Professional Documents
Culture Documents
Coa Qms Manual
Coa Qms Manual
Coa Qms Manual
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Contents
1. INTRODUCTION .............................................................................................................. 1
2. AGENCY PROFILE AND MANDATE ........................................................................... 1
2.1. Agency Profile ....................................................................................................... 1
2.2. Mandate ................................................................................................................... 5
3. VISION, MISSION, AND CORE VALUES .................................................................... 6
3.1. Vision ....................................................................................................................... 6
3.2. Mission .................................................................................................................... 6
3.3. Core Values ............................................................................................................ 6
4. QUALITY POLICY ........................................................................................................... 7
5. SCOPE AND APPLICATION ......................................................................................... 8
6. OPERATIONAL PROCESSES ...................................................................................... 9
6.1. Planning .................................................................................................................. 9
6.2. Audit Execution ..................................................................................................... 9
6.3. Conclusions and Reporting ............................................................................... 9
6.4. Follow-up .............................................................................................................. 10
6.5. Monitoring Quality Control on Audit Services ............................................ 10
7. INTERNAL AND EXTERNAL ISSUES ....................................................................... 11
8. PROCESSES .................................................................................................................. 12
8.1. Management Processes ..................................................................................... 13
8.1.1. Strategic Planning .................................................................................... 13
8.1.2. Internal Audit .............................................................................................. 14
8.1.3. Policy Formulation and Development ................................................. 14
8.1.4. Performance Review and Assessment ............................................... 14
8.1.5. Risk Management ..................................................................................... 16
8.1.6. Quality Assurance .................................................................................... 16
8.1.7. Communication and Stakeholder Management................................ 17
8.1.8. Compliance Monitoring ........................................................................... 17
8.1.9. Feedback Management ........................................................................... 17
8.2. Support to Operations ......................................................................................... 18
8.2.1. Capacity Building...................................................................................... 18
8.2.2. Human Resource Management ............................................................. 18
8.2.3. Financial Management Services ........................................................... 18
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 1 of 23
1. INTRODUCTION
The COA Quality Manual (QM) defines and mandates the policies, systems and
procedures adopted to implement and continuously improve the Quality Management
System (QMS) of the Commission.
Describe the basic elements of the QMS of the Commission which shall serve as
reference in the implementation and continual improvement.
The COA QM considers gender and development in the formulation of the business
process model of the Commission.
The Commission on Audit, along with the Civil Service Commission and the
Commission on Elections, collectively known as the Constitutional Commissions, are
independent bodies which came into existence under the 1973 Constitution. Under
this Constitution, COA was given a broader area of audit coverage by including the
accounts of all subdivisions, agencies, instrumentalities of government and
government-owned-and-controlled corporations among those to be examined,
audited and settled. The creation of the Commission on Audit was a transformation
from a one-man General Auditing Office lead by an Auditor General established
under the Commonwealth of the Philippines in 1935 into a three-man collegial body.
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 2 of 23
To implement the transformation, Presidential Decree No. 898 dated March 3, 1976
was passed mandating the complete reorganization of the Commission on Audit.
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 3 of 23
The Audit Sectors – consists of the National Government Sector (NGS), the
Corporate Government Sector (CGS), and the Local Government Sector (LGS); each
headed by an Assistant Commissioner. These sectors assist the CP/Chairperson on
matters pertaining to the audit of national government agencies (NGAs), government-
owned and/or controlled corporations (GOCCs) and local government units (LGUs).
They recommend accounting and auditing standards for NGAs/GOCCs/LGUs to the
PSASB and PSAuSB, respectively; formulate/recommend policies, rules and
regulations on government accounting and auditing including those for the prevention
of IUEEU expenditures, for consideration of the CP/Chairman. They are in-charge of
formulating plans, programs, operating standards and administrative techniques
relative to the performance of the functions of the sectors; conduct/oversee the
comprehensive audit of accounts and transactions pertaining to revenue and
receipts, expenditures and uses of funds and property and recommend measure to
improve the operations of NGAs/GOCCs/LGUs; implement auditing standards,
policies, rules and regulations in the sectors; monitor the implementation of
accounting standards, policies, rules and regulations by NGAs/GOCCs/LGUs; and
assist the GAS in the preparation of the consolidation of the annual financial report of
the NGAs/GOCCs/LGUs based on audited financial statements.
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 4 of 23
The Operating Support Sectors – consist of various sectors that perform respective
varied administrative functions, generally described as follows:
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 5 of 23
The COA Regional Offices – consists of sixteen (16) regional offices outside of
Metro Manila. Each regional office is headed by a Regional Director who is
responsible for the audit of agencies located within the regional jurisdiction and for
transmitting the regional audit reports of agencies to the concerned Cluster Director
in the Central Office for consolidation, and the Annual Audit Reports of LGUs and
stand-alone agencies in the region to their respective heads.
2.2. Mandate
Article IX-D of the 1987 Constitution provides that the Commission on Audit is vested
with the power, authority, and duty to:
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 6 of 23
2.2.1. Examine, audit and settle all accounts pertaining to the revenue and
receipts of, and expenditures or uses of funds and property owned or
held in trust by, or pertaining to, the government.
2.2.3. Submit annual reports to the President and the Congress on the
financial condition and operation of the government.
2.2.5. Keep the general accounts of government and preserve the vouchers
and supporting papers pertaining thereto.
2.2.7. Performs such other duties and functions as may be provided by law.
3.1. Vision
3.2. Mission
God Centeredness
We believe that everything comes from God and, therefore, our highest
accountability is to Him.
Patriotism
We commit to serve the interest of the Filipino people and the country which
shall have priority over all other considerations.
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 7 of 23
Excellence
We pursue world-class audit services availing of state-of-the-art technology
in conformity with international standards and best practices.
Integrity
We discharge our mandate in adherence to moral and ethical principles and
the highest degree of honesty, independence, objectivity and
professionalism.
Professionalism
We believe in the continuous enhancement of the skills, competence and
expertise of our personnel in the basic right of every member of the
organization to self-development and well-being.
4. QUALITY POLICY
As the nation’s Supreme Audit Institution and enabling partner of public sector
organizations, the COA is committed to pursuing organizational excellence by:
Providing audit services in conformity with the Philippine Public Sector Standards
on Auditing anchored on the International Standards of Supreme Audit
Institutions (ISSAIs) and best practices;
Adhering strictly to legal, moral and ethical principles and the highest degree of
integrity, independence, objectivity and professionalism;
Strengthening competent and empowered workforce;
Adopting and applying continuously state-of-the-art technology and approaches
towards enhancing audit services;
Complying with pertinent laws, rules and regulations, and other
applicable requirements in performing the constitutional mandates of the
Commission;
Partnering with relevant interested parties in fostering good governance;
Enhancing internal support mechanisms to the audit process; and
Ensuring continual improvement of the QMS, COA policies, rules and regulations.
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 8 of 23
To attain this commitment, the COA monitors and reviews its quality performance
through the implementation of an effective QMS.
COA has four core processes which are key to the performance of its constitutional
mandates. These are anchored on its four Major Final Outputs. These core
processes are as follows:
The stations of these audit clusters and their respective audit groups/teams are
located in various sites, as follows:
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 9 of 23
6. OPERATIONAL PROCESSES
The COA’s major core process, Government Auditing Services, COA’s major core
process, consist of the following key activities:
6.1. Planning
Under this step, the results of the audits conducted are communicated to the
agency and oversight bodies. Accumulated results of financial, compliance, and
performance audits are summarized at the end of the audit. Significant
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 10 of 23
At the end of the audit, the auditor prepares a written auditors’ report containing
opinion on the agency’s financial statements as well as observations arising
from the audit. The auditor’s report, addressed to the agency, clarifies facts and
issues gives management the opportunity to provide further information and
communicates with those charged with governance the observations arising
from the audit that are significant and relevant to their responsibility to oversee
the financial reporting process.
6.4. Follow-up
The auditees are responsible to act upon the audit observation and
recommendation provided by COA during the conduct of audit. To facilitate the
process, the COA has provided for a mechanism to enforce compliance of the
activity, through the Agency Action Plan on the Status of Implementation
(AAPSI) of audit recommendations. The AAPSI is a tool for the agency to
signify its action plans on the observations and recommendations provided by
the auditors.
Further, the Auditor uses Action Plan Monitoring Tool (APMT) as guide in
conducting a structured monitoring process of prior years’ recommendations on
the audit observations noted.
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 11 of 23
The following internal and external factors are considered to affect the efficient
delivery of services in accordance with the mandate:
Political Economic
1. Peace and Order 1. National economies and trends
2. Government policies 2. International Credit Standing
3. Current and anticipated legislations 3. Monetary and fiscal policies
4. International and local influences
5. Leadership in the government
6. Oversight and regulatory bodies and
policies
Social Technology
1. Media views 1. Technological developments
2. Demographics and Man-power 2. Technological capacity
complement International and 3. Connectivity
domestic relations 4. Technological dependencies
3. Image of the organization 5. Information and communications system
4. National and organizational events 6. Infrastructure
5. Internal conflicts
6. Inter and intra-agency communication
and collaboration
7. ASEAN Integration
8. Gender and Development
Environment/Ecological
1. Natural and man-made calamities
2. Proximities to stakeholders and among offices
3. Building conditions
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 12 of 23
8. PROCESSES
The PDCA Cycle is applicable to all auditing processes and to the quality
management system as a whole.
The above services and outcomes are defined and further described in the process map
below.
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 13 of 23
In developing its Strategic Plan, the COA starts with identifying the
needs and expectations of its internal and external stakeholders,
analyzing existing COA practices, competencies and skillset of the COA
workforce; and identifying gaps between expectations and capacities of
the COA and formulates goals, objectives and initiatives to address
these gaps.
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 14 of 23
QMS Audit
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 15 of 23
Management Review
4. Adequacy of resources
5. Effectiveness of actions taken to address risks and opportunities
6. Opportunities for improvement
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 16 of 23
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 17 of 23
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 18 of 23
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 19 of 23
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 20 of 23
IT Risk Management
IT Performance Measurement
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 21 of 23
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 22 of 23
The following are the stakeholders and their requirements that have significant
impact on the operations of the Commission:
Government Commission for Audit results affecting oversight functions that will
GOCCs (GCG) influence decisions of the GCG
Bureau of Internal Revenue Compliance with the Revenue regulations for the
issuance of the Certificate of Tax Withheld
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM-01
Revision No.: 0
QUALITY MANAGEMENT SYSTEM MANUAL Effectivity Date: 29 Dec 2016
Page No.: Page 23 of 23
THIS DOCUMENT WHEN PRINTED is an UNCONTROLLED COPY. ENSURE that the printed copy being used is the
current version by checking the effectivity date of the CONTROLLED COPY in the FILE SERVER/WEBSITE.
COMMISSION ON AUDIT Document Code: COA-QMSM_LAGT
Revision No.: 0
LIST OF AUDIT GROUPS AND TEAMS Effectivity Date: 29 Dec 2016
Page No.: 1 of 10
APPENDIX “A.1”
Team
Audit Group Agencies under the Team Address
No.
A - Bangko
Sentral ng HO-01 BSP - Monetary Stability Sector
Pilipinas
(BSP) HO-02 BSP - Treasury Department
Team
Audit Group Agencies under the Team Address
No.
Team
Audit Group Agencies under the Team Address
No.
A
LBP North NCR Branches Group Cluster
NCR-02
C
LBP South NCR Branches Group Cluster
NCR-03
A
LBP South NCR Branches Group Cluster
NCR-04
B
LBP South NCR Branches Group Cluster
NCR-05
C
NCR-06 LBP Subsidiaries
LBP Insurance Brokerage, Inc.
LBP Leasing and FinanceCorporation
NCR-06 Masaganang Sakahan, Inc.
Land Bank Resources and
Development
Corporation
D- HO - 01- Receivership and Liquidation
Philippine HO-01
Sector/ Examination Resolution Sector
Deposit SSS Building 6782,
Insurance HO - 02- Corporate Services Ayala Avenue corner
Corporation HO-02 Rufino Street 1226,
Sector/Management Services Sector
(PDIC) Makati City
HO - 03- Deposit Insurance Sector/Legal
HO-03
Affairs Sector
SSS Building 6782,
Ayala Avenue corner
GSIS Family Bank
Rufino Street 1226,
Makati City
Liwasang Bonifacio,
HO-034 Philippine Postal Savings Bank, Inc.
Manila
COMMISSION ON AUDIT Document Code: COA-QMSM_LAGT
Revision No.: 0
LIST OF AUDIT GROUPS AND TEAMS Effectivity Date: 29 Dec 2016
Page No.: 4 of 10
APPENDIX “A.2”
Audit Team
Agencies under the Team Address
Group No.
NGS 6-A- DOH-San Lazaro Compound,
NCR-01 DOH - OSEC General Fund 101
DOH AG I Sta. Cruz, Manila
DOH-San Lazaro Compound,
NCR-02 DOH - OSEC General Fund 102
Sta. Cruz, Manila
Audit Team
Agencies under the Team Address
Group No.
Amang Rodriguez Memorial Medical Sumulong Highway, Marikina
NCR-03
Center (ARMMC) City
Dr. Jose N. Rodriguez Memorial
NCR-04 Novaliches, Quezon City
Hospital
San Lorenzo Ruiz Women's Santulan, Malabon, Metro
NCR-05
Hospital (SLRWH) Manila
Padrigal Street, Karuhatan,
Valenzuela Medical Center (VMC)
Valenzuela City
National Nutrition Council (NNC)
2332 Chino Roces Avenue
NCR-06 Main/DOH Treatment and
Extension, Taguig City
Rehabilitation Center (TRC)-Bicutan
NGS 6-D- DSWD-OSEC General Fund
NCR-01 Batasan Hills, Quezon City
DSWD AG 101/Other Funds
NCR-02 DSWD-OSEC FAPs/Fund 102 Batasan Hills, Quezon City
#389 San Rafael corner
NCR-03 DSWD-NCR Legarda Street, Sampaloc,
Manila
#2 Chicago Street corner
Inter-Country Adoption Board Ermin Garcia, Brgy.
NCR-04
(ICAB) Pinagkaisahan, Cubao,
Quezon City
NCDA Building, Isidora Street,
National Council on Disability Affairs
Barangay Holy Spirit, Diliman,
(NCDA)
Quezon City
Council for the Welfare of Children CWC No. 10, Apo Street, Sta.
NCR-05
(CWC) Mesa Heights, Quezon City
56 Matimtiman Street,
Juvenile Justice and Welfare
NCR-06 Teachers’ Village East,
Council (JJWC)
Quezon City
DOST Compound, General
NGS 6-E-
NCR-01 DOST OSEC Santos Avenue, Bicutan,
DOST AG I
Taguig City
DOST Compound, General
NCR-02 DOST NCR/Region IV-B Santos Avenue, Bicutan,
Taguig City
Philippine Atmospheric, Agham Road, Science Garden
NCR-03 Geophysical and Astronomical Complex, Diliman, Quezon
Services Administration (PAGASA) City
Philippine Institute of Volcanology C. P. Garcia Avenue, U.P.
NCR-04
and Seismology (PHIVOLCS) Diliman, Quezon City
COMMISSION ON AUDIT Document Code: COA-QMSM_LAGT
Revision No.: 0
LIST OF AUDIT GROUPS AND TEAMS Effectivity Date: 29 Dec 2016
Page No.: 6 of 10
Audit Team
Agencies under the Team Address
Group No.
Philippine Council for Industry, 4 and 5 Floor, Science
Energy Research and Emerging Heritage Building, DOST
NCR-05
Technology Research and Compound, Bicutan, Taguig
Development (PCIEERD) City
1st & 2nd Level Science
Heritage Building, DOST
NCR-06 Science Education Institute (SEI)
Compound, Bicutan, Taguig
City
Science and Technology General Santos Avenue,
Information Institute (STII) Bicutan, Taguig City
NGS-6-F- Information and Communication C. P. Garcia Avenue, UP
NCR-01
DOST AG II Technology Center (ICTO) Diliman, Quezon City
Food and Nutrition Research DOST Compound, Bicutan,
NCR-02
Institute (FNRI) Taguig City
Metal Industry Research and General Santos Avenue,
NCR-03
Development Center (MIRDC) Bicutan, Taguig City
Industrial Technology Development DOST Compound, Bicutan,
NCR-04
Institute (ITDI) Taguig City
Philippine Textile Research Institute General Santos Avenue,
NCR-05
(PTRI) Bicutan, Taguig City
Advance Science and Technology C. P. Garcia Avenue, U.P.
NCR -06
Institute (ASTI) Diliman, Quezon City
Philippine Nuclear Research Commonwealth Avenue, U.P.
NCR-07
Institute (PNRI) Diliman, Quezon City
NGS-6-G- Philippine Science High School- Agham Road, Diliman,
NCR-01
DOST AG III Main (PSHS-Main) Quezon City
National Academy of Science and General Santos Avenue,
NCR-02
Technology (NAST) Bicutan, Taguig City
Philippine Council for Health
DOST Compound, Bicutan,
Research and Development
Taguig City
(PCHRD)
Technology Application and General Santos Avenue,
NCR-03
Promotion Institute (TAPI) Bicutan, Taguig City
National Research Council of the General Santos Avenue,
NCR-04
Philippines (NRCP) Bicutan, Taguig City
NGS NCR- Metro Manila Development Authority EDSA corner Orense Street,
NCR-01
6-H MMDA (MMDA) Makati City
COMMISSION ON AUDIT Document Code: COA-QMSM_LAGT
Revision No.: 0
LIST OF AUDIT GROUPS AND TEAMS Effectivity Date: 29 Dec 2016
Page No.: 7 of 10
APPENDIX “A.3”
Team
Audit Group Agencies under the Team Address
No.
General Fund, Special Accounts in
Audit Group A -
NCR-01 the General Fund and related VFM Caloocan City Hall
Caloocan City
Audits
Special Education Fund, Trust Fund
NCR-02
and related VFM Audits
Team
Audit Group Agencies under the Team Address
No.
