A presentation that discusses a subtopic in the AIS course, Internal Control and Review. Particularly Control and Information Systems.

1. Abou t Inte rn al con trol and rev iew an d h ow i t is b e in g
appl i e d in our fiel d and d ail y l iv e s. To grasp c once p ts
of i nte rn al co ntrol so mu ch th at we appr ie c iate i ts
valu e .
W hy i nte rn al co ntrol i s ne c es sary to ke e p a
harmon io us and e r ror -f re e way of d oi ng th in gs .
Pe rfor min g acts and b asi c al l y how the appl i catio n has
val u e . To un de rs tan d wh at i t me ans to go w ith out,
an d to u nd e rstand i ts con se q ue n ce s.
TO LEARN TO UNDERSTAND
DISCUSSION
OBJECTIVES
PG 2/62

2. An inte rn al c ontrol sy stem en compasses
al l policies and p roc edures ( internal
controls) adopted by managemen t to en sure
th e orderly and efficient con duct of
busin ess ( Cabrera, 20 20) .
CONTROL
SYSTEMS
In Corporate Governance
PG 3/62

3. INTERNAL
CONTROL
SYSTEMS
• Control Environment
• Entity's risk assessment process
• Information system
PG 4/62
• Control activities
• Monitoring of controls

4. CONTROL
ENVIRONMENT
T he c on t rol en viron men t re fle cts the ov e ral l at ti tud e , aw are ne s s , and act i ons o f d ire ct or s
and m anag e m e nt re g ard i ng t he i nt e rnal co ntrol s y s te m and its im p o rtance .
F act or s i nfl ue nci ng t he cont ro l env i ro nm e nt i nclud e :
• The b oard of d ire ct or s' and i ts co mm i tt e es ' f unct io n
• M anag e m e nt 's p hil o so p hy and o p e rati ng s ty l e
• The e ntit y 's org aniz ati o nal s tr uct ure and aut hori ty / res p o nsi b il it y as si g nm e nt me t hod s
• M anag e m e nt 's cont ro l s ys te m
PG 5/62

5. ENTITY’S
RISK
ASSESSMENT
PROCESS
Risk a ssessment invo lves identifyi ng, anal yzing,
and managing r isks related to financial statement
prepara ti on.
PG 6/62
• New techn olog y
• New bu siness models
• Corporate restructurings
• Exp an ded foreign operations
• New accounting p ronouncements

6. INFORMATION SYSTEM
An informat ion syst e m includes:
• Infrastructure (physical & hardware)
• Software
• People
• Pro cedures
• Data
PG 7/62

7. CONTROL
ACTIVITIES
PG 8/62
Con trol a ctiv it ies are po li ci e s and p roc e du re s e n su rin g
manage m e nt d irec ti ve s are fo ll owe d to ad dress risk s. T hey
are ap p lie d at vario us org an iz ati on al and fun c tion al l eve l s.
Maj or Cat egories:
A. Perf orma n ce Rev iew
Th is in volv es compa ring a ct ua l performa nce t o b udget s, forec as ts,
prior periods, or compet it ors' da t a.
B. In f ormat ion Proc essin g Con trols
Th is in cludes proper a ut horiza tion, segreg at ion of d ut ies, a dequa t e
docu ment s a nd records, sa feg ua rds over a sset a ccess , independ en t
chec ks on p er forma nce
C. Ph ysical Con trols

8. MONITORING OF CONTROLS
Monitor ing assesses the qualit y of inte rnal contro l ove r time . It
involves:
• assessing de sign and operation,
• taking cor re ctive action as ne eded, and;
• modifying co ntrols for changing conditions.
PG 9/62

