CHAPTER 13: OVERVIEW OF INTERNAL CONTROL

NATURE AND PURPOSE OF INTERNAL CONROL

Internal control is the process designed and effected by those charged with governance,
management and other personnel to provide reasonable assurance about the achievement of the
entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of
operations and compliance with applicable laws and regulations. It follows that internal control is
designed and implemented to address identified business risks that threaten the achievement of
any of there objectives.
Those objectives fall into three categories :
a. Reliability of the entity’s financial reporting
b. Effectiveness and efficiency of operations
c. Compliance with applicable laws and regulations
Whether a n entity achieves its objectives relating to financial reporting and compliance is
determined by activities within the entity’s internal control. However, achieving its objectives
relating to operations will depend not only on managements decisions but also on competitors
actions and other factors outside the entity.
INTERNAL CONTROL SYSTEM DEFINED
Internal control system means all the policies and procedures (internal controls) adopted by the
management of an entity to assist in achieving management’s objective of ensuring, as far as
practicable, the orderly and efficient conduct of its business, including adherence to management
policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy
and completeness of the accounting records, and the timely preparation of reliable financial
information.
ELEMENTS OF INTERNAL CONTROL
Internal control system structures vary significantly from one company to the next. Factors such
as size of the business, nature of operations, the geographical dispersion of its activities, and
objectives of the organization affect the specific control features of an organization. However,
certain elements or features must be present to have a satisfactory system of control in almost any
large scale organization.
The internal control system extends beyond these matters which relate directly to the functions of
the accounting system and consists of the following components:
a. The control environment
b. Entity’s risk assessment process
c. The information system, including the related business processes, relevant to financial
reporting, and communication;
d. Control activities
e. Monitoring of controls
 A. Control environment
The control environment which means the overall attitude, awareness and actions
of directors and management regarding the internal control system and its
importance in the entity. The control environment has an effect on the effectiveness
of the specific control procedures. A strong control environment, for example, one
with tight budgetary controls and an effective internal audit function, can
significantly complement the specific control procedures. However, a strong
environment does not, by itself, ensure the effectiveness of the internal control
system. Factors reflected in the control environment include:
• The function of the board of directors and its committees;
• Management’s philosophy and operating style
• The entity’s organizational structure and methods of assigning authority and
responsibility;
• Management’s control system including the internal audit function,
personnel policies and procedures and segregation of duties.
The environment in which internal control operates has an impact on the effectiveness of the
specific control procedures. Several factors comprise the control environment, including:
1. Communication and enforcement of integrity and ethical values.
Integrity and ethical values are essential elements of the internal control environment. They
affect the design, administration, and monitoring of other components of internal control.
An entity’s ethical and behavioral standards and the manner in which it communicates and
reinforces them determine the entity’s integrity and ethical behavior. Integrity and ethical
values include management’s actions to remove or reduce incentives and temptations that
might prompt personnel to engage in dishonest, illegal, or unethical acts. They also include
the communication of entity values and behavioral standards to personnel through policy
statements, a code of conduct, and management’s example of appropriate behavior.

2. Commitment to competence
Competence is the knowledge and skills necessary to accomplish tasks that define an
employee’s job. Commitment to competence means that management considers the
competence levels for particular jobs in determining the skills and knowledge required of
each employee and that it hires employees competent to perform the tasks.

3. Participation by those charged with governance

An entity’s control consciousness is influenced significantly by those charged with
governance. Attributes of those charged with governance include independence from
management, their experience and stature, the extent to their involvement and scrutiny of
activities, the appropriateness of their actions, the information they receive, the degree to
which difficult questions are raised and pursued with management, and their interaction
with internal and external auditors. The importance of responsibilities of those charged
 with governance is recognized in codes if practice and other regulations or guidance
produced for the benefit of those charged with governance. Other responsibilities of those
charged with governance include oversight of the design and effective operation of whistle
blower procedures and the process for reviewing the effectiveness if the entity’s internal
control.

4. Management’s philosophy and operating style

This refers to management’s attitude towards (a) business risk, (b) financial reporting, (c)
meeting budget, profit and other established goals which all have impact on the reliability
of the financial statements. Management’s approach to taking and monitoring business
risks, its conservative or aggressive selection from alternative accounting principles, its
conscientiousness and conservatism in developing accounting estimates, and its attitude
toward information processing and the accounting function and personnel are factors that
affect the control environment.

5. Organizational structure
The responsibilities and authorities oof the various personnel within the organization
should be established in such a manner as to (1) assist the entity in meeting its goals and
objectives and (2) ensure that transactions are processed, recorded, summarized and
reported in an accurate and timely manner. Organizational structure provides the overall
framework for planning, directing and controlling operations.

6. Assignment of authority and responsibility

Personnel within an organization need to have a clear understanding of their
responsibilities and the rules and regulations that govern their actions. Management may
develop job descriptions, computer system documentation. It may also establish policies
regarding acceptable business practice, conflicts of interest and code of conduct.

7. Human resources policies and procedures

Perhaps the most important element of an internal accounting control system is the people
who perform and execute the established policies and procedures. Personnel policies
should be adopted by the client to reasonably ensure that only capable and honest persons
are hired and retained. Policies with respect to employee selection, training, and
supervision should be competent and honest personnel does not automatically assure that
errors or irregularities will not occur. However, adequate personnel policies, coupled with
the design concepts suggested earlier in this section, enhance the likelihood that the clients
policies and procedures will be followed.

B. Entity’s risk assessment process

Risk assessment us the “ identification, analysis, management of risks pertaining to the
preparation of financial statements”. For example risk assessment may focus on how the
entity considers the possibility of transactions not being recorded or identifies and assesses
significant estimates recorded in the financial statements.
An entity’s risk assessment process is its process for identifying and responding to business
risks and the result thereof. For financial reporting purposes, the entity’s risk assessment
process includes how management identifies risks relevant to the preparation of financial
statements that are presented fairly, in all material respects in accordance with the entity’s
applicable financial reporting framework, estimates their significance, assesses the
likelihood of their occurrence, and decides upon actions to manage them. For example, the
entity’s risk assessment process may address how the entity considers the possibility of
unrecorded transactions or identifies and analyzes significant estimates recorded in the
financial statements. Risk s relevant to reliable financial reporting also relate to specific
events or transactions.
Risks relevant to financial reporting include external and internal events and circumstances
that may occur and adversely affect an entity’s ability to initiate, record, process, and report
financial data consistent with the assertions of management in the financial statements.
Once risks are identified, management considers their significance, the likelihood of their
occurrence, and how they should be managed. Management may initiate plans, programs,
or actions to address specific risks or it may decide to accept a risk because of cost or other
considerations. Risk can arise or change due to circumstances such as the following:

• Changes in operating environment.

o Changes in the regulatory or operating environment can result in changes in
competitive pressures and significantly different risks.
• New personnel
o New personnel may have a different focus on or understanding of internal
control.
• New or revamped information systems
o Significand and rapid changes in information systems can change the risk
relating to internal control.
• Rapid growth
o Significant and rapid expansion of operations can strain controls and
increase risk of a breakdown in controls.
• New technology
o Incorporating new technologies into production processes or information
systems may change the risk associated with internal control.
• New business models, products, or activities.
o Entering into business areas or transactions with which an entity has little
experience may introduce new risks associated with internal control.
• Corporate restructurings
o Restructurings may be accompanied by staff reduction and changes in
supervision and segregations of duties that may change the risk associated
with internal control.
• Expanded foreign operations
 o The expansion or acquisition of foreign operations carries new and often
unique risks that mat affect internal control, for example, additional or
changed risks from foreign currency transactions.
• New accounting pronouncements
o Adoption of new accounting principles or changing accounting principles
may affect risks in preparing financial statements.
The basic concepts of the entity’s risk assessment process are relevant to every entity, regardless
of size, but the risk assessment process is likely to be less formal and less structured in small
entities than in larger ones. All entities should have established financial reporting objectives, but
they may be recognized implicitly rather than explicitly in small entities. Management may be
aware of risks related to there objectives without the use of a formal process but through direct
personal involvement with employees and outside parties.

Considerations Specific to Smaller Entities

Many small entities are carried out entirely by the engagement partner (who may be a sole
practitioner). In such situations, it is the engagement partner who, having personally conducted the
planning of the audit, would be responsible for considering the susceptibility of the entity’s
financial statements to material misstatements due to fraud and error.
C. Information system, including the business processes, relevant to financial reporting
and communication

An information system consists of infrastructure (physical and hardware components),

software, people, procedures, and data. Infrastructure and software will be absent, or have
less significance, in systems that are exclusively or primarily manual. Many information
systems make extensive use of IT.