Special Education Fund, Trust Fund,
NCR-02 96 Barangays and related VFM
Audits
200 Barangays and related VFM
NCR-03
Audits
150 Barangays and related VFM
NCR-04
Audits
150 Barangays and related VFM
NCR-05
Audits
150 Barangays and related VFM
NCR-06
Audit
150 Barangays and related VFM
NCR-07
Audits
NCR-08 Pamantasan ng Lungsod ng Maynila
General Fund, Special Accounts in
Audit Group G -
NCR-01 the General Fund, 6 Barangays and Marikina City Hall
Marikina City
related VFM Audits
Special Education Fund, Trust Fund,
NCR-02 10 Barangays and related VFM
Audits
Audit Group H - General Fund and related VFM
NCR-01 Muntinlupa City Hall
Muntinlupa City Audits
Special Accounts in the General
NCR-02 Fund, Trust Fund and related VFM
Audits
Team
Audit Group Agencies under the Team Address
No.
16 Barangays and related VFM
NCR-03
Audits
General Fund, Special Accounts in
Audit Group K -
NCR-01 the General Fund and related VFM Pasay City Hall
Pasay City
Audits
Special Education Fund, 101
NCR-02
Barangays and related VFM Audits
Trust Fund, 100 Barangays and
NCR-03
related VFM Audits
General Fund, Special Accounts in
Audit Group L -
NCR-01 the General Fund and related VFM Pasig City Hall
Pasig City
Audits
Special Education Fund, 20
NCR-02
Barangays and related VFM Audits
Trust Fund, 10 Barangays and
NCR-03
related VFM Audits
General Fund, Other Special
Audit Group M -
NCR-01 Accounts in the General Fund and Quezon City Hall
Quezon City
related VFM Audits
Local Economic Enterprises and
NCR-02 Public Utilities and related VFM
Audits
Trust Fund, QC General Hospital and
NCR-03
related VFM Audits
Special Education Fund, 71
NCR-04
Barangays and related VFM Audits
71 Barangays and related VFM
NCR-05
Audits
General Fund, Special Accounts in
Audit Group N -
NCR-01 the General Fund, Trust Fund and San Juan City Hall
San Juan City
related VFM Audits
Special Education Fund, 21
NCR-02
Barangays and related VFM Audits
Audit Group O -
General Fund, Special Accounts in
Taguig City and
NCR-01 the General Fund, and related VFM Taguig City Hall
Municipality of
Audits
Pateros
Special Education Fund, Trust Fund
NCR-02
and related VFM Audits
COMMISSION ON AUDIT Document Code: COA-QMSM_LAGT
Revision No.: 0
LIST OF AUDIT GROUPS AND TEAMS Effectivity Date: 29 Dec 2016
Page No.: 10 of 10
Team
Audit Group Agencies under the Team Address
No.
28 Barangays and related VFM
NCR-03
Audits
AGENDA Date:
1. Status of Action from previous Management Review Period Covered:
2. External and internal issues that are relevant to the QMS
3. Customer Feedback/Satisfaction Data Results and Next Review Date:
Analysis Prepared by: Copy Furnished:
4. Feedback from relevant interested parties
5. Status of Performance vis-à-vis Quality Objectives/Plan
6. Cross reference to SPCR, OPCR and DPCR
results/status
7. Nonconformities and corrective actions via RFAs and RFA
Registry
8. Relevant trends related to operational processes QMS Leader / Date
9. QMS Internal Audit results
10. Performance of external providers
JO, Service Provider, Consultant, Resource Person etc.
11. Resource issues/needs and status Approved by:
12. Effectiveness of actions to identified risks via Risk
Registry
13. Risks and Opportunities
14. Suitability of the Quality Policy
15. Changes Affecting the QMS (if any) Chairperson / Date
16. Recommendations for Improvement
Expected Outputs Notes for this MR Report:
provide meeting highlights/discussion per topic
Documented Information on decisions and actions related to: ensure documented remarks, comments, action plans etc. from
1. Resource Needs people and Management
2. Any need for changes in QMS cross-refer to previous meeting minutes, as applicable
3. Opportunities for Improvement attach supporting documents to this report
attach Attendance Sheet
PROCESS PERFORMANCE AND SERVICE CONFORMITY
VIS-À-VIS QUALITY OBJECTIVES AND PLANS
Objectives and Targets Status of Corrections / Corrective Top Management Comments
No. (Per Department) Attainment Actions Taken / Recommendations
c. Other means
OTHER CONCERNS
No.
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 1 of 14
CGS Cluster 1
NGS Cluster 6
Local
Government
Sector (LGS) –
National Capital
Region (NCR)
Audit Groups
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 2 of 14
LGS-NCR Audit
Groups
Budget
Execution and
Accountability
Services
(BEAS) – Risk
Management
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 3 of 14
Budget
Preparation
Services (BPS) -
RMBO
Approved COA Information Updating of ISSP every three 1st quarter of Information
Systems Strategic Plan years 2017 Technology
(ISSP) endorsed by Medium Office (ITO)
Term Information
Technology Harmonization.
Initiative (MITHI) for FY 2018
MITHI Budget
Preparation/Submission
CGS Cluster 1
NGS Cluster 6
LGS-NCR Audit
Groups
BPS-RMBO
Office of the Ombudsman Cash Examination Reports Submit completely documented Within OAC-LGS
(CERs) with shortages and CERs and other audit reports for prescribed
other audit reports with speedy disposition of cases deadlines CGS Cluster 1
cases are forwarded to the
judicial branches for the NGS Cluster 6
prosecution of cases
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 5 of 14
Media: Availability of resource Create a pool of resource Office Order to Office of the
Philippine Daily Inquirer persons for media interviews persons who will undergo identify Chairperson
Philippine Star regarding audit results training for media interviews members of
Manila Bulletin pool – June Public
Malaya 2017 Information
Manila Times Office (PIO)
Business World Conduct of Audit Sectors
Business Mirror training on
responding to Regional Offices
Manila Standard Today
media – July-
ABS-CBN
December
GMA 7
2017
ABC 5
PTV 4
Fast-track media requests Identify point persons per On-going for PIO
CNN Philippines
for COA official documents sector/regional office who will regional offices
Rappler and reports facilitate media requests for Sectors (Audit &
documents Sectors- by end Support)
of June 2017
Regional Offices
Auditees Need to revise the outdated Create a Technical Working Within the time TWG
COA Personnel and conflicting Group to assist the Assistant specified in the
Commissioners’ (AsComs’) Office Order AsComs’ Group
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 7 of 14
Philippine Commission on Gender-responsive policies, COA has a strategic partnership 2017 COA GAD Focal
Women (PCW) rules and regulations; and linkage with PCW as Point System
consolidated audit regards GAD issues and
observations on gender and concerns, including the levelling
development (GAD); and up of gender mainstreaming
strategic partnership and efforts of COA. COA and PCW
linkages on GAD entered into a Memorandum of
Understanding (MOU) to ensure
continuing support and
implementation of GAD
programs, especially in the audit
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 8 of 14
Government Service Insurance Delay in compliance with Discuss with the Offices/ Sector Annually Technical
System (GSIS) legal requirements for the concerned the reasons for the of 2017 Services
insurance of properties. delayed/ failure in the insurance Support Division
registration of properties. - GSO
Provide assistance / guidance of
the Office/ Sector concerned in
the insurance requirements/
process of the properties
insured.
Philippine Government Non-compliance with Discuss with the BAC/ Semestral of Procurement,
Electronic Procurement System government procurement Committee /Offices concerned 2017 Property and
(PhilGEPS) policies and procedures for the reasons for non-compliance Supplies
the procurement of goods, in the procurement policies and Management
Government Procurement consulting services and procedures for the procurement Services
Policy Board (GPPB) and infrastructure projects of goods, consulting services (PPSMS) - GSO
Procurement Services (PS) and infrastructure projects.
Suppliers and contractors Delayed Payment of Discuss with the Offices Monthly of PPSMS-GSO
Utility providers procured items in concerned/requesting party/ 2017
compliance with contractual Suppliers & Contractors/ Utility Building Facilities
obligations, and providers the reasons for the and Maintenance
delay in the payment/ or non- Services-GSO
Certificate of satisfactory issuance of certificate of
completion in compliance completion in accordance with
with the Procurement Law the procurement law.
Civil Service Commission Compliance with the Regular attendance to CSC Quarterly Human
(CSC) following: Cluster Meetings for updates on Resource
a) CSC requirements on new CSC memorandum Management
qualification standards, circulars; Office (HRMO)
appointments, leave and Close coordination with the CSC As regular as Risk
Field Office possible Management
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 10 of 14
COA Compliance with auditing Design and develop Quarterly Training Design
standards and relevant coursewares with no course and
auditing rules and materials or new audit-related Development
regulations trainings Services
(TDDS) –
Professional
Development
Office (PDO)
International Organization of Compliance with Update course materials based As the need International
Supreme Audit Institutions international auditing on new international auditing arises Training and
standards standards
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 11 of 14
TDDS-PDO
Risk that the consultancy Request hiring of qualified 2017 onwards OAC - Systems
services/assistance personnel or follow-up with and Technical
requested would not be HRMO to expedite the hiring of Services Sector
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 13 of 14
The audit team might not Conduct risk assessment on the Audit team
cover all areas within the target system
given time ITAO
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-01_RIAP
Revision No.: 0
RELEVANT INTERESTED PARTIES’ Effectivity Date: 29 Dec 2016
ISSUES AND ACTION PLANS Page No.: Page 14 of 14
MITHI COA ISSP for 2018 to 2020 Updating of ISSP every three End of 4th ITO
years quarter, 2016
COMMISSION ON AUDIT Document Code: OA-QMSM-Form-02_CEP
Revision No.: 0
CONTROL OF EXTERNAL PROVIDER Effectivity Date: 29 Dec 2016
Page No.: 1 of 14
JJJ Newspapers & Magazines Daily Newspapers for the December 1, 2015 to Contract GSO
COA Central Office November 30, 2016
COMMISSION ON AUDIT Document Code: OA-QMSM-Form-02_CEP
Revision No.: 0
CONTROL OF EXTERNAL PROVIDER Effectivity Date: 29 Dec 2016
Page No.: 2 of 14
COA rules on
probationary
employment
Annual
Evaluation
Network
Monitoring Tool
PLDT (Internet Service 20Mbps Leased Line via Fiber Installation started Multi Router ITO, STSS and
Provider) Optic Cable (Secondary/ Failover December 2016 (not yet Traffic Grapher GSO, AS
ISP) operational) (MRTG)
COMMISSION ON AUDIT Document Code: OA-QMSM-Form-02_CEP
Revision No.: 0
CONTROL OF EXTERNAL PROVIDER Effectivity Date: 29 Dec 2016
Page No.: 4 of 14
Contract of
Agreement
Notice to
Proceed
Annual
Evaluation
Network
Monitoring Tool
Microsoft Philippines, Inc. Microsoft Software Licenses Three (3)-Year Enterprise Procurement ITO, STSS and
(Operating System / MS Office/ Agreement through GSO, AS
Development Tool) 2015 - 2017 Department of
Budget and
Management
Procurement
Service (DBM-
PS)
Agency
Procurement
Request
COMMISSION ON AUDIT Document Code: OA-QMSM-Form-02_CEP
Revision No.: 0
CONTROL OF EXTERNAL PROVIDER Effectivity Date: 29 Dec 2016
Page No.: 5 of 14
25 years Warranty
Moodlearning, Inc. Public Information System (PIS) Annual Maintenance Contract of Office of the
Renewal Agreement Chairperson/
May 2016 – April 2017 ITO
Columbia Technologies, Inc. Sonic Wall Comprehensive Three (3)-Year subscription Purchase Order ITO, STSS and
Gateway Start Date -November 25, Shopping GSO, AS
2015
End Date – November 24,
2018
Columbia Technologies, Inc. Symantec Mail Security for MS Three (3)-year subscription Purchase Order ITO, STSS and
Exchange (400 user licenses) Start Date -August 22, 2016 Shopping GSO, AS
End Date – August 21, 2019
Columbia Technologies, Inc. Symantec Mail Security for MS Three (3)-year subscription Purchase Order ITO, STSS and
Exchange (100 user licenses) Start Date – Shopping GSO, AS
July 2, 2014
End Date –
July 1, 2017
COMMISSION ON AUDIT Document Code: OA-QMSM-Form-02_CEP
Revision No.: 0
CONTROL OF EXTERNAL PROVIDER Effectivity Date: 29 Dec 2016
Page No.: 6 of 14
Agency
Procurement
Request
Manufacturer’s
Warranty
Certification
Columbia Technologies, Inc. Rack Mount Servers Three (3)-year warranty Public bidding ITO, STSS and
Dell Poweredge R430 (2 units) Start Date – December 28, Purchase Order GSO, AS
2015
Network Attached Storage Dell End Date – December 27, Manufacturer’s
Storage NX3230 (3 units) 2018 Warranty
Certification
Columbia Technologies, Inc. Entry Level Server Three (3)-year warranty Purchase Order ITO, STSS and
Acer Altos T110 F3 (3 units) Start Date – December 1, Shopping GSO, AS
2015
End Date – November 30, Manufacturer’s
2018 Warranty
Certification
Columbia Technologies, Inc. Desktop Computer Five (5)-year warranty Public bidding ITO, STSS and
Acer Veriton M4630G Start Date – Purchase Order GSO, AS
(10 units) February 12, 2016 Manufacturer’s End
End Date – February 11, Warranty User:Planning,
2019 Certification Financial and
COMMISSION ON AUDIT Document Code: OA-QMSM-Form-02_CEP
Revision No.: 0
CONTROL OF EXTERNAL PROVIDER Effectivity Date: 29 Dec 2016
Page No.: 8 of 14
Agency
Procurement
Request
COMMISSION ON AUDIT Document Code: OA-QMSM-Form-02_CEP
Revision No.: 0
CONTROL OF EXTERNAL PROVIDER Effectivity Date: 29 Dec 2016
Page No.: 9 of 14
Manufacturer’s
Warranty
Certification
Philcopy Corporation Printer, Monochrome Laser Two (2)-year warranty Purchase Order ITO, STSS and
Kyocera Ecosys Laser Printer FS- Start Date – May 26, 2016 Shopping GSO, AS
2100DN (3 units) End Date – End User: Office
May 25, 2018 Manufacturer’s of the
Warranty Chairperson
Certification
Infoworx Incorporated Cloud Storage Two (2)-year warranty Purchase Order ITO, STSS and
Western Digital Start Date – May 28, 2016 Shopping GSO, AS
(3 units) End Date –
May 27, 2018 Manufacturer’s End User:
Warranty Public
Certification Information
Office
Lantau Industrial Supply & Printer, InkJet Two (2)-year warranty Purchase Order ITO, STSS and
Services Brother MFC J3720 Ink Benefit (1 Start Date – Shopping GSO, AS
unit) July 18, 2016
End Date – Manufacturer’s
July 17, 2018 Warranty
Certification
COMMISSION ON AUDIT Document Code: OA-QMSM-Form-02_CEP
Revision No.: 0
CONTROL OF EXTERNAL PROVIDER Effectivity Date: 29 Dec 2016
Page No.: 10 of 14
(1) Partnership for Integrated Partnership with the CSOs in 11 days per CSO Memorandum of LGS-NCR
Services and Social Citizen Participatory Audits Agreement (per
Development (iSERVE) engagement and RMBO (for the
per CSO) required budget)
specifically
(2) District 2 Kababaihan defining the PMO (for the
Laban sa Karahasan scope, identification of
(D2KA) responsibility project to be
and obligation of
subjected to
(3) World Vision Development the CSO partner
and its nominees CPA)
Foundation, Inc.
MONITORING KEY
INDICATOR/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
100 % of claims No. of claims Claims Computerized 2 to 5 Staff of the Process, Review Accomplishment Issuances on
received are processed and Monitoring Slip monitoring days Division, , IT and Approve and Report the release and
processed and released within Cash ,Status of from Equipment release claims for utilization of
released within the required Claim facility Use of receipt of and Software payment Performance Funds
the required period vs. total provided under database, funded (Cash Report
period no. of claims the Cash software claims Disbursement generated Issuances that
received Disbursement Operation under the Cash provides
Simple – 2 wd Operation System) Disbursement guidance on
(salaries, System Operation the processing
terminal leave, System of claims to
monetization, attest legality
cell card and validity of
allowance, claims,
EME)
Moderate – 3 wd Claims with
(Cash incomplete
Advances, supporting
salary documents
exceeding 1
month) Availability of
Complex – 5 wd computerized
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 2 of 48
MONITORING KEY
INDICATOR/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
(liquidation of system in the
cash advance, processing of
PLDT, LCA, claims
reimbursable
RA/TA Failure of the
exceeding 3 System
months, Development
reimbursements Group to
and provide
replenishments immediate
of expenses) resolution on
system errors,
Enhancement
of the System
to comply with
the new
accounting and
reporting
policies,
Incomplete
Supporting
Documents
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 3 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Audit No. of Inspection of Conduct of Within Manpower CD, ACD, SAs, Quarterly Risk
Thrust Proposed Audit the documents risk third Budget for ATLs. Status Report assessment
Areas Plan evidencing risk assessment quarter MOOE on the may not be
identified (embodying assessment at the level of of the implementation properly
through proposed audit conducted, the audit year of Audit conducted due
risk areas as a using group. Instructions to lack of time
assessmen result of risk Inspection
t within the assessment) Checklist Quarterly The risk
prescribed submitted Conduct of Within Accomplishmen assessment
period versus total the Cluster the t Reports process may
number of Audit period not be
expected Audit Planning and prescrib adequately
Plans Mid- ed in documented.
year/Year- COA
Cluster’s Audit end Memora
Instructions Assessment ndum
issued within No.
