In the high-stakes world of institutional leadership, few roles demand as much precision—and influence—as internal auditing. For Benedict Bombaes, a Certified Internal Control Auditor (CICA), his journey from academic dean to Head of Internal Audit at Aklan State University wasn’t just about catching mistakes—it was about rewriting the rules of governance itself.
With decades of experience in both public and private sectors, Bombaes didn’t merely enforce compliance; he transformed internal controls into a dynamic force that strengthened risk management, streamlined operations, and earned trust across every layer of leadership.
When he took over, Aklan State University was operating with outdated systems. Financial processes were riddled with irregularities—disbursements lacked proper oversight, procurement cycles dragged on without clear accountability, and compliance with Philippine government audit standards (like the Revised Philippine Government Internal Audit Manual, or RPGIAM) felt inconsistent at best.
But Bombaes didn’t start by pointing fingers. Instead, he adopted a bold strategy: he turned internal controls into a strategic asset. His first move? Implementing a risk-based framework, where every control was evaluated not just for its technical soundness but for its real-world impact.
“We didn’t just find problems; we turned them into opportunities to improve governance,” Bombaes explained in an interview. When auditors flagged student loan defaults due to unclear repayment terms, he restructured policies with shorter deadlines tied to academic milestones. When irregular fund transfers surfaced, he tightened oversight in procurement—reducing waste by 30% within months, as he later shared during a presentation on institutional reform.
The turning point came when Bombaes didn’t just report problems but created a system to prevent them. He drafted an Internal Audit Charter for the university, formalizing roles and accountability under the Internal Auditing Standards for the Philippine Public Sector (IASPPS). This wasn’t paperwork—it was a blueprint for how internal controls would evolve. Alongside this, he established a continuous monitoring system, leveraging data analytics to flag anomalies in real time—like unauthorized access to financial systems or duplicate transactions.
“The best internal controls aren’t just about catching mistakes; they’re about building systems that prevent them,” Bombaes emphasized during a panel discussion on governance innovation. His team didn’t just audit; they became strategic advisors, using clear visual reports to translate complex findings into simple insights for non-auditors. “If you can’t explain a recommendation simply,” he often said, “it’s not effective.”
The certification that cemented his expertise—the Certified Internal Control Auditor (CICA) designation—wasn’t just a credential; it was the foundation of his credibility. Earning this mark required deep mastery of frameworks like COSO and COBIT, as well as real-world application in both public and private sectors. Bombaes recounted how the certification helped him navigate complex compliance challenges, particularly when aligning internal controls with RPGIAM’s strict requirements.
“Certification isn’t just about passing an exam; it’s about committing to a higher standard,” he reflected during a recent interview. “It’s about lifelong learning in risk management.” The CICA designation validated his expertise in designing governance systems that aligned with regulatory requirements while adapting to the university’s unique challenges—like managing multiple campuses remotely.
Today, Aklan State University stands as a testament to what happens when internal controls are treated as more than just compliance checks. Under Bombaes’ leadership, compliance improved by 40%, operational efficiency surged as duplicate processes were eliminated, and risk exposure decreased dramatically. But the real victory was the university’s internal audit function itself: no longer seen as a reactive function, it became a driver of innovation.
“Internal audit isn’t just about auditing; it’s about leadership,” Bombaes often said during his talks on institutional reform. In an era where cyber threats, regulatory changes, and AI-driven fraud are constant challenges, Bombaes’ story is a reminder that the best internal controls don’t just prevent problems—they turn them into opportunities. With his CICA certification as proof of his commitment to excellence, he’s not just auditing a university; he’s shaping the future of governance itself.
