GROUP 5 BSAN 2A INTERNAL CONTROL MAS 4 REPORT

DANTES, Jazmine M.
A. INTERNAL CONTROL

OVERVIEW OF INTERNAL CONTROL

Internal Control is the process designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of the
entity’s objective with regard to reliability of financial reporting, effectiveness and efficiency of
operations, and compliance with applicable rules and regulations.
Internal Control definition reflects these certain fundamental concepts.
 Internal Control is a process. It is a means to an end, not an end itself.
 Internal Control is effected by people.
 Internal Control is geared to the achievement of objectives in several overlapping
categories.
 Internal Control can be expected to provide only reasonable, not absolute, assurance to an
entity’s management and board.
Internal Control is defined as a plan and other coordinated means and ways by the enterprise to
keep its assets, check the covertness and reliability of data, to increase its effectiveness, and to
ensure the settled management politics. (American Institute of the Certified Public Accountants –
AICPA)
Internal Control is a process including norms, procedures, performances, and other organizational
structure established to ensure reasonable guarantees so as to achieve the settled business goals
and avoid undesirable events, or they could be indicated and fix. (Control Objectives for
Information and Related Technologies – COBIT)

Roles of Internal Control

1. Internal Controls help to understand and mitigate risks.
Internal controls are usually established based on a risk-oriented approach to ensure
that your organization focuses on high-risk areas.
2. Internal Controls help to address financial statement assertions.
One of purposes of internal controls is to safeguard the organization’s assets and
thus address financial statement assertions (existence, rights, completeness, and accuracy).
3. Internal Controls help to prevent and detect fraud.
Internal controls are built to prevent and detect the possible fraud that may happen
or occur inside the firm. Examples of this is the segregation of duties and limiting the access
to a warehouse or inventory to only authorized personnel.
 4. Internal controls help to prevent misstatement of financial statements.
Internal controls help to prevent errors and misstatement of financial statements.
For example, reconciliation is a critical internal control procedure in accounting and can
ensure the account balances on the balance sheet are correct to prevent misstatement of
financial statements.
5. Internal controls help to establish company practices.
Most organizations have documentation for their internal controls, i.e., flowcharts
and/or narratives, because documentation is critical to communicate internal controls with
your external auditors and within your organization, quality documentation can be used to
train new employees. By following internal controls documentation, employees get a better
understanding of the company processes and practices, which helps to establish the
company’s practices.

OBJECTIVES OF INTERNAL CONTROL

The objectives of internal control fall under three categories:
1. Reliability of the entity’s financial reporting.
 Completeness - This objective is to ensure that no valid transactions have been
omitted from the accounting records.
 Accuracy - This objective is to ensure that all valid transactions are accurate,
consistent with the originating transaction data and information is recorded in a
timely manner.
 Safety - This objective is to safeguard the asset and maintain the proper accounting
records.
2. Effectiveness and efficiency of operations.
 Segregation of Duties - This objective is to ensure that duties are assigned to
individuals in a manner that ensures that no one individual can control both the
recording function and the procedures relative to processing the transaction.
 Error handling - This objective is to ensure that errors detected at any stage of
processing receive prompt corrective action and are reported to the appropriate
level of management.
 Physical Safeguards & Security - This objective is to ensure that access to
physical assets and information systems are controlled and properly restricted to
authorized personnel.
3. Compliance with applicable laws and regulations.
 Authorization - This objective is to ensure that all transactions are approved by
responsible personnel in accordance with specific or general authority before the
transaction is recorded.
 Validity - This objective is to ensure that all recorded transactions fairly represent
the economic events that actually occurred, are lawful in nature, and have been
executed in accordance with management's general authorization.
INTERNAL CONTROL SYSTEM
Internal Control System means all the policies and procedures (internal controls) adopted by the
management of an entity to assist in achieving management’s objective of ensuring, as far as
practicable, the orderly and efficient conduct of its business including adherence to management
policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy
and completeness of the accounting records and the timely preparation of reliable financial
information.

Three Types of Internal Control System

1. Preventive Controls – these are controls that aim to prevent and stop the errors and
irregularities from taking place so that the business can run smoothly. Preventive controls
are put in place to help with clerical accuracy, backing up data and preventing employee
fraud.
Examples of Preventive Controls
 Segregation of Duties
 Controlling access
 Double-entry Accounting
2. Detective Controls – these are controls designed to detect and highlight the errors and
irregularities once they take place. Detective internal controls protect a company’s assets
by finding errors when they occur so that business owners can minimize their impact on
the company.
Examples of Detective Controls
 Monthly reconciliations
 Inventory count
 Internal audits
3. Corrective Controls – these controls are implemented to correct any errors and
irregularities that were found by detective controls. This type of internal control usually
begins by detecting undesirable outcomes and keeping the spotlight on the problem until
management can solve it.
Examples of Corrective Controls
 Physical audits
 Physically tracking assets to reveal well-hidden discrepancies
PAYUMO, Krizza Jane P.