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 4 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
the prescribed 2016-
period 023
dated
Novemb
er 14,
2016
100% audit No. of audit Monitoring Surprise Ongoing Manpower CD, ACD and Validation of Listed audit
activities activities Report inspection of Budget for OCD Staff Reported activities may
per audit accomplished the offices of MOOE Accomplishme not be
plan and audit nts completely
undertaken documented vs. groups/team undertaken as
and total committed s scheduled due
adequately activities to unexpected
documente audit request/
d complaints,
intervening
activities and
multi-tasking of
the SA and
audit teams
100% AARs No. of AARs AAR Review Conduct of 1st Manpower SAs, ACD, CD Discussion AARs
compliant compliant with Checklist pre-exit quarter MOOE mainly of audit submitted may
with the prescribed conference for small observations not be in
prescribed standards and with the agencie disagreed by conformity with
standards guidelines indvidual s and Management the prescribed
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 5 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
and versus total audit group 2nd and items standards and
guidelines number of to discuss quarter needing guidelines due
expected AARs the results of for large clarification to time
audit. agencie constraints
s Discussion of
review notes
with the audit
Conduct of groups/ teams
three levels prior to
of review: transmittal.
a. SA of
Audit
Group
b. SA of
OCD
c. ACD
100% of No. of AARs Monitoring Creation of On- Manpower CD, ACD and Monitoring of AARs
AARs transmitted Report task force or going Budget for OCD Staff the submitted may
transmitted within the deployment MOOE accomplishmen not be
within the prescribed Transmittal of additional t of task force / transmitted
prscribed period vs. letters duly personnel to deployed within the target
deadlines Total number of received by assist the personnel period
auditees the auditees Audit
Groups/Tea a. Delayed
ms submission
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 6 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
by auditees
of their
financial
statements
and reports
b. Intervening
events and
activities to
the audit
work/multi-
tasking
audit
personnel
c. Lack of
staff to do
the audit
work due
to
retirement/
resignation
of/sick
audit staff
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 7 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
90% of10% No. of audit Agency Action Periodic Within Manpower CD, ACD and Monit Audit
increase of recommend- Plan and follow-up of 3rd MOOE OCD Staff recommendatio
audit ations Status of the quarter ns may not be
recommen addressed/ Implement- implementatio of each acceptable to
d-ations acted by the ation (AAPSI) n of audit year the auditees,
from the auditees vs. recommendati thus, may not
previous total audit ons with the be
Action Plan
period recommendatio Management addressed/acte
Monitoring
implemente ns as contained d upon or
Tool (APMT)
d by the in the AAPSI implemented
auditees No. of audit and APMT
recommend- Status of
ations Implement-
implemented by ation of audit
the auditees in recommendati
the ensuing on under Part
year vs. total III of the AAR
audit
recommendatio
ns contained in
the AAR
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 8 of 48
MONITORING KEY
INDICATOR/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
relevant
results,
shows what
meaningful
changes
have
occurred and
whether
objectives
have been
achieved)
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 10 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
80% Actual lead Purchase Review of As Approved Division Chief Procurement Untimely
procure- time of Request supplies & specified Budget; (PPSMS) report; procurement
ment of delivery (PR) materials in Manpower Accomplishment due to delayed
supplies requirements Purchase (staff); report bidding
and Order vehicles
materials (PO)
delivered
to end
user from
receipt of
PR with
complete
specifica-
tions
within
committed
date
specified
in the PR
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 11 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
80% of Actual -Project -Inspection/ As - - Engineering Inspection Projects may
Project/ projects accomplishment Evaluation/ specified Contractor/ Group, GSO and not accomplish
PSAO provided with report Monitoring of in the Supplier (Review/ Assessment/ on time due to
provided detailed -Certificate of project project/ Evaluate Evaluation delayed
with detailed Engineering/ acceptance/ implementation contract Report bidding/ project
Engineering/ Plans and Completion Implementation
Plans and Specifications
Specifica- vs. total no. of
tions Project
proposals
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 12 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Number of 100% -Record Recording/ As -Staff RSD personnel/ Accomplish- Delayed
Records Percentage of book Filing/ specified personnel in-charge ment released due to
for accomplishment -DPCR/IPCR Encoding/ in the of RSD (Compilation/ Report/Monthly multiple
release, vis-à-vis -Accomplish- Delivery request/ delivery/ Performance request/
file, requests ment Report Order Dessiminate Report Assignment
retrieve received and/or
and assigned tasks
deliver to
concerned
office/
clientele
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 13 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Number of 100% Record Recording & Within a Staff TSD Personnel Accomplish- Delayed
process of Disbursements book Encoding/ day/ or personnel review/process ment released of
disburse- Vouchers/ Monthly Deposits & next day of TSD and encoding/ Report/Monthly check payment/
ments Payrolls paid/ Accomplish- Withdrawals/ upon preparation of Performance process due to
payments, Collection & ment Verifications approval checks Report incomplete
collections deposits/cash Report documentation/
& deposits, advances or lack of
cash liquidated authority
advances &
liquidations
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 14 of 48
MONITORING KEY
INDICATOR/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Number of Actual Maintenance Requisition/ Per Staff of Technical Accomplish- Repairs and
hours downtime preventive record book Inspection/ schedule TSSD/ personnel of ment maintenance
per equipment maintenance repair and of repairs Service TSSD (Repairs/ Report/Monthly may not be
performed vs. Accomplish- evaluation and provider fabricate/ Performance performed on
Percentage of prior ment Report mainte- Installation) Report time due to lack
functional Programmed nance or delayed in
equipment, maintenance the release of
vehicle funds
Downtime of
Zero untoward equipment
security-related
incidence No of
functional vs
Number of total no. Of
availability of equipment,
requested vehicle etc
vehicle/
transport
service
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 15 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Central Office No. of Document Monitoring of For Manpower; Recruitment Status/Accomp Delay in the
Proposals proposals tracking/ the action recruitment- Computer and Promotion -lishment process may
submitted to logbook to taken on and Services (RPS), Reports be due to any
100% of the SPB vs. monitor - proposals for Within 45 Printer; HRMO; of the following
proposals for total no. of recruitment working Bond -
recruitment proposals Actions and promotion days from paper; Office of the SPB Notice of
and processed taken on at the level of receipt of Assistant Meeting Incomplete
promotion of proposals for HRMO, the application Commissioner documents;
qualified Actual lead recruitment requesitioning (the process (OAC) for delayed or
applicants/ time of and sectors/offices, includes Administration; SPB Minutes non-
recommende submission of promotion SPB initial of the Meeting submission of
es with proposals to Secretariat, evaluation, Selection and required
complete the SPB Office of the pre- Promotions documents;
supporting vs.target lead Assistant employment Board (SPB);
documents time. Commissioner examination Non-
are submitted for , referral to Commission appearance on
to the Administration. the sectors/ Secretary scheduled pre-
Selection and offices for (COMSEC) employment
Promotions Follow-up further examination
Board (SPB); with screening Commission and/or
sectors/office and Proper (CP) interview;
s recommend
ation, Rescheduling
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 16 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
preparation of pre-
of SPB employment
matrix upon examination
receipt of and/or
sector/office interview due
recommend to non-
ation, and appearance;
submission
to the SPB Submission of
for Sector/Office/
deliberation Regional Office
and proposals to
recommend- the HRMO
ation beyond
timelines set;
For
promotion- Non-
compliance
Within 45 with
working recruitment
days from and promotion
receipt of guidelines and
proposals procedures;
from the
sectors/ Volume of
offices proposals
received by the
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 17 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
HRMO;
100% of SPB- No. of Document Monitoring of Within five Manpower; Recruitment CP Notice of
recommende proposals Tracking/ the action working Computer and Promotion Meeting
d proposals submitted to Logbook to taken on days from and Services (RPS),
for the CP vs. total monitor - proposals for SPB Printer; HRMO; CP Minutes of
recruitment no. of recruitment meeting Bond the Meeting
and proposals Release of and promotion paper; Office of the
promotion acted upon by memo at the level of Assistant
with complete the SPB transmittal to HRMO, the Commissioner
supporting the CP requesitioning (OAC) for
documents Actual lead together with sectors/offices, Administration
submitted to time of the SPB
the submission of proposals for Secretariat, COMSEC/CP
Commission proposals recruitment Office of the
Proper (CP) vs.target lead and Assistant
for approval time for promotion Commissioner
submission for
Actual Administration.
receipt of
memo Follow-up
transmittals with
by the sectors/office
COMSEC s
Regional No. of Document Monitoring of Within 60 Manpower; Recruitment CP Notice of Delay in the
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 18 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Office proposals Tracking/ the action working Computer and Promotion Meeting process may
Proposals processed with Logbook to taken on days from and Services (RPS), be due to any
complete monitor - proposals for receipt Printer; HRMO; CP Minutes of of the following
supporting recruitment from the Bond the Meeting –
100% of documents Release of and Regional paper; Office of the
proposals for submitted to memo promotion at Offices Assistant Submission of
recruitment the CP vs. total transmittal to the level of Commissioner RSPB
and no. of the CP HRMO, the (OAC) for proposals to
promotion of proposals together with RSPB, Office Administration; the HRMO
qualified received the of the beyond
applicants/ proposals for Assistant COMSEC/CP timelines set;
recommende recruitment Commissioner
es with Actual lead and for Non-
complete time of promotion Administration compliance
supporting submission of . with
documents proposals to Actual recruitment
endorsed by the CP receipt of Follow-up and promotion
the Regional vs.target lead memo with guidelines,
Selection and time transmittals sectors/office procedures;
Promotions by the s and
Board (RSPB) COMSEC documentary
are submitted requirements
to the
Commission Volume of
Proper (CP) proposals
for approval received by the
HRMO;
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 19 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Two Actual no. of Memorandum Regular 2017 and -Manpower Director, Accomplishment IAR may not
Internal IAR issued to the monitoring of onwards - Office Assistant reports be submitted
Audit within the Chairperson accomplishments supplies Director, SA, within the
Reports target deadline submitting the -Equipment Audit Team target deadline
(IAR) for the year report - Funds for Leader
submitted travelling
yearly expenses of
within the the Teams
target
deadline
period
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 21 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
0 downtime/ Actual no. of Tracking/ Procurement Upon Installation ITO ISAdSS Report on IT providers
24/7 internet hours Monitoring of 20Mbps delivery/ of Additional technical staff Network Internet
connectivity downtime Log on Internet installation 20 MBPS for the Maintenance Connection
recorded for recorded Bandwidth of Internet monitoring of Down or
the week downtime for additional Bandwidth internet under
redundancy 20 MBPS by Internet connection and maintenance
and fail-over Internet provider performance resulting to
Bandwidth testing non-
by end of availability of
December Internet
2016 connection
Power
April 2017 Interruption
Installation/ Performance Air
Upgrading of Configuration Testing Report conditioning
Network of Network Malfunction
Cabling Switches
Unauthorized
installation of
switches or
routers by
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 22 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
employees
0 security No. of Tracking/ Upon Internet ITO ISAdSS System Improper
issues reported Monitoring Development implement connection technical staff Implementat use of
reported on security Log on and ation of the for the ion userid and
the on-line issues/ reported Implementati Collaborati Server development Monitoring password
collaboratio hacking on the Implementatio on of On-line on Tool by and Report
n tool use of On-line n issues on Collaboration 1st quarter Website maintenance Outside
collaboration the use of On- Tool of 2017 Application of the COA Threats (e.g
tool line Training of Firewall On-line portal- Brute Force
collaboration concerned (WAF) Collaboration Attack,
tool staff in the Tool Distributed
formatting of Denial of
AAR Service,
Website
Defacement
)
0 incidence No. of Monthly Training of 1st Training ITO WADAS for Report on AARs
of delayed delayed in the Status Report concerned semester Fund, the conduct of Trainings submitted
publication publication of on the staff in the of 2016 computers, training on AAR conducted do not
of reports reports Publication of formatting of venue for formatting conform
attributed to attributed to AAR AAR the training with the
WADAS WADAS required
formatting
resulting to
delay in the
publication
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 23 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
of AAR
Lack of
manpower
to process
AAR for
publication
due to
volume of
AAR
received
100 % Actual Monthly Training of 1st Training ISDMS for the System Delayed in
accomplish- Accomplish- Accomplishm Auditors on semester Fund; maintenance of Implementatio the
ment of ment vs ent Report the use of of 2017 Internet ARDIS n Report; implementatio
programme programmed/ ARDIS Connection, System n due to other
d/ planned planned Pilot Computer QuAIS for the Issues and priority wok
activities for Implementat and Server implementation Concerns IS Users
the ARDIS ion of to house of ARDIS Form (Audit
ARDIS ARDIS submitted by Teams)
COA Wide IS users
Implementati
on of ARDIS
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 24 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
100% for Actual legal Document Ensure On-going Manpower Legal Opinion, Availability of Misinterpretation/
legal opinions Tracking avaliability of (Legal Consultation Maintained inappropriate
opinions rendered System pertinent laws, personnel) and Research Documented interpretation of
rendered within 5 Logbook rules and Supplies, Division, LAO Information pertinent laws,
within 5 working days Numbered regulations as materials, LAO Director Document rules and
working from receipt Legal reference in office Tracking regulations
days from vs. Actual Opinions rendering legal equpment, System embodied in the
receipt of number of opinions furniture Quarterly legal opinion may
the requests Monitor draft and fixture, Accomplishm affect the quality
request received legal opinions IT support, ent Report of audit report
being drafted by etc. Semestral
legal officers DPCR and
Prioritize review, OPCR
finalization and
release of legal
opinions to
requesting party
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 25 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Audit No. of proposed Inspection of Conduct Within Manpower RD, ARD, SAs, Quarterly Risk
thrust audit plans the documents of risk 3rd Budget ATLs Accomplish assessment
areas submitted by evidencing the assessme quarter of -ment may not be
identified the Audit risk nt the year Report properly
through Groups for assessment conducted
risk approval conducted Conduct Quarterly due to lack of
assessme embodying the using of Status time
nt within proposed audit Inspection Regional Report on
the areas as a Checklist Office’s the Risk
prescribed result of their Audit Implement assessment
period risk assessment Monitoring Planning a-tion of process may
submitted for report and Mid- Audit not be
approval vs. year/Year Instructions adequately
total number of -end documented
expected audit Assessm in accordance
plans ent with IRRBA
Regional
Office’s audit
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 26 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
instruction
issued within
the prescribed
period
100% No. of audit Monitoring Surprise ongoing Manpower RD, ARD, RD Validation Listed audit
audit activities report inspection Budget for staff of reported activities may
activities accomplished of the MOOE accomplish not be
per audit and offices of -ments completely
plan documented vs. Audit undertaken
undertake total committed Groups/Tea as scheduled
n and activities ms due to
adequatel unexpected
y audit
document requests/
ed complaints,
intervening
activities and
multi-tasking
of the SAs
and audit
teams
100% No. of AARs AAR Review Conduct of 1st Manpower RD, ARD, SA, Discussion of AARs
AARs compliant with Checklist pre-exit quarter (ORD staff) ATL, ATM, ORD audit submitted may
compliant the prescribed conference for small Office staff-reviewers observations not be in
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 27 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
with the standards and with the agencies supplies Disagreed by conformity
prescribed guidelines vs. individual and 2nd management with the
standards total no. of Audit quarter or items prescribed
and expected AARs Groups to for large needing standards and
guidelines for transmittal discuss the agencies clarification guidelines due
results of to time
audit Discussion of constraints
review notes
Conduct of with the Audit
three levels Group/Teams
of review: prior to
transmittal
1st- SA,
Audit Group
2nd- SA of
ORD
3rd-ARD
4th-RD
100% of No. of AARs Monitoring Creation of On-going Manpower RD, ARD and Monitoring of AARs
AARs transmitted Report task force RD staff accomplish- submitted may
transmitte within the or Budget for ment of task not be
d within prescribed Transmittal deployment MOOE force/deploye transmitted
the period vs. total letters duly of d personnel within the
prescribed no. of auditees received by additional target period
deadlines (cities, the auditees personnel
municipality and to assist the
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 28 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
component Audit
units) Groups/Tea
ms
90% of No. of audit Agency Action Periodic Within Manpower RD, ARD, SA of Monitoring/ Audit
10% recommend- Plan and follow-up 3rd ORD Status Report recommend-
increase ations Status of of the quarte Office ations may not
of audit addressed/acted Implement- implemen r of Supplies be acceptable
recommen by the auditees ation (AAPSI) t-ation of each to the
d-ations vs. total audit audit year auditees, thus,
from the recommend- Action Plan recomme may not be
previous ations Monitoring ndations addressed/
period are Tool (APMT) with the acted upon or
implement No. of audit manage- implemented
ed by the recommend- Status of ment as
auditees ations Implement- contained
implemented by ation of audit in the
the auditees in recommendati AAPSI
the ensuing on under Part and the
year vs. total III of the AAR APMT
audit
recommendatio
ns contained in
the AAR
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 29 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Audit Thrust No. of Inspection of Conduct of risk Within Manpower CD, ACD, SAs, Quarterly The risk
Areas Proposed the assessment at third Budget for ATLs. Status assessment
identified Audit Plan documents the level of the quarter MOOE Report on the may not be
through risk (embodying evidencing audit group. of the implementati properly
assessment proposed audit risk year on of Audit conducted due
within the areas as a assessment Instructions to lack of time
prescribed result of risk conducted, Conduct of the
period assessment) using Cluster Audit Quarterly The risk
submitted Inspection Planning and Within Accomplish- assessment
versus total Checklist Mid-year/Year- the ment Reports process may
number of end period not be
expected Audit Assessment prescrib adequately
Plans ed in documented.