The information system, including related business processes, relevant to financial

reporting.

The information system relevant to financial reporting objectives, which includes the
accounting system, consists of the procedures and records designed and established to:

• Initiate, record, process, and report entity transactions ( as well as events and
conditions) and to maintain accountability for the related assets, liabilities, and
equity
• Resolve incorrect processing of transactions, for example, automated suspense files
and procedures followed to clear suspense items out on a timely basis;
• Process and account for system overrides or bypassess to controls;
• Transfer information from transaction processing systems to the general ledger;
 • Capture information relevant to financial reporting for events and conditions other
than transactions, such as the depreciation and amortization of assets and changes
in the recoverability of accounts receivables; and
• Ensure information required to be disclosed by the applicable financial reporting
framework is accumulated, recorded, processed, summarized and appropriately
reported in the financial statements

Journal entries
An entity’s information system typically includes the use of standard journal entries that are
required in a recurring basis to record transactions. Examples might be journal entries to record
sales, purchases, and cash disbursements in the general ledger, or to record accounting estimates
that are periodically made by management, such as changes in the estimate of uncollectible
accounts receivable.
An entity’s financial reporting process also includes the use of non-standard journal entries to
record non-recurring, unusual transactions or adjustments. Examples of such entries include
consolidating adjustments and entries for a business combination or disposal or nonrecurring
estimates such as the impairment of an asset. In manual general ledger systems, non-standard
journal entries may be identified through inspections of ledgers, journals, and supporting
documentation. When automated procedures are used to maintain the general ledger and prepare
financial statements, such entries may exist only in electronic form and may therefore be more
easily identified through the use of computer-assisted audit techniques.
Related business processes
An entity’s business processes are the activities designed to:
• Develop, purchased, produce, sell and distribute an entity’s products and services;
• Ensure compliance with laws and regulations; and
• Record information, including accounting and financial reporting information.

Business processes result in the transactions that are recorded, processed and reported by the
information system. Obtaining an understanding of the entity’s business processes, which include
how transactions are originated, assists the auditor obtain an understanding of the entity’s
information system relevant to financial reporting in a manner that is appropriate to the entity’s
circumstances.
Accordingly, an information system encompasses methods and records that:
• Identify and record all valid transactions
• Describe on a timely basis the transactions in sufficient detail to permit proper
classification of transactions for financial reporting
 • Measuring the value of transactions in a manner that permits recording their proper
monetary value in the financial statements
• Determine the period in which transactions occurred to permit recording of transactions in
the proper accounting period.
• Present properly the transactions and related disclosures in the financial statements.

Communication involves providing an understanding of individual roles and responsibilities

pertaining to internal control over financial reporting. It includes the extent to which personnel
understand how their activities in the financial reporting information system relate to the work of
others and the means of reporting exceptions to an appropriate higher level within the entity. Open
communication channels help ensure that exceptions are reported and acted on.
Communication takes such forms as policy manuals, accounting and financial reporting manuals,
and memoranda. Communication also can be made electronically, orally, and trough the cations
of management.
Application to Small Entities
Information systems and related business processes relevant to financial reporting in small
enttoties are likely to be less formal than in larger entities but their role is just as significant. Small
entities with active management involvement may not need extensive descriptions of accounting
procedures, sophisticated accounting records, or written policies. Communication may be less
formal and easier to achieve in a small than in a larger entity due to the small entity’s size and
fewer levels as well as management’s greater visibility and availability.
D. Control Activities
Control activities are the policies and procedures that help ensure that management
directives are carried out, for example, that necessary actions are taken to address risks that
threaten the achievement of the entity’s objectives. Control activities, whether within IT or
manual systems, have various objectives and are applied at various organizational and
functional levels.

The major categories of control procedures are:

a. Performance review
b. Information processing controls
i. Proper authorization of transactions and activities.
ii. Segregation of duties
iii. Adequate documents and records
iv. Safeguards over access to assets
v. Independent checks on performance
c. Physical controls
A brief discussion of these control procedures follows:
 A. Performance review

In a performance review management uses accounting and operating data to assess

performance, and it then takes corrective action. Such reviews includes:

• Comparing actual performance (or operating results) with budgets, forecasts, prior
period performance, or competitors’ data or tracking major initiatives such as cost-
containment or cost-reduction programs to measure the extent to which targets are
being met.
• Investing performance indicators based in operating or financial data, such as
quantity or purchase price variances or the percentage of returns to total orders.
• Reviewing functional or activity performance, such as relating the performance of
a manager responsible for a bank’s consumer loans with some standard, such as
economic statistics or targets.
Personnel at various levels in an organization may make performance reviews. Performance
reviews may be used by managers fir the sole purpose of making operating decisions. For example,
managers may analyze performance data and base operating decisions on them because the data
are consistent with their expectation. This type of review improves the reliability of the data.
However, when managers follow up on unexpected results determined by a financial reporting
system, performance reviews become a useful over financial reporting.
B. Information Processing Controls
Information processing controls are policies and procedures designed to require
authorization of transaction and to ensure the accuracy and completeness of transaction
processing. Control activities may be classified according to the scope of the system they
affect. General controls are control activities that prevent or detect errors or irregularities
for all accounting systems. General controls affect all transaction cycles and apply to
information processing as a center, hardware and systems software acquisition and
maintenance, and backup and recovery procedures. Application controls are controls that
pertain to the processing of a specific type of transaction, such a payroll, or sales and
collections. These controls help ensure that transactions occurred, are authorized, and are
completely and accurately recorded and processed. Examples of application controls
include checking the arithmetical accuracy of records, maintaining and reviewing accounts
and trial balances, automated controls such as input data and numerical sequence checks,
and manual follow-up of exception reports. General IT-controls are policies and procedures
that relate to many applications and support the effective functioning of application
controls by helping to ensure the continued proper operation of information systems.
General IT-controls commonly include controls over data center and network operations;
system software acquisition, change and maintenance; access security; and application
system acquisition, development, and maintenance. These controls apply to mainframe,
miniframe, and end-user environments. Examples of such general IT-controls are program
change controls, controls that restrict access to programs or data, controls over the
implementation of new releases of packaged software applications, and controls over
 system software that restrict access to or monitor the use of system utilities that could
change financial data or records without leaving an audit trail.

Internal controls relating to the accounting system are concerned with achieving objectives
such as:
• Transactions are executed in accordance with management’s general or specific
authorization.
• All transactions and other events are promptly recorded in the correct amount, in
the appropriate accounts and in the proper accounting period so as to permit
preparation of financial statements in accordance with an identified financial
reporting framework.
• Access to assets and records is permitted only in accordance with management’s
authorization,
• Recorded assets are compared with the existing assets at reasonable intervals and
appropriate action is taken regarding any differences.

Control activities related to the processing of transactions may be grouped as follows: (1) proper
authorization, (2) design and use of adequate documents and records, and (3) independent checks
on performance.
1. Proper authorization of transactions and activities
As suggested earlier, authorization for the execution of transaction flows from the
stockholders to management and its subordinates. Before a transaction is entered into with
another party, certain conditions must usually be met. As part of the evaluation of the
potential transaction, documentation will be created. The auditor uses this documentation
to determine whether business transactions are properly authorized. For example, the
purchase of inventory may create a purchase order, a receiving report, and a vendor invoice.
By inspecting these documents and comparing them with a company policy, the auditor
may be reasonably satisfied that a business transaction was authorized and executed in a
manner consistent with company policy.

2. Segregation of duties
An important element in designing an internal accounting control system that safeguards
assets and reasonably ensures the reliability if the accounting records is the concept of
segregation of responsibilities. No one person should be assigned duties that would allow
that person to commit an error or perpetuate fraud and to conceal the error or fraud. For
example, the same person should not be responsible for recording the cash received on
account and for posting the receipts to the accounting records.

3. Adequate documents and records

The use of adequate documents and records allow the company to obtain reasonable
assurance that all valid transactions have been recorded.
 4. Access to assets
The resource of a client can be protected by the establishment of physical barriers and
appropriate policies. For example, inventories may be kept in a storeroom, or negotiable
instruments may be placed in a safe deposit box. Appropriate company policies are adopted
so that only authorized persons have access to company resources. Safeguarding of assets
is more than establishing physical barriers. A client should design its internal accounting
control system so that documents authorizing the movement of assets into an organization
or out of an organization are adequately controlled.

