Divine Word College of Bangued

Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

Module in Corporate Governance, Business Ethics, Risk Management, & Internal Control

Course Code: AE10

Course Title: Corporate Governance, Business Ethics, Risk Management, &
Internal Control
Unit Credit: 3 units
Contact Hours/Week: 3 hours
Prerequisite: AE 15 (Intermediate Accounting 1)

Course Description:

This course is designed to provide students with the conceptual knowledge about the
Principles of Corporate Governance, framework and practices relating to corporate risk
management, appropriate business policies and practices which is known as business ethics, and
Internal controls which are the mechanisms, rules, and procedures implemented by an
organization to ensure the integrity of financial and accounting information, promote
accountability, and prevent fraud. This course will also cover how the four topics relate and its
importance to the audit process.

Introduction

This module is designed to give students hindsight regarding some of the important and
leading factors to look at in a business or organization serve as the backbone of operations. It
aims to provide students clear picture on a business’ or organization’s overall structure, policies
and procedures, how it handles unwanted circumstances, adapt to changes and series of events,
and the likes.

It also orients the students on the audit procedure in palling audit procedures, especially
on the planning phase where assessment of the business internal control is performed.

Ultimately, the different sectors of accountancy profession and practices shall also be
discussed and introduced.

Corporate Governance, Business Ethics, Risk Management, & Internal Control 1

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

MODULE ONE

Introduction to Internal Controls

This module provides to introduce the importance of internal control and the internal
control system, identify the different components of internal control and describe the basic
approach to planning an audit based on an understanding of internal control.

The techniques to document the auditor’s understanding of an entity’s internal control

structure shall also be described as well as how control risk is assessed, and the implications of
this assessment to the rest of the financial statement audit process.

Furthermore, a limitation of the internal controls shall also be covered along with the
implication of internal control deficiencies.

General Objective

By the end of this module, the student shall be familiarized with the terms used
surrounding the internal control process and its importance on the entity’s structure. The
students will also be able to be aware and distinguish the different components of internal
control.

Moreover, they shall have enough idea on the internal control’s relevance in the audit
approach and its current limitations.

Lesson 1 Study and Evaluation of Internal Control

Specific Objectives:

At the end of the lesson, the student should be able to:

1. Define internal controls

2. Discuss the importance of an internal control
3. Identify the different components of internal control
4. Describe the basic approach to planning an audit based on an understanding of
internal control
5. Discuss the techniques that may be used to document the auditor’s understanding of
an entity’s internal control structure
6. Describe how control risk is assessed, and the implications of this assessment to the
rest of the financial statement audit process.
7. Enumerate the different ways in testing the effectiveness of internal controls
Corporate Governance, Business Ethics, Risk Management, & Internal Control 2

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

8. Discuss the disposition of significant deficiencies in internal control

Topics

1. Internal Control and Internal Control System

2. Components of Internal Control
3. Inherent Limitations of internal control
4. Audit of internal controls

Internal Control and Internal Control System

Internal Control is a process, effected by an entity’s board of directors, management and

other personnel, designed to provide reasonable assurance regarding the achievement of
objectives in the following categories:

• Effectiveness and efficiency of operations

• Reliability of financial reporting
• Compliance with applicable laws and regulations

Internal Control System on the other hand consists all the policies and procedures
adopted by the management of an entity to assist in achieving management’s objective of
ensuring the orderly and efficient conduct of business.

Components of Internal Control

Listed below are the five (5) components of internal control:

1. Control Environment;
2. Risk Assessment Process;
3. Control Activities;
4. Information System and Related Business Processes; and
5. Monitoring of Controls.

Control Environment

The Control Environment sets the tone of an organization, influencing the control
consciousness of its people. It is the foundation for all other components of internal control,
providing discipline and management functions and structure.

Corporate Governance, Business Ethics, Risk Management, & Internal Control 3

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

The control environment encompasses the following factors:

1. Communication and enforcement of integrity and ethical values

Integrity is a prerequisite for ethical behavior in all aspects of an enterprise’s activities

and expressed through:

i. Existence and implementation of codes of conducts and other acceptable business

practices, policies or moral behavior.

ii. Dealings with employees, suppliers, customers, investors, and auditors.

iii. Pressure to meet unrealistic performance targets.

2. Commitment to Competence

Competence should reflect the knowledge and skills needed to accomplish tasks that
define the individual’s job. How well these tasks need to be accomplished generally is a
management decision which should be made considering the entity’s objectives and
management’s strategies and plans for achievement of the objectives.