COA
Cluster’s Audit Memora
Instructions n-dum
issued within No.
the prescribed 2016-
period 023
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 30 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
dated
Novemb
er 14,
2016
100% audit No. of audit Monitoring Surprise Ongoing Manpower CD, ACD and Validation of Listed audit
activities per activities Report inspection of Budget for OCD Staff Reported activities may
audit plan accomplished the offices of MOOE Accomplish- not be
undertaken and audit ments completely
and documented groups/teams undertaken as
adequately vs. total scheduled due
documented committed to unexpected
activities audit request/
complaints,
intervening
activities and
multi-tasking
of the SA and
audit teams
100% AARs No. of AARs AAR Review Conduct of pre- 1st Manpower SAs, ACD, CD Discussion AARs
compliant compliant with Checklist exit conference quarter MOOE mainly of submitted may
with the prescribed with the for small audit not be in
prescribed standards and indvidual audit agencie observations conformity with
standards guidelines group to s and disagreed by the prescribed
and versus total discuss the 2nd Management standards and
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 31 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
guidelines number of results of audit. quarter and items guidelines due
expected for large needing to time
AARs agencie clarification constraints
s
Conduct of Discussion of
three levels of review notes
review: with the audit
d. SA of Audit groups/teams
Group prior to
e. SA of OCD transmittal.
f. ACD
d. CD
100% of No. of AARs Monitoring Creation of task On- Manpower CD, ACD and Monitoring of AARs
AARs transmitted Report force or going Budget for OCD Staff the submitted may
transmitted within the deployment of MOOE accomplishme not be
within the prescribed Transmittal additional nt of task transmitted
prscribed period vs. letters duly personnel to force / within the
deadlines Total number received by assist the Audit deployed target period
of auditees the auditees Groups/Teams personnel
d. Delayed
submission
by auditees
of their
financial
statements
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 32 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
and reports
e. Intervening
events and
activities to
the audit
work/multi-
tasking audit
personnel
f. Lack of staff
to do the
audit work
due to
retirement/
resignation
of/sick audit
staff
90% of 10% No. of audit Agency Periodic follow-up Within Manpower CD, ACD and Monitoring/ Audit
increase of recommend- Action Plan of the 3rd MOOE OCD Staff Status recommend-
audit ations and Status of implementation of quarter Reports ations may not
recommend- addressed/ Implementatio audit of each be acceptable
ations from acted by the n (AAPSI) recommendation year to the auditees,
the previous auditees vs. s with the thus, may not
period total audit Management as be addressed/
Action Plan
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 33 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
implemente recommend- Monitoring contained in the acted upon or
d by the ations Tool (APMT) AAPSI and implemented
auditees APMT
Status of
Implement-
ation of audit
No. of audit
recommend-
recommend-
ation under
ations
Part III of the
implemented
AAR
by the auditees
in the ensuing
year vs. total
audit
recommend-
ations
contained in
the AAR
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 34 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
100% Actual number Annual Conduct survey as By end Training LTCS Weekly Unavailability
targeted of conducted Training to the needed of the Room monitoring of of RPs
number of classes within Plan audit-related year Training course Failure to
audit the schedule trainings under LTP Manpower offering meet
related vs. targeted Monthly Intensify Survey/ schedule minimum
trainings number of Reports information and Training Individual number of
for regular audit related dissemination Needs Performance participants
LTP trainings for Prioritize LTP Analysis and
conducted regular LTP courses in the forms Commitment
as schedule Review
scheduled Issue office order (IPCR) and
to participants Division
within 5 days PCR
before the conduct
of training
Ensure that there
are sufficient
number of
coordinators
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 35 of 48
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
90% of news News E-mail of Monitor daily Daily, Man- News Monthly Misinterpre
summaries/ summaries e- summarie newspapers before 11 power Monitoring Report -tation by
clippings mailed to s to COA and online am Newspa- Staff IPCR, DPCR the media
provided to COA officials officials news sites for pers, PIO Director and OPCR regarding
COA officials Monthly news Online issues
on or before compila- regarding news contained
11 am daily tion of COA/audit sites, in the audit
newsclip- issues/ supplies report
pings with questionable and resulting to
summarie govt material inaccurate
s transactions s news
Prepare news reporting
summaries Clarificatio
E-mail the n issued by
news the PIO
summaries to when
COA officials necessary
to correct
inaccurate
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 36 of 48
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
news
reporting
90% of No. of public/ Document Public Quarterly Some
public/ media media queries Tracking Relations staff Report media/public
queries & & requests for System PIO Director IPCR, DPCR queries may
requests for official Logbook Audit team and OPCR involve
official documents leader/cluster confidential
documents acted upon director information
acted upon within 3 days that cannot
within 3 days vs. total no. of be released
upon receipt queries and resulting to
requests unauthorized/
premature
disclosure of
information
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 37 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Six Actual no. of Individual Work within Within the Laptop Quality Gantt Chart Failure to
Assessment AsOM issued Performance the timeline as year Office Assurance (QA) Work Plan/ meet
Observation within the Commitment per work plan Supplies Reviewers Monthly Work deadline
Memoranda target and Review Identify Status Report Limited
(AsOM) for deadline for (IPCR) intervening QAQ access to
Engagement the year activities/ checklist information
Level (EL) events before Familiarity
issued plotting with COA’s
yearly timeline practices
within the Render Develop
target overtime if skills in
deadline expected report
deliverables writing
are not met
within the
target date
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 38 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
One QAR Actual no. of IPCR Work within Within the Laptop QA Reviewers Work Plan/ Failure to
Report – EL QAR Report the timeline as year Office Monthly Work meet
issued – EL issued per work plan Supplies Status Report deadline
yearly within the Anticipate and AsOM Develop
within the target provide time Template skills in
target deadline for for intervening report
deadline the year activities/ writing
events
Render
overtime if
expected
deliverables
are not met
within the
target date
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 39 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Contracts
Review:
Office Order, Submission of
80% of Memorandum or Document Create or Immediately Manpower Service Chiefs, Memorandum required
requests for Technical Review Tracking assign or within five (technical Infra Services issued by the additional
Technical Reports (TERs) System technical working days personnel A,B,C,D Director Director/Assista documents to
Evaluation transmitted to the teams after receipt /technical TS nt complete the
pertaining to: Office of the Logbook immediatel of request specialist) Commissioner evaluation may
Assistant y according or Head of not be given on
a) contracts on Commissioner, Technical to the type Supplies, Office Action time by the
infrastructure STSS Review of contracts materials, Slips issued by requesting
projects; within ten working Notes/Revie to be office the Head of party
days from w Sheets reviewed. equipment, Office
b) submission of the furniture
procurements Service Chief vs. Conduct Weekly and and fixture,
of goods and Total number of close considering IT support,
services; and requests for TERs monitoring the timetable etc, Due to
of set forth in insufficient
c) consulting compliance COA supporting
services with set Circular documents
timetables No.2009- required in the
transmitted to for review 001.(Section evaluation, and
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 41 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
the Office of of outputs 3.1.6: difficulty of
the Assistant ): verification
Commission caused by
(OAC), STSS P5M & factors such as
below- 5 inclement
working days weather and
(WD) security
problems in
Above P5M project sites,
up to P20M- results may not
14 WDs serve as useful
basis of
Above Auditor’s action
P20M- 21 on the
WDs corresponding
financial
With monthly transaction
reporting of or such results
work may not
progress delivered on
time
Technical
Inspection:
80% of request
for technical
Memorandum/IRs Document Create or Immediately Manpower - Service Chiefs, Office Order, Physical
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 42 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
inspection on: transmitted to the Tracking assign or within five Senior, Infra Services Memorandum Inspection of
Office of the System technical working days licensed A,B,C,D issued by the projects in far
1)Infrastructur Assistant teams after receipt TAS) Director, TS Director/Assista flung areas is
e Projects Commissioner,STS Logbook according of request nt not feasible due
accomplish- S within ten working to the type Supplies, Commissioner to security
ments; and days from Technical of contracts materials, or Head of problems or
submission of the Review to be office Office, Action inclement
Service Chief vs Notes/Revie inspected. equipment, Slips issued by weather
2)Goods
total no of request w Sheets As set forth furniture the Head of conditions
Delivered and
for Technical in COA and fixture, Office
Services
Inspection Memorandu IT support,
Rendered
Conduct m No. 2009- etc,
close 074 and
transmitted to
monitoring COA
the
of Circular
Office of the
compliance No.2009-
Assistant
with set 001.(Section
Commission
timetables IV.2.f.3), with
(OAC), STSS
for review monthly
of outputs reporting of
work
progress
Appraisal
80% of
requests for
Reviewed requests Document Create or Immediately Manpower- Appraisal Office Order, Verification of
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 43 of 48
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Appraisal transmitted to the Tracking assign or within five Licensed Services Memorandum properties for
(ARs) for: Office of the System technical working days appraiser/ Director, TS issued by the appraisal in far
Assistant teams after receipt technical Director/Assista flung areas is
1)Real Estate; Commissioner,STS Logbook according of request personnel nt not feasible due
and S within set to the type Commissioner to security
deadlines Technical of contracts As set forth Supplies, or Head of problems or
2)Properties Review to be in COA materials, Office, Action inclement
for Disposal Notes/Revie reviewed. Memorandu office Slips issued by weather
w Sheets m No. 2009- equipment, the Head of conditions
transmitted to Conduct 074 (Section furniture Office
the close IV.2.f.2) with and fixture,
Office of the monitoring monthly IT support,
Assistant of reporting of etc,
Commission compliance work
(OAC), STSS with set progress per
timetables instruction of
for review the Assistant
of outputs Commission
er, STSS
Capacitate At least
technical annually, or
personnel when
on appropriate
appraisal training body
provides
such training
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 44 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
IS/IT Audit:
100% of Memorandum/Audit Document Create and Within 30 Technical Audit Team COA IS/IT Risk that the
audit report Reports prepared/ Tracking assign audit days from personnel / Leader, Audit audit failed to
for all reviewed vs. System teams with receipt of IS auditors Team Framework detect
systems
transmitted to the consideration to request Supervisor, (CISITAF), weakness
audited for Office of the Logbook the needed skills Supplies, Director standards and security
the period Assistant to effectively materials, and gaps in the
transmitted Commissioner,STSS Review perform the office guidelines system
to the within ten working Notes/Reviewaudit equipment,
Office of the days from Sheets furniture and Risk that the
Assistant submission by the Execute a risk- fixture, IT report might
Commission Team Supervisor based IS audit tools/support, not effectively
(OAC), STSS strategy in etc, communicate
compliance with the risk
IS audit exposures of
standards to the system
ensure that key
risk areas are Opportunity
audited to
recommend
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 45 of 48
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Conduct audits measures of
in accordance how the
with IS audit agency may
standards to Monthly maximize the
achieve planned with report investment in
audit objectives of work IT to achieve
progress its
every 5th organizational
Conduct close
day of the goals
monitoring of
succeeding
compliance with
month
set standards
and timetables
for review of
outputs
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 46 of 48
OFFICE : SYSTEMS CONSULTANCY SERVICES AUDIT OFFICE (INTERNAL CONTROL SYSTEM EVALUATION
AND RESEARCH SERVICES OFFICE)
DIVISION : INTERNAL CONTROL STRUCTURE EVALUATION CONSULTANCY SERVICES
INFORMATION SYSTEMS IMPLEMENTATION CONSULTANCY SERVICES
SPECIAL PROJECTS CONSULTANCY SERVICES
QUALITY OBJECTIVE : To ensure timely delivery of consultancy services and assistance in the evaluation of internal
control
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES RISKS/ OPPORTUNITIES
MEASUREMENT STRATEGY METHOD/TOOL
TOOL
Conduct of
Consultancy
Services
Letter , either Document Assign request Within two Personnel Action Slip Risk that the
100% of clarifying Tracking immediately to days from with filled-up consultancy
requests for certain System responsible receipt background Division with services/assistanc
consultancy
matters about Division for on internal Chief/Team instructions e requested would
services the request; Logbook evaluation and auditing/ Leader from the not be completed
reviewed/acted or denying the determination auditors Director Director due to budgetary
upon- request sent Review of appropriate with constraints or lack
to requesting Notes approach in the experience of qualified
party within conduct of in internal/ personnel to
Assistance 15 days from consultancy Within one external Letter perform the
in the receipt- services/ week after auditng request for required task
design, assistance evaluation meeting/
development requested Minutes of
and Engagement Supplies, Meeting Opportunity to
installation Letter Conduct materials, employ expertise
of Internal prepared and meetings with Througho office from outside
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 47 of 48
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES RISKS/ OPPORTUNITIES
MEASUREMENT STRATEGY METHOD/TOOL
TOOL
Audit submitted to requesting ut the equipment, Accomplish- sources and gain
Services the Assistant party to clarifiyevaluation furniture ment from them the
Commissioner request, if process and fixture, Report knowledge and
Assistance , STSS for warranted with IT tools/ stating skills thru actual
in the review within weekly support, etc. status of practice
evaluation of one month Conduct close reporting request
Internal from receipt monitoring of of received/
Control evaluation progress evaluation
System procedures; and
discuss specific monthly
issues of the reporting
request with of work
responsible status
Division for every 5th
clearer day of the
understanding succeedin
and gain the g month
right
perspective
At least
Capacitate
once a
technical
year or
personnel for
whenever
updates on
updates
new/current
and
regulations,
funding
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-03_QOP
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 48 of 48
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES RISKS/ OPPORTUNITIES
MEASUREMENT STRATEGY METHOD/TOOL
TOOL
standards are
applicable to available
internal audit
and internal
control
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 2
MONITORING KEY
INDICATOR/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
100 % of claims No. of claims Claims Computerized 2 to 5 Staff of the Process, Review Accomplishment Issuances on
received are processed and Monitoring Slip monitoring days from Division, , IT and Approve and Report the release and
processed and released within Cash ,Status of receipt of Equipment release claims for utilization of
released within the required Claim facility Use of funded and Software payment Performance Funds
the required period vs. total provided under database, claims (Cash Report
period no. of claims the Cash software Disbursement generated under Issuances that
received Disbursement Operation the Cash provides
Simple – 2 wd Operation System) Disbursement guidance on the
(salaries, System Operation processing of
terminal leave, System claims to attest
monetization, legality and
cell card validity of
allowance, claims,
EME)
Moderate – 3 wd Claims with
(Cash incomplete
Advances, supporting
salary documents
exceeding 1
month)
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 2
MONITORING KEY
INDICATOR/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Complex – 5 wd Availability of
(liquidation of computerized
cash advance, system in the
PLDT, LCA, processing of
reimbursable claims
RA/TA
exceeding 3 Failure of the
months, System
reimbursements Development
and Group to
replenishments provide
of expenses) immediate
resolution on
system errors,
Enhancement of
the System to
comply with the
new accounting
and reporting
policies,
Incomplete
Supporting
Documents
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Audit Thrust No. of Inspection Conduct of risk Within Manpower CD, ACD, SAs, Quarterly Status Risk assessment
Areas Proposed of the assessment at third Budget for ATLs. Report on the may not be
identified Audit Plan documents the level of the quarter of MOOE implementation properly
through risk (embodying evidencing audit group. the year of Audit conducted due to
assessment proposed audit risk Instructions lack of time
within the areas as a assessment
prescribed result of risk conducted, Conduct of the Quarterly The risk
period assessment) using Cluster Audit Within the Accomplishment assessment
submitted Inspection Planning and period Reports process may not
versus total Checklist Mid-year/Year- prescribed be adequately
number of end Assessment in COA documented.
expected Audit Memoran
Plans dum No.
2016-023
Cluster’s Audit dated
Instructions November
issued within 14, 2016
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
the prescribed
period
100% audit No. of audit Monitoring Surprise Ongoing Manpower CD, ACD and Validation of Listed audit
activities per activities Report inspection of the Budget for OCD Staff Reported activities may not
audit plan accomplished offices of audit MOOE Accomplishmen be completely
undertaken and groups/teams ts undertaken as
and documented scheduled due to
adequately vs. total unexpected audit
documented committed request/
activities complaints,
intervening
activities and
multi-tasking of
the SA and audit
teams
100% AARs No. of AARs AAR Conduct of pre- 1st Manpower SAs, ACD, CD Discussion AARs submitted
compliant compliant with Review exit conference quarter for MOOE mainly of audit may not be in
with the prescribed Checklist with the small observations conformity with
prescribed standards and indvidual audit agencies disagreed by the prescribed
standards guidelines group to discuss and 2nd Management standards and
and versus total the results of quarter for and items guidelines due to
guidelines number of audit. large needing time constraints
expected agencies clarification
AARs
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Conduct of three Discussion of
levels of review: review notes
a. SA of Audit with the audit
Group groups/ teams
b. SA of OCD prior to
c. ACD transmittal.