9. INTERNAL CONTROL,
AUDIT &
COMPLIANCE
PG 10/622

10. INTERNAL CONTROL
I nt erna l co n tro l ma y b e defin ed a s “ t he p l a n of org a ni z a t i o n a nd a l l t he
m e t ho ds a nd p ro ce d u re s a d op t e d by t he m a na ge m e nt o f a n e nt i t y t o
a s si s t i n a chi ev i n g m a na g e m en t ’s o bj ect i v e of e ns ur i ng , a s fa r a s
pra ctica b le, t he o rde r l y a n d effi ci en t con du ct of i t s b us i ne s s, in clud ing
a dh eren ce t o ma na ge me nt p o licies, the s a fegu a rdin g o f a ssets,
prevent io n a nd d etec tio n o f fra ud a nd erro r, th e a ccu ra cy a n d
co mplet ene ss o f t he a cco unt ing reco rd s, a n d th e timely p repa ra tio n o f
relia ble fina n cia l inf o rma tio n. Th e sy stem o f interna l c o ntro l exten ds
bey o n d th o se ma tt ers wh ich rela t e directly t o the fun ctio n s o f the
a cc o unt ing s y stem. Th e i nt e r na l a u di t fun ct i on cons t i t ut e s a se p a ra t e
com p on e nt of i n t e r na l con t ro l wi t h t he ob j e ct i v e o f de t e r m i ni n g
whe t h er ot h e r i n t e rn a l con t rol s a re we l l d e s i gn ed a n d p rop e rl y
op e ra t e d . ” (A cco rding to th e A ud iting a nd A ssu ra nc e St a nd a rd [A A S] 6 )
1.En cou rag i ng adh e re n ce to p re s cri be d p oli c ie s
2.Preve n ti n g frauds an d e rrors
3.Promotin g op eration al e ffic ie n cy
4.Safe g uard i ng ass ets an d re c ord s
5.Provi d in g accu rate an d rel i abl e data
6.Ass is tin g i n ti me l y pre parati on of fin anc ial
i nf ormati on
Definition Main Objectives
(Auditing and Assurance Standard-6)
PG
11/622

11. AUDIT/AUDITING
• F rom th e lat in w ord Audire or “ to he ar ”
• au d it in g i s d efin e d a s a sy ste ma tic a nd
in d ep en d en t exam in at ion of d at a,
sta te me n ts, rec ords, op erat ion s a nd
p er f orm an ce s (fin an ci al o r o th er wi se ) of
an en te r pr is e f or a s tat ed p u rp ose
(Ge ne ral Gu ide l in es on I nt er n al A u dit in g
by ICA I )
Definition
• Beca u se i t i s thei r res pon si bi l ity to ca reful l y
in sp ect a comp a ny ’s fi n a nci a l sta tements , i t i s
c ri ti c al that au di to rs obtai n an un de rs tan din g
of th e ac c ou nti ng and i nternal c ontrol s ys tem s
so that they c a n prope rl y dev e l o p an eff e c ti v e
audi t appro ac h.
• “ T he a u di tor sh ou l d u se p rofessi on a l ju dg emen t
to a ss ess au d it ri s k a nd to d e s ig n au d it
p roce d u re s to e n s u re th at it i s re d u ce d to a n
acc ep tab ly low lev el . ”
PG 12/622

12. AUDIT
RISK th e r i sk th a t t he a ud ito r g iv es a n i na p p rop r ia te
a ud i t o pi ni on w h en the fi n a nci a l sta temen ts a re
ma teri a l ly mi ssta ted . H a s 3 co mp on en ts.
PG 13/622