ELEMENTS OF INTERNAL CONTROL

1. The Control Environment – the standard, processes, and structures that provide the
foundation for internal control throughout the organization.
a. Communication and Enforcement of Integrity and Ethical Values – integrity and
ethical values affect the design, administration, and monitoring of other components
of internal control.
b. Commitment to Competence – management considers determining the skills and
knowledge required for each employee and that it hires employees competent to
perform the tasks.
c. Participation by those charged with Governance – an entity’s control consciousness
is influenced significantly by those charged with governance. Attributes include
independence from management, their experience and stature, the extent of their
involvement and scrutiny of activities, the appropriateness of their actions, information
they receive, the degree to which difficult questions are raised and pursued with
management, and their interaction with internal and external auditors.
d. Management’s Operating and Philosophy Style – management’s attitude towards
business risk, financial reporting, meeting budget, profit and other established goals
have impact on the reliability of financial statements.
e. Organizational Structure – responsibilities and authorities of personnel should be
established in such a manner as to assist the entity in meeting its goals and objectives,
ensure that transactions are processed, recorded, summarized and reported in an
accurate and timely manner.
f. Assignment of Authority and Responsibility – personnel need to know what their
responsibilities and the rules and regulations that govern their actions. Management
needs to have job descriptions, computer system, and documentation.
g. Human Resources Policies and Procedures – the most important element of an
internal accounting control system is the people who perform and execute the
established policies and procedures. Client needs to be ensured that only capable and
honest persons are hired and retained. Clients need to be assured that errors or
irregularities will not occur.
2. The Entity’s Risk Assessment Process – how well the organization sets objectives to
identify and manage risks. The company should be assessing the risks of financial
statement fraud. Risks can arise due to circumstances such as:
a. Changes in Operating Environment – changes in the regulatory or operating
environment result in changes and significantly different risks.
b. New Personnel – new personnel may have different focus or understanding of internal
control.
c. New or Revamped Information Systems – significant rapid changes in information
systems may result in risk relating to internal control.
 d. Rapid Growth – significant and rapid expansion of operations can strain controls and
increase the risk of breakdown in controls.
e. New Technology – incorporating new technology may change the risk with internal
control.
f. New business models, products, or activities – entity with little experience may
introduce new risks.
g. Corporate Restructuring – Accompanied by staff reductions and changes in
supervision and segregation of duties may have risks.
h. Expanded Foreign Operations – expansion or acquisition of foreign operations
carries new and unique risks.
i. New Accounting Pronouncements – adoption of new accounting principles may
affect risks in preparing financial statements.
3. The Information System, including the business processes relevant to financial reporting
and communicating. Effective internal control depends on high quality information.
For example, the accounting system should accurately record and present financial data.
The internal control responsibilities are communicated to the employees through policy
manuals and by top management.
The accounting system consists of procedures and records designed and established to:
 Initiate, record, process and report entity transactions
 Resolve incorrect processing of transactions
 Process and account for system overrides or bypasses to controls
 Transfer information from transaction processing systems to the general ledger
 Capture information relevant to financial report
 Ensure information required to be disclosed
4. Control Activities – the policies and procedures used to address risk.
The major categories of control procedures:
a. Performance Review – it uses accounting and operating data to assess performance
and then it takes corrective actions.
b. Information Processing Controls – policies and procedure designed to require
authorization of transactions and ensure accuracy and completeness of transaction
processing.
 Proper Authorization of transactions and activities
 Segregation of duties
 Adequate documents and records
 Safeguards over access to assets
 Independent checks on performance
 c. Physical Controls – controls that encompasses the physical security of assets,
authorization for access, and periodic counting and comparison with amounts shown
on control records.
5. Monitoring of Controls – the organization should evaluate the performance of its internal
controls. They should check if the controls are found to be ineffective, or are the internal
controls working or are they catching any mistakes then the company should take action
for these to be effective.

LAGUNERO, Laila Joy E.

B. CONTROL FRAMEWORKS

CONTROL FRAMEWORKS
A control framework is a data structure that organizes and categorizes an organization’s
internal controls, which are practices and procedures established to create business value and
minimize risk.

THREE RECOMMENDED FRAMEWORKS

1. Committee of Sponsoring Organizations (COSO)
2. Control Objectives for Information and Related Technologies (COBIT)
3. Cadbury Report 1992

COMMITTEE OF SPONSORING ORGANIZATIONS OF THE TREADWAY

COMMISSION (COSO)
The best-known control framework is the Integrated Framework, which was developed by the
Committee of Sponsoring Organizations of the Treadway Commission. The Committee of
Sponsoring Organizations was charged by the Treadway Commission to develop an integrated
guidance on Internal Control.
The COSO framework defines internal control as a process that is created to provide reasonable
assurance regarding the achievement of objectives in the following three areas:
• The efficiency and effectiveness of a firm’s operation.
• The reliability of a firm’s financial reporting.
• The compliance of a firm with applicable laws and regulations.
The framework also includes the following general concepts:
• Internal Control is not an end in itself.
• Internal Control is impacted by individuals throughout a business.
 • Internal Control can only provide reasonable assurance to an organization’s management
and board of directors.
• Internal Control is targeted at achieving specific objectives within a business.

WHAT IS COSO?
COSO is a private sector initially established in 1985 by five financial professional associations.
The 5 financial professional associations:
• The Institute of Internal Auditors (IIA)
• American Institute of Certified Public Accountants (AICPA)
• American Accounting Association (AAA)
• Financial Executives Institute (FEI)
• Institute of Management Accountants (IMA)
COSO’s goal is to improve the quality of financial reporting through a focus on corporate
governance, ethical practices, and internal control.

THE COSO INTEGRATED FRAMEWORK FOR INTERNAL CONTROL HAS FIVE

COMPONENTS
1. CONTROL ENVIRONMENT
• Exercise integrity and ethical values.
• Use the board of directors and audit committee.
• Facilitate management’s philosophy and operating style.
• Create organizational structure.
• Make a commitment to competence.
• Issue assignment of authority and responsibility.

2. RISK ASSESSMENT
• Create companywide objectives.
• Incorporate process-level objectives.
• Perform risk identification and analysis.
• Manage change.
3. CONTROL ACTIVITIES
• Follow policies and procedures.
• Improve security (application and network).
• Conduct application change management.
• Plan business continuity/backups.
• Perform outsourcing.
4. INFORMATION AND COMMUNICATION
• Measure quality of information.
• Measure effectiveness of communication.

5. MONITORING ACTIVITIES
• Perform ongoing monitoring.
• Conduct separate evaluations.
• Report deficiencies.

VITUG, Dave Reden G.

