Chapter 1

THE PROBLEM AND ITS BACKGROUND

Knowledge is not synonymous with reliable financial reporting and to the
proper management of exposure, but it is a basic ingredient of both without
knowledge we will not be able to reconcile accounts, comply with regulations, or
find a solution in controlling the risks we are taking unless we stumble on it.
Without timely and accurate information, the board, the CEO, and senior
management will not be in a position to steer a company toward the right course.
Information and knowledge have to up kept all the time, they decay very
fast. Therefore in well manage companies the board, the CEO, and senior
executives are keen to upkeep their skills and know-how, ensure the channels of
communication are open, and provide themselves with a dynamic, proactive
system which allows them to know everything that needs to be known on the way
the company functions. This is the role of the internal control.
Every business scheme changes regularly at different intervals. These
changes are susceptible to risks, both internal and external. These risks might
lead into material losses that will affect the firm in the long run if there is an
unsound management. That is why a certain firm or organization must enhance
their adaptability skills so that it will not be so hard for them to have the transition
for every change. And also, proper governance in managing risks have become a
matter of necessity; however, there is a questionable component whether these
control procedures are done effectively and efficiently. This study merely focuses

on the determination of the efficacy of a particular internal control framework and

its repercussions towards the firm itself.
Background of the Study
COSOs origin was the result of a recommendation by the national
commission of fraudulent financial reporting. The commission-more widely known
as the treadway commission, for its chairman, James Treadway Jr.- was
establish as an independent commission and was sponsored by the same five
professional organizations that later formed COSO. The treadway commission,
among many observations and recommendation in its 1987 report, noted the
existence of a variety of interpretations and concepts regarding internal control. It
urged the sponsoring organizations to cooperate in developing additional
integrated guidance on internal control. It was thought such guidance would
reduce the frequency with which opinions as to internal control adequacy differed
among interested parties. (Steven J. Root, 1998 p. 113-114)
Shortly

thereafter,

the

sponsoring

organizations

each

appointed

one

representative to form what became known as COSO. In addition, a project

advisory council was formed. COSO, after considering competing proposals,
retained the firm of Coopers & Lybrand to serve as principal contributors. The
firm also authored the framework document. The firm accorded a high-priority to
its COSO role. Its deputy Chairman, Accounting and Auditing, Vincent M OReilly,
led the Coopers & Lybrand team, which included its Director, Accounting and
SEC Services, Frank J Tanki, and such partners and principals as Robert J.

Spear, Boston; R. Malcolm Schwartz, New York; and Richard M. Steinberg of the
firms national office. The work was performed on a no-fee basis.
Committee of Sponsoring Organizations (COSO) framework is used by
the organizations management to aid them in designing and implementing
thorough internal control systems. COSO has established a common internal
control model against which companies and organizations may assess their
control systems. It covers mostly the critical aspects of organizational
governance, business ethics, internal control, enterprise risk management, fraud,
and financial reporting.
Nevertheless, the adaptation of COSO based framework by a firm is not
an absolute credence as to whether the internal control is sound and effective,
considering that risks are always present, although they can be eliminated or
prevented. Moreover, there are a lot of firms that use a different scheme of
governing their administration within. The assurance of the effectiveness of
COSO based framework varies on what type of industry it is implemented
therein.

Theoretical Framework
A system is a set of interrelated and interdependent components that
interact in a way to achieve a set goal. These components or sub-systems are
inter-dependent and the failure of one component leads to the failure of the
whole system. An organization is a complex system which is divided in various

sub-systems (Units, divisions, departments, etc.) and hence requires a system of

controls over units, divisions, departments, etc., for its effectiveness and survival.
An effective internal control system is an integrated system with interrelated
components, supporting principles and attributes. Harvey and Brown (1998)
identified control environment, accounting system and control procedures as the
major components of internal controls (Harvey & Brown, 1998). According to
Grieves, an internal control system available to a firm consists of: management
oversight and the control culture; risk recognition and assessment; control of
activities and segregation of duties; information and communication and
monitoring activities and correcting deficiencies (Grieves, 2000). The paper
adopts COSOs 1992 integrated internal control framework. The Committee of
Sponsoring Organizations (COSO), was commissioned in the 1980 s by
National Commission on Fraudulent Financial Reporting (the Treadway
Commission) to identify factors that caused fraudulent corporate financial reports
and make recommendations, and has since developed to become a thought
leader in enterprise risk management (ERM), internal control, and fraud
deterrence (Amudo & Inanga, 2009). In 1992, COSO published a landmark
report on internal control: Internal Control - Integrated Framework, referred to as
COSO. The framework classifies an organisations internal control system in to
five integrated components which must be built into business processes across
the entire entity, in its efforts to achieve objectives.
The components are; 1. Control environment, 2. Risk assessment, 3. Control
activities, 4. Information and communication and 5. Monitoring activities.

