INTERNAL CONTROL is the process designed and effected by those charged with

governance, management and other personnel to provide reasonable assurance about

the achievement of the entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations and compliance with applicable laws and
regulations.

Those objectives fall into three categories:

1. Reliability of the entity’s financial reporting;
2. Effectiveness and efficiency of operations; and
3. Compliance with applicable laws and regulations.

Internal Control System means all the policies and procedures (internal controls)
adopted by the management of an entity to assist in achieving management’s objective
of ensuring, as far as practicable, the orderly and efficient conduct of its business,
including adherence to management policies, the safeguarding of assets, the prevention
and detection of fraud and error, the accuracy and completeness of the accounting
records, and the timely preparation of reliable financial information.

Elements of Internal Control

Internal control structures vary significantly from one company to the next. Factors such
as size of the business, nature of operations, the geographical dispersions of its
activities, and objectives of the organization affect the specific control features of an
organization. However, certain elements or features must be present to have a
satisfactory system of control in almost any large-scale organization.

The internal control system extends beyond these matters which relate directly to the
functions of the accounting system and consists of the following components:

a. Control Environment
Which means the overall attitude, awareness and actions of directors and
management regarding the internal control system and its importance in the
entity.

Factors reflected in the control environment include:

1. The functions of the board of directors and its committees;
2. Management’s philosophy and operating style;
3. The entity’s organizational structure and methods of assigning authority
and responsibility; and
4. Management’s control system including the internal audit function,
personnel policies and procedures and segregation of duties;
 Factors comprising the Control Environment includes:
1. Communication and Enforcement of Integrity and Ethical Values
2. Commitment to Competence
3. Participation by Those Charged with Governance
4. Management Philosophy and Operating Style
5. Organizational Structure
6. Assignment of Authority and Responsibility
7. Human Resources Policies and Procedures

b. Entity’s Risk Assessment Process

It is the “identification, analysis, and management of risks pertaining to the
preparation of financial statements”.

Risks can arise or change due to circumstances such as the following:

1. Changes in the operating environment
2. New personnel
3. New or revamped information systems
4. Rapid growth
5. New technology
6. New business models, products, or activities
7. Corporate restructurings
8. Expanded foreign operations
9. New accounting pronouncements

c. Information System, including the Business Processes, relevant to the Financial

Reporting and Communication

An information system consists of infrastructure (physical and hardware

components), software, people, procedures, and data. Infrastructure and
software will be absent, or have less significance, in systems that are exclusively
or primarily manual. Many information systems make extensive use of IT.

Journal Entries
An entity’s information system typically includes the use of standard journal
entries that are required on a recurring basis to record transactions.

Related Business Processes

An entity’s business process are the activities designed to:
1. Develop, purchase, produce, sell and distribute an entity’s products and
services;
2. Ensure compliance with laws and regulations; and
 3. Record information, including accounting and financial reporting
information.

Application to Small Entities

Information systems and related business processes relevant to financial
reporting in small entities are likely to be less formal than in larger entities but
their role is just as significant. Communication may be less formal and easier to
achieve in a small entity than in a larger entity due to the small entity’s size and
fewer levels as well as management’s greater visibility and availability.

d. Control Activities
These are the policies and procedures that help ensure that management
directives are carried out. For example, that necessary actions are taken to
address risks that threaten the achievement of the entity’s objectives. Control
activities, whether within IT or manual systems, have various objectives and are
applied at various organizational and functional levels.

The major categories of control procedures are:

A. Performance review
Management uses accounting and operating data to assess performance,
and it then takes corrective action. Such reviews include:
1. Comparing actual performance
2. Investigating performance
3. Reviewing functional or activity performance

B. Information Processing Controls

These are policies and procedures designed to require authorization of
transactions and to ensure the accuracy and completeness of transaction
processing.

General controls are control activities that prevent or detect errors or

irregularities for all accounting systems. It affects all transaction cycles and
apply to information processing as a center, hardware and system software
acquisition and maintenance, and backup and recovery procedures.

Application controls are controls that pertain to the processing of a specific

type of transaction, such as a payroll, or sales and collections. These controls
help ensure that transactions occurred, are authorized, and are completely
and accurately recorded and processed.

C. Physical Controls
Controls that encompass:
1. The physical security of assets, including adequate safeguards such
as secured facilities over access to assets and records.
2. The authorization for access to computer programs and data files
3. The periodic counting and comparison with amounts shown on control
records