Internal

control
By: Babor, Bato
ctoy, Padigos,
Tuadles
What is internal control?

• A process, policies
and procedures
• Top Management &
BODs
•.Entities Objectives
Objectives: COSO Cube
1. Effective and Efficient Operations Committee of Sponsoring Organization
2. Reliability of Financial Statements
3. Compliance w/ Law and Regulations

Components:
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information & Communication
5. Monitoring Activities

Entity Structure:
•Entity Level
•Division
•Operating Unit
•Function

objective no. 1
1. Effective Operations:
- Achieve revenue and
operating cash flow targets.
2. Efficient Operations:
- Minimize operating costs. -
Avoid operational i
nefficiencies.
- Use engineering controls
and optimal factory layout for
smooth production and minimal
raw material spoilage.
3.Treasury Operations
- Safeguard cash accounts with
physical controls (e.g., vaults, locks,
CCTV cameras).
- Ensure customer collections are
remitted, recorded, and deposited the
next banking day.
- Segregate duties to prevent fraud:
- Cash custodians should not post
transactions.
- Accounting staff should not handle
cash.
4. Business Continuity and Asset
Protection:
- Implement business continuity
plans for processing transactions
during calamities (e.g., alternate office,
backup controls).
- Protect assets through insurance to
cover potential losses from events like
fires or other catastrophe.
 objective no. 2

Reliability of financial
and nonfinancial
reporting
If financial statements are to be
useful to external as well as internal
users, they need to be reliable.
Inaccurate accounting records and
unreliable financial statements arise
because of erroes in recording.
 an accounting staff reviews and
objective no. 2 reconciles cash, accounts
receivable, inventory, and other
accounts
In view of these errors Discrepancies, if any, should be
or fraud that result to corrected on a timely basis.
unreliable financial
reports, the company Ideally, the person who will conduct
bank reconciliation is one who does
must implement
not have access to cash; hence,
Internal Controls over purely accounting duties.
Financial Reporting
(ICFR). Inventory counts must be performed
periodically in order to determine
shortages or even possible
inventory pilferage.
 objective no. 3

Part and parcel of internal control is the assurance that the

company complies with applicable laws and regulations. These
include taxation, labor, environmental, anti-money laundering, and
corporation laws among others.

To enhance the degree of adherence to laws and regulations, a

compliance function must be established within the company. For
regulated entities such as banks and insurance companies, compliance
departments are tapped to monitor the company’s adherence to laws and
regulations.

The compliance department is usually headed by a

chief compliance officer.
 components of 1. Control Environment
internal control 2. Risk Assessment
3. Control Activities
The internal control system
has ffive components under 4. Information and
the COSO Framework. The
following describes the
communication
characteristics of each 5. Monitoring Acitivities
internal control:
 COntrol environment
is the foundation of internal control

It is a set of standards, processes, and structures that pro vide the basis for
carrying out internal control.

The control environment is comprised of the following:

a. Integrity and ethical values;

b. Management’s philosophy and operating style;
c. Organizational structure;
d. Commitment to competence;
e. Human resource policies and procedures; and
f. Functioning of the board of directors
Control environemnt should ensure contols are
in place in areas such as:

Hiring practices Employee Training

Clear lines of responsibility and

Code of ethical conduct
authority

Whistleblower policies Succession Planning

Competence and independence of the

board of directors and board committees
 risk assessment
Risk assessment is an iterative process for identifying and’
assessing those risks that may prevent the achievement of
enterprise objectives.

STEPS:
Set the company’s management sets the company’s operational and
1st objectives. financial reporting and compliance objectives

2nd Risk Identification identified risks are subsequently assessed in

terms of likelihood and impact.