13. 3 COMPONENTS
OF AUDIT RISK
is th e s us ce pti bi li ty of an accou nt
balanc e or cl as s of transac ti on s to
mis state me nt that co ul d be
mate ri al, e i the r in di vi du all y or
wh e n ag gre gate d wi th
mis state me nts i n oth er balan ce s or
cl asse s, as sumi n g that the re w e re
no re late d in te rn al con trol s.
Aud itor w oul d us e Profe ssi on al
ju dg e me n t to eval uate th is r i sk
the ri sk that mis state me nts ,
wh e the r i ndi vi du all y or i n
aggre gate , w il l n ot be preve n te d or
de te cte d an d corre cte d by the
accou nti ng and i n te r nal c ontrol
sys te ms i n a ti mel y man ne r. I t
e nco mpasse s th e e ffe c ti ve n e ss of
in te rnal con trol s i n mi ti gati n g the
ri sk of mate r ial mi ss tate me nt.
Th e re sh oul d be a p re l i min ary
asse ss me nt of con trol ri sk
Inherent Risk Control Risk
is th e c han ce th at an aud itor w i ll
fai l to fin d mate r i al mis state me n ts
that exi st in an e nti ty 's financ ial
state me n ts . The s e mi sstate me nts
may b e d ue to e ithe r f rau d or e rror.
Aud i tor s make us e of au di t
proce d ure s to de te ct the se
mis state me nts
Detection Risk
PG 14/622

14. COMPLIANCE
Definition
• In an a udit c ontex t, control is the pa rt of
the pro cess des ig ned to ac comp lis h a g oal
while compliance is the execution of the
process that was designed .
• Ex. Object ive is t o protect the information
in our co mputers ; Control is when we set
up rules of cha ng ing the p ass wo rd every 90
da ys , a nd Compliance is the act ua l
changing of the p a ssword every 90 da ys
• Complia nc e is a necess ity when s etting up
int ernal c ontrol and auditing systems
considering the s uc ces s of s aid systems a re
depend ent on the compliance of the firm’s
emp loyees (a lso as to how well they a re a b le
to comp ly to said controls or s ys tems )
PG 15/622

15. INTERNAL CONTROL AND
REPORTING
PG 16/62
Foc us e s on e ffic ie n tly h andl i ng large
qu antiti e s of g oods or s e rvi ce s,
ofte n se e n in mas s produ cti on or
h igh -v olu me se rvi ce op e ration s.
Add re s se s the ne e d to manage
di ve rs e p roduc ts , se rvi ce s, or tasks,
re qui ri n g flexib i li ty to me e t var yi ng
cu stome r de mand s.
Invo lve s mai ntai ni ng transp are nc y
an d real -ti me tracki ng th ro ugh ou t
proce ss e s, cru ci al i n l ogi sti cs and
cu stome r s e rvi ce op erati on s.
Focu se s o n ad aptin g to fluctuati on s
an d u npre di ctabi l ity i n op e ration s,
su ch as ch an gi n g d e mand or marke t
con di ti on s, re q ui ri ng ag il i ty and
re sp on si ve ne s s.
Components of Internal
Control
01
03
02
04
Limitations
Preventive and Detective
Controls
Importance

16. COMPONENTS OF
INTERNAL
CONTROL
PG 17/62
• whe re co mpet ent peo ple u nderst a nd t heir
respo nsibilit ies a n d a u tho rit y a nd a re
co mmitte d to a c ting a pp ro pria te ly, will
provid e a fo u nda t io n fo r in terna l co ntro ls
to exist a nd o pera te effe ctively
• he A u dit Offi ce a p plies a n ent erp ris e wid e
risk ma na g ement fra mew o rk wh ere risk
ma na g ement is embed ded with in th e A ud it
Offi ce’s overa ll stra teg ic a nd o pera tio n a l
po licie s a nd pra c tices
• Control Environment
• RIsk Assessment
• The A u dit O ffi ce ha s a nu mb er o f oversigh t
bo d ies a n d qu a lity a ss ura n ce pro cesse s
inclu ding :
⚬ • The O ffi ce Execut ive
⚬ • The A u dit a nd R isk C o mmitte e
⚬ • I nte rna l a ud it
⚬ • Exte rn a l a ud it
⚬ • PAC Qua dren nia l R eview Q ua lity
reviews
⚬ • AC AG P e er reviews
⚬ • Qua lit y A ssu ra nce F ra mewo rk a n d
Qua lit y A udit Review C o mmit tee ( QA R C)
⚬ • Oth er A u dit O ffi ce C o mmitte es (such
a s W H S Co mmit tee a nd R emun era tio n
Co mmit tee)
• Monitor
• Control Activities
• Information and
Communication
• The A u dit O ffi ce’s in tra n et a nd w ebsit e,
Offi ce F o rum, pro f essio na l deve lo pmen t
pro g ra ms, s tra t egic a n d b usine ss
pro c esses , info rma tio n sy ste ms a nd t he
Lea d ers hip Tea m, iden tify, ca ptu re a n d
co mmunic a te in fo rma t io n th a t e na b les
peo ple to mee t th e req uiremen ts o f t heir
jo b
a re inco rp o ra te d in t he A u dit O ffi ce’s po licies ,
pro ce dures a n d pra c tices . Co ntro ls ca n be
cla ssified a s th o se b efo re t he event a s
preventive, o r a ft er the even t a s d etec tive o r
co rrective.

