. To safeguard assets (charismatic, authoritative)
By hiring qualified employees, By executing transactions w - Operating Style: reflects the mgmt.’s attitude
customers receive high-qual given specific/general toward taking business risks; aggressive or
goods, seminars/workshops, authorization, access to assets passive on meeting objectives
control over sales activities. only w/ mgmt.’s authorization - eg: if aggressive in meeting target of twice sales
increase, may result in control override or
BASIC CONCEPTS OF INTERNAL CONTROL collusion just to meet this goal
- eg: if passive in meeting target, may lead to lax
MANAGEMENT RESPONSIBILITIES employees or net loss
 in charge of effective IC as to setting up and 2. Organizational Structure
maintaining an effective IC system - relationship, lines of authority and scopes of
 Auditor needs to IC to understand, assess and responsibilities of org. units
evaluate the NTE of procedures - why is this necessary for auditors? to know who
to report to, to find out incompatible functions
REASONABLE ASSURANCE - Types of Incompatible Functions:
 Cost-Benefit consideration a. Authorization (who approves & who executes)
 Cost of IC should not exceed the benefits expected b. Execution (who issues checks & who purchases inv)
c. Recording (who issues checks & who records)
INHERENT LIMITATION OF INTERNAL CONTROL d. Custody (who receives inventory & who keeps inv)
1. Cost-Benefit Consideration - Solid line: direct; Dotted line: indirect; No line: X
 of account balances that are to be used for
financial and managerial reporting.
3. Functioning of the Audit Committee  the business process related to the financial
- Audit Committee: composed of members of the reporting system – accounting to record, process
board who are not officers of the entity helps the and report business transactions and events
board in discharging its responsibilities
particularly in overseeing accounting & financial II. CONTROL ACTIVITIES
reporting policies and practices  An entity may have a very strong or effective
- Independent view of the company control envi and an adequate accounting system
- appoints auditor, puntahan ng auditor, calls and yet, its internal control structure does not
attention of mgmt., safeguards the auditor operate effectively.
- Ineffectiveness/Lack may adversely affect the  Control Procedures:
control envi 1. Assurance that only authorized transactions are
4. Methods of Assigning Authority & Responsibility executed.
- proper assignment of authority and responsibility - authorization of transactions must come from
is achieved through a clear organizational BOD
structure w proper delegation - routine decisions re. operations may be
- there should be strict compliance w code of delegated to mgmt.
conducts that deal w business practices and A. General Authorization
conflicts of interest o pertains to any transaction that conforms to
- eg: Specific job descriptions to clarify different a specified condition
responsibilities w/in the entity B. Specific Authorization
5. Mgmt. Control Methods o pertains to a single/specific transaction
- relate to frequent evaluation of entity’s - Authorizations are issued by the proper officer
performance whether they are hitting targets acting w/in his/her scope of authority.
- Responsibility Centers: - The transactions executed complied w terms of
a. Cost Center: purchasing, legal, HR authorization.
b. Revenue Center: achieve objective of - Validity of the transactions recorded in the FS
company, more revenue may depend if an officer acted w/in authority.
c. Profit Center: both revenue & cost - Authority is normally referred in board resos & by
d. Investment Center: revenue, cost, profit, any reading job responsibility
asset 2. Appropriate segregation of functional duties.
- Tools: budgets, key performance indicators, - limit the opportunities for fraudulent act
mission and vision, balance scorecard - no person should have control of two or more
- Management Control Systems: functional responsibilities
o Define responsibility centers responsible for - Incompatible Functions: a person can commit an
specific targets irregularity and conceal it, thus functions must be
o Establish methods to measure actual delegated to different persons
performance & variances from planned a. Authorization
performance (e.g. monthly reporting) - based on general or specific authority
o Investigate variances & take corrective action - must come from BOD first; routine decisions
6. Personnel Policies & Practices on ope may be delegated to mgmt.
- objectives of IC are achieved based on - refer to board reso or job responsibility
competence and integrity of personnel b. Execution
- Auditor’s way to appraise the quality of client - ensure that transactions are executed w/in
personnel’s work to observe their work. bounds of given authority
1) Forced vacation/leave – to know irregularities - steps: authorization, initiation, approval,
2) Annual personal rotation – change of branch execution and recording
3) Bonding of employees in trust position – c. Recording
insurance against loss from dishonest employees - record transactions as they aspire
(usually high positions) - only properly approved & executed should
7. Various External Influences be recorded
- impact of gov’t regulation on entity’s operations - risk of recording fictitious transactions if
- stricter gov’t regulation, more effective IC there is no system of proper approval &
- non-observance may lead to criminal/civil execution
offense, ipasara, payment of fees d. Custody
- maintenance of records of accountabilities
I. INFORMATION & COMMUNICATION for assets and a periodical recon w actual
 Accounting system is the form, records, assets
procedures and devices used to process and - eg. petty cash custodian for PCF, monthly
record transactions resulting in the accumulation PCF count
 - periodic reconciliation to determine - What can be the cause of the discrepancy?
accountability cs. actual assets in custory How to resolve errors or irregularities noted
(monthly PCF cound) during the monitoring process?