COBIT CONTROL FRAMEWORK
What is COBIT?
• COBIT stands for Control Objectives for Information and Related Technology. It is a
framework created by the ISACA (Information Systems Audit and Control Association)
for IT governance and management.

What is COBIT Framework?

The COBIT business orientation includes linking business goals with its IT infrastructure by
providing various maturity models and metrics that measure the achievement while identifying
 associated business responsibilities of IT processes. The main focus of COBIT 4.1 was illustrated
with a process-based model subdivided into four specific domains, including:
• Planning & Organization
• Delivering and Support
• Acquiring & Implementation
• Monitoring & Evaluating

The Various COBIT Components

• Framework
• Process Descriptions
• Control Objectives
• Maturity Models
• Management Guidelines

Benefits of COBIT
The professionals best suited for COBIT methodologies are those who are already in a position
to understand the nuances of IT governance in business management practices. The course will
be especially beneficial for:
• CIOs / IT Managers / IT Directors
• Risk Committee
• Process Owners
• Audit Committee Members
• COBIT 4.1 and earlier users
• IT Professionals in audit, risk, security, governance, and assurance sectors

Conclusion
While the modern world is gearing towards an environment of several emerging technologies,
including consumerization, cloud computing, social media, big data, and mobility, information
and IT is easily the new currency. This raises the success rate of many organizations, but at the
same time raises other challenging and complex management and governance concerns for
security professionals, enterprise leaders, and governance specialists. New businesses demand
that risk scenarios are better met with the power of information. COBIT 5.0 is the exact solution
the modern businesses are asking for.

CADBURY COMMITTEE REPORT

Cadbury Report
The Cadbury Report, titled Financial Aspects of Corporate Governance, is a report of a
committee chaired by Sir. George Adrian Cadbury that sets out recommendations on the
arrangement of company boards and accounting systems to mitigate corporate governance risks
and failures.
The 'Cadbury Committee' was set up in May 1991
 It was formed by the Financial Reporting Council, the London Stock of Exchange and the
accountancy profession, with the main aim of addressing the financial aspects of Corporate
Governance.
Other objectives include
• uplift the low level of confidence both in financial reporting and in the ability of auditors
to provide the safeguards which the users of company's reports sought and expected;
• review the structure, rights and roles of board of directors, shareholders and auditors by
making them more effective and accountable;
o \

• address various aspects of the accountancy profession and make appropriate

recommendations, wherever necessary;
• raise the standard of corporate; governance etc.

Corporate governance
Corporate governance is the system by which:
• Companies are directed and controlled
• Boards of directors are responsible for the governance of their companies
• The shareholders' role in governance is to appoint the directors and the auditors and to
satisfy themselves that an appropriate governance structure is in place.
• The responsibilities of the board include setting the company's strategic aims, providing
the leadership to put them into effect, supervising the management of the business and
reporting to shareholders on their stewardship
The financial aspects of corporate governance:
• The way in which boards set financial policy and oversee its implementation
• Financial controls, and
• The process whereby they report on the activities and progress of the company to the
shareholders

ROLE OF BOARD OF DIRECTORS, DUTIES OF BOARD AND ITS COMPOSITIONS

Board Effectiveness
• Every public company should be headed by an effective board which can both lead and
control the business.
• All directors should have access to the advice and services of the company secretary, who
is responsible to the board for ensuring that board procedures are followed and that
applicable rules and regulations are complied with.

Role of the chairman

• Given the importance and particular nature of the chairman’s role, it should in principle be
separate from that of the chief executive.
• The chairman’s role in securing good corporate governance is crucial.
 • It is for chairmen to make certain that their non-executive directors receive timely, relevant
information tailored to their needs, that they are properly briefed on the issues arising at
board meetings, and that they make an effective contribution as board members in practice.

Role of non-executive directors

• The Committee believes that the caliber of the nonexecutive members of the board is of
special importance in setting and maintaining standards of corporate governance.
• Non-executive directors should bring an independent judgment to bear on issues of
strategy, performance, resources, including key appointments, and standards of conduct.
• Non-executive directors should be appointed for specified terms and reappointment should
not be automatic.
• Non-executive directors should be selected through a formal process and both this process
and their appointment should be a matter for the board as a whole.

Professional Advice
• They should always be able to consult the company’s advisers
• Consider it necessary to take independent professional advice

Directors Training
• Given the varying backgrounds, qualifications and experience of directors, it is highly
desirable that they should all undertake some form of internal or external training.

The Company Secretary

• The chairman and the board will look to the company secretary for guidance on what their
responsibilities are under the rules and regulations to which they are subject and on how
those responsibilities are.
• It should be standard practice for the company secretary to administer, attend and prepare
minutes of board proceedings.
• The Committee expects that the company secretary will be a source of advice to the
chairman and to the board on the implementation of the Code of Best Practice.

Directors Responsibilities
• Shareholders are clear where the boundaries between the duties of directors and auditors
lie, we recommended that a brief statement of director’s responsibilities for the accounts
should appear in the report and accounts, as a counterpart to a statement by the auditors
about their reporting responsibilities.
• The appropriate position for the director’s statement is immediately before the auditor’s
report, which in future will include responsibilities.
Standards of Conduct & Nomination Committees
• It is important that all employees should know what standards of conduct are expected of
them.
 • A nomination committee should have a majority of non-executive directors on it and be
chaired either by the chairman or a non-executive director.

Role of Audit Committee

• Monitoring the integrity of financial statements and any formal announcements relating to
financial performance.
• Reviewing internal financial control and unless there is a separate board risk committee,
reviewing the company's internal control and risk management system.
• Monitoring and reviewing the effectiveness of the internal audit function.
• Making recommendations to the board in relation to the appointment, re-appointment and
removal of the external auditor.
• Reviewing the auditor’s independence and objectivity.
• Developing and implementing the non-audit service policies.

