Chapter 13: Overview of Internal Control

NATURE AND PURPOSE OF INTERNAL CONTROL

Internal control is the process designed and effected by those charged with governance.
management and other personnel to provide reasonable assurance about the achievement
of the entity's objectives with regard to reliability of financial reporting, effectiveness and
efficiency of operations and compliance with applicable laws and regulations. It follows
that internal control is designed and implemented to address identified business risks that
threaten the achievement of any of these objectives.
Those objectives fall into three categories:

• Reliabilityof the entity’s financial reporting

• Effectiveness and efficiency of operations
• Compliance with applicable laws and regulations

Whether an entity achieves its objectives relating to financial reporting and compliance is
determined by activities within the entity’s control. However, achieving its objectives
relating to operations will depend not only on management's decisions but also on
competitor's actions and other factors outside the entity.
INTERNAL CONTROL SYSTEM DEFINED

Internal control system means all the policies and procedures (internal controls) adopted
by the management of an entity to assist in achieving management's objective of ensuring,
as far as practicable, the orderly and efficient conduct of its business, including adherence
to management policies, the safeguarding of assets, the prevention and detection of fraud
and error, the accuracy and completeness of the accounting records, and the timely
preparation of reliable financial information.
ELEMENTS OF INTERNAL CONTROL

Internal control structures vary significantly from one company to the next. Factors such
as size of the business, nature or operations, the geographical dispersion of its activities,
and objectives of the organization affect the specific control features of an organization.
However, certain elements or features must be present to have a satisfactory system of
control in almost any large-scale organization.
The internal control system extends beyond these matters which relate directly to the
functions of the accounting system and consists of the following components:
a. The control environment.
b. entity’s risk assessment process.
c. The information system, including the related business processes, relevant to financial
reporting, and communication.
d. Control activities.
e. Monitoring of controls.
A. Control Environment
The control environment which means the overall attitude, awareness and actions of
directors and management regarding the internal control system and its importance in the
entity. The control environment has an effect on the effectiveness of the specific control
procedures. A strong control environment, for example, one with tight budgetary controls
and an effective internal audit function, can significantly complement specific control
procedures. However. A strong environment does not, by itself, ensure the effectiveness of
the internal control system. Factors reflected in the control environment include:
• The function of the board of directors and its committees.
• Management’s philosophy and operating style:
• The entity’s organizational structure and methods of assigning authority and responsibility.
• Management’s control system including the internal audit function, personnel policies and
procedures and segregation of duties.
The environment in which internal control operates has an impact on the effectiveness of
the specific control procedures. Several factors comprise the control environment,
including:
Communication and Enforcement of Integrity and Ethical Values
Integrity and ethical values are essential elements of the internal control environment.
They affect the design, administration, and monitoring of other components of internal
control. An entity’s ethical and behavioral standards and the manner in which it
communicates and reinforces them determine the entity’s integrity and ethical behavior.
Integrity and ethical values include management’s actions to remove or reduce incentives
and temptations that might prompt personnel to engage in dishonest, illegal, or unethical
acts. They also include the communication of entity values and behavioral standards to
personnel through policy statements, a code of conduct, and management’s example of
appropriate behavior.
Commitment to Competence
Competence is the knowledge and skills necessary to accomplish tasks that define an
employee’s job. Commitment to competence means that management considers the
competence levels for particular jobs in determining the skills and knowledge required of
each employee and that it hires employees competent to perform the tasks.
Participation by those Charged with Governance
An entity’s control consciousness is influenced significantly by those charged with
governance. Attributes of those charged with governance include independence from
management, their experience and stature, the extent of their involvement and scrutiny of
activities, the appropriateness of their actions, the information they receive, the degree to
which difficult questions are raised and pursued with management, and their interaction
with internal and external auditors. The importance of responsibilities of those charged
with governance is recognized in codes of practice and other regulations or guidance
 produced for the benefit of those charged with governance.
Other responsibilities of those charged with governance include oversight of the design and
effective operation of whistle blower procedures and the process for reviewing the
effectiveness of the entity’s internal control.
1. Management’s Philosophy and Operating Style
This refers to management’s attitude towards (a) business risk, (b) reporting, (c) meeting
budget, profit and other established goals which all have impact on the reliability of the
financial statements. Management’s approach to taking and monitoring business risks, its
conservative or aggressive selection from alternative accounting principles, its
conscientiousness and conservatism in developing accounting estimates, and its attitude
toward information processing and the accounting function and personnel are factors that
affect the control environment.
2. Organizational Structure
The responsibilities and authorities of the various personnel within the organization should
be established in. such a manner as to (1) assist the entity in meeting its goals and objectives
and
(2) ensure that transactions are processed. Recorded, summarized, and reported in an
accurate and timely manner. Organizational structure provides the overall framework for
planning, directing, and Controlling operations.
3. Assignment of Authority and Responsibility
Personnel’ within an organization need to have a clear understanding of their responsibilities
and the rules and regulations that govern their actions. Management may develop job
descriptions, computer system documentation. It may also establish policies regarding
acceptable business practice, conflicts of interest and code of conduct.
4. Human Resources Policies and Procedures
Perhaps the most important element of an internal accounting control system IS the people
who perform and execute the established policies and procedures. Personnel policies
should be adopted by the client to reasonably ensure that only capable and honest persons
are hired and retained. Policies with respect to employee selection, training, and
supervision should be adopted and implemented by the client. The selection of competent
and honest personnel does not automatically assure that errors or irregularities will not
occur. However, adequate personnel policies, coupled with the design concepts suggested
earlier in this section, enhance the likelihood that the client’s policies and procedures will
be followed.
B. Entity’s Risk Assessment Process
Risk assessment is the “identification, analysis, and management of risks pertaining to the
preparation of financial statements”. For example, risk assessment may focus on how the
entity considers the possibility of transactions not being recorded or identifies and assesses
significant estimates recorded in the financial statements.
An entity’s risk assessment process is its process for identifying and responding to business
risks and the results thereof. For financial reporting purposes, the entity’s risk assessment
process includes how management identifies risks relevant to the preparation of financial
statements that are presented fairly, in all material respects in accordance with the entity’s
applicable financial reporting framework, estimates their significance, assesses the
likelihood of their occurrence, and decides upon actions to manage them. For example, the
entity’s risk assessment process may address how the entity considers the possibility of
unrecorded transactions or identifies and analyzes significant estimates recorded in the
financial Statements. Risks relevant to reliable financial reporting also relate to specific
events or transactions.
Risks relevant to financial reporting include external and internal events and circumstances
that may occur and adversely affect an entity’s ability to initiate, record, process, -and
report financial data consistent with the assertions of management in the financial
statements. Once risks are identified, management considers their significance, the
likelihood of their occurrence, and how they should be managed. Management may initiate
plans, programs, or actions to address specific risks, or it may decide to accept a risk
because of cost or other considerations. Risks can arise or change due to circumstances
such as the following:
• Changes in operating environment. Changes in the regulatory or operating environment can
result in changes in competitive pressures and significantly different risks.
• New personnel. New personnel may have a different focus on or understanding of internal
control.
• New or revamped information systems. Significant and rapid changes in information
systems can change the risk relating to internal control.
• Rapid growth. Significant and rapid expansion of operations can strain controls and increase
the
risk of a breakdown in controls.
• New technology. Incorporating new technologies into production processes or information
systems may change the risk associated with internal control.
• New business models, products, or activities. Entering into business areas or transactions
with
which an entity has little experience may introduce new risks associated with internal control.
• Corporate restructurings. Restructurings may be accompanied by staff reductions and
changes in supervision and segregation of duties that may change the risk associated with
internal control.
• Expanded foreign Operations. The expansion or acquisition of foreign operations carries new
and
often unique risks that may affect internal control, for example, additional or changed risks
from foreign currency transactions.
• New accounting pronouncements. Adoption of new accounting principles or changing
accounting principles may affect risks in preparing financial statements.

The basic concepts of the entity’s risk assessment process are relevant to every entity,
regardless of size, but the risk assessment process is likely to be less formal and less
structured in small entities than in larger Ones. All entities should have established
financial reporting objectives, but they may be recognized implicitly rather than explicitly
in small entities. Management may be aware of risks related to these objectives without the
use of a formal process but through direct personal involvement with employees and
outside parties.

