DE CASTRO, Marvin

DIMAPANAG, Rey Marvin

MALICAD, Jayson Vir
PATRON, Mark Louie
REMATA, Dion David II
INTERNAL
CONTROL
 DEFINITION
Internal control is a process designed and effected by the board of directors, senior management, and
all levels of personnel to provide reasonable assurance on the achievement of objectives through
efficient and effective operations; reliable, complete and timely financial and management information;
and compliance with applicable laws, regulations, and the organization’s policies and procedures. It is
an integral part of an organization’s governance system and ability to manage risk, which is understood,
effected, and actively monitored by the governing body, management, and other personnel to take
advantage of the opportunities and to counter the threats to achieving the organization’s objectives.

International Federation of Accountants recognizes that the term “internal control” can have multiple
meanings, including:
1. Internal control system or process: “the process designed, implemented, and maintained by
those charged with governance, management, and other personnel to provide reasonable
assurance about the achievement of an entity’s objectives with regard to reliability of financial
reporting, effectiveness and efficiency of operations, and compliance with applicable laws and
regulations.”
2. Internal control activity or measure: activities performed to treat risks and effectuate internal
control. Internal control as an activity or measure is sometimes simply referred to as “control”.
3. Internal control as a state or outcome: an organization is “in control,” when it has achieved its
internal control objectives. -desired level of internal control, achieved by treating the risks an
organization faces in accordance with its risk management strategy and policies on internal
control, while achieving the organization’s objectives.
 SCOPE OF INTERNAL CONTROL
Internal control should be used to support the organization in
achieving its objectives by managing its risks, while complying with
rules, regulations, and organizational policies. The organization
should therefore make internal control part of risk management and
integrate both in its overall governance system.

Example:
Organizations always face uncertainty in achieving their strategic,
SCOPE operational, and other objectives. Proper risk assessment and
internal control assist organizations in making informed decisions
about the level of risk that they want to take, and implementing the
necessary controls, in pursuit of the organizations’ objectives.
However, risks should not be taken without an explicit understanding
of their potential consequences for achieving an organization’s
objectives. Therefore, decision makers require relevant and reliable
information, produced through the internal control system, to
effectively implement and execute their strategic and operational
plans.
 COMPONENTS OF INTERNAL CONTROL
Management’s Assesment of internal control
identification and performance over time
assesment of risk
Monitoring
Risk Assessment Controls

Control Information, financial reporting Existing Control

Environment and communication system Activities
The overall tone of the Means of recording transactions and Control policies and
organization communicating responsibilities procedures
 Control Environment
Control environment is the attitude toward internal
control and control consciousness established and
maintained by the management and the employees of an
organization. It is a product of management’s philosophy,
style and supportive attitude, as well as the competence,
ethical values, integrity, and morale of the organization’s
people. The organization structure and accountability
relationships are key factors in the control environment.

Principles for the Control Environment

- Demonstrates commitment to integrity and ethical
values
- Exercises oversight responsibility
- Establishes structure, authority and responsibility
- Demonstrates commitment to competence
- Enforces accountability
 Risk Assessment
Risks are events that threaten the accomplishment of objectives.
They ultimately impact an organization’s ability to accomplish its
mission. Risk assessment is the process of identifying, evaluating
and determining how to manage these events. At every level
within an organization there are both internal and external risks
that could prevent the accomplishment of established objectives.
Ideally, management should seek to prevent these risks. However,
sometimes management cannot prevent the risk from occurring.
In such cases, management should decide whether to accept the
risk, reduce the risk to acceptable levels, or avoid the risk. To
have reasonable assurance that the organization will achieve its
objectives, management should ensure each risk is assessed and
handled properly.

Principles for Risk Assessment

- Specifies suitable objectives
- Identifies and analyses risk
- Assesses fraud risk
- Identifies and analyses significant change
Information, financial reporting and
communication system
Communication is the exchange of useful information between
and among people and organizations to support decisions and
coordinate activities. Within an organization, information should
be communicated to management and other employees who
need it in a form and within a time frame that helps them to
carry out their responsibilities. Communication also takes place
with outside parties such as customers, suppliers and regulators.

