Presentation 2012

National Guidelines on Internal Control System (NGICS)
Presented by:
ALBERTO A. BERNARDO, CPA, Esq., CESO I Deputy Executive Secretary, Office of the President
ORDER
OF
PRESENTATION
I. Legal Bases for Internal Control 1. Responsibility for Internal Control 2. Adequate Internal Control System 3. Corruption Preventive Measure 4. National Guidelines on Internal Control Systems II. Definition and Concept of Internal Control 1. Internal Control 2. Fiscal Responsibility 3. COA Guidelines on Internal Control 4. INTOSAI Guidelines on Internal Control 5. Internal Controls are Management Controls III. Internal Control Objectives 1. Safeguard Assets 2. Check Accuracy and Reliability of Accounting Data 3. Adhere to Managerial Policies 4. Comply with Laws, Rules and Regulations 5. Ensure Economical, Efficient, and Effective Operations
2
ORDER
OF
PRESENTATION
IV. Internal Control Components 1. Control Environment 1.1. Public Service Sector Context 1.2. The Plan of Organization 1.3. All the Coordinate Methods and Measures 2. Risk Assessment 2.1. Risk 2.2. Risk Management Principles, Framework and Process 2.3. Risk Management Framework 2.4. Risk Management Process 2.5. Establishing the Context 2.6. Elements of Risk Assessment 2.7. Applicability of Tools Used for Risk Assessment 2.8. Attributes of a Selection of Risk Assessment Tools 3. Control Activity 3.1. Risk Responses 3.2. Performance Review and Improvement of Operations, Processes and Activities 3.3. Compliance Review and Improvement of Operations, Processes and Activities 3.4. Monitoring and Reviewing
3
ORDER
OF
PRESENTATION
4. Information and Communication 4.1. Information 4.2. Communication 5. Monitoring 5.1. Ongoing Monitoring 5.2. Separate Evaluation V. Functions Related to Internal Control
1. Nature and Purpose of Review 2. Scope, Coverage, and Frequency of Review 3. Actions to be Taken
Office of the President

Internal Audit Office
The legal bases for internal control in the Philippines include 1) Presidential Decree (PD) 1445, as amended; 2)1987 Philippine Constitution; 3)Executive Order (EO) 292 s. 1987 or the Administrative Code of 1987; 4)Administrative Order (AO) No. 119 s. 1989; 5)United Nations Convention Against Corruption (UNCAC); 6) Department of Budget and Management (DBM) Circular Letter No. 2008-8; and 7) Commission on Audit (COA) Memorandum No. 2009-004.

1. Responsibility for Internal Control SECTION 124. Installation. It shall be the direct responsibility of the agency head to install, implement, and monitor a sound system of internal control. (Presidential Decree (PD) No. 1445, the
Government Auditing Code of the Philippines, as amended, 11 June 1978)

2. Adequate Internal Control System

2.1. Section 2 (1). x x x. However, where the internal control system of the audited agencies is inadequate, the Commission may adopt such measures, including temporary or special pre-audit, as are necessary and appropriate to correct the deficiencies. x x x. (Article IX-D, Commission
on Audit, 1987 Philippine Constitution and Section 11(1), Chapter 4, Subtitle B COMMISSION ON AUDIT, Title I CONSTITUTIONAL COMMISSION, Book V, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

2. Adequate Internal Control System 2.2. Likewise, this Commission shall intensify the evaluation of internal control systems of government agencies to ensure that government resources are safeguarded against loss or wastage, and that government operations are efficient, economical and effective. (Commission on Audit
(COA) Circular No. 2011-002, Lifting of Pre-audit of Government Transactions, 22 July 2011)

3. Corruption Preventive Measure 2. Each State Party shall, in accordance with the fundamental principles of its legal system, take appropriate measures to promote transparency and accountability in the management of public finances. Such measures shall encompass, inter alia: xxx (d) Effective and efficient systems of risk management and internal control; x x x.
[underscoring supplied] (Article 9 Public Procurement and Management of Public Finances, Chapter II, Preventive Measures, United Nations Convention Against Corruption (UNCAC), 31 October 2003)

10
4. National Guidelines on Internal Control Systems 4.1. SEC. 2. Implementing Rules, Regulations, and Circulars. - The Department of Budget and Management shall coordinate with the Commission on Audit in the organization and strengthening of the internal control systems and procedures. The Department of Budget and Management shall promulgate the proper and appropriate rules, regulations or circulars to implement this Administrative Order.
[underscoring in the original] (Administrative Order No. 119, Directing the Strengthening of the Internal Control Systems of Government Offices, Agencies, Government-Owned or Controlled Corporations and Local Government Units in their Fiscal Operations, 29 March 1989; and Memorandum Order No. 277, Directing the Department of Budget and Management to Promulgate the Necessary Rules, Regulations and Circulars for the Strengthening of the Internal Control Systems of Government Offices, Agencies, Government-Owned or Controlled Corporations and Local Government Units, 17 January 1990)

11
4. National Guidelines on Internal Control Systems 4.2. The NGICS shall achieve the following: strengthened governance and accountability; ethical, economical, efficient and effective operations; improved ability to address risks; better systems of responding to citizens needs; and quality outputs and outcomes. [underscoring supplied]
(Department of Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p.2)

12
4. National Guidelines on Internal Control Systems
4.3. All concerned are hereby enjoined to monitor adherence by the audited agencies to the provisions of the said Circular Letter. x x x. (Commission on Audit (COA)
Memorandum No. 2009-004, DBM Circular Letter No. 2008-8 dated October 23, 2008 entitled NATIONAL GUIDELINES ON INTERNAL CONTROL SYSTEMS (NGICS) 16 February 2009)

13
1. Internal Control SECTION 123. Definition of Internal Control. Internal Control is the plan of organization and all the coordinate methods and measures adopted within an organization or agency to safeguard its assets, check the accuracy and reliability of its accounting data, and encourage adherence to prescribed managerial policies. [underscoring supplied]
(Presidential Decree (PD) No. 1445, the Government Auditing Code of the Philippines, as amended, 11 June 1978)

14
2. Fiscal Responsibility SEC. 1. Declaration of Policy. - All resources of the government shall be managed, expended or utilized in accordance with law and regulations and safeguarded against loss or wastage through illegal or improper disposition to ensure efficiency, economy and effectiveness in the operations of government. The responsibility to take care that such policy is faithfully adhered to rests directly with the chief or head of the government agency concerned.
[underscoring supplied] (Chapter 1, Subtitle B, Title I, Book V, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

15
3. COA Guidelines on Internal Control
Section 32. Definition of internal control. Internal control comprises the plan of organization and all the methods and measures adopted within an agency to ensure that resources are used consistent with laws, regulations and policies; resources are safeguarded against loss, wastage and misuse; financial and non-financial information are reliable, accurate and timely; and operations are economical, efficient and effective.
[underscoring supplied] (Title 2-Internal Control System, Vol. III, Commission on Audit (COA) Circular No. 91-368, GAAM, 19 December 1991, p. 63)

16
4. INTOSAI Guidelines on Internal Control Internal control is an integral process that is effected by an entitys management and personnel and is designed to address risks and to provide reasonable assurance that in pursuit of the entitys mission, the following general objectives are being achieve: Executing orderly, ethical, economical, efficient and effective operations; Fulfilling accountability obligations; Complying with applicable laws and regulations; Safeguarding resources against loss, misuse and damage. [underscoring supplied] (International
Organization of Supreme Audit Institutions (INTOSAI), Guidelines for Internal Control Standards for the Public Sector, 2004, p. 6)

17
5. Internal Controls are Management Controls 5.1. Sec. 33. Distinction from other systems within the organization. Except for the Internal Audit Office which is part of the internal control system, internal controls are not separate specialized systems within an agency. They consist of control features interwoven into and made an integral part of each system that management uses to regulate and guide its operations. In this sense, internal controls are management controls. [underscoring supplied] (Title
II-Internal Control System Vol. III, Commission on Audit (COA) Circular No. 91-368, GAAM, 19 December 1991, p. 64)

18
5. Internal Controls are Management Controls
5.2. Just as internal control in 1992 was not limited to the traditional view of financial and related administrative control and included the broader concept of management control, this document also stresses the importance of non-financial information. [underscoring supplied]
(International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, pp. 3-4)

19
The general objectives of internal control are based on Section 123 of PD 1445, as amended and Section 1, Chapter 1, Subtitle B, Title I, Book V of the Administrative Code of 1987. Internal control general objectives are as follows:
1. Safeguard Assets; 2. Check Accuracy and Reliability of Accounting Data; 3. Adhere to Managerial Policies; 4. Comply with Laws and Regulations; 5. Ensure Economical, Efficient, and Effective Operations. (Department of Budget and Management (DBM)
Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, pp.10-14)

20
1. Safeguard Assets
1.1. SEC. 42. Accounting for Money and Property Received by Public Officials. x x x all moneys and property officially received by a public officer in any capacity or upon any occasion must be accounted for as government funds and government property. Government property shall be taken up in the books of the agency concerned at acquisition cost or an appraised value. [underscoring supplied] (Sec. 42,
Chapter 7, Subtitle B, Title I, Book V, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987; Manhit vs. Office of the Ombudsman, G.R. No. 159349, 7 September 2007 and Art. 405, Rule XXXIV, Rules and Regulations Implementing the Local Government Code of 1991, 21 February 1992)

21
1. Safeguard Assets
1.2. SEC. 43. Liability for Illegal Expenditures. x x x Every payment made in violation of said provisions shall be illegal and every official or employee authorizing or making such payment, or taking part therein, and every person receiving such payment shall be jointly and severally liable to the Government for the full amount so paid or received. x x x.
(Sec. 43 Chapter 5, Book VI, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987; Manhit vs. Office of the Ombudsman, G.R. No. 159349, 7 September 2007)

22
1. Safeguard Assets
1.3. SEC. 43. Liability for Illegal Expenditures. x x x Any official or employee of the Government knowingly incurring any obligation, or authorizing any expenditure in violation of the provisions herein, or taking part therein, shall be dismissed from the service, after due notice and hearing by the duly authorized appointing official. x x x.
(Sec. 43 Chapter 5, Book VI, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987; Manhit vs. Office of the Ombudsman, G.R. No. 159349, 7 September 2007)

23
1. Safeguard Assets 1.4. SEC. 80. Misuse of Government Funds and Property. Any public official or employee who shall apply any government fund or property under his administration or control to any use other than for which such fund or property is appropriated by law, shall suffer the penalty imposed under the appropriate penal laws. [underscoring supplied] (Chapter 7, Book VI,
Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987 and Manhit vs. Office of the Ombudsman, G.R. No. 159349, 7 September 2007)

24
1. Safeguard Assets
1.5.
(Manhit vs. Office September 2007)
In sum, petitioners signing the check, with full knowledge that it is to be drawn, as it in fact was, from the special account sourced from the donation, and that the proceeds of the check are to be used, as they in fact were, for the procurement of a vehicle, coupled with the fact that the purchase was effected without public bidding, renders him liable for conduct prejudicial to the best interest of the service, aggravated by simple misconduct. [underscoring supplied]
of the Ombudsman, G.R. No. 159349, 7

25
1. Safeguard Assets 1.6. Although there is nothing in petitioners annexes that would show that petitioners themselves personally approved and signed SPCDFIs loan application, petitioners were the officers directly charged with the power of processing, reviewing and evaluating CMP loan documents. Office Order No. 361dated 28 September 1989 creating the Task Force on CMP appointed petitioner Olaguer as head of the CMP with the power of processing, review, and evaluation of CMP loan documents. [underscoring supplied]
(Olaguer vs. Domingo, G.R. No. 109666, 20 June 2001)
Office of the President 26 Internal Audit Office
1. Safeguard Assets 1.7. In the exercise of the power to process, review and evaluate CMP loan applications, petitioners had the power to compel submission of documentary requirements x x x. Notably, despite non-compliance with the documentary requirements, SPCDFI-AMAKAs revised loan application which was submitted on October 3, 1989 was approved by the APED on October 5, 1989 -in a span of only three (3) days.
[Olaguer vs. Domingo, G.R. No. 109666, 20 June 2001]
1. Safeguard Assets 1.8. Petitioners also had the power to conduct surveys and ocular inspection on the subject property. x x x. Indeed, there is nothing in the records that would show that petitioners conducted an actual physical inspection of the AMAKO site before or even after release of the loan proceeds. [Olaguer vs. Domingo, G.R. No.
109666, 20 June 2001]

28
1. Safeguard Assets 1.9. Petitioners liability herein does not arise from an ordinary civil transaction but from their position as public officials held accountable for public funds. Presidential Decree No. 1445, the Government Auditing Code of the Philippines, in Section 103 provides: Section 103. General liability for unlawful expenditures - Expenditures of government funds or uses of government property in violation of law or regulations shall be a personal liability of the official or employee found to be directly responsible therefor.
[underscoring supplied] (Olaguer vs. Domingo, G.R. No. 109666, 20 June 2001; Section 52, Chapter 9, Subtitle B, Title 1, Book V, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987; and Art. 454(r), Rule XXXVI, Rules and Regulations Implementing the Local Government Code of 1991, 21 February 1992)

