SUMMATIVE REPORT:

Nature and Importance of Internal Control,

Elements of internal Control,
Internal Control System

BSMA3

Group Members:

Dela Cruz, Janelle T.

Pamplona, Paul Steven O.
Tenorio, Nadine L.

Mr. Emiliano David Nestor G. Zapata, MBA

FAITH Colleges (First Asia Institute of Technology and Humanities)
Pres. J.P. Laurel National Highway, City of Tanauan, Batangas
Web: www.firstasia.edu.ph
Nature and Purpose of Internal Control

Internal Control is the process designed and effected by those charged with governance,
management and other personnel to provide reasonable assurance about the achievement of
the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency
of operations and compliance with applicable laws and regulations. It follows that internal control
is designed and implemented to address identified business risks that threaten the achievement
of any of these objectives. Those objectives fall into three categories:

1. Reliability of the entity’s Financial Reporting

2. Effectiveness and Efficiency of Operations
3. Compliance with Applicable Laws and Regulations

Importance of Internal Control

Internal controls are the mechanisms, rules, and procedures implemented by a company to
ensure the integrity of financial and accounting information, promote accountability, and prevent
fraud. Besides complying with laws and regulations and preventing employees from stealing
assets or committing fraud, internal controls can help improve operational efficiency by
improving the accuracy and timeliness of financial reporting.

Types of Internal Controls

Detective Control

Detective controls attempt to find problems within a company's processes once they have
occurred. They may be employed in accordance with many different goals, such as quality
control, fraud prevention, and legal compliance. Here, the most important activity is
reconciliation, which compares data sets. Other detective controls include internal and external
audits.

Common detective controls are:

● Monthly transaction reconciliations
● Performance reviews
● Physical inventories
● Cash counts
● External and internal audits
● Surveillance systems
● Intrusion Detection Systems (IDS)
Preventive Control

Preventive control activities aim to deter errors or fraud from happening in the first place and
include thorough documentation and authorization practices. Separation of duties, a key part of
this process, ensures that no single individual is in a position to authorize, record, and be in the
custody of a financial transaction and the resulting asset.

Organizations implement these preventive controls:

● Segregation of duties
● System access controls
● Financial authorizations
● IT access controls
● Physical security controls
● Firewalls and Intrusion Prevention Systems (IPS)
● Data backups
● Employee training and drug testing

Corrective Controls

Corrective controls come into play after an issue has already occurred and needs to be fixed.
They play a vital role in the internal control system because they resolve the issue that may
result in (or has already resulted in) fraud, data breaches, financial losses, or reputational
damage. These controls also provide a measure of relief that the issue has been fixed and won’t
recur in future.

Corrective controls include:

● Software patches
● Device upgrades
● Quarantine of infected devices
● Updated policies
● Ledger verifications
● Disciplinary action
● Business continuity planning and incident response planning

Internal Control System Defined

Internal Control System means all the policies and procedures (internal controls) adopted by
the management of an entity to assist in achieving management’s objective of ensuring, as far
as practicable, the orderly and efficient conduct of its business, including the adherence to
management policies, the safeguarding of assets, the prevention and detection of fraud and
error, the accuracy and completeness of accounting records, and the timely preparation of
reliable financial information.
Components of Internal Controls
A company's internal controls system should include the following components:

● Control environment: A control environment establishes for all employees the importance
 of integrity and a commitment to revealing and rooting out improprieties, including fraud.
A board of directors and management create this environment and lead by example.
Management must put into place the internal systems and personnel to facilitate the
goals of internal controls.
● Risk assessment: A company must regularly assess and identify the potential for, or
existence of, risk or loss. Based on the findings of such assessments, added focus and
levels of control might be implemented to ensure the containment of risk or to watch for
risk in related areas.
● Monitor: A company must monitor its system of internal controls for ongoing viability.
Doing so can ensure, whether through system updates, adding employees, or necessary
employee training, the continued ability of internal controls to function as needed.
● Information/Communication: Solid information and consistent communication are
important on two fronts. First, clarity of purpose and roles can set the stage for
successful internal controls. Second, facilitating the understanding of and commitment to
steps to take can help employees do their job most effectively.
● Control activities: These pertain to the processes, policies, and other courses of action
that maintain the integrity of internal controls and regulatory compliance. They involve
preventative and detective activities.
● Compliance with laws and regulations: An organization's financial activities must
adhere to all relevant laws, regulations, and standards. This involves keeping up-to-date
with changes in financial regulations and implementing measures to ensure compliance.
● Separation of duties: Distributing responsibilities among different people reduces the risk
of error or inappropriate actions. This includes separating authorization, custody, and
record-keeping roles to prevent fraud and errors.
● Physical controls: A business must implement security measures to protect its assets,
including cash, inventory, and equipment. This could involve secure storage facilities,
access controls, and surveillance systems.