17. • Preventive - Activities aimed to deter
errors or fraudulent actions from
happening which include thorough
documentation and authorization from
happening. Separation of duties, a key
part of this process, ensures that no single
individual is in a position to authorize,
record, and be in the custody of a financial
transaction and the resulting asset.
• Detective - backup procedures designed to
catch items or events the first line of
defense has missed. Here, the most
important activity is reconciliation, which
is used to compare data sets. Other
detective controls include external audits
from accounting firms and internal audits
of assets such as inventory
• Corrective - procedures aimed at
correcting errors that may have happened.
Procedures such as operation changes,
data validity tests, system changes.
Basically the “what to do if it happens?”.
Are i nc o rpo rat ed i n the Audi t Offic e’s pol i c i es , pro c edure s a nd prac ti c es .
Co n tro l s c an be cl a ss i fied as tho s e be fo re th e eve nt as preve nti ve , o r a fter
the event a s de tec ti ve o r c o rrec ti ve . (Inte rna l COntro l Framework, 2019)
PREVENTIVE,
DETECTIVE AND
CORRECTIVE
CONTROLS
PG 18/62

18. De c is i o ns i n o pera ti o n ma nag eme nt in vo l ve s trate gi c,
tac ti c al , an d o pe rati o na l c ho i c es ma de to o pti mi ze
pro ce s se s , res o urc es , an d o u tc om es . The se dec i si o ns
en co mpa ss c ap ac i ty pl a nni ng, i nvento ry mana gem ent,
qual i ty c on trol , s uppl y c hai n ma nag eme nt, pro c es s
i mprove me nt, res o urc e a ll o c a ti o n, s c hed ul in g, ri s k
man agem en t, te c hno l o gy a do ptio n , a nd s trate gic
pl ann in g t o en s ure effic i ent a nd eff ec ti ve o pe rati o ns
al i gned wi th o rgan i zati o na l go a ls .
LIMITATIONS
PG 19/62

19. PG 20/62
• Inte rn al co nt ro ls are the me c han is ms , rul es , an d p ro c e dures
i mple me nted by a c o mp any to e ns ure th e i nte gri ty of fin anc i al an d
ac c o unti ng i nfo rmat io n, pro m ote ac c ou ntabi l i ty, a nd preve nt fra ud
• The Sa rb ane s- Ox l ey Ac t o f 2002, e nac ted in th e wa ke o f t he a cc o unti ng
s ca nda ls i n the e arl y 2000s , se eks to pro tec t i nves to rs fro m fraud ul ent
ac c o unti ng ac ti vi ti e s and i mprove the ac c urac y and re l i abi l i ty o f
c orpo rate d is c l o s ures (Int ernal C on tro l Fra mewo rk, 2019)
IMPORTANCE