29
2. Check Accuracy and Reliability of Accounting Data SEC. 41. Objectives of Government Accounting. Government accounting shall aim to produce information concerning past operations and present conditions; provide a basis for guidance for future operations; provide for control of the acts of public bodies and officers in the receipt, disposition and utilization of funds and property; and report on the financial position and results of operations of government agencies for the information of all persons concerned. [underscoring
supplied] (Chapter 6, Subtitle B, Title I, Book V, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987; and Alejandro vs. Sandiganbayan, G.R. No. 81031, 20 February 1989)

30
3. Adhere to Managerial Policies 3.1. SEC. 38. Definition of Administrative Relationship. x x x (1) Supervision and Control. x x x to act directly whenever a specific function is entrusted by law or regulation to a subordinate; direct the performance of duty; restrain the commission of acts; review, approve, reverse or modify acts and decisions of subordinate officials or units; determine priorities in the execution of plans and programs; and prescribe standards, guidelines, plans and programs. x x x.
[underscoring supplied] (Chapter 7, Book IV, Executive Order (EO) No.
292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987; and Albert vs. Gangan, G.R. No. 126557, 6 March 2001)

31
3. Adhere to Managerial Policies 3.2. [I]t can be placed under the control and supervision of the Secretary of National Defense, who consequently has the power to conduct an extensive management audit of petitioner corporation. [underscoring supplied] (The
Veterans Federation of the Philippines vs. Reyes, G. R. No. 155027, 28 February 2006)

32
3. Adhere to Managerial Policies 3.3. SEC. 39. Secretarys Authority. (1) The Secretary shall have supervision and control over the bureaus, offices, and agencies under him, subject to the following guidelines: x x x (b) With respect to functions involving discretion, experienced judgment or expertise vested by law upon a subordinate agency, control shall be exercised in accordance with said law; and x x x
[underscoring supplied] (Chapter 8, Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

33
3. Adhere to Managerial Policies 3.4. SEC. 7. Powers and Functions of the Secretary. The Secretary shall: x x x
(2) Establish the policies and standards for the operation of the Department pursuant to the approved programs of government; (3) Promulgate rules and regulations necessary to carry out department objectives, policies, functions, plans, programs and projects; . . .

34
3. Adhere to Managerial Policies administrative issuances 3.4. . . . (4) Promulgate necessary for the efficient administration of the offices under the Secretary and for proper execution of the laws relative thereto. These issuances shall not prescribe penalties for their violation, except when expressly authorized by law; (5) Exercise disciplinary powers over officers and employees under the Secretary in accordance with law, including their investigation and the designation of a committee or officer to conduct such investigation; . . .

35
3. Adhere to Managerial Policies 3.4. . . . (6) Appoint all officers and employees of the Department except those whose appointments are vested in the President or in some other appointing authority; Provided, however, that where the Department is regionalized on a department-wide basis, the Secretary shall appoint employees to positions in the second level in the regional offices as defined in this Code; . . .

36
3. Adhere to Managerial Policies 3.4. . . . (7) Exercise jurisdiction over all bureaus, offices, agencies and corporations under the Department as are provided by law, and in accordance with the applicable relationships as specified in Chapters 7, 8, and 9 of this Book; x x x

37
3. Adhere to Managerial Policies 3.5. SEC. 38. Definition of Administrative Relationship. x x x (1) x x x (2) Administrative Supervision. (a) x x x to generally oversee the operations of such agencies and to insure that they are managed effectively, efficiently and economically but without interference with day-to-day activities; or require the submission of reports and cause the conduct of management audit, performance evaluation and inspection to determine compliance with policies, standards and guidelines of the department; . . .

38
3. Adhere to Managerial Policies 3.5. . . . to take such actions as may be necessary for the proper performance of official functions, including rectification of violations, abuses and other forms of maladministration; and to review and pass upon budget proposals of such agencies but may not increase or add to them; x x x.
[underscoring supplied] (Section 38, Chapter 7, Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987; and Albert vs. Gangan, G.R. No. 126557, 6 March 2001)
Office of the President 39

3. Adhere to Managerial Policies
3.6. Sometime in June 1990, petitioner instructed the Community Mortgage Management Office (CMMO) to conduct a routine inspection of the AMAKO Project. Upon verification, it was discovered that the AMAKO project was three (3) months in arrears in their amortization. [Albert vs. Gangan,
G.R. No. 126557, 6 March 2001]

3. Adhere to Managerial Policies 3.7. As a consequence, petitioner, sometime in July 1990, tasked the Committee on Evaluation of Originating Institutions to investigate the originators with respect to their compliance with corporate circulars, other rules and regulations issued by NHMFC regarding its lending programs. One of the originators investigated was the Foundation which was instrumental in the granting of the loan to the AMAKO Project.
[Albert vs. Gangan, G.R. No. 126557, 6 March 2001]

3. Adhere to Managerial Policies 3.8. In fact, petitioner immediately filed a complaint before the Ombudsman against the subordinate employees who appeared to be responsible for the fraud. He also directed the filing of a civil case against the originator and other persons responsible for misrepresentation. [Albert vs.
Gangan, G.R. No. 126557, 6 March 2001]

42
3. Adhere to Managerial Policies 3.9. That it is the duty and responsibility of respondent, as register of deeds, to direct and supervise the activities of her office can never be overemphasized. Whether respondent exercised prudence and vigilance in discharging her duties, she has not shown. (underscoring and emphasis in the
original) [Office of the Ombudsman (Mindanao) vs. Cruzabra, G.R. No. 183507, 24 February 2010]

43
3. Adhere to Managerial Policies 3.10. Respondents guilt of neglect of duty becomes more pronounced as note is taken of her admitted inaction upon learning of the irregularity. Her justification for such inaction that to do so would subject her to a charge of falsification reflects her indifference, to say the least, to her duties and functions. (underscoring in the
original) [Office of the Ombudsman (Mindanao) vs. Cruzabra, G. R. No. 183507, 24 February 2010]

44
3. Adhere to Managerial Policies 3.11. SEC. 6. Undersecretaries. x x x (2) Supervise all the operational activities of the units assigned to him, for which he is responsible to the secretary; and x x x.
(Chapter 2, Title V, Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

45
3. Adhere to Managerial Policies 3.12. SEC. 15. Bureau of Research and Standards. - The Bureau of Research and Standards shall develop and set effective standards and reasonable guidelines to ensure the safety of all infrastructure facilities in the country and to assure efficiency and proper quality in the construction of government public works. x x x.(Chapter 4, Title
V, Book IV, EO 292, s. 1987 the Administrative Code of 1987, as amended, 25 July 1987)

46
3. Adhere to Managerial Policies 3.13. SEC. 16. Bureau of Design. - The Bureau of Design shall ascertain that all government infrastructure project implementation plans and designs are consistent with current standards and guidelines. x x x (Chapter
4, Title V, Book IV, EO 292, s. 1987 the Administrative Code of 1987, as amended, 25 July 1987)

47
3. Adhere to Managerial Policies 3.14. SEC. 17. Bureau of Construction. The Bureau of Construction shall provide technical services on construction works for infrastructure projects and facilities. For this purpose, it shall have the following duties and responsibilities: (1) Formulate policies relating to construction management and contract administration; x x x.
(Chapter 4, Title V, Book IV, EO 292, s. 1987 the Administrative Code of 1987, as amended, 25 July 1987)

48
3. Adhere to Managerial Policies 3.15. SEC. 17. Bureau of Construction. x x x x x x (3) Inspect, check and monitor construction and works supervision activities of field implementing offices for the purpose of ensuring that such activities are being conducted in accordance with the current standards and guidelines of the Department;
x x x.

49
3. Adhere to Managerial Policies 3.16. SEC. 18. Bureau of Maintenance. The Bureau of Maintenance provides technical services on the maintenance and repair of infrastructure projects and facilities. For this purpose, it shall have the following duties and responsibilities: (1) Formulate policies relating to the maintenance of infrastructure projects and facilities; x x x.

50
3. Adhere to Managerial Policies 3.17. SEC. 18. Bureau of Maintenance. x x x
x x x
(3) Inspect, check, and monitor maintenance activities of implementing field offices for the purpose of ensuring that such activities are being conducted in accordance with the current standards and policies of the Department; x x x.

51
3. Adhere to Managerial Policies 3.18. SEC. 19. Bureau of Equipment. The Bureau of Equipment provides technical services on the management of construction and maintenance equipment and ancillary facilities. For this purpose it shall have the following duties and responsibilities: (1) Formulate policies relating to the management of infrastructure equipment and ancillary facilities; x x x.

52
3. Adhere to Managerial Policies 3.19. SEC. 19. Bureau of Equipment. x x x
x x x (3) Inspect, check and monitor the management of equipment by regional equipment services and area shops for the purpose of ensuring that such activities are being conducted in accordance with the current standards and policies of the Department; x x x.

53
3. Adhere to Managerial Policies
3.20.
SEC. 21. Regional Director. - x x x Towards this end, and in line with the policy of decentralization, he shall, within his defined powers, exercise functional and administrative supervision over District Offices x x x. (Chapter 5, Title V, Book IV,
Executive Order (EO) No. 292, s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

54
3. Adhere to Managerial Policies 3.21. SEC. 23. District Engineer. x x x Within his defined powers, he shall exercise functional and administrative supervision over district operations x x x. (Chapter 5, Title V,
Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

55
4. Comply with Laws, Rules and Regulations
4.1. The Code is a general law and incorporates in a unified document the major structural, functional and procedural principles of governance and embodies changes in administrative structures and procedures designed to serve the people. [underscoring
supplied] (3rd and 4th WHEREAS clauses of Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987; and Ople vs. Torres, et. al., G.R. No. 127685, 23 July 1998)

56
4. Comply with Laws, Rules and Regulations 4.2. The Code covers both the internal administration of government, i.e, internal organization, personnel and recruitment, supervision and discipline, and the effects of the functions performed by administrative officials on private individuals or parties outside government.
[underscoring supplied] (Ople vs. Torres, et. al., G.R. No. 127685, 23 July 1998)

57
4. Comply with Laws, Rules and Regulations 4.3. In government, the organizations, programs, activities, and functions are usually created by law and are subject to specific rules and regulations. [underscoring supplied] (Section 10 (a),
Chapter 3, Title I-Government Auditing Standards and Procedures, Volume III, Commission on Audit (COA) Circular No. 91-368, GAAM, 19 December 1991)
4. Comply with Laws, Rules and Regulations 4.4. All heads of offices have to rely to a reasonable extent on their subordinates and on the good faith of those who prepare bids, purchase supplies, or enter into negotiations. x x x. There has to be some added reason why he should examine each voucher in such detail. x x x. There should be other grounds than the mere signature or approval appearing on a voucher to sustain a conspiracy charge and conviction. (underscoring supplied) [Arias vs.
Sandiganbayan, G.R. No. 81563, 19 December 1989]

59
4. Comply with Laws, Rules and Regulations 4.5. Petitioner might have indeed been lax and administratively remiss in placing too much reliance on the official reports submitted by his subordinate (Engineer Enriquez), but for conspiracy to exist, it is essential that there must be a conscious design to commit an offense. Conspiracy is not the product of negligence but of intentionality on the part of cohorts.
[Magsuci vs. Sandiganbayan, G.R. No. L-101545, 3 January 1995]

60
4. Comply with Laws, Rules and Regulations 4.6. Fairly evident, however, is the fact that the action taken by Magsuci involved the very functions he had to discharge in the performance of his official duties. There has been no intimation at all that he had foreknowledge of any irregularity committed by either or both Engr. Enriquez and Ancla. (underscoring supplied) [Magsuci vs.
Sandiganbayan,G.R. No. L-101545, 3 January 1995]
4. Comply with Laws, Rules and Regulations 4.7. When, however, that infraction consists in the reliance in good faith, albeit misplaced, by a head of office on a subordinate upon whom the primary responsibility rests, absent a clear case of conspiracy, the Arias doctrine must be held to prevail. [Magsuci vs. Sandiganbayan,
G.R. No. L-101545, 3 January 1995]

4. Comply with Laws, Rules and Regulations 4.8. Petitioner, as head of the agency, cannot be held personally liable for the disallowance simply because he was the final approving authority of the transaction in question and that the officers/employees who processed the same were directly under his supervision.
(Albert vs. Gangan, G.R. No. 126557, 6 March 2001; Salva vs. Carague, G.R. No. 157875, 19 December 2006 )

4. Comply with Laws, Rules and Regulations 4.9. He has to rely mainly on the certifications, recommendations and memoranda of his subordinates in approving the loan. The processing, review and evaluation of the loan application passes through the responsible and authorized officers of the CMP Task Force. (underscoring supplied) [Albert vs.

4. Comply with Laws, Rules and Regulations 4.10. We have consistently held that every person who signs or initials documents in the course of transit through standard operating procedures does not automatically become a conspirator in a crime which transpired at the stage where he had no participation. His knowledge of the conspiracy and his active and knowing participation therein must be proved by positive evidence. (underscoring supplied) [Albert vs.