100% of No. of AARs Monitoring Creation of task On-going Manpower CD, ACD and Monitoring of AARs submitted
AARs transmitted Report force or Budget for OCD Staff the may not be
transmitted within the deployment of MOOE accomplishment transmitted within
within the prescribed Transmittal additional of task force / the target period
prscribed period vs. letters duly personnel to deployed
deadlines Total number received by assist the Audit personnel a. Delayed
of auditees the auditees Groups/Teams submission
by auditees
of their
financial
statements
and reports
b. Intervening
events and
activities to
the audit
work/multi-
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 4 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
tasking audit
personnel
c. Lack of staff
to do the
audit work
due to
retirement/
resignation
of/sick audit
staff
90% of10% No. of audit Agency Periodic follow-up Within 3rd Manpower CD, ACD and Monit Audit
increase of recommend- Action Plan of the quarter of MOOE OCD Staff recommendations
audit ations and Status implementation of each year may not be
recommend- addressed/ of audit acceptable to the
ations from acted by the Implement- recommendations auditees, thus,
the previous auditees vs. ation with the may not be
period total audit (AAPSI) Management as addressed/acted
implemented recommendati contained in the upon or
by the ons AAPSI and APMT implemented
Action Plan
auditees
Monitoring
No. of audit
Tool
recommend-
(APMT)
ations
implemented
by the
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 5 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
auditees in the Status of
ensuing year Implement-
vs. total audit ation of
recommendati audit
ons contained recommend
in the AAR ation under
Part III of
the AAR
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 2
MONITORING KEY
INDICATOR/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
results, shows
what
meaningful
changes have
occurred and
whether
objectives
have been
achieved)
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
80% Actual lead Purchase Review of As Approved Division Chief Procurement Untimely
procure- time of Request supplies & specified Budget; (PPSMS) report; procurement
ment of delivery (PR) materials in Manpower Accomplishment due to delayed
supplies requirements Purchase (staff); report bidding
and Order vehicles
materials (PO)
delivered
to end
user from
receipt of
PR with
complete
specifica-
tions
within
committed
date
specified
in the PR
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
80% of Actual projects -Project -Inspection/ As - Contractor/ - Engineering Inspection and Projects may
Project/ provided with accomplish Evaluation/ specified Supplier Group, GSO Assessment/ not accomplish
PSAO detailed ment report Monitoring of in the (Review/ Evaluation on time due to
provided Engineering/ -Certificate project project/ Evaluate Report delayed
with detailed Plans and of implementation contract bidding/ project
Engineering/ Specifications acceptance/ Implementation
Plans and vs. total no. of Completion
Specifica- Project
tions proposals
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Number of 100% -Record book Recording/ As -Staff RSD personnel/ Accomplish- Delayed
Records Percentage of -DPCR/IPCR Filing/ specified personnel in-charge ment released due to
for accomplishment -Accomplish- Encoding/ in the of RSD (Compilation/ Report/Monthly multiple
release, vis-à-vis ment Report Delivery request/ delivery/ Performance request/
file, requests Order Dessiminate Report Assignment
retrieve received and/or
and assigned tasks
deliver to
concerned
office/
clientele
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 4 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Number of 100% Record Recording & Within a Staff TSD Personnel Accomplish- Delayed
process of Disbursements book Encoding/ day/ or personnel review/process ment released of
disburse- Vouchers/ Monthly Deposits & next day of TSD and encoding/ Report/Monthly check payment/
ments Payrolls paid/ Accomplish- Withdrawals/ upon preparation of Performance process due to
payments, Collection & ment Report Verifications approval checks Report incomplete
collections deposits/cash documentation/
& deposits, advances or lack of
cash liquidated authority
advances &
liquidations
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 5 of 5
MONITORING KEY
INDICATOR/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Number of hours Actual Maintenance Requisition/ Per Staff of Technical Accomplish- Repairs and
downtime per preventive record book Inspection/ schedule TSSD/ personnel of ment maintenance
equipment maintenance repair and of repairs Service TSSD (Repairs/ Report/Monthly may not be
performed vs. Accomplish- evaluation and provider fabricate/ Performance performed on
Percentage of prior ment Report mainte- Installation) Report time due to lack
functional Programmed nance or delayed in
equipment, maintenance the release of
vehicle funds
Downtime of
Zero untoward equipment
security-related
incidence No of
functional vs
Number of total no. Of
availability of equipment,
requested vehicle etc
vehicle/
transport
service
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 6
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Central OfficeNo. of Document Monitoring of For Manpower; Recruitment Status/Accomp Delay in the
Proposals proposals tracking/ the action recruitment- Computer and Promotion -lishment process may
submitted to logbook to taken on and Services Reports be due to any
100% of the SPB vs. monitor - proposals for Within 45 Printer; (RPS), HRMO; of the following
proposals for total no. of recruitment working days Bond -
recruitment proposals Actions taken and promotion from receipt of paper; Office of the SPB Notice of
and promotion processed on proposals at the level of application Assistant Meeting Incomplete
of qualified for HRMO, the (the process Commissioner documents;
applicants/ Actual lead recruitment requesitioning includes initial (OAC) for delayed or non-
recommendees time of and sectors/offices, evaluation, Administration; SPB Minutes submission of
with complete submission of promotion SPB pre- of the Meeting required
supporting proposals to Secretariat, employment Selection and documents;
documents are the SPB Office of the examination, Promotions
submitted to vs.target lead Assistant referral to the Board (SPB); Non-
the Selection time. Commissioner sectors/ appearance on
and for offices for Commission scheduled pre-
Promotions Administration. further Secretary employment
Board (SPB); screening and (COMSEC) examination
Follow-up with recommendati and/or
sectors/offices on, Commission interview;
preparation of Proper (CP)
SPB matrix Rescheduling
upon receipt of pre-
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 6
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
of employment
sector/office examination
recommendati and/or
on, and interview due
submission to to non-
the SPB for appearance;
deliberation
and Submission of
recommend- Sector/Office/
ation Regional Office
proposals to
For the HRMO
promotion- beyond
timelines set;
Within 45
working days Non-
from receipt compliance
of proposals with
from the recruitment and
sectors/ promotion
offices guidelines and
procedures;
Volume of
proposals
received by the
HRMO;
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 6
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
100% of SPB- No. of Document Monitoring of Within five Manpower; Recruitment CP Notice of
recommended proposals Tracking/ the action working days Computer and Promotion Meeting
proposals for submitted to Logbook to taken on from SPB and Services
recruitment the CP vs. monitor - proposals for meeting Printer; (RPS), HRMO; CP Minutes of
and promotion total no. of recruitment Bond the Meeting
with complete proposals Release of and promotion paper; Office of the
supporting acted upon by memo at the level of Assistant
documents the SPB transmittal to HRMO, the Commissioner
submitted to the CP requesitioning (OAC) for
the Actual lead together with sectors/offices, Administration
Commission time of the proposals SPB
Proper (CP) for submission of for Secretariat, COMSEC/CP
approval proposals recruitment Office of the
vs.target lead and Assistant
time for promotion Commissioner
submission for
Actual receipt Administration.
of memo
transmittals Follow-up with
by the sectors/offices
COMSEC
Regional Office No. of Document Monitoring of Within 60 Manpower; Recruitment CP Notice of Delay in the
Proposals proposals Tracking/ the action working days Computer and Promotion Meeting process may
processed with Logbook to taken on from receipt and Services be due to any
complete monitor - proposals for from the Printer; (RPS), HRMO;
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 4 of 6
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
100% of supporting recruitment Regional Bond CP Minutes of of the following
proposals for documents Release of and promotion Offices paper; Office of the the Meeting –
recruitment submitted to memo at the level of Assistant
and promotion the CP vs. transmittal to HRMO, the Commissioner Submission of
of qualified total no. of the CP RSPB, Office (OAC) for RSPB
applicants/ proposals together with of the Administration; proposals to
recommendees received the proposals Assistant the HRMO
with complete for Commissioner COMSEC/CP beyond
supporting recruitment for timelines set;
documents Actual lead and Administration
endorsed by time of promotion . Non-
the Regional submission of compliance
Selection and proposals to Actual receipt Follow-up with with
Promotions the CP of memo sectors/offices recruitment and
Board (RSPB) vs.target lead transmittals promotion
are submitted time by the guidelines,
to the COMSEC procedures;
Commission and
Proper (CP) for documentary
approval requirements
Volume of
proposals
received by the
HRMO;
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 5 of 6
MONITORING KEY
SPECIFIC INDICATOR/ EVALUATION RISKS/
METHOD/ ACTIVITIES/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT METHOD/TOOL OPPORTUNITIES
TOOL STRATEGY
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 6 of 6
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 1
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Two Actual no. of Memorandum Regular 2017 and -Manpower Director, Accomplishment IAR may not
Internal IAR issued to the monitoring of onwards - Office Assistant reports be submitted
Audit within the Chairperson accomplishments supplies Director, SA, within the
Reports target deadline submitting the -Equipment Audit Team target
(IAR) for the year report - Funds for Leader deadline
submitted travelling
yearly expenses of
within the the Teams
target
deadline
period
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 3
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
0 downtime/ Actual no. of Tracking/ Procurement Upon Installation ITO ISAdSS Report on IT providers
24/7 internet hours Monitoring of 20Mbps delivery/ of Additional technical staff Network Internet
connectivity downtime Log on Internet installatio 20 MBPS for the Maintenance Connection
recorded for recorded Bandwidth for n of Internet monitoring of Down or
the week downtime redundancy additional Bandwidth internet under
and fail-over 20 MBPS by Internet connection and maintenance
Internet provider performance resulting to
Bandwidt testing non-
h by end availability of
of Internet
Decembe connection
r 2016 Power
Interruption
Upgrading of April 2017 Installation/ Performance Air
Network Configuration Testing Report conditioning
Cabling of Network Malfunction
Switches Unauthorized
installation of
switches or
routers by
employees
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 3
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
0 security No. of reported Tracking/ Development Upon Internet ITO ISAdSS System Improper
issues security Monitoring and implemen connection technical staff Implementati use of userid
reported on issues/ Log on Implementation tation of for the on Monitoring and
the on-line hacking on the reported of On-line the Server development Report password
collaboration use of On-line Implementat Collaboration Collaborat and
tool collaboration ion issues Tool ion Tool Website maintenance Outside
tool on the use Training of by 1st Application of the COA Threats (e.g
of On-line concerned staff quarter of Firewall On-line portal- Brute Force
collaboration in the 2017 (WAF) Collaboration Attack,
tool formatting of Tool Distributed
AAR Denial of
Service,
Website
Defacement)
0 incidence No. of Monthly Training of 1st Training ITO WADAS for Report on AARs
of delayed delayed in the Status concerned staff semester Fund, the conduct of Trainings submitted do
publication publication of Report on in the formatting of 2016 computers, training on AAR conducted not conform
of reports reports the of AAR venue for formatting with the
attributed to attributed to Publication the training required
WADAS WADAS of AAR formatting
resulting to
delay in the
publication
of AAR
Lack of
manpower to
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 3
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
process
AAR for
publication
due to
volume of
AAR
received
100 % Actual Monthly Training of 1st Training ISDMS for the System Delayed in the
accomplish- Accomplish- Accomplish Auditors on semester Fund; maintenance of Implementation implementatio
ment of ment vs ment the use of of 2017 Internet ARDIS Report; n due to other
programmed/ programmed/ Report ARDIS Connection, System Issues priority wok IS
planned planned Pilot Computer QuAIS for the and Concerns Users (Audit
activities for Implementatio and Server implementation Form Teams)
the ARDIS n of ARDIS to house of ARDIS submitted by
COA Wide ARDIS IS users
Implementation
of ARDIS
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 1
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
100% for Actual legal Document Ensure On-going Manpower Legal Opinion, Availability of Misinterpretation/
legal opinions Tracking avaliability of (Legal Consultation Maintained inappropriate
opinions rendered System pertinent laws, personnel) and Research Documented interpretation of
rendered within 5 Logbook rules and Supplies, Division, LAO Information pertinent laws,
within 5 working days Numbered regulations as materials, LAO Director Document rules and
working from receipt Legal reference in office Tracking regulations
days from vs. Actual Opinions rendering legal equpment, System embodied in the
receipt of number of opinions furniture Quarterly legal opinion
the requests Monitor draft and fixture, Accomplish may affect the
request received legal opinions IT support, ment Report quality of audit
being drafted by etc. Semestral report
legal officers DPCR and
Prioritize review, OPCR
finalization and
release of legal
opinions to
requesting party
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Audit thrust No. of Inspection Conduct of Within Manpower RD, ARD, SAs, Quarterly Risk
areas proposed audit of the risk 3rd Budget ATLs Accomplish- assessment
identified plans submitted documents assessment quarter ment Report may not be
through risk by the Audit evidencing of the properly
assessment Groups for the risk Conduct of year Quarterly conducted
within the approval assessmen Regional Status due to lack of
prescribed embodying the t conducted Office’s Audit Report on time
period proposed audit using Planning and the
areas as a Inspection Mid- Implementa- Risk
result of their Checklist year/Year- tion of Audit assessment
risk end Instructions process may
assessment Monitoring Assessment not be
submitted for report adequately
approval vs. documented
total number of in
expected audit accordance
plans with IRRBA
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Regional
Office’s audit
instruction
issued within
the prescribed
period
100% audit No. of audit Monitoring Surprise ongoing Manpower RD, ARD, RD Validation of Listed audit
activities per activities report inspection of Budget for staff reported activities may
audit plan accomplished the offices of MOOE accomplish- not be
undertaken and Audit ments completely
and documented vs. Groups/Teams undertaken
adequately total committed as scheduled
documented activities due to
unexpected
audit
requests/
complaints,
intervening
activities and
multi-tasking
of the SAs
and audit
teams
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
100% AARs No. of AARs AAR Conduct of pre- 1st Manpower RD, ARD, SA, Discussion of AARs
compliant compliant with Review exit conference quarter (ORD staff) ATL, ATM, ORD audit submitted
with the the prescribed Checklist with the for small Office staff-reviewers observations may not be in
prescribed standards and individual Audit agencies supplies Disagreed by conformity
standards guidelines vs. Groups to and 2nd management or with the
and total no. of discuss the quarter items needing prescribed
guidelines expected AARs results of audit for large clarification standards and
for transmittal agencies guidelines
Conduct of Discussion of due to time
three levels of review notes constraints
review: with the Audit
Group/Teams
1st- SA, Audit prior to
Group transmittal
2nd- SA of
ORD
3rd-ARD
4th-RD
100% of No. of AARs Monitoring Creation of On- Manpower RD, ARD and Monitoring of AARs
AARs transmitted Report task force or going RD staff accomplish- submitted
transmitted within the deployment of Budget for ment of task may not be
within the prescribed Transmittal additional MOOE force/deployed transmitted
prescribed period vs. total letters duly personnel to personnel within the
deadlines no. of auditees received by target period
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 4 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
(cities, the assist the Audit
municipality auditees Groups/Teams
and component
units)
90% of 10% No. of audit Agency Periodic Within Manpower RD, ARD, SA of Monitoring/ Audit
increase of recommend- Action Plan follow-up of 3rd ORD Status Report recommend-
audit ations and Status the quart Office ations may
recommend- addressed/acted of implement- er of Supplies not be
ations from by the auditees Implement- ation of audit each acceptable to
the previous vs. total audit ation recommenda year the auditees,
period are recommend- (AAPSI) tions with the thus, may not
implemented ations manage- be addressed/
by the Action Plan ment as acted upon or
auditees No. of audit Monitoring contained in implemented
recommend- Tool the AAPSI
ations (APMT) and the
implemented by APMT
the auditees in Status of
the ensuing Implement-
year vs. total ation of
audit audit
recommendatio recommen
ns contained in dation
the AAR under Part
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 5 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
III of the
AAR
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Audit Thrust No. of Inspection Conduct of risk Within Manpower CD, ACD, SAs, Quarterly The risk
Areas Proposed of the assessment at third Budget for ATLs. Status Report assessment
identified Audit Plan documents the level of the quarter of MOOE on the may not be
through risk (embodying evidencing audit group. the year implementation properly
assessment proposed audit risk of Audit conducted
within the areas as a assessment Instructions due to lack of
prescribed result of risk conducted, Conduct of the time
period assessment) using Cluster Audit Within the Quarterly
submitted Inspection Planning and period Accomplish- The risk
versus total Checklist Mid-year/Year- prescribe ment Reports assessment
number of end Assessment d in COA process may
expected Audit Memoran- not be
Plans dum No. adequately
2016-023 documented.
Cluster’s Audit dated
Instructions November
issued within 14, 2016
the prescribed
period
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
100% audit No. of audit Monitoring Surprise Ongoing Manpower CD, ACD and Validation of Listed audit
activities per activities Report inspection of the Budget for OCD Staff Reported activities may
audit plan accomplished offices of audit MOOE Accomplish- not be
undertaken and groups/teams ments completely
and documented undertaken
adequately vs. total as scheduled
documented committed due to
activities unexpected
audit request/
complaints,
intervening
activities and
multi-tasking
of the SA and
audit teams
100% AARs No. of AARs AAR Conduct of pre- 1st Manpower SAs, ACD, CD Discussion AARs
compliant compliant with Review exit conference quarter for MOOE mainly of audit submitted
with the prescribed Checklist with the small observations may not be in
prescribed standards and indvidual audit agencies disagreed by conformity
standards guidelines group to discuss and 2nd Management with the
and versus total the results of quarter for and items prescribed
guidelines number of audit. large needing standards and
expected agencies clarification guidelines due
AARs to time
constraints
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Conduct of three Discussion of
levels of review: review notes
a. SA of Audit with the audit
Group groups/teams
b. SA of OCD prior to
c. ACD transmittal.
