Erana Research
Erana Research
Erana Research
MIVY PUNAY
https://orcid.org/0000-0002-4309-2633
punymivy@gmail.com
Mountain View College, Mt. Nebo, Valencia City, Philippines
ABSTRACT
9
SMCC Business Administration Journal
researchers used descriptive research methods to determine and analyze the evaluation
of internal control systems. The study employed the purposive sampling technique.
The Seventh-day Adventist hospitals were selected based on the existing hospitals in the
South Philippine Union Conference. All four (4) hospitals currently operating within
the South Philippine Union Conference became the subject of this study.The findings
of the study revealed that the control environment, risk assessment, control activities,
information and communication, and monitoring were found to be slightly strong
implemented. It indicates that there is still space for improvement. It was recommended
that hospitals enhance their internal control policies and procedures, increase the level of
implementation to improve and strengthen the adequacy and soundness of the internal
control systems. Moreover, create and establish an internal control systems committee
composed of competent and trustworthy employees chosen among the respective
groups of respondents.
KEYWORDS
INTRODUCTION
10
Peer Reviewed Journal
FRAMEWORK
11
SMCC Business Administration Journal
control policies and procedures based on the COSO’s five elements of internal control
to meet internal control objectives.
The five elements of internal control include control environment, risk assessment,
control procedures, information, and communication, monitoring.
Risk Assessment
Risk assessment challenges that most organizations face include changes in the
operating environment. Changes in customer requirements are the rapid growth of
the enterprise or restructuring of the company, changes in technology, competitive
threats, regulatory changes, economic factors, adoption of new accounting principles,
or changing accounting principles, etc. It is the management’s responsibility to identify
such risks and to control them to enable the organization to achieve its objectives.
12
Peer Reviewed Journal
Control Activities
According to Boynton & Johnson (2006), the fourth element, control activities,
is the policies and procedures that ensure that management directives are carried out.
They also help ensure that necessary actions are taken to address any risks that threaten
the organization’s objectives.
Control activities occur throughout the organization, at all levels, and in all
functions. They include a range of supervision, performance reviews, information
processing, physical controls, and segregation of duties (Boynton & Johnson,
2006).
Supervision
Dascălu & Nasta (2015) emphasized that competent supervision ensures that
internal control objectives are achieved with supervision. Assigning, reviewing,
and approving an employee’s work encompasses clearly communicating the duties,
responsibilities, and accountabilities assigned to each staff member; systematically
reviewing each member’s work to the extent necessary; approving work at critical points
to ensure that it flows as intended.
A supervisor’s delegation of work should not diminish the supervisor’s accountability
for these responsibilities and duties. Supervisors also provide their employees with the
necessary guidance and training to ensure that errors, waste, and wrongful acts are
minimized, and that management directives are understood and achieved.
Performance reviews
These control activities include reviews and analyses of actual performance versus
budget forecasts and prior period performance, relating different sets of data to one
another, together with the analyses of the relationships and investigative and corrective
actions (Salosagcol et al., 2018).
Information Processing
Various controls were performed to check accuracy, completeness, and authorization
of transactions (Salosagcol et al., 2018).
Physical Controls
These activities encompass the physical security of assets, including adequate
safeguards such as secured facilities over access to assets and records; authorization for
access to computer programs and data files; and periodic counting and comparison with
amounts shown on control records (Salosagcol et al., 2018).
Assets and vital records should have limited access in the organization. Such controls
reduce the risks of theft, misappropriation of the organization’s property. Direct entry
and indirect access should be limited to authorized personnel.
13
SMCC Business Administration Journal
Segregation of duties
Boynton et al. (2001) indicated that “segregation of duties involves ensuring that
individuals do not perform incompatible duties.” The authors also state that “duties are
considered incompatible from a control standpoint when an individual can commit an
error or fraud and then be in a position to conceal it in the normal course of his or her
duties” (p. 336).
Monitoring
The last component of the internal control enables the management to gather
feedback on how effective internal control policies and procedures are. The feedback is
then used for the improvement of the internal control systems. The management and
internal audit supervise this component.
The main purpose of this study was to evaluate the internal control policies,
procedures, and practices of Seventh-day Adventist hospitals in the South Philippine
Union Conference.
METHODOLOGY
Research Design
The researchers used descriptive research design by Creswell (2016) to determine
and analyze the evaluation of internal control systems of Seventh-day Adventist hospitals
in the South Philippine Union Conference.
14
Peer Reviewed Journal
Table 1 shows the four (4) hospitals within the South Philippine Union Conference.
The respondents were selected purposively using the following criteria: they should be
working in the finance office or accounting office (Sundalangi, 1991).
