Professional Documents
Culture Documents
Module 3_ Types of Controls (1)
Module 3_ Types of Controls (1)
Module 3_ Types of Controls (1)
MODULE 3
INTERNAL CONTROLS
A process, effected by an entity’s board of
directors, management, and other personnel,
designed to provide reasonable assurance
regarding the achievement of objectives in the
following categories:
● Reliability of financial reporting
● Effectiveness and efficiency of operations
○ Nirereview din ng auditor kung ginagawa
nang maayos
● Compliance with applicable laws and
regulations CONTROL ENVIRONMENT
- Hindi nagdedesign and nag-iimplement ang
auditor. For reasonable assurance lang sila. ● Set of standards, processes, and structures
Nagrereview lang siya if reliable that provide the basis for carrying out internal
- Hindi nagbibigay ng 100% assurance control across the organization
- Pag implement and ensure → management ● The Board and Management establish the
function yun “Tone at the Top” regarding internal control
● The auditor should evaluate whether the
LIMITATIONS OF INTERNAL CONTROLS Management, with the oversight function has
created and maintained a culture of honesty
● Only provides reasonable assurance on and ethical behavior
achieving the business objectives ○ Management philosophy - pag may
● Subject to human judgment in nagkakamali ba pinaparusahan nila
decision-making ■ Pinakamahalagang component
● Subject to circumvention such as collusion ● Satisfactory control environment may reduce
and override of controls the risk of fraud but not an absolute deterrent
○ Collusion - sabwatan of fraud
○ Walang silbi yung control if nagsabwatan ○ Fraud triangle
sila ■ Opportunity
● Controls may be assessed individually or in ■ Pressure
combination with others ■ Rationalization
○ Di naman lahat ng controls kaya nating ● Operating under weak control environment
i-implement sa isang organization does not necessarily equates to the existence
○ Ex. Di kayang i-implement SOD kasi of fraud
kulang sa tao → compensating controls ○ Pag weak control environment,
● Some controls encompass different business nagkakaroon ka ng opportunity to commit
objectives fraud
● Not all controls are relevant to the audit ● The control environment in itself, does not
○ Yung relevant lang dapat sa audit yung mitigate a material misstatement
titignan mo
● Obtaining understanding of controls is not
RELEVANT ELEMENTS TO BE ASSESSED BY THE
sufficient to test their operating effectiveness,
AUDITOR
unless there is some automation that provides
for consistent application controls ● Communication and enforcement of integrity
○ Dapat pag-aralan mo yung buong and ethical values
process, may policies and procedures ● Commitment to competence
lahat ng business process nila ● Participation by those charged with
○ Maganda pagkakadesign ng SOD governance
○ Lahat ng naiidentify mo na risk may ● Management’s philosophy and operating style
corresponding control ● Organizational structure
○ Maganda nga yung design pero di ● Assignment of authority and responsibility
effective, kaya kailangan muna i-test ● Human resource policies and practices
1
Module 3: Types of Controls
2
Module 3: Types of Controls
3
Module 3: Types of Controls
HARD CONTROLS
● Controls that are effected by policies,
processes, and structure
○ Reviews
○ Policies
○ Structure
○ Inspections
○ Reconciliations
○ Inventory - Dapat yung general control nakaalign siya sa
○ User IDs and passwords gusto mangyari ng IS specific control
○ Limits of authority
IS CONTROL PROCEDURES
SOFT CONTROLS
● Strategy and direction of the IT function
● Controls that rely on the behavior and ● General organization and management of the
attitude of individuals IT function
○ Openness ● Access to IT resources, including data and
○ Shared values programs
○ Commitment to competence ● Systems development methodologies and
○ High expectations change control
○ Clarity ● Operations procedures
● Mas mahirap i-evaluate, medyo mahirap ● Systems programming and technical support
siyang tignan functions
● Quality assurance (QA) procedures
GENERAL CONTROLS ● Physical access controls
● BCP/DRP
● Internal accounting controls that are ● Networks and communication technology
primarily directed at accounting (e.g., local area networks, wide area networks,
operations—controls that concern the wireless)
safeguarding of assets and reliability of ● Database administration
financial records ● Protection and detective mechanisms against
● Operational controls that concern internal and external attacks
day-to-day operations, functions and
activities, and ensure that the operation is
meeting the business objectives
○ Dapat pirmado yung reports, gumagawa
ng reconciliations, inventory, etc.
● Administrative controls that concern
operational efficiency in a functional area
and adherence to management policies