Eramil, John Mark AA 3201- STUDY NOTES

INTERNAL CONTROL

1. What is an internal control system? (PPP)

• An internal control system is an organization’s policies, practices, and procedures which helps
them mitigate the risks of not achieving their set objectives.

2. What are the objectives of an internal control system? (MEPS)

• Measure compliance with management’s prescribed policies and procedures

• Ensure the accuracy and reliability of accounting records and information
• Promote efficiency in the firm’s operations
• Safeguard assets of the firm

3. What are pertinent legislations concerning the internal control system?

• Securities and Exchange Commission (Commonwealth Act No. 83)

o was established on October 26, 1936 by virtue of the Commonwealth Act No. 83 or the
Securities Act. Its establishment was prompted by the need to safeguard public interest in
view of local stock market boom at that time
o major functions included registration of securities, analysis of every registered security,
evaluation of the financial condition and operations of applicants for security issue,
screening of applications for broker’s or dealer’s license, and supervision of stock and bond
brokers as well as the stock exchanges

• Committee of Sponsoring Organizations (1992)

o comprised of the AICPA, AAA, FEI, IMA, IIA
o Developed a management perspective model for internal controls over a number of years
which is widely adopted and considered as the general framework for internal control
• Sarbanes – Oxley Act (2002)
o requires management of public companies to implement an adequate system of internal
controls over their financial reporting process
o includes controls over transaction processing systems that feed data to the financial
reporting systems

4. What are the modifying principles inherent in the internal control objectives? (4)

• MANAGEMENT RESPONSIBILITY
o the establishment and maintenance of a system of internal control
is a management responsibility.
• METHODS OF DATA PROCESSING
o internal control system should achieve the four broad objectives regardless of the
data processing method used (whether manual or computer based).
• LIMITATIONS
o possibility of error — no system is perfect
o circumvention — personnel may circumvent the system through collusion or other means
o management override — management is in a position to override control procedures by
personally distorting transactions or by directing a subordinate to do so
o changing conditions — conditions may change over time so that existing effective controls
may become ineffectual
• REASONABLE ASSURANCE
o internal control system should provide reasonable assurance that the four broad objectives
of internal control are met.
Eramil, John Mark AA 3201- STUDY NOTES

5. What is the PDC model?

• The PDC model refers to the three levels of control, namely, the preventive, detective, and
corrective controls.

6. Define preventive control.

• It is the first line of defense in the control structure.

• These are passive techniques which reduces the frequency of occurrence of undesirable events
• Considered as the most cost-effective and proactive method of control

7. Give examples of preventive control.

• adequate separation of duties (not having the same person both authorize and process
transactions)
• proper authorization of transactions (a supervisor authorizes a purchase by reviewing and
approving the purchase request)
• adequate documentation and control of assets (when purchases are made, there should be an
approved purchase request and an invoice and receiving documents to show delivery of the items)

8. Define detective control.

• These are devices, techniques, and procedures designed to identify and expose undesirable
events.
• Reveal specific types of errors by comparing actual occurrences to preestablished standards.

9. Give examples of detective control.

• exception reports (computer reports of occurrences outside the norm)

• reconciliations (bank reconciliations and general ledger reconciliations)
• periodic audits (both independent external audits and internal audits which help to uncover errors,
irregularities and noncompliance with laws and regulations)

10. Define corrective control.

• Fixes the discovered error/problem.

11. Give examples of corrective control.

• policies and procedures for reporting errors and irregularities so they can be corrected
• training employees on new policies and procedures developed as part of the corrective actions,
positive discipline to prevent employees from making future errors
• continuous improvement processes to adopt the latest operational techniques

12. What is the COSO Internal Control Framework

• Is the generally accepted framework for internal control and is widely recognized as the
definitive standard against which organizations measure the effectiveness of their systems of
internal control.

13. What are the five components of the COSO framework? (CR – MIC)

• CONTROL ENVIRONMENT
• RISK ASSESSMENT
• INFORMATION & COMMUNICATION
• MONITORING
Eramil, John Mark AA 3201- STUDY NOTES

• CONTROL ACTIVITIES

14. Define the control environment.

• foundation for the other four control components

• sets the tone for the organization and influences the control awareness of its management and
employees

15. What are the elements of control environment

• Integrity and ethical values of management

• Structure of the organization
• Participation of the organization’s board of directors and the audit committee
• Management’s philosophy and operating style
• Procedures for delegating responsibility and authority
• Management’s methods for assessing performance
• External influences
• Organization’s policies and practices for managing human resources

16. Define risk assessment.

• is the procedure done by an organization to identify, analyze, and manage risks relevant to
financial reporting

17. What are some instances where risks usually arise?

• Changes in environment
• Changes in personnel
• Changes in I.S.
• New IT’s
• Significant or rapid growth
• New products or services (experience)
• Organizational restructuring
• Foreign markets
• New accounting principles

18. Define information & communication

• this refers to the accounting information system which consists of the records and methods used
to initiate, identify, analyze, classify, and record the organization’s transactions and to account
for the related assets and liabilities.

19. What are the elements of information & communication?

• Identify and record all valid economic transactions

• Provide timely, detailed information
• Accurately measure financial values
• Accurately record transactions

20. Define monitoring.

• the process by which the quality of internal control design and operation can be assessed.
Eramil, John Mark AA 3201- STUDY NOTES

21. Define control activities.

• are the actions that have been established by policies and procedures
• they help ensure that management’s directives regarding internal control are carried out

22. What are the two categories of control activities?

• Physical controls
o relates primarily to the human activities employed in accounting systems
o physical custody of assets
o may involve the physical use of computers to record transactions or update accounts
• IT controls
o these are automated systems which initiate, authorize, record, and report effects of
financial transactions

23. What are the six categories of physical controls?

• Transaction authorization
o ensures that all material transactions processed by the information system are valid and in
accordance with management’s objectives
• Segregation of duties
o helps minimize incompatible functions
• Supervision
o is a compensating control because this is typically employed in small organizations which
lack sufficient personnel
o assumes that the firm employs competent and trustworthy personnel
• Accounting records
o consist of source documents, journals, and ledgers.
o these records capture the economic essence of transactions and provide an audit trail of
economic events
• Access control
o ensures that only authorized personnel have access to the firm’s assets
• Independent verification
o independent checks of the accounting system to identify errors and misrepresentations

24. What are the two categories of IT controls?

• Application controls
o ensure the validity, completeness, and accuracy of financial transactions such as payroll
system limit check and cash disbursements balancing routine
o are application-specific
• General controls
o apply to all systems