- system of investigating & resolving Factors that affect the frequency of monitoring?
discrepancies - ex: presence of internal audit function, to avoid
3. Adequate documents and records to help ensure opportunity to conceal the irregularity committed,
proper recording of transactions and events. system of corrective measures should be there
- Accurate and reliable financial reporting depends,
to a large extent, on the adequacy of documents
and other acct records.
- Transactions are initially recorded in source
documents. As transaction occurs, proper INTERNAL CONTROL IN SMALL BUSINESS
document should be prepared to reflect the  Disadvantage: not have enough number of
nature & authorization. employees to effect proper segregation of duties &
- to efficiently indicate that the transactions responsibilities
followed standard procedures  Owner’s active participation in managing the
- Audit Trail business’ affairs can help mitigate the risk of
o physical documents present in a particular irregularities
transaction  Risk of loss caused by irregularities can be
o source document  acct records  FS eliminated if the owner is doing all the work, though
- Auditors determine whether audit trail is complete it is impractical most of the time.
by reviewing the policy manuals in authorizing,
executing and recording. CONSIDERING INTERNAL CONTROL
- Chart of Accounts IN A FINANCIAL STATEMENT AUDIT
o complete list of accounts used by the entity  Misstatement
& informative details like account o error or irregularity that either individually or
code/number, account description, how to when aggregated with other errors or
use irregularities would be material to the FS as a
o facilitates efficient and uniform recording whole
4. Limited access to assets and records.  Audit Risk = Inherent x Control x Detection
- limit access only to authorized personnel  Auditor’s Objective:
- adequate physical control over certain valuable o to evaluate the effectiveness of IC in
forms & documents such as blank forms and preventing or detecting misstatements
accounting records to allow assignment of  Auditor does not provide an opinion as to the
responsibilities effectiveness of the ICs, rather it evaluates whether
A. Direct Access to Assets it is effective in preventing misstatements to occur
o actual use or misappropriation of assets in the FS.
o ex: clarification (?) of cash or invty items  Assessment of Control Risk affects NTE of
B. Indirect Access to Assets substantive tests year-end
o use of documents to manipulate or
misappropriate assets OBTAINING AN UNDERSTANDING
o ex: using blank check to misappropriate OF INTERNAL CONTROL STRUCTURE
cash  In planning the audit, the auditor should perform
5. Provision for periodical review to determine procedures to obtain knowledge about the design
compliance and necessary revision. of the internal control structure and determine
- compliance w control policies & procedures whether relevant policies and procedures have
should be monitored on a continuing basis to been placed in operation.
have an assurance that the control system  How? Previous expi w company, prior year working
continues to function effectively papers, inquiries of personnel, inspection of docu &
- if the comparison reveals that the recorded other acct records, direct observation of
accountability & actual assets do not agree, it procedures
indicates an error or a possible concealment of A. Control Envi
an irregularity o obtain knowledge abt mgmt’s and BOD’s
- MONITOR AT REGULAR INTERVALS attitude, awareness and actions about control
o determine if control policies and envi
procedures are still functioning effectively o ex: lack of oversight from BOD or actions from
o whether it can still detect irregulation on a mgmt. may cast doubts abt reliability of acctg
timely basis data
o system of reconciling accountabilities w B. Accounting System
actual assets in custody
o investigate, report and resolve deficiencies
 o adequate & well-organized is essential in
producing reliable financial data that NARRATIVE MEMORANDUM METHOD
accurately reflect assertions of mgmt. - written description of the control procedures of an
o info to be gathered by the auditors by entity
understanding the entity’s acctg. system Advantages Disadvantages
C. Control Procedures Can adapt to diff. types of May not be direct to the
o Since most control procedures are integrated businesses point
into the control envi & acctg system, Time consuming
knowledge abt control procedures can be
obtained while obtaining an understanding of FLOWCHART METHOD
the other two control elements. - graphic display of the origin, processing and
o important to understand policies and distribution of documents and segregation of
procedures that are significant enough to functional duties
prevent misstatements in FS - graphical approach to understanding the IC