Dealing with their remunerations

• We recommend that future service contracts should not exceed three years without
shareholders’ approval and that the Companies Act should be amended in line with this
recommendation.
• Shareholders require that the remuneration of directors should be both fair and competitive.
• The Annual General Meeting provides the opportunity for shareholders to make their views
on such matters as the director's benefit known to their boards.

Addressing reporting of financial reporting and financial control

• It is the board’s duty to present a balanced and understandable assessment of the company’s
position.
• The board should ensure that an objective and professional relationship is maintained with
the auditors.
• The board should establish an audit committee of at least three non-executive directors
with written terms of reference which deal clearly with its authority and duties.

Auditing
• The audit provides an external and objective check on the way in which the financial
statements have been prepared and presented
• Audits are a reassurance to all who have a financial interest in companies, quite apart from
their value to boards of directors.

Professional objectivity
• Shareholders require auditors to work with and not against management, while always
remaining professionally objective.
• Accounting standards provide important reference points against which auditors exercise
their professional judgment.
 • Shareholders look to the audit committee to ensure that the auditors are able to put their
views in the event of any difference of opinion with management.

Ways to increase effectiveness and value of the audit

• The ‘Expectations Gap’
• Internal Control
• Going Concern
• Fraud

Auditors Liability
• The legal position with regard to civil liability laid down should be altered by statute at the
present time.
• Auditors are fully liable in negligence to the companies they audit and their shareholders
collectively.
• Increased litigation that could arise from adapting the audit to meet changing needs and
expectations - a process which the Committee’s report itself is intended to encourage.

Audit Confidence
• The committee welcomes the initiatives of the profession's ethical rules and disciplinary
arrangements.
• Audit tendering will strengthen the standing and independence of auditors.
Techniques to improve and enforce auditing standards:
• tighter accounting standards
• effective audit committees
• rigorous and objective auditing
• action by the accountancy profession.

THE SHAREHOLDERS
Accountability of Boards to Shareholders
• The formal relationship between the shareholders and the board of directors is that the
shareholders elect the directors.
• A number of proposals addressing this issue were put forward by individual shareholders
and shareholder organizations.
• On the first proposal, we have not seen evidence explaining how it would be possible to
form shareholder committees in such a way that they would be both truly representative of
all the company’s shareholders and able to keep in regular touch with their changing
constituencies.
Accountability of Boards to Shareholders
• The second set of proposals raises such questions as what legislation would be needed to
alter the present thresholds for tabling shareholder resolutions, and where the costs
involved in circulating shareholder communications should fall
• In the meantime, shareholders can make their views known to the boards of the companies
in which they have invested by communicating with them directly and through their
attendance at general meetings
• Shareholders have delegated many of their responsibilities as owners to the directors who
act as their stewards.

Accountability of Boards to Shareholders

• The second set of proposals raises such questions as what legislation would be needed to
alter the present thresholds for tabling shareholder resolutions, and where the costs
involved in circulating shareholder communications should fall
• In the meantime, shareholders can make their views known to the boards of the companies
in which they have invested by communicating with them directly and through their
attendance at general meetings
• Shareholders have delegated many of their responsibilities as owners to the directors who
act as their stewards.
• Reports and accounts are presented to shareholders at the Annual General Meeting, when
they have the opportunity to comment on them and to put their questions.
• In the Committee’s view, both shareholders and boards of directors should consider how
the effectiveness of general meetings could be increased and as a result the accountability
of boards to all their shareholders strengthened

Institutional Shareholders
• The proportion of shares held by individuals and by institutions has broadly reversed over
the last thirty years so that institutional shareholders now own the majority of shares of
quoted companies.
• Given the weight of their votes, the way in which institutional shareholders use their power
to influence the standards of corporate governance is of fundamental importance.
• The Institutional Shareholders’ Committee’s advice to its members to use their voting
rights positively is important in the context of corporate governance.

Conclusion
• The Committee’s proposals are mutually supportive and should be taken as a whole. The
Code reflects existing best practice and few of our recommendations require legislation
• No system of corporate governance can be totally proof against fraud or incompetence.
The test is how far such aberrations can be discouraged and how quickly they can be
brought to light
 • Although the great majority of companies are both competently run and audited under the
present system of corporate governance, it is widely accepted that standards within the
corporate sector have to be raised
• The way forward is through clear definitions of responsibility and an acceptance by all
involved that the highest standards of efficiency and integrity are expected of them
• This will involve a sharper sense of accountability and responsibility all round -
accountability by boards to their shareholders, responsibility on the part of all shareholders
to the companies they own

VILLANUEVA, Ma. Dee Angelica G.

C. FRAUD AND ITS RELATIONSHIP TO CONTROL

FRAUD AND ERROR

This chapter introduces fraud risk and errors and how they can be reduced if not totally avoided
by having effective internal control – a tool of good corporate governance.
ERROR represents an unintentional misstatement of the financial statement. It may be material
or immaterial.
Common Accounting Errors
 Data entry errors - are mistakes that are made where and how items are entered (or not)
in your accounting system. Some common data entry blunders include:
 Entering items in the wrong account.
 Transposing numbers.
 Leaving out or adding a digit or a decimal place.
 Omitting or duplicating an entry.
 Treating expenses as income or vice versa.
 Error of omission - this is simply a failure to record an item. It's not intentional; it's just
overlooked.
For example, an invoice is paid but you fail to note receipt. Or you purchase a tablet but
don't record this in your accounting system. This can easily happen if you misplace
documentation—a receipt or invoice—so that it never gets recorded.
 Error of commission - this is mishandling an item by putting it in the wrong place. The
amount you enter is correct, and you even put it in the right general account, but you then
use the incorrect sub-account.
For example, you receive payment on an invoice but note the receipt against a different
customer's invoice. Your total payments come out right for accounting purposes, but what's
shown for a particular customer is wrong.
 Error of transposition - this error is recording the incorrect amount of an item by
reversing numbers. This can cause overstating or understanding the amount of an item,
which is the result of transposing a number. For example, instead of entering an expense
 as $946, you erroneously enter it as $496. This produces $450. An error like this can be
costly if it is a deductible amount that isn't claimed because of the entry error.
 Compensating error - this error is really two that occur at the same time; one offsets the
other. Because the net effect is zero, it is difficult to detect.
For example, you erroneously overstate income by $1,000, but you also overstate an
expense by a like amount so it all evens out even though both entries are wrong.
 Error of duplication - this occurs when you enter the same item of income or expense
more than once.
For example, such an error can happen when more than one person has access to the
accounting system and each makes the same entry.
 Error of principle - this error is recording an item that does not comport with Generally
Accepted Accounting Principles (GAAP). Usually, this happens when an entry is made in
the wrong account. The amount is correct but is simply entered in the wrong place. An
error of principle is a serious procedural mistake because it can have big consequences.
The most common example of an error of principle is recording an owner's personal
expense as a business expense.
 Error of entry reversal - this is the result of treating an expense as an item of income or
vice versa. Instead of recording a $250 invoice in your accounts receivable, you
erroneously put it in accounts payable (i.e., you record it as an expense).

