Internal Control

Four levers of Control are intended to help management reconcile yung conflict bet. Creativity and controls.

Internal Control, hampers the creativity of managers, Sort of limitation of how you do business.

Creativity – how managers transform, innovate expand their businesses. Value creation, how businesses create value

Control – to ensure accurac

How creativity and control would be harmonized, first consider the

1. Belief System – as an organization, belief system is important to move forward

- Belief system can be seen evidently in a well-established company.
- core values, vision and mission, corporate values
- Belief system is a set of belief that define basic values, purpose and direction.
So bakit nga ba kailangan ng belief system sa isang organization, para macontrol yung commitment especially ng mga
employees sa vision, mission statement, core values, at statement of purpose ng organization. Through a belief
system in placed sa isang business, empower the employees and encouarages them to search for new opportunities
Belief system yung nagbibigay ng guidance and momentum para towards the achievement of mission statements,
vision tsaka yung purpose ng isang business
- belief system is essential in reconciling conflict between how the org will move forward and how the internal control
will be much implemented.
Helps empoyees to contribute by removing uncertainty about purpose, managers communicate core vaues and missiion

2. Boundary System
IS comprised of formally stated rules, limits, and prescriptions tied to defined sanctions and credible threat to
punishment
- Code of ethics – guidelines, you can do your however you want but remember the guidelines na sinet ng companya
mo.
Employees are given the opportunity to creatively do their jobs while still observing minimum compliance sa
standards na sinet ng organization,
Business rules na nagsasabi kung ano yung mga hindi allowed, but it also avoids telling people or employee how
Enable the employees the potential to do the right thing and avoid pressure or temptation with managers specifying and
enforcing rules of the game.

3. Diagnostic control system – feedback system na kung saan yung outcome from the standard na sinet or preset
standards ng oranization ay namomonitor
Example: Profit plans and budgets, smart goal setting systems, project monitoring systems
Mahalaga ito sa mga businesses para mas ma achieve ng org yung goals nila at mas maging maganda yung future
outcome
- Input or Opinions or feedback from frontliners ( those who process transaction on a day-to-day basis, they’re more
knowledgeable sa nangyayari since sila nga yung involved doon, challenges)
Gamit yung feedback from those involved sa process, yung mga gumagawa internal control ay mag-aadjust accordingly
by listening to them para mas maging maayos yung resulta
Allow managers to ensure that important goals are being achieved efficiently and effectively.
Objective: allow effective resource allocation
4. Interactivecontrol system
Organizations use this system to track new ideas, to trigger new learning and to properly position the organization
- face-to-face meetings with employees, open forum, superiors, subordinates and peers. COLLECTIVE EFFORT.
Nagpapartake din yung employees or everyone
And ang objective ng interactive control system is to focus yung attention ng organization sa stategic issues na
kailangan maaddress, para magkaroon

TO create, by supporting opportunity identification and removing fear of risk. Managers enable this by establishing open
organization dialogue to encourage learning

SARBANES OXLEY ACT of 2002

Most important legislation in the United States pertaining to how companies do business in the US, single most
important business finance and corporate related legislation of US in recent memory.
Included siya sa discussion because it is still effective and it is still the guidance in corporate governance in US.
It is important for companies in the Philippines, to tap financial markets in the US, to be listed in the New York Stock
Exchange, or simply to do business with American Companies and have compliance with SOX of 2002.

Public Company Accounting Oversight Board (PCAOB). An entity the controls the auditing profession. Created to
enforce quality control with respect to audit engagements ; to enforce ethical and auditing standards that are relevant
to ensuring that financial reports are correct and reliable, wherein the public can rely on them

New rules for auditors. SOX also introduced new rules for auditors.
Must: 1. Report specific information like critical accounting policiesand practices
Must not 1. Perform certain nonaudit services such as Information system design and implementation
2. Provide services sa companies if ang nag employ sa top management was the auditing firm at ang work siya
sa company’s audit in the past 12 months. Mga alumni or former partners ng auditing firms can no longer be employed.
Audit clients can no longer be tax clients. Ang iniiwasan dito ay yung conflict of interest.

New roles for audit commitee Diba napag-aralan natin sa Corporate Governance na isa sa board committees ng
business ay yung audit committee,
Audit committee must be on the company’s board of directors but they are independent, ang gagawin lang nila ay
magrelay ng decision sa chairman and yung desisyon na yun is yung picking and hiring ng auditing firm or auditor pag
compensate at pagversee sakanila, tapos yung isang member dapat ng audit committee is financial expert.

New rules for management. Sa new rules for management naman, CEO and CFO are required by the SOX na icertify
yung FS at siguraduhin na maayos ung pagkakareport nung mga yon, fair at talagang kumbaga mapagkakatiwalaan ng
public or sinumang gagamit non. Tas another is kapag nilabag ng management yung mga rules pwede sila maprosecute
at pagbayarin.

