Final Version MPA 626 Group 2 Presentation

INTERNAL CONTROL
& INTERNAL
AUDITING
MPA 626
1. Outline
➔IASPPS
➔ICSPPS
➔PGIAM
➔IAS
Internal Auditing Standards for
the Philippine Public Sector
(IASPPS)
Introduction
● Article IX-D of the 1987 Constitution - vests the Commission on Audit (COA)
the exclusive authority to promulgate auditing rules and regulations.
● Internal Auditing Research and Development Committee (IARDC)
○ Review of IPPF, ICIF, PGIAM, NGICS, GAAM
● IARDC - developed IASPPS (Internal Auditing Standards for the Philippine Public
Sector)
○ provides guidance for the professional practice of internal auditing to improve the
effectiveness of governance, risk management, and control processes in all agencies
of the government
Philippine Internal Auditing Framework for Public Sector
A. Mission
The Mission of Internal Audit

articulates what internal audit
aspires to accomplish within
an agency:
“To enhance and protect

organizational value by
providing risk- based and
objective assurance,
advice, and insight.”
B. Core Principles
1. Demonstrates integrity;
2. Demonstrates competence and due professional
care;
3. Is objective and free from undue influence
(independent)
4. Aligns with the strategies, objectives, and risks of
the government agency;
5. Is appropriately positioned and adequately
resourced;
6. Demonstrates quality and continuous improvement;
7. Communicates effectively;
8. Provides risk-based assurance;
9. Is insightful, proactive, and future-focused; and
10. Promotes improvement of government operations.
C. Definition of Internal Auditing
Internal Auditing is an independent,

objective assurance and advisory activity
designed to add value and improve
government operations. It helps
government accomplish its objectives by
bringing a systematic, disciplined
approach to evaluate and improve the
effectiveness of governance, risk
management, and control processes.
D. Standards
1. Philippine Application Guidelines (PAG)

- outline elaborations that need to be
considered in the implementation of
IASPPS.
1. Supplemental PAG
- outlines additional modifications or
updates on the PAG.
E. Code of Ethics
Republic Act No. 6713 - Code of Conduct

and Ethical Standards for Public Officials
and Employees (General Application)
Code of Ethics of the Institute of Internal

Auditors (Specific Application).
PURPOSE, AUTHORITY and RESPONSIBILITY
The purpose, authority, and responsibility of the internal audit service (IAS) must be
formally defined in an internal audit charter, consistent with the Mission of Internal Audit,
the Core Principles, the Code of Ethics, the Internal Auditing Standards for the Philippine Public
Sector (IASPPS), and the Definition of Internal Auditing. The head of internal audit must
periodically review the internal audit charter; present it to the senior management, for additional
input/ enhancement, if any; and submit, for approval, to the head of agency or the governing
body/audit committee.
- The nature of assurance services must be defined in the internal audit charter.
- The nature of advisory services must be defined in the internal audit charter.
INTERNAL AUDIT CHARTER
- May vary in each agency, may

include
1. Introduction 8. Reporting
2. Purpose of IAS
3. Authority 9. Monitoring
4. Organization and Reporting 10. Quality Assurance and
Structure Improvement
5. Independence and Objectivity
6. Responsibilities 11. Signatures
7. Internal Audit Plan
Recognizing Guidance in the Internal Audit Charter
The nature of the Core Principles, the Code of Ethics, the Internal
Auditing Standards for the Philippine Public Sector (IASPPS), and the
Definition of Internal Auditing must be reflected in the internal audit
charter. The head of internal audit should discuss the Mission of Internal
Audit and the elements of the Philippine Internal Auditing Framework for
Public Sector with senior management, and the head of agency or the
governing body/audit committee.
Independence and Objectivity
The internal audit service (IAS) must be independent, and

internal auditors must be objective in performing their work.
DUAL REPORTING (avoid bias) - head of Internal Audit - direct

functional reporting line to the governing body/audit committee and an administrative
reporting line to the head of agency
ORGANIZATIONAL INDEPENDENCE
The head of internal audit must report to a level within the agency that allows the
internal audit service (IAS) to fulfill its responsibilities. The head of internal audit
must confirm to the head of agency or the governing body/audit committee, at least
annually, the organizational independence of IAS.
The IAS must be free from interference in determining the scope of internal auditing,
performing work, and communicating results. The head of internal audit must
disclose such interference to the head of agency, or the governing body/audit
committee, and discuss the implications.
Direct Interaction with the Head of Agency or the Governing Body/Audit Committee
The head of internal audit must communicate and interact

directly with the head of agency or the governing body/audit
committee.
- allows them to give insights directly to the head of internal audit on new
and emerging issues and concerns facing the agency.
Roles of the Head of Internal Audit Beyond Internal Auditing
Where the head of internal audit has or is expected to have roles and/or
responsibilities that fall outside of internal auditing, safeguards must be in
place to limit impairments to independence or objectivity.
Example:
- The agency’s processes are immature, and the head of internal audit has the
most appropriate expertise to introduce risk management principles in the
agency.
- SAFEGUARDS
INDIVIDUAL OBJECTIVITY
Internal auditors must have an impartial, unbiased attitude and avoid

any conflict of interest.
● CONFLICT OF INTEREST
○ a public official or personnel is the head of agency or the governing body/audit
committee, and is also the officer, substantial stockbroker of a private corporation,
or owner of, or has a substantial interest in a business, and the interest in such
corporation or business, or his rights or duties therein, may be opposed to, or
affected by the faithful performance of official duty.
IMPAIRMENT TO INDEPENDENCE OR OBJECTIVITY
Impairment to organizational independence and individual objectivity may

include, but is not limited to:
- Personal Conflict of Interest
- Scope Limitations
- Restriction on Access to records, Personnel and Properties
- Resource Limitations such as funding
● If independence or objectivity is impaired in fact or appearance, the details of

the impairment must be disclosed to appropriate parties. The nature of the
disclosure will depend upon the impairment.
● Internal auditors must refrain from assessing specific operations for which they
were previously responsible. Objectivity is presumed to be impaired if an
internal auditor provides assurance services for an activity, for which the
internal auditor had previous responsibility within the previous year.
● Assurance engagements for functions over which the head of internal audit has
responsibility must be overseen by a party outside the internal audit service
(IAS).
● IAS may provide assurance services where it had previously performed advisory
services, provided the nature of the advisory did not impair objectivity, and provided
individual objectivity is managed when assigning resources to the engagement.
● Internal auditors may provide advisory services relating to operations for which they had
previous responsibilities.
● If internal auditors have potential impairments to independence or objectivity relating to

proposed advisory services, disclosure must be made to the engagement auditee prior to
accepting the engagement.
Proficiency and Due Professional Care
Engagements must be performed with proficiency and due professional

care.
A responsibility of the Head of Internal Audit and each Internal Auditor. The head of
internal audit ensures that persons assigned to each engagement collectively
possess the necessary knowledge, skills, and other competencies to conduct the
engagement appropriately.
Engagement - A specific internal audit assignment, task, or review activity, such as
an internal audit, control self-assessment review, fraud examination, or advisory.
Proficiency
Internal auditors and IAS as a whole, must possess the knowledge,

skills, and other competencies needed to perform their
responsibilities.
Proficiency - knowledge, skills, and other competencies required of internal
auditors to effectively carry out their professional responsibilities. It
encompasses consideration of current activities, trends and emerging
issues to enable relevant advice and recommendations. Knowledgeable in
Accounting, IT, Economics, Taxation, Finance, Fraud, Commercial law, etc.
Due Professional Care
Internal auditors must apply the care and skill expected of a

reasonably prudent and competent internal auditor. Due professional
care does not imply infallibility.
● Includes: conformity with the Code of Ethics, Code of Conduct, and

RA No. 6713 “Code of Conduct and Ethical Standards for Public
Officials and Employees.”
Due Professional Care
● Obtaining appropriate education, experience, certifications, and

training helps internal auditors develop the level of skill and
expertise required to perform their duties with due professional
care
Continuing Professional Development
Internal auditors must enhance their knowledge, skills, and other

competencies through continuing professional development.
Includes participating in conferences, seminars, training programs, online courses

and webinars, self-study programs, or classroom courses; conducting research
projects; volunteering with professional organizations; and pursuing professional
certifications. In areas related to a certain industry or specialization (e.g., data
analytics, financial services, information technology, taxation law, or systems design)
Quality Assurance and Improvement
The head of internal audit must develop and maintain a Quality

Assurance and Improvement Program (QAIP) that covers all
aspects of the internal audit service (IAS)
QAIP is designed to enable an evaluation of the IAS’s conformance with the IASPPS and
whether internal auditors apply the Code of Ethics. It assesses the efficiency and
effectiveness of the IAS and identifies opportunities for improvement. The head of internal
audit should encourage oversight by the head of agency or the governing body/audit
committee on the quality assurance and improvement program.
5 ESSENTIAL COMPONENTS OF QAIP
1. Internal Assessments
2. External Assessments
3. Communication of QAIP Results
4. Proper Use of a Conformance Statement
5. Disclosure of Nonconformance
REQUIREMENTS OF THE QAIP
The quality assurance and improvement program (QAIP) must

include both internal and external assessments.
INTERNAL ASSESSMENT
Internal assessments must include:

● Ongoing monitoring of the performance of the internal audit service (IAS)
○ routine policies and practices used to manage the IAS
● Periodic self-assessments or assessments by other personnel within the agency with sufficient knowledge
of internal audit practices.
○ conducted to evaluate conformance with the Code of Ethics and the IASPPS
Sufficient knowledge of internal audit practices requires at least an understanding of all

elements of the Philippine Internal Auditing Framework for the Public Sector and existing
laws, rules, and regulations.
EXTERNAL ASSESSMENTS
External assessments must be conducted at least once every five years by a

qualified, independent assessor or assessment team from outside the agency,
subject to existing laws, rules, and regulations. The head of internal audit must
discuss with the head of agency or the governing body/audit committee the
following:
● The form and frequency of external assessment; and
● The qualifications and independence of the external assessor or assessment team,
including any potential conflict of interest.
Standard 1321
Use of “Conforms with the IASPPS”
Indicating that the internal audit service (IAS) conforms with the
IASPPS is appropriate only if supported by the results of the quality
assurance and improvement program.
The IAS conforms with the Code of Ethics and IASPPS when it achieves the outcomes described therein.
QAIP = results of internal + external assessments.
All IAS = QAIP
IAS in existence for at least (5) years = results of external assessments.
Standard 1322
Disclosure of Nonconformance
Nonconformance with the Code of Ethics or the IASPPS impacts the

overall scope or operation of the IAS, the head of internal audit must
disclose the nonconformance and the impact to senior management,
and head of agency or the governing body/audit committee.
● Disclosures - discussion (meeting, private sessions, one-on-one, or other appropriate

methods) with senior management and communication to the head of agency or the
governing body/audit committee
Common Examples of Nonconformance
1. An internal auditor was assigned to an audit engagement, but did not

meet individual objectivity requirements (see Standard 1120)
2. An IAS undertook an engagement without having the collective
knowledge, skills, and experience needed to perform its
responsibilities (see Standard 1210), and
3. The head of internal audit failed to consider risk when preparing the
internal audit plan (see Standard 2010).
Standard 2000
Managing the Internal Audit Service
The head of internal audit must effectively manage the internal

audit service (IAS) to ensure it adds value to the agency.
The IAS is effectively managed when it meets the following requisites:

1. It achieves the purpose, authority, and responsibility included in the internal
audit charter.
2. It conforms with IASPPS
3. Its individual members conform with the Code of Ethics and the IASPPS
4. It considers trends and emerging issues that could impact the agency
Standard 2000
Managing the Internal Audit Service
The IAS adds value to the agency and its stakeholders when it
considers strategies, objectives, and risks; strives to offer ways to
enhance governance, risk management, and control processes; and
objectively provides relevant assurance.
Adds Value - when it provides/contributes or intend to improve to the
abovesaid factors, except management responsibility
Standard 2010
Planning
The head of internal audit must establish a risk-based plan to determine the
priorities of the internal audit service (IAS) consistent with the agency’s
goals.
● How?
1. Seeks advice from the senior management, and the head of agency or the governing
body/audit committee;
2. Obtains an understanding of the agency’s strategies, key operation objectives, associated
risks, and risk management processes
3. Review and adjust the plan, as necessary, in response to changes in the agency’s risks,
operations, programs, systems, and controls.
Factors to consider in developing the internal audit plan
1. Inherent risks - absence of any actions management may take to alter

the risks likelihood or impact (ex. Complex and non-routine
financial transactions)
2. Residual risks. - remaining risk after taking actions to reduce impact
3. Mitigating controls, contingency plans, and monitoring activities
4. Risk registers - repository of all risks identified (document)
5. Documentation - written records (work papers/working papers)
Standard 2020
Communication and Approval of IAS Plans
The head of internal audit must communicate the Internal Audit

Service’s plans and resource requirements, including significant
interim changes, to the senior management for
enhancements/additional inputs; and to the head of agency or the
governing body/audit committee for review and approval. The head of
internal audit must also communicate the impact of resource
limitations.
Standard 2030
Resource Management
The head of internal audit must ensure that internal audit resources are
appropriate, sufficient, and effectively deployed to achieve the approved
plan.
● Appropriate - mix of knowledge, skills, and other competencies needed to perform the plan.
● Sufficient - quantity of resources needed to accomplish the plan.
● Effectively deployed when resources are used in a way that optimizes the achievement of
the approved plan.
Standard 2040
Policies and Procedures
The head of internal audit must establish policies and procedures to

guide the internal audit service (IAS)
● The form and content of policies and procedures are dependent upon the size and
structure of the IAS and the complexity of its work.
Standard 2040
Policies and Procedures
Topics generally included in the Internal Audit Manual:

1. Internal audit policies ( The overall purpose and responsibilities of the IAS, Adherence
to the IASPPS, Independence and objectivity, Ethics, Protecting confidential information; and Record
retention)
2. Internal audit procedures (Preparing a risk-based audit plan, Planning an audit and
preparing the engagement work program, Performing audit engagements, Documenting audit
engagements, Communicating results/reporting; and Monitoring and follow-up processes, Quality
assurance and improvement program)
3. Administrative matters (Training and certification opportunities, Continuing
education requirements; and Performance evaluations)
Standard 2050
Coordination and Reliance
The head of internal audit should share information, coordinate

activities, and consider relying upon the work of other internal and
external service providers to ensure proper coverage and minimize
duplication of efforts.
Elements:
● Coordination and Reliance between Internal and External Auditors
● Relying on the works of others
Standard 2060
Reporting to the Head of Agency or the Governing Body/Audit Committee
The head of internal audit must report periodically to the head of

agency or the governing body/audit committee on the IAS purpose,
authority, responsibility, and performance relative to its plan and on
its conformance with the Code of Ethics and the IASPPS. Report
includes significant risk and control issues, including fraud risks,
governance issues, and other matters that require their attention.
Why? To provide assurance to the above re governance processes, risk
management, and control.
Standard 2100
Nature of Work
The internal audit service (IAS) must evaluate and contribute to the
improvement of the agency’s governance, risk management, and
control processes using a systematic, disciplined, and risk-based
approach. Internal audit credibility and value are enhanced when
auditors are proactive and their evaluations offer new insights and
consider future impact.
Standard 2110
Governance
The combination of processes and structures implemented by the head of

agency or the governing body/audit committee to inform, direct,
manage, and monitor the activities of the agency toward the achievement
of its objectives.
Role of Internal Auditing - responsibility to evaluate and improve governance processes as

part of the assurance function. Internal auditors are integral to the agency’s governance
framework.
Standard 2120
Risk Management
The internal audit service (IAS) must evaluate the effectiveness and
contribute to the improvement of risk management processes.
Risk - possibility of an event occurring to have impact on the
achievement of the objective.
● Key responsibility of the senior management, HOA, Audit committee
● Determining whether risk management processes are effective is a judgment resulting
from the internal auditor’s assessment
● Risk management processes are monitored through ongoing management activities,
separate evaluations, or both.
Standard 2130
Control
The internal audit service (IAS) must assist the agency in maintaining
effective controls by evaluating their effectiveness and efficiency, and
by promoting continuous improvement.
Control - any action taken by (M, HOA, GB/AC + other parties) to manage (mitigate) risk and
increase likelihood of the achievement of goals/objectives
Main Goal - to prevent losses to the agency arising from the different hazards in government
operations
Standard 2200
Engagement Planning
Internal auditors must develop and document an engagement plan and work
program for each engagement, including the engagement's objectives, scope,
timing, and resource allocations. The plan must consider agency’s strategies,
objectives, and risks relevant to the engagement.
Engagement - a specific internal audit assignment, task, or review activity (ex. internal audit,
control self-assessment review, fraud examination, or advisory)
Planning Memo - important document to communicate engagement objectives, scope,

and other important background information to audit team members
Standard 2201
Planning and Considerations
Considerations:
1. Strategies and objectives of the activity being reviewed, and the means by which
the activity controls its performance
2. Significant risks to the activity’s objectives, resources, and operations; and the
means by which the potential impact of risk is kept to an acceptable level
3. Adequacy and effectiveness of the activity’s governance, risk management, and
control processes compared to a relevant framework or model;
4. Opportunities for making significant improvements to the activity’s governance,
risk management, and control processes.
Standard 2210
Engagement Objectives
Objectives must be established for each engagement.

Engagement Objectives - broad statements developed by internal auditors that
define intended engagement accomplishments.
Criteria:
1. Internal (e.g., policies and procedures of the agency)
2. External (e.g., laws and regulations imposed by statutory bodies)
3. Leading practices (e.g., industry and professional guidance).
Standard 2220
Engagement Scope
The established scope must be sufficient to achieve the objectives of the

engagement.
- Generally cannot cover everything. Determines what should and should not be included.
Factors:
1. Boundaries of the area or process (extent/range to achieve objectives)
2. In-scope versus out-of-scope locations (established parameters)
3. Sub-processes
4. Components of the area or process, and
5. Time frame (ex. Fiscal quarter, calendar year)
Note: Scope limitations must be reported in the final engagement communications
STANDARD 2230
ENGAGEMENT ALLOCATION RESOURCE

Internal auditors must determine appropriate and sufficient resources
to achieve engagement objectives, based on an evaluation of the
nature and complexity of each engagement, time constraints, and
available resources.
❏ Appropriate refers to the mix of knowledge, skills, and other competencies needed
to perform the engagement.
❏ Sufficient refers to the quantity of resources needed to accomplish the engagement
with due professional care.
STANDARD 2240
ENGAGEMENT PLAN AND WORK PROGRAM
Internal auditors must develop and document work programs that achieve the
engagement objectives.
- Work programs must include the procedures for identifying, analyzing,
evaluating, and documenting information during the engagement. The work
program must be approved prior to its implementation, and any adjustments
approved promptly.
-Work programs for advisory engagements may vary in form and content
depending upon the nature of the engagement.
STANDARD 2300
PERFORMING THE ENGAGEMENT
Internal auditors must identify, analyze, evaluate, and document

sufficient information to achieve the engagement’s objectives.
- IA need to consider concerns relating to the protection of personal information
gathered during audit engagements, as advances in information technology and
communications continue to present privacy risks and threats
STANDARD 2310
IDENTIFYING THE INFORMATION