3. Participation by Those Charged with Governance

The control environment is influenced significantly by the entity’s board of directors

and audit committee.

Factor include the ff:

i. Independence from management, such that necessary, even if difficult and probing,
questions are raised.

ii. Frequency and timeliness with which meetings are held with chief financial and/or
accounting officers, internal auditors and external auditors.

iii. Sufficiency and timeliness with which information is provided to board or committee
members, to allow monitoring of management’s objectives and strategies, the entity’s
financial position and operating results, and terms of significant agreements.

iv. Sufficiency and timeliness with which the board or audit committee is apprised of
sensitive information, investigations and improper acts of officers.
Corporate Governance, Business Ethics, Risk Management, & Internal Control 4

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

4. Management’s Philosophy and Operating Style

This factor affects the way the enterprise is managed, including the kinds of business
risks accepted.

Controls involving management’s philosophy and operating style include:

i. Nature of business risks accepted (e.g. whether management often enters into
particularly high-risk ventures, or is extremely conservative in accepting risks)

ii. Frequency of interaction between senior management and operating management,

particularly when operating from geographically removed locations.

iii. Attitudes and actions toward financial reporting, including disputes over application
of accounting treatments (e.g. selection of conservative versus liberal accounting policies,
whether accounting principles have been misapplied, important financial information not
disclosed, or records manipulated or falsified.)

5. Organizational Structure

An entity’s organizational structure provides the framework within which its activities
for achieving entity-wide objectives are planned, executed, controlled and monitored.

Controls involving organizational structure are expressed through:

i. Appropriateness of the entity’s organization structure, and its ability to provide the
necessary information flow to manage its activities.

ii. Adequacy of definition of key manager’s responsibilities, and their understanding of

these responsibilities.

iii. Adequacy of knowledge of key manager’s in light of responsibilities.

6. Assignment of Authority and Responsibility

Pertains to how an organization assigns authority and responsibility for operating

activities, and how reporting relationships and authorization hierarchies are established. It
also includes policies relating to appropriate business practices, knowledge and experience
of key personnel, and resources provided for carrying out duties.

Corporate Governance, Business Ethics, Risk Management, & Internal Control 5

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

7. Human Resources Policies and Practices

Human resources practices send messages to employees regarding expected levels of

integrity, ethical behavior and competence.

Controls involving human resources policies and practices include:

i. The extent to which policies and procedures for hiring, training, promoting and
compensating employees are in place.

ii. Appropriateness of remedial action taken in response to departures from approved

policies and procedures.

iii. Adequacy of employee candidate background checks, particularly regarding prior

actions or activities considered to be unacceptable by the entity.

Risk Assessment Process

Risk Assessment is the identification and analysis of relevant risks to achievement of

the objectives, forming a basis for determining how the risks should be managed.

An entity’s risk assessment process is its process for identifying and responding to
business risks and the results thereof. Risks at the entity-wide level can arise from external
or internal factors.

Once the significance and likelihood of risk have been assessed, management needs to
consider how the risk should be managed. This involves judgment based on assumptions
about the risk, and reasonable analysis of costs associated with reducing the level of risk.

Control Activities

These are policies and procedures, which are the actions of the people to implement the
policies, to help ensure that management directives identified as necessary to address risks
are carried out.

It can be divided into three categories:

i. Performance reviews

Corporate Governance, Business Ethics, Risk Management, & Internal Control 6

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

ii. Information processing

iii. Physical controls

Information System and Related Business Processes

An information system consists of infrastructure (physical and hardware components),

software, people, procedures, and data. The information system relevant to financial
reporting objectives, which includes financial reporting system, consists of the procedures
and records established to initiate, record, process, and report entity transactions and to
maintain accountability for the related assets, liabilities, and equity.

Recording includes identifying and capturing the relevant information for transactions
or events.

Processing relates to functions such as edit and validation, calculation, measurement,

valuation, summarization, and reconciliation, whether performed by automated or manual
procedures.

Reporting pertain to the preparation of financial reports as well as other information, in

electronic or printed format, that the entity uses in measuring and reviewing the entity’s
financial performance and in other functions.

Monitoring of Controls

This is a process to assess the quality of internal control performance over time. This
need to be done because i.) internal control systems changes very often and ii.) monitoring
ensures that internal control continues to operate effectively.

