Objectives of an Entitys Internal Control System - Essay Example

Internal Control Deficiencies (Emerald Fitness Studio) Contents Internal Control Deficiencies (Emerald Fitness Studio) 4 1.0 Introduction 4 2.0 Risk-based Audit and its Application in Emerald Fitness Studios 4 3.0 Objectives of an Entity’s Internal Control System (ICS) 6 4.0 Elements of an Internal Control System 7 5.0 Roles of Directors and Statutory Auditors in ICS and Risk Management 8 6.0 Internal Control Deficiencies in Emerald Fitness Studios 9 7.0 Conclusion 11 8.0 References 12 Internal Control Deficiencies (Emerald Fitness Studio) 1.0 Introduction Statutory auditing is an assessment process that public companies undertake because it is a requirement of the law. Most statutory auditors conduct a risk-based assessment process, which involves studying their client’s environment, determining risks, and formulating a plan to deal with those uncertainties (Porter, Simon, & Hatherly, 2014). Auditors then study the internal control system of the organization when they finish identifying risks: this system is made of procedures that help to prevent errors, protect assets, and guarantee compliance with public laws. The accountants ensure that this system has all components and that it functions efficiently. This paper will study risk-based auditing and assess the objectives and elements of internal control system while making reference to Emerald Fitness Studios. 2.0 Risk-based Audit and its Application in Emerald Fitness Studios Risk-based auditing is a review whereby the auditor concentrates on the risky areas of a business (Gray, & Manson, 2011). The auditor uses more resources to assess the risky areas more than the non-risky areas of a business. This form of auditing takes place in three stages that include: comprehending of an organization’s environment and processes, identifying risks and their impacts, and then concluding on those risks. The first stage of risk-based auditing involves understanding the environment of a business. The environment includes the daily activities and processes that take place in the organization (Ricchiute, 2003); for example, selling is a process that takes place in an organization on a daily basis. The auditor studies this activity from when a customer orders a product to the time that client receives that good and pays for it. In the case of Emerald Fitness Studios, the auditor should spend the day understanding the activities that the accountant, technicians, instructors, and the manager undertake. This means that the auditor has to spend some evenings in the office to relate with the accountant’s duties because the accountant works at night at the back office. The second stage of risk-based assessment involves identifying risks and their impacts to the organization’s records and going concern (Ricchiute, 2003). This is because all organizations operate in a setting that is filled with uncertainties. The statutory auditor of EFS should identify the uncertainties that the organization faces; for example, the organization faces compliance, operational, and financial uncertainties. The statutory accountant should then determine the effects of the occurrence of these risks on the organization. For example, the loss of the accountant as an employee of the organization would mean that the company would spend time looking for another worker. The happening of the financial risk would lead to significant losses for the organization (Taylor, & Osborne, 2013). The auditor of EFS would draw a plan of how to address the risks; for example, the accountant would indicate the tests that would be done on financial statements to identify errors and frauds. The last step of this form of auditing involves making conclusions about the uncertainties that the organization faces. The accountant concludes on the impacts of the risks to the books of account of the company and then designs a plan of dealing with the threats during the auditing process (Chorafas, 2002). 3.0 Objectives of an Entity’s Internal Control System (ICS) The internal control system or an organization consists of procedures and resources that a business implements to ensure that the organization meets its objectives, complies with laws, and detects errors and frauds early (AAT, 2012). The main objective of ICS is to ensure that an organization’s accounting records are correct, accurate, and completed on time. Accuracy means that the statements are free of frauds and errors of omission and commission (Cosserat, & Rodda, 2012). The timely preparation of financial statements, on the other hand, means that the income statement, balance sheet, and other records are prepared at the exact end of every financial year. Internal controls also aim at protecting the assets of a company; these include buildings, machinery, and stock. The control ensures that these items are stored in good condition and in a safe place that is free from theft. The systems also protect assets by ensuring that workers do not misuse them (Gray, & Manson, 2011). ICS also aim at ensuring that a company conforms to all government regulations and policies, and that workers comply with the organization’s rules (AAT, 2012). This objective of internal control guarantees an organization’s continuity of operations; because it protects businesses from severe consequences. For example, the failure to comply with state rules may lead to the closure of a company. Internal control system also aim at identify fraud and errors as soon as they occur in the financial statements; and making sure that resource are used for the right purpose in an economical way (Chorafas, 2002). Auditors have to be keen when studying the ICS of a company to make sure that managers have implemented procedures that help in identifying errors. For example, the internal control of a company may require the company’s internal auditor accesses accounting records regularly before they are handed over to the management and the external auditor. The internal auditor’s regular assessments enable the company to discover fraud and errors on time. 4.0 Elements of an Internal Control System The internal control system is made up of five components that include monitoring, risk assessment, control activities, control environment, and information system. The control environment is the largest components and it is consists of communication in the company, human resource policies, ethical guidelines, operating style of a company, and the authority and structure of a company (Porter, Simon, & Hatherly, 2014). An auditor should ensure that a company follows ethical guidelines in its processes, hires eligible workers, and has efficient recruitment, promotion, and training guidelines. The next element of the system is the risk assessment system, which identifies the uncertainties that an organization is exposed to (Taylor, & Osborne, 2013). Statutory accountants must ensure that an organization has a system of identifying risks and determining their impacts, and that the system is in full operation. The auditor also needs to assess if there are any risks that the system of the company has not identified and the reasons for this discrepancy. Control activities, on the other hand, consist of procedures that an organization implements to deal with the risks that the business faces (Cosserat, & Rodda, 2012). For example, a company may have a system of segregating duties and rotating employees to ensure that a worker does not perform one function for a long time. Supervision of stock taking process is another procedure that an auditor must ensure is in operation (Ricchiute, 2003). The monitoring element of internal control system is made of the structure that a company puts in place to ensure the ICS is working efficiently, for example, internal auditing department (Ricchiute, 2003). The last element of the system is the information system that a company uses to prepare and record financial statements. An auditor needs to understand the system of recording transactions as they occur; for example, the accountant may study the ledgers of a company and understand how transactions are recorded in them. The accountant must ensure that a company’s information system records transactions in conformity with International Standards of Accounting (Taylor, & Osborne, 2013). 