How can accounting errors affect your business?

 Incorrect income reporting. Incorrect expense reporting can distort a company's
computed operating profit margins or could result in over-reporting of income.
 Incorrect cash flow information. If items are not reported correctly, it can overstate or
understand the amount of cash on hand to pay bills.
 Incorrect expense reporting. Misclassification or failure to include business expenses
may result in the failure to report a deductible expense. It can result in overpaying taxes.
 Increased labor costs. Correcting classification mistakes on the back end is time-
consuming for employees already busy with year-end reporting.
 Late payment fees. When misclassification errors are discovered later in the accounting
cycle, invoices may be past due and result in additional fees and interest.
 Improper matching of income and expenses. Misclassified expenses may cause incorrect
reporting for companies using accrual accounting. Expenses should be properly matched
with the income they generate. If expenses are classified in the wrong month or year, this
will not happen as it should.
 Detecting fraud. It's unfortunate that employee fraud, including embezzlement, can occur
at any business. When items don't match up, it can indicate that something is wrong and
more investigation is required.
How can you prevent accounting errors?
 Train staff on data entry accuracy
Make sure employees who are entering expenses into your accounting system
understand your accounts and descriptions. Take the time to fully explain your system.
Some software may offer employee training, so take advantage of this option. Set company
policy on documentation procedures so entries can be made properly and accurately.
For example, record reimbursements to employees when made after they've
submitted expense reports so you know the numbers are correct. And make sure there's
someone knowledgeable in accounting entries who can answer questions when they arise.
 Don't overload your employees
Employees who are overloaded with work can more easily make simple entry errors
than if they were given adequate time to handle this activity. Yet it's essential that your
accounting stays current and that you don't fall behind. Consider ways in which to simplify
and improve data entry and avoid errors, such as the use of expense report software to
easily import data into your accounting system.
 Utilize the newest accounting software
Use the latest version of your accounting system. Software and cloud versions are
continually being improved to simplify the entire accounting process. Cloud-based systems
update automatically, desktop software requires a purchase every several years to stay up
to date.
 Implement internal controls
Put practices in place that can help to detect and correct accounting errors. For
example, conduct bank reconciliations every month so you can catch a problem and the
error doesn't linger on your books. The same goes for credit card statements. Review them
monthly to ensure charges have been entered correctly in your accounting system.
 Check for differences between the budget and actual expenses
Use your accounting system to keep you on the right financial track. Your budget
may show a certain amount of money is to be spent on a particular item or activity, but the
entry doesn't match up. Comparing your actual expenses to the amount you budgeted can
help you discover a misclassification (or at least an explanation for the differences).
 Conduct a periodic professional review of accounts
You may want your accountant to periodically review your accounts to make sure that they
appropriately reflect the expenses you incur and comply with GAAP. Your accounting
software may have a feature that facilitates a client data review by your accountant.
 Adopt best accounting practices and standards
Don't let your staff procrastinate. Set deadlines for data entry and reconciliation so
that errors are found quickly and can easily be corrected. Understand accounting standards,
so they are incorporated into your accounting system. Private companies based in the U.S.
use GAAP for accounting. This dictates when and how income and expenses are reported.
Your accounting system must reflect these standards.
FRAUD is an intentional act by one or more individuals among management, those charged with
governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal
advantage. It can result in a misstatement of the financial statements.
Two types of misstatements are relevant to auditors’ consideration of fraud;
(a) Misstatements arising from misappropriation of assets
(b) Misstatements arising from fraudulent financial reporting

 Misstatements arising from misappropriation of assets

Asset misappropriation occurs when a perpetrator steals or misuses an organization’s

assets. Asset misappropriations are the dominant fraud scheme perpetrated against small business
and the perpetrators are usually employees. Asset misappropriations can be accomplished in
various ways, including embezzling cash receipts, stealing assets, or causing the company to pay
for goods or services that were not received. It is often accompanied by false or misleading records
or documents in order to conceal the fact that the assets are missing.
Asset misappropriation commonly occurs when employees:
 Gain access to cash and manipulate accounts to cover up cash thefts.
 Manipulate cash disbursements through fake companies.
 Steal inventory or other assets and manipulate the financial records to cover up the fraud.

An individual who has committed misappropriation may be liable to criminal prosecution for a
form of theft as well as disciplinary action, if the person is a civil servant.
 Misstatements arising from Fraudulent financial reporting

The intentional manipulation of reported financial results to misstate the economic

condition of the organization is called fraudulent financial reporting. The perpetrator of such
generally seeks gain through the rise in stock price and the commensurate increase in personal
wealth.
Sometimes the perpetrator does not seek direct personal gain, but instead uses the
fraudulent financial reporting to “help” the organization avoid bankruptcy or to avoid some other
negative financial outcome.
Three common ways in which fraudulent financial reporting can take place include:
 Manipulation, falsification, or alteration of accounting records or supporting documents.
 Misrepresentation or omission of events, transactions, or other significant information.
 Intentional misapplication of accounting principles.

