An adequate system of internal controls is most likely to detect an irregularity perpetrated by a:

Page 1 of 13

AT-5910

CPA REVIEW SCHOOL OF THE PHILIPPINES

M a n i l a

AUDITING THEORY

INTERNAL CONTROL

Related PSAs/PAPSs: PSA 400, 402 and 315

The auditor should obtain an understanding of the accounting and internal control systems sufficient

to plan the audit and develop an effective audit approach.

Accounting system means the series of tasks and records of an entity by which transactions are

processed as a means of maintaining financial records. Such systems identify, assemble, analyze,

calculate, classify, record, summarize and report transactions and other events.

Internal Control System means all the policies and procedures (internal controls) adopted by the

management of an entity to assist in achieving management’s objective of ensuring, as far as

practicable,:

• orderly and efficient conduct of its business, including adherence to management policies;

• safeguarding of assets;

• prevention and detection of fraud and error;

• accuracy and completeness of the accounting records; and

• timely preparation of reliable financialinformation.

The internal control system extends beyond those matters which relate directly to the functions of the

accounting system.

Internal Control Components (PSA 315)

(a) The control environment;

(b) The entity’s risk assessment process;

(c) The information system, including the related business processes, relevant to financial reporting,

and communication;

(d) Control activities; and

(e) Monitoring of controls.

Control environment

The control environment includes the attitudes, awareness, and actions of management and those

charged with governance concerning the entity’s internal control and its importance in the entity. The

control environment also includes the governance and management functions and sets the tone of an

organization, influencing the control consciousness of its people. It is the foundation for effective

internal control, providing discipline and structure.

The control environment encompasses the following elements:

• Communication and enforcement of integrity and ethical values.

• Commitment to competence.

• Participation by those charged with governance.

• Management’s philosophy and operating style.

• Organizational structure.

• Assignment of authority and responsibility.

• Human resource policies and practices.

Entity’s risk assessment process

An entity’s risk assessment process is its process for identifying and responding to business risks and

the results thereof. For financial reporting purposes, the entity’s risk assessment process includes

how management identifies risks relevant to the preparation of financial statements that are presented

fairly, in all material respects in accordance with the entity’s applicable financial reporting framework,

estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to

manage them.