20. MANAGEMENT INFORMATION IN AUDIT AND
INTERNAL CONTROL
"Ma nagem ent inf orma tion" in a n audit ref ers to the da ta and
d eta ils coll ect ed from an org anizati on's i nt ernal sy st em s and
p rocess es, use d by aud itors to asse ss t he e ffe ct iv ene ss of
m ana ge me nt control s, ev aluat e fi nancia l rep orti ng accuracy,
and unde rst and the ov e ral l hea lth a nd ope ra ti ons of the
b usi ne ss , providing crucial insight s fo r decisio n- making dur ing
the audit process. ( Canada. 2 0 23 )
PG 21/62

21. Financial data
Operational
data
Compliance
data
• Thi s i n fo rmati o n c an c o me fro m va ri o us s o urc es l i ke finan c ia l
s ta teme nts , i nte rna l c o ntro l do c umen tati o n, o pera tio n al repo rts, bu dget
data, pe rfo rm anc e me tric s , a nd empl oy ee in tervi ews.
SOURCES OF DATA Liceria & Co.
TYPES OF MANAGERIAL
INFORMATION
PG 22/62

22. PURPOSE
• Identify potential risks and areas of
concern within the organization.
• Evaluate the effectiveness of
internal controls implemented
by management.
• Understand the company's
business strategy and how it
is being executed.
PG 23/62
• Assess accuracy and
reliability of Financial
Accounting
• Provide management with
recommendations for
improvement based on audit
findings.

23. MANAGEMENT
INFORMATIO
N SYSTEM A Ma n ag emen t In for ma ti on S ystem (MIS ) is a n
a uto ma ted da ta b a se th a t s tores fi na n ci a l
in fo r ma tio n a nd is d esi g n ed to gen era te reg u la r
op era tion a l rep or ts fo r a l l lev els of ma n a g em ent
wi thi n a comp a ny. MI S serv es a s a v a l ua b le
resou rce for execu tiv es to a ssess th e effi ci en cy of
thei r b u sin ess op erat io ns. (Ta xma n n , 2 0 2 3 )
PG 24/62

24. INTERNAL CONTROL –
COSO INTEGRATED
FRAMEWORK
PG 25/62

25. The CO SO (Commi ttee of Spon sori ng O rgan ization s of
th e Treadw ay Commi ssion ) In te grate d F ramew ork
o rig ina lly, i ssued in 1992 an d upda te d i n 2013, was
dev elo p ed as gui dan ce t o hel p imp rov e co nfi den ce in all
typ es o f dat a and info r mat io n. It o ffe rs pri nci ple s-b ased
gui dan ce fo r d esig nin g and imp lemen tin g i nt ern al
co ntro ls. It wa s dev el o ped to hel p o rg ani zati o ns a chiev e
o bje ctiv es re late d to op erati on s, repo r tin g, an d
co mp lia nce, ad dressing t he nee d fo r e ffecti v e co ntro l
mechan isms (COS O, 2023).
COSO
INTEGRATED
FRAMEWORK
PG 26/62

26. COSO INTEGRATED
FRAMEWORK
PG 27/62
The COSO framework comprises three dimensions: objectives,
components, and organizational structure of an entity. They
are modeled in a cube diagram.

27. It focus es on im prov i ng effici en cy by
ensu r i ng sm ooth p roc esses, mon i tor i ng
ta rg ets, a nd ma n a gi ng com pa n y a ssets to
a chi ev e op era tion a l g oa l s (Ka p pel , 2 0 2 3 ).
It i s rel a ted to ti mel in ess, tran sp arency an d
reli a bi l ity of th e orga n iza ti on’s rep or tin g
ha b it s, p erta i n in g to i n ter n a l an d exter na l
fi n a nci a l rep or tin g , a s wel l as n on- fi na n cia l
repo r tin g (Ka pp el , 2 0 2 3 ).
To en sure t he org a n iza tio n a dh eres to l a ws
a nd regu l ati on s, i n cl ud in g l a bo r, p r iv a cy,
a nd en v i ron menta l l a ws, t o sta y comp l ia n t
wi th i n du str y sta n d ards (Ka pp el, 2 0 2 3 ).
Operation Objectives Reporting Objectives
Compliance objectives
PG 28/62
THREE CATEGORIES OF OBJECTIVES
OF COSO INTEGRATED FRAMEWORK