Research Instruments
Data were collected using standardized questionnaires because it allows the
researchers to reach a large sample within a limited time. Borg et al. (1993) observe that
questionnaires are used to obtain descriptive information from a larger sample.
The researchers used structured questionnaires to collect data. The structured
questionnaire included the Likert rating scale method as they are easy to complete and
do not put off respondents. It also helped the researchers compare responses given to
different items and minimize subjectivity and use quantitative analysis (Mugenda &
Mugenda, 2003).
15
SMCC Business Administration Journal
After the data were analyzed, each respondent of the hospitals receives a copy of the
abstract. If they are interested in greater detail, an electronic copy (e.g., pdf ) was made
available.
16
Peer Reviewed Journal
and practicing high standards of ethical behavior.” This indicates that Seventh-day
Adventist hospitals in the South Philippine Union Conference practice Christian values
in the organization. Most of the respondents have a strong commitment to their beliefs
as Seventh-day Adventists.
In addition, Risk assessment is an ongoing process to identify, analyze, and manage
risk. Management needs a plan to identify both external and internal risks. The plan
will help management understand how those risks affect their activities, assess their
significance, manage their effect, and provide continuous monitoring. Risk identification
can often be integrated with an organization’s planning activities (Mishra, 2019).
The respondents’ perception in subject hospitals on risk assessment with a mean
of 4.13 is verbally interpreted as slightly strong. This indicates that management of
the subject hospitals do give enough attention to technology issues and appropriately
address those issues, approved and document systems software changes, plan for new
programs, periodically measure objectives, and are concerned for rapid growth.
Organizations, whether they are hospitals or not, face risks from within and from
outside the organization. Ignoring risks will not prevent them from happening. From
within, the risk may arise from sources such as employees, students, or pupils. Employees
can commit errors or fraud. Employees may collude and misappropriate assets. If errors
can be reduced and even avoided through competent and capable employees, fraud
can only be solved if employees are honest and have good values. Management needs
to be aware of these realities and emulate an environment conducive to strong positive
Christian values (Mwambazambi & Banza, 2014).
On the other hand, Control activities are the internal policies and procedures that
help ensure management directives are carried out. They help ensure necessary actions
are taken to address risks to achieve the entity’s objectives. Control activities occur
throughout the organization, at all levels, and in all functions.
Control activities achieved the lowest mean of 4.03 among the five components
of internal control. However, it still belongs to the interpretation ‘slightly strong’ just
like the rest. This indicates that the management of subject hospitals gives attention to
supervision, segregation of duties, and safeguarding of assets (Ndege, 2016).
Also, Information and Communication pertinent information must be identified,
captured, and communicated in a form and time frame that enables people to carry
out their responsibilities. Information systems deal with internally generated data and
information about external events, activities, and conditions necessary to both informed
business decision-making and external reporting (Salamai, 2019).
The respondents’ perception of information and communication in the subject
hospitals has a mean of 4.10 and is verbally interpreted as “slightly strong.” This
indicates that respondents’ do see a clear picture of information and communication
in their organizations. The respondents believe that the hospital can prepare timely
and accurate financial reports, give adequate information to complete their job
responsibilities, convey a clear understanding of the respondents’ roles in the control
17
SMCC Business Administration Journal
system, and generate sufficient reports to properly manage the institution (Coller et al.,
2018).
On the other hand, monitoring is the review of an organization’s activities and
transactions to assess the quality of performance over time and determine whether
controls are effective. Management should focus monitoring efforts on internal control
and the achievement of the organization’s mission. For monitoring to be most effective,
all employees need to understand their mission, objectives, risk tolerance levels, and
responsibilities (Buchanan & Huczynski, 2019).
The respondents’ perception of monitoring has a mean of 4.15. It is verbally
interpreted as “slightly strong.” It indicates that management takes adequate actions
to correct deficiencies reported by the General Conference Auditors Service; policies
or procedures are in place to assure that corrective actions are taken on a timely basis
when control exceptions occur. Procedures are in place to monitor when controls are
overridden; procedures determine if the override is appropriate; procedures require that
management review control processes to ensure that the controls are being applied as
expected. Management understands and monitors the broad organizational control
environment; internal control is monitored by management through ongoing efforts;
management takes proper actions to address monitoring results (Alles et al., 2018).
CONCLUSION
Based on the findings, the study revealed that the control environment, risk
assessment, control activities, information and communication, and monitoring
were found to be slightly strong implemented. It indicates that there is still space for
improvement. It should be clear how important internal control is to all businesses,
regardless of size. The result is supported by COSO (2004), who stated that an effective
internal control system allows a business to monitor its employees. Moreover, the
management is responsible for designing internal control policies and procedures based
on the COSO’s five elements of internal control to meet internal control objectives.