What is the difference between fraud and error?

The distinguishing factor between fraud and error is whether the underlying action that
results in the misstatement in the financial statements is intentional or unintentional. Unlike error,
fraud is intentional and usually involves deliberate concealment of the facts. Error refers to an
unintentional misstatement in the financial statements, including the omission of an amount or
disclosure.

BALUYUT, Christian John C.

FRAUD TRIANGLE
Fraud Triangle characterizes incentives, opportunities and rationalizations that enable fraud to
exist.
Three elements of the fraud triangle:
 Incentive to commit fraud
 Opportunity to commit and conceal the fraud
 Rationalizations

INCENTIVE
Incentive, alternatively called pressure, refers to an employee’s mindset towards
committing fraud. An individual can be pressured or motivated to commit fraud because of a
personal financial problem, such as a large gambling debt. Sometimes, the pressure originates from
problems at work.
Examples of things that provide incentives for committing fraud include:
 Bonuses Based on a Financial Metric
Common financial metrics used to assess the performance of an employee are revenues and net
income. Bonuses that are based on a financial metric create pressure for employees to meet targets,
which, in turn, may cause them to commit fraud to achieve the objective.
 Investor and Analyst Expectations

The need to meet or exceed investor and analyst expectations to ensure stock prices are maintained
or increased can create pressure to commit fraud.
 Personal Incentives

Personal incentives may include wanting to earn more money, the need to pay personal bills, a
gambling addiction, etc.

OPPORTUNITY
The person who plans to commit the fraud uncovers an internal control weakness and
doesn’t believe anyone will notice if he takes the money. Any internal control weakness, such as
a lack of oversight, offers the fraudster an opportunity to steal.
 Typically, the fraudster starts by stealing a small amount of money and if he doesn’t get
caught, he’ll likely steal even larger amounts. An organization can reduce the risk of fraud and
decrease the opportunity for theft by developing and implementing effective internal controls.
 Weak internal controls

Internal controls are processes and procedures implemented to ensure the integrity of accounting
and financial information. Weak internal controls such as poor separation of duties, lack of
supervision, and poor documentation of processes give rise to opportunities for fraud.
 Poor tone at the top

Tone at the top refers to upper management and the board of directors’ commitment to being
ethical, showing integrity, and being honest – a poor tone at the top results in a company that is
more susceptible to fraud.
 Inadequate accounting policies

Accounting policies refer to how items on the financial statements are recorded. Poor (inadequate)
accounting policies may provide an opportunity for employees to manipulate numbers.

RATIONALIZATION
The fraudster must decide that what he’ll gain from his fraudulent activity is more
important than the possibility that he might get caught.
The fraudster must justify the fraud. For example, the fraudster may think, “The company
won’t miss the money” or “The organization doesn’t pay me enough.” The individual may even
rationalize the fraud by telling himself that he’ll pay the money back.
 “They treated me wrong”

An individual may be spiteful towards their manager or employer and believe that committing
fraud is a way of getting payback.
 “Upper management is doing it as well”

A poor tone at the top may cause an individual to follow in the footsteps of those higher in the
corporate hierarchy.
 “There is no other solution”

An individual may believe that they might lose everything (for example, losing a job) unless they
commit fraud.

RISK FACTORS CONTRIBUTORY TO MISAPPROPRIATION OF ASSETS

Misappropriation of assets involves the theft of an entity's assets and is often perpetrated
by employees in relatively small and immaterial amounts. However, it can also involve
management who are usually abler to disguise or conceal misappropriations in ways that are
difficult to detect.
Misappropriation of assets is often accompanied by false or misleading records or
documents in order to conceal the fact that the assets are missing or have been pledged without
proper authorization
Misappropriation of assets can be accompanied in a variety of ways including:
 Embezzling receipts

For example, misappropriating collections on accounts receivable or diverting receipts in respect

of written-off accounts to personal bank accounts.
 Stealing physical assets or intellectual property

For example, stealing inventory for personal use or for sale, stealing scrap for resale, colluding
with a competitor by disclosing technological data in return for payment.
 Causing an entity to pay for goods and services not received

For example, payments to fictitious vendors, kickbacks paid by vendors to the entity's purchasing
agents in return for inflating prices, payments to fictitious employees.
 Using an entity's assets for personal use

For example, using the entity's assets as collateral for a personal loan or a loan to a related party.

A. Incentives / Pressures
1. Personal financial obligations may create pressure on management or employees with
access to cash or other assets susceptible to theft to misappropriate those assets.

2. Adverse relationships between the entity and employees with access to cash or other
assets susceptible do theft may motivate those employees to misappropriate those
assets.one example, adverse relationships may be created by the following.
a. Known or anticipated future employee layoffs.
b. Recent or anticipated changes to employee compensation or benefit plans.
c. Promotions, compensation, or other rewards inconsistent with expectations.

B. Opportunities
1. Certain characteristics or circumstances may increase the susceptibility of assets to
misappropriation.

For example, opportunities to misappropriate assets increase when following situations exist:
a. Large amounts of cash on hand or processed.
 b. Inventory items that are small in size, of high value, in high demand.
c. Fixed assets which are small in size, marketable, or lacking observable
identification of ownership.

2. Inadequate internal control over assets may increase to susceptibility of

misappropriation of those assets.

