THE

INTERNAL CONTROL SYSTEM

GROUP III

Lague, Rod Lover P.

Macasaet, Kent Paul Walter N.
Oliverio, Caroline L.
Palma, Gabriel Roy M.
Recla, Sephia Rhonymae E.
 Internal Control
System

Presentation
Outline
Sarbanes-Oxley
Act Section 404

Report Coverage

COSO Integrated
Framework
INTERNAL
CONTROL
SYSTEM
 PRINCIPLES OF INTERNAL CONTROL BY
ALAN TRENERRY
A system of controls and checks instituted by the various
levels of management that are independent and
interdependent and are integrated into the financial and
non-financial activities and operations of a business to ensure
What is that the business operations are conducted efficiently and
effectively and operating results for all aspects of the
business are reliably reported to ensure management
Internal decision-making is well based and that all relevant laws and
regulations are complied with.

Control? INTEGRATED FRAMEWORK (2013)

A process, effected by an entity’s board of directors,
management, and other personnel, designed to provide
reasonable assurance regarding the achievement of
objectives relating to operations, reporting, and compliance.

Internal Control System | 3

 A PROCESS
CONSISTING OF
ONGOING TASKS
AND ACTIVITIES

GEARED TO THE
ACHIEVEMENT OF
OBJECTIVES IN
ONE OR MORE
CATEGORIES Internal
Control
EFFECTED
BY PEOPLE

Fundamental Concepts
ADAPTABLE TO
THE ENTITY
STRUCTURE ABLE TO PROVIDE
REASONABLE
ASSURANCE

Internal Control System | 4

 Assist companies in
achieving their objectives

Ensure compliance and

support daily operations

Maintain the integrity

of financial

Why is data/transactions

Internal
Control Safeguard company
assets
Important?
Internal Control System | 5
SARBANES-
OXLEY ACT
 SPEARHEADED BY SENATOR PAUL
SARBANES AND REPRESENTATIVE

What is MICHAEL OXLEY

A set of laws enacted in 2002 to protect investors from

Sarbanes
fraudulent accounting activities by making corporate
disclosures more reliable and accurate

-Oxley EMPHASIZES THE NEED FOR EFFECTIVE

INTERNAL CONTROL
Act? Enacted primarily due to a series of accounting scandals that
were occurring in the early 2000s

Internal Control System | 7

 I. PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD (PCAOB)

II. AUDITOR INDEPENDENCE

III. CORPORATE RESPONSIBILITY

IV. ENHANCED FINANCIAL DISCLOSURES

The SOX Act consists of eleven

V. CORPORATE FRAUD ANALYST CONFLICTS OF INTEREST
sections. Of these sections,
404 - Management VI. COMMISSION RESOURCES AND AUTHORITY

Assessment of Internal VII. STUDIES AND REPORTS

Controls of Enhanced
VIII. CORPORATE AND CRIMINAL FRAUD ACCOUNTABILITY
Financial Disclosures is
considered the most complex IX. WHITE COLLAR CRIME PENALTY ENHANCEMENT

and most onerous.

X. CORPORATE TAX RETURNS

XI. CORPORATE FRAUD ACCOUNTABILITY

Internal Control System | 8

 Rules Required
All annual financial reports must include an Internal Control
Report stating that management is responsible for an "adequate"
01

Specifications
internal control structure, and an assessment by management of
the effectiveness of the control structure. Any shortcomings in
these controls must also be reported.

Section Internal Control Evaluation and Reporting

404 02 Registered external auditors must attest to the accuracy of the

company management assertion that internal accounting
controls are in place, operational and effective.

Management
Assessment of
Internal Control Exemptions Realizing the cost of auditing is too much for some companies, the SEC
does not require non-accelerated filers or companies with less than USD
75 million in public float [i.e., the portion of shares held by public
investors] to comply with section 404. The exemption also
encompasses Emerging Growth Companies (EGCs) for up to a five year
period.

Internal Control System | 9

 COSO
INTEGRATED
FRAMEWORK
 COMMITTEE OF SPONSORING
ORGANIZATIONS OF THE TREADWAY
COMMISSION
a voluntary private-sector organization dedicated to

What is improving the quality of financial reporting through

business ethics, effective internal controls and corporate
governance.

