INTERNAL CONTROL

Limitations

Human Factor- if internal control is not

computerized (prone to human error)
Resource Constraints
Organizational Changes and
Management Attitude

Factors relevant to the Auditors Judgment

Materiality
Significance of the related risks
Size of the Agency
Applicable legal and regulatory
requirements
Whether and how a specific control
individually or in combination with
others prevents or detects and
corrects material misstatement.

CONTROLS:

PREVENTIVE- PREAUDIT
DETECTIVE
CORRECTIVE

Identifying risk with great impact on

the agency.

Documents are needed to support their

process

Information and Communication

Control Activities
Typical Control Activities:
Controls
Account
Reconciliatio
ns

IT
Application
Controls

Control Environment
(consider integrity, ethical values and
behavior if top management)

Sets the tone of the entity influencing

the control consciousness of the
people
Foundation for all other component of
internal control
Provides discipline and structure
(e.i. LCE, BOD)
Designation of personnel
Qualification and Competence

Risk Assessment
(The management should have identified
their own risk before the auditors)
Identify, Analyze and Manage Entity and
Process level risks

Segregation
of duties
Authorizatio
n Controls
Physical
Controls

Description
Preparing
and revietal
owing
account
recon. On a
timely basis
and taking
any
necessary
corrective
actions.
These
controls are
programmed
into IT
applications
such as
sales or
purchases.
They include
fully
automated
and partially
automated
controls.

Examples
Recon of
bank
accounts,
sale
transactions,
intercompan
y balance,
suspense
account. Etc.

Checking the
arithmetical
accuracy of
records,
pricing of
invoices,
edit checks
of input
date,
numerical
sequence
checks and
production.

PROCESS DEFINITION
Group of Activities Logically interconnected
that use the resources of an agency to
deliver a product or services.

4. Transferring transactions to the

general ledger
5. Reporting in the financial
statements
Walkthrough:

Criteria: (management requirement)

Definability identifying the flow or

process and the output
Order- Proper procedures and order
(time and space)
Customer- there must be a recipient
of the process
Value adding- value in recipient.
Embeddedness- process should be
embodied in the organizational
structure
Cross Functionality-

A. UNDERSTAND THE PROCESS FLOW

1. identify the critical path of the
processes
narrative or flowchart
conduct walkthrough
Determine relevant processes
1. Initiating
2. Recording
3. Processing correcting as
necessary e.i. use of officer to
documents prepared

1. Gather Process Informations

Inquiry:
a. Input-Output
b. Trace of documents
c. Confirming if the process is being
followed (identifying the critical path)
2. Interview the process owner
What to ask:
Prepare interview questions and the
right persons to be consulted.
3. Create or update Process Map if
not updated, we have to update.
Flowchart narrative
Formulate PRC template
2. IDENTIFY PROCESS RISKS
3. DETERMINE THE IMPACT
4. IDENTIFY EXISTING CONTROLS
(CONTROL ACTIVITIES)