65
4.11.
[underscoring supplied] (Albert vs. Gangan, G.R. No. 126557, March 2001)
In fact, petitioner immediately filed a complaint before the Ombudsman against the subordinate employees who appeared to be responsible for the fraud. He also directed the filing of a civil case against the originator and other persons responsible for misrepresentation. All these acts are indicative that he had no knowledge of the fraudulent scheme perpetrated by certain officials or employees of his agency.
6

66
4. Comply with Laws, Rules and Regulations 4.12. Escara had foreknowledge of the irregularity attendant in the delivery of the lumber supplied by Guadines. In his letter (Exhibit I) dated January 23, 1993 x x x he acknowledged that the materials intended for the construction of the Navotas Bridge had been confiscated by the DENR officials. Such foreknowledge should have put him on alert and prompted him, at the very least, to make inquiries into the transaction and to verify x x x.
(underscoring supplied) [Escara vs. People of the Philippines, G.R. No. 164921, 8 July 2005]

67
4. Comply with Laws, Rules and Regulations 4.13. There was evident bad faith and manifest partiality when he signed the inspection report and the disbursement voucher because he had foreknowledge that the materials delivered by Guadines have already been confiscated by the DENR, which caused undue injury to the Government and gave unwarranted benefit to Guadines in the amount of P70, 924.00. (underscoring supplied) [Escara vs. People of
the Philippines, G.R. No. 164921, 8 July 2005]

68
4. Comply with Laws, Rules and Regulations 4.14. The added reason contemplated in Arias which would have put petitioner on his guard and examine the check/s and vouchers with some degree of circumspection before signing the same was obtaining in this case. x x x. The discrepancy between the names indicated in the checks on one hand, and those in the disbursement vouchers on the other, should have alerted the petitioner. x x x. (underscoring supplied) [Cruz
vs. Sandiganbayan, G.R. No. 134493, 16 August 2005]

69

4.15. x x x it is not unreasonable to expect petitioner to exercise the necessary diligence in making sure at the very least that the proper formalities in the questioned transaction were observed that a public bidding was conducted. This step does not entail delving into intricate details of product quality complete delivery for fair and accurate pricing. [underscoring supplied]
(Nava vs. Palattao, et. al, G.R. No. 160211, 28 August 2006)

70
4. Comply with Laws, Rules and Regulations 4.16. Unlike other minute requirements in government procurement, compliance or non-compliance with the rules on public bidding is readily apparent; and the approving authority can easily call the attention of the subordinates concerned. x x x. The process of approval is not a ministerial duty of approving authorities to sign every document that comes across their desks, and then point to their subordinates as the parties responsible if something goes awry.
(underscoring supplied) [Nava vs. Palattao, et. al, G.R. No. 160211, 28 August 2006]

71

4.17. The fact that the Maysilo estate has spawned conflicting claims of ownership which invariably reached the courts, a fact which petitioner cannot ignore on account of her long exposure and experience as a register of deeds, should have impelled petitioner to be more prudent even to the extent of deliberately holding action on the papers submitted to her relative to the estate until she shall have fully satisfied herself that everything was above board. x x x.
(underscoring supplied) [Alfonso vs. Office of the President, G.R. No. 150091, 2 April 2007]

72

4.18. By merely looking at Formal Entry and Internal Revenue Declaration No. 118302 and the invoice, one can readily see the discrepancy between what are declared in the former and in the latter. In Formal Entry and Internal Revenue Declaration No. 118302, what were mentioned were mens and ladies accessories. However, in the invoice, electronic equipment and appliances such as VHS, Betamax, television and the like were stated.
(underscoring supplied) [Francisco vs. People of the Philippines, G.R. No. 177430, 14 July 2009; Ojeda vs. People of the Philippines, G.R. No. 178935, 14 July 2009]

73
4. Comply with Laws, Rules and Regulations 4.19. From the entry and the invoice alone, one can definitely see something strange and irregular. His claim of good faith will not stand. As principal examiner and the superior of Francisco, his duty was to carefully review the evaluation made by his subordinate. This, he miserably failed to do. On the face of the documents, there were admittedly glaring discrepancies and suspicious entries that should have alerted him. (underscoring supplied) [Francisco vs. People of the
Philippines, G.R. No. 177430, 14 July 2009; Ojeda vs. People of the Philippines, G.R. No. 178935, 14 July 2009]

74
5. Ensure Economical, Efficient and Effective Operations
5.1.
Economical. Being able to perform functions and tasks using the least amount of resources within a specific timeframe.
Efficient. Means doing things right given the available resources/inputs and within a specified timeframe. Effective. Means doing the right things. Operating units must be able to achieve the expected results and contribute to the achievement of the sectoral and societal goals. [underscoring supplied] (Department of Budget and
5.2.
5.3.
Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, pp. 11-12)

75
5. Ensure Economical, Efficient and Effective Operations 5.4. SEC. 6. Authority and Responsibility of the Secretary. The authority and responsibility for the exercise of the mandate of the Department and for the discharge of its powers and functions shall be vested in the Secretary, who shall have supervision and control of the Department. (Chapter 2, Book IV,
Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

76
5. Ensure Economical, Efficient and Effective Operations 5.5. SEC. 6. Undersecretaries. x x x
(3) Perform such other duties and responsibilities as may be assigned or delegated by the Secretary to promote efficiency and effectiveness in the delivery of public services or as may be required by law. (Chapter 2, Title V, Book IV, Executive
Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

77
5. Ensure Economical, Efficient and Effective Operations 5.6. SEC. 13. Planning Service. The Planning Service shall provide the department with economical, efficient and effective services relating to planning, programming, and project development, and discharge such other functions as may be provided by law. x x x [underscoring supplied] (Chapter 3, Book
IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

78

5.7. SEC. 14. Financial and Management Services. The Financial and Management Services shall advise and assist the Secretary on financial and management matters and shall perform such other functions as may be provided by law. (Chapter 3, Book IV, Executive
Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

79
5. Ensure Economical, Efficient and Effective Operations 5.7. Financial and Management Service 5.7.1. SEC. 1. Declaration of Policy. - All resources of the government shall be managed, expended or utilized in accordance with law and regulations and safeguarded against loss or wastage through illegal or improper disposition to ensure efficiency, economy and effectiveness in the operations of government. x x x.
[underscoring supplied] (Chapter 1, Subtitle B, Title I, Book V, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

80
5. Ensure Economical, Efficient and Effective Operations 5.7. Financial and Management Service 5.7.2. SEC. 3. Declaration of Policy. x x x. The budget shall be supportive of and consistent with the socioeconomic development plan and shall be oriented towards the achievement of explicit objectives and expected results, to ensure that funds are utilized and operations are conducted effectively, economically and efficiently. x x x. [underscoring
supplied] (Chapter 2, Book VI, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

81
5. Ensure Economical, Efficient and Effective Operations 5.7. Financial and Management Service 5.7.3. SEC. 3. Powers and Functions. The Department of Budget and Management shall assist the President in the preparation of a national resources and expenditures budget, x x x, achievement of more economy and efficiency in the management of government operations, x x x.
[underscoring supplied] (Chapter 1, Title XVII, Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

82
5.8.
SEC. 15. Administrative Service. The Administrative Service shall provide the Department with economical, efficient and effective services relating to personnel, legal assistance, information, records, delivery and receipt of correspondence, supplies, equipment, collections, disbursement, security and custodial work. It shall also perform such other functions as may be provided by law. [underscoring supplied] (Chapter 3,
Book IV, Executive Order (EO) No. 292 s. 1987, Administrative Code of 1987, as amended, 25 July 1987) the

83

5.9. SEC. 14. Bureau Head. Each Bureau shall be headed by a Bureau Director who shall be responsible for efficiently and effectively carrying out the functions of the Bureau. (Chapter 4, Title V, Book IV, Executive Order)
(EO) No. 292, s. 1987, the Administrative Code of amended, 25 July 1987) 1987, as

84
5. Ensure Economical, Efficient and Effective Operations 5.10. SEC. 21. Regional Director. - The Regional Office shall be headed by a Regional Director who shall be responsible for efficiently and effectively carrying out the duties and responsibilities of the Regional Office. x x x. (Chapter 5, Title V, Book
IV, Executive Order (EO) No. 292, s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

85
5. Ensure Economical, Efficient and Effective Operations 5.11. SEC. 23. District Engineer. The District Engineer of or within a province or city shall be accountable for the efficient and effective conduct of the duties and responsibilities of the District Office of which he is the head. x x x. (Chapter 5, Title V,
Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

86
There is a direct relationship between the general objectives, which represent what an entity strives to achieve, and the internal control components, which represent what is needed to achieve the general objectives. x x x.
[underscoring supplied] (2. Components of Internal Control, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 14)
The Components of Internal Control are: 1. 2. 3. 4. 5. Control environment Risk assessment Control activities Information and communication Monitoring (Department of Budget and Management ( DBM)
Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 16)

87
Relationship in a Three-Dimensional Matrix

Internal Control Objectives
Internal Control Components
Control Environment Risk Assessment
Control Activities Information and Communication Monitoring

88
1. Control Environment 1.1. Public Service Sector Context 1.1.1. Public Service Organization Providing Public Service as Mandated or Authorized by Law; 1.1.2. Constituents or Public to Serve; 1.1.3. Stakeholders.
(Department of Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 18)

89
1. Control Environment 1.1. Public Service Sector Context 1.1.1. Public Service Organization
a) Public Entity i) (4) Agency of the Government refers to any of the various units of the Government, including a department, bureau, office, instrumentality, or governmentowned or controlled corporation, or a local government or a distinct unit therein. (Section 2,
Introductory Provision, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

90
1. Control Environment 1.1. Public Service Sector Context 1.1.1. Public Service Organization a) Public Entity ii) A public office is the right, authority and duty, created and conferred by law, by which, for a given period, either fixed by law or enduring at the pleasure of the creating power, an individual is invested with some portion of the sovereign functions of the government, to be exercised by him for the benefit of the public. The individual so invested is a public officer. [underscoring supplied] (Laurel vs. Desierto,
Serana vs. Sandiganbayan, ganbayan) and Javier vs. Sandi-

91
1. Control Environment 1.1. Public Service Sector Context 1.1.1. Public Service Organization b) Private Entity Providing Public Service
While purposely organized for the gain or benefit of its members, they are required by law to discharge functions for public benefit. Examples of these corporations are utility, railroad, warehouse, telegraph, telephone, water supply corporations and transportation companies. [underscoring supplied](Philippine Society
for the Prevention of Cruelty on Animals vs. COA, G.R. No. 169752, 25 September 2007)

92
1. Control Environment 1.1. Public Service Sector Context 1.1.2. Constituent or Public to Serve a) Internal and External Publics This means that it has one way or the other affected the efficient distribution of service to the public. Moreover, depending on the particular duties and responsibilities attached to the position of the official or employee concerned, this can mean service to the public in general or the employees of the agency to which the latter belongs. [underscoring
supplied] (CSC Resolution No. 01-0973, Rimas, Anthony C., 5 June 2001 and CSC Resolution No. 040688, Saldana, Carmelo R., 21 June 2004)

93
1. Control Environment 1.1. Public Service Sector Context 1.1.2. Constituents or Public to Serve b) Subject and Object of Public Service Thus, persons who desire to engage in the learned professions requiring scientific or technical knowledge may be required to take an examination as a prerequisite to engaging in their chosen careers. This regulation takes particular pertinence in the field of medicine, to protect the public from the potentially deadly effects of incompetence and ignorance among those who would practice medicine.
[underscoring supplied] (PRC vs. De Guzman, et al, G.R. No. 144681, 21 June 2004)

94
1. Control Environment 1.1. Public Service Sector Context 1.1.3. Stakeholder - person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity. (Clause 3, 3.2.1.1, PNS
ISO Guide 73:2010 (ISO published 2009), management Vocabulary, 11 March 2010) the Risk

95
1. Control Environment 1.1. Public Service Sector Context 1.1.3. Stakeholders a) Internal Stakeholders These are the individuals and groups that can affect and be affected by the agencys operation within a particular public service sector.
b) External Stakeholders These are the persons, organizations and other service groups that are outside a specific public service sector but may have an interest and can influence the achievement of the sectoral goals of the agency concerned. [underscoring supplied] (Department of
Budget and Management (DBM) Circular Letter No. 20088, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 20)

96
1. Control Environment 1.2. The Plan of Organization 1.2.1. Function a) SEC. 32. Nature of Public Office. Public office is a public trust. Public officers and employees must at all times be accountable to the people, serve them with utmost responsibility, integrity, loyalty, and efficiency, act with patriotism and justice, and lead modest lives. [underscoring
supplied] (Chapter 9, Book I, Executive (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

97
1. Control Environment 1.2. The Plan of Organization 1.2.1. Function b) Factual findings of administrative agencies are generally respected and even accorded finality because of the special knowledge and expertise gained by these agencies from handling matters falling under their specialized jurisdiction. (Modesto vs.
Urbina, G.R. No. 189859, 18 October 2010)

98
1. Control Environment 1.2. The Plan of Organization 1.2.2. Structure a) SECTION 1. Purpose and Number of Departments. The Executive Branch shall have such Departments as are necessary for the functional distribution of the work of the President and for the performance of their functions.
[underscoring supplied] (Chapter I, Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, 25 July 1987.)