5.0 Roles of Directors and Statutory Auditors in ICS and Risk Management Directors are in charge of identifying the risks that their organizations face and the impacts of those uncertainties (Gray, & Manson, 2011). This means that managers may employ experts who may help them in foreseeing uncertainties and measuring their effects in case they occur. The leaders then set up a system of dealing with those risks when they take place; for example, they may insure their business against financial losses. The managers of an organization are also responsible for formulating the internal control system that safeguards their company. The directors acquire an information system and formulate activities that take place with the aim of safeguarding the company’s financial statements, assets, and resources (Chorafas, 2002). The directors also install a system of monitoring the internal control, for example, they set up the internal auditing department in the business. This means that managers have also to ensure that the structure they set up operates efficiently. Statutory auditors, on the other hand, have a duty of assessing the risk management system of a company and ensure that it is efficient and complete. The accountants analyze a business and determine the risks that it faces, and then they match their results with the company’s system (Taylor, & Osborne, 2013). This process ensures that an organization has not omitted any significant risk that it faces and that all risks are accounted for in terms of impacts and control. Auditors are also in charge of reviewing the ICS that the management puts in place and ensure that it is valuable (Ricchiute, 2003). These individuals also ensure that the ICS functions efficiently and that any problems that it experiences are solved by the management swiftly. For example, statutory auditors check on the internal auditing department and certify that it is performing its activities as stated in the ICS map. 6.0 Internal Control Deficiencies in Emerald Fitness Studios Deficiency 1: The Company lacks a control process of segregating accounting duties. The accountants of all the five studios carry out both accounting and payroll activities. The accountants are also not monitored when carrying out their functions because they work at night when no one else is in the office. Impact: The accountants may manipulate the financial statements and defraud the company. For example, the accountants may prepare payrolls for dummy employees and then receive and keep the money without the knowledge of the management (Cosserat, & Rodda, 2012). This may lead to huge financial losses for the organization especially if every accountant does this dubious act. Recommendations: The management should employ additional staff and assign each employee a different duty from the others. For example, one employee should record transactions in the general ledger while the other one prepares the final statements. The payroll duties should also be divided between two or three new employees. Deficiency 2: The organization lacks a system of managing inventory, for example, there are no stock taking and ordering procedures. Impact: Employees may be stealing stock from the company leading to huge financial losses. Recommendation: Emerald Fitness Studios should install a system of monitoring stock; for example, the manager should schedule procedures for taking stock count every week. The physical stock in the company should also be compared with that recorded in the general ledger during the stock taking process (Porter, Simon, & Hatherly, 2014). Deficiency 3: Emerald Fitness Studios lack an organization structure and there is no exercise of authority; for example, employees do not report to anyone when they arrive at work. Impact: the organization could be experiencing high rates of absenteeism. The company then pays workers high salaries for work that they did not do. Recommendation: The manager should introduce a system of reporting to work, for example, by introducing clock cards where workers record their daily arrival and departure times (AAT, 2012). Deficiency 4: The organization has not identified the risks that it faces; therefore, there is lack of a risk management process. Impact: The organization could face severe losses when a risk such as that of a great financial loss takes place. The occurrence of this uncertainty would even lead to the closure of the company. Recommendation: the management should hire an expert who may help in identifying risks and putting up a system that manages all the risks (AAT, 2012). This will avoid the above dire consequences. 7.0 Conclusion Accountants carry out risk-based auditing with the aim of identifying all uncertainties that an organization faces and then planning the audit based on the risks. This form of auditing helps auditors to avoid the risks that they face when carrying out their duties. Accountants have to study the internal control of an organization before beginning their assessment. This is the system that directors set up to detect fraud and errors, safeguard assets, ensure compliance with government laws, and ensure financial statements are accurate. The system consists of the business environment, monitoring, activities, and risk assessment. Emerald Fitness Studios lack an efficient ICS system because there is no segregation of duties, protection of assets, or risk assessment. The management should ensure that the company installs a system that segregates duties, protects assets, and assesses and manages risks. 8.0 References Association of Accounting Technicians, AAT, 2012. External auditing. London: BPP Learning Media Ltd. Chorafas, d. N. 2002. Implementing and auditing the Internal control system. Houndmills: palgrave. Cosserat, G. W., & Rodda, N., 2012. Modern auditing. Chichester: John Wiley and Sons. Gray, I., & Manson, S. 2011. The audit process: Principles, practice and cases. Andover: Cengage Learning. Porter, B., Simon, J., & Hatherly, D. J. 2014. Principles of external auditing. Hoboken: Wiley. Ricchiute, D. N. 2003. Auditing and assurance services. Mason, Ohio: South-Western College Publishing. Taylor, J. R., & Osborne, J. 2013. Auditing. Worcester: Osborne books limited. Read More