overview internal control standards for the philippine ...gacpa.com.ph/files/pdf/ms...
TRANSCRIPT
2Internal Auditing Research and Development Committee (IARDC)
Session Overview
• Philippine Internal Control Framework
for Public Sector
• Importance of Internal Control
• Definition and/or concepts of Internal
Controls
• Components, Principles and Principle
Foci
4Internal Auditing Research and Development Committee (IARDC)
Concept of Control
With Controls Without Controls
Adopted from CICA Seminar
6Internal Auditing Research and Development Committee (IARDC)
Importance of Internal Control
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Internal
Control
ICS Concepts 8
Consequences of Poor
Internal Controls
• Errors in
financial and
other forms of
information
ICS Concepts 9
Consequences of Poor
Internal Controls
• Inaccurate financial information
normally leads to poor decision-
making
ICS Concepts 10
Consequences of Poor
Internal Controls
• Irregularities, waste and fraudulent
transactions cannot be readily
detected
ICS Concepts 11
Consequences of Poor
Internal Controls
• Programs/projects do not address
the needs, demands and priorities
It shall be the direct
responsibility of the agency
head to install, implement,
and monitor a sound system
of internal control
Section
124
of
PD No.
1445
to determine whether or not
the fiscal responsibility that
rests directly with the head of
the government agency has
been properly and effectively
discharged
Section
25
of
PD No.
1445
An evaluation shall be made of
the system of internal control
and related administrative
practices to determine the extent
they can be relied upon to
ensure compliance with laws
and regulations and to provide
for efficient, economical and
effective operations
Section
55
of
PD No.
1445
However, if the internal control system of the audited agencies is inadequate, the Commission may adopt such measures, including temporary or special pre-audit, as are necessary and appropriate to correct the deficiencies
Section
2,
Article IX-D
of
the
1987
Constitution
17Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Section 2(2), Article IX-D of the 1987 Constitution
Commission on Audit (COA) has the exclusive authority to promulgate auditing rules and regulations
18Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Items 3 and 4 of Section
25, Chapter 2 of
Presidential Decree No.
1445
Mandates the Commission on Audit to institute control measures and promulgate auditing rules and regulations
19Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Section 4 of Republic Act No. 3456, or the Internal
Auditing Act of 1962 as
amended by RA 4177
The Auditor General shall be responsible for the promulgation and enforcement of general policies, rules and regulations on internal auditing; and shall also develop for execution, working plans and training programs to maintain continuously the effectiveness of these internal audit services
Goal F:
To Empower and Enable
Government Agencies
Objective 1:
Strengthening of Internal
Control System and Effective
Functioning of Internal Audit
Services
COA
Strategic
Plan 2016-
2022
21Internal Auditing Research and Development Committee (IARDC)
The Internal Auditing Research and Development Committee (IARDC) was created pursuant to COA Office Order No. 2016-301 dated April 13, 2016
Tasked to develop the Internal Control Framework and the Philippine Internal Auditing Standards.
IARDC
23Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
24Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
27Internal Auditing Research and Development Committee (IARDC)
Internal Control as defined
in Internal Controls
Standards for the
Philippine Public Sector
(ICSPPS)
28Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
29Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Definition of Internal Control
Internal Control is an integral process that is effected by an agency’smanagement and personnel, and is designed to address risks andprovide reasonable assurance that in pursuit of the agency’s mission,the general objectives are being achieved.
30Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
- series of actions that permeate
an agency's daily activities.
- These actions occur throughout
an agency’s operations on an
ongoing basis.
- They are pervasive and inherent in the way
management runs the organization.
An integral process
31Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
People are what make
internal control work.
It is effected by people who
must know their roles,
responsibilities, and limits of
authority.
It is accomplished by
agency management
and other personnel.
Effected by people
32Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Who are the parties
involved and what are
their responsibilities in
maintaining effective
internal controls?
5/26/2018 33
PERSONS RESPONSIBLE for Internal Control
☺ Management
☺ Board of Directors
☺ Internal Auditor
☺ Other Personnel
☺ External auditors
34Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Whatever the agency’s mission may be, its achievement will face all kinds of risks.
To identify and respond to the risks in order to maximize the likelihood of achieving the agency’s mission.
To address risks
35Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
- Internal control cannot provide absolute assurance regarding the achievement of the general objectives.
- Reflects the notion that uncertainty and risks relate to the future, which no one can predict with certainty.
To provide reasonable assurance
36Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
The agency’s
“reason for being.”
The public sector is
generally concerned with
the delivery of a service
and a beneficial outcome
in the public interest.
In pursuit of the agency’s mission
37Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Internal control is geared to the achievement of a separate but
interrelated series of general objectives of an agency
Achievement of objectives
38Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Philippine Internal Control Framework
- designed to guide government agencies
- in developing and maintaining
- a comprehensive internal control system
39Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Philippine Internal Control Framework
41Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Objectives of Internal Controls
42Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
OPERATIONS OBJECTIVES
executing orderly,
economical, efficient,
effective and ethical,
operations
43Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
REPORTING OBJECTIVES
Encompass developing, maintaining, and making available reliable and relevant financial and non-financial information, and by means of a fair disclosure of that information in timely reports, to internal as well as external stakeholders, or other terms as set forth by regulators, recognized standard setters, or the agency’s policies.
44Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
COMPLIANCE OBJECTIVES
Deal with agency’s adherence to laws, regulations, contracts, managerial policies, and management directives.
45Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
SAFEGUARDING OF ASSETS
Safeguarding resources against
loss, misuse, and damage
due to waste, abuse,
mismanagement, error, fraud
and irregularities
5/26/2018 47
Components of Internal Control
COMPONENTS PRINCIPLES PRINCIPAL FOCI
Control Environment 5 18
Risk Assessment 3 8
Control Activities 3 8
Information and Communication 3 9
Monitoring 2 4
16 47
5/26/2018 48
Components of Internal ControlCOMPONENTS PRINCIPLES
CONTROL ENVIRONMENT
1. Management demonstrates personal and professional integrity and
ethical values; 2. Management sets the “tone at the top”; 3. Management establishes an appropriate government
organizational structure; 4. Management exhibits commitment to competence; and 5. Management establishes human resource policies and practices.
RISK ASSESSMENT
6. Management identifies and defines objectives and risk tolerance in
specific and measurable terms; 7. Management identifies, evaluates, and assesses agency’s risks;
and 8. Management determines appropriate response to the identified,
evaluated, and assessed agency’s risks.
CONTROL ACTIVITIES
9. Management designs control activities which are appropriate,
consistently functioning according to plan throughout the period, cost-effective, comprehensive, reasonable, and directly related to the control objectives.
10. Management develops control activities which include a range of diverse policies and procedures; and
11. Management develops effective information technology control activities.
INFORMATION AND COMMUNICATION
12. Management develops and maintains reliable and relevant financial
and non-financial information; 13. Management communicates information throughout the agency;
and 14. Management communicates information with external parties.
MONITORING
15. Management establishes and operates activities to monitor the
internal control system, and evaluates the results; and 16. Management takes appropriate actions on the findings and
recommendations of audit and other reviews.
5/26/2018 50
CONTROL ENVIRONMENT
sets the tone of an organization
and is the foundation for all other
components of internal control,
providing discipline and structure
52
Principles of Control Environment
1. The management demonstrates personal and
professional integrity and ethical values.
2. Management sets the “tone at the top.”
3. Management establishes an appropriate government
organizational structure.
4. Management and staff exhibit commitment to
competence.
5. Management establishes human resource policies and
practices.
Risk Assessment
Risk – The possibility that an event will occur and adversely affect the achievement of objectives.
▪ Stages:✓ Risk identification✓ Risk analysis✓ Risk response
55
Principles of Risk Assessments
6. Management identifies and defines objectives
and risk tolerance in specific and measurable
terms.
7. Management identifies, evaluates, and
assesses agency’s risks.
8. Management determines appropriate
response to the identified, evaluated, and
assessed agency’s risks.
Control Activities
X Company
• Policies
• Regulations
• Procedures
…that help ensure that management’s directives and control
objectives are carried out
58
Principles of Control Activities
9. Management designs control activities which are
appropriate, consistently functioning according to
plan throughout the period, cost effective,
comprehensive, reasonable, and directly related to
the control objectives.
10. Management develops control activities which
include a range of diverse policies and procedures.
11. Management develops effective information
technology control activities.
5/26/2018 60
INFORMATION AND COMMUNICATION
• This component spans across all the other components of internal controls.
• These two elements arerelated where informationmust be communicated upand down through the agencyin a manner and time framethat allow people to carry outtheir various responsibilities.
ICS Concepts 61
Principles of Information and
Communication
12. Management develops and maintains reliable
and relevant financial and non-financial information.
13. Management communicates information
throughout the agency.
14. Management communicates information with
external parties.
5/26/201863
Monitoring
• is the process of assessing thequality of the system’s performanceover time in order to help ensure thatinternal control continues to beapplied at all levels and across theagency, and that internal controlachieves the desired results
• is a function of the internal audit unitof the agency
ICS Concepts 64
Principles of Monitoring
15. Management establishes and operates activities
to monitor the internal control system, and
evaluates the results.
16. Management takes appropriate actions on
findings and recommendations of audits and other
reviews.
65Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Five Components and related Principles
It is the foundation for all the other components
of internal control, providing discipline and
structure.
the process of identifying and analyzing relevant
risks to the achievement of the agency’s
objectives .
the policies and procedures established to
address risks and to achieve the agency’s
objectives
effective processes and systems that identify,
capture and report information
the process that assesses the quality of the
internal control system’s performance over time
67
Organizational Units where IC
Operate
Objectives may be set for the:
• government agency as a whole
• specific divisions/office
• operating units and
• functions within the agency
68Internal Auditing Research and Development Committee (IARDC)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
Relationship among the general objectives, components and levels
of agency structure
agency strives to achieve
Needed to achievethe components of
internal control operates
ICS Concepts 69
Limitations of
Internal Controls
• Internal control
must be attained
at reasonable
cost.
ICS Concepts 70
Limitations of
Internal Controls
• Good internal control
methods and measures
are not foolproof. They
are vulnerable to
collusion.
ICS Concepts 71
Limitations of
Internal Controls
• Strong internal controls
are still subject to
human fallibility, such
as negligence, errors of
judgment and lack of
complete
understanding.
• The internal control effective when all
components and the principles are
present, functioning and operating
together.
IC is effective when ---
5/26/2018 74
What Internal Control Can Do
• can help an entity achieve its performance and
targets
• can help ensure reliable financial and non-
financial reporting.
• can help ensure that the agency complies with
laws and regulations, avoiding damage to its
reputation and other consequences,
• prevent loss of resources.
5/26/2018 75
What Internal Control Can Do
In sum -
it can help an entity get to where it wants to
go, and avoid pitfalls and surprises along the
way.
76Internal Auditing Research and Development Committee (IARDC)
Internal Control
Standards for the
Philippine Public
Sector (ICSPPS)
CP Resolution 2018-007 February 1, 2018