Principles for Information, financial reporting

and communication system
- Uses relevant information
- Communicates internally
- Communicates externally
 Monitoring Controls
Monitoring is the review of an organization’s activities
and transactions to assess the quality of performance
over time and to determine whether controls are
effective. Management should focus monitoring efforts
on internal control and achievement of organization
objectives. For monitoring to be most effective, all
employees need to understand the organization’s mission,
objectives, and responsibilities and risk tolerance levels.

Principles for Monitoring Controls

- Conducts ongoing and/or separate evaluations
- Evaluates and communicates deficiencies
 Existing Control Activities
Control activities are tools - both manual and
automated - that help prevent or reduce the risks that
can impede accomplishment of the organization’s
objectives and mission. Management should establish
control activities to effectively and efficiently accomplish
the organization’s objectives and mission.

Principles for Existing Control Activities

- Selects and develops control activities
- Selects and develops general controls over technology
- Deploys through policies and procedures
INTERNAL CONTROL
IS NECESSARY

Internal control is important as it is a crucial aspect

of an organization’s governance system and ability to
manage risk, and is fundamental to supporting the
achievement of an organization’s objectives and
creating, enhancing, and protecting stakeholder
value. Effective internal control also creates a
competitive advantage, as an organization with
effective controls can take on additional risk.
Example: Since errors and fraud can and do occur, it
is important to implement effective internal control
to establish safeguards for your plan to ensure you
can adequately meet your fiduciary responsibilities.
Persons Responsible for Internal Controls
In their wake, the Sarbanes-Oxley Act of 2002 was enacted to protect
investors from fraudulent accounting activities and improve the
accuracy and reliability of corporate disclosures. This has had a
profound effect on corporate governance, by making managers
responsible for financial reporting and creating an audit trail. The
responsible for internal controls should reside with the highest level of
authority inside the company and that is the management.
Management is responsible for establishing and maintaining internal
control to achieve the objectives of effective and efficient operations,
reliable financial reporting, and compliance with applicable laws and
regulations. Management is responsible for communicating the
expectations and duties of staff as part of a control environment. They
are also responsible for assuring that the other major areas of an
internal control framework are addressed. Staff and operating
personnel are responsible for carrying out the internal control
activities set forth by management. Furthermore every employee plays
an important role for strengthening or weakening internal control
system. Therefore, everyone within an organization is responsible of
internal control.
Responsibilities of the Professional
Accountants
A competent professional accountant in business is an invaluable asset
to the company. These individuals employ an inquiring mind to their
work founded on the basis of their knowledge of the company’s
financials. Accountancy professionals in business assist with corporate
strategy, provide advice and help businesses to reduce costs, improve
their top line and mitigate risks. As board directors, professional
accountants in business represent the interest of the owners of the
company (i.e., shareholders in a public company). Their roles ordinarily
include: governing the organization (such as, approving annual budgets
and accounting to the stakeholders for the company’s performance);
appointing the chief executive; and determining management’s
compensation. The roles that Professional Accountants in Business
perform include implementing and maintaining operational and
fiduciary controls, providing analytical support for strategic planning
and decision making, ensuring that effective risk management
processes are in place, and assisting management in setting the tone
for ethical practices. In addition, many professional accountants in
business have a responsibility to provide objective, accurate, and timely
information and analyses to support all of these activities.
 Role of the External Auditor
The role of external auditors is important not only to the certification
of accounts but also as a professional support to a company's internal
audit function. Typically, external auditors are certified public
accountants (CPAs, chartered accountants) who are hired by senior
management for independent auditing duties. External auditors are
also delegated by bank supervisors and other regulatory authorities
who have the function of independent examiners. The wider description
of their mission includes: Evaluation and certification of the work of
internal auditors, review of the company's records and computational
procedures, evaluation of accounting procedures for compliance
reasons Analysis of financial reports and disclosures, testing of assets,
liabilities, revenues, and expenses in terms of valuation, and appraisal
of internal controls and their adequacy under stress conditions because
they have a relative independence from the bank's management,
external auditors can play an important role in account reconciliation
and in the maintenance of an effective system of internal control.
Indeed, in the Group of Ten (G-10) countries, many regulatory agencies
are now requiring that external auditors take on the mission of
assessing the internal control system of the bank they audit, beyond
their more classical work of certifying the annual accounts.
 KEY PRINCIPLES
The following are key principles of evaluating and improving internal control:

1. Supporting the organization’s objectives – through one goal, internal control will
be modified with the intention of achieving the organization’s objectives.
2. Determining roles and responsibilities – proper assigning of roles would help in
the proper application of internal control, this helps in the proper collaboration of
the organization.
3. Fostering a motivational culture – as is in any great leader, motivation can
improve morale and would encourage solidarity and unity in an organization.
4. Linking to individual performance – this it to give credit where it is due.
5. Ensuring sufficient competency – to fulfil responsibilities, qualified personnel
should be assigned with the proper tasks on internal control.
6. Responding to risk – controls are created in acknowledgement of risks.
7. Communicating regularly – communicating is the key to being understood, thus
proper communication can help the organization understand the system of control
and its effects on the organization.
8. Monitoring and evaluating – this is to determine the weaknesses of internal
control.
9. Providing for transparency and accountability – internal control should be
reported to stakeholders in transparent manner and should include feedback from
them.
 TYPES OF CONTROLS
Detective
Preventive detective controls aim to find errors or
preventive controls aim to stop fraud fraud after it happens. Some examples
before it happens. Some examples include; Reconciliations, Review, and
include; separation of duties, Inventory counts
approval for actions, control of
access to files and other important
assets, physical control of assets, and
employee training.
Automated
it involves
computerized assets.
Manual
involves the participation of
people.
Internal Controls should be Selected,
Implemented and Applied
Risks come with uncertainty; it is the job of controls
to minimize risks. Identifying what risks accompany a
decision is the start to creating a well-planned and
well implemented control, but it should be at an
appropriate level of control, because if a control is to
strict it may paralyze the operations of the company
or if it is too lenient it may not prevent errors or
fraud, controls should also be cost-effective, that the
overall cost of implementing a control is not larger
than the cost of the risk it plans to prevent.
Essentially controls should be made in
acknowledgement of specific risks and its
consequences and should be well balanced that it
provides the best possible outcome.
Organization should Report on
Internal Control Performance
Organizations should report internal control and how it plays
in the organization; the organization should also report to the
stakeholders its risk profile, or the profile in which a company
has the ability to accept and mitigate risk, this helps in the
proper decision on allocating investments. The reporting on
internal control and risk profile should be transparent in a way
that internal and external stakeholders would know the
situation of the company; it should include how the internal
control works and what risks it intends to deal with, and what
are the weaknesses of the internal control. It should also be
noted that for competitive issues, confidentiality should also be
taken into account. Finally, there should be proper
communication between the organization and the stakeholders
for proper input on the internal controls of the organization.
 DEFINITION

Fraud is an intentional use of deception to

obtain an unjust illegal advantage. Also
known as irregularities.

Types of Fraud:
FRAUD 1. Fraudulent Financial Reporting (FFR)
2. Misappropriation of Assets (MOA)
Fraudulent Financial Reporting
Fraudulent Financial Reporting (FFR) is an
intentional misstatements such us omissions or
disclosure of amounts in financial statements
to deceive users. Often involves override of
controls to manage earnings to influence the
perception of users as to the entity’s
performance and profitability.

This includes:
• Recording fictitious entries
• Inappropriate adjusting assumptions
• Omitting, advancing, or delaying recognition
• Concealing, or not disclosing facts
• Engaging in complex transactions
• Altering records
Misappropriation of Assets

Misappropriation of Assets (MOA) is

a theft of an entity’s assets
accompanied by false or misleading
documents to conceal that the assets
are missing or have been pledged
without proper authorization.

This includes:
• Embezzling receipts
• Stealing physical assets
• Causing the entity to pay for
fictitious orders
• Using entity’s assets for personal
use
 DEFINITION
Red Flags are an indication that refers to undesirable
situations or conditions that contributes to fraud,
waste, and abuse of resources. This is usually present
whenever fraud is committed. Every organization is at
risk for fraud-- internal or external. Internal auditors
should be alert in determining red flags or possible
indicators of fraud such as inventory shrinkage, missing
RED FLAG documents, duplicate payments, spikes in invoice
volume, frequent complaints, and or excessive
adjusting entries. Employee behavior could also be sign
of fraud such as lifestyle changes, history of debts, and
excessive gambling.
 PREVENTING FRAUD