5. Independent checks on performance

The objective of a well-designed internal accounting control system is the adoption of
procedures that periodically compare the actual asset with its recorded balance. Regardless
of the effectiveness of an internal control system, some transactions may not be accurately
recorded, and some assets may be misappropriated. An important part of an internal
accounting control system is to determine the effectiveness of recording policies and asset
access policies. This is accomplished by periodic counts of assets by the client and
comparing the counts to the balances in the general ledger account. Examples are the count
of inventory and the preparation of monthly bank reconciliation.

C. Physical Controls
Controls that encompass:
• The physical security of assets, including adequate safeguards such as secured
facilities over access to assets and records.
• The authorization for access to computer programs and data files.
• The periodic counting and comparison with amounts shown on controls records
(for example, comparing the results of cash, security and inventory counts with
accounting thereof.)
The extent to which physical controls intended to prevent theft of assets are relevant to the
reliability of financial statements preparation, and therefore the audit, depends on circumstances
such as when assets are highly susceptible to misappropriation.
The concept underlying control activities in small entities are likely to be similar to those in larger
entities, but the formality with which they operate varies. Further, small entities may find that
certain types of control activities are not relevant because of controls applied by management. For
example, management’s retention of authority for approving credit sales, significant purchases,
and drawdown’s on lines of credit can provide strong control over those activities, lessening or
removing the need for more detailed control activities. An appropriate segregation of duties often
appears to present difficulties in small entities. Even companies that have only a few employees,
however, may be able to assign their responsibilities to achieve appropriate segregation or, if that
is not possible, to use management oversight of the incompatible activities to achieve control
objectives.
E. Monitoring of Controls
Monitoring, the final component of internal control, is the process that an entity uses to assess the
quality of internal control over time. Monitoring involves assessing the design and operation of
controls on a timely basis and taking corrective action as necessary. Management monitors
controls to consider whether they are operating as intended and to modify them as appropriate for
changes in conditions. In many entities, internal auditors evaluate the design and operation of
internal control and communicate information about strengths and weaknesses and
recommendations for improving internal control.
Some monitoring activities may include communications from external parties. For example,
customers implicitly corroborate sales data by paying their bills or raising questions. Also, bank
regulators, and outside auditors may communicate about the design or effectiveness of internal
control.
Monitoring activities may include using information from communications from external parties
that may indicate problems are highlight areas in need of improvement. Customers implicitly
corroborate billing data by paying their invoices or complaining about their charges. In addition,
regulators may communicate with the entity concerning matters that affect the functioning of
internal control, for example, communications concerning examinations by bank regulatory
agencies. Also, management may consider communications relating to internal control from
external auditors in performing monitoring activities

Application to Small Entities

Ongoing monitoring activities of small entities are more likely to be informal and are typically
performed as a part of the overall management of the entity’s operations. Management’s close
involvement in operations often will identify significant variances from expectations and
inaccuracies in financial data leading to corrective action to the control.

CHAPATER 14: FRAUD & ERROR

INTRODUCTION

In the previous chapters, corporate governance has been described as the process by which the
owners and various of stakeholders of an organization exert control through
requiring accountability for the resources entrusted to the organization.

This chapter introduces fraud risk and errors and how they can be reduced if not totally avoided
by having effective internal control – a tool of good corporate governance.
Fraud is an intentional act involving the use of deception that results in a material misstatement
of the financial statements. Two types of misstatements are relevant to auditors’ consideration of
fraud: (a) misstatements arising from misappropriation of assets, and (b) misstatements arising
from fraudulent financial reporting.

Intent to deceive is what distinguishes fraud from errors. Auditors routinely find financial errors
in their client’s books, but those errors are not intentional.

TYPES OF MISSTATEMENTS
a. Misstatements arising from misappropriation of assets
b. Misstatements arising from fraudulent financial reporting

Misstatements arising from misappropriation of assets

Asset misappropriation occurs when a perpetrator steals or misuses an organization’s assets.

Asset misappropriations are the dominant fraud scheme perpetrated against small business and the
perpetrators are usually employees. Asset misappropriations can be accomplished in various ways,
including embezzling cash receipts, stealing assets, or causing the company to pay for goods or
services that were not received.

Asset misappropriation commonly occurs when employees:

• Gain access to cash and manipulate accounts to cover up cash thefts.
• Manipulate cash disbursements through fake companies.
• Steal inventory or other assets and manipulate the financial records to cover up the Fraud.

Misstatements arising from Fraudulent Financial Reporting

The intentional manipulation of reported financial results to misstate the economic condition of
the organization is called fraudulent financial reporting. The perpetrator of such a fraud generally
seeks gain through the rise in stock price and the commensurate increase in personal wealth.
Sometimes the perpetrator does not seek direct personal gain, but instead uses the fraudulent
financial reporting to “help” the organization avoid bankruptcy or to avoid some other negative
financial outcome. Three common ways in which fraudulent financial reporting can take place
include:

1. Manipulation, falsification, or alteration of accounting records or supporting documents.

2. Misrepresentation or omission of events, transactions, or other significant information.
3. Intentional misapplication of accounting principles.

THE FRAUD TRIANGLE

The Fraud Triangle characterizes incentives, opportunities and rationalizations that enable fraud
to exist.

The three elements of the fraud triangle are:

• Incentive to commit fraud
 • Opportunity to commit and conceal the fraud
• Rationalization – the mindset of the fraudster to justify committing the fraud.

Incentives or Pressures to Commit Fraud

Incentives relating to asset misappropriation include:

• Personal factors, such as severe financial considerations
• Pressure from family, friends or the culture to live a more lavish lifestyle than one’s
personal earnings allow for
• Addictions to gambling or drugs

The incentives include the following for fraudulent financial reporting:

• Management compensation schemes
• Other financial pressures for either improved earnings or an improved balance sheet
• Debt covenants
• Pending retirement or stock option expirations
• Personal wealth tied to either financial results or survival of the company
• Greed – for example, the backdating of stock options was performed by individuals who
already had millions of pesos of wealth through stock

Opportunities to Commit Fraud

One of the most fundamental and consistent findings in fraud research is that there must be an for
fraud to be committed. Although this may sound obvious – that is, “everyone has an opportunity
exists, but either there is a lack of controls or the complexities associated with a transaction are
such that the perpetrator assesses the risk of being caught as low. Some of the opportunities to
commit fraud that the top management should consider include the following:
• Significant related-party transactions
• A company’s industry position, such as the ability to dictate terms or conditions to suppliers
or customers that might allow individuals to structure fraudulent transactions
• Management’s inconsistency involving subjective judgments regarding assets or
accounting estimates
• Simple transactions that are made complex through an unusual recording process
• Complex or difficult to understand transactions, such as financial derivatives or special-
purpose entities
• Ineffective monitoring of management by the board, either because the board of directors
is not independent or effective, or because there is a domineering manager
• Complex or unstable organizational structure
• Weak or nonexistent internal controls

Rationalizing the Fraud

For asset misappropriation, personal rationalizations often revolve around mistreatment by the
company or a sense of entitlement (such as, “the company owes me!”) by the individual
perpetrating the fraud. Following are some common rationalizations for asset misappropriation:
 • Fraud is justified to save a family member or loved one from financial crisis.
• We will lose everything (family, home, car and so on) if we don’t take the money.
• No help is available from outside.
• This is “borrowing”, and we intend to pay the stolen money back at some point.
• Something is owed by the company because others are treated better.
• We simply do not care about the consequences of our actions or of accepted notions of
decency and trust; we are for ourselves.

For fraudulent financial reporting,, the rationalization can range from “saving the company” to
personal greed, and may include the following:
• This is one-time thing to get us through the current crisis and survive until things get better.
• Everybody cheats on the financial statements a little; we are just playing the same game.
• We will be in violation of all of our debt covenants unless we find a way to get this debt
off the financial statements.
• We need a higher stock price to acquire company XYZ, or to keep our employees through
stock options, and so forth.