28. COSO INTEGRATED
FRAMEWORK
PG 29/62
There are five integrated components of COSO Framework
which includes 17 principles that works to support the
achievement of a company’s mission, strategies and related
organizational objectives.
Control Environment
Control Activities
Risk Assessment
Information and
Communication
Monitoring

29. CONTROL ENVIRONMENT
Principles
PG 30/62
1.Com m it m en t to in t egri ty a n d eth ics
2.In ter n a l co n trol ov ersi gh t by t h e bo a rd o f di rect or s, i n de pen de n t o f m a n a ge m e n t
3.Stru ctu res, re po rt in g li n e s, a n d a p pro pr ia t e respo n si bil i tie s in th e pu r su i t o f
o bjec ti v es esta bl i sh ed by m a n a ge m e n t a n d ov e rseen by t h e bo a rd
4.A co m m i tm en t t o a t tra ct, dev el op , a n d reta i n co m pet en t in d iv i du a ls i n a l i gn m en t wi th
o bjec ti v es
5.Ho ldi n g i n di v i du a ls a cco u n t a bl e fo r th e ir i n te rn a l co n tro l respo n si bi li ti es i n p u rsu it o f
o bjec ti v es

30. RISK ASSESSMENT
PG 31/62
Principles
6 . Speci fyi n g o bj ecti v es cle a rl y en o u gh f o r ri sk s to be i den ti fied a n d a ssessed
7 . Id en t if yi n g a n d a n a l yzi n g r isk s to dete rm i n e h ow th ey sh o u l d be m a n a ged
8 . Co n sid eri n g th e p o ten t ia l of fra u d
9 . I den ti f yin g a n d a sses si n g ch a n ges t h a t cou l d sign i fica n tl y i m p a ct th e syste m o f in t ern a l
co n tro l

31. CONTROL ACTIVITIES
Principles
PG 32/62
1 0. Se lect in g a n d dev el op in g co n t rol s th a t m i gh t h el p m it ig a te ri sk s t o a n a ccept a ble
l ev el .
1 1. Sel ecti n g a n d dev el o pi n g gen e ra l c on trol a cti v i tie s ov e r tech n o lo gy
1 2. Depl oyi n g co n tro l a ct iv i ti es a s spe cifi ed i n p o li cies a n d rel ev a n t proce du res

32. INFORMATION AND
COMMUNICATION
PG 33/62
Principles
13 . O bt a in in g o r ge n era ti n g relev a n t, h igh - qu a l i ty in f or m a t io n t o su pp or t in ter n a l co n tro l .
14 . In ter n a l l y c om m u n i ca ti n g i n f o rm a ti o n , in clu din g o bjec tiv e s a n d respo n si bi li ti es,
n ece ssa ry to su ppo rt t h e o th er co m po n e n ts o f i n te rn a l con tro l.
15 . Co m m u n ica ti n g re lev a n t i n t ern a l co n tro l m a tter s to ex ter n a l pa rti es.

33. MONITORING
Principles
PG 34/62
1 6. Selec ti n g, dev el op in g, a n d per f or m i n g on go in g o r sep a ra t e ev a lu a ti o n s o f th e
co m po n en t s o f i n t ern a l co n tro l.
1 7. E v a l u a t in g a n d co m m u n ic a ti n g defi ci en ci es to th o se respo n si ble f o r cor re ctiv e a cti o n ,
i n cl u di n g sen i o r m a n a gem en t a n d th e bo a rd o f di rect or s, w h e re a pp ro pri a t e.