Fraud detection and prevention is primarily the

responsibility of management and those charged with
governance. In order for them to do so, they have to
implement effective internal control for fraud risks. It
is important to follow up with the policy and
implement the noted measures and consequences
when someone is caught. The expense of attempting
to deter fraud is less costly for a corporation than the
cost of the fraud that is committed. Therefore, it’s vital
that small businesses take steps to deter fraud, and to
detect it as soon as possible.
 Fraud in every Department

01 Purchasing
Department
Accounts Payable
Department
04
Hiding fraudulent
Overbilling
transactions

Inventory
02 Payroll Department Department 05
Accounting
Commission fraud
manipulations

03 Cash Receipt
Department
Embezzlement
Purchasing Department
Overbilling is a method where the
vendor submits an inflated invoice for
payment. Either quantities invoiced do
not match the number of items actually
delivered or the prices of items have
been upwardly adjusted in order to make
the purchasing company pay more than
it should. Possible controls include
exclusive communication of purchasing
department with the vendor, entity
maintains a list of authorized vendors,
and entity compares purchase price to
CREDITS: This presentation template was created by
marketSlidesgo,
prices.including icons by Flaticon, and infographics &
images by Freepik
Payroll Department
Commission fraud or bonus fraud
occurs when an employee whose pay is
partially or fully based on commissions or
bonuses inflates sales to collect higher
commissions or bonuses or posts non-
existent sales which are later reversed.
Possible controls include conducting
random audits of payroll records and
compare the check register with payroll
records.

CREDITS: This presentation template was created by

Slidesgo, including icons by Flaticon, and infographics &
images by Freepik
Cash Receipt Department
Embezzlement of cash receipts fraud
scheme is referred to as a skimming
scheme. The fraud occurs by the theft of
incoming customer payments or of non-
revenue cash receipts before the funds
are deposited and recorded in the
accounting records. Possible controls
include separation of duties.

CREDITS: This presentation template was created by

Slidesgo, including icons by Flaticon, and infographics &
images by Freepik
Accounts Payable
Department
involve an employee hiding fraudulent
transactions among thousands of
legitimate transactions or generating
false payments that are eventually (or
immediately) paid to themselves.
Possible controls include verifying
vendors and conducting regular vendor
audits to verify that all vendors are
legitimate.
CREDITS: This presentation template was created by
Slidesgo, including icons by Flaticon, and infographics &
images by Freepik
Inventory Department
Inventory is the most vulnerable asset for
fraud in the M&D industry. It contains a
variety of SKUs, can be obscured with
empty boxes and disguised with
complicated accounting manipulations.
Possible control include training
employees and rotating jobs.

CREDITS: This presentation template was created by

Slidesgo, including icons by Flaticon, and infographics &
images by Freepik
 RESOURCES
● American Institute of Certified Public Accountants (2014). The importance of internal control in financial
reporting and safeguarding plan assets. Retrieved from:
https://www.aicpa.org/content/dam/aicpa/interestareas/employeebenefitplanauditquality/resource
s/planadvisories/downloadabledocuments/plan-advisoryinternalcontrol-hires.pdf
● Barone, Adam (2020, September 23). “Risk Profile” Retrieved from:
https://www.investopedia.com/terms/r/risk-profile.asp#:~:text=Key%20Takeaways-
,A%20risk%20profile%20is%20an%20evaluation%20of%20an%20individual's
%20willingness,mitigate%20potential%20risks%20and%20threats.
● Chorafas, D.N. (2015). The Contribution of External Auditors to the Internal Control System. Palgrave
Macmillan, London.
● Finance and Accounting University of Florida (2020, July 31). “TYPES OF INTERNAL CONTROL”.
Retrieved from: https://www.fa.ufl.edu/directives/types-of-internal-controls/
● FOUNTAIN, L. (2012). Manager’s Responsibility for Internal Control. 2.
● International Federation of Accountants (2012). Evaluating and Improving Internal Control in
Organizations.
● Kenton, W. (2020, July 28). Investopedia. Retrieved from
https://www.investopedia.com/terms/i/internalcontrols.asp
● Len Jui, C. M. (2013). Roles and Importance of Professional Accountants in Business. China Accounting
Journal.
● Professional Accountants in Business Committee (2005). The Roles and Domain of Professional
Accountants. 1.
● VUMC. (n.d.). Who is responsible for internal controls. Office of internal audit.
● Washington, U. O. (2018). Internal Controls. Financial Reporting.