Considerations Specific to Smaller Entities

Many small entities are carried out entirely by the engagement partner (who may be a sole
practitioner). In Such situations, it is the engagement partner who’ having personally
conducted the planning of the audit, would responsible for considering the susceptibility of
the entity’s financial Statements to material misstatement due to fraud and error.
A. Information System, including the Business Processes, Relevant to Financial
Reporting and Communication
An information system consists of infrastructure (physical and hardware components),
software, people, procedures, and data. Infrastructure and software will be absent or have
less significance, in systems that are exclusively or primarily manual. Many information
systems make extensive use of IT.
The Information System, Including Related Business Processes, Relevant to Financial
Reporting
The information System relevant to financial reporting objectives. Which includes the
accounting system, consists of the procedures and records designed and established to:
• Initiate, record, process, and report entity transactions (as well as events and conditions) and
to maintain accountability for the related assets, liabilities, and equity,
• Resolve incorrect processing of transactions, for example, automated Suspense files and
procedures followed to clear suspense items out on a timely basis.
• Process and account for system Overrides or bypasses to controls.
• Transfer information from transaction processing systems to the general ledger.
• Capture information relevant to financial reporting for events and conditions other than
transactions, such as the depreciation and amortization of assets and changes in the
recoverability of accounts receivables; and
• Ensure information required to be disclosed by the applicable financial reporting framework
is accumulated, recorded, processed, summarized, and appropriately reported in the
financial statements.
Journal Entries

An entity’s information system typically includes the use of standard journal entries that are
required on a recurring basis to record transactions. Examples might be journal entries to
record sales, purchases, and cash disbursements in the general ledger, or to record
accounting estimates that are periodically made by management, such as changes in the
estimate of uncollectible accounts receivable.
An entity's financial reporting process also includes the use of non-standard journal entries
to record non-recurring, unusual transactions, or adjustments. Examples of such entries
include consolidating adjustments and entries for a business combination or disposal or
nonrecurring estimates such as the impairment of an asset. In manual general ledger
systems, non-standard journal entries may be identified through inspection of ledgers,
journals, and supporting documentation. When automated procedures are used to maintain
the general ledger and prepare financial statements, such entries may exist only in electronic
form and may therefore be more easily identified through the use of computer assisted
audit techniques.

Related Business Processes

An entity's business processes are the activities designed to:

• Develop, purchase, produce, sell, and distribute an entity's products and services; Ensure
compliance with laws and regulations, and Record information, including accounting and
financial reporting information.
Business processes result in the transactions that are recorded, processed, and reported by
the information system. Obtaining an understanding of the entity's business processes,
which include how transactions are originated, assists the auditor obtain an understanding
of the entity's information system relevant to financial reporting in a manner that is
appropriate to the entity's circumstances.
Accordingly, an information system encompasses methods and records that:
• Identify and record all valid transactions.
• Describe on a timely basis the transactions in sufficient detail to permit proper classification
of transactions for financial reporting.
• Measure the value of transactions in a manner that permits recording their proper monetary
value in the financial statements.
• Determine the time period in which transactions occurred to permit recording of
transactions in the proper accounting period.
• Present properly the transactions and related disclosures in the financial statements.
 Communication involves providing an understanding of individual roles and
responsibilities pertaining to internal control over financial reporting. It includes the extent
to which personnel understand how their activities in the financial reporting information
system relate to the work of others and the means of reporting exceptions to an appropriate
higher level within the entity. Open communication channels help ensure that exceptions
are reported and acted on.
Communication takes such forms as policy manuals, accounting and financial reporting
manuals, and memoranda. Communication also can be made electronically, orally, and
through the actions of management.
Application to Small Entities
Information systems and related business processes relevant to financial reporting in small
entities are likely to be less formal than in larger entities but their role is just as significant.
Small entities with active management involvement may not need extensive descriptions
of accounting procedures, sophisticated accounting records, or written policies.
Communication may be less formal and easier to achieve in a small entity than in a larger
entity due to the small entity's size and fewer levels as well as management's greater
visibility and availability.
B. Control Activities

Control activities are the policies and procedures that help ensure that management
directives are carried out, for example, that necessary actions are taken to address risks that
threaten the achievement of the entity's objectives. Control activities, whether within IT or
manual systems, have various objectives and are applied at various organizational and
functional levels.
The major categories of control procedures are:
A. Performance Review

B. Information Processing Controls

1) Proper authorization of transactions and activities
2) Segregation of duties
3) Adequate documents and records
4) Safeguards over access to assets; and
5) Independent checks on performance

C. Physical controls
*A brief discussion of these control procedures follows:
 A. Performance Review
In a performance review management uses accounting and operating data to assess
performance, and it then takes corrective action. Such reviews include:
• comparing actual performance (or operating results) with budgets, forecasts, prior period
performance, or competitors' data or tracking major initiatives such as cost- containment
or cost-reduction programs to measure the extent to which targets are being met.
• investigating performance indicators based on operating or financial data, such as
quantity or purchase price variances or the percentage of returns to total orders.
• reviewing functional or activity performance, such as relating the performance of a
manager responsible for a bank's consumer loans with some standard, such as economic
statistics or targets.
Personnel at various levels in an organization may make performance reviews. Performance
reviews may be used by managers for the sole purpose of making operating decisions. For
example, managers may analyze performance data and base operating decisions on them
because the data are consistent with their expectations. This type of review improves the
reliability of the data. However, when managers follow up on unexpected results determined
by a financial reporting system, performance reviews become a useful control over
financial reporting.
B. Information Processing Controls
Information processing controls are policies and procedures designed to require
authorization of transactions and to ensure the accuracy and completeness of transaction
processing. Control activities may be classified according to the scope of the system they
affect. federal controls are control activities that prevent or detect errors or irregularities for
all accounting systems. federal controls affect all transaction cycles and apply to
information processing as a center, hardware and systems software acquisition and
maintenance, and backup and recovery procedures. Application controls are controls that
pertain to the processing of a specific type of transaction, such a payroll, or sales and
collections.