99
1. Control Environment 1.2. The Plan of Organization 1.2.2. Structure b) SEC. 2. Declaration of Policy. x x x. (3) The functions of the different Departments shall be decentralized in order to reduce red tape, x x x Adequate authority shall be delegated to subordinate officials. Administrative decisions and actions shall, as much as feasible, be at the level closest to the public.
(Section 2(3), Chapter I, Book IV, EO 292 s. 1987, the Administrative Code of 1987)

100
1. Control Environment 1.2. The Plan of Organization 1.2.2. Structure c) The extent and size of departmentation/ divisionalization shall take into account the functional distribution, workload, span of control, type and variety of skills/expertise required, the number of personnel for each type of expertise, and the geographical location of the work station in order to ensure clear and effective performance accountability. [underscoring supplied] (Item III
ORGANIZATION GUIDELINES, (A), CSC-DBM Joint Resolution No. 1 s. 2006, the Rationalization Programs Organization and Staffing Standards and Guidelines, 12 May 2006)

101
1. Control Environment 1.2. The Plan of Organization 1.2.2. Structure d) SEC. 4. Organizational Structure. The Department shall be composed of: (1) The Department Proper consisting of the Office of the Secretary, the Offices of the Undersecretaries and Assistant Secretaries, the Internal Audit Service, Monitoring and Information Service, Planning Service, Comptrollership and Financial Management Service, Legal Service, and the Administrative and Manpower Management Service; . . .

102
1. Control Environment 1.2. The Plan of Organization 1.2.2. Structure (continuation)
d)
(2) The Bureau of Research and Standards, Bureau of Design, Bureau of Construction, Bureau of Maintenance, and Bureau of Equipment; and
(3) The Field Offices, consisting of x x x Regional Offices x x x, and their respective District Offices.
(Section 4, Chapter I, Title V, Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

103
1. Control Environment 1.3. All the Coordinate Methods and Measures
These are the control processes that are implemented and which form part of the normal recurring operations of an organization. They guide and communicate management actions at all levels and ensure that operating activities are performed within the standards prescribed in each system. [underscoring supplied]
(Department of Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, pp. 27-28)

104
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.1. Control Methods and Measures a) Delegation of authority and supervision; b) Segregation of functions for processing, reviewing, approval, recording and custody; c) Access to resources and records; d) Completeness and integrity of transaction documents and reports; e) Verification of transactions; and f) Reconciliation of
(Department of Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, pp. 27-28)
records and data.

105
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.2. Planning
a) ART. 405. Fundamental Principles. x x x

(a) National Planning shall be based on local planning to ensure that the needs and aspirations of the people as well as those of the LGUs shall be considered in the formulation of budgets of NGAs; x x x.
[underscoring supplied] (Rule XXXIV, Rules and Regulations Implementing the Local Government Code of 1991, 21 February 1992)

106
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.2. Planning b) SEC. 10. Planning Service. x x x x x x (3) Formulate long-range, mediumterm and annual development plans and programs for infrastructure, especially highways, flood control and water resource development systems, and other public works projects, including phasing of implementation; x x x.
[underscoring supplied] (Section 10, Chapter 3, Title V, Book IV, EO 292, s. 1987 the Administrative Code of 1987, as amended, 25 July 1987)

107
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.2. Planning c) SEC. 20. Regional Offices. - x x x x x x
(5) Coordinate with other departments, agencies, institutions and organizations, especially local government units within the region in the planning and implementation of infrastructure projects; x x x.

108
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.2. Planning d) SEC. 22. District Office. x x x x x x (5) Coordinate with other departments, agencies, institutions and organizations, especially local government units in the district in the planning and implementation of infrastructure projects; x x x.

109
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.3. Budget
a) SEC. 3. Declaration of Policy. x x x The budget shall be supportive of and consistent with the socio-economic development plan and shall be oriented towards the achievement of explicit objectives and expected results, to ensure that funds are utilized and operations are conducted effectively, economically and efficiently. x x x.
[underscoring supplied] (Chapter 2, Book VI, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

110
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.3. Budget b) (7) Expected result means service, product, or benefit that will accrue to the public, estimated in terms of performance measures or targets.
(Section 2, Chapter 1, Book VI, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987; and Art. 406 (g), Rule XXXIV, Rules and Regulations Implementing the Local Government Code of 1991, 21 February 1992)

111
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.4. Auditing and Accounting
a) SEC. 10. Statement of Objectives. - x x x x x x (3) Institute control measures through the promulgation of auditing and accounting rules and regulations governing the receipts, disbursements, and uses of funds and property, consistent with the total economic development efforts of the Government: x x x.
(Chapter 4, Subtitle B, Title I, Book V, EO 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

112
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.4. Auditing and Accounting b) The responsibilities of the Heads of the Requesting Unit, the Budget Unit and the Accounting Unit are hereby set forth as follows: 2.1. The Head of the Requesting Unit x x x shall certify on the necessity and legality of charges to appropriations/allotment under his direct supervision as well as the validity, propriety and legality of supporting documents. . . .

113
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.4. Auditing and Accounting (continuation)
b) . . . 2.2. The Head of the Budget Unit shall certify the availability of allotment and obligations incurred in the ObR or budget and utilization in the BUR.
2.3. x x x 2.4. For contract or purchase order, the Head of Accounting Unit shall certify the availability of funds based on the ObR or BUR duly certified by the Budget Officer. . . .

114
1. Control Environment 1.3. All the Coordinate Methods and Measures
1.3.4. Auditing and Accounting (continuation)

b) . . . 2.5. The Head of the Accounting Unit shall certify the availability of cash and completeness of supporting documents in the DV. 2.6. x x x. (Commission
on Audit (COA) Circular No. 2006-003 Restatement with Amendments of COA Circular No. 2005-001 on Accounting Policies Related to the Budget, Accounting and Disbursement Functions in National Government Agencies under the New Government Accounting System (NGAS), 31 January 2006)

115
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.4. Auditing and Accounting c) 11. Approved for Payment (Box B) approval by the Head of the Agency or his Authorized Representative on the payment covered by the DV. x x x.
(Annex B, Commission on Audit (COA) Circular No. 2006-003 Restatement with Amendments of COA Circular No. 2005-001 on Accounting Policies Related to the Budget, Accounting and Disbursement Functions in National Government Agencies under the New Government Accounting System (NGAS), 31 January 2006)

116
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.4. Auditing and Accounting
d) The authority of the Head of Office to approve the Disbursement Voucher is dependent on the certifications of the Budget Officer, the Accountant and the Treasurer on the principle that it would be improbable for the Head of Office to check all the details and conduct physical inspection and verification of all papers considering the voluminous paperwork attendant to his office. Roque vs. Court of Appeals, et.al., G.R.
No. 179245, 23 July 2008)

117
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.4. Auditing and Accounting e) Specifically, C.V. Canchela & Associates is similar to the case at bar, in that the contracts involved in both cases failed to comply with the relevant provisions of Presidential Decree No. 1445 and the Revised Administrative Code of 1987. Nevertheless, (t)he illegality of the subject Agreements proceeds, it bears emphasis, from an express declaration or prohibition by law, not from any intrinsic illegality. As such, the Agreements are not illegal per se, and the party claiming thereunder may recover what had been paid or delivered. [Vigilar vs. Aquino, G.R. No. 180388, 18
January 2011]

1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.4. Auditing and Accounting f) Even if a certification of appropriation is not applicable to PNR if the funds used are internally generated, still a certificate of fund availability is required. Thus, the three contracts between PNR and Kanlaon are void for violation of Section 46, 47, and 48, Subtitle B, Title I, Book V of the Administrative Code of 1987, as well as Sections 85, 86, and 87 of the Government Auditing Code of the Philippines. [Philippine National Railways vs.
Kanlaon Construction Enterprises Co, Inc., G.R. No. 182967, 6 April 2011]

1. Control Environment
1.3. All the Coordinate Methods and Measures 1.3.4. Auditing and Accounting (continuation) f) Section 48 of the Administrative Code of 1987 provides that the officer or officers entering into the contract shall be liable to the Government or other contracting party for any consequent damage to the same extent as if the transaction had been wholly between private parties. Kanlaon could go after the officers who signed the contract and hold them personally liable. [underscoring supplied]
[Philippine National Railways vs. Kanlaon Construction Enterprises Co, Inc., G.R. No. 182967, 6 April 2011]

120
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.5. Procurement a) Section 20. Pre-procurement Conference. 20.1. During this conference, the participants, led by the BAC shall: a) Confirm the description and scope of the contract, the ABC, and contract duration. b) Ensure that the procurement is in accordance with the project and annual procurement plans; ...

121
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.5. Procurement (continuation) a). . . c) Determine the readiness of the procurement at hand, including, among other aspects, the following: i) availability of appropriations and programmed budget for contract.
ii) completeness of the Bidding Documents and their adherence to relevant general procurement guidelines; . . .

122
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.5. Procurement (continuation) a). . . iii) completion of the detailed engineering according to the prescribed standards in the case of infrastructure projects; and iv) confirmation of the availability of ROW and the ownership of affected properties. d) Review, modify and agree on the criteria for eligibility screening, evaluation and post-qualification; ...

123
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.5. Procurement (continuation) a). . . e) Review and adopt the procurement schedule, including deadlines and timeframes, for the different activities; and f) Reiterate and emphasize the importance of confidentiality, in accordance with Section 19 of this IRR, and the applicable sanctions and penalties, as well as agree on measures to ensure compliance with the foregoing. [underscoring supplied]
(Rule VII-INVITATION TO BID, Revised Implementing Rules and Regulations of RA 9184 or the Government Procurement Reform Act, 2 September 2009)

124
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.5. Procurement b) Clearly, petitioners participation in the PBAC does not render her liable for the disallowed amounts. As the solicitor general correctly argued, petitioner had nothing to do with the preparation and the computation of the AAE (now ABC) and, thus, should not have been held liable for the amounts disauthorized during the post-audit. [underscoring and words
in parenthesis supplied] (Suarez vs. COA, G.R. No. 131077, 7 August 1998)

125
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement c) It should be noted that the disallowance fell under Mobilization and Demobilization, and Earthfill and Compaction expenses, as appearing in the Approved Agency Estimates (AAE) [now ABC]. x x x. [P]etitioner had nothing to do with the preparation and the computation of the AAE. Therefore, she should not have been held liable for the amounts disallowed during the post-audit. (initial
in bracket supplied; underscoring supplied) [Salva Carague, G.R. No. 157875, 19 December 2006] vs.

126
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement (continuation) c) It is evident that the additional expense was for the benefit of the PSU, x x x. The additional expense was also within the Approved Agency Estimates. Further, there is no showing that the petitioner was ill-motivated, or that she had personally profited or sought to profit from the transactions, or that the disbursements have been made for personal or selfish ends. (Salva vs. Carague,
G.R. No. 157875, 19 December 2006)

127
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.5. Procurement d) 13.1. To enhance the transparency of the process, the BAC shall, in all stages of the procurement process, invite, in addition to the representative of the COA, at least two (2) observers, who shall not have the right to vote, to sit in its proceedings where: 1. At least one (1) shall come from a duly recognized private group in a sector or discipline relevant to the procurement at hand, x x x; and 2. The other observer shall come from a non-government organization (NGO).
[underscoring supplied] (Rule V-BIDS AND AWARDS COMMITTEE, Revised Implementing Rules and Regulations of RA 9184 or the Government Procurement Reform Act, 2 September 2009)

128
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.5. Procurement e) The post-qualification shall verify, validate, and ascertain all statements made and documents submitted by the bidder with the Lowest Calculated Bid/Highest Rated Bid, using nondiscretionary criteria, as stated in the Bidding Documents. These criteria shall consider, but shall not be limited to, the following: a) Legal Requirements. x x x. b) Technical Requirements. x x x. c) Financial Requirements. x x x. [underscoring
supplied] (Section 34.3, Rule X POST-QUALIFICATION, Revised Implementing Rules and Regulations of RA 9184 or the Government Procurement Reform Act, 2 September 2009)

129
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.5. Procurement f) The fact is all too glaring that during the post-qualification stage, the BAC considered some factors which were extraneous to and not included in the bid documents, x x x, and, at the same time, glossed over two of the requirements which were indicated in the bid documents, x x x. Essentially, it can be said that the eligible bidders did not bid upon the same thing.
[underscoring supplied] (Commission on Audit vs. Link Worth International, Inc., G.R. No. 182559, 13 March 2009)

130
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement g) 12.2. The BAC shall be responsible for ensuring that the procuring entity abides by the standards set forth by the Act and this IRR, and it shall prepare a procurement monitoring report x x x shall cover all procurement activities specified in the APP, whether ongoing and completed, from the holding of the preprocurement conference to the issuance of notice of award and the approval of the contract, including the standard and actual time for each major procurement activity. x x x . [underscoring supplied] (Rule V-Bids
and Awards Committee, Revised Implementing Rules and Regulations of RA 9184, 2 September 2009)