Risk Factors Contributory to Misappropriation of Assets

Misappropriation of assets involves the theft of an entity’s assets and is often perpetrated by
employees in relatively small and immaterial amounts. However, it can also involve management
who are usually more able to disguise or conceal misappropriations in ways that are difficult to
detect. Misappropriations of assets can be accompanied in a variety of ways including:
• Embezzling receipts (for example, misappropriating collections on accounts receivable or
diverting receipts in respect of written-off accounts to personal bank accounts.)
• Stealing physical assets or intellectual property (for example, stealing inventory for
personal use for sale, stealing scrap for resale, colluding with a competitor by disclosing
technological data in return for payment).
• Causing an entity to pay for goods and services not received (for example, payments to
fictitious vendors, kickbacks paid by vendors to the entity’s purchasing agents in return for
inflating prices, payments to fictitious employees).
• Using an entity’s assets for personal use (for example, using the entity’s assets as collateral
for a personal loan or a loan to a related party).
Misappropriation of assets is often accompanied by false or misleading records or documents in
order to conceal the fact that the assets are missing have been pledged without proper authorization.

A. Incentives/ Pressures
1. Personal financial obligations may create pressure on management or employees with
access to cash or other assets susceptible to theft to misappropriate those assets.
2. Adverse relationships between the entity and employees with access to cash or other
assets susceptible to theft may motivate those employees to misappropriate those
assets. For example, adverse relationships may be created by the following:
(a) Known or anticipated future employee layoffs.
(b) Recent or anticipated changes to employee compensation or benefit plans.
(c) Promotions, compensation, or other rewards inconsistent with expectations.

B. Opportunities
 1. Certain characteristics or circumstances may increase the susceptibility of assets to
misappropriation. For example, opportunities to misappropriate assets increase when
following situations exist:
(a) Large amounts of cash on hand or processed.
(b) Inventory items that are small in size, of high value, or in high demand.
(c) Fixed assets which are small in size, marketable, or lacking observable
identification of ownership.
2. Inadequate internal control over assets may increase the susceptibility of
misappropriation of those assets. For example, misappropriation of assets may occur
because of the following:
(a) Inadequate segregation of duties or independent checks.
(b) Inadequate oversight of senior management expenditures, such as travel and
other reimbursements.
(c) Inadequate management oversight of employees responsible for assets, for
example, inadequate supervision or monitoring of remote locations.
(d) Inadequate job applicant screening of employees with access to assets.
(e) Inadequate record keeping with respect to assets.
(f) Inadequate system of authorization and approval of transactions (for example,
in purchasing).
(g) Inadequate physical safeguards over cash, investments, inventory, or fixed
assets.
(h) Lack of complete and timely reconciliations of assets.
(i) Lack of time and appropriate documentation of transactions, for example,
credits for merchandise returns.
(j) Lack of mandatory vacations for employees performing control functions.
(k) Inadequate management understanding of information technology, which
enable information technology employees to perpetrate a misappropriation.
(l) Inadequate access controls over automated records, including controls over and
review of computer systems event logs.

C. Attitudes/ Rationalizations
1. Disregard for the need for monitoring or reducing risks related to misappropriation of
assets.
2. Disregard for internal control over misappropriation of assets by overriding existing
controls or by failing to correct known internal control deficiencies.
3. Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the
employee.
4. Changes in behavior or lifestyle that may indicate asserts have been misappropriated.
5. Tolerance of petty theft.

Risk Factors Contributory to Fraudulent Financial Reporting

Fraudulent financial reporting may be accomplished by the following:

• Manipulation, falsification (including forgery), or alteration of accounting records or
supporting documentation from which the financial statements are prepared.
 • Misrepresentations in, or intentional omission from, the financial statements of events,
transactions or other significant information.
• Intentional misapplication of accounting principles relating to amounts, classification,
manner of presentation, or disclosure.

Fraudulent financial reporting involves intentional misstatements including omissions of amounts

or disclosures in financial statements to deceive financial statement users. It can be caused by the
efforts of management to manage earnings in order to deceive financial statement users by
influencing their perceptions as to the entity’s performance and profitability. Such earnings
management mat start out with small actions or inappropriate adjustment of assumptions and
changes in judgments by management. Pressures and incentives may lead these actions to increase
to the extent that they result in fraudulent financial reporting. Such a situation could occur when,
due to pressures to meet market expectations or a desire to maximize compensation based on
performance, management intentionally takes positions that lead to fraudulent financial reporting
by materially misstating the financial statements. In some entities, management may be motivated
to reduce earnings by a material amount to minimize tax or inflate earnings to secure bank
financing.

Fraud, whether fraudulent financial reporting or misappropriation of assets, involves incentive or

pressure to commit fraud, a perceived opportunity to do so and some rationalization of the act.

A. Incentive/ Pressure
Incentive or pressure to commit fraudulent financial reporting may exist when management
is under pressure, from sources outside or inside the entity, to achieve an expected (and
perhaps unrealistic) earnings target or financial outcome – particularly since the
consequences to management for failing to meet financial goals can be significant.

B. Opportunities
A perceived opportunity to commit fraud may exist when an individual believes internal
control can be overridden, for example, because the individual is in a position of trust or
has knowledge of specific weaknesses in internal control.

Fraudulent financial reporting often involves management override of controls that

otherwise may appear to be operating effectively. Fraud can be committed by management
overriding controls using such techniques as:
• Recording fictitious journal entries, particularly close to the end of an accounting
period, to manipulate operating results or achieve other objectives.
• Inappropriately adjusting assumptions and changing judgments used to estimate
account balances.
• Omitting, advancing or delaying recognition in the financial statements of events
and transactions that have occurred during the reporting period.
• Concealing, or not disclosing, facts that could affect the amounts recorded in the
financial statements.
 • Engaging in complex transactions that are structured to misrepresent the financial
position or financial performance of the entity.
• Altering records and terms related to significant and unusual transactions.

C. Rationalizations
Individuals may be able to rationalize committing a fraudulent act. Some individuals
possess an attitude, character or set of ethical values that allow them knowingly and
intentionally to commit a dishonest act. However, even otherwise honest individuals can
commit fraud in an environment that imposes sufficient pressure on them.

Responsibility for the Prevention and Detection of Fraud

The primary responsibility for the prevention and detection of fraud rests with both those charged
with governance of the entity and management. It is important that management, with the oversight
of those charged with governance, place a strong emphasis on fraud prevention, which may reduce
opportunities for fraud to take place, and fraud deterrence, which could persuade individuals not
to commit fraud because of the likelihood of detection and punishment. This involves a
commitment to creating a culture of honesty and ethical behavior which can be reinforced by an
active oversight by those charged with governance. In exercising oversight responsibility, those
charged with governance consider the potential for override of controls or other inappropriate
influence over the financial reporting process, such as efforts by management to manage earning
in order to influence the perceptions of analysts as to the entity’s performance and profitability.
 CHAPTER 15: ERRORS AND IRREGULARITIES IN THE TRANSACTION CYCLES
OF THE BUSINESS ENTITY

While businesses in different individuals can have striking different characteristics most have
some fundamental conceptual characteristics are practices in common. The three basic business
transaction cycles include

1. Sales and Collections Cycle

2. Acquisitions and Payments Cycle
3. Payroll and Personnel Cycle

Management should establish controls to ensure that these transactions are appropriately handled
and recorded. However, if internal controls are not properly implemented, or are overridden, fraud
and errors may occur. This chapter presents the errors and fraudulent activities that could result if
there is poor internal control.

I. Sales and Collections Cycle

1. Errors in Recording Sales and Collections Transactions

Errors in recording sales include mechanical errors, such as using wrong piece or
wrong quantity, recording sales in the wrong period (cutoff errors), a bookkeeper’s
failure to understand proper accounting for a transaction, and so on. Internal controls
are designed to prevent or detect many of these kinds of errors.

2. Frauds in Sales and Collections

Frauds in sales generally relate to fraudulent financial reporting. In contrast, frauds

in cash collections relate to misappropriation of assets, typically accomplished by
clerks or management-level employees.

a. Fraudulent Financial Reporting

Fraudulent financial reporting involving sales typically results in overstated

sales or understated sales returns and allowances. Managers under pressure to
achieve high profits may inflate sales to meet target profits established by senior
managers, to obtain bonuses, to retain the respect of senior managers, or even
 to keep their jobs. The following methods can be used to increase sales
fraudulently:

• Recording fictitious sales (creating fictitious shipping documents, sales

invoices, and so on)
• Recording valid transactions twice
• Recording in the current period sales that occurred in the succeeding
period (improper cutoff)
• Recording operating leases as sales
• Recording deposits as sales
• Recording consignments as sales
• Recording sales when the chance of a return is likely
• Following revenue recognition practices that are not in accordance with
PFRS
• Recognizing revenue that should be deferred
b. Misappropriation of Assets: Withholding Cash Receipts

1. Skimming

This refers to the act if withholding cash receipts without recording them.
An example us when a cashier in a retail store does not ring up transaction
and takes the cash. Another example is when an employee who has access
to cash receipts and maintains accounts receivable records can record a sale
at an amount lower than the invoice amount. When a customer pays, the
employee takes the difference between the invoice and the amount recorded
as receivable. Detection of unrecorded cash receipts is very difficult;
however, unexplained changes in the gross profit percentage or sales
volume may indicate that cash receipts have been withheld.