3rd Risk Response include “accept,” “mitigate,” “share,” “transfer,”

and “avoid.”
a. Performance reviews - comparison of control activities
actual performance against budgets Control activities are the specific
and forecasts actions established through
policies and procedures that help
b. Information processing - controls ensure-that management's
that check accuracy, completeness, and directives to mitigate risks to the
authorization of transactions achievement of objectives are
carried out.
c. Physical controls - activities that
assure the physical security of assets
and records
d. Segregation of duties - separation of
the functions of transaction
authorization, record-keeping, and
custody
information & communication
Information is necessary for the entity to carry out internal control
responsibilities to support the achievement of its objectives.
Communication is the continual, iterative process providing, sharing,
and obtaining necessary information.
 monitoring activities
Monitoring of internal control is essential because internal control that
is effective today may no longer be effective months or years from
now.
 coso rEQUIREMENTS FOR INTEGRATED
COMPONENTS
1. Each of the five components must be present and functioning.
2. The five components must “operate together” in an integrated
manner.

Lorem ipsum dolor sit amet,
consectetur adipiscing elit.
Suspendisse quis enim pretium,
bibendum ante ullamcorper,
tincidunt augue. Nunc sed lorem
aliquam, malesuada lectus eu,
placerat lorem. Proin at aliquet
sapien, vitae elementum mi.
Objectives
Lorem ipsum dolor sit amet,
consectetur adipiscing elit.
Suspendisse quis enim pretium,
bibendum ante ullamcorper,
tincidunt augue. Nunc sed lorem
aliquam, malesuada lectus eu,
placerat lorem. Proin at aliquet
sapien, vitae elementum mi.
Lorem ipsum dolor sit amet,
consectetur adipiscing elit.
Suspendisse quis enim pretium,
bibendum ante ullamcorper,
tincidunt augue. Nunc sed lorem
aliquam, malesuada lectus eu,
placerat lorem. Proin at aliquet
sapien, vitae elementum mi.
 1. Control Environment
components of
2. Risk Assessment
internal control
3. Control Activities
The internal control system
4. Information and
has ffive components under
the COSO Framework. The communication
following describes the
characteristics of each 5. Monitoring Acitivities
internal control:
Links between risk and control activities
 Limitations
of
internal control
 Possibility of Collusion
Mr. A is the cash custodian of the
company. As such, he does not have
record-keeping duty to post
transactions in the accounting
records.
This is done so that in case Mr. A
steals cash from the drawer, the cash
records cannot be manipulated and,
therefore, will not tally with the actual
cash on the drawer. The stolen cash
will be easily detected because the
actual cash will be compared with the
accounting records. However, if Mr. A
has access to the accounting records,
he can manipulate the balance of
cash so that it tallies with the actual
cash.
Mr. B makes recordings in the
accounting records. As such, he does
not have cash custodianship duties.
There is internal control in the area of
cash because
incompatible duties (recording and
custodianship) are segregated.
However, if Mr. A and Mr. B connived
to commit fraud, the segregation of
duty control will not functionproperly.
To detect the fraud, there should be a
surprise audit of cash.
 For example, ABC Co. has a policy
Management that all purchase transactions must
override have proper purchase requisitions
and approved purchase orders.
Therefore, purchase transaction
Management override
can be executed without these
happens when, even in the documents. However, Mr.X was able
presence of internal control to execute a purchase transaction
procedures, people who without the necessary purchase
are in positions of power requisition and approved purchase
may intervene and order because he is the company's
somehow break those general manager. This is an
policies. example of management override
of internal controls.
 Human factors

Even when it appears that the internal control or accounting

system is properly functioning, unreliable financial statements or
incorrect records may still happen because of human error.
Clerical errors often occur in the input process resulting to
incorrect output.

Human fatigue, mistakes in judgment, incompetent personnel, and

the like also contribute and thus, the objectives of internal control
or accounting system may not be achieved.
 CHART Item 5
20%
Item 1
20%

Control activities are the specific

actions established through
policies and procedures that help
ensure-that management's
directives to mitigate risks to the
achievement of objectives are Item 4 Item 2
20% 20%
carried out.

Item 3
20%
thank You