New Internal control requirements

Section 404 – Dito nirerequire yung mga kompanya na gumawa ng report stating na Yung management yung magiging
responsible sa paggawa ng maayos na internal control system.
1. Assessment ng management sa internal control, accurate at significant ito.
Note: It is themanagement’s responsibility alone to establish an internal control system. Kung ano yung na establish ng
management na ICS, hindi na yun pwedeng baguhin ng auditor nino man, pwede silang magbigay ng opinyon or
anything pero it’s not their responisibility to establish or change ICS

After SOX
1. Ibase sa isang recognized framework yung evaluation, must be guided by control framework
2. Kailangan idisclose lahat ng relevant na weaknesses sa internal control
3. Conclusion, there are material weaknesses kapag walang effective FR internal controls.

COBIT
COSO
ERM

COBIT FRAMEWORK –developed by ISACA, consolidates standards. To handle information technology management and
IT Governance
Mainly focused on business and defines the generic process for IT Management. It includes the defined process with
inputs, outputs and key activities, it also oversees the performance measures and objectives of the process
To derive financial measures to assist the financial audit community in better maneuvering IT related environments.
1996, the cover was only in auditing. 1998, broader version, 2000, management guidelines. 2005 and 2007 business
process and the responsibilities in defining the value

Is a business orientation, which links the bsuiness goals with the available resources by providing various metrics used to
measure the businesse’s success

Is intended to assist enterprise in organizing and categorizing all of their IT governance obejctices
Assists businesses in adhering to IT best practices and integrating them with overall business requirements
- Management guidelines
-Maturity Models
-Control Objectives

1. Since management ang responisble sa pagdedesign, determine at establish ng ICS, so sila din ang allowed mag
benchmark ng security at control practices gaano kahigpit, ano yung best control practices.
2.
3.

COBIT 5 – Five principles with respect to IT governance and management, 2012

1. Meeting Stakeholder needs. By means of helping yung mga users like the management, creditors, shareholders and
other stakeholders sa pag customize business process para makapagcreate ng IS na beneficial sa stakeholders.
The objective for all businesses is to meet the demands of their stakeholders while preserving maximum data security.
COBIT supports this change and assists businesses in developing plans to help them achieve their objectives
Meeting stakeholder needs is divided into three stages, una organization must enhance their resources, second gaining
the advantage of their resources and third risks that it implies, with the help of COBIT 5 naachieve ng mga business yung
balance ng tatlong to
This process includes managing all stakeholders requirements, even conflicting ones, through appropriate governance,
decision making, and negotiation, so that result delivers value

2. Covering the enterprise end-to-end . When it comes to governance, COBIT is equally focused on addressing the entire
project as a whole. So dito yung COBIT pinag-iisa niya or kinocombine niya yung IT services at procedures with business
processes para makapag provide ng platform na magiintegrate ng IT at enterprise governance

3. Applying a single, integrated framework. So yung COBIT kasi is a single integrated framework, na-aaddress niya yung
lahat ng technological developments, yung pagmamanage ng risk tsaka pag govern ng information, all-encompassing
siya and acts as a Single integrated framework
Note: COBIT may also be customized to meet the demands of any organization while maintaining compliance with
regulatory standards

4. Enabling a holistic approach.

IT governing is more than simply the IT department, it must cover the entire environment na kung saan ay naaddress
naman ng COBIT 5. So isa sa guiding principle ng COBIT is to approach governance comprehensively, wherein yung IT
auditing anf management ng organization ay icocollaborate ng COBIT to develop ng mas effective at enterprise-wide na
governance through the use of certain ‘enablers’
So yung enablers na yun is categorized into five and pwede siyang gamitin ng lahat ng division ng organization
-Principles and policies, structures within the company, all the information and data, processes of the company, and
competencies and skills of the employees
5. Separating governance from management – COBIT framework, distinguishment bet governace and management
So alam naman natin na ang governance at management ay magkaiba, at tong dalawang to ay it also require separate
structure to manage since magkaiba din sila ng goals, responsibilities and activities. Through COBIT, naiintegrate yung
magkaibang goals responsibilities and activities ng governance at management at nagkakaroon ng distinction or
separation through different frameworks.

So kagaya nga ng napag-aralan natin sa Corporat governance diba, Governance responsibility siya ng BOD.
EDM Mehod, Evaluate, Direct at Monitor.
Evaluate yung needs ng stakeholders
Direct, BOD yung nagpoprovide ng direction sa management by prioritizing objectives
Monitor, BOD yung nagmomonitor performance

Management: PBRM Method, Plan, build, run and monitor

Presidend, CFO, CEO, in charge sa day to day operation
in charge sa planning, building, running, monitoring activities at yung mechanisms na gagamitin para ma attain yung
objectives na sinet

COBIT 5 helps digital transformation by allowing businesses to respond quickly and easily to risks interruptions or
changes
Digital transformation –is all about maximizing the use of technology and processes to help businesses succeed

The growth of COBIT has introduced numerous helpful improvements in how IT teams function in a business throughout
time.
1. the need for more stakeholder involvement, increasing dependence on third party for IT Solutions, increasing volumes
of information to be managed
2. the integral nature of IT and most businesses and business processes and a goals to help establish
a need for end-to-end management and governance frameworks that provide us better control over
our solutions and provide us proper alignment within the ISACA frameworks as well as with other
frameworks like idle