34. GUIDE TO THE SARBANES-
OXLEY ACT: INTERNAL
CONTROL REPORTING
REQUIREMENTS
PG 35/62

35. T h e S a r b a n e s- O xley (S OX ) A ct 20 0 2 is a U n i t ed
S ta t es fede ra l la w bro ug ht by P a u l S a r b a n es a nd
R epres en t a t i v e M ic h a el Ox l ey. It s pu r p os e i s t o
in c rea s e t he a cc u ra c y a nd tra n s pa ren c y o f c o r p o ra te
gov er n a n c e a n d fin a n c ia l rep o r t in g fo r pu b li c
c o m pa ni es by p rev en t in g a c c o u nt in g fra u d
(B rowm a n, 2 02 2 ).
SARBANES-
OXLEY ACT
PG 37/62

36. The Sarbanes-Oxley Act consists of 11 titles, Section 302 and Section 404 mainly focus on the
compliance requirements. In line with Section 302 and Section 404, SOX compliance requirements
can be divided into a 3-step process.
1.Certification and disclosure of financial statements to the SEC (Securities and Exchange
Commission)
2.Implementation of internal controls over financial reporting
3.Passing annual independent audits overseen by PCAOB (Public Company Accounting Oversight
Board)
SARBANES-OXLEY ACT: INTERNAL
CONTROL REPORTING
REQUIREMENTS
PG 37/62

37. PG 38/62
SOX S ectio n 3 0 2 requ i res th a t C E Os a n d C FOs m ust c er ti fy th e a ccura cy
an d co mp leten ess of fi na n cia l repo rts . E xecu tiv es mus t a ffi r m th a t i n ter na l
control s a re in p l ac e a nd fu n cti on eff ec tiv el y. C er tifi ca tion i n clu d es
ac co un ta b il i ty for t he detecti on o f fra u d (B rowma n , 2 0 2 2 ).
Section 302: Corporate Responsibility for Financial
Reports
KEY SECTIONS FOR SARBANES-
OXLEY ACT (SOX) COMPLIANCE
Section 404: Management Assessment of Internal
Controls
SOX Secti on 4 0 4 requ ires m a na g ement to ev al u a te a n d rep or t on th e
eff ecti v enes s of i n ter na l co ntrol s ov er fi na n ci al rep or ti ng . Exter na l
au d ito r s mu st a ttes t to th e ma na g ement ’s a ssess ment (B rowma n , 2 0 2 2 ) .

38. Core effects of Sarbanes-Oxley Act:
• Establishment of Public Company Accounting Oversight Board (PCAOB) - SOX created
the PCAOB to oversee audits of public companies, setting standards and ensuring
compliance for high-quality, independent audits.
• Strong Financial Reporting Requirements - SOX mandates detailed financial reporting,
including internal control assessments and timely reporting of financial changes.
• Personal Accountability for CEOs and CFOs - CEOs and CFOs must certify the accuracy of
financial statements, facing penalties for non-compliance.
• Prevent Conflict of Interest for External Auditors - SOX restricts auditors from providing
non-audit services, ensuring audit committee independence.
• Protect Whistleblowers - SOX provides protections for whistle-blowers who expose
corporate fraud or misconduct. It prohibits retaliation against employees who report
violations.
SARBANES-OXLEY ACT: INTERNAL
CONTROL REPORTING
REQUIREMENTS
PG 39/62

39. THANK
YOU
Group 3
For Listening
PG 40/62

40. Q&A
PORTION
ARE YOU READY?
PG 41/62

41. 1
What are the key components of an internal control
system?
PG 42/62
Cayetano

42. 2
How does an internal control system help in financial
reporting?
PG 43/62
Cayron

43. 3
How can a weak internal control system affect a
business?
PG 44/62
Coliflo res

44. 4
What is the control environment in an internal control
system?
PG 45/62
Com endado r

45. 5
How does risk assessment improve an internal control
system?
PG 46/62
Cor rales