Internal auditors must identify sufficient, reliable, relevant, and useful
information to achieve the engagement’s objectives.
- Sufficient information is factual, adequate, and convincing so that a
prudent, informed person would reach the same conclusions as the auditor.
- Reliable information is the best attainable information through the use of
appropriate engagement techniques.
- Relevant information supports engagement observations and
recommendations, and is consistent with the objectives for the engagement.
- Useful information helps the agency meet its goals.
STANDARD 2320
ANALYSIS AND EVALUATION

Internal auditors must base conclusions and engagement results on
appropriate analyses and evaluations.
Examples of manual audit procedures:
● Vouching - test the validity of documented or recorded information by following it backward to a

tangible resource or a previously prepared record
● Tracing - test the completeness of documented or recorded information by tracking information
forward from a document, record, or tangible resource to a subsequently prepared document
● Reperformance - test the accuracy of a control by reperforming the tasks, which may provide direct
evidence of the control’s operating effectiveness
● Independent confirmation - solicit and obtain written verification of the accuracy of information
from an independent third party
STANDARD 2330
DOCUMENTING INFORMATION
Internal auditors must document sufficient, reliable, relevant, and useful information to support
the engagement results and conclusions.
The head of internal audit must
- control access to engagement records. The head of internal audit must obtain the
approval of senior management, legal counsel, or head of agency prior to releasing
such records to external parties, as appropriate
- develop retention requirements for engagement records, regardless of the medium in
which each record is stored. These retention requirements must be consistent with the
agency’s guidelines and any pertinent regulatory or other requirements
- develop policies governing the custody and retention of advisory engagement records,
as well as their release to internal and external parties. These policies must be
consistent with the agency’s guidelines and any pertinent regulatory or other
requirements.
STANDARD 2340
ENGAGEMENT SUPERVISION
Engagements must be properly supervised to ensure objectives are achieved,
quality is assured, and staff is developed.
- The extent of supervision required will depend on the proficiency and experience of
internal auditors and the complexity of the engagement. The head of internal audit
has overall responsibility for supervising the engagement, whether performed by or
for the internal audit service (IAS), but may designate appropriately experienced
members of the IAS to perform the review. Appropriate evidence of supervision is
documented and retained.
STANDARD 2400
COMMUNICATING RESULTS
Internal auditors must communicate the results of engagements.
- the head of internal audit also should understand the expectations of the head of
agency or the governing body/audit committee, regarding communication related
to engagement results.
- the workpapers will indicate which results will be communicated verbally, and
which will be communicated in writing.
- the internal auditor is encouraged to consult legal counsel in matters involving
legal issues.
STANDARD 2410
CRITERIA FOR COMMUNICATING

Communications must include the engagement’s objectives, scope, and results.
- Final communication of engagement results must include applicable conclusions, as well as
applicable recommendations and/or action plans. Where appropriate, the internal auditors’ conclusion
should be provided. A conclusion must take into account the expectations of senior management, the
head of agency or the governing body/audit committee, and other stakeholders, and must be supported
by sufficient, reliable, relevant, and useful information.
- Internal auditors are encouraged to acknowledge satisfactory performance in engagement
communications.
- When releasing engagement results to parties outside the agency, the communication must include
limitations on distribution and use of the results.
- Communication of the progress and results of advisory engagements will vary in form and content
depending upon the nature of the engagement, and the needs of the auditee.
Conclusions at the engagement level may be ratings or other descriptions
of the results. Such an engagement may be in relation to controls around a
specific process, risk, or unit of the agency. The formulation of such
conclusions requires consideration of the engagement results and their
significance.
STANDARD 2420
QUALITY OF COMMUNICATIONS
Communications must be accurate, objective, clear, concise,
constructive, complete, and timely.
❏ Accurate communications are free from errors and distortions, and are
faithful to the underlying facts.
❏ Objective communications are fair, impartial, and unbiased and are the
result of a fair-minded and balanced assessment of all relevant facts and
circumstances.
❏ Clear communications are easily understood and logical, avoiding
unnecessary technical language and providing all significant and relevant
information.
❏ Concise communications are to the point and avoid unnecessary elaboration,
superfluous detail, redundancy, and wordiness.
❏ Constructive communications are helpful to the auditee and the agency, and
lead to improvements, where needed.
❏ Complete communications lack nothing that is essential to the target
audience, and include all significant and relevant information and
observations to support recommendations and conclusions.
❏ Timely communications are opportune and expedient, depending on the
significance of the issue, allowing management to take appropriate corrective
action.
STANDARD 2421
ERRORS AND OMISSIONS
If a final communication contains a significant error or omission, the

head of internal audit must communicate corrected information to all
parties who received the original communication.
STANDARD 2430
Use of “Conducted in Conformance with the Internal Auditing

Standards for the Philippine Public Sector
Indicating that engagements are "conducted in conformance with the Internal

Auditing Standards for the Philippine Public Sector (IASPPS)" is appropriate only if
the results of the quality assurance and improvement program support the statement.
- using this statement builds the IAS’s credibility. This Standard prohibits using
the statement unless the results of the IAS’s QAIP — including current internal
and external assessments — support a conclusion that the IAS generally
conforms with the IASPPS.
STANDARD 2431
ENGAGEMENT DISCLOSURE AND
NONCONFORMANCE
When nonconformance with the Code of Ethics or the Internal Audit Standards for the
Philippine Public Sector (IASPPS) impacts a specific engagement, communication of
the results must disclose the following:
- Principle(s) or rule(s) of conduct of the Code of Ethics or the IASPPS with which
full conformance was not achieved;
- Reason(s) for nonconformance; and
- Impact of nonconformance on the engagement and the communicated engagement
results.
STANDARD 2440
DISSEMINATING RESULT
The head of internal audit must communicate results to the appropriate parties. He/She is responsible
for reviewing and approving the final engagement communication before issuance, and for deciding
to whom and how it will be disseminated. When the head of internal audit delegates these duties, he
or she retains overall responsibility.
- If not otherwise mandated by legal, statutory, or regulatory requirements, prior to releasing results to parties
outside the agency, the head of internal audit must ensure the following:
●Assess the potential risk to the agency;
●Consult with senior management and/or legal counsel as appropriate; and
●Control dissemination by restricting the use of the results.
- During advisory engagements, governance, risk management, and control issues may be identified. Whenever
these issues are significant to the agency, they must be communicated to senior management, and the head of agency
or the governing body/ audit committee.
- Results are given due considerations
Disseminating Result
Communications Outside the Agency
- The internal audit charter, laws, regulations, agency policies, or the engagement
agreement may contain guidance related to reporting information outside the agency. If
such guidance does not exist, the head of internal audit may facilitate adoption of
appropriate policies.
- In certain situations, it may be possible to create a special-purpose report based on an
existing report or information to make the report suitable for dissemination outside
the agency
STANDARD 2450
OVERALL OPINION
When an overall opinion is issued, it must take into account the strategies, objectives, and risks of
the agency; and the expectations of senior management, the head of agency or the governing body/
audit committee, and other stakeholders. The overall opinion must be supported by sufficient,
reliable, relevant, and useful information.
The communication will include the following:
i. The scope, including the time period to which the opinion pertains;
ii. The scope limitations;
iii. Consideration of all related projects, including the reliance on other assurance providers;
iv. A summary of the information that supports the opinion;
v. The risk or control framework, or other criteria used as bases for the overall opinion; and
vi. The overall opinion, judgment, or conclusion reached.
The reasons for an unfavorable overall opinion must be stated.
STANDARD 2500
MONITORING PROGRESS
The head of internal audit must establish and maintain a system to monitor the
disposition of results communicated to management.
- The head of internal audit must establish a follow-up process to monitor and ensure
that management’s actions have been effectively implemented or that senior
management, and the head of agency or the governing body/audit committee has
accepted the risk of not taking action.
- The internal audit service must monitor the disposition of results of advisory
engagements to the extent agreed upon with the auditee.
STANDARD 2600
COMMUNICATING THE ACCEPTANCE OF RISK

When the head of internal audit concludes that management has accepted a level of
risk that may be unacceptable to the agency, the head of internal audit must discuss
the matter with senior management. If the head of internal audit determines that the
matter has not been resolved, the head of internal audit must communicate the matter
to the head of agency or the governing body/audit committee.
- The identification of risk accepted by management may be observed through an

assurance or advisory engagement, monitoring progress on actions taken by
management as a result of prior engagements, or other means. It is not the
responsibility of the head of internal audit to resolve the risk.
Internal Control Standards for
the Philippine Public Sector
(ICSPPS)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
COMPOSITION OF ICSPPS
Part 1 – Philippine Internal Control Framework for the Public Sector

Part 2 – Fundamentals of Internal Control
Part 3 – Internal Control Objectives
Part 4 – Internal Control Components
Part 5 – Levels of Agency Structure
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Provides the fundamentals on internal control
Guides government agencies in developing and maintaining a comprehensive

internal control system
PURPOSE OF THE INTERNAL CONTROL FRAMEWORK

is to identify the requirements for establishing an effective internal control
system for government agencies, with the requisite general objectives,
internal control components, and levels of agency structure where internal
control operates.
RELATIONSHIP AMONG THE GENERAL OBJECTIVES,
INTERNAL CONTROL COMPONENTS AND LEVELS OF
AGENCY STRUCTURES
Part II – Fundamentals of Internal Control
INTERNAL CONTROL
– is an integral process
that is effected by an
agency’s management
and personnel and is
designed to address
risks and to provide
reasonable assurance
that in pursuit of the
agency’s mission, the
general objectives are
being achieved.
Per Section 123, Presidential Decree No. 1445
(Government Auditing Code of the Philippines),
11 June 1978, as amended.
Internal control
“is the plan of organization and all the coordinated methods and
measures adopted within an organization or agency to safeguard its
assets, check the accuracy and reliability of its accounting data, and
encourage adherence to prescribed managerial policies.”
B. Importance of Internal Control
❏ Profitability or sustainability
❏ Observance of management policies
❏ Safeguarding of assets or resources
❏ Prevention and detection of fraud and error
❏ Accuracy and completeness of accounting records
❏ Timely preparation of reliable financial information
❏ Protection of staff members and other stakeholders against
disinformation
C. Limitations of Internal Control Effectiveness
Internal control cannot by itself ensure the achievement of the general

objectives.
Limitations may result from the following:
a. human judgment in decision making can be faulty;
b. breakdowns can occur because of simple errors or mistakes;
c. controls can be circumvented by collusion of two or more people;
d. management can override the internal control system.