Internal control system is an integrated system, integrated with

management processes to achieve overall organizational goals. For an
organization to achieve its organizational objectives, then the five control
components of control environment, risk assessment, control environment,
information and communication and monitoring must be integrated into
management processes over the entire organization (Subsidiaries, divisions,
units). Like the body system, the internal control components and business
processes must interact ceaselessly for a healthy, effective internal control
system. The seamless and collaborative interaction of an internal control system
with business processes is a prerequisite for the effectiveness of an internal

control system. Control objectives and measures that are derived from the
monitoring and assessment of risks must be integrated into operational business
units business practices (PricewaterhouseCoopers, 2007), through an effective
information and communication control component that ensures smooth flow of
information to personnel responsible for internal controls across the entity.
In 2013, the Internal Control Framework was updated to better deal with
current business processes and technological advancements. The revised IC
framework also provides users with more precise guidance on how to implement
and document the framework. The new IC framework keeps the five components
of the original framework and adds 17 principles that build on and support the
concepts. Each of the five components has at least two and up to five principles.
Internal Control Component

Principles

Control environment
1. Demonstrate commitment to integrity and
ethical values
This is the foundation for all other components
of internal control. The core of any business is
its people - their individual attributes, including

2. Ensure that board exercises oversight

responsibility

integrity, discipline, ethical values, and

competence - and the environment in which they
operate. They are the engine that drives the
organization and the foundation on which
everything rests.

3. Establish structures, reporting lines,

authorities and responsibilities
4. Demonstrate commitment to a competent
workforce

5. Hold people accountable

Risk assessment
1. Specify appropriate objectives
The organization must identify, analyze, and

2. Identify and analyze risks

manage its risks. Managing risk is dynamic

process. Management must consider changes in
the external environment and within the
business that may be obstacles to its objectives.

3. Evaluate fraud risks

4. Identify and analyze changes that could
significantly affect internal controls

Control activities

Control policies and procedures help ensure that

the actions identified by management to address
risks and achieve the organizations objectives

1. Select and develop control activities that

mitigate risks
2. Select and develop technology controls

are effectively carried out. Control activities are

performed at all levels and at various stages
within the business process and over

3. Deploy control activities through policies and

procedures

technology.
Information and communication
1. Use relevant, quality information to support
the internal control function
information and communication systems capture
and exchange the information needed to
conduct, manage, and control the organizations

2. Communicate internal control information

operations. Communication must occur

internally and externally to provide information

internally

needed to carry out day-to-day internal control

activities. All personnel must understand their

3. Communicate internal control information

externally

responsibilities.
Monitoring

The entire process must be monitored, and

modifications made as necessary so the system
can change as conditions warrant. Evaluation
ascertain whether each component of internal
control is present and functioning. Deficiencies

1. Perform ongoing or periodic evaluations of

internal controls (or a combination of the two)
2. Communicate internal control deficiencies

are communicated in a timely manner, with

serious matters reported to senior management
and the board.

Depending on a companys facts and circumstances, making the transition

to the updated framework can take time, so its a good idea to begin the process
as soon as possible. Companies may begin by familiarizing themselves with the
aforementioned 17 principles and other COSO guidelines. Then, companies may
evaluate the current state of their internal control system and develop a plan for
correcting any weaknesses.

Statement of the Problem

This study aimed to determine the level of effectiveness of framework by
Committee of Sponsoring Organizations of the Treadway Commission (COSO) to
the Internal Control of Philippine Long Distance Telephone Company (PLDT).
Moreover, any significant differences among the variables are also part of the
study.
Specifically, the research endeavored to answer the following:
1.0 Profile of the Respondents in terms of the following
1.1 Sex
1.2 Age
1.3 Length of Service in the Company
1.4 Current Position in the Company
1.5 Length of Service with the Current Position
1.6 Number of Seminars Attended regarding Internal Control
2.0 The Level of Effectiveness of COSO-based Framework to Internal Control in
terms of the following aspects
2.1 Control Environment
2.1.1 Integrity and Ethical Values
2.1.2 Managements Philosophy and Operating Cycle
2.1.3 Assignment of Authority and Responsibility
2.2 Risk Assessment
2.2.1 Risk Identification and Prioritization
2.2.2 Managing Change

2. 3 Control Activities
2.3.1 Written Policies and Procedures
2.3.2 Control Procedures
2.4 Information and Communication
2.4.1 Access to Information
2.5 Monitoring
2.5.1 Management Supervision
2.5.2 Response Mechanism

Scope and Limitations of the Study

This study will focus in the implementation of the COSO based framework
through operations, financial reporting and compliance of Philippine Long
Distance Telephone Company- Makati, Manila (Main office). The purpose of this
study is to evaluate the effectiveness and efficiencies of the COSO based
framework in the Philippine Long Distance Telephone Company- Makati, Manila
(Main office).
The respondents of this study will be the employees of Philippine Long
Distance Telephone Company- Makati, Manila (Main office) that has a direct
relationship on the operations, financial reporting and internal control.

