COMPONENTS OF INTERNAL CONTROLS

Although internal control policies and procedures vary significantly from one entity to another,
there are essential components of internal control that must be established to provide reasonable
assurance that the entitys objective will be achieved. These elements should always be taken
into consideration in the preparation of the policies and procedures. There are five interrelated
components of the entitys internal control, namely: Control environment, Risk assessment,
Information and communication systems, Control activities and Monitoring.
Control environment is primarily concerned with the attitudes, knowledge and actions of the
management and those charged with governance about the entitys internal control. It includes
the governance and management functions and it sets the tone of the organization that influences
the control consciousness of its people. Effective internal control relies on it.
Factors reflected in the control environment include integrity and ethical values that
management should establish to discourage employees in engaging in a dishonest, unethical or
illegal act. Other factors are the management philosophy and operating style, active participation
of those charged with governance and entitys commitment to competence. Another factor is
having a personal policy and procedures, the entity must implement appropriate policies for
hiring, training, evaluating, promoting and compensating entitys personnel because the
competence of the employees will bear directly on the effectiveness of the entitys internal
control. The last factor is having an organizational structure and the assignment of responsibility
and authority of the entitys employees. Appropriate methods of assigning responsibility must be
implemented to avoid incompatible functions and to minimize the possibility of errors because of
too much work load assigned to an entitys employees. All of these factors can help the
management in keeping the fairness and accurateness of financial statements.
Risk assessment is the process where we identify hazards, analyze or evaluate the risk
associated with that hazard and determine appropriate ways to eliminate or control the hazard.
Every business objectives cannot be achieved without some risk. Business risk is the risk that the
entitys business objectives will not be attained as a result of internal and external factors. Risk
assessments are very important as they form an integral part of giving the most critical a more
control. They help to create awareness of hazards and risks, identify who may be at risk and
determine if existing control measures are adequate or if more should be done. It also helps in
preventing injuries or illnesses when done at the design or planning stage and prioritizes hazards
and control measures. Assessments should be done by a competent team of individuals who have
a good working knowledge of the workplace.
Information and communication are essential to effecting control; information about an
organization's plans, control environment, risks, control activities, and performance must be
communicated up, down, and across an organization. Reliable and relevant information from
both internal and external sources must be identified, captured, processed, and communicated to
the people who need it - in a form and timeframe that is useful. Information systems produce
reports containing operational, financial, and compliance-related information that make it
possible to run and control an organization.
Control Inputs
Control over the inputs are designed to provide reasonable assurance that the data
submitted for processing are complete, properly authorize and accurately translated into machine
readable form. The authorization codes as mentioned in the above diagram are also implied in
this section. This includes key verification, field check, and validity check, self-checking digit
and limit check control. Key verification requires data to be entered twice to provide assurance
that there are no key entry errors committed. Field check ensures input data agree with the
required field format. For example, all SSS number must contain ten digits. An input of an
employees number with more or less than 10 digits will be rejected by the computer. Validity
check, on the other hand, compares valid information in the master file to determine the
authenticity of the input. For example, the employees master file may contain two valid codes to
indicate the employees gender 1 for male and 2 for female. A code of 3 is considered
invalid and will be rejected by the computer. Self-checking digit is a mathematically calculated
digit which is usually added to a document number to detect common transposition errors in data
submitted for processing. Limited check or reasonable check is designed to ensure that data
submitted for processing do not exceed a pre-determined limit or a reasonable amount. Finally,
control totals are those computed on the data submitted for processing. Control totals ensure that
completeness of data before and after they are processed these controls include financial totals,
hash totals and record counts.
Controls over Processing
Processing controls are designed to provide reasonable assurance that input data are
processed accurately, and that data are not lost, added, excluded, duplicated or improperly
changed. The Information Systems ensures that the system adopted by the institution is
accurately working and free from possible malversations and unauthorized access.
Controls over Output
Controls are designed to prove reasonable assurance that the results of processing are
complete, accurate and that these output are distributed only to authorize personnel. Financial
information on the other hand, is only reserve for those entitled and confidential matters are kept
in utmost restriction.
Independent Verification
Calculations and summations are checked in source documents, and reports. The records
posted by one person shall be verified by another person. A surprise independent balancing must
be announced by the accounting manager and be immediately conducted upon announcement.
All discrepancies must be investigated and must be identified not longer than a month
from the reconciliation date.
Number Control
The Number Control is the use of pre assigned numbers in certain documents to
ensure the integrity and completeness of transactions and also to serve as reference when
recording .The numbers are usually pre-printed on the form. The number control shall be used
for vouchers, promissory note, official receipts, checks, stock certificates and other important
records of the entity. Issuance must always be in accordance with the numerical sequence.
Personnel
Only those persons who are highly qualified and experienced are employed to undertake
necessary duties and responsibilities this is to ensure efficiency and effectiveness and also to
prevent issues of malpractice. The teachers must be professionals. The Human Resources
department is responsible for hiring these professionals. They must ensure that those whom they
hire are highly qualified. The entity also restricted them to hire individual who is their relative or
close friend without informing the management. The particular department conducts a series of
examination before formally signing contracts with such people. Examination also includes a
background check to ensure that such people are of good moral character & without any civil
liability. But the janitors, clerks, and others that are only in- charge of maintenance activities
need not be duly registered with the appropriate agencies. Hired individuals are expected to
execute their duties effectively and efficiently or else proper reprimand and corrective actions
will be imposed if material mistake will disrupt the operation of the entity.
Monitoring
The process of systematically observing, tracking, and recording activities or data for the
purpose of measuring program or project implementation and its progress towards achieving
objectives. It is the process of assessing the internal control performance over time. It involves
assessing the design and operation of controls on a timely basis and taking necessary corrective
actions.
Control activities are the specific policies and procedures management uses to achieve its
objectives. The most important control activities involve segregation of duties, proper
authorization of transactions and activities, adequate documents and records, physical control
over assets and records, and independent checks on performance.
TYPES OF INTERNAL CONTROL
Segregation of duties requires that different individuals be assigned responsibility for
different elements of related activities, particularly those involving authorization,
custody, or recordkeeping. It is intended to reduce the opportunities to allow any person
to be in a position to both perpetrate and conceal errors or fraud in the normal course of
the persons duties. For example, the same person who is responsible for an asset's
recordkeeping should not be responsible for physical control of that asset having different
individuals perform these functions creates a system of checks and balances. Here are
some further descriptions of what the entity has implement in order to achieve
segregation of duties: As mention earlier different functions are divided between
employees and departments to minimize the risk of undetected error from one person or
department. No individual have the complete authority and responsibility for handling all
phases of any transaction from beginning to end, checking and verification from someone
in the same department or in another unit is necessary.
Transaction Authorization helps ensure that all company activities adhere to
established guide lines unless responsible managers authorize another course of action.