3 Control activities
2 Risk Assessment
4 Information and
Communication
5 Monitoring
1 Control Environment
CONTROL ENVIRONMENT
RISK ASSESSMENT
Control Activities
Control Activities
● are the policies and procedures established to address risks and

to achieve the agency’s objectives. These are essential for proper
stewardship and accountability of government resources.
Principles of the control activities component
➔ Management designs control activities
Consistently Comprehensive,
functioning according reasonable, and
Appropriate Cost-effective
to plan throughout the directly related to the
period control objective
➔ Management develops control activities which include a range of

diverse policies and procedures.
1 Top level reviews of actual
performance 5 Verifications
9 Supervision
2 Authorization and Approval

procedures 6 Reconciliations 10
Management and human
capital
3 Segregation of Duties
7 Reviews of operating performance 11 Physical controls over vulnerable
assets
4 Control over access to resources and

records 8 Reviews of operations, processes and
activities 12 Documentation
3 Basic types of controls
Preventive
Vestibulum congue
Controls
ntr ongue
Ve
o ls e
Deibuluntrol
Co ecc tiv
st
Co
tecm co s
m
ulu
rr
tivnegue
Co
stib
Ve
Control activities can be designed and executed in the following
manner:
Automated Manual
Control Control
Activities Activities
➔ Management develops effective information Technology control

activities
Management designs
Management designs an
appropriate type of control
effective information
activities to help ensure
system and use of
complete and accurate
information technology
information processing
Three Phases of a processing cycle
INPUT PROCESSING OUTPUT

Information and communication
Information and communication
● is essential to the realization of all the internal control objectives.

This can be achieved by developing and maintaining reliable and
relevant financial and non-financial information and
communicating this information by means of a fair disclosure in
timely reports.
Principles of Information and communication
➔ Management develops An array of pertinent, Information should be

reliable, and relevant captured and
and maintains reliable information should be communicated in a
identified. form/content and
and relevant financial timeframe
and non-financial
Transactions and Information systems
informations. events must be deal not only with
promptly recorded, quantitative and
properly classified, and qualitative forms of
fully and clearly internally generated
documented. data.
➔ Management communicates information throughout the agency.
Information can be communicated in a verbal,

01 written, and/or electronic form.
02 Communication occurs in all directions

➔ Management communicates information with external parties.
Management provides Management Agency’s method of

adequate means of establishes separate communication
communicating with, considers the audience
reporting line to be reached.
and obtaining
information from
external parties.
Monitoring
Monitoring
● refers to the process that assesses the quantity of the internal

control system’s performance over time.
Principles of monitoring component
➔ Management establishes and operates activities to monitor the

internal control system, and evaluates the results.
1. Management establishes 2. Management considers

a baseline to monitor the ongoing monitoring activities,
internal ‘control system separate evaluations, or a
combination of both in the
conduct of assessment.
Principles of monitoring component
➔ Management takes appropriates action on the findings and

recommendations of audit and other reviews.
Deficiencies noted during ongoing monitoring or through
separate evaluations are communicated.
The findings and recommendations of audits and other reviews

are adequately and promptly resolved.
Levels of Agency Structure Government Agency
Any of the various units of the
government, including a department,
commission, bureau, office,
instrumentality, government-owned
or -controlled corporations and its
1 subsidiaries, any self governing
board or commission of the
Division/Office government, a local government nit
Refers to any major functional or a district unit therein, and any
units of a government agency, 2
other entity or instrumentality of the
there functions are defined by government
law or regulations.
3
Operating Unit
Refers to a government
Function 4 institution/unit charged with
Refers to a program, project, carrying out specific substantive
activity or process in the functions or which directly
government agency. implements program, activity, and
project of a government agency.
Philippine Government Internal
Audit Manual (PGIAM 2020)
Philippine Government Internal Audit Manual
dssddfs
CONCEPTS AND PRINCIPLES OF INTERNAL AUDIT
What is Internal Audit?
● evaluation of management controls and operations performance, and the

determination of the degree of compliance of internal controls with laws,
regulations, managerial policies, accountability measures, ethical standards
and contractual obligations.
● involves the appraisal of the plan of organization and all the coordinated
methods and measures, in order to recommend courses of action on
matters relating to operations audit and management control
dssddfs
CONCEPTS AND PRINCIPLES OF INTERNAL AUDIT
What is Internal Audit?

● In simpler terms, it is the functional means by which the managers of an
agency receive an assurance from internal sources that the processes for
which they are accountable are operating in a manner which will minimize
the probability of the occurrence of fraud, error and inefficient or
uneconomic practices.
dssddfs
Legal Bases
● The creation of the IAS was first mandated under RA No. 3456 (Internal Auditing Act of
1962), as amended by RA No. 4177, s. 1965.
● With the reorganization of the Executive Branch of government under Presidential
Decree (PD) No. 1, s. 1972, the IAS was effectively abolished.
● Thereafter, the Administrative Code of 1987, as amended, mandated the creation of the
present IAS and provided the corresponding internal audit functions, making the same
as an integral part in the organizational structure of the Department of Public Works and
Highways (DPWH).
● It was subsequently adopted and applied across other departments, agencies,
government-owned or -controlled corporations (GOCCs) and local government units
(LGUs) through various executive issuances.
dssddfs
Scope of Internal Audit
● The scope of internal audit involves all matters relating to operations audit
and management control.
● It encompasses the evaluation of the degree of compliance of supervision

or control with laws, rules and regulations governing the operations of the
agency, the appraisal of the adequacy of internal controls and the
evaluation of the results of operations, focusing on the effectiveness of
controls of operating and support services units/systems in the attainment
of agency objectives.
dssddfs
Types of Internal Audit
Compliance audit
● evaluation of the degree of compliance of supervision or control with laws,
regulations, managerial policies, systems and processes of government,
including compliance with accountability measures, ethical standards and
contractual obligations.
● covers the determination of whether or not all other internal control
components are well designed and properly implemented.
● This type of audit is a necessary first step to, and part of, management and
operations audits.
dssddfs
Compliance Audit Flow Diagram
dssddfs
Management audit
● separate evaluation of the effectiveness of internal controls adopted in the

operating and support services units/systems to determine whether or not they
achieve the control objectives over a period of time or as of a specific date
● includes the determination of the degree of compliance of control or supervision
with laws, regulations, managerial policies, accountability measures, ethical
standards and contractual obligations covering specific timeframes
● review and appraisal of the systems and processes, organizational and staffing
structures, operations and management practices, records, reports and
performance standards of the agencies/units covered
dssddfs
Management Audit Flow Diagram
dssddfs
Operations audit
● separate evaluation of the outcome, output, process and input to

determine whether government operations, programs and projects
are effective, efficient, ethical and economical (4Es)
● includes the determination of the degree of compliance of supervision
or controls with laws, regulations, managerial policies, accountability
measures and contractual obligations.
dssddfs
Operations Audit Flow Diagram
Principles of Internal Auditing

dssddfs
Objectivity and Impartiality, and Avoidance of Conflict of Interest
● Objectivity means an unbiased mental attitude and professionalism that

allows an internal auditor to perform engagements with no quality
compromises
● Impartiality, on the other hand, means that the internal auditor is free from
bias and conflict of interest.
● To be objective and impartial, the internal auditor shall at all times uphold
public interest over and above personal interest.
dssddfs
Professional Competence
● The internal auditor must maintain high standards of competence and

professional integrity commensurate with his/her responsibilities and
mandated functions.
● The internal auditor must possess and continually develop the
knowledge, skills and other competencies needed
dssddfs
Authority and Confidentiality
● The head of agency should authorize internal auditors to have full, free and
unrestricted access to all functions, premises, assets, personnel, records, and other
documents and information that the IAS/IAU head considers necessary in
undertaking internal audit activities.
● All records, documentation and information accessed in the course of undertaking
internal audit activities are to be used solely for the conduct of these activities. The
internal auditor should respect the confidentiality of information acquired in the
course of performing the audit activities
dssddfs
Evidence-based Approach
● Internal auditors should be able to gather sufficient evidential matters in support

of their findings and recommendations
Code of Conduct and Ethics
● As public servants, internal auditors are bound by the Code of Conduct and
Ethical Standards for Public Officials and Employees in the performance of their
functions.
dssddfs
Hierarchy of Applicable Internal Auditing Standards and Practice
1. The Philippine Constitution;