These controls help ensure that transactions occurred. are authorized and are completely
and accurately recorded and processed. Examples of application controls include checking
the arithmetical accuracy of records, maintaining, and reviewing accounts and trial
balances, automated controls such as input data and numerical sequence checks, and
manual follow-up of exception reports. federal IT controls are policies and procedures that
relate to many applications and support the effective functioning of application controls
by helping to ensure the continued proper operation of information systems. federal IT-
controls commonly include controls over data center and network operations; system
software acquisition, change and maintenance; access security; and application system
acquisition, development, and maintenance.
 These controls apply to mainframe, mainframe, and end- user environments. Examples of
such general IT-controls are program change controls, controls that restrict access to
programs or data, controls over the implementation of new releases of packaged software
applications, and controls over system software that restrict access to or monitor the use of
system utilities that could change financial data or records without leaving an audit trail.
Internal controls relating to the accounting system are concerned with achieving objectives
such as:
• Transactions are executed in accordance with management's general or specific authorization.
• All transactions and other events are promptly recorded in the correct amount, in the
appropriate accounts and in the proper accounting period so as to permit preparation of
financial statements in accordance with an identified financial reporting framework.
• Access to assets and records is permitted only in accordance with management's authorization.
• Recorded assets are compared with the existing assets at reasonable intervals and
appropriate action is taken regarding any differences
Control activities related to the processing of transactions may be grouped as follows: (1)
proper authorization, (2) design and use of adequate documents and records, and (3)
independent checks on performance.
1. Proper authorization of transactions and activities
As suggested earlier, authorization for the execution of transactions flows from the
stockholders to management and its subordinates. Before a transaction is entered into with
another party, certain conditions must usually be met. As part of the evaluation of the
potential transaction, documentation will be created. The auditor uses this documentation,
to determine whether business transactions are properly authorized. For example, the
purchase of inventory may create a purchase order, a receiving report, and a vendor invoice.
By inspecting these documents and comparing them with company policy, the auditor may
be reasonably satisfied that a business transaction was authorized and executed in a manner
consistent with company policy.
2. Segregation of duties
An important element in designing an internal accounting control system that safeguards
assets and reasonably ensures the reliability of the accounting records is the concept of
segregation of responsibilities. No one person should be assigned duties that would allow
that person to commit an error or perpetuate fraud and to conceal the error or fraud. For
example, the same person should not be responsible for recording the cash received on
account and for posting the receipts to the accounting records.
3. Adequate documents and records
The use of adequate documents and records allow the company to obtain reasonable
assurance that all valid transactions have been recorded.
 4. Access to assets
The resources of a client can be protected by the establishment of physical barriers and
appropriate policies. For example, inventories may be kept in a storeroom, or negotiable
instruments may be placed in a safe deposit box. Appropriate company policies are adopted
so that only authorized persons have access to company resources. Safeguarding of assets
is more than establishing physical barriers. A client should design its internal accounting
control system so that documents authorizing the movement of assets into an organization
or out of an organization are adequately controlled.
5. Independent checks on performance
The objective of a well-designed internal accounting control system is the adoption of
procedures that periodically compare the actual asset with its recorded balance. Regardless
of the effectiveness of an internal control system, some transactions may not be accurately
recorded, and some assets may be misappropriated. An important part of an internal
accounting control system is to determine the effectiveness of recording policies and asset
access policies. This is accomplished by periodic counts of assets by the client and
comparing the counts to the balances in the general ledger account. Examples are the count
of inventory and the preparation of monthly bank reconciliation.
C. Physical Controls
Controls that encompass:
• The physical security of assets, including adequate safeguards such as secured facilities over
access to assets and records.
• The authorization for access to computer programs and data files.
• The periodic counting and comparison with amounts shown on control records (for
example, comparing the results of cash, security and inventory counts with accounting
records).
The extent to which physical controls intended to prevent theft of assets are relevant to the
reliability of financial statement preparation, and therefore the audit, depends on
circumstances such as when assets are highly susceptible to misappropriation. The concepts
underlying control activities in small entities are likely to be similar to those in larger
entities, but the formality with which they operate varies. Further, small entities may find
that certain types of control activities are not relevant because of controls applied by
management. For example, management's retention of authority for approving credit sales,
significant purchases, and drawdowns on lines of credit can provide strong control over
those activities, lessening or removing the need for more detailed control activities. An
appropriate segregation of duties often appears to present difficulties in small entities. Even
companies that have only a few employees, however, may be able to assign their
responsibilities to achieve appropriate segregation or, if that is not possible, to use
management oversight of the incompatible activities to achieve control objectives.
 C. Monitoring of Controls
Monitoring, the final component of internal control, is the process that an entity uses to
assess the quality of internal control over time. Monitoring involves assessing the design
and operation of controls on a timely basis and taking corrective action as necessary.
Management monitors controls to consider whether they are operating as intended and to
modify them as appropriate for changes in conditions. In many entities, internal auditors
evaluate the design and operation of internal control and communicate information about
strengths and weaknesses and recommendations for improving internal control. Some
monitoring activities may include communications from external parties. For example,
customers implicitly corroborate sales data by paying their bills or raising questions. Also,
bank regulators, other regulators, and outside auditors may communicate about the design
or effectiveness of internal control.
Monitoring activities may include using information from communications from external
parties that may indicate problems are highlight areas in need of improvement. Customers
implicitly corroborate billing data by paying their invoices or complaining about their
charges. In addition, regulators may communicate with the entity concerning matters that
affect the functioning of internal control, for example, communications concerning
examinations by bank regulatory agencies. Also, management may consider communications
relating to internal control from external auditors in performing monitoring activities.
Application to Small Entities
Ongoing monitoring activities of small entities are more likely to be informal and are
typically performed as a part of the overall management of the entity’s operations.
Management’s close involvement in operations often will identify significant variances
from expectations and inaccuracies in financial data leading to corrective action of the
control.

Chapter 14: Fraud and Error

Fraud – is an intentional act involving the use of deception that results in a material
misstatement of the financial statements.
Differences of Fraud to Errors
Intent to deceive is what distinguishes fraud from errors. Auditors routinely find financial
errors in their client’s books, but those are not intentional.
TYPED OF MISSTATEMENTS
Two types of misstatements are relevant to auditor’s consideration of fraud:

1. Misstatements arising from misappropriation of assets Asset misappropriation

• occurs when a perpetrator steals or misuses an organization’s assets.
• are the dominant fraud scheme perpetrated against small business and the perpetrators are
usually employees.
• can be accomplished in various ways, including embezzling cash receipts, stealing assets,
 or causing the company to pay for goods or services that were not received.
Asset misappropriation commonly occurs when employees:
• Gain access to cash and manipulate accounts to cover up cash thefts.
• Manipulate cash disbursements through fake companies.
• Steal inventory or other assets and manipulate the financial records to cover up the Fraud.

2. Misstatements arising from Fraudulent Financial Reporting

The intentional manipulation of reported financial results to misstate the economic
condition of the organization is called fraudulent financial reporting. The perpetrator of
such a fraud generally seeks gain through the rise in stock price and the commensurate
increase in personal wealth. Sometimes the perpetrator does not seek direct personal gain,
but instead uses the fraudulent financial reporting to “help” the organization avoid
bankruptcy or to avoid some other negative financial outcome.

Three common ways in which fraudulent financial reporting can take place include:
1. Manipulation, falsification (including forgery), or alteration of accounting records or
supporting documentation from which the financial statements are prepared.
2. Misrepresentation in, or intentional omission from, the financial statements of events,
transactions, or other significant information.
3. Intentional misapplication of accounting principles relating to amounts, classification,
manner of presentation, or disclosure.
THE FRAUD TRIANGLE

The Fraud Triangle characterizes incentives, opportunities and rationalizations that enable
fraud to exist.
The three elements of the fraud triangle are:
• Incentive to commit fraud
• Opportunity to commit and conceal the fraud
• Rationalization – the mindset of the fraudster to justify committing the fraud
1. Incentive or Pressures to Commit Fraud
Incentives relating to asset misappropriation include:
• Personal factors, such as severe financial considerations
• Pressure from family, friends, or the culture to live a more lavish lifestyle than one’s
personal earnings allow for
• Addictions to gambling or drugs
The incentives include the following for fraudulent financial reporting:
• Management compensation schemes
• Other financial pressures for either improves earnings or an improved balance sheet
• Debt covenants
• Pending retirement or stock option expirations
• Personal wealth tied to either financial results or survival of the company
• Greed – for example, the backdating of stock options was performed by individuals who
already has millions of pesos of wealth through stock
2. Opportunities to Commit Fraud
One of the most fundamental and consistent findings in fraud research is that there must
be an opportunity for fraud to be committed. Although this may sound obvious – that is,
“everyone has an opportunity to commit fraud” – it really conveys much more. It means
not only that an opportunity exists, but either there is a lack of controls of the complexities
associated with a transaction are such that the perpetrator assesses the risk of being caught
as low.
Some of the opportunities to commit fraud that the top management should consider
include the following:
• Significant related-party transactions
• A company’s industry position, such as the ability to dictate terms or conditions to
suppliers or customers that might allow individuals to structure fraudulent transactions
• Management’s inconsistency involving subjective judgements regarding assets or accounting
estimates
• Simple transactions that are made complex through an unusual recording process
• Complex or difficult to understand transactions, such as financial derivatives or special-
purpose entities
• Ineffective monitoring of management by the board, either because the board of directors is
not independent or effective, or because there is a domineering manager
• Complex or unstable organizational structure
• Weak or nonexistent internal controls
3. Rationalizing the Fraud
For asset misappropriation, personal rationalizations often revolve around mistreatment by
the company or a sense of entitlement (such as, “the company owes me!”) by the individual
perpetrating the fraud.
Following are some common rationalizations for asset misappropriation:
• Fraud is justified to save a family member or loved one from financial crisis
• We will lose everything (family, home, car and so on) if we don’t take the money.
• No help is available from outside.
• This is “borrowing”, and we intend to pay the stolen money back at some point.
• Something is owed by the company because others are treated better.
• We simply do not care about the consequences of our actions or of accepted notions of
decency and trust; we are for ourselves.
For fraudulent financial reporting, the rationalization can range from “saving the company”
to personal greed, and may include the following:
• This is one-time thing to get us through the current crisis and survive until things get better.
• Everybody cheats on the financial statements a little, we are just playing the same game.
• We will be in violation of all our debt covenants unless we find a way to get this debt off
the financial statements.
• We need a higher stock price to acquire the company XYZ, or to keep our employees
through stock options, and so forth.