d. CD
100% of No. of AARs Monitoring Creation of task On-going Manpower CD, ACD and Monitoring of AARs
AARs transmitted Report force or Budget for OCD Staff the submitted
transmitted within the deployment of MOOE accomplishment may not be
within the prescribed Transmittal additional of task force / transmitted
prscribed period vs. letters duly personnel to deployed within the
deadlines Total number received by assist the Audit personnel target period
of auditees the auditees Groups/Teams
a. Delayed
submission
by auditees
of their
financial
statements
and reports
b. Intervening
events and
activities to
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 4 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
the audit
work/multi-
tasking
audit
personnel
c. Lack of
staff to do
the audit
work due to
retirement/
resignation
of/sick audit
staff
90% of 10% No. of audit Agency Periodic follow-up Within 3rd Manpower CD, ACD and Monitoring/ Audit
increase of recommend- Action Plan of the quarter of MOOE OCD Staff Status Reports recommend-
audit ations and Status implementation of each year ations may
recommend- addressed/ of audit not be
ations from acted by the Implementa recommendations acceptable to
the previous auditees vs. tion with the the auditees,
period total audit (AAPSI) Management as thus, may not
implemented recommend- contained in the be addressed/
by the ations AAPSI and APMT acted upon or
Action Plan
auditees implemented
Monitoring
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 5 of 5
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Tool
No. of audit (APMT)
recommend-
ations
Status of
implemented
Implement-
by the
ation of audit
auditees in the
recommend-
ensuing year
ation under
vs. total audit
Part III of the
recommend-
AAR
ations
contained in
the AAR
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 2
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
100% Actual number Annual Conduct By end of Training LTCS Weekly Unavailability
targeted of conducted Training survey as to the year Room monitoring of of RPs
number of classes within Plan the needed Training course Failure to
audit the schedule audit-related Manpower offering meet
related vs. targeted Monthly trainings Survey/ schedule minimum
trainings number of Reports under LTP Training Individual number of
for regular audit related Intensify Needs Performance participants
LTP trainings for information Analysis and
conducted regular LTP and forms Commitment
as dissemination Review
scheduled Prioritize LTP (IPCR) and
courses in the Division
schedule PCR
Issue office
order to
participants
within 5 days
before the
conduct of
training
Ensure that
there are
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 2
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
sufficient
number of
coordinators
Prepared by:
COMMISSION ON AUDIT Document Code:COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 2
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
90% of news News E-mail of Monitor daily Daily, before Man- News Monthly Misinterpre-
summaries/ summaries e- summaries newspapers 11 am power Monitoring Report tation by
clippings mailed to COA to COA and online Newspa- Staff IPCR, DPCR the media
provided to officials officials news sites for pers, PIO Director and OPCR regarding
COA officials Monthly news Online issues
on or before compila- regarding news contained
11 am daily tion of COA/audit sites, in the audit
newsclip- issues/ supplies report
pings with questionable and resulting to
summaries govt materials inaccurate
transactions news
Prepare news reporting
summaries Clarification
E-mail the issued by
news the PIO
summaries to when
COA officials necessary
to correct
inaccurate
COMMISSION ON AUDIT Document Code:COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 2
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
news
reporting
90% of public/ No. of public/ Document Public Quarterly Some
media queries media queries Tracking Relations staff Report media/public
& requests for & requests for System PIO Director IPCR, DPCR queries may
official official Logbook Audit team and OPCR involve
documents documents leader/cluster confidential
acted upon acted upon director information
within 3 days within 3 days that cannot be
upon receipt vs. total no. of released
queries and resulting to
requests unauthorized/
premature
disclosure of
information
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 2
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Six Actual no. of Individual Work within Within the Laptop Quality Gantt Chart Failure to
Assessment AsOM issued Performance the timeline as year Office Assurance (QA) Work Plan/ meet
Observation within the Commitment per work plan Supplies Reviewers Monthly Work deadline
Memoranda target and Review Identify Status Report Limited
(AsOM) for deadline for (IPCR) intervening QAQ access to
Engagement the year activities/ checklist information
Level (EL) events before Familiarity
issued plotting with COA’s
yearly timeline practices
within the Render Develop
target overtime if skills in
deadline expected report
deliverables writing
are not met
within the
target date
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 2
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
One QAR Actual no. of IPCR Work within Within the Laptop QA Reviewers Work Plan/ Failure to
Report – EL QAR Report – the timeline as year Office Monthly Work meet
issued EL issued per work plan Supplies Status Report deadline
yearly within the Anticipate and AsOM Develop
within the target provide time Template skills in
target deadline for for intervening report
deadline the year activities/ writing
events
Render
overtime if
expected
deliverables
are not met
within the
target date
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 2
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
100% of Earmarked Document Review/ asap Manpower BEAS personnel Accomplishment Funds may no
funding funds within five Tracking evaluation of GAA /Status Report longer be
request working days Logbook funding requests Evaluation of available
received upon receipt of funding
from request requests and Incomplete
COA make supporting
Central recommendations documents
Offices and
Regions for
earmarking
of funds
released
within the
prescribed
period
100% Certified Document Certify availability asap GAA BEAS personnel Accomplishment Funds may not
Certified claims obligated Tracking of allotments Manpower / Status Report be available,
obligations and released to Logbook Certify availability especially at
on various Accounting Monitoring of allotments year-end
claims and Office within 2 – Slip
projects of 3 working days
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 2
MONITORING
SPECIFIC INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
TARGET MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
different upon receipt of
offices/ claims
regions (DV/ORS)
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 1 of 10
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Contracts
Review:
Office Order, Submission of
80% of requests Memorandum Document Create or assign Immediately Manpower Service Chiefs, Memorandum required
for Technical or Technical Tracking technical teams or within five (technical Infra Services issued by the additional
Evaluation Review System immediately working days personnel A,B,C,D Director Director/Assistant documents to
pertaining to: Reports according to the after receipt of /technical TS Commissioner or complete the
(TERs) Logbook type of contracts request specialist) Head of Office evaluation may
a) contracts on transmitted to to be reviewed. Action Slips not be given on
infrastructure the Office of Technical Supplies, issued by the time by the
projects; the Assistant Review Conduct close materials, Head of Office requesting party
Commissioner, Notes/Review monitoring of office
b) STSS Sheets compliance with equipment,
procurements within ten set timetables furniture
of goods and working days for review of Weekly and and fixture,
services; and from outputs considering IT support, Due to
submission of the timetable etc, insufficient
c) consulting the Service set forth in supporting
services Chief vs. Total COA Circular documents
number of No.2009- required in the
evaluation, and
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 10
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
transmitted to requests for 001.(Section difficulty of
the Office of the TERs 3.1.6: verification
Assistant ): caused by
Commission factors such as
(OAC), STSS P5M & below- inclement
5 working weather and
days (WD) security
problems in
Above P5M project sites,
up to P20M- results may not
14 WDs serve as useful
basis of
Above P20M- Auditor’s action
21 WDs on the
corresponding
With monthly financial
reporting of transaction
work progress or such results
may not
delivered on
time
Technical
Inspection:
Service Chiefs,
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 10
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
80% of request
Memorandum/ Document Create or assign Immediately Manpower - Infra Services Office Order, Physical
for technical IRs Tracking technical teams or within five Senior, A,B,C,D Memorandum Inspection of
inspection on: transmitted to System according to the working days licensed Director, TS issued by the projects in far
the Office of type of contracts after receipt of TAS) Director/Assistant flung areas is
1)Infrastructure the Assistant Logbook to be inspected. request Commissioner or not feasible due
Projects Commissioner, Supplies, Head of Office, to security
accomplish- STSS within Technical materials, Action Slips problems or
ments; and ten working Review office issued by the inclement
days from Notes/Review Conduct close equipment, Head of Office weather
submission of Sheets monitoring of As set forth in furniture conditions
2)Goods
the Service compliance with COA and fixture,
Delivered and
Chief vs total set timetables Memorandum IT support,
Services
no of request for review of No. 2009-074 etc,
Rendered
for Technical outputs and COA
Inspection Circular
transmitted to
No.2009-
the
001.(Section
Office of the
IV.2.f.3), with
Assistant
monthly
Commission
reporting of
(OAC), STSS
work progress
Appraisal
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 4 of 10
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
80% of Reviewed Document Create or assign Immediately Manpower- Appraisal Office Order, Verification of
requests for requests Tracking technical teams or within five Licensed Services Memorandum properties for
Appraisal transmitted to System according to the working days appraiser/ Director, TS issued by the appraisal in far
(ARs) for: the Office of type of contracts after receipt of technical Director/Assistant flung areas is
the Assistant Logbook to be reviewed. request personnel Commissioner or not feasible due
1)Real Estate; Commissioner, Head of Office, to security
and STSS within Technical Supplies, Action Slips problems or
set deadlines Review materials, issued by the inclement
2)Properties for Notes/Review office Head of Office weather
Disposal Sheets Conduct close As set forth in equipment, conditions
monitoring of COA furniture
transmitted to compliance with Memorandum and fixture,
the set timetables No. 2009-074 IT support,
Office of the for review of (Section etc,
Assistant outputs IV.2.f.2) with
Commission monthly
(OAC), STSS reporting of
work progress
per instruction
of the
Capacitate Assistant
technical Commissioner
personnel on , STSS
appraisal
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 5 of 10
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
At least
annually, or
when
appropriate
training body
provides such
training
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 6 of 10
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
IS/IT Audit:
100% of audit
Memorandum/ Document Create and assign Within 30 Technical Audit Team COA IS/IT Audit Risk that the
report for all Audit Reports Tracking audit teams with days from personnel / IS Leader, Team Framework audit failed to
systems prepared/ System consideration to receipt of auditors Supervisor, (CISITAF), detect
audited for reviewed vs. the needed skills request Director standards and weakness
the period transmitted to Logbook to effectively Supplies, guidelines and security
transmitted to the Office of perform the audit materials, gaps in the
the the Assistant Review office system
Office of the Commissioner, Notes/Review Execute a risk- equipment,
Assistant STSS Sheets based IS audit furniture and Risk that the
Commission within ten strategy in fixture, IT report might
(OAC), STSS working days compliance with tools/support, not effectively
from IS audit standards etc, communicate
submission by to ensure that key the risk
the Team risk areas are exposures of
Supervisor audited the system
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
to achieve how the
planned audit agency may
objectives maximize the
Monthly investment in
with report IT to achieve
Conduct close
of work its
monitoring of
progress organizational
compliance with
every 5th goals
set standards and
day of the
timetables for
succeeding
review of outputs
month
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 8 of 10
OFFICE : SYSTEMS CONSULTANCY SERVICES AUDIT OFFICE (INTERNAL CONTROL SYSTEM EVALUATION
AND RESEARCH SERVICES OFFICE)
DIVISION : INTERNAL CONTROL STRUCTURE EVALUATION CONSULTANCY SERVICES
INFORMATION SYSTEMS IMPLEMENTATION CONSULTANCY SERVICES
SPECIAL PROJECTS CONSULTANCY SERVICES
QUALITY OBJECTIVE : To ensure timely delivery of consultancy services and assistance in the evaluation of internal
control
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Conduct of
Consultancy
Services
Letter , either Document Assign request Within two Personnel Action Slip Risk that the
100% of clarifying Tracking immediately to days from with filled-up with consultancy
requests for certain matters System responsible receipt background Division instructions from services/assis
consultancy about the Division for on internal Chief/Team the Director tance
services request; or Logbook evaluation and auditing/ Leader requested
reviewed/acte denying the determination of auditors with Director would not be
d upon- request sent to Review appropriate experience in completed
requesting Notes approach in the internal/exter Letter request due to
party within 15 conduct of nal auditng for budgetary
Assistance days from consultancy Within one meeting/Minutes constraints or
in the receipt- services/ week after of Meeting lack of
design, assistance evaluation Supplies, qualified
developme requested materials, personnel to
nt and Engagement office Accomplishment perform the
installation Letter Conduct equipment, Report stating required task
of Internal prepared and meetings with furniture and status of
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 9 of 10
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
Audit submitted to requesting party Throughout fixture, IT request
Services the Assistant to clarifiy the tools/support, received/ Opportunity to
Commissioner, request, if evaluation etc. evaluation employ
Assistance STSS for warranted process with expertise from
in the review within weekly outside
evaluation one month Conduct close reporting of sources and
of Internal from receipt monitoring of progress gain from
Control evaluation and monthly them the
System procedures; reporting of knowledge
discuss specific work status and skills thru
issues of the every 5th day actual
request with of the practice
responsible succeeding
Division for month
clearer
understanding
and gain the
right perspective At least
once a year
or whenever
Capacitate
updates and
technical
funding are
personnel for
available
updates on
new/current
regulations,
standards
COMMISSION ON AUDIT Document Code: COA-QMSM_QP-0001
Revision No.: 0
QUALITY OBJECTIVES AND PLANS Effectivity Date: 1 Dec 2016
Page No.: 10 of 10
MONITORING
INDICATOR/ KEY ACTIVITIES/ EVALUATION RISKS/
SPECIFIC TARGET METHOD/ TIMELINE RESOURCES RESPONSIBILITIES
MEASUREMENT STRATEGY METHOD/TOOL OPPORTUNITIES
TOOL
applicable to
internal audit
and internal
control
Prepared by:
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 1 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
1. some claims may not be strictly implement first come, Transaction coaching; minimize TPBS
funded on time due to volume first serve basis Processing and tardiness and absences Office of the
Billing Services Director
(TPBS) request for additional
manpower
2. some claims may not be require compliance to COA Transaction check completeness of RMBO
processed due to incomplete Circular 2012-001 for the Processing and completeness of supporting
supporting documents required supporting Billing Services documents prior to receipt
documents for each type of (TPBS) of Disbursement
transactions Vouchers/General Payrolls
3. Computerized system in regular enhancement to Transaction request of system TPBS
processing of claims institute validation controls Processing and enhancement Office of the
and automatic computation of Billing Services Director
earnings and deduction (TPBS)
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Risk assessment may not be Close monitoring of the OCD Schedule risk assessment SA/ATLs
properly conducted due to lack of conduct of risk assessment immediately after the
time transmittal of the audit
report.
The risk assessment process
may not be adequately Updated training on risk
documented. assessment process and
required documentation.
Listed audit activities may not be Prioritization of audit activities OCD/Audit Groups Additional manpower SAs/ATLs
completely undertaken as including the unscheduled
scheduled due to unexpected activities
audit request/ complaints,
intervening activities and multi-
tasking of the SA and audit
teams
AARs submitted may not be in Briefing/re-briefing on the OCD Regular update of the OCD
conformity with the prescribed standards and guidelines in standards and guidelines in
standards and guidelines due to the preparation of AARs the preparation of AARs.
time constraints
AARs submitted may not be Close monitoring of the SAs, ATLs Propose more plantilla OCD
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 3 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
transmitted within the target submission and timely review OCD positions for audit
period due to of the AAR personnel
Audit recommendations may not Thorough discussion of the OCD, SAs Thorough discussion of the OCD, SAs, ATLs
be acceptable to the auditees, audit observations and audit observations and
thus, may not be recommendations with the recommendations with the
addressed/acted upon or auditees. auditees.
implemented
Evaluation/Due consideration Evaluation/Due
of Management’s comments consideration of
in the finalization of the audit Management’s comments
reports. in the finalization of the
audit reports.
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 4 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Thorough review of audit
recommendations which are Thorough review of audit
appropriate, realistic and recommendations which
workable are appropriate, realistic
and workable
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
1. Delay/non-procurement of Monitor and follow up from the PPSMS/GSO Provide assistance / PPSMS/GSO
supplies and materials. Offices concerned/ and guidance of the Office/
supplier/ dealer the current Sector in the procurement
and existing procurement requirements/ process.
contract.
Facilitate the construction
2. Inadequate infrastructure Provide efficient programming BFMS/GSO of PSAO and repairs of Engineering
facilities/ management. and maintenance of existing existing building/structure. grp./GSO
facilities
Organized the indexing/
Enhance the existing filing of Maintained
3. Unavailable information records/information storage Records/GSO Documented Information, Records/GSO
materials/resources. and safekeeping procedure. and Retained Documented
Information to facilitate
retrieval of documents.
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Incomplete documents; delayed Issuance of memorandum HRMO Issuance of memorandum HRMO
or non-submission of required and/or letter to advice Regional Offices for general circulation Administration
documents; submission of required informing Sector
documents. sectors/offices/regions of
documentary requirements
as supporting documents
to proposals for recruitment
and promotion
Non-appearance on scheduled Follow-up with applicants to HRMO Early advice to the HRMO
pre-employment test (PET) and/or request confirmation of Regional Offices applicants of the scheduled
interview; attendance in the scheduled pre-employment
PET at least two days prior to examination through all
Rescheduling of pre-employment the PET. possible means such as
examination and/or interview due text message, e-mail,
to non-appearance; telephone call, letter;
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
recruitment and promotion,
among other
information/requirements
Non-compliance with recruitment Issuance of constant HRMO Issuance of memorandum HRMO
and promotion guidelines, reminders and updates on the Sectors/Offices for general circulation Sectors/Offices
procedures; and documentary policies, guidelines and Regional Offices informing Regional Offices
requirements; procedures in the processing sectors/offices/regions of
of proposals for recruitment the policies, guidelines and
and promotion, among other procedures in the
information/requirements; processing of proposals for
recruitment and promotion,
Judicious review and among other
evaluation of proposals for information/requirements
recruitment and promotion to
ensure compliance with the
policies, guidelines and
procedures
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
ensure their inclusion in the
agenda of the scheduled CP
meeting
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
IAR may not be Close monitoring of Internal Audit Office -Provide timely Internal Audit Office
submitted within the accomplishments intervention through
target deadline coaching and mentoring of
teams
-Anticipate and provide
time for possible
intervening activities
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Network Attack or Regularly introduce new Systems and Apply best practice SNMS, ISAdSS
intrusion to the network updates in network and data Network network and data
infrastructure Spam, security policy Management security policy
Viruses and malicious Acquire or train network Section (SNMS), Induce extensive
attacks which may result security skilled personnel Information Systems training for network
to unauthorized access and adapt new technology Administration and security or recruit highly
to confidential for implementation Support Services skilled personnel
information, data theft or Ensure network device (ISAdSS) Procure backup
service disruption availability in case of network device and
hardware breakdown peripherals, as well as
Able to respond and provide conduct regular
solution to occurrence of an preventive maintenance
incident
Internet Service Initiate/implement alternate SNMS, ISAdSS Obtain redundant ISP SNMS, ISAdSS
Disruption resulting to delivery path with other with same qualification
unavailability of web- internet Service Provider but distinctly separate
based Information (ISP) in data communication
System, email services lines use as alternate or
and other services failover connection
Hardware and Software Document usefulness or Hardware and Maintain an Inventory HSMS, ISAdSS
Obsolescence or that service life of a device and Software List of the hardware
reached end of life, thus, software limited support Management Section and software with the
technical support is no duration (HSMS), ISAdSS information on date of
longer
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 12 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
available/provided by the acquisition and life span
supplier to easily determine
software relevance and
period of replacement
Spam, Viruses and Required use of strong HSMS, ISAdSS Installed anti-virus and HSMS, ISAdSS
malicious attacks which passwords involving a anti-spyware software
may result to denial of combination of numbers, including spam filters,
service, deletion of special characters, etc. and and ensure that these
important files change of passwords are turned on and
regularly updated regularly.
Installation of antivirus Installed a software
software and robust firewall and strict
application of network policy application of network
Training of users policy
Use of Unverified and Information drive on existing HSMS, ISAdSS Restrict user right for HSMS, ISAdSS
Unlicensed Software data and network policy software installation
which may cause harm Application of Data and
to data and other files in Network policy
the computer Training of users
Careless or Uninformed Required use of strong SNMS, ISAdSS Train employees on SNMS, ISAdSS
employees visiting passwords; network and security
unauthorized websites Limiting access to internet best practices
and/or clicking on links sites
in suspicious emails or
opening email
attachments that pose
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 13 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
an enormous security
threat to systems and
data
Reports/documents Ensure that all Web Application and Make follow-ups and WADAS
submitted for publication documents/reports requesting Database request for e-copies not
in the COA website are publication should conform to Administration yet submitted from the
not in the prescribed the following requirements: Services (WADAS) concerned requesting
format causing delay in Web-compliant documents office
the processing and Technical specification
publication standards is applied Conduct annual training
Reports/documents are on formatting of a web-
Hard copies of being returned to the based documents and
reports/documents with concerned office for reports
no e-copy received compliance in the
prescribed format Maintain an up-to-date
Voluminous Request for overtime if procedural
documents/reports were voluminous requirements to
received within the day documents/reports were conform to well-defined
received current standards
Request for corrections Randomly check
on reports/documents documents/reports already Require concerned
already published in the published in the COA requesting office to
COA website website for possible content submit an erratum
errors
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 14 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Database Administration Availability of daily backup WADAS Ensure safe and stable WADAS
–Back up of production which can be restored when backup of all sensitive
database and restoration of database data by maintaining
application system not failed. daily and monthly back-
operational when up. All monthly backup
restored Access to database are shall be brought to
limited to authorized offsite area
personnel only Maintain and improve
Disclosure of sensitive database management
data and security plan.