2. Laws, rules, and regulations on public governance and accountability, and
applicable jurisprudence;
3. Government policies, standards, guidelines, and regulatory issuances;
4. Standards and other issuances of intergovernmental organizations
5. Relevant or applicable standards and best practices in governance,
accountability, and operations, both local and international
dssddfs
IAS/IAU Functions as Distinguished from the Operations and Processes

of Other Units
● Pursuant to the Administrative Code of 1987, as amended, the IAS/IAU is

responsible for the conduct of a comprehensive audit of various activities
of the agency. It shall cover audit areas in all units of the agency, including
agencies under its supervision and control and administrative supervision
dssddfs
Internal Audit as Distinguished from Internal Quality Audit
● Internal audit should be distinguished from internal quality audit, which is

part of the implementation of a QMS, which is a management system.
dssddfs
INTERNAL CONTROL SYSTEM AND INSTITUTIONAL ARRANGEMENTS
What is Internal Control?
● is the plan of organization and all the coordinated methods and measures
adopted within an organization or agency to safeguard its assets, check the
accuracy and reliability of its accounting data, and encourage adherence to
prescribed managerial policies.
● The most basic competence that an internal auditor must possess is the
knowledge of internal controls.
dssddfs
Internal Control Framework
dssddfs
Roles and Responsibilities on Internal Control
● Internal control requires the participation and involvement of the agency

head, officials and personnel at all levels.
● DS/HoA or GB/AuditCom – has the direct responsibility to install,
implement and monitor a sound system of internal control.118
● ExeCom/ManCom/Top management – ensures proper check and
balance in the monitoring of internal controls over delivery units, instills
control consciousness in the agency, and utilizes internal controls to
regulate and guide agency operations.
dssddfs
Roles and Responsibilities on Internal Control
● Delivery units (e.g., bureaus, services, and other offices, including

regional and field offices) – conduct performance and compliance review
and improvement of operations and processes.
● Management division/unit, or its equivalent unit – reviews and monitors
whether internal controls are applied at all levels within and across the
agency and sector, and recommends measures for management
improvement of systems and processes.
● IAS/IAU – appraises the internal control system to determine whether
controls are well designed and properly implemented, and determines the
adequacy of internal controls or whether it is achieving the objectives.
dssddfs
Administrative Relationships
Supervision and Control
● relationship between a department and the bureaus under it. This includes
the authority to act directly whenever a specific function is entrusted by law or
regulation to a subordinate; direct the performance of duty; restrain the
commission of acts; review, approve, reverse or modify acts and decisions of
subordinate officials or units; determine priorities in the execution of plans
and programs; and prescribe standards, guidelines, plans and programs
dssddfs
Administrative Supervision
● relationship of a department with regulatory agencies under it. This is limited to

the authority of a department or its equivalent to generally oversee the
operations of such agencies and ensure that they are managed effectively,
efficiently, ethically, and economically without interference in day-to-day
activities.
dssddfs
Attachment
● relationship of a department with a corporation and other agencies as may be

provided by law. This refers to the lateral relationship between a department or
its equivalent and the attached agency for purposes of policy and program
coordination
dssddfs
Organizing the Internal Audit
Establishment of the IAS/IAU

Executive Branch is authorized to establish its own IAS to cover audit
areas in the office of the DS, bureaus, offices, agencies, including
regional/field offices, regulatory agencies and other agencies either under
the supervision and control or under the administrative supervision of a
department, consistent with the provisions of the Administrative Code of
1987, as amended, on administrative relationships. Chapter III
In the case of regular agencies attached to a department for policy and

program coordination, their respective HoA or GBs shall determine the
propriety of establishing a separate IAU or availing of the
services of the IAS of their parent department.
Purpose, Authority
Purpose, Authority and
and Functions of the Fu1. of
IAS/IAU
the IAS/IAU
In government, the authority to establish an IAS/IAU, including its purpose,
organization, programs, activities, and functions, should be pursuant to the
Administrative Code of 1987, as amended, this Manual and or other
applicable legal basis
Purpose, Authority
Reporting Lines for the IAS/IAU and Fu1. of
the IAS/IAU
1.
2.
In departments, the IAS shall report directly to the DS.
In the case of a regular agency attached to a Department for policy and
program coordination, the IAU shall report to the HoA. For multi-
headed attached agencies (e.g., commission, council, or board), the IAU
may report directly to the GB. The GB may opt to organize an
AuditCom from among its members to which the IAU shall report
directly.
3. In the case of GOCCs/GFIs, the IAS/IAU shall report to the AuditCom
of the GB of the corporation.
4. For SUCs, the IAU shall report to the GB, which may also opt to
organize an AuditCom from among its members to which the IAU shall
report directly.
Purpose, Authority
Roles and Responsibilities on Internal and
Audit Fu1. of
the IAS/IAU
Pursuant to Section 124 of the Government Auditing Code of the Philippines,
the direct responsibility to install, implement and monitor a sound system of
internal control rests with the DS/HoA or the GB/AuditCom. However, the
DS/HoA/GB/AuditCom may task the IAS/IAU to undertake the appraisal of
the internal control system within the department, agency or GOCC/GFI or
SUC.
As the official primarily responsible for the installation,

implementation and monitoring of the internal control system, the
DS/HoA or DS/HoA or the GB/AuditCom provides the overall strategic direction
GB/AuditCom in the operationalization of the internal audit function in the
organization, from planning to performance
evaluation.
Purpose, Authority
Roles and Responsibilities on Internal and
Audit Fu1. of
the IAS/IAU As the assigned unit in the appraisal of the internal
control system within the organization, the IAS/IAU
IAS/IAU head is accountable to the DS/HoA or the
GB/AuditCom, as the case may be, for the efficient and
effective operation of the internal audit function.
The auditees, which may refer to the different

bureaus/services/ offices/units in the agency,
Auditees play a cooperative role in the course of the
conduct by the IAS/IAU of internal audit.
Purpose, Authority and Fu1. of

IAS/IAU Relationships with Principals and Key
Stakeholders
the IAS/IAU
Principals DS/HoA/GB/AuditCom
External stakeholders
must always deal with
1. Internal stakeholders include those the principal and not
within the sector (e.g., CSC, Office of directly with the
the Ombudsman, and other review and
IAS/IAU.
Key oversight bodies)
Stakeholders 2. External stakeholders, on the other
hand, pertain to those outside the
sector.

Stakeholders
the IAS/IAU ❏ The IAS/IAU must report directly to the

DS/HoA.
❏ A superior-subordinate relationship exists
between the DS/HoA and the internal auditors.
IAS/IAU and the ❏ This relationship should be used as an
1 DS/HoA
opportunity for internal audit to gain insights
into new and emerging issues and concerns
facing the organization, and to discuss the role
that the DS/HoA requires the IAS/IAU to fulfil, in
line with the latter’s mandated function.

Stakeholders
the IAS/IAU ❏ The GB/AuditCom shall periodically

meet with the IAS/IAU head to discuss
reports of evaluation.
In GOCCs, GFIs, multi-
IAS/IAU and the ❏ Again, it is reiterated that the
2 GB/AuditCom relationship between the GB/AuditCom headed attached
and IAS/IAU is that of principal and agencies and SUCs, the
agent, respectively. IAS/IAU reports to the
GB/AuditCom on the
effectiveness of the
internal audit function

Stakeholders
the IAS/IAU ❏ To effectively fulfill its responsibilities, the

IAS/IAU needs to have a professional and
constructive relationship with the
IAS/IAU and ExeCom/ManCom/top management of the
3 ExeCom/ManCom/
❏
organization in general.
Top Management The IAS/IAU members should interact on
a regular basis with the members of the
senior management team, and build a
relationship that is based on cooperation,
mutual respect and adherence to the
highest degree of professionalism.

Stakeholders
the IAS/IAU Internal control in the public sector must conform to

five (5) objectives:
IAS/IAU and 1. Safeguard assets;

4 the DBM
2.
3.
Check accuracy and reliability of accounting data;
Adhere to managerial policies;
The management
4. Comply with laws, rules and regulations; and aspects of the internal
5. Ensure economical, efficient and effective control system that is to
operations.
“encourage adherence to
prescribed managerial
➔ The objective to “encourage adherence to prescribed managerial policies” is performed policies” are established
by the DBM through “control of the National Budget” and “management of government by the Executive Branch
operations”.
➔ Pursuant to OP AO No. 119, as amended, the DBM is mandated to promulgate the
proper and appropriate rules, regulations and circulars for the strengthening of the
internal control systems, including internal audit as a key part thereof, in government.

Stakeholders
the IAS/IAU Internal control in the public sector must conform to

five (5) objectives:
IAS/IAU and 1. Safeguard assets;

5 the COA
2.
3.
Check accuracy and reliability of accounting data;
Adhere to managerial policies;
4. Comply with laws, rules and regulations; and
5. Ensure economical, efficient and effective
operations.
➔ The financial aspect of internal control system, “to safeguard its assets” and “check the
accuracy and reliability of its accounting data,” is carried out by the COA in keeping with its
constitutional mandate “to examine, audit, and settle all accounts pertaining to the revenue and
receipts of, and expenditures or uses of funds and property” and to “promulgate accounting and
auditing rules and regulations, including those for the prevention and disallowance of irregular,
unnecessary, excessive, extravagant, or unconscionable expenditures, or uses of government
funds and properties.”

Stakeholders
the IAS/IAU 1. The responsibility for setting

standards/policies/guidelines/programs pertaining to
HRM of the government is placed with CSC. The
CSC conducts audit of personnel actions of
IAS/IAU and
6 the CSC 2.
departments/agencies.
The audit function of the CSC is to “[i]nspect and The CSC is the
audit the personnel actions and programs of the
departments, agencies, bureaus, offices, LGUs and constitutional body
other instrumentalities of the government, including concerned with the
GOCCs.
promulgation of policies,
standards and
guidelines on personnel
administration.