46. 6
What is internal control in your own
words?
PG 47/62
Cotejar

47. 7
Internal control has 6 main objectives
according to AAS-6, give one and explain.
PG 48/62
Cuiz ona

48. 8
How is Internal Control and Auditing
connected?
PG 49/62
De Leo n

49. 9
Give one component of Audit risk and
explain.
PG 50/62
De San Miguel

50. 10
How is Internal control and compliance
related?
PG 51/62
Dela Torre

51. 11
Give at least one example of internal control
actions that an organization may do, and
define.
PG 52/62
Dom ec illo

52. 12
Why are internal control measures
important?
PG 53/62
Dulog

53. 13
Why are internal control actions limited?
PG 54/62
Dum p it

54. 14
Why is the MIS of a company an important
factor in ensuring that the business is run
efficiently and effectively?
PG 55/62
Gulosino

55. 15
What is the purpose of the COSO
integrated framework?
PG 56/62
Jasm in

56. 16
Give one of the three objectives of COSO
Integrated Framework and explain it
briefly.
PG 57/62
M adula

57. 17
What is the purpose of Sarbanes-Oxley
(SOX) Act?
PG 58/62
M enina

58. 18
What are the SOX compliance
requirements?
PG 59/62
M ondare s

59. 19
Give one core effect of Sarbanes-Oxley
(SOX) Act.
PG 60/62
Pantale on

60. 20
Why must audits also begin to adjust
technologically?
PG 61/62
Raffiñan

61. REFERENCES
• https://www.investopedia.com/terms/i/internalcontrols.asp
• https://www.audit.nsw.gov.au/sites/default/files/auditoffice/Governance-and-Policies---Current/Internal-Control-Framework-
v13-current-version.pdf
• https://www.coso.org/guidance-on-ic#:~:text=Internal%20Control%20%E2%80%94%20I%E2%80%8B%E2%80%8Bntegrat
%E2%80%8Bed%20Framework%20(1992)&text=COSO%20developed%20the%20framework%20in,reporting%2C%20and
%20compliance%20are%20achieved
• https://controller.berkeley.edu/accounting-and-controls/internal-controls
• https://www.centraleyes.com/question/what-are-3-coso-internal-control-objectives/#:~:text=The%20iconic%20COSO%20cube
%20depicts,cube%20forms%20the%20organizational%20structure
• https://www.deskera.com/blog/what-is-auditing/
• https://www.investopedia.com/terms/d/detection-risk.asp
• https://www.auditboard.com/blog/7-reasons-to-maintain-your-internal-controls-compliance-program
• InternalControl Framework. (2019). https://www.audit.nsw.gov.au/sites/default/files/auditoffice/Governance-and-Policies---
Current/Internal-Control-Framework-v13-current-version.pdf
• Canada, O. of the P. C. of. (2023, July 6). Internal Audit of Information Management. Www.priv.gc.ca.
https://www.priv.gc.ca/en/about-the-opc/opc-operational-reports/audits-and-evaluations-of-the-opc/internal-opc-audits-and-
evaluations/2023/iac_im_2023.
• Taxmann. (2023, May 15). [Internal Audit Checklist] for Audit of Management Information System (MIS [Review of [Internal Audit
Checklist] for Audit of Management Information System (MIS]. [Internal Audit Checklist] for Audit of Management Information
System (MIS. https://www-taxmann-com.cdn.ampproject.org/v/s/www.taxmann.com/post/blog/internal-audit-checklist-for-
audit-of-management-information-system-mis/?amp=&amp_gsa=1&amp_js_v=a9&usqp=mq331AQIUAKwASCAAgM
%3D#amp_tf=From%20%251%24s&aoh=17387688129146&referrer=https%3A%2F%2Fwww.google.com&ampshare=https%3A%2F
%2Fwww.taxmann.com%2Fpost%2Fblog%2Finternal-audit-checklist-for-audit-of-management-information-system-mis
PG 62/62