131
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.5. Procurement h) In this case, it was clearly shown that the CDA could have purchased the same quality computers with similar technical specifications at much lower cost and the result of technical evaluation was manipulated to favor one bidder, for which the COA found the petitioner to be directly responsible.
(Verzosa, Jr. March 2011) vs Carague, G.R. No. 157838, 8

132
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement (continuation) h) As pointed out in our Decision, records showed it was petitioner who ordered the reconstitution of the PBAC which nullified the previous bidding conducted in December 1991. He further secured the services of the DAPTEC for technical evaluation and signed the agreement for the said technical assistance when it is already the duty of the PBAC Chairman. (Verzosa, Jr. vs
Carague, G.R. No. 157838, 7 February 2011)

133
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement i) Moreover, despite patent and glaring defects in the typewriters which could be determined by a reasonable inspection of the units, petitioner signed the Reports of Inspection that mentioned only that the delivered typewriters met the quantity ordered. The report was silent on the quality of the typewriters. Yet, she hastily signed it, conveniently overlooking the deficiencies in the transaction.
(underscoring original) [Dugayon vs. People Philippines, G.R. No. 147333, 12 August 2004] of the

134
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement (continuation) i) She accepted the secondhand typewriters, contrary to the requirement to buy brand new units, and allowed payment for them at the price of brand new units. She admitted that the specification for the typewriters should be brand new. (Dugayon vs. People of the Philippines,
G.R. No. 147333, 12 August 2004)
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement j) Section 54. Terms and Conditions for the use of Alternative Methods 4.1. Splitting of Government Contracts means the division or breaking up of GOP contracts into smaller quantities and amounts, or dividing contract implementation into artificial phases of sub-contracts for the purpose of evading or circumventing the requirements of law and this IRR, especially the necessity of public bidding and the requirements for the alternative methods of procurement. x x x. (underscoring
supplied) [Rule XVI, Revised Implementing Rules and Regulations of Republic Act 9184, 2 September 2009]
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement k) Splitting may be in the form of (1) Splitting of Requisitions which consists in the non-consolidation of requisitions for one or more items needed at about the same time by the requisitioner; (2) Splitting of Purchase orders which consists in the issuance of two or more purchase orders based on two or more requisitions for the same or at about the same time by the different requisitioners; and (3) Splitting of payments which consists in making two or more payments for one or more items involving one purchase order.
(underscoring supplied) [Preagido vs. Sandiganbayan, G.R. No. 52341-46, 25 November 2005]
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement (continuation) k) He could not have failed to notice that there was only one set of request for sealed quotation for the total of 9, 369 cubic meters of anapog binders and one purchase order which supported the three GVs all for amounts less than P50,000.00 each to the same contractor/ supplier James Tiu. The issuance of three GVs for amounts less that P50, 000.00 each was resorted to since a higher amount would have required the vouchers to be forwarded to the Regional Auditor for action and review. [Preagido vs. Sandiganbayan, G.R. No. 5234146, 25 November 2005]

138
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement l) The flowchart clearly shows that, after the PROJECT IMPLEMENTATION stage, the project must be inspected by the PROJECT INSPECTORATE TEAM before there can be ACCEPTANCE/TURNOVER and thereafter, PAYMENT. x x x. [I]t can be deduced from the flow chart that prior examination of the project by the Inspectorate Team is necessary before there can be acceptance or turnover of PSB projects and payment to the contractors concerned. (emphasis and
underscoring original) [Leycano vs. Commission on Audit, G.R. No. 154665, 10 February 2006]

139
1. Control Environment 1.3 All the Coordinate Methods and Measures 1.3.5. Procurement (continuation)
l)
Thus, petitioner should have perceived the anomaly in the existence of Acceptance Reports executed by DECS officials prior to the Inspectorate Teams assessment of the projects and its issuance of a certificate of inspection. Strangely, rather than being alerted by this circumstance, petitioner even claims that these Acceptance Reports were among his bases for signing the Certificate of Inspection.
(underscoring supplied)[Leycano vs. Commission on Audit, G.R. No. 154665, 10 February 2006]

140
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.6. Qualification Standards (Personnel) a) SEC. 22. Qualification Standards. (1) x x x Qualification standards shall be used as basis for civil service examinations for positions in the career service, as guides in appointment and other personnel actions, in the adjudication of protested appointments, in determining training needs, and as aid in the inspection and audit of the agencies personnel work programs. x x x. [underscoring supplied] (Chapter 5, Subtitle A, Title I,
Book V, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

141
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.6. Qualification Standards (Personnel) b) SEC. 22. Qualification Standards (1) x x x (2) The establishment, administration and maintenance of qualification standards shall be the responsibility of the department or agency, with the assistance and approval of the Civil Service Commission and in consultation with the Wage and Position Classification Office. [underscoring supplied] (Chapter
5, Subtitle A, Title I, Book V, Executive Order No. 292, or the Administrative Code of 1987, as amended, 25 July 1987)

142
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.6. Qualification Standards (Personnel) c) Since the responsibility for the establishment, administration and maintenance of qualification standards lies with the concerned department or agency, the role of the CSC is limited to assisting the department or agency with respect to these qualification standards and approving them. The CSC cannot substitute its own standards for those of the department or agency, specially in a case like this in which an independent constitutional body is involved. [underscoring supplied] (Office
of the Ombudsman vs. Civil Service Commission, G.R. No. 162215, 30 July 2007)

143
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.7. Performance (Personnel) a) SEC. 33 Performance Evaluation System. x x x Such performance evaluations system shall be administered in such manner as to continually foster the improvement of individual employee efficiency and organizational effectiveness.
[underscoring supplied] (Chapter 5, Subtitle A, Title I, Book V, the Administrative Code of 1987, as amended, 25 July 1987)

144
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.7. Performance (Personnel) b) (1) Governing Principles - x x x (d) A performance-based incentive scheme which integrates personnel and organizational performance shall be established to reward exemplary civil servants and well-performing institutions; x x x [underscoring supplied]
(Joint Resolution No. 4, the Joint Resolution Authorizing the President of the Philippines to Modify the Compensation and Position Classification System of Civilian Personnel and the Base Pay Schedule of Military and Uniformed Personnel in the Government, and for other Purposes, 17 June 2009)

145
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.7. Performance (Personnel) c) Section. 93. Grounds and Procedure for Dropping from the Rolls. - x x x. a. x x x b. Unsatisfactory or Poor Performance 1. An official or employee who is given two (2) consecutive unsatisfactory ratings may be dropped from the rolls after due notice. x x x. 2. An official or employee, who for one evaluation period is rated poor in performance, may be dropped from the rolls after due notice. x x x
[underscoring supplied] (Rule 19, Revised Rules on Administrative Cases in the Civil Service, CSC Resolution No. 1101502, 8 November 2011)

146
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel) a) SEC. 47. Disciplinary Jurisdiction. (1) x x x (2) The Secretaries and heads of agencies and instrumentalities, provinces, cities and municipalities shall have jurisdiction to investigate and decide matters involving disciplinary action against officers and employees under their jurisdiction. x x x . [underscoring supplied]
(Chapter 6, Subtitle A, Title I, Book V, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

147
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel) b) SEC. 30. Authority to Appoint and Discipline. x x x In the case of the line bureau or office, the head shall also appoint the second level personnel of the regional offices, unless such power has been delegated. He shall have the authority to discipline employees in accordance with the Civil Service Laws. [underscoring supplied]
(Chapter 6, Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, 25 July 1987)

148
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel) c) SEC. 27. Duties of a Regional Director. The Regional Director shall: x x x (4) Appoint personnel to positions in the first level and casual and seasonal employees; and exercise disciplinary actions over them in accordance with the Civil Service Law; x x x.

149
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel)
d) Section 1. Public Office is a public trust. Public officers and employees must at all times be accountable to the people, serve them with utmost responsibility, integrity, loyalty, and efficiency, act with patriotism and justice, and lead modest lives. [underscoring supplied] Article XI [ACCOUNTABILITY
OF PUBLIC OFFICERS], 1987 Philippine Constitution)

150
1. Control Environment
1.3. All the Coordinate Methods and Measures

1.3.8. Discipline (Personnel) e) SEC. 35. Ethics in Government. All public officers and employees shall be bound by a Code of Ethics to be promulgated by the Civil Service Commission. (Chapter 9, Book I, Executive (EO) No.
292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

151
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel) f) Section 1. x x x (d) Those who render free voluntary service to the government are covered by the following: 1) Laws on rewards and incentives;
2) Norms of conduct and ethical standards; 3) Duties and obligations of public officers and employees; 4) Prohibitions and sanctions enumerated in these Rules; and 5) Civil and criminal liability.(Section
1(d), Rule XII, Rules Implementing The Code of Conduct and Ethical Standards for Public Officials and Employees pursuant to Section 12 of Republic Act (RA) No. 6713, 21 April 1989)

152
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel) g) The principle is that when an officer or employee is disciplined, the object sought is not the punishment of such officer or employee but the improvement of the public service and the preservation of the publics faith and confidence in the government.[underscoring supplied] (Remolana
vs. CSC, G.R. No. 137473, 2 August 2001; and CSC vs. Cortez, G.R. No. 155732, 3 June 2004)

153
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel) h) x x x the powers so delegated to the officer are held in trust for the people and are to be exercised in behalf of the government or of all citizens who may need the intervention of the officers. Such trust extends to all matters within the range of duties pertaining to the office. In other words, public officers are but the servants of the people, and not their rulers. [underscoring supplied] (Sabio vs.
Gordon, G.R. No. 174340, 17 October 2006)

154
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel) i) x x x conduct prejudicial to the best interest of the service refers to acts or omissions that violate the norm of public accountability and diminish or tend to diminish the peoples faith in the Judiciary. x x x The image of the Judiciary is mirrored in the conduct of its personnel whether inside or outside the court. Thus, court personnel must exhibit a high sense of integrity not only in the performance of their official duties but also in their personal affairs. [emphasis
in the original; underscoring supplied] (Toledo vs. Perez, A.M. Nos. P-03-1677 and P-07-2317, 15 July 2009)

155
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel) j) As an employee, he is required to render service for the prescribed working hours. This is one of the conditions for payment of his salaries. x x x As a public servant, it is also incumbent upon him to serve the public at least for the required amount of time. In fact he is even encouraged to work beyond the prescribed working hours in order that public service will not be prejudiced. It is evident that he does not take his duty to heart considering the amount of undertime he incurred. x x x. [underscoring
Supplied] (CSC Resolution No. 020766, Lalao, Usop M., 28 May 2002)

156
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.8. Discipline (Personnel) k) x x x failed to uphold the law and provide a sound legal assistance and support to the mayor in carrying out the delivery of basic services and provisions of adequate facilities when he advised [the mayor] to proceed with the construction of the subject projects without prior competitive bidding. [underscoring supplied, words in parenthesis in
the original] (Salumbides vs. Ombudsman, G.R. No. 180917, 23 April 2010)

157
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.9. Performance (Agency) a) SEC. 51 Evaluation of Agency Performance. - The President, through the Secretary, shall evaluate on a continuing basis the quantitative and qualitative measures of agency performance as reflected in the units of work measurement and other indicators of agency performance, including the standard and actual costs per unit of work.[underscoring supplied]
(Chapter 6, Book VI, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

158
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.9. Performance (Agency) b) SEC. 8. Submission of Performance Evaluation Reports. - The Secretary shall formulate and enforce a system of measuring and evaluating periodically and objectively the performance of the Department and submit the same annually to the President. [underscoring
supplied] (Chapter 2, Book IV, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

159
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.10. Systems/Process Approach a) Systems/Process Approach. x x x. The organization should identify its customers and other interested parties as well as their requirements, needs and expectations, to define the organizations intended outputs.
[underscoring supplied] (Clause 5.1.1. ISO 9000, the Introduction and Support Package: Guidance on the Concept and Use of the Process Approach for Management Systems, ISO/TC 176/SC 2/N 544R3, 15 October 2008; Executive Order 605, Institutionalizing the Structure, Mechanisms and Standards to Implement the Government Quality Management Program, Amending for the Purpose Administrative Order No. 161, s. 2006, 23, February 2007)

160
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.10. Systems/Process Approach
b) Process refers to the set of interrelated or interacting activities of the public sector organization which transforms input elements (policies, resources, citizen needs and expectations, etc.) into outputs/outcomes (the products and services provided to the citizens).
[underscoring supplied] (Clause 3.5., Government Quality Management System Standards (GQMSS), the Quality Management Systems - Guidance Document for the Application of ISO 9001:2000 in Public Sector Organizations, 21 June 2007; Executive Order (EO) No. 605 s. 2007; and Republic Act (RA) No. 9013)

161
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.11. Results Validation shall demonstrate the ability of these processes to achieve planned results. x x x a) defined criteria for review and approval of the processes, b) approval of equipment and qualification of personnel, c) use of specific methods and procedures, d) requirements for records, and e) revalidation. [underscoring supplied] (Clause
7.5.2., PNS ISO 9001:2008 Quality Management Systems Requirements, 15 November 2008)

162
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.12. Control of Document A documented procedure shall be established to define the controls needed
a) to approve documents adequacy prior to use,

b) to review necessary documents, and and
for
update as re-approve
c) to ensure that changes and the current revision status of documents are identified, . . .