For example, misappropriation of assets may occur because of the following:

a. Inadequate segregation of duties or independent checks.
b. Inadequate oversight of senior management expenditures, such as travel and other
reimbursements.
c. Inadequate management oversight of employees responsible for assets, for
example, inadequate supervision or monitoring of remote locations.
d. Inadequate job applicant screening of employees with access to assets.
e. Inadequate record keeping with respect to assets.
f. Inadequate system of authorization and approval of transactions (for example, in
purchasing)
g. Inadequate physical safeguards over cash. Investments of fixed assets.
h. Lack of complete and timely reconciliations of assets,
i. Lack of timely and appropriate of example, credits for merchandise returns.
j. Lack of mandatory for employees performing key functions
k. Inadequate management understanding of information technology, which enables
information technology to perpetrate a misappropriation.

C. Rationalizations
a. Disregard for the need for monitoring or reducing risks related to misappropriation
of assets.
b. Disregard for internal control over misappropriation of assets by overriding existing
controls or by failing to known internal control deficiencies.
c. Behavior indicating displeasure or dissatisfaction with the entity or its treatment of
the employee.
d. Changes in behavior or lifestyle that may indicate assets have been misappropriated.
5. 5. Tolerance of petty theft.

RISK FACTORS CONTRIBUTORY TO FRAUDULENT FINANCIAL REPORTING

Fraudulent financial reporting may be accomplished by the following:
 Manipulation, falsification (including forgery), or alteration of accounting records or
supporting documentation from which the financial statements are prepared.
 Misrepresentation in, or intentional omission from, the financial statements of events,
transactions or other significant information.
  Intentional misapplication of accounting principles relating to amounts, classification,
manner of presentation, or disclosure

Fraudulent financial reporting involves intentional misstatements including omissions of

amounts or disclosures in financial statements to deceive financial statement users. It can be caused
by the efforts of management to manage earnings in order to deceive financial statement users by
influencing their perceptions as to the entity's performance and profitability. Such earnings
management may start out with small actions or inappropriate adjustment of assumptions and
changes in judgments by management. Pressures and incentives may lead these actions to increase
to the extent that they result in fraudulent financial reporting. Such a situation could occur when,
due to pressures to meet market expectations or a desire to maximize compensation based on
performance, management intentionally takes positions that lead to fraudulent financial reporting
by materially misstating the financial statements. In some entities, management may be motivated
to reduce earnings by a material amount to minimize tax or inflate earnings to secure bank
financing.
Fraud, whether fraudulent financial reporting or misappropriation of assets, involves incentive
or pressure to commit fraud, a perceived opportunity to do so and some rationalization of the act.

A. Incentive
Incentive or pressure to commit fraudulent financial reporting may exist when management is
under pressure, from sources outside or inside the entity, to achieve an expected (and perhaps
unrealistic) earnings target or financial outcome — particularly since the consequences to
management for failing to meet financial goals can be significant.

B. Opportunities
A perceived opportunity to commit fraud may exist when an individual believes internal
control can be overridden, for example, because the individual is in a position of trust or has
knowledge of specific weaknesses in internal control.
Fraudulent financial reporting often "involves management override of controls that otherwise
may appear to be operating effectively.
Fraud can be committed by management overriding controls user such techniques as:
 Recording fictitious journal entries, particularly close to the end of an accounting period,
to manipulate operating results or achieve other objectives.
 Inappropriately adjusting assumptions and changing judgments used to estimate account
balances.
 Omitting, advancing or delaying recognition in the financial statements of events and
transactions that have occurred during the reporting period.
 Concealing, or not disclosing, facts that could affect the amounts recorded in the financial
statements.
  Engaging in complex transactions that are structured to misrepresent the financial position
or financial performance of the entity.
 Altering records and terms related to significant and unusual transactions.

C. Rationalizations
Individuals may be able to rationalize committing a fraudulent act. Some individuals possess
.an attitude, character or set of ethical values that allow them knowingly a dishonest acts However,
even otherwise honest individuals fraud in an environment that imposes sufficient pressure on
them.

RESPONSIBILITY FOR THE PREVENTION AND DETECTION OF FRAUD

The primary responsibility for the prevention and detection of fraud rests with both those
charged with governance of the entity and management. It is important that management, with the
oversight of those charged with governance, place a strong emphasis on fraud prevention, which
may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade
individuals not to commit fraud because of the likelihood of detection and punishment. This
involves a commitment to creating a culture of honesty and ethical behavior which can be
reinforced by an active oversight by those charged with governance. In exercising oversight
responsibility, those charged with governance consider the potential for override of controls or
other inappropriate influence over the financial reporting process, such as efforts by management
to manage earnings in order to influence the perceptions of analysts as to the entity's performance
and profitability.

EMATA, Marian Keziah B.

D. ERRORS AND IRREGULARITIES IN THE TRANSACTION CYCLES OF THE
BUSINESS ENTITY

The Three Basic Business Transaction Cycles:

1. Sales and Collections Cycle
2. Acquisitions and Payments Cycle
3. Payroll and Personnel Cycle
Management should establish controls to ensure that these transactions are appropriately
handled and recorded. However, if internal controls are not properly implemented, or are
overridden, fraud and errors may occur. This part presents the errors and fraudulent activities that
could result if there is poor internal control.