All ITO employees are
required to sign ITO
Personnel
Confidentiality and
Conflict of Interest
Agreement
ALL IS Users are
required to sign User
Confidentiality
Agreement
Information System Complete and thorough Information Systems Maintain signed and ISDMS
development may not gathering of data pertaining Development and complete
completed on time due to IS Maintenance documentation of IS
to the following: development users Services, (ISDMS) program/user’s
Incomplete definition requirement and business specifications and
of users requirements business rules
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 15 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
and business rules rules Establishment of the
Improper scoping or Involvement of users as part overall scope of the
automation of the project team project to be concurred
boundaries not Clearly Define boundaries and confirmed by the
clearly defined Communicate with the IS users
Other priority tasks/ users regarding on the Systems presentation
lack of manpower, priority tasks/projects and review is being
etc. Training of technical staff on done every two weeks
Lack of technical new development tools Hiring of IT
skills on new programmers
development tools Continuous attendance
in trainings/seminars of
technical staff on new
development tools
System Issues/Concerns Putting into practice of a On-going development
not address in a timely buddy system in system of ITO Helpdesk which
manner due to the development contains database of IS
following: Require from users to issues and resolution
Unavailability of submit System Issues and which can be used as
concerned Concerns Form (SICF) with reference in the
personnel screen shot of the module resolution of system
Request for capturing system errors for issues/concerns
resolution of resolution System Issues and
issues not Submission of request for Concerns Form to
properly change/additional users document system
communicated/ requirement approved by issues and concerns
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 16 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
documented higher authorities with the screen shot of
Urgent and Document all changes/ the module capturing
Constant request additional user system errors are
for system requirements approved by required from the users
enhancements/ higher authorities to ensure with the approval of the
modifications to that user’s needs are met higher authorities
include additional Involvement of users in the Complete
user requirements review of the IS during the definition/
development phase documentation of
system
requirements
during the
software
development
phase
Maintained
documentation of
Changes/Additional
user requirements
approved by higher
authorities
Conduct of Regular
systems presentation
and review
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 17 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Versioning of IS not Track and control versions Quality Assurance For web based QuAIS
properly maintained and of software released to the and Implementation information systems –
identified resulting to operational environment Services (QuAIS) Proper documentation
difficulty in the with their corresponding of the version of the IS
maintenance of the database and the directory/
system location of IS
For Client Server
systems - Proper
labelling of released
versions of IS
Document what
changes were made,
who made the changes
and when the changes
took place
Problems that arose
from a change can then
be followed up by an
examination of who
made the change and
the reasons they gave
for making the change
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Lack of in-house Involving the users as part Allow the users to
skills to implement of the team participate in the design
the IS Users training to enable process
No support from IS users acquire the required There should be
Key users because of skills to utilize the IS. adequate change
other priority task Issue regular reports and management processes
updates to keep users that include user
informed. involvement and
Provision of detailed user training
procedure manuals. Train the users in the
Establishment of a help use of the new system
desk to provide direct Allow the user to test
assistance to users the system
Conduct of users training Establish user support
services
Data Conversion /Data Assistance in the file QuAIS, ISDMS Careful planning of data QuAIS, ISDMS
build-up takes too long conversion of available data conversion
which may result to in MS Excel file format was Identify the criticality of
delay in the being provided to users. data
implementation of the IS Generate back up of all
data prior to migration
Data Integrity and Provision of audit trails on QuAIS Only authorized user QuAIS
Security Issues caused the updates made on the have access to the
by the following: system. system
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 19 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
IS Users/ Employees Provision of application There should be
are not aware of data control to detect updates on preventive and
security policy and the database made outside detective control to
the need to maintain of the system ensure that only valid
or secure data and Issuance of guidelines on data can be entered
security of the security policies / user into the system and that
passwords awareness on data security the data is complete
Proper dissemination of
the security policy and
guidelines
IS Users are required to
sign Users
Confidentiality
Agreement
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Use of IS testing tool trial
versions
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Misinterpretation/ inappropriate Complete staff work thorugh Legal Affairs Office Organized filing and Legal Affairs Office
interpretation of pertinent laws, intensive/ extensive research indexing of Maintained
rules and regulations embodied pertaining to the subject Documented Information,
in the legal opinion may affect matter of the request for legal and Retained Documented
the quality of audit report opinion, i.e. updated Information to facilitate
reference materials, research and rendition of
jurisprudence, and citations legal opinions
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Risk assessment may not be Close monitoring of the ORD Schedule risk assessment SA, ATLs
properly conducted due to lack conduct of risk assessment immediately after the
of time transmittal of audit reports
Listed audit activities may not be Prioritization of listed audit ORD, Audit Groups Additional manpower ORD
completely undertaken as activities including the
scheduled due to unexpected unscheduled activities
audit requests/complaints,
intervening activities and multi-
tasking of the SAs and audit
teams
AARs submitted may not be in Briefing on the standards and ORD Regular update of the ORD
conformity with the prescribed guidelines in the preparation standards and guidelines in
standards and guidelines due to of AARs the preparation of AARs
time constraints
AARs submitted may not be Close monitoring of the ORD Propose more plantilla ORD
transmitted within the target submission and timely review positions for audit
period due to: personnel
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 23 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
a) Delayed submission by Timely follow-up to be done
auditees of their financial by the Audit Teams Recommend the hiring of
statements and reports more audit personnel to be
deployed to the Audit
b) Intervening events and Augmentation of audit Groups
activities to the audit personnel, whenever
work/multi-tasking audit necessary
personnel
Audit recommendations may not Thorough discussion of the ORD, Audit Groups Thorough discussion of the ORD, Audit
be acceptable to the auditees, audit observations and audit observations and Groups
thus, may not be recommendations with the recommendations with the
addressed/acted upon or auditees auditees
implemented
Evaluation/due consideration Evaluation/due
of management’s comments consideration of
in the finalization of the audit management’s comments
reports in the finalization of the
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 24 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
audit reports
Thorough review of audit
recommendations which are Thorough review of audit
appropriate, realistic and recommendations which
workable are appropriate, realistic
and workable
Risk assessment may not be Close monitoring of the ORD Schedule risk assessment SA, ATLs
properly conducted due to lack conduct of risk assessment immediately after the
of time transmittal of audit reports
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Risk assessment may not be Close monitoring of the OCD Schedule risk assessment SA/ATLs
properly conducted due to lack of conduct of risk assessment immediately after the
time transmittal of the audit
report.
The risk assessment process
may not be adequately Updated training on risk
documented. assessment process and
required documentation.
Listed audit activities may not be Prioritization of audit activities OCD/Audit Groups Additional manpower SAs/ATLs
completely undertaken as including the unscheduled
scheduled due to unexpected activities
audit request/ complaints,
intervening activities and multi-
tasking of the SA and audit
teams
AARs submitted may not be in Briefing/re-briefing on the OCD Regular update of the OCD
conformity with the prescribed standards and guidelines in standards and guidelines in
standards and guidelines due to the preparation of AARs the preparation of AARs.
time constraints
AARs submitted may not be Close monitoring of the SAs, ATLs Propose more plantilla OCD
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 26 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
transmitted within the target submission and timely review OCD positions for audit
period due to of the AAR personnel
Audit recommendations may not Thorough discussion of the OCD, SAs Thorough discussion of the OCD, SAs, ATLs
be acceptable to the auditees, audit observations and audit observations and
thus, may not be recommendations with the recommendations with the
addressed/acted upon or auditees. auditees.
implemented
Evaluation/Due consideration Evaluation/Due
of Management’s comments consideration of
in the finalization of the audit Management’s comments
reports. in the finalization of the
audit reports.
COMMISSION ON AUDIT Document Code: COA-QMSM-Form-04_RO
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 29 Dec 2016
Page No.: Page 27 of 32
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Thorough review of audit
recommendations which are Thorough review of audit
appropriate, realistic and recommendations which
workable are appropriate, realistic
and workable
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Unavailability of RPs Invite other RP from pool LTCS Provide a shortlist of RPs LTCS
of RPs per topic
Failure to meet minimum Set another schedule of LTCS Monitor the submission of Databank Unit
number of participants training nomination and follow-up
offices on their nominees
at least one month before
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Misinterpretation by the Issue press PIO Training/ orientation for PIO
media regarding issues statement/letter to editor Concerned Office media practitioners on Directors as resource
contained in the audit clarifying audit issue COA rules, regulations, persons
report resulting in Chairperson- (approval) processes, and reports
inaccuracies in the
report or negative
feedback on COA
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Failure to meet deadline Match current manpower QA Directors Anticipate and provide QA Directors
capacity during planning time for possible
before setting the target intervening activities
number of reviews/ Exhaust all areas to be
commitment considered in the
planning stage
Limited access to Set expectations during QA Directors Ensure that all QA Directors
information entrance conference by QA Reviewers agreements are QA Reviewers
having an agreement on Division Chief of documented in the Division Chief of
unrestricted access to concerned offices minutes of meeting concerned offices
information Supervising Auditors/ Supervising Auditors/
Audit Team Leaders of Audit Team Leaders of
Audit Groups/Teams Audit Groups/Teams
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
4. some claims may not strictly implement first BEAS coaching; minimize BEAS
be funded on time come, first serve basis tardiness and absences Office of the
due to volume Director
5. some claims may not make representations with BEAS request for funds to DBM BEAS
be processed due to DBM BPS supported with budgetary Office of the
lack of funds Office of the reports Director
Director
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Contracts Review
Technical Inspection
Appraisal
Service Chiefs, Infra Provide to requesting Service Chiefs and
Submission of required additional Conduct follow-up of Services A,B,C,D parties a checklist of Director –TSO and
documents to complete the documents required for Director TS documents to be submitted other
evaluation may not be given on evaluation; intensify and disseminate regularly Sectors/clusters
time by the requesting party coordination with respective and update the same for
auditors/cluster/sector information and compliance
Difficulty of verification caused by Coordinate with agencies Service Chiefs, Infra Develop alternative Service Chiefs and
factors such as inclement which can assist and provide Services A,B,C,D approach/procedures by Director –TSO and
weather and security problems in security to personnel who will Director TS way of policy formulation to other
project sites; thus, results may conduct the verification; arrive at reliable Sectors/clusters
not serve as useful basis of conclusions/results
Auditor’s action on the Coordinate with requesting
corresponding financial parties for conduct proper
transaction or such results may scheduling of technical work
not be delivered on time
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
1. some claims may not be strictly implement first Transaction coaching; minimize TPBS
funded on time due to come, first serve basis Processing and tardiness and absences Office of the
volume Billing Services Director
(TPBS) request for additional
manpower
2. some claims may not be require compliance to COA Transaction check completeness of RMBO
processed due to Circular 2012-001 for the Processing and completeness of
incomplete supporting required supporting Billing Services supporting documents
documents documents for each type of (TPBS) prior to receipt of
transactions Disbursement
Vouchers/General
Payrolls
3. Computerized system in regular enhancement to Transaction request of system TPBS
processing of claims institute validation controls Processing and enhancement Office of the
and automatic computation Billing Services Director
of earnings and deduction (TPBS)
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Risk assessment may not be Close monitoring of the OCD Schedule risk SA/ATLs
properly conducted due to lack conduct of risk assessment assessment immediately
of time after the transmittal of the
audit report.
The risk assessment process
may not be adequately Updated training on risk
documented. assessment process and
required documentation.
Listed audit activities may not Prioritization of audit OCD/Audit Groups Additional manpower SAs/ATLs
be completely undertaken as activities including the
scheduled due to unexpected unscheduled activities
audit request/ complaints,
intervening activities and
multi-tasking of the SA and
audit teams
AARs submitted may not be in Briefing/re-briefing on the OCD Regular update of the OCD
conformity with the prescribed standards and guidelines in standards and guidelines
standards and guidelines due the preparation of AARs in the preparation of
to time constraints AARs.
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 3
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
AARs submitted may not be Close monitoring of the SAs, ATLs Propose more plantilla OCD
transmitted within the target submission and timely OCD positions for audit
period due to review of the AAR personnel
Audit recommendations may Thorough discussion of the OCD, SAs Thorough discussion of OCD, SAs, ATLs
not be acceptable to the audit observations and the audit observations
auditees, thus, may not be recommendations with the and recommendations
addressed/acted upon or auditees. with the auditees.
implemented
Evaluation/Due Evaluation/Due
consideration of consideration of
Management’s comments in Management’s
comments in the
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 3
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
the finalization of the audit finalization of the audit
reports. reports.
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
1. Delay/non-procurement of Monitor and follow up from PPSMS/GSO Provide assistance / PPSMS/GSO
supplies and materials. the Offices concerned/ and guidance of the Office/
supplier/ dealer the current Sector in the
and existing procurement procurement
contract. requirements/ process.
3. Unavailable information Enhance the existing Records/GSO Organized the indexing/ Records/GSO
materials/resources. records/information storage filing of Maintained
and safekeeping procedure. Documented Information,
and Retained
Documented Information
to facilitate retrieval of
documents.
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Incomplete documents; Issuance of memorandum HRMO Issuance of HRMO
delayed or non-submission of and/or letter to advice Regional Offices memorandum for general Administration
required documents; submission of required circulation informing Sector
documents. sectors/offices/regions of
documentary
requirements as
supporting documents to
proposals for recruitment
and promotion
Non-appearance on scheduled Follow-up with applicants to HRMO Early advice to the HRMO
pre-employment test (PET) request confirmation of Regional Offices applicants of the
and/or interview; attendance in the scheduled scheduled pre-
PET at least two days prior employment examination
Rescheduling of pre- to the PET. through all possible
employment examination means such as text
and/or interview due to non- message, e-mail,
appearance; telephone call, letter;
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
proposals for recruitment submission of proposals
and promotion for recruitment and
promotion, among other
information/requirements
Non-compliance with Issuance of constant HRMO Issuance of HRMO
recruitment and promotion reminders and updates on Sectors/Offices memorandum for general Sectors/Offices
guidelines, procedures; and the policies, guidelines and Regional Offices circulation informing Regional Offices
documentary requirements; procedures in the sectors/offices/regions of
processing of proposals for the policies, guidelines
recruitment and promotion, and procedures in the
among other processing of proposals
information/requirements; for recruitment and
promotion, among other
Judicious review and information/requirements
evaluation of proposals for
recruitment and promotion
to ensure compliance with
the policies, guidelines and
procedures
Volume of proposals received Continuous processing of HRMO Continuous processing of HRMO
by the HRMO; proposals for recruitment proposals for recruitment
and promotion as soon as and promotion as soon
received as received
Schedule of deliberations of Compliance with cut-off HRMO
approving authorities and dates set by the COMSEC
signing of appointments for the submission of
beyond the control of HRMO proposals for recruitment
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 3
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
and promotion to ensure
their inclusion in the agenda
of the scheduled CP
meeting
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
IAR may not be Close monitoring of Internal Audit Office -Provide timely Internal Audit Office
submitted within the accomplishments intervention through
target deadline coaching and mentoring
of teams
-Anticipate and provide
time for possible
intervening activities
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Network Attack or Regularly introduce Systems and Network Apply best practice SNMS, ISAdSS
intrusion to the new updates in Management network and data
network infrastructure network and data Section (SNMS), security policy
Spam, Viruses and security policy Information Systems Induce extensive
malicious attacks Acquire or train Administration and training for network
which may result to network security Support Services security or recruit
unauthorized access skilled personnel and (ISAdSS) highly skilled
to confidential adapt new personnel
information, data theft technology for Procure backup
or service disruption implementation network device and
Ensure network peripherals, as well
device availability in as conduct regular
case of hardware preventive
breakdown maintenance
Able to respond and
provide solution to
occurrence of an
incident
Internet Service Initiate/implement SNMS, ISAdSS Obtain redundant ISP SNMS, ISAdSS
Disruption resulting to alternate delivery with same
unavailability of web- path with other qualification but
based Information internet Service distinctly separate in
System, email services Provider (ISP) data communication
and other services
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 11
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
lines use as alternate
or failover connection
Hardware and Document Hardware and Software Maintain an Inventory HSMS, ISAdSS
Software usefulness or service Management Section List of the hardware
Obsolescence or that life of a device and (HSMS), ISAdSS and software with the
reached end of life, software limited information on date of
thus, technical support support duration acquisition and life
is no longer span to easily
available/provided by determine software
the supplier relevance and period
of replacement
Spam, Viruses and Required use of HSMS, ISAdSS Installed anti-virus HSMS, ISAdSS
malicious attacks strong passwords and anti-spyware
which may result to involving a software including
denial of service, combination of spam filters, and
deletion of important numbers, special ensure that these are
files characters, etc. and turned on and
change of passwords updated regularly.
regularly Installed a software
Installation of firewall and strict
antivirus software application of
and robust network policy
application of
network policy
Training of users
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 11
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Use of Unverified and Information drive on HSMS, ISAdSS Restrict user right for HSMS, ISAdSS
Unlicensed Software existing data and software installation
which may cause harm network policy
to data and other files Application of Data
in the computer and Network policy
Training of users
Careless or Required use of SNMS, ISAdSS Train employees on SNMS, ISAdSS
Uninformed strong passwords; network and security
employees visiting Limiting access to best practices
unauthorized websites internet sites
and/or clicking on
links in suspicious
emails or opening
email attachments that
pose an enormous
security threat to
systems and data
Reports/documents Ensure that all Web Application and Make follow-ups and WADAS
submitted for documents/reports Database Administration request for e-copies
publication in the COA requesting publication Services (WADAS) not yet submitted
website are not in the should conform to the from the concerned
prescribed format following requirements: requesting office
causing delay in the Web-compliant
processing and documents Conduct annual
publication Technical training on formatting
specification of a web-based
standards is applied
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 4 of 11
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Hard copies of Reports/documents documents and
reports/documents are being returned to reports
with no e-copy the concerned office
received for compliance in the Maintain an up-to-
prescribed format date procedural
Voluminous Request for overtime requirements to
documents/reports if voluminous conform to well-
were received within documents/reports defined current
the day were received standards
Randomly check
Request for documents/reports Require concerned
corrections on already published in requesting office to
reports/documents the COA website for submit an erratum
already published in possible content
the COA website errors
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
management and
security plan.