RISK FACTORS CONTRIBUTORY TO MISAPPROPRIATION OF ASSETS

Misappropriation of assets involves the theft of an entity’s assets and is often perpetrated by
employees in relatively small and immaterial amounts. However, it can also involve
management who are usually more able to disguise or conceal misappropriations in ways
that are difficult to detect.
Misappropriation of assets can be accompanied in variety of ways including:
• Embezzling receipts (for example, misappropriating collections on accounts receivable or
diverting receipts in respect of written-off accounts to personal bank accounts).
• Stealing physical assets or intellectual property (for example, stealing inventory for personal
use or for sale, stealing scrap for resale, colluding with a competitor by disclosing
technological data in return for payment).
• Causing an entity to pay for goods and services not received (for example, payments to
fictitious vendors, kickbacks paid by vendors to the entity’s purchasing agents in return for
inflating prices, payments to fictitious employees).
• Using an entity’s assets for personal use (for example, using the entity’s assets as collateral
for a personal loan or loan to a related party.
Misappropriation of assets is often accompanied by false or misleading records or
documents in order to conceal the fact that the assets are missing or have been ledged
without proper authorization.
A. Incentives / Pressures
1. Personal financial obligations may create pressure on management or employees with
access to cash or other assets susceptible to theft to misappropriate those assets.
2. Adverse relationships between the entity and employees with access to cash or other assets
susceptible to theft may motivate those employees to misappropriate those assets.
For example, adverse relationships may be created by the following:
a. Known or anticipated future employee layoffs.
b. Recent or anticipated changes to employee compensation or benefit plans.
c. Promotions, compensation, or other rewards inconsistent with expectations.
B. Opportunities
1. Certain characteristics or circumstances may increase the susceptibility of assets to
misappropriation.
For example, opportunities to misappropriate assets increase when following exist:
a. Large amounts of cash on hand or processed
b. Inventory items that are small in size, or high value, or in high demand
c. Fixed assets which are small in size, marketable, or lacking observable identification of
ownership
2. Inadequate internal control over assets may increase the susceptibility of misappropriation
 of those assets.
For example, misappropriation of assets may occur because of the following:
a. Inadequate segregation of duties or independent checks.
b. Inadequate oversight of senior management expenditures, such as travel and other
reimbursements.
c. Inadequate management oversight of employees responsible for assets, for example,
inadequate supervision or monitoring of remote locations.
d. Inadequate job applicant screening of employees with access to assets.
e. Inadequate record keeping with respect to assets.
f. Inadequate system of authorization and approval of transactions (for example, in
purchasing).
g. Inadequate physical safeguards over cash, investments, inventory, or fixed assets.
h. Lack of complete and timely reconciliation of assets.
i. Lack of timely and appropriate documentation of transactions, for example, credits for
merchandise returns.
j. Lack of mandatory vacations for employees performing key control functions.
k. Inadequate management understanding of information technology, which enables information
technology employees to perpetrate a misappropriation.
l. Inadequate access of controls over automated records, including controls over and
review of computer systems event logs.
C. Attitudes/Rationalizations
1. Disregard for the need for monitoring or reducing risks related to misappropriation of assets.
2. Disregard for internal control over misappropriation of assets by overriding existing
controls or by failing to correct known internal control deficiencies.
3. Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the
employee.
4. Changes in behavior or lifestyle that may indicate assets have been misappropriated.
5. Tolerance of petty theft.
RISK FACTORS CONTRIBUTORY TO FRAUDULENT FINANCIAL REPORTING

Fraudulent financial reporting involves intentional misstatements including omissions of

amounts or disclosures in financial statements to deceive financial statement users. It can
be cause by the efforts of management to manage earnings in order to deceive financial
statement users by influencing their perceptions as to the entity’s performance and
profitability. Such earnings management may start out with small actions or inappropriate
adjustment of assumptions and changes in judgements by management. Pressures and
incentives may lead these actions to increase to the extent that they result in fraudulent
financial reporting. Such a situation could occur when, due to pressures to meet market
expectations or a desire to maximize compensation based on performance, management
intentionally takes positions that lead to fraudulent financial reporting by materially
misstating the financial statements.
 In some entities, management may be motivated to reduce earnings by a material amount
to minimize tax or inflate earnings to secure bank financing.
Fraud, whether fraudulent financial reporting or misappropriation of assets, involves
incentive or pressure to commit fraud, a perceived opportunity to do so and some
rationalization of the act.
A. Incentive/Pressure
Incentive or pressure to commit fraudulent financial reporting may exist when management
in under pressure, from sources outside or inside the entity, to achieve an expected (and
perhaps unrealistic) earnings target or financial outcome – particularly since the
consequences to management for failing to meet financial goals can be significant.

B. Opportunities
A perceived opportunity to commit fraud may exist when an individual believes internal
control can be overridden, for example, because the individual is in a position of trust or has
knowledge of specific weaknesses in internal control.

Fraudulent financial reporting often involves management override of controls that

otherwise may appear to be operating effectively. Fraud can be committed by management
overriding controls using such techniques as:
• Recording fictitious journal entries, particularly close to the end of an accounting period, to
manipulate operating results or achieve other objectives.
• Inappropriately adjusting assumptions and changing judgements used to estimate
account balances.
• Omitting, advancing, or delaying recognition in the financial statements of events and
transactions that have occurred during the reporting period.
• Concealing, or not disclosing, facts that could affect the amounts recorded in the
financial statements.
• Engaging in complex transactions that are structured to misrepresent the financial position
or financial performance of the entity.
• Altering records and terms related to significant and unusual transactions.

C. Rationalizations
Individuals may be able to rationalize committing a fraudulent act. Some individuals
possess an attitude, character, or set of ethical values that allow them knowingly and
intentionally to commit a dishonest act. However, even otherwise honest individuals can
commit fraud in an environment that imposes sufficient pressure on them.
 RESPONSIBILITY FOR THE PREVENTION AND DETECTION OF FRAUD

The primary responsibility for the prevention and detection of fraud rests with both those
charged with governance of the entity and management.
It is important that management, with the oversight of those charged with governance,
place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to
take place, fraud deterrence, which could persuade individuals not to commit fraud because
of the likelihood of detection and punishment.
This involves a commitment to creating a culture of honesty and ethical behavior which
can be reinforced by an active oversight by those charged with governance. In exercising
oversight responsibility, those charged with governance consider the potential for override
of controls or other inappropriate influence over the financial reporting process, such as
efforts by management to manage earnings in order to influence the perceptions by
analysts as to the entity’s performance and profitability.

Chapter 15: Errors and irregularities in the transaction cycles of the business entity

While businesses in different individuals can have striking different characteristics, most
have some fundamental conceptual characteristics are practices in common. The three basic
business transaction cycles include
1. Sales and Collections Cycle
2. Acquisitions and Payments Cycle
3. Payroll and Personnel Cycle

Management should establish controls to ensure that these transactions are appropriately
handled and recorded. However, if internal controls are not properly implemented, or are
overridden, fraud and errors may occur. This chapter presents the errors and fraudulent
activities that could result if there is poor internal control.

I. Sales and Collections Cycle

1. Errors in Recording Sales and Collections Transactions

Errors in recording sales include mechanical errors, such as using a wrong piece or wrong
quantity, recording sales in the wrong period (cutoff errors), a bookkeeper's failure to
understand proper accounting for a transaction, and so on. Internal controls are designed to
prevent or detect many of these kinds of errors.
2. Frauds in Sales and Collections
Frauds in sales generally relate to fraudulent financial reporting. In contrast, frauds in cash
collections relate to misappropriation of assets. Typically accomplished by clerks or
management-level employees.
 a. Fraudulent Financial Reporting
Fraudulent financial reporting involving sales typically results in overstated sales or
understated sales returns and allowances. Managers under pressure to achieve high
profits may inflate sales to meet target profits established by senior managers, to obtain
bonuses, to retain the respect of senior managers, or even to keep their jobs. The
following methods can be used to increase
sales fraudulently:

• Recording fictitious sales (creating fictitious shipping documents, sales invoices, and so on)
• Recording valid transactions twice
• Recording in the current period sales that occurred in the succeeding period (improper
cutoff)
• Recording operating leases as sales
• Recording deposits as sales
• Recording consignments as sales
• Recording sales when the chance of a return is likely
• Following revenue recognition practices that are not in accordance with PFRS
• Recognizing revenue that should be deferred
b. Misappropriation of Assets: Withholding Cash Receipts

