Page 1 of 13
AT-5910
CPA REVIEW SCHOOL OF THE PHILIPPINES
M a n i l a
AUDITING THEORY
INTERNAL CONTROL
Related PSAs/PAPSs: PSA 400, 402 and 315
The auditor should obtain an understanding of the accounting and internal control systems sufficient
to plan the audit and develop an effective audit approach.
Accounting system means the series of tasks and records of an entity by which transactions are
processed as a means of maintaining financial records. Such systems identify, assemble, analyze,
calculate, classify, record, summarize and report transactions and other events.
Internal Control System means all the policies and procedures [internal controls] adopted by the
management of an entity to assist in achieving management’s objective of ensuring, as far as
practicable,:
• orderly and efficient conduct of its business, including adherence to management policies;
• safeguarding of assets;
• prevention and detection of fraud and error;
• accuracy and completeness of the accounting records; and
• timely preparation of reliable financialinformation.
The internal control system extends beyond those matters which relate directly to the functions of the
accounting system.
Internal Control Components [PSA 315]
[a] The control environment;
[b] The entity’s risk assessment process;
[c] The information system, including the related business processes, relevant to financial reporting,
and communication;
[d] Control activities; and
[e] Monitoring of controls.
Control environment
The control environment includes the attitudes, awareness, and actions of management and those
charged with governance concerning the entity’s internal control and its importance in the entity. The
control environment also includes the governance and management functions and sets the tone of an
organization, influencing the control consciousness of its people. It is the foundation for effective
internal control, providing discipline and structure.
The control environment encompasses the following elements:
• Communication and enforcement of integrity and ethical values.
• Commitment to competence.
• Participation by those charged with governance.
• Management’s philosophy and operating style.
• Organizational structure.
• Assignment of authority and responsibility.
• Human resource policies and practices.
Entity’s risk assessment process
An entity’s risk assessment process is its process for identifying and responding to business risks and
the results thereof. For financial reporting purposes, the entity’s risk assessment process includes
how management identifies risks relevant to the preparation of financial statements that are presented
fairly, in all material respects in accordance with the entity’s applicable financial reporting framework,
estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to
manage them.