163
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.12. Control of Document (continuation) d) to ensure that relevant versions of applicable documents are available at points of use,
e) to ensure that documents remain legible and readily identifiable, f) to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and . . .

164
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.12. Control of Document (continuation)
g) to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
[underscoring supplied] (Clause 4.2.3., PNS ISO 9001:2008 Quality Management Systems Requirements, 15 November 2008)

165
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.13. Control of Records
The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention and disposition of records. [underscoring
supplied] (Clause 4.2.4., PNS ISO 9001:2008 Quality Management Systems Requirements, 15 November 2008)

166
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.14. Requirements The organization shall determine
a) requirements specified by the customer, including the requirements for delivery and post-delivery activities,
b) requirements not stated by the customer but necessary for specified or intended use, where known, . . .

167
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.14. Requirements (continuation) c) statutory and regulatory requirements applicable to the product, and d) any additional requirements considered necessary by the organization. [underscoring supplied] (Clause 7.2.1., PNS
ISO 9001:2008 Quality Management Requirements, 15 November 2008) Systems

168
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.15. Preventive Action
A documented procedure shall be established to define requirements for

a) determining potential nonconformities and their causes, b) evaluating the need for action to prevent occurrence of nonconformities, . . .

169
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.15. Preventive Action (continuation)
c) determining and implementing action needed d) records of results of action taken, and e) reviewing the effectiveness of the preventive action taken. [underscoring

170
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.16. Corrective Action
A documented procedure shall be established to define requirements for

a) reviewing nonconformities ding customer complaints), (inclu-
b) determining the causes of nonconformities, c) evaluating the need for action to ensure that nonconformities do not recur, . . .

171
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.16. Corrective Action (continuation) d) determining and implementing action needed, e) records of the results of action taken, and f) reviewing the effectiveness of the corrective action taken. [underscoring

172
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.17. Monitor Perception As one of the measurements of the performance of the quality management system, the organization shall monitor information relating to customer perception as to whether the organization has met customer requirements. The methods for obtaining and using this information shall be determined. [underscoring supplied]
(Clause 8.2.1 PNS ISO 9001:2008, 15 November 2008)

173
1. Control Environment 1.3. All the Coordinate Methods and Measures 1.3.18. Assess Risk The design and implementation of an organizations quality management system is influenced by: a) its organizational environment, changes in that environment, and the risks associated with that environment; b) its varying needs; c) its particular objectives; d) the products it provides; e) the processes it employs; f) its size and organization structure. x x x
[underscoring supplied] (Clause 0.1, PNS ISO 9001:2008 Quality Management System, 15 November 2008)

174
2. Risk Assessment Risk assessment is the process of identifying, analyzing and evaluating relevant risks to the achievement of the control objectives and determining the appropriate response.
[underscoring supplied] (Department of Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 29; and International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 22)

175
2. Risk Assessment 2.1. Risk - effect of uncertainty on objectives

(Clause 1, 1.1, PNS ISO Guide 73:2010 (ISO published 2009) the Risk management Vocabulary, 11 March 2010;
2.1.1. Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). (Clause 1, 1.1, Note 2, ibid.)

176

(Clause 1, 1.1, PNS ISO Guide 73:2010 (ISO published 2009) the Risk management Vocabulary, 11 March 2010)
2.1.2. Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequences, or likelihood.
(Clause 1, 1.1, Note 5, ibid.)
a) Event - occurrence or change of a particular set of circumstances

(Clause 3, 3.5.1.3, ibid.)
b) Consequences - outcome of an event (3.5.1.3) affecting objectives

[emphasis in the original] (Clause 3, 3.6.1.3, ibid.)

177
2. Risk Assessment
2.1. Risk - effect of uncertainty on objectives
2.1.3. An effect is a deviation from the expected positive and/or negative

(Clause 1, 1.1, Note 1, ibid.)
a) (7) Expected result means service, product, or benefit that will accrue to the public, estimated in terms of performance measures or targets.
(Section 2, Chapter 1, Book VI, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, 25 July 1987; and Art. 406 (g), Rule XXXIV, Rules and Regulations Implementing the Local Government Code of 1991, 21 February 1992)

178
2. Risk Assessment 2.1. Risk - effect of uncertainty on objectives 2.1.3. An effect is a deviation from the expected positive and/or negative (Clause
1, 1.1, Note 1, ibid.)
b) SEC. 3. Declaration of Policy. x x x. The budget x x x shall be oriented towards the achievement of explicit objectives and expected results, to ensure that funds are utilized and operations are conducted effectively, economically and efficiently. x x x.
[underscoring supplied] (Chapter 2, Book VI, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, 25 July 1987)

179

2.1.4. Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (3.6.1.1) of occurrence.
[emphasis in the original] (clause 1, 1.1, Note 4, ibid.)
2. Risk Assessment
a) Creates value b) Integral part of organizational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilities continual improvement and enhancement of the organization Principles (Clause 3) Design of framework for managing risk (4.3) Continual improvement of the framework (4.6) Mandate and Commitment (4.2) Communication and consultation (5.2)

180
2.2. Risk Management Principles, Framework and Process
Establishing the context(5.3)
Risk assessment (5.4) Risk identification (5.4.2) Monitoring and review (5.6)
Implementing risk management (4.4)
Risk analysis(5.4.3)
Risk evaluation(5.4.4)
Monitoring and review of the framework (4.5) Framework (Clause 4)
Risk treatment (5.5)
Process (Clause 5)
180

181
2. Risk Assessment 2.3. Risk Management Process Risk assessment comprises the core elements of the risk management process which are defined in ISO 31000 and contain the following elements:
communication and consultation;

establishing the context; risk assessment (comprising risk identification, risk analysis and risk evaluation); risk treatment; monitoring and review.
(Clause 4, 4.3.1, PNS ISO/IEC 31010:2010 (ISO published 2009), the Risk management Risk assessment techniques, 11 March 2010)

182
2. Risk Assessment
2.4. Establishing the Context For a specific risk assessment, establishing the context should include the definition of the external, internal and risk management context and classification of risk criteria: x x x
Clause 4, 4.3.3, PNS ISO/IEC 31010:2010 (ISO published 2009, the Risk management Risk assessment techniques, 11 March 2010)

183
2. Risk Assessment
2.5. Establishing the Context

2.5.1. External context - external environment in which the organization seeks to achieve its objectives External context can include: a) the cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local; . . .

184
2. Risk Assessment 2.5. Establishing the Context 2.5.1. External Context

(continuation)
b) key drivers and trends having impact on the objectives of the organization; and
c) relationships with, and perceptions and values of external stakeholders (3.2.1.1.) [emphasis in the original; underscoring
supplied] (Clause 3, 3.3.1.1., PNS ISO Guide 73:2010 (ISO published 2009), the Risk management Vocabulary, 11 March 2010)

185
2. Risk Assessment 2.5. Establishing the Context 2.5.2. Internal context - internal environment in which the organization seeks to achieve its objectives Internal context can include:
a) governance, organizational structure, roles and accountabilities;

b) policies, objectives, and the strategies that are in place to achieve them; . . .

186
2. Risk Assessment 2.5. Establishing the Context 2.5.2. Internal Context (continuation) c) the capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies); d) information systems, information flows and decision-making processes (both formal and informal); e) relationships with, and perceptions and values of internal stakeholders; ...

187
2. Risk Assessment 2.5. Establishing the Context 2.5.2. Internal Context (continuation) f) the organizations culture; g) standards, guidelines and models adopted by the organization; and h) form and extent of contractual relationships. [underscoring supplied] (Clause 3,
3.3.1.2., PNS ISO Guide 73:2010 (ISO published 2009), the Risk management Vocabulary, 11 March 2010)

188
2. Risk Assessment 2.5. Establishing the Context 2.5.3. Defining risk criteria involves deciding a) the nature and type of consequences to be included and how they will be measured, b) the way in which probabilities are to be expressed, c) how a level of risk will be determined, . . .

189
2. Risk Assessment 2.5. Establishing the Context 2.5.3. Risk Criteria (continuation) d) the criteria by which it will be decided when a risk needs treatment, e) the criteria for deciding when a risk is acceptable and/or tolerable, f) whether and how combinations of risks will be taken into account. [underscoring supplied] (Clause 4,
4.3.3d), PNS ISO/IEC 31010:2010 (ISO published 2009, the Risk management Risk assessment techniques, 11 March 2010)

190
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.1. Risk Identification a) [I]dentify sources of risk, areas of impacts, events (including changes in circumstances) and their causes and their potential consequences. x x x risks based on those events that might create, enhance, prevent, degrade, accelerate or delay the achievement of objectives. x x x the risks associated with not pursuing an opportunity. x x x
(Clause 5, 5.4.2, 1 sr par., PNS ISO 31000:2010 (ISO published 2009), the Risk management Principles and guidelines, 11 March 2010)

191
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.1. Risk Identification
b) Risk source - element which alone or in combination has the intrinsic potential to give rise to risk (1.1)
[emphasis in the original] (Clause 3, 3.5.1.2, PNS ISO Guide 73:2010 (ISO published 2009) the Risk management Vocabulary, 11 March 2010)

192
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.1. Risk Identification c) [C]ritical, because a risk that is not identified at this stage will not be included in further analysis.(Clause 5, 5.4.2,
1st par, PNS ISO/IEC 31000:2010 (ISO published 2009, the Risk management Principles and guidelines, 11 March 2010)

193
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.1. Risk Identification

d) Risk description - structured statement of risk usually containing four elements: sources, events (3.5.1.3), causes and consequences (3.6.1.3) [emphasis in the
original] (Clause 3, 3.5.1.1, PNS ISO Guide 73:2010 (ISO published 2009) the Risk management Vocabulary, 11 March 2010)

194
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.1. Risk Identification e) Once a risk is identified, the organization should identify any existing controls such as design features, people, processes and systems. [underscoring supplied] (Clause 5, 5.2,
2nd par, PNS ISO/IEC 31010:2010 (ISO published 2009, the Risk management Risk assessment techniques, 11 March 2010)
i)
Control - measure that is modifying risk (1.1) [emphasis in the original](Clause 3, 3.8.1.1,
PNS ISO Guide 73:2010 (ISO published 2009) the Risk management Vocabulary, 11 March 2010)
ii) Control includes any process, policy, device, practice, or other actions which modify risk. (Clause 3, 3.8.1.1, Note 1,
ibid.)

195
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis
a) Risk analysis involves consideration of the causes and sources of risk, their consequences and the probability that those consequences can occur. Factors that affect consequences and probability should be identified.
[underscoring supplied] (Clause 5, 5.3.1, PNS ISO/IEC 31010:2010 (ISO published 2009, the Risk management Risk assessment techniques, 11 March 2010)

196
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis b) Risk analysis consists of determining the consequences and their probabilities for identified risk events, taking into account the presence (or not) and the effectiveness of any existing controls. The consequences and their probabilities are then combined to determine a level of risk. [underscoring
supplied] (Clause 5, 5.3.1, PNS ISO/IEC 31010:2010 (ISO published 2009, the Risk management Risk assessment techniques, 11 March 2010)

197
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis c) Controls Assessment The level of risk will depend on the adequacy and effectiveness of existing controls. Questions to be addressed include:
i) what are the existing controls for a particular risk? . . .

198
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis c) Controls Assessment (continuation) ii) are those controls capable of adequately treating the risk so that it is controlled to a level that is tolerable? iii) in practice, are the controls operating in the manner intended and can they be demonstrated to be effective when required? [underscoring
supplied] (Clause 5, 5.3.2, PNS ISO/IEC 31010:2010 (ISO published 2009), the Risk management Risk assessment techniques, 11 March 2010]

199
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis d) Consequence analysis can involve : i) taking into consideration existing controls to treat the consequences, together with all relevant contributory factors that have an effect on the consequences; ii) relating the consequences of the risk to the original objectives; . . .

200
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis d) Consequence Analysis (continuation) iii) considering both immediate consequences and those that may arise after a certain time has elapsed, if this is consistent with the scope of the assessment; . . .