• Skimming
This refers to the act of withholding cash receipts without recording them. An example is
when a cashier in a retail store does not ring up a transaction and takes the cash.
Another example is when an employee who has access to cash receipts and maintains
accounts receivable records can record a sale at an amount lower than the invoice amount.
When the customer pays, the employee takes the difference between the invoice and the
amount recorded as a receivable. Detection of unrecorded cash receipts is very difficult;
however, unexplained changes in the gross profit percentage or sales volume may indicate
that cash receipts have been withheld.
• Lapping

This technique is used to conceal the fact that cash has been abstracted; the shortage in one
customer's account is covered with a subsequent payment made by another customer. An
employee who has access to cash receipts and maintains accounts receivable can engage
in lapping. Routine testing of details of collections compared with validated bank deposit
slips should uncover this fraud.
• Kiting

This is another technique used to cover cash shortage or to inflate cash balance. Kiting
involves counting the cash twice by using the float in the banking system. (Float is the gap
between the time the check is deposited or added to an account and the time the check
clears or is deducted from the account it was written on). Analyzing and verifying cash
transfers during the days surrounding year-end should reveal this type of fraud.
II. Acquisitions and Payments Cycle
1. Errors in the Acquisitions and Payments Cycle
The following may occur in the acquisitions and payments cycle:
• Failing to record a purchase in the proper period (cutoff errors)
• Recording goods accepted on consignment as a purchase
• Misclassifying purchases of assets and expenses
• Failing to record a cash payment
• Recording a payment twice
• Failing to record prepaid expenses as assets

Entities normally design controls to prevent these errors from occurring or to detect errors
if they do occur. When such controls exist, auditors test the controls to assess their
effectiveness. If the controls are not effective, auditors should perform substantive tests to
determine that the financial statements do not contain material misstatements that arose
because of possible errors
2. Frauds in the Acquisitions and Payments Cycle
a. Paying for Fictitious Purchases
This involves the perpetrator creating a fictitious invoice (and sometimes a receiving report,
purchase order and so forth) and processing the invoice for payment. Alternatively, the
perpetrator can pay the invoice twice.
b. Receiving Kickbacks
In this scheme, a purchasing agent may agree with a vendor to receive a kickback (refund
payable to the purchasing person on goods or services acquired from the vendor).
This is usually done in return for the agent's ensuring that the particular vendor receives
an order from the firm. Often a check is made payable to the purchasing agent and mailed
to the agent at a location other than his or her place of employment. Sometimes the
purchasing agent splits the kickback with the vendor's employee for approving and paying
it. Detecting kickbacks is difficult because the buyer's records do not reflect their existence.
However, when vendors are required to submit bids for goods or services, the likelihood
of kickbacks is reduced.
 C. Purchasing Goods for Personal Use
Foods or services for personal use may be purchased by executive or purchasing agents
and charged to the company's account. To execute such a purchase, the perpetrator must
have access to blank receiving reports and purchase approvals or must connive with
another employee. Fraud involving the purchase of goods for personal use is more likely to
go unnoticed when perpetual records are not maintained.

III. Payroll and Personnel Cycle

Historically, errors and irregularities involving payroll have been reported to occur
frequently and are largely undetected.
1. Errors
The most errors that can occur in the payroll and personnel cycle are
a) paying employees at the wrong rate,
b) paying employees for more hours than they worked,
c) charging payroll expense to the wrong accounts, and
d) keeping terminated employees on the payroll.
Good internal control can be established to prevent these errors from occurring and to detect
them if they do occur.
2. Frauds involving Payroll
The major payroll-related frauds include
a. Fictitious Employees
Adding fictitious employees to the payroll is one of the most common defalcations.
Detecting fictitious employees on the payroll is very difficult; but auditors do sometimes
perform a surprise payoff as a deterrent to this form of defalcation. Alternatively, the auditor
may turn the check distribution over to an official not associated with preparing payroll,
signing checks, or supervising workers. Personnel files and the employees' completed
timecards and time tickets may also be examined to substantiate the existence of absent
employees.
b. Excess Payments to Employees
Increasing the rate above that approved or paying employees for more hours than they
worked are the most common ways of paying employees more than they are entitled to
receive. These practices can be substantially reduced by requiring personnel department
officials to authorize changes in pay rates and by monitoring total hours worked and paid
for. Analytical procedures that focus on cost per unit of actual production can also be helpful
in detecting excess payments to employees.
 c. Failure to Record Payroll
Companies having difficulty meeting profit targets or not-for-profit entities having
difficulty managing costs and expenses might fail to record a payroll. The omission of
payroll can be difficult to hide unless a similar amount of revenues or receipts has been
omitted. Analytical procedures can be performed to test the reasonableness of payroll cost.
d. Inappropriate Assignment of Labor Costs to Inventory

A company having difficulty meeting profit targets might assign to inventory labor cost that
should have been charged to expense. Analytical procedures such as comparing costs
incurred to budgeted cost and verification of valuation of inventory are some of the useful
techniques in detecting such fraud.

Chapter 16: Internal Control affecting Assets

INTERNAL CONTROL OVER CASH TRANSACTIONS

Most of the processes relating to cash handling are the responsibility of the finance
department, under the direction of the treasurer. These processes include handling and
depositing cash receipts; signing checks; investing idle cash; and maintaining custody of
cash, marketable securities, and other negotiable assets. In addition, the finance department
must forecast cash requirements and make both short-term and long-term financing
arrangements.
Ideally, the functions of the finance department and the accounting department should be
integrated in a manner that provides assurance that:
1. All cash that should have been received was in fact received, recorded accurately, and
deposited promptly.
2. Cash disbursements have been made for authorized purposes only and have been properly
recorded.
3. Cash balances are maintained at adequate, but not excessive, levels by forecasting expected
cash receipts and payments related to normal operations. The need for obtaining loans for
investing excess cash is thus made known on a timely basis.
A detailed study of the business processes of the company is necessary in developing the
most efficient control procedures, but there are some general guidelines to good cash
handling practices in all types of business. These guidelines for achieving internal control
over cash may be summarized as follows:
1. Do not permit any one employee to handle a transaction from beginning to end.
2. Separate cash handling from record keeping.
3. Centralize receiving of cash to the extent practical.
4. Record cash receipts on timely basis.
5. Encourage customers to obtain receipts and observe cash register totals.
6. Deposit cash receipts daily.
7. Make all disbursements by check or electronic funds transfer, with the exception of small
expenditures from petty cash.
8. Have monthly bank reconciliation prepared by employees not responsible for the issuance
of checks or custody of cash. The completed reconciliation should be reviewed promptly
by an appropriate official.
9. Monitor cash receipts and disbursements by comparing recorded amounts to forecasted
amounts and investigating variances from forecasted amounts.
Potential Misstatements – Cash Receipts
Description of Examples Internal Control Weakness or Factors
Misstatement that Increase the Risk of the
Misstatement
Recording fictitious Fraud: Lack of segregation of duties of the
cash receipts Overstating cash functions of access to cash and record
receipts on the books keeping; no effective review of bank
by transferring cash reconciliations.
between bank
accounts without
appropriate recording
of the transfer to cover
up on embezzlement
of cash.

Failure to record Fraud: Inadequate supervision of cashiers;

receipts from cash A cashier fails to ring failure to encourage customers to obtain
sales up and record cash cash receipts.
sales and embezzles • Inadequate controls for reconciling cash
the cash. register topes and accounting records;
Error: inadequate controls for reconciling bank
A bookkeeper accounts.
accidentally omits the
recording of the
receipts from one cash
register for the day.

Failure to record Fraud: Lack of segregation of duties between

cash from collection • A cashier personnel who have access to cash receipts
of accounts embezzles cash and those who make entries into the
receivable payments by customers accounts receivable records.
on receivables, without • Lack of segregation of
recording the receipts in duties between personnel who have access
the customers' accounts. to cash receipts and those who make
•A bookkeeper who entries into the accounts receivable
 accidentally has access records.
to cash receipts • Inadequate reconciliations of
embezzles cash subsidiary records of accounts receivable
collected from with the general ledger control account.
customers and writes
off the related
receivables.

Error:
•A bookkeeper
accidentally fails to
record payment on a
receivable.