Elements of Internal Control

The internal control system extends beyond these matters which relate directly to the functions
of the accounting system and consists of the following components:

A. The Control Environment

This means the overall attitude, awareness and actions of directors and management regarding
the internal control system and its importance in the entity. However, a strong environment does
not, by itself, ensure the effectiveness of the internal control system. The environment in which
internal control operates has an impact on the effectiveness of the specific control procedures.
Several factors comprise the control environment, including:

1. Communication and Enforcement of Integrity and Ethical Values

 2. Commitment to Competence
3. Participation by those Charged with Governance
4. Management’s Philosophy and Operating Style
5. Organizational Structure
6. Assignment of Authority and Responsibility
7. Human Resources Policies and Procedures

B. The Entity’s Risk Assessment Process

Risk Assessment is the identification, analysis, and management of risks pertaining to the
preparation of financial statements. For example, risk assessment may focus on how the entity
considers the possibility of transactions not being recorded or identifies and assesses significant
estimates recorded in the financial statements.

C. Control Activities

Are the policies and procedures that help ensure that management directives are carried out, for
example, that necessary actions are taken to address risks that threaten the achievement of the
entity’s objectives. Control activities, whether within IT or manual systems, have various
objectives and are applied at various organizational and functional levels.

D. The information system

An information system consists of infrastructure (physical and hardware components), software,

people, procedures, and data. Infrastructure and software will be absent, or have less
significance, in systems that are exclusively or primarily manual. Many information systems
make extensive use of IT.

E. Monitoring of controls

Monitoring, the financial component of internal control, is the process that an entity uses to
assess the quality of internal control over time. Monitoring involves assessing the design and
operation of controls on a timely basis and taking corrective actions as necessary.

Fraud and Error

Fraud is an intentional act involving the use of deception that results in a material
misstatement of the financial statements. Two types of misstatements are relevant to auditors’
consideration of fraud:
a. Misstatements arising from misappropriation of assets
Asset Misappropriation occurs when a perpetrator steals or misuses an organization’s
assets. These are dominant fraud schemes perpetrated against small businesses and
perpetrators are usually employees.
 Examples:
● Data Theft - this happens when someone enters a company’s systems without
permission and takes sensitive information.
● Expense Reimbursement Fraud - This happens when employees submit false or
modified expenses to pretend that personal expenses are work-related. b. Misstatements
arising from fraudulent financial reporting
The intentional manipulation of reported financial results to misstate the economic
condition of the organization is called fraudulent financial reporting.

Examples:

● Overstating the value of fixed assets.

● Inflating the value of inventory by using incorrect cost calculations.

● The Fraud Triangle characterizes incentives, opportunities, and rationalizations

that enable fraud to exist. The three elements of the fraud triangle are:
1. Incentive/Pressure may exist when management is under pressure, from sources
outside or inside the entity, to achieve an expected (and perhaps unrealistic)
earnings target or financial outcome - particularly since the consequences to
management for failing to meet financial goals can be significant (e.g., needing to
meet unrealistic sales targets to keep a job, facing personal financial difficulties like
large debts, a desire for a large bonus tied to performance metrics, fear of losing a
promotion if targets are not met).
2. Opportunities - a perceived opportunity to commit fraud may exist when an
individual believes internal control can be overridden (e.g., weak internal control).
3. Rationalization - the mindset of the fraudster to justify committing the fraud
(e.g., perceived low pay, worked long hours with no additional compensation,
working at the company for many years and don’t feel respected or
appreciated, just trying to pay their bills and provide for their family).

● Data Entry Errors stem from the lack of appropriate skills, experience, and appropriate
technology.
a. Inaccurate Data Inputs are typically the most common error that may occur in
data entry (e.g., entering an incorrect price for a product, affecting cost
calculations and profit margins).
 b. Incorrect Data Formatting - the entering of data in the wrong column or field or
entering data information multiple times (e.g., entering a height measurement in
centimeters in a column that expects inches).
c. Transposition Errors occur when numbers or letters are swapped, leading to
incorrect sequences (e.g., recording 528 as 258).
d. Representation/Unit Inconsistencies - this type of error includes inconsistencies
in terms of time, date, and addresses (e.g, entering a measurement in metric
units in one entry and imperial units in another entry).
e. Data Misinterpretation - this type of error typically happens when numbers are
unintentionally mixed in with words (e.g., writing "100%" instead of "one hundred
percent" in a program that expects only text or only numbers).

Types of Errors
1. Errors of Commission occur due to the negligence of the accountant or clerk. For this
reason, they are often referred to as clerical errors or errors of inadvertence.

Examples:

● Crediting a customer's payment to the wrong account receivable.

