A.

Objective

The objective of this working paper is to document our understanding of the client’s entity-level
controls, including:

a. Control Environment;
b. Risk Assessment;
c. Information System;
d. Control Activities; and
e. Monitoring.

B. Procedures

 Read the prior year working papers

 Interviewed Mr. Jonathan Furog, Accounting Manager, on October 13, 2015.
 Obtained relevant documents.

C. Questionnaire

Control Environment

The control environment sets the tone of an organization, influencing the control consciousness of
its people. It is the foundation for effective internal control, providing discipline and structure.

(Fill out the table when you have already obtained sufficient information)

Checkbox Checklist Remarks

 Are integrity and ethical values The Company has a vision/mission
appropriately addressed, communicated statement.
and reinforced by management?
See ____________.

 Does management take appropriate action The Company has a policy against
to remove or reduce incentives and unethical acts.
temptations toward dishonest, illegal or
unethical acts? See ____________.

 Does management set an appropriate tone None.

at the top that promotes integrity and ethical
values?

 Does management consider competence The Company has a policy on hiring

levels for particular jobs, and the employees.
employees possess requisite skills and
knowledge. See _____________.

 Do those charged with governance have See Company Profile.

adequate experience and stature?

 Is an adequate process of reviewing No review of internal controls done,

internal controls in place? although management is closely
involved in the company’s day to
day operations.
 Does management’s philosophy and Observed.
operating style appropriately encompass:
an approach to taking and monitoring

1
 Checkbox Checklist Remarks
business risks, attitudes and actions toward
financial reporting, conservatism with which
accounting estimates are developed, and
attitudes toward information processing
and accounting functions and personnel?

 Does the organizational structure provide See Organizational Chart.

for appropriate lines of reporting to key
areas of authority?

 Do personnel adequately understand the Interviewed one personnel and

entity’s objective? determined that he understood the
company’s objectives.

 Do human resource policies and practices See ______________.

appropriately relate to recruitment,
orientation, training, evaluating,
counseling, promoting, compensating, and
remedial actions?

Q: Are there any risks to the control environment? None.

Q: If yes, describe and include overall and specific audit response. N/A.

Risk Assessment Process

An entity’s risk assessment process is the process for identifying and responding to business risks
and the results thereof. For financial reporting purposes, it includes how management identifies
risks relevant to the preparation of financial statements that are presented fairly in conformity with
International Financial Reporting Standards.

Does management assess the following conditions on the entity’s ability to prepare financial
statements that are free from material misstatement?
 Changes in operating environment.
 New personnel.
 New or revamped information systems.
 Rapid growth.
 New technology.
 New business models, products, or activities.
 Corporate restructurings.
 Expanded foreign operations.
 New accounting pronouncements.
 Changes in economic conditions.

Remarks:
Determined upon reading the minutes of the meetings. See _____________.

Q: Are there any risks to the risk assessment process? None.

Q: If yes, describe and include overall and specific audit response. N/A.

Information Systems

2
The information system relevant to financial reporting objectives consists of the procedures to
initiate, authorize, record, process, and report entity transactions (as well as events) and to maintain
accountability for the related assets, liabilities, and equity.

See IT Environment Survey Form

See General IT Controls Memo (If no General Controls Memo, insert understading of IT
environment here.

Q: Are there any risks to the information systems? Yes. See GITC Memo
Q: If yes, describe and include overall and specific audit response. Audit around the box will be the
adopted approach.

Control Activities

Control activities are the policies and procedures that help ensure that management’s directives
are carried out.

Refer to test of controls on ____________.

Q: Are there any risks to the information systems? Yes. See Test of Controls.
Q: If yes, describe and include overall and specific audit response. Substantive approach will be
adopted.

Monitoring

Monitoring is done to ensure that internal controls continue to operate effectively over time.

Remarks:
The company has no internal audit function to help those charged with governance check on the
internal controls. However, this is compensated by the fact that management, and to some extent,
those charged with governance are active in the Company’s day to day operations.

Q: Are there any risks to the information systems? None.

Q: If yes, describe and include overall and specific audit response. N/A.