2. Lapping

This technique is used to conceal the fact that cash has been abstracted; the
shortage in one customer’s account is covered with a subsequent payment
made by another customer. An employee who has access to cash receipts
and maintains accounts receivable can engage in lapping. Routine testing of
details of collections compared with validated bank deposit slips should
uncover this fraud.

3. Kiting

This is another technique used to cover cash shortage or inflate cash balance.
Kiting involves counting the cash twice by using the float in the banking
system. (Float is the gap between the time the check is deposited or added
 to an account and the time the check clears or is deducted from the account
it was written on). Analyzing and verifying cash transfers during the days
surrounding year-end should reveal this type of fraud.

II. Acquisitions and Payments Cycle

1. Errors in the Acquisitions and Payments Cycle

The following may occur in the acquisitions and payments cycle:

• Failing to record a purchase in the proper period (cutoff errors)

• Recording goods accepted on consignment as a purchase
• Misclassifying purchases of assets and expenses
• Failing to record a cash payment
• Recording a payment twice
• Failing to record prepaid expenses as assets

Entities normally design controls to prevent these errors from occurring or to detect errors
if they do occur. When such controls exists, auditors test the controls to assess their
effectiveness. If the controls are not effective, auditors should perform substantive tests to
determine that the financial statements do not contain material misstatements that arose
because of possible errors.

2. Frauds in the Acquisitions and Payments Cycle

a. Paying for Fictitious Purchases

This involves the perpetrator creating a fictitious invoice (and sometimes a

receiving report, purchase order and so forth) and processing the invoice for
payment. Alternatively, the perpetrator can pay the invoice twice.

b. Receiving Kickbacks

In this scheme, a purchasing agent may agree with a vendor to receive kickback
(refund payable to the purchasing person on goods or services acquired from the
vendor).
 This is usually done in return for the agent’s ensuring that the particular vendor
receives an order from the firm. Often a check is made payable to the purchasing
agent and mailed to the agent at a location other than his or her place of
employment. Sometimes the purchasing agent splits the kickback with the vendor’s
employee for approving and paying it. Detecting kickbacks is difficult because the
buyer’s records do not reflect their existence. However, when vendors are required
to submit bids for goods or services, the likelihood of kickbacks is reduced.

c. Purchasing Goods for Personal Use

Goods or services for personal use may be purchased by executive or purchasing

agents and charged to the company’s account. To execute such a purchase, the
perpetrator must have access to blank receiving reports and purchase approvals or
must convive with another employee. Fraud involving the purchase of goods for
personal use is more likely to go unnoticed when perpetual records are not
maintained.

III. Payroll and Personnel Cycle

Historically, errors and irregularities involving payroll have been reported to occur
frequently and are largely undetected.

1. Errors

The most errors that can occur in the payroll and personnel cycle are

a. paying employees at the wrong rate,

b. paying employees for more hours than they worked,
c. charging payroll expense to the wrong accounts, and
d. keeping terminated employees on the payroll.

2. Frauds involving Payroll

The major payroll-related frauds include

a. Fictitious Employees

Adding fictitious employees to the payroll is one of the most common

defalcations. Detecting fictitious employees on the payroll is very difficult;
but auditors do sometimes perform a surprise payoff as a deterrent to this form
of defalcation. Alternatively, the auditor may turn the check distribution over
 to an official not associated with preparing payrolls, signing checks, or
supervising workers. Personnel files and the employees’ completed time cards
and time tickets may also be examined to substantiate the existence of absent
employees.

b. Excess Payments to Employees

Increasing the rate above that approved or paying employees for more hours
than they worked are the most common ways of paying employees more than
they are entitled to receive. These practices can be substantially reduced by
requiring personnel department officials to authorize changes in pay rates and
by monitoring total hours worked and paid for. Analytical procedures that
focus on cost per unit of actual production can also be helpful in detecting
excess payments to employees.

c. Failure to Record Payroll

Companies having difficulty meeting profits targets or non-for-profit entities

having difficulty managing costs and expenses might fail to record a payroll.
The omission of payroll can be difficult to hide unless a similar amount of
revenues or receipts has been omitted. Analytical procedures can be performed
to test the reasonableness for payroll cost.

d. Inappropriate Assignment of Labor Costs to Inventory

A company having difficulty meeting profit targets might assign to inventory

labor cost that should have been charged to expense. Analytical procedures
such as comparing costs incurred to budgeted cost and verification of valuation
of inventory are some of the useful techniques in detecting such fraud.

CHAPTER 16: INTERNAL CONTROL AFFECTING ASSETS

INTERNAL CONTROL OVER CASH TRANSACTIONS

Most of the processes relating to cash handling are the responsibility of the finance department,
under the direction of the treasurer. These processes include handling and depositing cash receipts;
signing checks; investing idle cash; and maintaining custody of cash, marketable securities, and
other negotiable assets. In addition, the finance, department must forecast cash requirements and
make both short-term and, long-term financing arrangements.
Ideally, the functions of the finance department and the accounting department should be
integrated in a manner that provides assurance that:

1. All cash that should have been received was in fact received, recorded accurately and
deposited promptly.
2. Cash disbursements have been made for authorized purposes only and have been properly
recorded.
3. Cash balances are maintained at adequate, but not excessive, levels by forecasting expected
cash receipts and payments related to normal operations. The need for obtaining loans for
investing excess cash is thus made known on a timely basis.

A detailed study of the business processes of the company is necessary in developing the most
efficient control procedures, but there are some general guidelines to good cash handling practices
in all types of business. These guidelines for achieving internal control over cash may be
summarized as follows:

1. Do not permit any one employee to handle a transaction from beginning to end.
2. Separate cash handling from record keeping.
3. Centralize receiving of cash to the extent practical.
4. Record cash receipts on a timely basis.
5. Encourage customers to obtain receipts and observe cash register totals.
6. Deposit cash receipts daily.
7. Make all disbursements by check or electronic funds transfer, with the exception of small
expenditures from petty cash.
8. Have monthly bank reconciliation prepared by employees not responsible for the issuance
of checks or custody of cash. The completed reconciliation should be reviewed promptly
by an appropriate official.
9. Monitor cash receipts and disbursements by comparing recorded amounts to forecasted
amounts and investigating variances from forecasted amounts.

Potential Misstatements – Cash Receipts

Descriptions of Examples Internal Control

Misstatements Weaknesses or Factors that
Increase the Risk of the
Misstatement
Recording fictitious cash Fraud:
receipts • Overstating cash receipts • Lack of segregation of
on the books by duties of the functions of
transferring cash between access to cash and record
bank accounts without keeping; no effective
 appropriate recording of review of bank
the transfer to cover up an reconciliations.
embezzlement of cash
Failure to record receipts from Fraud:
cash sales • A cashier fails to ring up • Inadequate supervision of
and record cash sales and cashiers; failure to
embezzles the cash. encourage customers to
obtain cash receipts.
Error:
• A bookkeeper • Inadequate controls for
accidentally omits the reconciling cash register
recording of the receipts tapes and accounting
from one cash register for records; inadequate
the day. controls for reconciling
bank accounts.
Failure to record cash from Fraud:
collection of accounts • A cashier embezzles cash • Lack of segregation of
receivable payments by customers on duties between personnel
receivables, without who have access to cash
recording the receipts in receipts and those who
the customers’ accounts. make entries into the
account receivable
records.