● Entering the same transaction twice in the accounting system.
● Debiting an expense account instead of crediting it.
2. Errors of Omission - When some transactions are completely omitted from the books of
accounts or entered but not posted, they are treated as errors of omission. a. Partial
Omission - the transaction is recorded in the books but not posted to the ledger (e.g.,
recording a cash receipt but not the corresponding revenue entry). b. Complete Omission -
the transaction is completely omitted from being recorded in the books (e.g., a cash sale of
$5,000 is not recorded in the sales account). 3. Errors of Principle arise due to a
bookkeeper’s or an accountant’s improper understanding of accounting and its core
principles (e.g., recording a company owner's personal utility bill as a business expense).

Responsibility for the Prevention and Detection of Fraud

According to the auditing standards, the primary responsibility for the prevention and
detection of fraud rests with the governing body and management. Management’s
responsibilities include creating an environment where fraud is not tolerated, identifying risks of
fraud, and taking appropriate actions to ensure that controls are in place to prevent and detect
fraud. The governing body is responsible for ensuring that management is carrying out the tasks
assigned to them in relation to fraud risk and prevention, as well as understanding the
environment to determine if management can override or influence the controls in place.

Errors and Irregularities in the Transaction Cycles of the Business Entity

While businesses of different individuals can have striking different characteristics, most
have some fundamental conceptual characteristics and practices in common. The three basic
business transaction cycles include:
● Sales and Collections Cycle
1. Errors in recording sales and collections transactions.
Examples:
● Transposition error - recording a sale of $125 as $215 by accidentally
switching the digits.
● Incorrect customer account - posting a payment received from "Graezelle
Sam" to the account of "Graezelle Sam".
2. Frauds in sales and collections
a. Fraudulent financial reporting
Examples:
● Overstating revenue - reporting higher earnings than a company actually
has
● Understating expenses - reporting lower expenses than a company
actually has
b. Misappropriation of assets: Withholding cash receipts
Skimming – refers to the act of withholding cash receipts without recording
them (e.g., voiding a sale to remove the transaction from the system and keep
the cash).
Lapping – is used to conceal the fact that cash has been abstracted; the
shortage in one customer’s account is covered with a subsequent payment
made by another customer (e.g., Customer Z pays 100 pesos to the store,
instead of recording the 100 pesos payment to Customer Z's account, they
apply it to Customer A's outstanding balance. After some time, customer A
pays 150 pesos to the store. The 150 pesos from Customer A is then used to
 cover Customer Z's original 100 pesos debt, creating the illusion that both
accounts are paid).
Kiting – is another technique used to cover cash shortage or to inflate cash
balance (e.g., a company employee writing checks from one company bank
account to another, creating a false appearance of sufficient funds in each
account, allowing them to withdraw cash from either account even when there
isn't enough money to cover the withdrawals).
● Acquisitions and Payments Cycle
1. Errors in the Acquisitions and Payment Cycle - The following may occur in the
acquisitions and payments cycle:
a. Failing to record a purchase in the proper period (e.g., a company receives
a delivery of office supplies in December 2023 but mistakenly records the
purchase in their accounting system as occurring in January 2024).
b. Recording goods accepted on consignment as a purchase (e.g., a
company received merchandise from a supplier to sell on consignment, but
instead of recording it as a "consignment inventory" asset, they mistakenly
recorded it as a regular "purchases" entry).
c. Failing to record a cash payment (e.g., a customer pays cash but the
receipt is lost or not properly filed, leading to the payment not being recorded
in the system).
d. Recording a payment twice (e.g., when someone accidentally enters the
same invoice details twice while manually inputting data into the accounting
system).
2. Frauds in the Acquisitions and Payment Cycle:
a. Paying for fictitious purchases (e.g., creating fake employee profiles to
submit expense reports for items they never purchased).
b. Receiving kickbacks (e.g., a purchasing manager accepts a bribe from a
supplier in exchange for awarding them a contract).
c. Purchasing goods for personal use (e.g., an employee ordering a large
quantity of company supplies, like office stationery or electronics, and then
claiming they are for business needs while actually using them at home for
personal use).

● Payroll and Personnel Cycle

1. Errors - The most errors can occur in the payroll and personnel
cycle are

a. Paying employees at the wrong rate (e.g., failing to update an employee's

 pay rate after they received a raise, resulting in them being paid at a lower
rate than they are entitled to).
b. Paying employees for more hours than they worked (This could happen
due to a clerical error when entering hours on a timesheet, a system glitch, or
if the employee submits inaccurate time information).
c. Charging payroll expense to the wrong accounts (e.g., if a significant
overtime payment for an employee working late on a project is accidentally
recorded under "Travel Expenses" instead of "Overtime Pay").
d. Keeping terminated employees on the payroll (e.g., the HR department
doesn't update the employee's status to "terminated" in the payroll system
after they leave, their paycheck will continue to be generated automatically).
2. Frauds Involving Payroll - The major payroll related frauds include
a. Fictitious employees (e.g., an employee in the HR department with access
to payroll systems creates a new employee record with a made-up name,
address, and bank account details).
b. Excess payments to employees (e.g., an employee deliberately
manipulating their timesheets to claim more hours worked than they actually
did).
c. Failure to record payroll (e.g., deliberately not processing an employee's
timesheet, claiming it was not submitted on time or was missing information).
d. Inappropriate assignment of labor costs to inventory (e.g., employees are
instructed to record additional hours worked on a particular product than they
actually worked, inflating the labor cost associated with that inventory item).