Adequate documents and records provide evidence that financial statements are
accurate. Controls designed to ensure adequate recordkeeping include the creation of
invoices and other documents that are easy to use and sufficiently informative; the use of
pre-numbered, consecutive documents; and the timely preparation of documents.

Physical control over assets and records helps protect the company's assets. These
control activities may include electronic or mechanical controls (such as a safe, employee
ID cards, fences, cash registers, fireproof files, and locks) or computer-related controls
dealing with access privileges or established backup and recovery procedures. These
activities encompass the physical security of assets, including adequate safeguards such
as secured facilities over access to assets and records and periodic counting and
comparison with amounts shown on control records.
Independent checks on performances, which are carried out by employees who did not
do the work being checked, help ensure the reliability of accounting information and the
efficiency of operations.
Access Control. Monitoring the individuals or departments who may interact or access
specific resources and information of the entity. Access Controls pertains to the
precautionary measure being observe to validate the identity of the person who is trying
to access the assets of the organization. This measure is very vital in the safeguarding of
the assets of the entity to prevent mishaps such as asset misappropriation, damage, theft
and the likes.
Dual Control pertains to the course of action wherein the task of one personnel is
checked and verified by another to ensure the validity of the transaction and that proper
procedure has been observed.
Joint Custody relates to the safekeeping of the entitys assets and documents under the
care of two reliable people. Under this control, neither of the two will be able to access
such asset and document without the other knowing it.