201
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis d) Consequence Analysis (continuation)
iv)
considering secondary consequences, such as those impacting upon associated systems activities, equipment or organizations. (Clause 5.3.3, PNS
ISO/IEC 31010:2010 (ISO published 2009), the Risk management Risk assessment techniques, 11 March 2010)

202
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis d) Consequence Analysis
Examples of Consequence Tables

Consequence Ex. 1 Catastrophic Major Moderate Minor Insignificant 5 4 3 2 1
Consequence Ex. 2
Critical Severe Medium Negligible 4 3 2 1
Consequence Ex. 3 Significant Moderate Insignificant 3 2 1
It is up to each organisation to define the severity of impact that allow users to assess consequence. (DBM Briefing on ISO 31000:2009 Risk Management System-Principles
and Guidelines and the ISO/IEC 31010:2009 Risk Management-Risk Assessment Techniques conducted by Mr. Kevin W. Knight and DES Alberto A. Bernardo, 8-9 February 2012)

203
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis e) Likelihood Analysis and Probability Estimation i) Likelihood chance of something happening (Clause 3, 3.6.1.1, PNS ISO
Guide 73:2010 (ISO published 2009) the Risk management Vocabulary, 11 March 2010)
ii) Probability measure of the chance of occurrence expressed as a number between 0 to 1, where 0 is impossibility and 1 is absolute certainty (Clause 3, 3.6.1.4, PNS
Guide 73:2010 (ISO published 2009) the Risk management Vocabulary, 11 March 2010)

204
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis e) Likelihood Analysis and Probability Estimation iii) Frequency number of events (3.5.1.3) or outcomes per defined unit of time [emphasis in the
original] (Clause 3, 3.6.1.5, PNS ISO Guide 73:2010 (ISO published 2009) the Risk management Vocabulary, 11 March 2010)

205
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis e) Likelihood Analysis and Probability Estimation
iv) Three general approaches are commonly employed to estimate probability; they may be used individually or jointly: 1) use of relevant data x x x. . . . historical

206
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis e) Likelihood Analysis and Probability Estimation iv) General Approaches (continuation) 2) Probability forecasts using predictive techniques such as fault tree analysis and event tree analysis x x x. 3) Expert opinion can be used in a systematic and structured process to estimate probability. x x x (Clause 5.3.4, PNS ISO/IEC 31010:
2010 (ISO published 2009), the Risk management Risk assessment techniques, 11 March 2010)

207
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis e) Likelihood Analysis and Probability Estimation Examples of Likelihood Tables
Likelihood Ex. 1 Almost Certain 5 Likelihood Ex. 2 Common Potential Low Potential Almost Never 4 3 2 1 Likelihood Ex. 3 High Frequency Moderate Frequency Low Frequency 3 2 1
Likely
Possible Unlikely Rare
4
3 2 1
It is up to each organisation to define the parameters that allow users to assess likelihood. (DBM Briefing on ISO 31000:2009 Risk Management System-Principles
and Guidelines and the ISO/IEC 31010:2009 Risk Management-Risk Assessment Techniques conducted by Mr. Kevin W. Knight and DES Alberto A. Bernardo, 8-9 February 2012)

208
2. Risk Assessment
2.6. Elements of Risk Assessment 2.6.2. Risk Analysis

f) Uncertainty analysis involves the determination of the variation or imprecision in the results, resulting from the collective variation in the parameters and assumptions used to define the results. (Clause 5.3.6, PNS ISO/IEC
31010:2010 (ISO published 2009), the Risk management Risk assessment techniques, 11 March 2010)

209
2. Risk Assessment
2.6. Elements of Risk Assessment 2.6.2. Risk Analysis

g) Sensitivity analysis involves the determination of the size and significance of the magnitude of risks to changes in individual input parameters. (Clause 5.3.6, PNS ISO/IEC
31010:2010 (ISO published 2009), the Risk management Risk assessment techniques, 11 March 2010)

210
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.2. Risk Analysis h) Examples of Risk Rating Matrices
Risk Rating Ex. 1 Risk Rating Ex. 2 Extreme Significant Medium 4 3 2 Risk Rating Ex. 3 High 3
Very High
High Tolerable Low
5
4 3 2
Medium
Low
2
1
Low
Very Low
It is up to each organisation to define the terminology for risk rating levels, and how this is set in the risk rating matrix. (DBM Briefing on ISO 31000:2009
Risk Management System-Principles and Guidelines and the ISO/IEC 31010:2009 Risk ManagementRisk Assessment Techniques conducted by Mr. Kevin W. Knight and DES Alberto A. Bernardo, 8-9 February 2012)
i) Examples of Risk Rating Matrix

LIKELIHOOD
CONSEQUENCE

211
Rare
High
Unlikely
Very High
Possible
Very High
Likely
Very High
Almost Certain
Very High
Catastrophic
Significant
Major Moderate Minor Insignificant Negligible
High
Tolerable Low Low Very Low Very Low
High
High Tolerable Low Low Very Low
Very High
High Tolerable Tolerable Low Low
Very High
Very High High Tolerable Tolerable Tolerable
Very High
Very High High Tolerable Tolerable Tolerable
ISO 31000:2009 emphasises that organisations must tailor the criteria that drives assessment and analysis to reflect the nature and business environment of their operations. (DBM Briefing on ISO 31000:2009 Risk Management System-Principles and Guidelines and the
ISO/IEC 31010:2009 Risk Management-Risk Assessment Techniques conducted by Mr. Kevin W. Knight and DES Alberto A. Bernardo, 8-9 February 2012)

212
2. Risk Assessment
2.6. Elements of Risk Assessment 2.6.3. Risk Evaluation

a) Risk evaluation process of comparing the results of risk analysis (3.6.1) with risk criteria (3.3.1.3) to determine whether the risk (1.1) and/or its magnitude is acceptable or tolerable [emphasis in the original] (Clause
3, 3.7.1, PNS IEC Guide 73:2010 (ISO published 2009), the Risk management Risk assessment techniques, 11 March 2010)

213
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.3. Risk Evaluation b) Risk evaluation involves comparing estimated levels of risk with risk criteria defined when the context was established, in order to determine the significance of the level and type of risk.(Clause 5, 5.4, PNS ISO/IEC 31010:2010 (ISO published
2009), the Risk management Risk assessment techniques, 11 March 2010)

214
2. Risk Assessment 2.6. Elements of Risk Assessment 2.6.3. Risk Evaluation c) This is the process of evaluating the significance of the risk and assessing the likelihood of its occurrence. With risk evaluation, management would become aware of the actions which need to be undertaken and their relative priority. [underscoring supplied] (National
Guidelines on Internal Control System, DBM Circular Letter No. 2008-8, 23 October 2008, p. 31 and 2.2 Risk Assessment, INTOSAI Guidelines for Internal Control Standards for the Public Sector, 2004, pp. 22-23)
2. Risk Assessment 2.7. Applicability of Tools Used for Risk Assessment

Risk Analysis Tools and Techniques
Risk Identification Consequence Proba -bility Level of Risk

215
Risk Assessment Process

See Anne x
Risk Evaluation
Environmental Risk Assessment

Structure <<What if?>> (SWIFT) Root Cause Analysis Failure Mode Effect Analysis Human Reliability Analysis Reliability Centred Maintenance FN Curves
SA
SA NA SA SA SA A
SA
SA SA SA SA SA SA
SA
SA SA SA SA SA SA
SA
SA SA SA SA SA A
SA
SA SA SA A SA SA
B 08
B 09 B 12 B 13 B 20 B 22 B 27
Risk Indices
Consequence/Probability Matrix Cost/Benefit Analysis Multi-criteria Decision Analysis (MCDA)
1) 2) 3) Strongly applicable Not applicable Applicable
A
SA A A
SA
SA SA SA
SA
SA A A
A
SA A SA
SA
A A A
B 28
B 29 B 30 B 31
Annex A, Table A.1, PNS ISO/IEC 31010:2010 (ISO published2009), the Risk management Risk assessment techniques, 11 March 2010.)

216
2. Risk Assessment
2.8. Attributes of a Selection of Risk Assessment Tools
Relevance of Influencing Factors Type of Risk Assessment Technique Resources Nature and and Degree of Capability Uncertainty Can Provide Quantitative Output
Complexity Any Medium

Medium Medium High Medium
SWIFT Structured what-if Human Reliability Analysis (HRA)

Root Cause Analysis (Single Loss Analysis) FMEA and FMECA Cause/Consequence Analysis Reliability-Centred Maintenance
Medium Medium
Medium Medium High Medium
Medium Medium
Low Medium Medium Medium
No Yes
No Yes Yes Yes
Annex A, Table A.2, PNS ISO/IEC 31010:2010 (ISO published2009), the Risk management Risk assessment techniques, 11 March 2010.)

217
3. Control Activity Control activities are the policies and procedures established to address risks and to achieve the entitys objectives. (Department of Budget and Management
(DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, pp. 31-32 and 2.3 Control Activities, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 28)

218
3. Control Activity 3.1. Risk Responses 3.1.1 Internal control activities are a response to risk in that they are designed to contain the uncertainty of outcome that has been identified. (Department of Budget
and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 32 and 2.2 Risk Assessment, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004 p. 23)

219
3. Control Activity 3.1. Risk Responses 3.1.2. Risk Treatment - process to modify risk (1.1) Risk treatment can involve: a) avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; b) taking or increasing risk in order to pursue an opportunity; c) removing the risk source (3.5.1.2); d) changing the likelihood (3.6.1.1); e) changing the consequences (3.6.1.3.); f) sharing the risk with another party or parties [including contracts and risk financing (3.8.1.4)]); and g) retaining the risk by informed decision.
[emphasis in the original] (Clause 3, 3.8.1, PNS ISO Guide 73:2009 (ISO
published 2009), the Risk management Vocabulary, 11 March 2010)

220
3. Control Activity 3.2. Performance Review and Improvement of Operations, Processes and Activities
and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 33 and 2.3 Control Activities, No. 6. Reviews of Operating Performance, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 30)
If performance reviews determine that actual accomplishments do not meet established objectives or standards, the processes and activities established to achieve the objectives should be reviewed to determine if improvements are needed. [underscoring supplied] (Department of Budget

221
3. Control Activity 3.3. Compliance Review and Improvement of Operations, Processes and Activities
Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 33 and 2.3 Control Activities, No. 7. Reviews of operations, processes and activities, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 30-31)
Operations, processes and activities should be periodically reviewed to ensure that they are in compliance with current regulations, policies, procedures, or other requirements. This type of review of the actual operations of an organization should be clearly distinguished from the monitoring of internal control x x x. [underscoring supplied] (Department of

222
3. Control Activity 3.4. Monitoring and Reviewing 3.4.1. Monitoring - continual checking, supervising, critically observing or determining the status in order to identify change from the performance level required or expected.
(Clause 3, 3.8.2.1, PNS ISO Guide 73:2010 (ISO published 2009) the Risk management Vocabulary, 11 March 2010)
3.4.2. Review - activity undertaken to determine the suitability, adequacy and effectiveness of the subject matter to achieve established objectives. (Clause 3, 3.8.2.2, PNS ISO Guide 73:2010
(ISO published 2009) the Risk management Vocabulary, 11 March 2010)

223
3. Control Activity 3.4. Monitoring and Reviewing 3.4.3. Risk Assessment The risk assessment process will highlight context and other factors that might be expected to vary over time and which could change or invalidate the risk assessment. These factors should be specifically identified for on-going monitoring and review, so that the risk assessment can be updated when necessary. [underscoring supplied] (Clause 5, 5.6,
PNS ISO/IEC 31010:2010 (ISO published 2009), the Risk management Risk assessment techniques, 11 March 2010)

224
3. Control Activity 3.4. Monitoring and Reviewing

3.4.4. SEC. 9. Performance and Financial Review. The analysis of agency operating performance, the evaluation of performance relative to costs incurred and the review of agency operating systems and procedures are inherent parts of the budget process. . . .

225
3. Control Activity 3.4. Monitoring and Reviewing
(continuation)
3.4.4. Agencies shall therefore design and implement (1) management information systems yielding both performance and financial information which will adequately monitor and control budget implementation, and (2) improvements in operating systems, procedures and practices, so as to ensure that the targets approved in budget authorization are in fact attained at minimum cost. [underscoring
supplied] (Section 9, Chapter 2, Book VI, Executive Order (EO) No. 292 s. 1987, the Administrative Code of 1987, as amended, 25 July 1987)

226
3. Control Activity 3.4. Monitoring and Reviewing 3.4.5. SEC. 9. Monitoring and Information Service. x x x (2) Develop and maintain a system for retrieving and processing monitoring information on all projects and activities of concern to the Secretary; (3) Provide accurate and timely status and exception reports to the Secretary; (4) Generate monitoring reports for the President, the Cabinet, or for any other purpose as required by the Secretary; x x x.
(Chapter 3, Title V, Book IV, EO 292 or the Administrative Code of 1987, as amended, 25 July 1987)

227
4.
Information and Communication Information and communication are vital in attaining the control objectives. They go hand in hand and cut across all the other internal control components. Relevant information must be communicated throughout the agency, as well as to its network of organizations and sectors. [underscoring supplied]
(Department of Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 33 and 2.4 Information and Communication, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, pp. 36-39)

228
4. Information and Communication 4.1. Information The prompt recording and proper classification of transactions and events are preconditions for a reliable and relevant information. Relevant information should be identified, captured and communicated in a form and timeframe that enables a personnel to carry out internal controls and other responsibilities. Therefore, the internal control system as such and all transactions and significant events should be fully documented. [underscoring supplied]
(Department of Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 34 and 2.4 Information and Communication, INTOSAI, the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 36)

229
4. Information and Communication 4.1. Information 4.1.1. Section 2. x x x. They shall establish information systems that will inform the public of the following: (a) policies, rules, and procedures; (b) work programs, projects, and performance targets; (c) performance reports; and (d) all other documents as may hereafter be classified as public information. x x x.
[underscoring supplied] (Rule IV, Rules Implementing Republic Act (RA) No. 6713, the Code of Conduct and Ethical Standards for Public Officials and Employees, 21 April 1989)