RECOMMENDATIONS
The researchers recommended that hospitals enhance their internal control policies
and procedures and increase the level of implementation thereof by doing the following:
1. Improve and strengthen the adequacy and soundness of the internal control
systems of the hospitals.
2. Create and establish an internal control systems committee composed of
competent and trustworthy employees chosen among the respective groups of
respondents.
3. Consider ethical values and integrity when dealing with employees.
4. Make job descriptions available for all employees regardless of their position,
18
Peer Reviewed Journal
and each administrator should keep a copy of the job description. A code of
conduct or code of ethics should also be available for all employees.
5. Train employees on a regular basis to help them improve their competence and
skills.
6. Communicate the organizations’ mission clearly to all employees as often as
possible.
7. Implement segregation of duties strictly and make sure that jobs are rotated.
8. Monitor the entire internal control systems regularly by the committee.
LITERATURE CITED
Alles, M., Brennan, G., Kogan, A., & Vasarhelyi, M. A. (2018). Continuous Monitoring
of Business Process Controls: A Pilot Implementation of a Continuous Auditing
System at Siemens1. In Continuous Auditing. Emerald Publishing Limited.
Retrieved on March 10, 2020 from https://bit.ly/3fIvSb1
Borg, W. R., Gall, J. P., & Gall, M. D. (1993). Applying educational research: A practical
guide. Retrieved on March 10, 2020 from https://bit.ly/3fIZ0Pc
Boynton, W. C., & Johnson, R. N. (2005). Modern auditing: Assurance services and
the integrity of financial reporting. John Wiley & Sons. Retrieved on March 10,
2020 from https://bit.ly/3cQ68Yc
Boynton, C. W., Johnson N. R., & Kell, G. W. (2001). Modern Auditing, (7th ed.).
New-York: John Wiley & Sons, Inc.
19
SMCC Business Administration Journal
Cohen, A., & Sayag, G. (2010). The effectiveness of internal auditing: an empirical
examination of its determinants in Israeli organisations. Australian Accounting
Review, 20(3), 296-307. Retrieved on March 10, 2020 from https://bit.
ly/3cPCemW
Colbert, J. (1996). A comparison of internal controls: COBIT, SAC, COSO and SAS
55/78. IS Audit & Control Journal, 4, 26-35. Retrieved on March 10, 2020 from
https://bit.ly/2PTBRyN
Coller, G., Frigotto, M. L., & Costa, E. (2018). Management control system and
strategy: the transforming role of implementation. Journal of Applied Accounting
Research. Retrieved on March 10, 2020 from https://bit.ly/3fQs5bP
Dascălu, E. D., & Nasta, L. (2015). Managerial Accountability--a Key Factor in the
Implementation of Internal Control Systems. Ovidius University Annals, Series
Economic Sciences, 15(2). Retrieved on March 10, 2020 from https://bit.
ly/3cQ9t9G
Goleman, D., Welch, S., & Welch, J. (2012). What makes a leader? (pp. 93-102).
New York: Findaway World, LLC. Retrieved on March 10, 2020 from https://bit.
ly/2QZjAAz
Lainhart IV, J. W. (2000). COBIT [TM]: A methodology for managing and controlling
information. and information technology risks and vulnerabilities. Journal of
Information Systems, 21-21. Retrieved on March 10, 2020 from https://bit.
ly/3wy5LcD
Mishra, B. K., Rolland, E., Satpathy, A., & Moore, M. (2019). A framework for
enterprise risk identification and management: the resource-based view. Managerial
Auditing Journal. Retrieved on March 10, 2020 from https://bit.ly/3rNayU4
20
Peer Reviewed Journal
Salamai, A., Hussain, O. K., Saberi, M., Chang, E., & Hussain, F. K. (2019).
Highlighting the importance of considering the impacts of both external and
internal risk factors on operational parameters to improve Supply Chain Risk
Management. IEEE Access, 7, 49297-49315. Retrieved on March 10, 2020 from
https://bit.ly/2R4R2pj
Salosagcol, J., Tiu, M., & Hermosilla, R. (2018). Auditing Theory: A Guide in
Understanding the Philippine Standards on Auditing.Philippines. GIC Enterprises
& Co., Inc
Schneider, A., Gramling, A. A., Hermanson, D. R., & Ye, Z. S. (2009). A review of
academic literature on internal control reporting under SOX. Journal of Accounting
Literature, 28, 1. Retrieved on March 10, 2020 from https://bit.ly/39NK5jc
Warren, S. C., Reeve, M. J., & Fess, E. P. (2005). Accounting, (21st ed.). Singapore:
Thomson South-Western.
21