It can be done it two ways:

i. Through ongoing activities

ii. Separate evaluations

Inherent Limitations of Internal Control

Internal control can provide only reasonable assurance that management’s objectives are
reached because of inherent limitations, such as:

1. Cost-effectiveness of a control
Corporate Governance, Business Ethics, Risk Management, & Internal Control 7

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

2. Human error, mistake of judgment or the misunderstanding of instructions

3. Collusion

4. Abuse of responsibility

Relevance of Controls to the Audit

Auditors should consider that controls that are relevant to and audit pertain to the entity’s
objective of preparing financial statements for external purposes that are presented fairly, in all
material respects, in accordance with applicable financial reporting framework.

It is a matter of the auditor’s professional judgment, whether a control, individually or in

combination with others, is relevant to the auditor’s considerations in assessing the risk of
material misstatement.

Internal Control Evaluation in Financial Statement Audit

The nature, extent, and timing of the audit procedures to be performed in gathering audit
evidence.

An auditor’s approach in the study and evaluation of the client’s internal control is
generally consists of the following steps:

1. Obtain an understanding of the client’s internal control structure

2. Make a preliminary assessment of control risk

3. Determine the appropriate response to the assessed risks

4. Reassess control risk

5. Determine the nature, extent, and timing of substantive tests

Tests of Controls

Test of controls are used to test either the effectiveness of the design or operation of a
client’s internal control policy or procedure in support of a “less than” control risk assessment.

Tests are applied only to those controls on which the auditor intends to rely when
designing substantive test of account balances.
Corporate Governance, Business Ethics, Risk Management, & Internal Control 8

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

The tests generally consist of one, or a combination of, the following procedures:

1. Inquiry of client personnel

2. Observation of the application of policies and procedures

3. Inspection (i.e., examination of documents)

4. Reperformance or recalculation

Corporate Governance, Business Ethics, Risk Management, & Internal Control 9

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

Summary:

Internal controls and internal control system in general are two very important thing to
be considered in every entity or organization. There are five components of internal control that
provides a useful framework for auditors to consider how different aspects of an entity’s
internal control may affect the audit.

It is to be noted that these internal controls are preventive and corrective measures
although they are not absolute in nature, and instead, would only be reasonable considering the
inherent limitations that are at hand.

It is crucial for auditors to assess these internal controls in placed as it is a determinant

on the audit approaches to be done, which is done at the audit planning phase.

Activities:

1. Read Chapter Nine of Audit and Assurance 2018 Edition by: Jose M. Ireneo, Shirley
C. Irineo, and George R. James or watch the “Auditing Theory: Understanding Internal Control
(Pinnacle actual video lesson)” via the links below:

https://www.facebook.com/watch/?ref=saved&v=628965848035278

https://www.youtube.com/watch?v=67-7g7cNiKA&feature=youtu.be

2. I’ll be sending a quiz via Gmail on September 2, 2021 at 1:45PM after we discuss
clarifications of the topic from 1:00PM to 1:45PM. Please send your answers on the same day
on or before 2:30PM. The quiz includes a 20 points multiple choice and 10 points True or False
for a total of 30 points.

3. Enhancement activity. Please send a narrative summary on how internal control is

essential in today’s modern time, and how it would be effectively in placed during pandemic.
This is to be submitted on or before September 3, 2021, Friday, 2:30PM. It should be composed
of a minimum of 200 words. This shall be graded based on the following rubrics:

Choice of words 20 points

Relevance to the Topic 30 points
Organization of ideas/thoughts 25 points
Completeness 25 points

Total 100 points

Corporate Governance, Business Ethics, Risk Management, & Internal Control 10

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.
 Divine Word College of Bangued
Bangued, Abra
School of Business Management and Accountancy
Bachelor of Science in Accountancy

References

Ireneo, Jose M., et al (2018) Audit and Assurance Principle, Good Dreams Publishing #70
Radiance Building 14 Avenue, Brgy. Socorro, Quezon City

https://www.facebook.com/watch/?ref=saved&v=628965848035278

https://www.youtube.com/watch?v=67-7g7cNiKA&feature=youtu.be

https://www.academia.edu/41934478/Corporate_Governance_Ethics_and_CSR_i

https://www.investopedia.com/terms/i/internalcontrols.asp

Corporate Governance, Business Ethics, Risk Management, & Internal Control 11

This module is a property and is exclusively used by the DWCB College Department. Any duplication and reproduction, storing in any retrieval
system, distribution, posting or uploading online as well as transmitting in any form or means ( photocopying & electronic sharing ) of any part,
without prior written permission from the owner is strictly prohibited.