All ITO employees
are required to sign
ITO Personnel
Confidentiality and
Conflict of Interest
Agreement
ALL IS Users are
required to sign User
Confidentiality
Agreement
Information System Complete and Information Systems Maintain signed and ISDMS
development may not thorough gathering Development and complete
completed on time due of data pertaining to Maintenance Services, documentation of IS
to the following: IS (ISDMS) program/user’s
Incomplete development users specifications and
definition of users requirement and business rules
requirements and business rules Establishment of the
business rules Involvement of users overall scope of the
Improper scoping as part of the project project to be
or automation team concurred and
boundaries not Clearly Define confirmed by the
clearly defined boundaries users
Other priority tasks/ Communicate with Systems presentation
lack of manpower, the IS users and review is being
etc.
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 6 of 11
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
regarding on the done every two
Lack of technical
skills on new priority tasks/projects weeks
development tools Training of technical Hiring of IT
staff on new programmers
development tools Continuous
attendance in
trainings/seminars of
technical staff on new
development tools
System Putting into practice On-going
Issues/Concerns not of a buddy system in development of ITO
address in a timely system development Helpdesk which
manner due to the Require from users contains database of
following: to submit System IS issues and
Unavailability of Issues and Concerns resolution which can
concerned Form (SICF) with be used as reference
personnel screen shot of the in the resolution of
Request for module capturing system
resolution of system errors for issues/concerns
issues not resolution System Issues and
properly Submission of Concerns Form to
communicated/ request for document system
documented change/additional issues and concerns
Urgent and users requirement with the screen shot
Constant approved by higher of the module
request for authorities capturing system
system errors are required
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 7 of 11
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
enhancements/ Document all from the users with
modifications to changes/ additional the approval of the
include user requirements higher authorities
additional user approved by higher Complete
requirements authorities to ensure definition/
that user’s needs are documentation
met of system
Involvement of users requirements
in the review of the during the
IS during the software
development phase development
phase
Maintained
documentation of
Changes/Additional
user requirements
approved by higher
authorities
Conduct of Regular
systems presentation
and review
Versioning of IS not Track and control Quality Assurance and For web based QuAIS
properly maintained versions of software Implementation Services information systems –
and identified released to the (QuAIS) Proper documentation
resulting to difficulty operational of the version of the
in the maintenance of environment with IS and the directory/
the system location of IS
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 8 of 11
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
their corresponding For Client Server
database systems - Proper
labelling of released
versions of IS
Document what
changes were made,
who made the
changes and when
the changes took
place
Problems that arose
from a change can
then be followed up
by an examination of
who made the change
and the reasons they
gave for making the
change
Delay or non- Emphasize system QuAIS Stress the QuAIS
implementation of the ownership by the advantages of the
IS due to the users in order to gain computerized system
following: the users’ support Allow the users to
Users’ resistance and acceptance. participate in the
Lack of in-house Involving the users design process
skills to implement as part of the team There should be
the IS Users training to adequate change
enable users acquire management
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 9 of 11
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
No support from IS the required skills to processes that
Key users because utilize the IS. include user
of other priority Issue regular reports involvement and
task and updates to keep training
users informed. Train the users in the
Provision of detailed use of the new
user procedure system
manuals. Allow the user to test
Establishment of a the system
help desk to provide Establish user
direct assistance to support services
users
Conduct of users
training
Data Conversion /Data Assistance in the file QuAIS, ISDMS Careful planning of QuAIS, ISDMS
build-up takes too conversion of data conversion
long which may result available data in MS Identify the criticality
to delay in the Excel file format was of data
implementation of the being provided to Generate back up of
IS users. all data prior to
migration
Data Integrity and Provision of audit QuAIS Only authorized user QuAIS
Security Issues trails on the updates have access to the
caused by the made on the system. system
following:
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 10 of 11
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
IS Users/ Provision of There should be
Employees are not application control to preventive and
aware of data detect updates on detective control to
security policy and the database made ensure that only valid
the need to outside of the system data can be entered
maintain or secure Issuance of into the system and
data and security of guidelines on the that the data is
passwords security policies / complete
user awareness on Proper dissemination
data security of the security policy
and guidelines
IS Users are required
to sign Users
Confidentiality
Agreement
Insufficient QA testing Review and Approval QuAIS Documentation of the QuAIS
done on all modules of QA test plan and testing conducted
due to lack of software test procedures to (with screen shots)
tools to support ensure Work paper on the
testing for IS (stress completeness in the result of testing
testing; scalability, testing should be reviewed
etc.) Made use of and approved
available information Acquisition of
on the web about available testing tools
test automation or and proper training of
general information QA team
available on some
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 11 of 11
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
test tools, vendor
sites or testing
articles prior to
acquisition
Use of IS testing tool
trial versions
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Misinterpretation/ Complete staff work thorugh Legal Affairs Organized filing and Legal Affairs
inappropriate interpretation of intensive/ extensive Office indexing of Maintained Office
pertinent laws, rules and research pertaining to the Documented Information,
regulations embodied in the subject matter of the and Retained
legal opinion may affect the request for legal opinion, Documented Information
quality of audit report i.e. updated reference to facilitate research and
materials, jurisprudence, rendition of legal opinions
and citations
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Risk assessment may not be Close monitoring of the ORD Schedule risk SA, ATLs
properly conducted due to conduct of risk assessment assessment immediately
lack of time after the transmittal of
audit reports
Risk assessment process may Updated training on risk
not be adequately documented assessment process and
in accordance with IRRBA required documentation
Listed audit activities may not Prioritization of listed audit ORD, Audit Additional manpower ORD
be completely undertaken as activities including the Groups
scheduled due to unexpected unscheduled activities
audit requests/complaints,
intervening activities and
multi- tasking of the SAs and
audit teams
AARs submitted may not be in Briefing on the standards ORD Regular update of the ORD
conformity with the prescribed and guidelines in the standards and guidelines
standards and guidelines due preparation of AARs in the preparation of
to time constraints AARs
AARs submitted may not be Close monitoring of the ORD Propose more plantilla ORD
transmitted within the target submission and timely positions for audit
period due to: review personnel
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 3
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
a) Delayed submission by
auditees of their financial Timely follow-up to be done Recommend the hiring of
statements and reports by the Audit Teams more audit personnel to
be deployed to the Audit
b) Intervening events and Groups
activities to the audit Augmentation of audit
work/multi-tasking audit personnel, whenever
personnel necessary
Audit recommendations may Thorough discussion of the ORD, Audit Thorough discussion of ORD, Audit
not be acceptable to the audit observations and Groups the audit observations Groups
auditees, thus, may not be recommendations with the and recommendations
addressed/acted upon or auditees with the auditees
implemented
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 3
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Evaluation/due Evaluation/due
consideration of consideration of
management’s comments in management’s
the finalization of the audit comments in the
reports finalization of the audit
reports
Thorough review of audit
recommendations which are Thorough review of audit
appropriate, realistic and recommendations which
workable are appropriate, realistic
and workable
Risk assessment may not be Close monitoring of the ORD Schedule risk SA, ATLs
properly conducted due to conduct of risk assessment assessment immediately
lack of time after the transmittal of
audit reports
Risk assessment process may Updated training on risk
not be adequately documented assessment process and
in accordance with IRRBA required documentation
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Risk assessment may not be Close monitoring of the OCD Schedule risk SA/ATLs
properly conducted due to lack conduct of risk assessment assessment immediately
of time after the transmittal of the
audit report.
The risk assessment process
may not be adequately Updated training on risk
documented. assessment process and
required documentation.
Listed audit activities may not Prioritization of audit OCD/Audit Groups Additional manpower SAs/ATLs
be completely undertaken as activities including the
scheduled due to unexpected unscheduled activities
audit request/ complaints,
intervening activities and
multi-tasking of the SA and
audit teams
AARs submitted may not be in Briefing/re-briefing on the OCD Regular update of the OCD
conformity with the prescribed standards and guidelines in standards and guidelines
standards and guidelines due the preparation of AARs in the preparation of
to time constraints AARs.
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 2 of 3
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
AARs submitted may not be Close monitoring of the SAs, ATLs Propose more plantilla OCD
transmitted within the target submission and timely OCD positions for audit
period due to review of the AAR personnel
Audit recommendations may Thorough discussion of the OCD, SAs Thorough discussion of OCD, SAs, ATLs
not be acceptable to the audit observations and the audit observations
auditees, thus, may not be recommendations with the and recommendations
addressed/acted upon or auditees. with the auditees.
implemented
Evaluation/Due Evaluation/Due
consideration of consideration of
Management’s comments in Management’s
comments in the
COMMISSION ON AUDIT Document Code: COA-QMSM_RO-0001
Revision No.: 0
RISKS AND OPPORTUNITIES WITH ACTION PLANS Effectivity Date: 1 Dec 2016
Page No.: 3 of 3
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
the finalization of the audit finalization of the audit
reports. reports.
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Unavailability of RPs Invite other RP from LTCS Provide a shortlist of LTCS
pool of RPs RPs per topic
Failure to meet Set another schedule of LTCS Monitor the submission Databank Unit
minimum number of training of nomination and
participants follow-up offices on their
nominees at least one
month before
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Misinterpretation by Issue press PIO Training/ orientation for PIO
the media regarding statement/letter to editor Concerned Office media practitioners on Directors as resource
issues contained in clarifying audit issue COA rules, regulations, persons
the audit report Chairperson- (approval) processes, and reports
resulting in
inaccuracies in the
report or negative
feedback on COA
Develop a one-page PIO
media guide on COA to ITO
be uploaded in website
Some media/public Explain principle of PIO Develop information PIO
queries may involve confidentiality in audit to materials such as
confidential requesting party brochures explaining
information that COA principles and
cannot be released procedures
resulting in
dissatisfaction of
requesting party
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Failure to meet Match current QA Directors Anticipate and QA Directors
deadline manpower capacity provide time for
during planning before possible intervening
setting the target activities
number of reviews/ Exhaust all areas to
commitment be considered in the
planning stage
Limited access to Set expectations during QA Directors Ensure that all QA Directors
information entrance conference by QA Reviewers agreements are QA Reviewers
having an agreement on Division Chief of documented in the Division Chief of
unrestricted access to concerned offices minutes of meeting concerned offices
information Supervising Auditors/ Supervising Auditors/
Audit Team Leaders Audit Team Leaders
of Audit of Audit
Groups/Teams Groups/Teams
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
1. some claims may strictly implement first BEAS coaching; minimize BEAS
not be funded on come, first serve basis tardiness and absences Office of the
time due to volume Director
2. some claims may make representations BEAS request for funds to BEAS
not be processed with DBM BPS DBM supported with Office of the
due to lack of Office of the budgetary reports Director
funds Director
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Contracts Review
Technical Inspection
Appraisal
Service Chiefs, Infra Provide to requesting Service Chiefs
Submission of required Conduct follow-up of Services A,B,C,D parties a checklist of and Director –
additional documents to documents required for Director TS documents to be TSO and other
complete the evaluation may evaluation; intensify submitted and Sectors/clusters
not be given on time by the coordination with respective disseminate regularly
requesting party auditors/cluster/sector and update the same for
information and
Service Chiefs, Infra compliance
Difficulty of verification caused Services A,B,C,D
by factors such as inclement Coordinate with agencies Director TS Service Chiefs
weather and security problems which can assist and provide and Director –
in project sites; thus, results security to personnel who Develop alternative TSO and other
may not serve as useful basis will conduct the verification; approach/procedures by Sectors/clusters
of Auditor’s action on the way of policy formulation
corresponding financial Coordinate with requesting to arrive at reliable
transaction or such results may parties for conduct proper conclusions/results
not be delivered on time scheduling of technical work
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Risk that the consultancy Develop realistic work plan Division chiefs and Research on current Division Chiefs
services/assistance requested and corresponding budget Director SCSO consultancy practices for and Director
would not be completed due to benchmarking
budgetary constraints or lack Discuss thoroughly the
of qualified personnel to details of consultancy Develop standard
perform the required task project and specific operating procedures for
requirements prior to strict implementation
signing of consultancy Service Chiefs,
contracts Infra Services
A,B,C,D Director Conduct regular capacity
Involve qualified and TS building of personnel and
efficient personnel in the hire highly qualified
consultancy projects personnel
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Risks:
Poor selection of systems to Conduct periodic Division chiefs and Gather data thru survey Service Chiefs
be subjected to audit assessment of systems Director from agencies with the and Director
being used in different assistance of other
agencies to determine offices
which system is most
The audit team might not cover vulnerable to threats and Conduct regular capacity
all areas within the given time wastage of resource building of personnel to
enhance their skills and
The team members might not Conduct risk assessment knowledge
have the required skills to on the target system
effectively perform the audit
RESPONSIBLE RESPONSIBLE
RISK/OPPORTUNITY MITIGATION PREVENTION
OFFICES/UNITS OFFICES/UNITS
Opportunity Conduct trainings on writing
IS Review Observation
Take advantage of existing Memorandum (ISROM) Technical Review
(available) tools/program Section / All
utilities/software to make the Knowledgeable official shall Services / ITAO
conduct of inspections more provide guidance to the
efficient, and faster analysis of audit team thru supervision
data for audit
Perform continuous
research on available tools
and prepare a business
case for the possible use of
the same
COMMISSION ON AUDIT
Commonwealth Avenue, Quezon City, Philippines
WHEREAS, Administrative Order (AO) No. 161, series 2006, dated October 5,
2006 and Executive Order No. 605, dated February 23, 2007 formally
institutionalized Quality Management System in Government to identify specific
actions to improve the country’s competitiveness ranking in the areas of business and
government efficiency, and adopt the ISO 9001:2000 Quality Management Systems
(ISO-QMS) as part of the implementation of a government-wide quality management
program, respectively;
WHEREAS, under said Executive Order No. 605, the Constitutional offices
are also encouraged to develop ISO-QMS and pursue certification;
Page 1 of 3
WHEREAS, Memorandum Circular No. 2016-1 dated May 12, 2016 issued by
the Inter-Agency Task Force on the Harmonization of National Government
Performance Monitoring, Information and Reporting Systems prescribes in the Fiscal
Year 2016 Performance Targets the establishment of a Quality Management System
for at least one core process certified by any international certifying body approved
by the AO 25 IATF or ISO-aligned documentation of its QMS for one core process as
evidenced by the presence of the following documents in the agency Transparency
Seal:
As the nation’s Supreme Audit Institution and enabling partner of public sector
organizations, the COA is committed to pursuing organizational excellence by:
Adhering strictly to legal, moral and ethical principles and the highest degree of
integrity, independence, objectivity and professionalism;
To attain this commitment, the COA monitors and reviews its quality
performance through the implementation of an effective QMS.
Page 2 of 3
FURTHER, the Commission Proper resolves, as it does hereby resolve, to
approve and adopt the COA QMS Manual and PAWIM for the Commission on
Audit, herein attached as Annexes A and B respectively, to this Resolution and made
an integral part thereof.
Original Signed
MICHAEL G. AGUINALDO
Chairman
Page 3 of 3
COMMISSION ON AUDIT
Revision No.: 0
DOCUMENT CODES REFERENCE Effectivity Date: 29 Dec 2016
Page No.: Page 1 of 2
QMS Manual
1. QMS Manual COA-QMSM-01
2. Quality Management Review COA-QMSM-Template-01_QMR
3. Appendices
a. List of Audit Groups and Teams (CGS) COA-QMSM_LAGT
b. List of Audit Groups and Teams (NGS) COA-QMSM_LAGT
c. List of Audit Groups and Teams (LGS) COA-QMSM_LAGT
4. Resolution COA Resolution No. 2016-026
5. Annexes
a. RIPs Issues and Action Plans COA-QMSM-Form-01_RIAP
b. Control of External Provider COA-QMSM-Form-02_CEP
c. Quality Objectives and Plans COA-QMSM-Form-03_QOP
d. Risks and Opportunities COA-QMSM-Form-04_RO
PAWIM
1. Government Auditing Services COA-PAWIM-GAS-01
a. Audit Group Action Plan COA-PAWIM-GAS-Form-01_AGAP
b. RSA Audit Plan COA-PAWIM-GAS-Form-02_RSAAP
c. Agency Audit Workstep COA-PAWIM-GAS-Form-03_AAW
d. UTA Template COA-PAWIM-GAS-Form-04_UTA
e. Agency Risk Identification Matrtix COA-PAWIM-GAS-Form-05_AgRIM
f. Agency Level Control Checklist COA-PAWIM-GAS-Form-06_ALCC
g. Process-Risk Control Matrix COA-PAWIM-GAS-Form-07_PRCM
h. Audit Test Summary COA-PAWIM-GAS-Form-08_ATS
i. Audit Program COA-PAWIM-GAS-Form-09_AP
j. AOM COA-PAWIM-GAS-Form-10_AOM
k. NS COA-PAWIM-GAS-Form-11_NS
l. ND COA-PAWIM-GAS-Form-12_ND
m. NC COA-PAWIM-GAS-Form-13_NC
n. SAOR COA-PAWIM-GAS-Form-14_SAOR
o. AAR Checklist Form COA-PAWIM-GAS-Form-15_AARC
p. AAPSI COA-PAWIM-GAS-Form-16_AAPSI
q. Action Plan Monitoring Tool COA-PAWIM-GAS-Form-17_APMT
r. Quality Inspection Tool COA-PAWIM-GAS-Form-18_QIT
2. Maintenance of Documented Information COA-PAWIM-MDI-01
a. Maintained Documented Information
Matrix (Annex “A”) COA-PAWIM-MDI-Form-01_MDI
b. Document Masterlist (Annex “B”) COA-PAWIM-MDI-Form-02_DM
c. Document History and Copy Holder
Matrix (Annex “C”) COA-PAWIM-MDI-Form-03_DHCHM
3. Retention of Documented Information COA-PAWIM-RDI-01
a. Records Retrieval Reference Form
(Annex “A) COA-PAWIM-RDI-Form-01_RRR
b. Records Disposal Schedule Form
(Annex “B”) COA-PAWIM-RDI-Form-02_RDS
COMMISSION ON AUDIT
Revision No.: 0
DOCUMENT CODES REFERENCE Effectivity Date: 29 Dec 2016
Page No.: Page 2 of 2