IAS/IAU and Oversight, Regulatory and Other External Bodies
the IAS/IAU
➔ The IAS/IAU head can liaise on behalf of, and with authority
from, the DS/HoA or the GB/AuditCom, with other external
reviewers as part of the organization’s governance
arrangements. It is critical that these activities are performed
with authority from the DS/HoA or the GB/AuditCom.

IAS/IAU and Professional Bodies
the IAS/IAU
➔ It is important that the internal auditors are abreast with
professional and industry developments, and use networking
opportunities to assist in their continuing professional
development. They must continually update themselves on new
frontiers of internal auditing and respond to developments
affecting their profession, subject to applicable laws and
regulations.

the IAS/IAU
Organizational
Structure of
Figure 1 – Organizational Placement of the IAS in the OSEC the IAS/IAU
The IAS of a Department in the Executive Branch, which shall be a service-level entity, directly reports to the
DS. The organizational placement of the IAS in the Office of the Secretary (OSEC) and in the Department
proper is provided in Figure 1 and Figure 2, respectively.

the IAS/IAU
Organizational
Structure of
Figure 2 – Organizational Placement of the IAS in the Department Proper the IAS/IAU
In the case of regular agencies attached to a Department for policy and program coordination, their
respective board/council shall determine the propriety of establishing a separate unit for the purpose or avail
of the services of the IAS of the Department.

the IAS/IAU
Organizational
Structure of
Figure 3 – Organizational Placement of the Internal Audit
Department in the GOCC/GFI the IAS/IAU
GOCCs/GFIs which have original charters or those created through the Corporation Code shall likewise
establish their respective IAS/IAU, which shall be a department-level entity or its equivalent organizational
unit. The IAS/IAU shall report to the respective AuditCom of the GB of the corporation, as shown in Figure 3.

the IAS/IAU
Organizational
Structure of
Figure 4 – Organizational Placement of the IAU in the SUC
the IAS/IAU
For SUCs, its IAU, the level of which shall depend on its levelling per DBM-Commission on Higher Education
(CHED) Joint Circular (JC) No. 1, s. 2016 176 , shall report to the AuditCom of the GB of the SUC, as shown
in Figure 4.

the IAS/IAU
Organizational
Structure of
Figure 5 – Organizational Chart of an Internal Audit
Service/Department the IAS/IAU
The IAS/IAU in Departments and agencies concerned shall consist of two divisions – an Operations Audit
Division and a Management Audit Division as shown in Figure 5. The Divisions shall be headed by an Internal
Auditor V (SG 24).
Purpose, Authority
Head of the IAS/IAU
and Fu1. of
the IAS/IAU
The IAS/IAU head is responsible for ensuring that the internal audit function and engagement are delivered
efficiently and effectively toward the attainment of the IAS/IAU objectives. In doing so, the IAS/IAU head
should maintain utmost commitment to public interest and the highest degree of excellence, professionalism,
intelligence and skill.
Qualification
Standards for the
IAS/IAU Head
Purpose, Authority
Head of the IAS/IAU
and Fu1. of
the IAS/IAU
The IAS/IAU head is responsible for the following:
a. Ensuring the efficient and effective operation of the internal audit function;
b. Developing strong professional relationships with the DS/HoA or
GB/AuditCom and key stakeholders;
c. Leading the development of the internal audit strategic plan and annual
work plan that outlines the objectives, priorities and proposed internal audit Responsibilities
plan; and
d. Liaising with other policy and regulatory bodies in developing internal
audit plans for the review and approval by the DS/HoA or GB/AuditCom.

Head of the IAS/IAU
the IAS/IAU
To operate effectively, the IAS/IAU head requires a broad range of skills and
specific personal qualities which are critical to the credibility and acceptance
of the internal audit function that he/she leads. These include intellectual,
interpersonal, communication, and information technology skills. Other skills
and qualities that could be expected of the IAS/IAU head include the
following:
a. Clear understanding of the internal audit’s contribution to effective
governance;
b. Ability to develop plans and programs that contribute to the achievement Skills
of mandated objectives;
c. Strong management acumen and the ability to anticipate and assess
management control;
d. Ability to build a strong network and credibility with the DS/HoA or
GB/AuditCom and senior management; and
e. Consistent observance of ethical principles.
Purpose,
Staffing of theAuthority
IAS/IAU and Fu1. of
the IAS/IAU
➔ The rank and salary grades of the IAS/IAU staff are stipulated in
Section 4.1.3 of DBM BC No. 2004-4, and Annex A thereof.
➔ The general policies and related rules on qualification standards are
provided in Rule VIII of CSC Resolution No. 1800692, 2017 Omnibus
Rules on Appointments and Other Human Resource Actions (Revised
July 2018) dated 3 July 2018.
➔ In particular, CSC MC No. 12, s. 2006, “Qualification Standards for
IAS Positions” provides the minimum qualification standards to be
followed for the IAS/IAU positions, namely, Internal Auditor I-V (SG-11
to SG-24), and Internal Auditing Assistant (SG-8).
Purpose, Authority
Qualification Standards and
for the IAS/IAU Fu1. of
Staff
the IAS/IAU

Internal Audit Budget
the IAS/IAU
➔ To provide an effective internal audit function, it is important
that the budget is sufficient to implement the role expected of
the IAS/IAU and, in particular, responds to the priorities and
requirements of the approved strategic and annual work plan.
The DS/HoA or GB/AuditCom approves the internal audit
budget.
➔ If the approved budget is less than the proposed, the IAS/IAU
should review the audit plan and prioritize the activities that
can be undertaken for the year. Other activities may be
rescheduled in the succeeding years.
PERFORMANCE
MONITORING
AND EVALUATION
Chapter IV
Purpose, Authority
Performance Monitoring and Fu1. of
and Evaluation
the IAS/IAU
➔ Periodically assessing performance and addressing
opportunities for improvement can help maximize the
efficiency and effectiveness of the internal audit function.
Measuring performance is also the means whereby the internal
audit’s own performance is assessed and internal audit is held
accountable for the use of its resources.
➔ Since the DS/HoA or GB/AuditCom is responsible for
reviewing the performance of internal auditors, the
performance indicators must be mutually agreed upon between
the DS/HoA or GB/AuditCom and the IAS/IAU head.
Purpose, Authority
Internal Audit Performance and Fu1. of
Measurement
the IAS/IAU
Performance assessment has three (3) interrelated elements, to wit:
a. Performance measurement, which refers to the systematic
analysis of performance against targets taking account of the reasons
behind the performance and the influencing factors;
b. Rating, which refers to the judgment of progress - good or bad -
based on indicators; can also include rating another performance
dimension; and
c. Key performance indicators (KPIs), which are used to verify if
progress towards results has taken place.
Purpose, Authority
Internal Audit Performance and Fu1. of
Measurement
the IAS/IAU
➔ Management information systems and processes should be
established to record and report the required performance data
in a cost-effective way.
➔ Principal and key stakeholders’ surveys at the end of an audit
are useful and well-accepted ways of measuring the level of
satisfaction with internal audit services.
➔ It is expected that the views of the DS/HoA or GB/AuditCom
will be sought periodically, and at least once annually
Purpose, Authority
Internal Audit Annual Performance and
Report Fu1. of
the IAS/IAU
The report should contain:
a. Comments on the internal audit activities and any variance from
approved plans;
b. Progress in the implementation of the internal audit strategic and
annual work plan;
c. Highlights and challenges during the period;
d. Overall contribution of internal audit in managing the
organization’s internal control deficiencies; and
e. Issues that may require attention in relation to the internal audit
function.
A summary of the internal audit reports could be included in the

organization’s annual report.
STRATEGIC AND ANNUAL

WORK PLANNING
Part II
Practices
Chapter I

STRATEGIC AND ANNUAL WORK PLANNING
the IAS/IAU
Part II
Practices
Chapter I

STRATEGIC AND ANNUAL WORK PLANNING
Strategic Planning - is the process of identifying the key audit
the IStrategic
strategic Planning
direction of the IAS/IAU - is the
for a three-year period.
process of identifying the key

audit strategic direction of the Part II
IAS/IAU for a three-year period. Practices
AS/IAU Chapter I
1. Conduct of a Baseline Assessment of the

Internal Control System
the IStrategic Planning - is the

AS/IAU Chapter I
2. Consideration of the Control Risk of Key

Processes

AS/IAU Chapter I

3. Consideration of the Assessment of Risks

4. Assessment of the Internal Audit Risks

AS/IAU Chapter I

5. Formulation of the Strategic Plan

AS/IAU Chapter I

Development of Annual Work Plan
the IStrategic
Annual Work Plan Planning - is the
-Contains the prioritized audit areas from the Strategic Plan
process
and approved of identifying
by the he type and approachthe
of thekey
DS/HoA
or GB/AuditCom which will focus on a one-year period,
audit
audit, andstrategic direction
the timelines of the same. of the Part II
AS/IAU Chapter I

Development of Annual Work Plan

AS/IAU Chapter I
AUDIT PROCESS
Part II
Practices
Chapter II

Overview of the Audit Process

AS/IAU Chapter II
Purpose, Authority
Audit Engagement Planning and Fu1. of
AS/IAU Chapter II

