INTERNAL CONTROL

These are the mechanisms, rules, and procedures implemented by a company to ensure the integrity of financial and accounting
information, promote accountability, and prevent fraud.

Four Broad Objectives

1. To safeguard assets of 2. To ensure the accuracy 3. To promote efficiency 4.To measure compliance
the firm. and reliability of accounting in the firm’s operations. with management’s
records and information. prescribed policies and
procedures.

Subject to Modifying Principles

Management Changing
Responsibility Conditions
Methods of
Data Limitations
Processing

PDC Control COSO Framework

Three Components: (Statement of Auditing Standards No. 109)
1. Preventive Five Components:
2. Detective 1. Control Environment
2. Risk Assessment
3. Corrective Could be 3. Information and Communication
cured by 4. Monitoring
5. Control Activities
Additional Notes:
1. Modifying Principles
a. Management Responsibility
➢ Establishment and maintenance of a system of internal control.
b. Methods of Data Processing
➢ The internal control system should achieve the four broad objectives regardless of the data processing method
used (whether manual or computer based).
c. Limitations
➢ Possibility of Error
➢ Circumvention (e.g., collusion)
➢ Management Override
➢ Changing Condition (e.g., new existing conditions that lead internal controls to be ineffectual)
d. Reasonable Assurance
➢ Four broad objectives should be met without unnecessary costs and with greater benefits.
2. PDC Control
a. Preventive Controls
➢ These are passive techniques designed to reduce the frequency of occurrence of undesirable events.
➢ Example: Well-designed data entry prevents fraud existence
b. Detective Controls
➢ These are devices, techniques, and procedures designed to identify and expose undesirable events that elude
preventive controls.
➢ Example: Detecting a numerical error in a customer sale order.
c. Corrective Controls
➢ These are controls used in fixing the detected undesirable events.
➢ Example: Termination a process or Rebooting a system
3. COSO Framework
a. Control Environment
➢ Auditors’ awareness of the organization’s structure, through knowing the attitude and background of key
managers and clients, regarding internal controls.
➢ For Example: Doing background checks
b. Risk Assessment
 ➢ Auditors obtain sufficient knowledge of the organization’s risk assessment procedures to understand how
management identifies, prioritizes, and manages the risks related to financial reporting.
➢ For Example: Changes in the operating environment that may affect the existing internal controls
c. Information and Communication
➢ Auditors must obtain sufficient knowledge on material transaction processing and financial reporting process of
the organization.
➢ For Example: Computer system used for communication
d. Monitoring
➢ Management must determine that internal controls are functioning as intended.
➢ For Example: Timely reports allow managers in functional areas such as sales, purchasing, production, and cash
disbursements to oversee and control their operations.
e. Control Activities
➢ These are the policies and procedures used to ensure that appropriate actions are taken to deal with the
organization’s identified risks.
➢ For Example: Physical Controls which involves transaction authorization, segregation of duties, supervision
(also known as compensating control), accounting records, access control, and independent verification. Also,
Information Technology Controls which involves general control (general application) and application controls
(specific application).