• A bookkeeper • Lack of segregation of

accidentally who has duties between personnel
access to cash receipts who have access to cash
embezzles cash collected receipts and those who
from customers and writes make entries into the
off the related receivables. accounts receivable
records.
Error:
• A bookkeeper
accidentally fails to record • Inadequate reconciliations
payment on a receivable. of subsidiary records of
accounts receivable with
the general ledger control
account.
Early (late) recognition of Fraud:
cash receipts – “cutoff • Holding the cash receipts • Ineffective board of
problems” journal open to record next directors, audit
year’s cash receipts as committee, or internal
having occurred in this audit function; “tone at the
year. top” not conductive to
ethical conduct; undue
pressure to show
 improved financial
positions.
Error:
• Recording cash receipts • Failure to list and deposit
based on bad information cash receipts on a timely
about date of receipt. basis.
Potential Misstatements – Cash Disbursements

Description of Misstatement Examples Internal Control Weakness

or Factors that Increase the
Risk of the Misstatement
Inaccurate recording of a Fraud:
purchase or disbursement • A bookkeeper prepares a • Inadequate segregation of
check to himself and duties of record keeping
records it as having been and preparing cash
issued to a major supplier. disbursements, or check
signer does not review and
cancel supporting
documents.
Error:
• A disbursement is made to • Ineffective control for
pay an invoice for goods matching invoices with
that have not been receiving documents
received. before disbursement are
authorized.

• Disbursements for travel • Ineffective accounting

and entertainment are coding procedures may
improperly included with result from incompetent
merchandise purchases. accounting personnel,
inadequate chart of
accounts, or no controls
over the posting process.
Duplicate recording and Error:
payment of purchases • A purchase is recorded • Ineffective controls for
when an invoice is review and cancellation of
received from a vendor supporting documents by
and recorded again when a the check signer.
duplicate invoice is sent
by the vendor.
Unrecorded disbursement Fraud:
• In conjunction with • Ineffective control over
recorded (but deposited) record keeping for and
cash receipts, an employee access to cash.
writes and chases an
 unrecorded check for the
identical amount.

INTERNAL CONTROL OVER FINANCIAL INVESTMENTS

The most important group of financial investments, consists of marketable stocks and bonds
because they are found more frequently and usually are of greater peso value than the other kinds
of investment holdings. Other types of investments often encountered include commercial paper
issued by corporations, mortgages and trust deeds, and the cash surrender value of life insurance
policies. The internal auditors also must be concerned with derivatives that are used to hedge
various financial and operational risks or for speculation. Derivatives are financial instruments that
“derive” their value from other financial instruments, underlying assets, or indexes. For example,
a simple derivative would involve a commitment by a company to purchase a commodity at a
certain price at some point in the future. Other derivatives are much more complex, involving, for
example, relationships between fluctuations in European interest rates and the price of copper.

The major elements of adequate internal control over financial investments include the following:

1. Formal investment policies that limit the nature if investments in securities and other
financial instruments.
2. An investment committee of the board of directors that authorizes and reviews financial
investment activities for compliance with investment policies.
3. Separation of duties between the executive authorizing purchases and sales of securities
and derivative instruments, the custodian of the securities, and the person maintaining the
records of investments.
4. Complete detailed records of all securities and derivative instruments owned and the
related provisions and terms.
5. Registration of securities in the name of the company.
6. Periodic physical inspection of securities on hand by an internal auditor or an official
having no responsibility for the authorization, custody, or record keeping of investments.
7. Determination of appropriate accounting for complex financial instruments by competent
personnel.

In many concerns, segregation of the functions of custody and record keeping is achieved by the
use of an independent safekeeping agent, such as a stockholder bank or trust company. Since the
independent agent has no direct contact with the employee responsible from maintaining
accounting records of the investments in securities, the possibilities of concealing fraud through
falsification of the accounts are greatly reduced. If securities are not placed in the custody of an
independent agent, they should be kept in a bank safe-deposit box under the joint control of two
or more of the company’s officials. Joint control means that neither of the two custodians may
have access to the securities except in the presence of the other. A list of securities in the box
should be maintained in the box, and the deposit or withdrawal of securities should be recorded on
this list along with the date and signatures of all persons present. The safe-deposit box rental should
be in the name of the company, not in the name of an officer having custody of securities.

Complete detailed records of all securities and derivative instruments owned are essential to
satisfactory control. These records frequently consist of a subsidiary record for each security and
derivative instrument, with such identifying data as the exact name, face amount or par value,
certificate number, number of shares, date of acquisition, name of broker, cost, terms and any
interest or dividend payments received. Actual interest and dividends should be compared to
budgeted amounts and significant variances should be investigated. The purchase and sale of
investments often is to entrusted to a responsible financial executive, subject to frequent review
by an investment committee of the board of directors.

Potential Misstatements – Financial Investments

Descriptions of Examples Internal Control Weakness

Misstatements or Factors that Increase the
Risk of the Misstatement
Misstatement of recorded Errors:
value of investments • Failure to record changes • Inadequate accounting
in market values of manual; incompetent
investments. accounting personal.
Fraud:
• Misstatement of the value • Ineffective board of
of closely held directors, audit
investment. committee, or internal
audit function; not
conductive to ethical
conduct; undue pressure to
meet earnings targets.
Unauthorized investment Fraud:
transactions • An employee with access • Inadequate segregation of
to securities coverts them duties of record keeping
for personal use. for and custody of
securities.
Incomplete recording of Error:
investments • Failure to record • a. Inadequate accounting
derivative agreements manual; incompetent
which are embedded in accounting personnel.
other agreements.
 • b. Inadequate monitoring
by internal auditors.

INTERNAL CONTROL OVER RECEIVABLES

Accounts receivable include not only claims against customers arising from sales of goods or
services, but also a variety of miscellaneous claims such as loans to officers or employees, loans
to subsidiaries, claims against various other films, claims for tax refunds and advantages to
suppliers.
Sources and Nature of Notes Receivable

Notes receivable are written promises to pay certain amounts at future dates. Typically, notes
receivable is used for handling transactions of substantial amount; these negotiable documents are
widely used. In banks and other financial institutions, notes receivable usually constitutes the
single most important asset.

Internal Control of Accounts Receivable and Revenue

to understand internal control over accounts receivable and revenue, one must consider the various
components, including the control environment, risk assessment, monitoring the (accounting)
information and communication system, and control activities.

Control Environment

Because of the risk of intentional misstatements or revenues, the control environment is very
important to effective internal control over revenue and receivables. Of particular importance is
an independent audit committee of the board of directors that monitors management’s judgements
about revenue recognition principles and estimates, as well as an effective internal audit function.
Management should establish a tone at the top of the organization that encourages integrity and
ethical financial reporting. These ethical standards should be communicated and observed
throughout the organization. Also, incentives for dishonest reporting such as undue emphasis on
meeting unrealistic sales or earnings targets, should be eliminated.

Potential Misstatements – Revenue/Receivables

Description of Misstatement Examples Internal Control Weakness
or Factors that Increase the
Risk of the Misstatement
Recording unearned revenue Fraud:
• Recording fictitious sales • Ineffective board of
without receiving a directors, audit
customer order or committee, or internal
shipping the goods. audit function; undue
• Intentional overshipment pressure to meet earnings
of goods. targets. “top management
action” not conductive to
Errors: ethical conduct.
• Recording sales based on • Ineffective billing process
the receipt of orders from in which billing is not tied
customers rather than the to shipping information.
shipment of goods. • Ineffective controls for
• Inaccurate billing and testing invoices, or
recording of sales. ineffective input
• Recording cash that validation checks and
represents a liability (e.g., computer reconciliations
receipt of a customer’s to ensure the accuracy of
deposit) as revenue. databases.
• Inadequate accounting
manual; incompetent
accounting personnel.
Early (late) recognition of Fraud:
revenue – “cutoff error” • Holding the sales journal • Ineffective board of
open to record next year’s directors, audit
sales as having occurred in committee, or internal
the current year. audit function; not
conductive to ethical
Error: conduct; undue pressure to
• Recording sales in the meet sales targets.
wrong period based on
incorrect shipping • Ineffective cutoff
information. procedures in the shipping
department.
Recording revenue when Fraud:
significant uncertainties exist • Recording sales when the • Ineffective board of
customer is likely to return directors, audit
goods. committee, or internal
audit function; not
conductive to ethical
 conduct; undue pressure to
Error: meet sales targets.
• Recording sales when the
customer’s payment is • Aggressive attitude of
contingent upon the management toward
customer receiving financial reporting;
financing or selling the incompetent officer.
goods to another party
(e.g., consignment sales).
Recording revenue when Fraud:
significant services still must • Recording franchise • Ineffective board of
be performed by seller revenue when the directors, audit
franchises are sold even committee, or internal
though an obligation to audit function; not
perform significant conductive to ethical
services still exists. conduct; undue pressure to
meet sales targets.
Error:
• Amount of revenue earned • Aggressive attitude of
on franchises is management toward
miscalculated. financial reporting;
incompetent officer.
Overestimation of the amount Fraud:
of revenue earned. • Misstating the percentage • Ineffective board of
of completion of several directors, audit
projects by a construction committee, or internal
company using the audit function; not
percentage-of completion conductive to ethical
method revenue conduct; undue pressure to
recognition. meet sales targets.