Early (late) Fraud: •Ineffective board of directors, audit

recognition of cash •Holding the cash committee, or internal audit function;
receipts - "cutoff receipts journal open to "tone at the top" not conductive to ethical
problems" record conduct; undue pressure to show
next year's cash receipts improved financial position.
as having occurred in • Failure to list and deposit cash
this year. receipts on a timely basis.
Error:
•Recording cash
receipts based on bad
information about date
of receipt.
Potential Misstatements – Cash Disbursements

Description of Examples Internal Control Weakness or

Misstatement
Factors that Increase the Risk of
the Misstatement

Inaccurate Fraud: • Inadequate segregation of duties of

recording of a record keeping and preparing cash
•A bookkeeper prepares a
purchase or disbursements or check signer does
check to himself and records it
disbursement not review and cancel supporting
as having been issued to a
major supplier. documents.
Error: •Ineffective control for
•A disbursement is made to matching invoices with receiving
pay an invoice for goods that documents before disbursements are
have not been received. authorized
• Disbursements for travel and Ineffective accounting coding
entertainment are improperly procedures may. result from
included with merchandise incompetent accounting personnel,
purchases. inadequate chart of accounts, or no
controls over the posting process.
Duplicate Error: • Ineffective controls for review and
recording and •A purchase is recorded when cancellation of supporting documents
payment of an invoice is received from a by the check signer.
purchases vendor and recorded again
when a duplicate invoice is
sent by the vendor.
Unrecorded Fraud: • Ineffective control over record
disbursements In conjunction with recorded keeping for and access to cash.
(but deposited) cash receipts,
an employee writes and chases
an unrecorded check for the
identical amount.
 INTERNAL CONTROL OVER FINANCIAL INVESTMENTS

The most important group of financial investments consists of marketable stocks and
bonds because they are found more frequently and usually are of greater peso value than
the other kinds of investment holdings. Other types of investments often encountered
include commercial paper issued by corporations, mortgages and trust deeds, and the cash
surrender value of life insurance policies. The internal auditors also must be concerned
with derivatives that are used to hedge various financial and operational risks or for
speculation. Derivatives are financial instruments that "derive" their value from other
financial instruments, underlying assets, or indexes. For example, a simple derivative would
involve a commitment by a company to purchase a commodity at a certain price at some
point in the future.
Other derivatives are much more complex, involving, for example, relationships between
fluctuations in European interest rates and the price of copper.
The major elements of adequate internal control over financial investments include the
following:

1. Formal investment policies that limit the nature if investments insecurities and other
financial instruments.
2. An investment committee of the board of directors that authorizes and reviews financial
investment activities for compliance with investment policies.
3. Separation of duties between the executive authorizing purchases and sales of securities
and derivative instruments, the custodian of the securities, and the person maintaining the
records of investments.
4. Complete detailed records of all securities and derivative instruments owned and the related
provisions and terms.
5. Registration of securities in the name of the company.
6. Periodic physical inspection of securities on hand by an internal auditor or an official
having no responsibility for the authorization, custody, or record keeping of investments.
7. Determination of appropriate accounting for complex financial instruments by competent
personnel.

In many concerns, segregation of the functions of custody and record keeping is achieved
by the use of an independent safekeeping agent, such as a stockholder, bank, or trust
company. Since the independent agent has no direct contact with the employee responsible
from maintaining accounting records of the investments in securities, the possibilities of
concealing fraud through falsification of the accounts are greatly reduced. If securities are
not placed in the custody of an independent agent, they should be kept in a bank safe deposit
box under the joint control of two or more of the company's officials. Joint control means
that neither of the two custodians may have access to the securities except in the presence
of the other. A list of securities in the box should be maintained in the box, and the deposit
or withdrawal of securities should be recorded on this list along with the date and
signatures of all persons present. The safe-deposit box rental should be in the name of the
company, not in the name of an officer having custody of securities.
 Complete detailed records of all securities and derivative instruments owned are essential
to satisfactory control. These records frequently consist of a subsidiary record for each
security and derivative instrument, with such identifying data as the exact name, face
amount or par value, certificate number, number of shares, date of acquisition, name of
broker, cost, terms and any interest or dividend payments received. Actual interest and
dividends should be compared to budgeted amounts, and significant variances should be
investigated. The purchase and sale of investments often is entrusted to a responsible
financial executive, subject to frequent review by an investment committee of the board of
directors.

Potential Misstatements – Financial Investments

Description Examples Internal Control
of Weakness or Factors
Misstatement that Increase the Risk
of the Misstatement
Misstatement Error: •Inadequate accounting
of recorded manual; incompetent
Value of • Failure to record changes in market values of
investments accounting personnel.
investments,
•Ineffective board of
Fraud: directors, audit
committee, or internal
• Misstatement of the value of closely held investment. audit function; not
conducive to ethical
conduct; undue
pressure to meet earnings
targets.
Unauthorized Fraud: Inadequate segregation
investment An employee with access to securities coverts them for of duties of record
keeping for and
transactions personal use.
custody
of securities.

Incomplete Error: • Inadequate accounting

recording of Failure to record derivative agreements which are manual; incomplete
Investments embedded in other agreements. accounting personnel.
• Inadequate monitoring by
internal auditors.
INTERNAL CONTROL OVER RECEIVABLES

Accounts receivable include not only claims against customers arising from the sale of
goods or services, but also a variety of miscellaneous claims such as loans to officers or
employees, loans to subsidiaries, claims against various other films, claims for tax refunds
and advantages to suppliers.
Sources and Nature of Notes Receivable

Notes receivable are written promises to pay certain amounts at future dates. Typically,
notes receivable is used for handling transactions of substantial amount these negotiable
documents are widely used. In banks and other financial institutions, notes receivable
usually constitutes the single most important asset.
Internal Control of Accounts Receivable and Revenue

To understand internal control over accounts receivable and revenue, one must consider the
various components, including the control environment. risk assessment monitoring, the
accounting) information and communication system, and control activities.
Control Environment

Because of the risk of intentional misstatement of revenues, the control environment is very
important to effective internal control over revenue and receivables. Of particular
importance is an independent audit committee of the board of directors that monitors
management's judgments about revenue recognition principles and estimates, as well as an
effective internal audit function Management should establish a tone at the top of the
organization that encourages integrity and ethical financial reporting. These ethical
standards should be communicated and observed throughout the organization. Also,
incentives for dishonest reporting, such as undue emphasis on meeting unrealistic sales or
earnings targets, should be eliminated.
Potential Misstatements – Revenue/Receivables

Internal Control Weakness

Description of or Factors that Increase the Risk of the
Examples
Misstatement Misstatement

Recording unearned Fraud:

revenue • Ineffective board of directors, audit
Recording fictitious sales without receiving a committee, or internal audit function; undue
customer order over shipping the goods. pressure to meet earnings targets. "Top
management action" not conductive to
Intentional over shipment of goods ethical conduct.
Errors: • Ineffective billing process in which billing is
not tied to shipping information.
•Recording sales based on the receipt of orders • Ineffective controls for testing invoices, or
from customers rather than the shipment of goods. ineffective input validation checks
and computer reconciliations
•Inaccurate billing and recording of sales. to ensure the accuracy of databases.
• Inadequate accounting manual; incompetent
Recording cash that represents a liability (e.g., accounting personnel.
receipt of a customer's deposit) as revenue

Early (late) Fraud:

recognition of • Ineffective board of directors, audit
revenue – “cutoff • Holding the sales journal open to record next committee, or internal audit function; not
error” year's sales as having occurred in the current conducive to ethical conduct undue pressure
year. to meet sales targets.
Error: • Ineffective cutoff procedures in the shipping
department.
• Recording sales in the wrong period based• on
incorrect shipping information.

Recording revenue Froud: • Ineffective board of directors, audit

when significant • Recording sales when the customer is likely to committee, or internal audit function; not
uncertainties exist return the goods. conducive to ethical conduct; undue pressure
Error: to meet sales targets.
• Recording sales when the customer's • Aggressive attitude of management toward
payment is contingent upon the customer financial reporting: incompetent chief
receiving financing or selling the goods to accounting officer.
another party (e.g., consignment sales).

Recording revenue Froud: • Ineffective board of directors, audit

when significant • Recording franchise revenue when the committee, or internal audit function; not
services still must be franchises are sold even though an obligation conducive to ethical conduct; undue pressure
performed by seller to perform significant services still exists. to meet sales targets.
Error:
• Amount of revenue earned on franchises is• Aggressive attitude of management toward
miscalculated financial reporting. incompetent chief
 accounting officer.

