Professional Review and

Training Center (PRTC)

Understanding the Entity’s

Internal Control
(AT.2508)

Leomar R. Cabarles
 Overview of
Overview of RAP
RAP

1. Inquiry
2. Observation
3. Inspection
4. Analytical Procedures

Understanding of the Entity, its

environment, and its internal control

ROMM (F/S
level and assertion level)
Procedures to
Procedures to Obtain
Obtain “IC
“IC Understanding”
Understanding”
Entity’s Objectives,
Entity’s Objectives, Strategies,
Strategies, Business
Business
Risks, and
Risks, and Internal
Internal Control
Control
Inherent Limitations
Inherent Limitations of
of Internal
Internal Control
Control
Five Components
Five Components of
of Internal
Internal Control
Control
Control Environment
Control Environment
Control Environment:
Control Environment: Elements
Elements

CHAMPOI
CHAMPOI
Risk Assessment
Risk Assessment Process
Process
Information System
Information System and
and Communication
Communication
Control Activities
Control Activities
Control Activities:
Control Activities: PIPS
PIPS
Control Activities:
Control Activities: Characteristics
Characteristics
Monitoring of
Monitoring of Controls
Controls

Control
Entity-level and
Entity-level and Transaction-level
Transaction-level Controls
Controls
Understanding: Six
Understanding: Six Key
Key Areas
Areas
 Control: Understanding
Control: Understanding vs.
vs. Testing
Testing

Understanding Testing

Procedure RAP TOC

Control Design and Operation

Aspect implementation
Evaluated (D&I)
 Internal Control
Internal Control Documentation
Documentation

• Key elements of IC components

• Sources of information

• RAP performed
 IC Documentation
IC Documentation Techniques
Techniques

• Narrative

• Questionnaire

• Flowchart
Revenue/Receipt Cycle
Revenue/Receipt Cycle
 Walkthrough Test
Walkthrough Test

• Tracing a few transactions through

financial reporting:
 Confirm understanding
 Verify “what can go wrongs”

• Done after documentation of

understanding

• Done every year

 Deficiency in
Deficiency in Internal
Internal Control
Control

• Unable to prevent, or detect

and correct, misstatements

• Aspects:
 Design
 Operation
Internal Control:
Internal Control: Design
Design Deficiency
Deficiency

Missing

OR

Present but improperly

designed
 Internal Control:
Internal Control: Operation
Operation Deficiency
Deficiency

Does not operate as

designed

OR

No authority or competence of
employee
 Deficiency Severity Communicate
to MGT and
TCWG?
Control Not allow to prevent or If merits
deficiency detect and correct attention
misstatements.
Significant Less severe than a Yes (in writing
deficiency material weakness. via MGT letter)
Material Reasonable possibility of Yes (in writing
Weakness not prevented or detected via MGT letter)
& corrected material
misstatement.
Summary of
Summary of IC
IC Deficiency
Deficiency
Internal Control in
Smaller Entities
Internal Control
Internal Control in
in Smaller
Smaller Entities
Entities
DIY Drill Answers
DIY Drill Answers
DIY Drill Answers
DIY Drill Answers
DIY Drill Answers
DIY Drill Answers
DIY Drill Answers