Selection and Determination of the Audit Methodology

AS/IAU Chapter II
Audit Sampling
• is a scientific method of selecting the transactions to be subjected

to audit.
• Audit sampling involves the following activities:

i. Establishing the objectives of the sampling;
ii. Selecting the extent and composition of the
population to be sampled; Part II
iii. Selecting a sampling method;
iv. Determining the sample size to be taken; Practices
v. Conducting the sampling activity; and
vi. Compiling, evaluating, reporting and Chapter II
documenting results.
AS/IAU
Types of Sampling
Sampling - a scientific method of selecting the transactions

to be subjected to audit.
❑Statistical Sampling - ❑Non-statistical Sampling
involves determining the - relies solely on the
sample size objectively, auditor’s professional
selecting the samples judgment, and the
from the population auditor uses his or her Part II
randomly and own experience and
evaluating the sample knowledge to determine Practices
results mathematically the sample size and the
to draw conclusion
method for selecting the Chapter II
samples from the
about the population.
population.
Audit Execution
involves performing
the audit techniques
and procedures
enumerated in the
audit engagement
plan to gather data
and pieces of Part II
evidence to achieve
the stated audit Practices
objective/s.
Chapter II
Purpose,
Audit Reporting Authority and Fu1. of
the IStrategic
represents the
culmination of the Planning - is the
audit execution
process
and the
associated
of identifying the key
audit strategic direction of the
analysis and
considerations
Part II
made during the
IAS/IAU
audit. for a three-year period. Practices
AS/IAU Chapter II

Audit Follow-up

a monitoring and
feedback activity
undertaken to
ensure the extent
and adequacy of
preventive/correcti
audit strategic direction of the
ve actions taken by
the management to Part II
IAS/IAU for a three-year period.
address the
inadequacies
identified during
Practices
AS/IAU
the audit.
Chapter II
Compliance Audit of the SALN, DBIFC, and

Identification and Disclosure of Relatives (IDR) in
Government Service of Public Officials and
Employees
process
• the IAS/IAUofmayidentifying
conduct compliance the audit ofkey
the
submission of the SALN, DBIFC, and IDR in
audit strategic
government direction
service of public of theto
officials and employees
Part II
determine whether or not such documents have been
IAS/IAU for a pursuant
properly accomplished three-yearto RA No. 6713period.
and its
Practices
IRR, as amended, RA No. 3019, and other related laws
AS/IAU
and jurisprudence. Chapter II
Audit Process (cont.)
3. Use of Work of Other Experts

Experts – persons who acquired special knowledge, skill, experience or
training in a particular field other than auditing.
Expert task in auditing is expertise gained in the course of the audit

activities, it must performed in a way that does not endanger the impartiality of
audit activities.
Part II
The Auditor may use the work of an expert as evidence but the full
responsibility retains to the Auditor for the contents of the audit report Chapter I
3. Use of Work of Other Experts

Steps Auditors should consider
A. Obtain information on the qualifications, competence or specialization of
the experts;
B. Consider the nature, complexity and materiality of the matter,
assumptions used and corroborative evidence available
C. Consider the objectivity of the expert; and
D. Advise the expert on what the work is being used for and the purpose Part II
Chapter I
4. Integration and Preparation of the Highlights of Audit Findings
a. The IAS/IAU must be able to establish not only the facts and
circumstances but also the why’s, the what’s and the how’s of the non-
compliance. (Albert v. Gangan G.R. 126557, 6 March 2001)
A finding of probable cause for non-compliance needs only to rest on evidence

showing more likely than not the act/s or omission/s of the person responsible Part II
had caused the noncompliance with laws, rules and regulations and managerial
policies and operating procedures in the agency including compliance with Chapter I
accountability measures, ethical standards and contractual obligations, which
may warrant the conduct of proceedings (Tupaz v. Office of the Ombudsman
G.R. No. 212491-92, March 6, 2019
4. Integration and Preparation of the Highlights of Audit Findings
B. “Prima facie requires a degree of quantum of proof greater than probable cause. It
denotes evidence, if unexplainable or uncontrollable, is sufficient to sustain a
prosecution or establish the facts as to counterbalance the presumption of innocence
and warrant conviction” (Cometa v. Court of Appeals, G.R. No. 126005, 21 January
1999, De Lima v. Guerrero, et.al. G.R. 229781, 10 October 2019)
The audit findings supported by substantial evidence are deemed admitted by the
Part II
auditee if not converted by any evidence to overcome the same, the burden of proof is
the duty of a party to present evidence on the facts in issue necessary by law, burden of
Chapter I
proof never shifts (Supreme Court A.M. No. 19-08-15-SC Proposed Amendment of
the Revised Rules of Evidence” 8 October 2019)
Internal Audit Performance Monitoring and Evaluation
1. Performance Monitoring Evaluation
Assessing the performance and addressing opportunities for improvements of

the Internal Audit functions periodically can help maximize its efficiency and
effectiveness whereby the internal audit’s own performance is judged and held
accountable for its functions and use of resources. It demonstrate the saying
“practices what is preaches.” The Head of Agency/Department Secretary is
responsible for periodically reviewing the performance of the internal audit and Part II
approved the performance indicators used.
Chapter III
2. Steps in Performance Evaluation
21. Determination of KPIs

KPIs include measurements of the IAS/IAU accomplishment per Audit
engagement, such as:
A. Timely completion of each audit engagement
B. Benefits exceed the cost of audit
C. Cost of Audit is within the approved budget Part II
D. Number of audit findings approved by the DS/HoA
E. Number of Recommendations implemented by the auditee Chapter III
2.1. Determination of KPIs (cont.)

f. Number of audit support activities undertaken;
g. Internal audit staff satisfaction; and
h. Overall contribution made by the IAS/IAU
2.2. Design of the Performance Monitoring Reports Part II

The report forms should provide for the relevant information regarding the
IAS/IAU performance outputs on a per engagement basis summarized on a Chapter III
periodic basis. It must be aligned with the KPIs
Performance Monitoring Evaluation
Sample of DENR Individual Performance and Commitment Review
Part II
Chapter III
2.3. Preparation of Evaluation Report

It is good for the IAS/IAU to prepare an evaluation report on its
performance after an audit engagement for the information and advice of the
DS/HoA
Part II
Chapter III
3. Performance Monitoring by the IAS/IAU Head
3.1. Review of Progress Assessment Report

The Progress Assessment Report focuses whether or not:
● Audit objectives are met as reflected in the audit findings and
recommendations;
● Findings and recommendations are based on facts and substantial
evidence and in compliance with relevant laws, rules and regulations; Part II
● Internal auditing standards (NGICS, PGIAM and other relevant
standards) pursuant to DBM rules and regulations are applied; Chapter III
3.1. Review of Progress Assessment Report

The Progress Assessment Report focuses whether or not:
● Findings and recommendations promote the adequacy of internal control
pursuant to DBM rules and regulations;
● High standards of ethics and efficiency of public officials and employees
are observed pursuant to CSC rules and regulations Part II
● Note: Audit Team leader shall ensure that audit engagements are assessed Chapter III
at the stage before the exit conference
3.2. Review of Completion Assessment Report

The Completion Assessment Report focuses on the :
● Overall effectiveness and efficiency of the IAS/IAU in accordance with
DBM rules and regulations;
● Findings and recommendations which are based on facts and substantial
evidence and in compliance with relevant laws, rules and regulation; Part II
● Application of internal auditing standards (NGICS, PGIAM and other
relevant standards) pursuant to DBM rules and regulations; Chapter III
3.2. Review of Completion Assessment Report

The Completion Assessment Report focuses on the :
● Findings and recommendations which promote the adequacy of internal
control pursuant to DBM rules and regulations; and
● High standards of ethics and efficiency of public officials and employees
are observe pursuant to CSC rules and regulations. Part II
Note: Audit Team leader shall ensure that audit engagements are assessed at the Chapter III
stage before the exit conference
4. Performance Evaluation by the DS/HoA or GB/AuditCom
Monitor and evaluate the Performance of IAS/IAU through:

4.1. Review of the Internal Audit Report
● The hierarchy of applicable internal auditing standards and practices as
discussed in Chapter 1 of PGIAM-Part 1 are adhered to;
● All audit findings are formulated and synthesized based on the 4cs
(criteria, condition, conclusion, probable cause); Part II
● Findings are supported by sufficient audit evidence and the quantum of
evidence required to support an audit finding is substantial evidence Chapter III

● The recommendations are feasible, cost-effective, and cost-efficient, find
sufficient basis in law, evidence-based and classified as: i. Preventive
actions and ii. Corrective actions
● At any point, when significant risks/issues arise, the IAS/IAU will Part II
prepare an Interim Report to the DS/HoA to communicate findings,
issues, and problems that may affect the conduct of the audit and may Chapter III
expose the organization to considerable risks

The Interim Report contains the following:
I. Gaps or control deficiencies/breakdown noted during the documentation
of the components of the internal control system and the key processes in Part II
the operating and support systems;
II. Gaps or control deficiencies/breakdown found out after the conduct of Chapter III
the review and evaluation of the flowchart and narrative notes or conduct
of walkthrough; and
III. 3. Gaps or control deficiencies/breakdown after the conduct of the test of
controls

4.2. Preview of the IAS/IAU Performance Report
At the close of every year, the DS shall review the performance of the
IAS/IAU through the various reports/outputs that are submitted to their office
such as baseline assessment report, assessment of internal audit risk report,
annual audit plan, audit engagement report, audit follow-up report and Part II
performance monitoring evaluation report. The DS shall review the adequacy
of the internal audit as part of the internal control system Chapter III
5. Oversight Function of the DBM over IAS/IAU
The DBM is responsible for the efficient and sound utilization of funds and
revenues. Pursuant to this mandate, it “shall assist the President in the preparation of a
national resources and expenditures budget, preparation, execution and control of the
National Budget, preparation and maintenance of accounting systems essential to the
budgetary process, achievement of more economy and efficiency in the management
of government operations, administration of compensation and position classification
systems, assessment of organizational effectiveness and review and evaluation of
Part II
legislative proposals having budgetary or organizational implications.
The Administrative Code of 1987, ad amended, also empowers the DBM to
Chapter III
evaluate agency performance and to monitor budget performance and assess the
effectiveness of the agencies’ operations, including IAS/IAU, to wit:
5. Oversight Function of the DBM over IAS/IAU
Administrative Code of 1987, as amended states:

Section 51. Evaluation of Agency Performance
Section 52. Budget Monitoring and Information System
The DBM review the performance of IAS/IAU by focusing on the evaluation of
its effectiveness and efficiency as part of internal control system. Relevant
documents maybe requested that will aid in the DBM review: Part II
I. Internal Audit Memorandum
II. Baseline Asseement Report Chapter III
III. Annual Internal Audit Report
IV. Internal Audit Follow-up Report
V. Performance Monitoring Evaluation Report
6. Rule-Making Power of the DBM
a. DBM shall be responsible for the efficient and sound utilization of

government funds and revenues to effectively achieve our country’s Administrative Code of 1987
development objectives. Assist the President in the preparation, execution and (Executive Order 292)
Chapter 1 , Section 2
control of the National Budget and the achievement of more economy and Chapter 2, Section 3
efficiency in the management of government operations. OP AO No. 119 dated 29 March
1989
DBM Circular No. 2004-04
b. DBM issues rules and regulations through circulars and other issuances on dated March 22, 2004, DBM
budget management matters Circular Letter No. 2008-5
dated 14 April 2008 & DBM
Circular Letter No. 2011-05
dated 19 May 2011
7. Request for DBM Opinions/Ruling/Interpretations
In the conduct of compliance audit, the IAS/IAU may find some violations
by the auditee of compliance with rules and regulations and/or DBM Circulars
Administrative Code
and management matters, the same may be elevated to the BDM having vested
of 1987 (Executive
with the power to promulgate their own rules and regulations, if a violation of
Order 292)
their rules has been committed by an agency.
The Congress has endowed administrative agencies like DBM with the Chapter 2, Section 6
power to make rules and regulations to implement a given legislation and Authority and
effectuate its policies (G.R. No. 153266 dated March 18, 2010 Gutierrez v. Responsibility of the
DBM) Secretary
Sample of the Evaluation and Review of the Implementation

of DENR R2 Citizen’s Charter on certain frontline services
Part II
Chapter III
Sample of the Evaluation and Review of the Implementation

of DENR R2 Citizen’s Charter on certain frontline services
Part II
Chapter III
Part II
Chapter III
Part II
Chapter III
Part II
Chapter III
Part II
Chapter III
Part II
Chapter III
INTERNAL AUDIT SERVICE
(IAS)
INTERNAL AUDIT SERVICE (IAS)
INTERNAL AUDIT SERVICE MISSION
To continuously assist management in improving policies, processes and

operations on the basis of independent and objective appraisal of Internal
Controls in all DENR Offices and attached agencies
INTERNAL AUDIT SERVICE VISION

Internal Audit Service
DENR Audit Service recognized as key agent of change and valued for its (IAS)
independence, professional competence and commitment towards sustained
governance
Note: Pursuant to DBM Circular Letter No. 2011-05, Philippine Government

Internal Audit Manual Sec. 3.2, Functions of IAS/IAU, page 8.
DENR Internal Audit Service Functions
1. Advise the Department Secretary/Head of Agency on all matters
relating to management control and operations audits
2. Conduct management and operations audits of
Department/Agency functions, programs, projects, activities with
outputs and determine the degree of compliance with mandate,
policies, government regulations, established objectives, systems
and procedures/processes and contractual obligations.
3. Review and appraise systems and procedures, organizational
structures, asset management practices, financial and Internal Audit Service
management and management records, reports and performance (IAS)
standards of the department proper, bureaus and regional offices.
DENR Internal Audit Service Functions (cont.)
4.Analyze and evaluate management control

deficiencies and assist top management by
recommending realistic sources of action
5.Perform such other related duties and responsibilities
as may be assigned or delegated by the Secretary or as
may be required by law.

(IAS)
Legal Bases:
1. Presidential Decree No. 1
Abolished the IAS created under RA 3455,as amended by RA
4177, and transferred the function to the Mangement Division
● Republic Act 3455 (Internal Auditing Act of 1962 –An act
providing for creation, organization and operation of
internal audit services in all departments, bureaus and
offices of the national government
● Republic Act 4177 – Amendment of RA 3455, particularly Internal Audit Service
Section 2, 3, & 4 (IAS)
Legal Bases: (cont.)
2. Administrative Code of 1987 or EO 292
● Provided that the “responsibility to take care that such policy is
faithfully adhered to rests directly with the chief or head of the
government agency concerned
● Created an IAS in the DPWH to conduct comprehensive audit of
various Department activities
3. AO 278 & AO 70 Internal Audit Service

● Provided authority for the creation of an IAS and its functions, (IAS)
duties and activities.
4. DBM Budget Circular 2004-4

● Highlighted the policy guidelines in the organization, staffing,
positions and salary grades of the IAS
Legal Bases: (cont)
5. DBM-CS Joint Resolution No. 1, s. 2006
● Rationalization Program’s Organization and Staffing Standards and
Guidelines
● Provided for the creation of an IAS/IAU with its functions in line with
Executive Order No. 366
6. DBM Circular Letter No. 2008-5

● Provided the guidelines in the organization and staffing of an Internal
Audit Service/Unit and Management Division/Unit in
Departments/Agencies/GOCCs/GFIs concerned. (IAS)
7. Issuance of National Guidelines on Internal Control Systems (NGICS) to

promulgate the necessary rules, regulations or circulars for strengthening of the
internal control system of government agencies
Legal Bases: (cont)DBM-CS Joint Resolution No. 1, s. 2006
8. DBM Circular Letter No. 2011-5
● Philippine Government Internal Audit Manual (PGIAM)
● Used as Generic Manual for Government Internal Auditors
● Governs IA work in government providing the standars, policies,
institutional arrangements, protocol and processes
9. COA Resolution No. 2018-007

● Adopting of the Internal Auditing Standards for the Philippine Public
Sector (IASPPS) and Internal Control Standards for the Philippine Internal Audit Service
Public Sector (ICSPPS) in all government agencies (IAS)
Prepared by Group 2
George Erfe
Sherry Mae Esteleydes
Nerissa Evasco
Richelyn Guiriba
Myreen L. Guzman
Thank You!
Lovely Grace P. Ibus
Raymond Vicente M. Juan
Mary Grace V. Jucutan
Rose Jane Ladaran
Maria Leonora Laurente

Final Version MPA 626 Group 2 Presentation

Uploaded by

Copyright:

Available Formats

Final Version MPA 626 Group 2 Presentation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final Version MPA 626 Group 2 Presentation

Uploaded by

Copyright:

Available Formats

INTERNAL CONTROL

The Mission of Internal Audit

“To enhance and protect

Internal Auditing is an independent,

1. Philippine Application Guidelines (PAG)

Republic Act No. 6713 - Code of Conduct

Code of Ethics of the Institute of Internal

- May vary in each agency, may

The internal audit service (IAS) must be independent, and

DUAL REPORTING (avoid bias) - head of Internal Audit - direct

The head of internal audit must communicate and interact

Internal auditors must have an impartial, unbiased attitude and avoid

Impairment to organizational independence and individual objectivity may

● If independence or objectivity is impaired in fact or appearance, the details of

● If internal auditors have potential impairments to independence or objectivity relating to

Engagements must be performed with proficiency and due professional

Internal auditors and IAS as a whole, must possess the knowledge,

Internal auditors must apply the care and skill expected of a

● Includes: conformity with the Code of Ethics, Code of Conduct, and

● Obtaining appropriate education, experience, certifications, and

Internal auditors must enhance their knowledge, skills, and other

Includes participating in conferences, seminars, training programs, online courses

The head of internal audit must develop and maintain a Quality

The quality assurance and improvement program (QAIP) must

Internal assessments must include:

Sufficient knowledge of internal audit practices requires at least an understanding of all

External assessments must be conducted at least once every five years by a

Nonconformance with the Code of Ethics or the IASPPS impacts the

● Disclosures - discussion (meeting, private sessions, one-on-one, or other appropriate

1. An internal auditor was assigned to an audit engagement, but did not

The head of internal audit must effectively manage the internal

The IAS is effectively managed when it meets the following requisites:

1. Inherent risks - absence of any actions management may take to alter

The head of internal audit must communicate the Internal Audit

The head of internal audit must establish policies and procedures to

Topics generally included in the Internal Audit Manual:

The head of internal audit should share information, coordinate

The head of internal audit must report periodically to the head of

The combination of processes and structures implemented by the head of

Role of Internal Auditing - responsibility to evaluate and improve governance processes as

Planning Memo - important document to communicate engagement objectives, scope,

Objectives must be established for each engagement.

The established scope must be sufficient to achieve the objectives of the

ENGAGEMENT ALLOCATION RESOURCE

ENGAGEMENT PLAN AND WORK PROGRAM

PERFORMING THE ENGAGEMENT

Internal auditors must identify, analyze, evaluate, and document

IDENTIFYING THE INFORMATION

ANALYSIS AND EVALUATION

● Vouching - test the validity of documented or recorded information by following it backward to a

CRITERIA FOR COMMUNICATING

ERRORS AND OMISSIONS

If a final communication contains a significant error or omission, the

Use of “Conducted in Conformance with the Internal Auditing

Indicating that engagements are "conducted in conformance with the Internal

ii. The scope limitations;

COMMUNICATING THE ACCEPTANCE OF RISK

- The identification of risk accepted by management may be observed through an

Part 1 – Philippine Internal Control Framework for the Public Sector

Provides the fundamentals on internal control