Internal Control Affecting Assets

Description of Examples Internal Control
Misstatement Weakness or Factors
that Increase the Risk
of the Misstatement

Cash Receipts: on books by transferring Lack of segregation of

Recording fictitious cash
receipts
Fraud:
Overstating cash receipts
cash between bank duties of the functions of
accounts without access to cash and record
appropriate recording of the keeping; no effective view of
transfer to cover up an bank reconciliations.
embezzlement of cash.
 Cash Disbursements: Fraud: Inadequate segregation
A bookkeeper prepares a of duties of record
Inaccurate Recording of check to himself and keeping and preparing
a Purchase or records it as having been cash disbursements, or
Disbursement issued to a major check signer does not
supplier. review and cancel
supporting documents.

Internal Control Over Financial Statements

Description of Examples Internal Control
Misstatement Weakness or Factors
that Increase the Risk
of the Misstatement

Misstatement of Fraud: Ineffective board of

Recorded Value of directors, audit
Investments Misstatement of the committee, or internal
value of closely held audit function; not
investment. conducive to ethical
conduct; undue pressure
to meet earnings targets.

Incomplete Recording Error: a. Inadequate

of Investments accounting manual;
Failure to record incompetent
derivative agreements accounting personnel.
which are embedded in b. Inadequate monitoring
other agreements. by internal auditors.

Internal Control Over Receivables / Revenue

Description of Examples Internal Control
Misstatement Weakness or Factors
that Increase the Risk
of the Misstatement

Recording Unearned Error: Ineffective billing process

Revenue Recording sales based on in which billing is not tied
the receipt of orders from to shipping information.
customers rather than the
shipment of goods.
 Recording Revenue Fraud: Ineffective board of
When Significant Recording sales when directors, audit
Uncertainties Exist the customer is likely to committee, or internal
return the goods. audit function; not
conducive to ethical
conduct; undue pressure
to meet sales targets.

Internal Control Over Inventory / Cost of Goods Sold

Description of Examples Internal Control
Misstatement Weakness or Factors
that Increase the Risk
of the Misstatement

Misstatement of inventory Fraud: Ineffective board of

costs Intentional misstatement directors, audit
of production costs committee, or internal
assigned to inventory. audit function; “tone at
the top” not
conducive to ethical
conduct; undue pressure
to meet earning targets.

Misstatement of inventory Error: Ineffective controls or

quantities Miscounting of inventory supervision of physical
by personnel involved in inventory.
physical inventory.

Internal Control Over Property, Plant, and Equipment

Description of Examples Internal Control
Misstatement Weakness or Factors
that Increase the Risk
of the Misstatement
 Misstatement of Fraud: Undue pressure to
Acquisitions of Property, Expenditures for repairs meet earnings
Plant, and Equipment and maintenance targets.
expenses recorded as
property, plant, and
equipment acquisitions to
overstate income.

Improper Reporting of Error: Inadequate accounting

Unusual Transactions A “gain” recorded on an manual; incompetent
exchange of nonmonetary accounting personnel.
assets that lacks
commercial substance.

Internal Control Affecting Liabilities and Equity

Description of Examples Internal Control
Misstatement Weakness or Factors
that Increase the Risk
of the Misstatement

Misappropriation of Fraud: Ineffective controls for

Purchases Goods are ordered but matching invoices with
delivered to an receiving documents
inappropriate address before disbursements are
and stolen. authorized.

Internal Control over Owner’s Equity

The three principal elements of strong internal control over share capital and dividends:
1. The proper authorization of transactions by the board of directors and corporate office.
2. The segregation of duties in handling these transactions (preferably the use payments)
3. The maintenance of adequate records.
References:

Cabrera, M. (2019). Corporate Governance, Business Ethics, Risk Management, and Internal
Control. GIC Enterprises & Co., Inc.

Bevin, L. (2024). The 5 Key Elements of An Effective Internal Control System.

https://www.zengrc.com/blog/key-elements-of-an-effective-internal-control-system/
Kansas State University (n.d). Elements of Internal Control.
https://www.k-state.edu/internalaudit/internal-controls/internalcontrols.html

Kenton, W. (2024). Internal Controls: Definition, Types, and Importance.

https://www.investopedia.com/terms/i/internalcontrols.asp