Binalbagan Catholic College

Aud106: Operations Auditing

BSA4
School year 2022-23 – 1st Semester September 15, 2022

IV. OVERVIEW OF INTERNAL CONTROL

A. Nature and Purpose of Internal Control

 Internal control is the process designed and effected by those charged with
governance, management and other personnel to provide reasonable
assurance about the achievement of the entity’s objectives with regard to
reliability of financial reporting, effectiveness and efficiency of operations
and compliance with applicable laws and regulations.

It follows that internal control is designed and implanted to address identified

business risk and threaten the achievement of any of these objectives.

B. Objectives of Internal Control

 Reliability of entity’s financial reporting

 Effectiveness and efficiency of operations
 Compliance with applicable laws and regulations

C. Internal Control Systems Defined

 Internal control system means all policies and procedures (internal

controls) adopted by the management of an entity to assist in achieving
management’s objective of ensuring, as far as practicable, the orderly and
efficient conduct of its business, including adherence to management
policies, the safeguarding of assets, the prevention and detection of fraud
and error, the accuracy and completeness of accounting records, and the
timely preparation of reliable financial information.

D. Elements and Components of Internal Control

a. Control Environment
b. The entity’s risk assessment process
c. The information system, including the related business processes, relevant
to financial reporting and communication
d. Control activities
e. Monitoring of controls

A. Control environment - the overall attitude, awareness and actions of

directors and management regarding the internal control system and its
importance in the entity

1 | A u d 1 0 6 : O p e r a ti o n s A u d i ti n g ( L e s s o n 8 : O v e r v i e w o f I n t e r n a l
Control)
 1. Factors reflected in the control environment:
 The function of the board of directors and committees
 Management’s philosophy and operating style
 The entity’s organizational structure and methods of
assigning authority and responsibility
 Management’s control system including the internal audit
function, personnel policies and procedures and
segregations of duties

2. Composition of Control Environment

a. Communication and Enforcement of Integrity and Ethical Values
b. Commitment to Competence
c. Participation by those Charged with Governance
d. Management’s Philosophy and Operating Style
e. Organizational Structure
f. Assignment of Authority and Responsibility
g. Human resources Policies and Procedures

B. Entity’s Risk Assessment Process

 Risk assessment is the “identification, analysis and management of risk

pertaining to the preparation of financial statements’.

Once risk is identified, management considers their significance, the

likelihood of their occurrence, and how they should be manage.

Factors that Triggers Risk to Arise

 Changes in operating environment

 New Personnel
 New or revamped information system
 Rapid Growth
 New Technology
 New business models, products or activities
 Corporate restructuring
 Expanded foreign operations
 New accounting pronouncements

C. Information System, including the Business Process, Relevant to

Financial Reporting and Communication

 An information system consists of infrastructure (physical and hardware

components), software, people, procedures and data.

2 | A u d 1 0 6 : O p e r a ti o n s A u d i ti n g ( L e s s o n 8 : O v e r v i e w o f I n t e r n a l
Control)
  The information system relevant to financial reporting objectives, which
includes the accounting system, consists of procedures and records
designed and establish to:

 Initiate, record, process and report entity transactions

 Resolve incorrect processing transactions
 Process and account for system overrides or bypasses to controls
 Transfer information from transactional processing systems to the
general ledger
 Capture information relevant to financial reporting for events and
conditions other than transactions, such as depreciation and
amortization of assets and changes in the recoverability of
accounts receivables, and
 Ensure information required to be disclosed by the applicable
reporting framework is accumulated, recorded, processed,
summarized and appropriately reported in the financial
statements.

D. Control Activities

 Control activities are the policies and procedures that help ensure
that management directives are carried out.

 The Major Categories of Control Procedures are:

a) Performance Review
 Management uses accounting and operating data to
assess performance and it then takes corrective action.
Such review includes:
a. Comparing actual performance with budgets,
forecasts, prior period performance, or competitors
data of tracking major initiatives
b. Investigating performance indicators based on
operating or financial data
c. Reviewing functional or activity performance

b) Information Processing Control

1. Proper authorization of transaction and activities
2. Segregation of duties
3. Adequate documents and records
4. Safeguard over access to assets
5. Independent check on performance
c) Physical Control

Controls that encompass:

 The physical security of assets, including adequate
safeguards such as secured facilities over access to assets
and records.

3 | A u d 1 0 6 : O p e r a ti o n s A u d i ti n g ( L e s s o n 8 : O v e r v i e w o f I n t e r n a l
Control)
  The authorization for access to computer programs and
data files.
 The periodic counting and comparison with amounts shown
on control records (for example, comparing the results of
cash, security and inventory counts with accounting
records).

E. MONITORING OF CONTROLS

 Monitoring the final component of internal control, is the process that an

entity uses to assess the quality of internal control over time.
 In involves assessing the design and operation of controls in a timely
basis and taking corrective action as necessary.
 Monitoring activities may include using information from
communications from external parties that may indicate problems are
highlight areas in need of improvement.

CINDY ANNE GANZON-SINGSON

Teacher

4 | A u d 1 0 6 : O p e r a ti o n s A u d i ti n g ( L e s s o n 8 : O v e r v i e w o f I n t e r n a l
Control)