structure of the entity
TRANSACTION CYCLES - Flowcharts allow the graphical presentation of the
 Transaction Cycles logical sequence of each IC process w/in the entity
o policies and procedures for processing a grp Advantages Disadvantages
of related transactions through the acctg For entities w/ Time consuming
system computerized systems
 Understanding the acctg. system will provide
knowledge abt entity’s transaction cycles PERFORMING A WALK-THROUGH TEST
 Most auditors go by transactions cycles, and not by (TRANSACTION WALKTHROUGH)
individual accounts.  process of understanding the entity’s IC structure
by examining a transaction and trace its
DIFFERENT CYCLES processing from start to finish
1. Treasury-Financing Cycle  Walkthroughs
- Capital Expenditure Cycle o to determine if the auditor’s understanding of
- capital stocks, bank loans, bonds payable, the IC structure is correct/accurate
investments
2. Purchasing-Disbursement Cycle ASSESSING CONTROL RISK
- Expenditure Cycle (TEST OF CONTROLS)
- acquisition of raw materials, machineries,  auditor’s evaluation of the effectiveness of the
services, similar transaction internal control policies & procedures in preventing
3. Payroll Cycle or detecting material misstatements in the FS
- direct labor, salaries, withholding taxes,  Control risk (CR) for each relevant assertion may
collective bargaining agreement provisions be assessed either at the max or at less than the
4. Conversion Cycle max level
- Production Cycle
- materials, storage, materials in process, ASSESSING CR AT THE MAX LVL
costing of sales & invty - no reliance on the entity’s IC structure to prevent
5. Revenue-Receipt Cycle material misstatements in FS
- sales, AR, cash receipts - cause: significant weaknesses in control envi &
accounting system
DOCUMENTING THE UNDERSTANDING - testing control would not restrict the extent of
OF THE INTERNAL CONTROL STRUCTURE substantive tests at year-end
 must be documented in the working papers - omit tests of controls (irrelevant)
 more complex IC structure and more extensive - substantive test at year-end w/ increased scope
procedures performed to obtain the understanding
 more extensive documentation ASSESSING CR AT LESS THAN THE MAX LVL &
PERFORMNG TESTS OF CONTROLS
IC QUESTIONNAIRE (ICQ) METHOD - intention to rely on the effectiveness of the entity’s
- series of questions answerable by “Yes”, “No”, “Not IC structure to prevent material misstatements in
Applicable” the FS
- Yes: satisfactory control - perform test of controls to provide basis for reliance
No: potential weakness (errors or irregularities) - Test of Controls provide evidence as to:
Advantages Disadvantages 1. Effectiveness of design policies & procedures
Easy to accomplish May contain many 2. Operating effectiveness of such policies &
irrelevant controls procedures
IC weakness easily “Not Applicable” is not - Results of TOCs determine the NTE of substantive
detected by “No” answer helpful in evals tests
 - Procedures in TOC  provide basis for reliance
1. Inquiries of appropriate personnel  perform TOCs
2. Inspection of documents & reports  results of TOCs determine the NTE of year-end
Design
3. Observation of the application of procedures
Effectiveness
specific internal control structure What if based on the results of TOC, the auditor
policy or procedure concluded that his reliance on IC structure is wrong,
Operational what should the auditor do?
4. Reperformance of procedures
Effectiveness  Adjust the NTE of substantive procedures in the audit
 Substantive Test Procedures program
o test of controls that are detailed tests of
balances
o Objective: to test the existence of the
transaction and accuracy of amount COMMUNICATING IC STRUCTURE DEFICIENCES
 Dual-Purpose Test
o TOC + Substantive Test DANGER SIGNALS
o very efficient test of transaction - indications of a breakdown/weaknesses in IC
 Reportable Conditions
o deficiencies in IC Structure
AUDIT EVIDENCE IN TEST OF CONTROLS o must be communicated to the senior mgmt. &
BOD (its audit committee)
TYPES OF EVIDENCE  Material Weakness in the IC
Without Audit Trail o a significant IC deficiency
- inquiry & observation  Management Letter
With Audit Trail o auditor’s written communication of reportable
- inspection & performance conditions, esp. that have material impact in
the FS
SOURCE OF EVIDENCE o not req’d to suggest corrective measures how
- indirectly < directly by auditor to correct or rectify
- inquiry of mgmt. < auditor’s personal observation

TIMELINESS OF EVIDENCE
- Normally, TOC is done during the interim period;
hence, update assessment of controls for the
remaining period
1. When the audit evidence was obtained.
2. The portion of the audit period the evidence
applies.

INTERRELATIONSHIP OF EVIDENTIAL MATTER

DOCUMENTING THE ASSESSMENT OF CR

SUMMARY OF PROCEDURES IN CONSIDERING