Governance Business Ethics, Risk Management

and Internal Control

INTERNAL CONTROL
“A sufficient understanding of internal control is to be obtained to plan the audit to determine the nature, timing, and
extent of test to be performed”.

INTERNAL CONTROL
– the process designed and effected by those charged with governance, management and other personnel to provide
reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations and compliance with applicable laws and regulations.

AREAS OF INTERNAL CONTROL

01. Administrative Control
This includes, but is not limited to, plan of organization and the procedures and records that are concerned with the
decision processes leading to management’s authorization of transactions. Administrative controls promote
operational efficiency and adherence to managerial policies.

02. Accounting Control

This comprises the plan of organization and the procedures and records that are concerned with the safeguarding of
assets and the reliability of financial records. It involves systems of authorization and approval controls over assets,
internal audit and all other financial matters.

Components of Internal Control

01.Control environment
02.Entity’s Risk Assessment Process
03.Control activities (also called control procedures)
04.The information system, including the related business processes relevant to financial reporting, and
communication
05.Monitoring of controls

Control Environment
01.Commitment to competence
02.Human resource policies & practices
03.Organizational structure
04.Participation of board of directors on audit committee
05.Philosophy & operating style of management
06.Ethical values & Integrity
07.Assignment of responsibility & authority

Risks relevant to preparation of FS are affected by internal & external events & circumstances:
01. Changes in operating environment
02. New personnel
03. New information systems
04. Rapid growth
05. New technology
06.New lines, products, or activities
07. Corporate restructuring
08. Expanded foreign operations
09. New accounting pronouncements

Control Activities
➢ The auditor will be concerned about the control activities, especially those dealing with:

01. Performance reviews

 Governance Business Ethics, Risk Management
and Internal Control

02.Information processing
03.Physical controls
04.Segregation of duties
● 1. Authorization
● 2. Recording
● 3. Custody
● 4. Comparison

Relationships among objectives of internal control, risk assessment, & control activities
01.Relationships among objectives of internal control, risk assessment, & control activities:
02.Company assesses risk by evaluating factors that prevent objective from being met
03.Establish control activity that will help company meet objective

The information system, including the related business processes relevant to financial reporting, and
communication:
01.Infrastructure
02.Software
03.People
04.Procedures
05.Data

01.The information system relevant to financial reporting objectives, which includes the financial reporting system,
consists of the procedures and records established to:
● 1. Initiate, record, process, and report entity transactions and to
● 2. Maintain accountability for the related assets, liabilities and equity

02.Communication involves providing an understanding of individual roles and responsibilities pertaining to internal
control over financial reporting.

Monitoring of controls:
01.A process to assess the effectiveness of internal control performance over time
02.It includes assessing the design and operation of controls on a timely basis
03.Taking necessary corrective actions modified for changes in conditions

LIMITATIONS OF INTERNAL CONTROL

01. The possibility of management overriding the internal control
02. The possibility of circumvention of internal controls through the collusion among employees
03.The potential for human error due to carelessness, distraction, mistakes of judgment and the misunderstanding of
instructions
04.Management’s usual requirement that the cost of an internal control should not exceed the expected benefits to be
derived
05. Most internal controls tend to be directed at routine transactions rather than non-routine transactions
06.The possibility that procedures may become inadequate due to changes in conditions, and compliance with
procedures may deteriorate.

CONSIDERING INTERNAL CONTROL IN THE AUDIT PLANNING

Step 1:
The auditor must understand each of the five components, together with the inherent and control risk assessments
and other considerations, to:
A. Identify types of potential misstatements
B. Consider factors that affect the risk of material misstatement
C. Design substantive tests and other appropriate audit procedures
To accomplish this,
 Governance Business Ethics, Risk Management
and Internal Control

Step 2:
The auditor must perform procedures that will provide knowledge of the design of controls for each of the
components as they relate to the financial statements.In addition to past experience, the auditor may perform such
procedures as:
A. Inquiry to appropriate individuals
B. Inspection of documents & records
C. Observation of activities

RISK AND CONTROLS AUDITING & ASSURANCE

REVENUE CYCLE
SUMMARY OF REVENUE CYCLE RISKS AND CONTROLS
RISKS PHYSICAL CONTROL

Sales to uncredit worthy customers Transaction authorization

● Credit check
Segregation of duties
● Separate credit and sales function

Shipping wrong items/ quantities Independent verification

● Shipping department reconciles shipment with order

Inaccurate record keeping Transaction authorization

● Sales to customers are incorrectly calculated ● Remittance list
● Sales are recorded in the wrong period Accounting records
● Customers are billed for items they did not receive ● Audit trail documents, journals, accounts and files
(back-orders) Independent verification
● Customers cash receipts are inaccurately posted to ● Shipping, billing and GL
accounts or are posted to the wrong customer
accounts
● Summaries of sales, AR, Cash Receipts and
inventory levels are incorrectly posted to the
respective GL accounts

Misappropriation of assets Transaction authorization

● remittance list
Supervision
● mail room
Access control-
● warehouse, security, daily deposits of cash,night
deposit box, and lock safes
Segregation of duties
● cash receipts, GL, AR function, warehouse, and
inventory records

Unauthorized access to data Access control-

● Source documents, journals and ledgers
Segregation of duties
● Subledgers, GL and asset custody

THE EXPENDITURE CYCLE

PURCHASES PROCESSING PROCEDURE
1. Monitor Inventory Records
● Inventory depletion
○ Transfer of RM to production (conversion cycle)
○ Selling FG to customers ( revenue cycle)
● Record to maintain:
○ Purchase requisition - Predetermined reorder point
○ Valid vendor file

2.PREPARE PURCHASE ORDER

 Governance Business Ethics, Risk Management
and Internal Control

The PO function receives the PR, which are then sorted by the vendor if necessary
❏ 3 copies
❏ 1ST VENDOR
❏ 2ND SET UP ACCTS PAYABLE/ BLIND COPY
❏ 3RD OPEN/CLOSED poFILE

BLIND COPY - is to force the receiving clerk to count & inspect inventories prior to competing RR

3 RECEIVE GOODS
TIME LAG , Purchase Order resides in temporary files in various departments.
RECEIVING REPORT
❏ 5 Copies
❏ 1st FG WAREHOUSE
❏ 2nd OPEN/CLOSED PO FILE
❏ 3rd SET UP AP
❏ 4TH INVENTORY CONTROL
❏ 5TH RECEIVING REPORT FILE

4. UPDATE INVENTORY RECORDS

Depending on their inventory valuation method
STANDARD COST SYSTEM - Predetermined Standard value

5. SET UP ACCOUNTS PAYABLE

❖ Reconciles, then prepare AP Packet ( PO, RR & invoice)
❖ AP SL
If Perpetual:
Inventory xx
AP xx
If Periodic
Purchases xx
AP xx

VOUCHERS PAYABLE SYSTEM-

> Under this method , AP Dept. uses Cash Disbursement Vouchers (voucher register)
> The AP clerk performs three-way match then prepare DV to approve payment
- Vouchers payable file = open AP file
POST TO GL

THE CASH DISBURSEMENT SYSTEM

IDENTIFY LIABILITIES DUE
➔ PREPARE CASH DISBURSEMENT
AP xx
Cash xx
➔ UPDATE AP RECORD
➔ POST TO GL