COSO?
Representatives
American
American Financial Institute of Institute of
Institute of
Accounting Executives Management Internal
Certified Public
Association International Accountants Auditors
Accountants

Internal Control System | 11

 BE FREE FROM BIAS

PERMIT REASONABLY
CONSISTENT
QUALITATIVE AND
QUANTITATIVE
What makes MEASUREMENTS OF A
COMPANY’S INTERNAL
CONTROL
The SEC points out in
its rules that the COSO
a Framework
Internal Control-
Integrated Framework suitable? SUFFICIENTLY
COMPLETE

satisfies these
requirements.
RELEVANT TO AN
EVALUATION OF INTERNAL
CONTROL OVER
FINANCIAL REPORTING

Internal Control System | I2

 A means to apply internal controls to any type of entity

A principles-based approach that provides flexibility and allows

for judgment
What does the
Framework
Requirements for an effective system of internal control

provide? An opportunity to expand the application of internal control

beyond financial reporting

FOR MANAGEMENT AND
BOARD OF DIRECTORS An opportunity to eliminate ineffective, redundant, or inefficient

controls

Internal Control System | 13

 Greater confidence in the board of directors’ oversight of
internal control systems

Greater confidence regarding the achievement of entity

What does the

objectives

Greater confidence in the organization’s ability to identify,

Framework analyze, and respond to risk and changes in the business and
operating environments
provide? Greater understanding of the requirement of an effective system
FOR EXTERNAL of internal control
STAKEHOLDERS AND
OTHERS THAT INTERACT Greater understanding that through the use of judgment,
WITH THE ENTITY
management may be able to eliminate ineffective, redundant, or
inefficient controls

Internal Control System | 14

 The Framework enables organizations to effectively and efficiently
develop systems of internal control that adapt to changing business
and operating environments, mitigate risks to acceptable levels, and
support sound decision-making and governance of the organization.

Categories of Objectives
COSO's
OPERATIONS
Are the controls that your organization has put into place been
properly designed and are they operating effectively?

Internal Control- What an

Integrated entity strives REPORTING
to achieve ? Are your reports reliable, timely, and transparent?
Framework What reports do your clients rely upon?

COMPLIANCE
Which laws and regulations apply to you?

Internal Control System | 15

 Objectives
OPERATIONS REPORTING COMPLIANCE

These pertain to These pertain to These pertain to

effectiveness and internal and external adherence to laws and
efficiency of the entity’s financial and non- regulations to which the
operations, including financial reporting entity is subject.
operational and and may encompass
financial performance reliability, timeliness,
goals, and safeguarding transparency, or other
assets against loss. terms as set forth by
regulators, recognized
standard setters, or
the entity’s policies.

Internal Control System | 16

 CONTROL ENVIRONMENT
Set of standards, processes, and structures that provide the
basis for carrying out internal control across the organization.

RISK ASSESSMENT
This component is the entity’s identification and analysis of
relevant risks to the achievement of its objectives, forming a
basis for determining how the risks should be managed.

What is required CONTROL ACTIVITIES

Includes the policies and procedures that help

to achieve the ensure management directives are carried out.

objectives? INFORMATION AND COMMUNICATION

Consists of processes and systems that support the
identification, capture, and exchange of information in a form
and time frame that enable people to carry out their
responsibilities.

MONITORING ACTIVITIES
Consists of the processes that assess the quality
of internal control performance over time.

Components of an Internal Control System

Internal Control System | 17

 A direct relationship exists between
objectives, which are what an entity
strives to achieve, and components,
which represent what is required to
achieve the objectives, and the
organizational structure of the entity
(the operating units, legal entities, and
other).

Internal Control System | 18

COSO
1. Control Envrionment
Integrated 2. Risk Assessment
3. Control Activities
Framework 4. Information&Communication
5. Monitoring Activities
Components and
Principles

Internal Control System | 19

Components and
Principles
Control Environment
1. Demonstrates a commitment to
integrity and ethical values
2. Ensure that the board exercises
oversight responsibility
3. Establishes reporting lines, and
appropriate authorities and
responsibilities
4. Demonstrate a commitment to a
competent workforce
5. Holds individuals accountable
Internal Control System | 20
Components and
Principles
Risk Assessment

1. Specifies (appropriate) objectives

2. Identifies and analyzes risks
3. Evaluates fraud risks
4. Identifies and assesses changes that
could significantly impact the system of
internal control

