WEEK 9

RICARDO | RUIZ
8:30 – 10:30 AM MWF
INTERNAL CONTROL
ISSUES
 CONTENT
1.Defining Internal Control 6.Control Mechanisms
2.Control Framework – COSO 7.Importance of Procedures
3.Control Framework – COCO 8.Integrating Controls
4.Other Control Models 9.The Fallacy of Perfection
5.Links to Risk Management 10.Internal Control Awareness
DEFINING INTERNAL CONTROL
• Set of policies and procedures which management
has the responsibility of implementing and
maintaining.
• OBJECTIVE: To provide reasonable assurance that
business’ goals are achieved.
• AIM: To detect and prevent misstatements which
many arise from fraud and error.
CONTROL FRAMEWORK – COSO
• COSO defines IC as a process, effected by an entity’s
BOD, management, and other personnel, that is
designed to provide reasonable assurance regarding
the achievements of objectives in the following
categories:
1. Effectiveness and efficiency of operations;
2. Reliability of financial reporting; and
3. Compliance with applicable laws and regulations.
CONTROL FRAMEWORK – COCO
• COCO describes IC as actions that foster the best
result for an organization.
• COCO indicates that control comprises: “Those
elements of an organization (including its resources,
systems, processes, culture, structure, and tasks) that,
taken together; support people in the achievement of
the organization’s objectives.
OTHER CONTROL MODELS
• COBIT – Control objectives for information and related
technology. It covers security and control for IT systems
in support of business processes and is designed for
management, users, and auditors.
LINKS TO RISK MANAGEMENT
CONTROL MECHANISMS
• Are all those arrangements and procedures in place
to ensure the business objectives may be met. They
consist of individual mechanisms used by people and
processes throughout the organization.
• Another way is to break them into:
1. Directive 3. Detective
2. Preventive 4. Corrective
IMPORTANCE OF PROCEDURES

1. Development 6. Appraisal
2. Induction 7. Discipline
3. The Training Manual 8. The Review Process
4. Outline 9. Compliance
5. Training
INTEGRATING CONTROLS
1. Performance
2. Communication
3. Policy Competence and Training
THE FALLACY OF PERFECTION
1. Controls tend to cost money and slow an organization
down.
2. Controls are needed to help manage risk to an
organization’s business.
3. Controls cannot guarantee success.
4. Control is effected through people and dependent on the
way they behave and relate to each other.
5. Even the best managed organization can fail.
INTERNAL CONTROL AWARENESS
• Staff awareness training is one way of getting the
message across the organization, and is often
missed out of the CRSA exercises that are now
becoming popular.