Overestimation of Fraud: •Ineffective board of directors,audit

the amount of committee, or internal audit function; not
revenue earned. • Misstating the percentage of completion of conducive to ethical conduct; incompetent
several projects by a construction company usingindividuals involved in the estimation process.
the percentage- of completion method revenue
recognition. •Aggressive attitude of management toward
• Overestimating the percentage of completion on financial reporting: incompetent personnel
projects by construction company using involved in the estimation /accounting process.
the percentage-of- completion method of
revenue recognition.

Internal Control over Notes Receivables

As previously stated, a basic characteristic of effective control consists of the subdivision

of duties. As applied to notes receivable, this principle requires that:
1. The custodian of notes receivable not have access to cash or to general accounting records.
2. The acceptance and renewal of notes be authorized in writing by a responsible official who
does not have custody of the notes.
3. The write-off of defaulted notes be approved in writing by a responsible official and
effective
procedures adopted for subsequent follow-up of such defaulted notes.
INTERNAL CONTROL OVER INVENTORIES AND COST OF GOODS SOLD

The interrelationship of inventories and cost of goods sold makes it logical for the two
topics to be considered together. The controls that assure the fair valuation of inventories
are found in the purchases (or acquisition) cycle. These controls include procedures for
selecting vendors, ordering merchandise or materials, inspecting goods received,
recording the liability to the vendor, and authorizing and making cash disbursements. In a
manufacturing business, the valuation of inventories also is affected by the production (or
conversion) cycle, in which various manufacturing costs are assigned to inventories, and
the cost of inventories is then transferred to the cost of goods sold.

Sources and Nature of Inventories and Cost of Goods Sold

The term inventories are used in this chapter to include:

1. goods on hand ready for sale, whether the merchandise of a trading concern or
2. the finished goods of a manufacturer,
3. goods in the process of production; and
4. good to be consumed directly or indirectly in production, such as raw materials,
purchased parts, and supplies.

Internal Control over Inventories and Cost of Goods Sold

The importance of adequate internal control over inventories and cost of goods sold from
the viewpoint of both management and the auditors can scarcely be overemphasized. In
some companies, management stresses controls over cash and securities but pays little
attention to control over inventories. Since many types of inventories are composed of items
not particularly susceptible to theft. management may consider controls to be unnecessary
in this area. Such thinking ignores the fact that controls for inventories affect nearly all the
functions involved in producing and disposing of the company's products.
Potential Misstatements – Inventory/Cost of Goods Sold

Description of Examples Internal Control Weakness

Misstatement or Factors that Increase the
Risk of the Misstatement

Misstatement Fraud: • Ineffective board of

directors, audit committee,
of • Intentional misstatement of production or internal audit function,
costs assigned to inventory. "tone at the top not
inventory costs conductive to ethical
• Intentional misstatement of inventory prices. conduct; undue pressure to
meet earnings targets.
Errors:

• The assignment of direct labor costs, direct• Ineffective cost accounting

material costs, or factory overhead to system: failure to update
inventory items is inaccurate. standard casts on a timely basis.
• Erroneous pricing of inventory. • Ineffective input validation a
control on the database of
inventory costs; ineffective
supervision of the personnel
that enter the costs on the final
inventory schedule.
Misstatement of Fraud: • Ineffective physical controls
inventory quantities •Items are stolen with no journal entry over inventories.
reflecting the theft. • Ineffective board of directors’
•Inventory quantities in locations not visited audit committee, or internal
by auditors are systematically overstated. audit function; "tone of the top"
Errors: not conducive to ethical
Miscounting of inventory by personnel conduct; undue pressure to
involved in physical inventory. meet earnings targets.
• Ineffective controls or
supervision of physical
inventory.

Early (late) Fraud: •Ineffective board of directors,

recognition • Intentional recording of purchases in the
of audit committee, or internal
purchases – “cutoff subsequent period. audit function; "tone at the top"
problems”. Error: not conducive to ethical
• Recording purchases of the current period in conduct; undue pressure to meet
the subsequent period. earnings targets.

•Ineffective accounting
 INTERNAL CONTROL OVER PROPERTY, PLANT AND EQUIPMENT

The term properly, plant and equipment include all tangible assets with a service life of
more than one year that are used in the operation of the business and are not acquired for
the purpose of resale. Three major subgroups of such assets are generally recognized:
1. Land, such as properly used in the operation of the business, has the significant
characteristic of not being subject to depreciation.
2. Buildings, machinery, equipment, and land improvements, such as fences and parking lots,
have limited-service lives and are subject to depreciation.
3. Natural resources (wasting assets), such as oil wells, coal mines, and tracts of timber, are
subject to depletion as the natural resources are extracted or removed.
Acquisitions and disposals of property, plant and equipment are usually large in dollar
amount, but concentrated in only a few transactions. Individual items of plant and
equipment may remain unchanged in the accounts for many years.
Internal Control over Plant and Equipment

The amounts invested in plant and equipment represents a large portion of the total assets
of many industrial concerns. Maintenance, rearrangement, and depreciation of these assets
are major expenses in the income statement. The total expenditures for the assets and
related expenses make strong internal control essential to the preparation of reliable
financial statements. Errors in measurement of income may be material if assets are
scrapped without their cost being removed from the accounts, or if the distinction between
capital and revenue expenditures is not maintained consistently. The losses that inevitably
arise from uncontrolled methods of acquiring, maintaining, and retiring plant and
equipment are often greater than the losses from fraud in cash handling.
In large enterprises, the auditors may expect to find an annual plant budget used to forecast
and control acquisitions and retirements of plant and equipment. Many small companies
also forecast expenditures for plant assets. Successful utilization of a plant budget
presupposes the existence of reliable and detailed accounting records for plant and
equipment. A detailed knowledge of the kinds, quantities and condition of existing
equipment is an essential basis for intelligent forecasting of the need for replacements and
additions to the plant.
Other key controls applicable to plant and equipment are as follows:
1. A subsidiary ledger consisting of a separate record for each unit of property. An adequate
plant and equipment ledger facilitate the auditor's work in analyzing additions and
retirements, in verifying the depreciation provision and maintenance expenses, and in
comparing authorizations with actual expenditures.
2. A system of authorization requiring advance executive approval of all plant and equipment
acquisitions, whether by purchase, lease, or construction. Serially numbered capital work
orders are a convenient means of recording authorizations.
3. A reporting procedure assuring prompt disclosure and analysis of variances between
authorized expenditures and actual costs.
4. An authoritative written statement of company policy distinguishing between capital
expenditures and revenue expenditures. A dollar minimum ordinarily will be established
for capitalization; any expenditures of a lesser amount automatically classified as charges
against current revenue.
5. A policy requiring all purchases of plant and equipment to be handled through the
purchasing department and subjected to a standard routine for receiving, inspection and
payment.
6. Periodic physical inventories designed to verify the existence, a location and condition of
all property listed in the accounts and to disclose the existence of any unrecorded units.
7. A system of retirement procedures, including serially numbered retirement work orders
(work bottom), stating reasons for retirement, and bearing appropriate approvals.
Potential Misstatements – Investments in Property, Plant and Equipment
Description of Misstatement Examples Internal Control Weakness
or Factors that Increase the Risk of
the Misstatement

Misstatement of acquisitions of Fraud: • Undue pressure to meet earnings

property, plant, and equipment targets.
•Expenditures for repairs and • Inadequate accounting manual;
maintenance expenses recorded as incompetent accounting personnel.
property, plant, and equipment
acquisitions to overstate
income.

Error:
•Purchases of equipment
erroneously reported in
maintenance and repairs
expense account.
Failure to record retirements of Error: • Inadequate accounting policies, e.g.,
property, plant and equipment. failure to use retirement work orders.
• An asset that has been replaced
is discarded due to its lack of
value, without an accounting
entry.