Internal Control System | 21

Components and
Principles
Control Activities

1. Selects and develops control activities

that contribute to the mitigation of risks
2. Selects and develops general control
activities over technology
3. Deploys control activities through
policies and procedures

Internal Control System | 22

Components and
Principles
Information and
Communication

1. Uses relevant, quality information to

support the functioning of internal
control
2. Internally communicates
3. Communicates with external parties

Internal Control System | 23

Components and
Principles
Monitoring Activites

1. Performs ongoing and/or separate

evaluations
2. Communicates internal control
deficiencies

Internal Control System | 24

COSO Integrated
Framework
Limitations
Suitability of objectives
Human judgment can be faulty and
subject to bias
Human failures
Management override
Circumvent controls through collusion
External events

Internal Control System | 25

 COSO Integrated Framework
Requirements of an Effective Internal Control System

AN EFFECTIVE THERE IS A REASONABLE

INTERNAL CONTROL REQUIREMENTS: ASSURANCE THAT THE
SYSTEM: ORGANIZATION:

Provides reasonable Each of the five Achieves effective and efficient

assurance regarding components and operations
achievement of an relevant principles is Understands the extent to which
entity’s objectives present and functioning operations are managed effectively
Reduces the risk of not The five components and efficiently
achieving an entity operate together in an Prepares reports in conformity with
objective and may integrated manner applicable rules, regulations, and
relate to one, two, or all standards or with the entity’s
three categories of specified reporting objectives
objectives Complies with applicable laws, rules,
regulations, and external standards

The Framework requires judgment in designing, implementing, and

conducting internal control and assessing its effectiveness. Internal Control System | 26
 USING THE INTERNAL CONTROL -
INTEGRATED FRAMEWORK
THE BOARD OF SENIOR OTHER INTERNAL
DIRECTORS MANAGEMENT MANAGEMENT AUDITORS
AND PERSONNEL

The board should Senior management Managers and other Review in detail the
discuss with senior should assess the personnel should changes made to this
management the entity’s system of review the changes version and consider
state of the entity’s internal control in made to this version possible implications
system of internal relation to the and assess of those changes on
control and provide Framework, focusing on implications of those audit plans,
oversight as needed. how the organization changes on the evaluations, and any
applies the seventeen entity’s system of reporting
principles in support of internal control.
the components of
internal control.

Internal Control System | 27

 USING THE INTERNAL CONTROL -
INTEGRATED FRAMEWORK

INDEPENDENT OTHER
AUDITORS PROFESSIONAL EDUCATORS
ORGANIZATIONS

Assess the entity’s system of Other professional Find their way into
internal control in relation to organizations providing university curricula
the Framework, focusing on guidance on operations,
how the organization has reporting, and compliance
selected, developed, and may consider their standards
deployed controls that affect and guidance in comparison
the principles within the to the Framework.
components of internal
control

Internal Control System | 28

END OF PRESENTATION
Thank you for listening!

Internal Control System | 29

BIBLIOGRAPHY
COSO. (2013, June). Internal Control - Integrated Framework: Executive Summary.
The Institute of Internal Auditors. [Link]
guidance/topics/documents/executive_summary.pdf
SARBANES-OXLEY SECTION 404. (2002). PwC: Audit and assurance, consulting and
tax services.[Link]
sarbanes_oxley_section_404-[Link]
SARBANES-OXLEY ACT OF 2002. (2020).
[Link]
Security, W. (2020, August 25). What are the sox 404 requirements? Retrieved from
[Link]
Trenerry, A. (1998). Principles of internal control. Sydney, NSW: UNSW Press.

Internal Control System | 30

 QUESTIONS
1. This is defined as a process designed to provide reasonable assurance regarding the achievement
of objectives relating to operations, reporting, and compliance.
2. Give at least three components of internal control.
3. What does COSO stand for?
4. What section of the Sarbanes-Oxley Act of 2002 is considered as “the most complex and most
onerous”?
5. What does an effective internal control system provide?
 QUESTIONS
6. Which objective pertains to the adherence to laws and regulations to which the entity is subject?

7. Name two users of the integrated framework.

8. How many organizations sponsor and compose COSO?

9. What kind of relationship exists between the objectives?

10. There are how many principles set out by the Framework?