• Overestimating the • Aggressive attitude of

percentage of completion management toward
on projects by a financial reporting;
construction company incompetent personnel
using the percentage-of- involved in the
completion method of estimations / accounting
revenue recognition. process.

Internal Control over Notes Receivable

As previously stated, a basic characteristic of effective control consists of the subdivision of duties.
As applied to notes receivable, this principles requires that:
 1. The custodian of noted receivable not have access to cash or to general accounting records.
2. The acceptance and renewal of notes be authorized in writing by a responsible official who
does not have custody of the notes.
3. The write-off of defaulted notes be approved in writing by responsible officials and
effective procedures adopted for subsequent follow-up of such defaulted notes.

INTERNAL CONTROL OVER INVENTORIES AND COST OF GOODS SOLD

The interrelationship of inventories and cost of goods sold makes it logical for the two topics be
considered together. The controls that assure the fair valuation of inventories are found in the
purchases (or acquisition) cycle. These controls include procedures for selecting vendors, ordering
merchandise or materials, inspecting goods received, recording the liability to the vendor, and
authorizing and making cash disbursements. In a manufacturing business, the valuation of
inventories also is affected by the production (or conversion) cycle, in which various
manufacturing costs are assigned to inventories, and the cost of inventories is then transferred to
the cost of goods sold.

Sources and Nature of Inventories and Cost of Goods Sold

The term inventories is used in this chapter to include:

1. Goods on hand ready for sale, whether the merchandise of a trading concern or the finished
goods of a manufacturer.
2. Goods in the process of production; and
3. Goods to consumed directly or indirectly in production, such as raw materials, purchased
parts, and supplies.

Internal Control over Inventories and Cost of Goods Sold

The importance of adequate internal control over inventories and cost of goods sold from the
viewpoint of both management and the auditors can scarcely be overemphasized. In some
companies, management stresses controls over cash and securities but pays little attention to
control over inventories. Since many types of inventories are composed of items not particularly
susceptible to theft, management may consider controls to be unnecessary in this area. Such
thinking ignores the fact that controls for inventories affect nearly all the functions involved in
producing and disposing of the company’s products.

Potential Misstatements – Inventory /Cost of Goods Sold

Description of Misstatement Examples Internal Control Weakness

or Factors that Increase the
Risk of the Misstatement
Misstatement of inventory Fraud:
costs • Intentional misstatement • Ineffective board of
if production costs directors, audit
assigned to inventory. committee, or internal
• Intentional misstatements audit function; “tone at the
of inventory prices. top” not conductive to
ethical conduct; undue
pressure to meet earnings
targets.
Errors:
• The assignment of direct • Ineffective cost
labor costs, direct material accounting system; failure
costs, or factory overhead to update standard costs on
to inventory items is a timely basis.
inaccurate. • Ineffective input
• Erroneous pricing of validation controls on the
inventory. database of inventory
costs; ineffective
supervision of the
personnel that enter the
costs on the final
inventory schedule.
Misstatements of inventory Fraud:
quantities • Items are stolen with no • Ineffective physical
journal entry reflecting the controls over inventories.
theft. • Ineffective board of
• Inventory quantities in directors, audit
locations not visited by committee, or internal
auditors are systematically audit function; “tone at the
overstated. top” not conductive to
ethical conduct; undue
pressure to meet earnings
targets.
Errors:
 •
Miscounting of inventory • Ineffective controls or
by personnel involved in supervision of physical
physical inventory, inventory.
Early (late) recognition of Fraud:
purchases – “cutoff problems” • Intentional recording of • Ineffective board of
purchases in the directors, audit
subsequent period. committee, or internal
audit function; “tone at the
top” not conductive to
ethical conduct; undue
pressure to meet earnings
targets.
Error:
• Recording purchases of • Ineffective accounting
the current period in the procedures that do not tie
subsequent period. recorded purchases to
receiving data.

INTERNAL CONTROL OVER PROPERTY, PLANT, AND EQUIPMENT

The term property, plant and equipment includes all tangible assets with a service life of more than
one year that are used in the operation of the business and are not acquired for the purpose of
resale. Three major subgroups of such assets are generally recognized:

1. Land, such as property used in the operation of the business, has the significant
characteristics of not being subject to depreciation.
2. Buildings, machinery, equipment and land improvements, such as fences and parking lots,
have limited service lives and are subject to depreciation.
3. Natural resources (wasting assets), such as oil wells, coal mines, and tract of timber, are
subject to depletion as the natural resources are extracted or removed.

Acquisitions and disposals of property, plant and equipment are usually large in dollar amount,
but concentrated in only a few transactions. Individually items of plant and equipment may remain
unchanged in the accounts for many years.

Internal Control over Plant and Equipment

The amounts invested in plant and equipment represents a large portion of the total assets of many
industrial concerns. Maintenance, rearrangement and depreciation of these asset are major
expenses in the income statement. The total expenditures for the assets and related expenses make
strong internal control essential to the preparation of reliable financial statements. Errors in
measurement of income may be material if assets are scrapped without their cost being removed
from the accounts, or if the distinction between capital and revenue expenditures is not maintained
consistently. The losses that inevitably arise from uncontrolled methods of acquiring, maintaining,
and retiring plant and equipment are often greater than the losses from fraud in cash handling.

In large enterprises, the auditors may expect to find an annual plant budget used to forecast and
control acquisitions and retirements of plant and equipment. Many small companies also forecast
expenditures for plant assets. Successful utilization of a plant budget presupposes the existence for
reliable and detailed accounting records for plant and equipment. A detailed knowledge of the
kinds quantities and condition of existing equipment is an essential basis for intelligent forecasting
of the need for replacement and additions to the plant.

Other key controls applicable to plant and equipment are as follows:

1. A subsidiary ledger consisting of a separate record for each unit of property. An adequate
plant and equipment ledger facilitate the auditor’s work in analyzing additions and
retirements, in verifying the depreciation provision and maintenance expenses, and in
comparing authorizations with actual expenditures.
2. A system of authorization requiring advance executive approval of all plant and equipment
acquisitions, whether by purchase, lease or construction. Serially numbered capital work
orders are a convenient means of recording authorizations.
3. A reporting procedure assuring prompt disclosure and analysis of variances between
authorized and actual costs.
4. An authoritative written statement of company policy distinguishing between capital
expenditures and revenue expenditures. A dollar minimum ordinarily will be established
for capitalization; any expenditure of a lesser amount automatically classified as charges
against current revenue.
5. A policy requiring all purchases of plant and equipment to be handled through the
purchasing department and subjected to a standard routine for receiving, inspection and
payment.
6. Periodic physical inventories designed to verify the existence, location and condition of all
property listed in the accounts and to disclose the existence of any unrecorded units
7. A system of retirement procedures, including serially numbered retirement work orders
(bottom), stating reasons for retirement and bearing appropriate approvals.

Potential Misstatements – Investments in Property, Plant and Equipment

 Description of Misstatement Examples Internal Control Weakness
or Factors that Increase the
Risk of the Misstatement
Misstatement of acquisitions Fraud:
of property, plant and • Expenditures for repairs • Undue pressure to meet
equipment and maintenance expenses earnings targets.
recorded as property, plant
and equipment
acquisitions to overstate
income.

Error:
• Purchases of equipment • Inadequate accounting;
erroneously reported in manual; incompetent
maintenance and repairs accounting personnel.
expense account.
Failure to record retirements Error:
of property, plant and • An asset that has been • Inadequate accounting
equipment. replaced is discarded due policies, e.g., failure to use
to its lack of value, retirement work orders.
without an accounting
entry.
Improper reporting of unusual Error:
transactions. • A “gain” recorded on an • Inadequate accounting;
exchange of nonmonetary manual; incompetent
assets that lacks accounting personnel.
commercial substance.
CHAPTER 17: INTERNAL CONTROL AFFECTING LIABILITIES AND EQUITY

INTERNAL CONTROL OVER ACCOUNTS PAYABLE

The term accounts payable (often referred to as vouchers payable for a voucher system) is used to
describe short-term obligations arising from the purchase of goods and services in the ordinary
course of business. Typical transactions creating accounts payable include the acquisition on credit
of merchandise, raw materials, plant assets and office supplies.