I. Errors and Irregularities in the Sales and Collections Cycle

1. Errors in Recording Sales and Collections Transactions

 Errors in Recording Sales include mechanical errors, such as using wrong piece or
wrong quantity, recording sales in the wrong period (cutoff errors), a bookkeeper’s
failure to understand proper accounting for a transaction, and so on. Internal controls
are designed to prevent or detect many of these kinds of errors.
2. Fraud in Sales and Collections
Fraud in Sales generally relate to fraudulent financial reporting. In contrast, frauds in
cash collections relate to misappropriation of assets, typically accomplished by clerks
or management-level employees.
a. Fraudulent Financial Reporting
Fraudulent financial reporting involving sales typically results in overstated sales
or understated sales returns and allowances. Managers under pressure to achieve
high profits may inflate sales to meet target profits established by senior managers,
to obtain bonuses, to retain the respect of senior managers, or even to keep their
jobs. The following methods can be used to increase the sales fraudulently:
 Recording fictitious sales (creating fictitious shipping documents, sales
invoices, and so on)
 Recording valid transactions twice.
 Recording in the current period sales that occurred in the succeeding period
(improper cutoff)
 Recording operating leases as sales.
 Recording consignments as sales.
 Recording sales when the chance of a return is likely.
 Following revenue recognition practices that are not in accordance with
PFRS
 Recognizing revenue that should be deferred

b. Misappropriation of Assets: Withholding Cash Receipts

1. Skimming
Skimming refers to the act of withholding cash receipts without recording
them. An example is when a cashier in a retail store does not ring up a
transaction and takes the cash. Another example is when an employee who
has access to cash receipts and maintains accounts receivable records, can
record a sale at an amount lower than the invoice amount. When the customer
pays, the employee takes the difference between the invoice and the amount
recorded as receivable. Detection of unrecorded cash receipts is very difficult;
however, unexplained changes in the gross profit percentage, or sales volume
may indicate that cash receipts have been withheld.
2. Lapping
This technique is used to conceal the fact that cash has been abstracted; the
shortage in one customer’s account is covered with a subsequent payment
 made by another customer. An employee who has access to cash receipts and
maintains accounts receivable can engage in lapping. Routine testing of
details of collections compared with validated bank deposit slips should
uncover this fraud.
3. Kiting
This is another technique used to cover cash shortage or to inflate cash
balance. Kiting involves counting the cash twice by using the float in banking
system. (Float is the gap between the time the check is deposited or added to
an account and the time the check clears or is deducted from the account it
was written on). Analyzing and verifying cash transfers during the days
surrounding year-end should reveal this type of fraud.

II. Errors and Irregularities in the Acquisitions and Payments Cycle

1. Errors in the Acquisitions and Payments Cycle
The following may occur in the acquisitions and payments cycle:
 Failing to record a purchase in the proper period (cutoff errors)
 Recording goods accepted on consignment as purchase
 Misclassifying purchases of assets and expenses
 Failing to record a cash payment.
 Recording a payment twice.
 Failing to record prepaid expenses as assets.
Entities normally design controls to prevent these errors from occurring or to detect
errors if they do occur. When such controls exist, auditors test the controls to assess their
effectiveness. If the controls are not effective, auditors should perform substantive tests
to determine that the financial statements do not contain material misstatements that
arose because of possible errors.
2. Frauds in the Acquisitions and Payments Cycle
a. Paying for Fictitious Purchases
This involves the perpetrator creating a fictitious invoice (and sometimes a
receiving report, purchase order and so forth) and processing the invoice for
payment. Alternatively, the perpetrator can pay the invoice twice.

b. Receiving Kickbacks
In this scheme, a purchasing agent may agree with a vendor to receive a kickback
(refund payable to the purchasing person on goods or services acquired from
vendor).

This is usually done in return for the agent’s ensuring that the particular vendor
receives an order from the firm. Often a check is made payable to the purchasing
agent and mailed to the agent at a location other than his or her place of
 employment. Sometimes the purchasing agent splits the kickback with the vendor’s
employee for approving and paying it. Detecting kickbacks is difficult because the
buyer’s records do not reflect their existence. However, when vendors are required
to submit bids for goods or services, the likelihood of kickbacks is reduced.
c. Purchasing Goods for Personal Use
Goods and services for personal use may be purchased by executives or purchasing
agents and charged to the company’s account. To execute such a purchase, the
perpetrator must have access to blank receiving reports and purchase approvals or
must connive with another employee. Fraud involving purchase of good for
personal use is more likely to go unnoticed when perpetual records are not
maintained.

III. Errors and Irregularities in the Payroll and Personnel Cycle

Historically, errors and irregularities involving payroll have been reported to occur
frequently and are largely undetected.

1. Errors
The most errors that can occur in the payroll and personnel cycle are:
a) paying employees at the wrong rate,
b) paying employees for more hours than they worked,
c) charging payroll expense to the wrong accounts, and
d) keeping terminated employees on the payroll
2. Frauds Involving Payroll
The major payroll-related frauds include
a. Fictitious Employees
Adding fictitious employees to the payroll is one of the most common
defalcations. Detecting fictitious employees on the payroll is very difficult; but
auditors do sometimes perform a surprise payoff as a deterrent to this form of
defalcation. Alternatively, the auditor may turn the check distribution over to an
official not associated with preparing payroll, signing checks, or supervising
workers. Personnel files and the employees’ completed timecards and time tickets
may also be examined to substantiate the existence of absent employees.
b. Excess Payments to Employees
Increasing the rates above that approved or paying the employees for more hours
than they worked are the most common ways of paying employees more than they
are entitled to receive. These practices can be substantially reduced by requiring
personnel department officials to authorize changes in pay rates and by monitoring
total hours worked and paid for. Analytical procedures that focus on cost per unit
of actual production can also be helpful in detecting excess payments to employees.
 c. Failure to Record Payroll
Companies having difficulty meeting profit targets or not-for-profit entities having
difficulty managing costs and expenses might fail to record a payroll. The omission
of payroll can be difficult to hide unless a similar amount of revenues or receipts
has been omitted. Analytical procedures can be performed to test the reasonableness
of payroll cost.
d. Inappropriate Assignment of Labor Costs to Inventory
A company having difficulty meeting profit targets might assign to inventory labor
costs incurred to budgeted cost that should have been charged to expense.
Analytical procedures such as comparing costs incurred to budgeted cost and
verification of valuation of inventory are some of the useful techniques in detecting
such fraud.

Link to Discussion Video:

https://drive.google.com/file/d/1aBjboPsWX990n3OPuAHpW-
37TIbFa6Ir/view?usp=sharing