Improper reporting of unusual Error:

transactions.
• • Inadequate
A "gain" recorded on an exchange accounting manual;
of nonmonetary assets that lacks incompetent accounting personnel.
commercial substance.
 Chapter 17: Internal Control affecting liabilities and equity

INTERNAL CONTROL OVER ACCOUNTS PAYABLE

The term accounts payable (often referred to as vouchers payable for a voucher system)
is used to describe short-term obligations arising from the purchase of goods and services
in the ordinary course of business. Typical transactions creating accounts payable include
the acquisition on credit of merchandise, raw materials, plant assets and office supplies.
Other sources of accounts payable include the receipt of services, such as legal and
accounting services, advertising, repairs, and utilities. Interest bearing obligations should
not be included in accounts payable but shown separately as bonds, notes, mortgages, or
installment contracts.
Invoices and statements from supplies usually evidence accounts payable arising from the
purchase of goods or services and most other liabilities. However, accrued liabilities
(sometimes called accrued expenses) generally accumulate over time, and management
must make accounting estimates of the year-end liability. Such estimates are often
necessary for salaries, pensions, interest, rent, taxes, and similar items.
In thinking about internal control over accounts payable, it is important to recognize that
the accounts payable of one company are the accounts receivable of other companies. It
follows that there is little danger of errors being overlooked permanently since the client's
creditors will generally maintain complete records of their receivables and will inform the
client if payment is not received. This feature also aids auditors in the discovery of fraud
since the perpetrator must be able to obtain and respond to the demands for payment. Some
companies, therefore, may choose to minimize their record keeping of liabilities and to rely
on creditors to call attention to any delay in making payment. This viewpoint is not an
endorsement of inaccurate or incomplete records of accounts payable, but merely
recognition that the self-interest of creditors constitutes an effective control in accounting
for payables that is not present in the case of accounts receivable.
Discussion of internal control applicable to accounts payable may logically be extended to
the entire purchase or acquisition cycle.
Potential Misstatements – Accounts Payable
Description of Misstatement Examples Internal Control Weakness
or Factors that Increase the
Risk of the Misstatement
Inaccurate recording of a purchase Fraud:
or disbursement •Inadequate segregation of
•A bookkeeper prepares a check to himself duties of record keeping and
and records it as having been issued to a preparing cash disbursements
major supplier. or check signer does not
review and cancel
Error: supporting documents.

•A disbursement is mode to pay on •Ineffective controls for

invoice for goods that have not
matching
been received.
invoices with
receiving documents before
disbursements are authorized.

Misappropriation of purchases Fraud: •Ineffective controls for

Goods are ordered but delivered to an matching invoices with
inappropriate address and stolen. receiving documents before
disbursements are authorized.

Duplicate recording of purchases Error: • Ineffective controls for

review and
A purchase is recorded when an invoice is cancellation of supporting docu
received from a vendor and recorded
again when a duplicate invoice is sent by
the vendor
Late (early) recording of cost of Fraud: • Ineffective board of
purchase problems" “Cutoff A. Purchases journal directors,audit committee, or internal audit fu
Problems” "closely early"
with this period's
purchases recorded
as having occurred
in subsequent
period
INTERNAL CONTROL OVER OTHER DEBTS

Business corporations obtain substantial amounts of their financial resources by incurring

debt and issuing capital stock. The acquisition and repayment of capital is sometimes
referred to as the financing cycle. This transaction cycle includes the sequence of
procedures for authorizing, executing, and recording transactions that involve bank loans,
mortgages, bonds payable, and capital stock as well as the payment of interest and
dividends.
Internal Control over Debt
Authorization by the Board of Directors
Effective internal control over debt begins with the authorization to incur the debt. The
bylaws of a corporation usually require that the board of directors approve borrowing. The
treasurer of the corporation will prepare a report on any proposed financing, explaining the
need for funds, the estimated effect of borrowing upon future earnings, the estimated
financial position of the company in comparison with others in the industry both before and
after the borrowing. and alternative methods of raising the funds. Authorization by the
board of directors will include review and approval of such matters as the choice of a bank
or trustee. the type of security, registration with the SEC, agreements with investment
bankers, compliance with requirements of the state of incorporation. and listing of bonds
on a securities exchange. After the issuance of long-term debt, the board of directors
should receive a report stating the net amount received and its disposition as, for example,
acquisition of plant assets, addition to working capital, or other purposes.
Use of an Independent Trustee
Bond issues are always for large amounts usually many millions of pesos. Therefore, only
relatively large companies issue bonds: small companies obtain long-term capital through
mortgage loans or other sources. Any company large enough to issue bonds and able to find
a ready market for the securities will almost always utilize the services of a large bank as
an independent trustee.
The trustee is charged with the protection of the creditors' interests and with monitoring
the issuing company's compliance with the provisions of the indenture. The trustee also
maintains detailed records of the names and addresses of the registered owners of the
bonds, cancels old bond certificates and issues new ones when bonds change ownership,
follows procedures to prevent over issuance of bond certificates, distribute interest
payments, and distributes principal payments when then bonds mature. Use of an
independent trustee largely solves the problem of internal control over bonds payable.
Internal control is strengthened by the fact that the trustee does not have access to the
issuing company's assets or accounting records and the fact that the trustee is a large
financial institution with legal responsibility for its actions.
 Interest Payments on Bonds and Notes Payable
Many corporations assign the entire task of paying interest to the trustee for either bearer
bonds or registered bonds. Highly effective control is then achieved since the company will
issue a single check for the full amount of the semiannual interest payment on the entire
bond issue.
INTERNAL CONTROL OVER OWNERS' EQUITY

The three principal elements of strong internal control over share capital and dividends:

1. the proper authorization of transactions by the board of directors and corporate office,
2. the segregation of duties in handling these transactions (preferably the use payments), and
3. the maintenance of adequate records.
Internal Control on Equity
Control of Share Capital Transactions by the Board of Directors
All changes in share capital accounts should receive formal advance approval by the board
of directors. The board of directors must determine the number of shares to be issued and
the price per share; if an installment plan of payment is to be used, the board must prescribe
the terms. If plant and equipment, services, or any consideration other than cash is to be
accepted in payment for shares, the board of directors must establish the valuation on the
noncash assets received. Transfers from retained earnings to the Share Capital and Paid-in
Capital accounts, as in the case of stock dividends, are initiated by action of the board. In
addition, stock splits and changes in par or stated value of shares require formal
authorization by the board.
Authority for all dividend actions rests with the directors. The declaration of a dividend
must specify not only the amount per share but also the date of record and the date of
payment.
Independent Registrar and Stock Transfer Agent
In appraising internal control over share capital, the first question that the auditors consider
is whether the corporation employs the services of an independent share registrar and a
share transfer agent or handles its own capital share transactions. Internal control is far
stronger when the services of an independent share registrar and a stock transfer agent are
utilized because the banks or trust companies acting in these capacities will have the
experience, the specialized facilities, and the trained personnel to perform the work in an
expert manner. Moreover, by placing the responsibility for handling share capital
certificates in separate and independent organizations, the corporation achieves to the fullest
extent the internal control concept of separation of duties.
Internal Control over Dividends

The nature of internal control over the payment of dividends, as in the case of stock
issuance, depends primarily upon whether the company performs the function of dividend
payment itself or utilizes the services of an independent dividend paying agent. If an
independent dividend-paying agent is used, the corporation will provide the agent with a
certified copy of the dividend declaration and a check for the full amount of the dividend.
The bank or trust company serving as stock transfer is usually appointed to distribute the
dividend, since it maintains the detailed records of shareholders. The agent issues dividend
checks to the individual shareholders and sends the corporation a list of the payments
made. The use of an independent fiscal agent is to be recommended from the standpoint of
internal control, for it materially reduces the possibility of fraud or error arising in
connection with the distribution of dividends.
In a small corporation that does not use the services of a dividend-paying agent, the
responsibility for payment of dividends is usually lodged with the treasurer and the
secretary. After declaration of a dividend by the board of directors, the secretary prepares
a list of shareholders as of the date of record, the number of shares held by each, and the
amount of the dividend each is to receive. The total of these individual amounts is proved
by multiplying the dividend per share by the total number of outstanding shares.
Dividend checks controlled by serial numbers are dawn payable to individual stockholders
in the amount shown on the list described above. If the shareholders ledger is maintained
on a computer master file, the dividend checks may be prepared by the computer directly
from this record. The stockholder list and dividend checks are submitted to the treasurer
for approval and signature. The checks should be reconciled by the treasurer with the total
of shares outstanding and mailed without again coming under control of the officer who
prepared them.
Cash in the amount of the total dividend is then transferred from the general bank account
to a separate dividend bank account. As the individual dividend checks are paid from this
account and returned by the bank, they should be matched with the check stubs or marked
paid in the dividend check register. A list of outstanding checks be prepared monthly from
the open stubs or open items in the checks register.
This list should agree in total with the balance remaining in the dividend bank account.
Companies with numerous shareholders prepare dividend checks in machine-readable
form, so that the computer may perform the reconciliation of outstanding checks.