Other sources of accounts payable include the receipt of services, such as legal and accounting
services, advertising, repairs and utilities. Interest-bearing obligations should it be included in
accounts payable but shown separately as bonds, notes, mortgages, or installment contracts.

Invoices and statements from supplies usually evidence accounts payable arising from the
purchase of goods or services and most other liabilities. However, accrued liabilities (sometime
called accrued expenses) generally accumulate over time, and management must make accounting
estimates of the year-end liability. Such estimates are often necessary for salaries, pensions,
interest, rent, taxes and similar items.
In thinking about internal control over account payable, it is important to recognize that the
accounts payable of one company are the accounts receivable of other companies. It follows that
there is little danger of errors being overlooked permanently since the client’s creditor’s will
generally maintain complete records of their receivables and will inform the client if payment is
not received. This feature also aids auditors in the discovery of fraud, since the perpetrator must
be able to obtain and respond to the demands for payment. Some companies, therefore, may choose
to minimize their record keeping of liabilities and to rely on creditors to call attention to any delay
in making payment. This viewpoint is not an endorsement of inaccurate or incomplete records of
accounts payable, but merely recognition that the self-interest of creditors constitutes an effective
control in accounting for payables that is not present in the case of accounts receivable.

Discussion of internal control applicable to accounts payable may logically be extended to the
entire purchase or acquisition cycle.

Potential Misstatements – Accounts Payable

Description of Examples Internal Control Weakness
Misstatement or Factors that Increase the
Risk of the Misstatement
Inaccurate recording of a Fraud: • Inadequate
purchase or disbursement • A bookkeeper segregation of duties
prepares a check to of record keeping and
himself and records it preparing cash
as having been issued disbursements, or
to a major supplier. check signer does not
Error: review and cancel
• A disbursement is supporting documents
made to pay an • Ineffective controls
invoice for goods that for matching invoices
have not been with receiving
received. documents before
disbursements are
authorizes.
Misappropriation of Fraud:
purchases • Goods are ordered but • Ineffective controls
delivered to an for matching invoices
inappropriate address with receiving
and stolen. documents before
disbursements are
authorized.`
Duplicate recording of Error:
purchases • A purchase is • Ineffective controls
recorded when an for review and
invoice is received cancellation of
from a vendor and supporting documents
recorded again when a by the check signer.
 duplicate invoice is
sent by the vendor.
Late (early) recording of cost Fraud:
of purchase – “cutoff • Purchases journal • Ineffective board of
problems” “closely early” with directors, audit
this period’s committee, or internal
purchases recorded as audit function; “tone
having occurred in at the top” not
subsequent period. conducive to ethical
conduct; undue
pressure to meet
earnings target.

INTERNAL CONTROL OVER OTHER DEBTS

Business corporations obtain substantial amounts of their financial resources by incurring debt and
issuing capital stock. The acquisition and repayment of capital is sometimes referred to as the
financing cycle. This transaction cycle includes the sequence of procedures for authorizing,
executing, and recording transactions that involve bank loans, mortgages, bonds payable, and
capital stock as well as the payment of interest and dividends.

Internal Control over Debt

Authorization by Board of Directors

Effective internal control over debt begins with the authorization to incur the debt. The bylaws of
a corporation usually require that the board of directors approve borrowing. The treasurer of the
corporation will prepare a report on my proposed financing, explaining the need for funds, the
estimated effect of borrowing upon future earnings, the estimated financial position of the
company in comparison with others in the industry both before and after the borrowing, and
alternative methods of raising funds. Authorization by the board of directors will include review
and approval of such matters as the choice of a bank or trustee, the type of security, registration
with SEC, agreements with investment bankers, compliance with requirements of the state of
incorporation, and listing of bonds on a securities exchange. After the issuance of long-term debt,
the board of directors should receive a report stating the net amount received and its disposition
as, for example, acquisition of plant assets, addition to working capital, or other purposes.

Use of an Independent Trustee

Bond issues are always for large amounts – usually many millions of pesos. Therefore, only
relatively large companies issue bonds: small companies obtain long-term capital through
mortgage loans or other sources. Any company large enough to issue bonds and able to find a
ready market for the securities will almost always utilize the services of a large bank as an
independent trustee.

The trustee is charged with the protection of the creditors’ interests and with monitoring the issuing
company’s compliance with the provisions of the indenture. The trustee also maintains detailed
records of the names and addresses of the registered owners of the bonds, cancels old bond
certificates and issues new ones when bonds change ownership, follows procedures to prevent over
issuance of bond certificates, distribute interest payments, and distributes principal payments when
then bonds mature. Use of an independent trustee largely solves the problem of internal control
over bonds payable. Internal control is strengthened by the fact that the trustee does not have access
to the issuing company’s assets or accounting records and the fact that the trustee is a large
financial institution with legal responsibility for its actions.

Interest Payments on Bonds and Notes Payable

Many corporations assign the entire task of paying interest to the trustee for the either bearer bonds
or registered bonds. Highly effective control is then achieved, since the company will issue a single
check for the full amount of the semiannual interest payment on the entire bond issue.

INTERNAL CONTROL OVER OWNERS’ EQUITY

The three principal elements of strong control over share capital and dividends:
1. The proper authorization of transactions by the board of directors and corporate office,
2. The segregation of duties in handling these transactions (preferably the use payments), and
3. The maintenance of adequate records.

Internal Control on Equity

Control of Share Capital Transactions by the Board of Directors

All changes in share capital accounts should receive formal advance approval by the board of
directors. The board of directors must determine the number of shares to be issued and the price
per share; if an installment plan of payment is to be used, the board must prescribe the terms. If
plant and equipment, services, or any consideration other than cash is to be accepted in payment
of shares, the board of directors must establish the valuation on the noncash assets received.
Transfers from retained earnings to the Share Capital and Paid-in Capital accounts, as in the case
of stock dividends, are initiated by action of the board. In addition, stock splits and changes in par
or stated value of shares require formal authorization by the board.

Authority for all dividend actions rests with the directors. The declaration of a dividend must
specify not only the amount per share but also the date of record and the date of payment.

Independent Registrar and Stock Transfer Agent

In appraising internal control over share capital, the first question that the auditors consider is
whether the corporation employs the services of an independent share registrar and a share transfer
agent or handles its own capital share transactions. Internal control is far stronger when the services
of an independent share registrar and a stock transfer agent are utilized because the banks or trust
companies acting in these capacities will have the experience, the specialized facilities, and the
trained personnel to perform the work in an expert manner. Moreover, by placing the responsibility
for handling share capital certificates in separate and independent organizations, the corporation
achieves to the fullest extent the internal control concept of separation duties.

Internal Control over Dividends

The nature of internal control over the payment of dividend, as in the case of stock issuance,
depends primarily upon whether the company performs the function of dividend payment itself or
utilizes the services of an independent dividend-paying agent. If an independent dividend-paying
agent is used, the corporation will provide the agent with a certified copy of the dividend
declaration and a check for the full amount of the dividend. The bank or trust company serving as
stock transfer is usually appointed to distribute the dividend, since it maintains the detailed records
of shareholders. The agent issues dividend checks to the individual shareholders and sends the
corporation a list of the payments made. The use of an independent fiscal agent is to be
recommended from the stand-point of internal control, for it materially reduces the possibility of
fraud or error arising in connection with the distribution of dividends.

In a small corporation that does not use the services of a dividend-paying agent, the responsibility
for payment of dividends is usually lodged with the treasurer and the secretary. After declaration
of a dividend by the board of directors, the secretary prepares a list of shareholders as of the date
of record, the number of shares held by each, and the amount of the dividend each is to receive.
The total of these individual amounts is proved by multiplying the dividend per share by the total
number of outstanding shares.

Dividend checks controlled by serial numbers are dawn payable to individual stockholders in the
amount shown on the list described above. If the shareholders ledger is maintained on a computer
master file, the dividend checks may be prepared by the computer directly from this record. The
stockholder list and dividend check are submitted to the treasurer with the total of shares
outstanding and mailed without again coming under control of the officer who prepared them.

Cash in the amount of the total dividend is then transferred from the general bank account to a
separate dividend bank account. As the individual dividend checks are paid from this account and
returned by the bank, they should be matched with the check stubs or marked paid in the dividend
register. A list of outstanding checks be prepared monthly from the open stubs or open items in
the checks register. This list should agree in total with the balance remaining in the dividend bank
account. Companies with numerous shareholders prepare dividend checks in machine-readable
form, so that the computer may perform the reconciliation of outstanding checks.