The

questionnaires were administered in (DATE) and retrieved on the day of the

survey.

Significance of the Study

This study is deemed to contribute additional information for the purpose
of benefitting the following individuals and organization.
College of Accountancy and Finance. This study will definitely aid the
colleges need of sufficient information analysis with regards to this studys
subject matter. This could be of very great help in establishing a better
understanding of COSO-based Framework in Internal Auditing environment.
Hence, this study will make the college a steadfast source of information as
compared with other educational institution.
College of Accountancy and Finance Faculty. This study will serve as a
guide as to the assessment of the policies and standards they implement in
administering Bachelor of Science in Accountancy program. This will help them in
finding out the controls needed to be supplemented, improved, maintained, and
eliminated to further enhance and boost the implementation tactics in the
program.
Alumni Association. This will be beneficial to this organization because
this study can highly contribute to their professional expertise. This would also
enlighten their awareness about the proper and effective application of the

COSO-based framework in different industry segments since most of them are

also engaged in different practices.
PLDT, Co. This study will absolutely serve as a great evaluation of their
internal control procedures as to compliance, operation, and financial reporting.
This will provide this organization relevant and sufficient information in the actual
assessment of their performance towards a more effective business operations.
PLDT, Co. Board of Directors. As for this group of individuals, this study
can benefit them by providing a review of data with regards to their
responsibilities and duties. This can help them discover any deficiencies with
respect to the actions and decisions they take. This will assist and guide them to
do suitable undertakings, not only on the operations of the business, but in
governing their people as well.
Students of the Bachelor of Science in Accountancy. This will help
BSA students to have their personal assessment to know if they are capable
enough to implement controls like those included in the framework. Also, this
study will help them in preparation for the world outside the academe, the
profession they are about to take. This would help them practice in complying
with the different standards set by different frameworks.
Other Researchers. Researchers do different studies about different
subject matters. They need reliable references, and by publishing this study,
other researchers can obtain a much reliable and relevant information in this
study by helping them in conducting other related studies.

Thesis Team. This study is a very essential help to the team. With this
study, the Thesis Team will be able to complete their course requirement. And
also, by doing this study, the team was able to develop their confidence though
meeting and facing professional individuals that helped them throughout the
study. This study also helped them to discover and learn new things. It increased
their vocabulary and helped them to keep on being persistent towards their goal
of finishing this. And more importantly, this study widen the knowledge of every
member of the team that it led them to integrate a better version of themselves.

Definition of Terms
The following terms are conceptually and operationally defined for better
understanding and interpretation of this study.

Access to Information. This refers to the availability of the companys

information to certain persons for transparency, accountability and integrity
Age. It is how old or young the respondent when the research was conducted
Assignment of Authority and Responsibility. It pertains to the companys
assignment of qualified and experienced employees and officers to their
appropriate levels of authority and responsibility
Committee of Sponsoring Organizations (COSO) framework. This helps the
organizations management to design and implement their internal control

systems thus improving the credibility of the companys operations and financial
reporting
Control Procedures. These are systems and procedures designed to ensure
the integrity of internal financial information, the accuracy of financial reports and
that the operations within the company are properly executed
Current Position. It is the respondents present assigned job in the company
Integrity and Ethical Values. These are developed standard of conduct for the
organization and financial reporting.
Managements Philosophy and Operating Cycle. These are managements
attitudes and actions towards information processing, accounting functions and
personnel, and financial reporting. These are also the managements approach in
monitoring business risks.
Management Supervision. An act of the management to ensure that business
operations are being conducted efficiently and effectively.
Managing Change. This is a risk assessment process that displays how
management handle the challenge with developing mechanisms to identify and
deal with risks associated with change.
Philippine Long Distance Telephone Company (PLDT). It is one of the leading
companies providing digital services such as telecommunications, internet,
etcetera in the Philippines.

Profile. In this study, it refers to the respondents classification as to sex, age,

length of service in the company, current position in the company, length of
service with the current position and the number of seminars attended regarding
internal control.
Respondents. These are the persons who agreed to take part in this study by
responding to the questionnaire prepared, particularly employees of the PLDT.
(Paki specify kung sino yung reposndents, yung department nila. Blabla)
Response Mechanism (Pa-help kirvy! Di ko to gets. My ghad. Thanks. )
Risk Identification and Prioritization. These are risk management procedures
exist to consider the implications of risk factors on that companys goals and
objectives, and the likelihood of existence and possible effect have been
assessed.
Sex. The classification of the respondent whether male or female.
Written Policies and Procedures. These are formulated principles and
guidelines designed to safeguard that day-to-day operation is in accordance with
the companys goals and objectives.