230
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure a) Section 7. Statements of Assets and Liabilities. x x x a true, detailed and sworn statement of assets and liabilities, including a statement of the amounts and sources of his income, the amounts of his personal and family expenses and the amount of income taxes paid for the next preceding calendar year: x x x.
[underscoring supplied] (Section 7, Republic Act (RA) No. 3019, the Anti-Graft and Corrupt Practices Act, as amended, 17 August 1960; and Pleyto vs. PNP-CIDG, G.R. No. 169982, 23 November 2007)

231
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure b) (A) Statements of Assets and Liabilities and Financial Disclosure. x x x shall file under oath their Statements of Assets, Liabilities and Net Worth and a Disclosure of Business Interests and Financial Connections and those of their spouses and unmarried children under eighteen (18) years of age living in their households. [underscoring supplied]
(Section 8, Republic Act (RA) No. 6713, the Code of Conduct and Ethical Standards for Public Officials and Employees, 20 February 1989; and Concerned Taxpayer vs. Doblada, Jr., A.M. No. P-99-1342, 20 September 2005)

232
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure c) The following shall have the authority to establish compliance procedures for the review of statements to determine whether said statements have been properly accomplished: (a) x x x (b) In the case of the Executive Department, the heads of department, offices and agencies insofar as their respective departments, offices and agencies are concerned subject to the approval of the Secretary of Justice. (c) x x x. (Civil Service Commission (CSC) MC NO. 10, s. 2006,
Review and Compliance Procedure in the Filing and Submission of the Statement of Assets, Liabilities and Networth and Disclosure of Business Interests and Financial Connections, 17 April 2006)

233
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure d) Formal Defects i) The notice and correction referred to in Section 10 are intended merely to ensure that SALNs are submitted on time, are complete, and are in proper form. Obviously, these refer to formal defects in the SALNs. The charges against Carabeo, however, are for falsification of the assets side of his SALNs and for declaring a false net worth. (Carabeo vs. Sandiganbayan, G.R.
Nos. 190580-81, 21 February 2011)

234
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure d) Formal Defects ii) Furthermore, the only concern of the Review and Compliance Procedure, as per paragraph (a), is to determine whether the SALNs are complete and in proper form. x x x. If it finds that required information has been omitted, the appropriate Committee shall so inform the official who prepared the SALN and direct him to make the necessary correction.
(underscoring supplied) [PAGC vs. Pleyto, G.R. No. 176058, 23 March 2011]

235
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure d) Formal Defects iii) The Court cannot accept the view that the review required of the Committee refers to the substance of what is stated in the SALN, i.e., the truth and accuracy of the answers stated in it, for the following reasons: ...

236
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure d) Formal Defects (continuation)
iii)
First. Assuring the truth and accuracy of the answers in the SALN is the function of the filers oath x x x. Any falsity in the SALN makes him liable for falsification of public documents under Article 172 of the Revised Penal Code. Second. The law will not require the impossible, namely, that the Committee must ascertain the truth of all the information that the public officer or employee stated or failed to state in his SALNs and remind him of it.
(emphasis in the original, underscoring supplied) [PAGC vs. Pleyto, G.R. No. 176058, 23 March 2011]

237
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure e) For RA 6713 i) While Section 10 of RA 6713 indeed allows for corrective measures, Carabeo is charged not only with violation of RA 6713, but also with violation of the Revised Penal Code, RA 1379, and RA 3019, as amended, x x x. [Carabeo vs. Court of
Appeals, G.R. Nos. 178000 and 178003, 4 December 2009]

238
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure e) For RA 6713 ii) Significantly, Carabeo failed to show any requirement under RA 3019 that prior notice of the noncompletion of the SALN and its correction precede the filing of charges for violation of its provisions. Neither are these measures needed for the charges of dishonesty and grave misconduct, which Carabeo presently faces. (Carabeo vs. Court of
Appeals, G.R. Nos. 178000 and 178003, 4 December 2009)

239
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure f) Internal Procedure i) [I]t is apparent that it primarily imposes upon the heads of offices the duty to review the SALNs of their subordinates. If a head of office finds that the SALN of a certain subordinate is incomplete or not in the proper form, then the head of office must inform the subordinate concerned and direct him to take corrective action. Unquestionably, it is an internal procedure limited within the office concerned. (underscoring supplied) [Pleyto
vs. PNP-CIDG, G.R. No. 169982, 23 November 2007]

240
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure f) Internal Procedure
ii) [P]etitioners SALN was not being reviewed or questioned by his head of office, but by the Office of the Ombudsman. Whether or not petitioners SALN was actually reviewed by his head of office is irrelevant and cannot bar the Office of the Ombudsman from conducting an investigation x x x. [Pleyto vs.
PNP-CIDG, GR No. 169982, 23 November 2007)

241
4. Information and Communication 4.1. Information 4.1.2. Review and Compliance Procedure f) Internal Procedure iii) [T]hat when the head of office finds the SALN of a subordinate incomplete or not in the proper form such head of office must call the subordinates attention to such omission and give him the chance to rectify the same. But this procedure is an internal office matter. Whether or not the head of office has taken such step with respect to a particular subordinate cannot bar the Office of the Ombudsman from investigating the latter. (underscoring supplied) [Carabeo vs.
Sandiganbayan, G.R. Nos. 190580-81, 21 February 2011]

242
4. Information and Communication 4.2. Communication
Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control System (NGICS), 23 October 2008, p. 36; and 2.4 Information and Communication, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 38)
Effective communication should flow down, across, and up the organization, throughout all components and the entire structure. There should also be effective communication with external individuals and organizations. (Department of

243
4.
Information and Communication 4.2. Communication 4.2.1. Section 8. Government officials shall make themselves available to their staff for consultations and dialogues.
(Rule III, Rules Implementing Republic Act (RA) No. 6713, the Code of Conduct and Ethical Standards for Public Officials and Employees, 21 April 1989)

244
4. Information and Communication 4.2. Communication 4.2.2. Communicate frequently with customers and other interested parties to ensure continual understanding of their requirements, needs and expectations.
(Clause 5.1.1. ISO 9000, the Introduction and Support Package: Guidance on the Concept and Use of the Process Approach for Management Systems, ISO/TC 176/SC 2/N 544R3, 15 October 2008; Executive Order (EO) No. 605 s. 2007; and Republic Act (RA) No. 9013)

245
4.
Information and Communication 4.2. Communication
4.2.3. Section 5. Every department, office and agency shall consult the public they serve for the purpose of gathering feedback and suggestions on the efficiency, effectiveness and economy of services. They shall establish mechanisms to ensure the conduct of public consultations and hearings. [underscoring supplied] (Rule III, Rules
Implementing Republic Act (RA) No. 6713, the Code of Conduct and Ethical Standards for Public Officials and Employees, 21 April 1989)

246
4. Information and Communication 4.2. Communication 4.2.4. Communication and consultation should address issues relating to the risk itself, its causes, its consequences (if known), and the measures being taken to treat it. Effective external and internal communication and consultation should take place to ensure that those accountable for implementing the risk management process and stakeholders understand the basis on which decisions are made, and the reasons why particular actions are required. [underscoring supplied] (Clause 5 , 5.2, PNS
ISO/IEC 31000:2010 (ISO published 2009), the Risk Management Principles and Guidelines, 11 March 2010]

247
4. Information and Communication 4.2. Communication 4.2.5. SEC. 20. Regional Offices. x x x
x x x (6) Conduct continuing consultations with the local communities, take appropriate measures to make the services of the Department responsive to the needs of the general public, compile and submit such information to the central office and recommend such appropriate actions as may be necessary; and
x x x.

248
4. Information and Communication 4.2. Communication 4.2.6. SEC. 22. District Office. x x x x x x (5) Conduct continuing consultations with the local communities, take appropriate measures to make the services of the Department responsive to the needs of the general public, compile and submit such information to the Regional Office and recommend such appropriate actions as may be necessary; and
x x x.

249
5. Monitoring Monitoring internal control is aimed at ensuring that controls are operating as intended and that they are modified appropriately for changes in conditions. x x x. Monitoring the internal control activities themselves should be clearly distinguished from reviewing an organizations operations which is an internal control activity x x x. [underscoring supplied] (Department of Budget and
Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 37-38; and 2.5 Monitoring, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 41)

250
5. Monitoring
5.1. Ongoing Monitoring

Ongoing monitoring of internal control occurs in the course of normal, recurring operations of an organization. It is performed continually and on a real-time basis, reacts dynamically to changing conditions and is ingrained in the entitys operations. x x x. [underscoring]
supplied] (Department of Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 38; and 2.5 Monitoring, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 41)

251
5. Monitoring 5.2. Separate Evaluation

Separate evaluations of control can also be useful by focusing directly on the controls effectiveness at a specific time. Separate evaluations may take the form of selfassessment as well as a review of control design and direct testing of internal control. Separate evaluations also may be performed by the SAIs, by external or internal auditors. [underscoring
supplied] (Department of Budget and Management (DBM) Circular Letter No. 2008-8, the National Guidelines on Internal Control Systems (NGICS), 23 October 2008, p. 39; and 2.5 Monitoring, International Organization of Supreme Audit Institutions (INTOSAI), the Guidelines for Internal Control Standards for the Public Sector, 16 October 2004, p. 41)

252
1. Nature and Purpose of Review

Bureau, Regional, District, Operating and Support Offices/Units
1) Performance review of operations, processes and activities; and 2) Compliance review of operations, processes and activities.
Undersecretary and Assistant Secretary
Internal Audit Service
1) Monitoring internal control 1) Appraise whether inactivities are applied at all ternal control compolevels within and across nents are well dethe agency and sector. signed and properly implemented; and
2) Evaluate whether internal control objectives are achieved.

253
2. Scope, Coverage, and Frequency of Review

Bureau, Regional, District, Operating and Support Offices/Units Undersecretary and Assistant Secretary Internal Audit Service
1)Performance is reviewed 1) Require the submission of 1) Determine the degree on a regular basis. If reports; of compliance with actual accomplishments laws, rules, policies do not meet established 2) Conduct performance evaand constitutional objectives or standards, luation and inspection to obligations; the processes and acdetermine compliance with tivities established to policies, standards and 2) Evaluate the control achieve the objectives guidelines of the departeffectiveness of operashould be reviewed to ment; ting systems and determine if improvesupport systems for a ments are needed; specific period or date;

254
2. Scope, Coverage, and Frequency of Review (Continuation)

Bureau, Regional, District, Operating and Support Offices/Units 2) Operations, processes and activities are periodically reviewed to ensure that they are in compliance with current regulations, policies and other requirements; and 3) Monitor and control implementation of operating and support systems. Undersecretary and Assistant Secretary Internal Audit Service
3) On-going monitoring 3) Evaluate whether opeand on a real-time rations are conducted basis; and effectively, efficiently, ethically, and econo4) Ingrained in the operamically; and tions. 4) Takes place after the fact and covers a complete cycle of operations.

255
3. Actions To Be Taken
Bureau,Regional,District, Operating and Support Offices/Units Undersecretary and Assistant Secretary Internal Audit Service
1) Institute process im- 1) Oversee all the operational 1) Advise/report to the provements to meet activities and shall be Department Secreobjectives or standards responsible to the Sectary or the Audit to achieve efficiency retary/; Committee of the and effectiveness in Governing Board all operations; 2) Coordinate the programs and matters relating to projects and be responsible management con2)Institute process imfor its economical, efficient, trol and operations provements to achieve ethical and effective adaudit; and compliance with regulaministration; and tions, policies and 2) Recommend realisother requirements in tic courses of acoperations; tion.

256
3. Actions To Be Taken
Bureau, Regional, District, Operating and Support Offices/Units
(continuation)
Undersecretary and Assistant Secretary
Internal Audit Service
3) Develop new or improved 3) Take such actions as methods, measures and may be necessary for other support systems the proper performance and processes; and of official functions, including rectification of 4)Conduct trainings and violations, abuses and provide staff supervision other forms of malon the application of new administration. or improved methods, measures and other support systems and processes.
Thank you!
257

Presentation 2012

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Presentation 2012

Încărcat de

Drepturi de autor:

Formate disponibile

National Guidelines on Internal Control System (NGICS)

Office of the President

Office of the President

Government Auditing Code of the Philippines, as amended, 11 June 1978)

Office of the President

2. Adequate Internal Control System

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

4. National Guidelines on Internal Control Systems

Office of the President

Office of the President

Office of the President

3. COA Guidelines on Internal Control

Office of the President

Office of the President

Office of the President

5. Internal Controls are Management Controls

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

(Manhit vs. Office September 2007)

Office of the President

Office of the President 26 Internal Audit Office

[Olaguer vs. Domingo, G.R. No. 109666, 20 June 2001]

Office of the President 27 Internal Audit Office

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President 39

3. Adhere to Managerial Policies

Office of the President 40

Office of the President 41

Gangan, G.R. No. 126557, 6 March 2001]

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

Office of the President

3. Adhere to Managerial Policies 3.17. SEC. 18. Bureau of Maintenance. x x x

Office of the President

Office of the President

3. Adhere to Managerial Policies 3.19. SEC. 19. Bureau of Equipment. x x x

Office of the President

3. Adhere to Managerial Policies