Implementing and Maintaining Internal Control - Assignment Example

Running Header: Implementing and Maintaining Internal Control Student’s Name: Instructor’s Name: Course Code & Name: Date of Submission: Implementing and Maintaining Internal Control Assignment 2 1. Define internal control. Internal control procedures may be defined as the processes that range from giving a closer look to front-line controls that range from planning to training, from information flows to processes of reviewing a firm. The Committee of Sponsoring Organizations of the Trade way Commission ,gives a comprehensive definition of internal control as a process which is mainly effected by an organization’s board of directors, management as well as other personnel and designed to provide the necessary assurance in regard to ensuring that the laid down objectives such as Effectiveness and efficiency of any operation, reliability of financial reporting as well as compliance with necessary laws and regulations are achieved. It is therefore imperative to ascertain that the processes and procedures of internal control are a representation of an important section of procedures of corporate firms, thus forming an important part of an organization moreover; good governance of a corporate entity solely relies on internal control. 2. Why would management implement accounting controls? This is so because all the principles of good governance have a strong binding on corporate entities. Internal control processes and procedures are an integral part in a business organization, whether partnership or in a non-profit business entity as well as a corporate entity (Carter 24). It is imperative that stakeholders funds are protected taking into consideration their huge number in a corporate entity where majority of them do not participate in the management of the firm. This is one of the important reasons why corporations’ laws and other related legislations have put in place necessary codes for internal control and corporate governance requirements. Individuals in charge of carrying out internal control are mandated to be independent from other individuals, particularly in decision making and carrying out operations. Name specific features of a good system of internal control Characteristics of internal control process and corporate Governance are unique and there exists specific features that a good system of internal control ought to posses. Internal control process should ensure that all the laid down policies and communication objectives are met. The overall processes of internal control are given ample reviews. Since Internal control is an important organ, it must be able to follow and meet the following features; capability, accountability, commitment and must monitor all the required procedures. Furthermore, the internal control procedures must be in the front line, in matters of controls in any corporate organization (Trenery, 15). 3. What responsibilities does management have in maintaining accounting records and how would internal controls assist in producing the records? It is the role of management and directors to take great care to put in place and maintain controls and systems as well as sufficient records (accounting records) that are appropriate to the scale, nature and complexity of its business. The board of an organization is mandated to carry out specific exercises that take place annually in order to make statements annually. After finishing an internal control evaluation at the entity level, the accounting system of the organization becomes more focus on evaluation of internal control over financial reporting. This way the internal controls assist in producing the records. Internal auditing team is given unrestricted access to every record in order to ascertain that there are no misleading or false statements. This assists in maintaining account records which accurately and fairly show every transaction and which allow preparation of necessary financial records. Additionally, the accounting controls are mostly directed at recording and classifying since the main source document is the cash receipt. The main accounting control is necessity to combine the physical receipts of cash from the role of classifying and recording these transitions. 4. When the auditor examines the internal controls of a system, what factors should be considered when assessing the effectiveness of those controls? The basic internal requirements of an internal control that is widely expected in any reliable business structure are as follows: The management system of any organization is obliged to maintain that the sound system of internal control is fully met so that the owners’ investments and business assets are safeguarded (Trenery, 60). Those in the management part of an organization should ensure that they carry out a review of how effective the business’ system of internal control is. The management can carry out reviews on all controls, which may put into considerations all financial, operational and compliance controls as well as risk management. Internal control should be incorporated in business processes in such a way that a corporate firm can pursue its objectives and it should be flexible in the ever changing business environment. The particularity of any business organization should be put into consideration while establishing an internal control so that it takes care of the unique business circumstances. The management system of any organization should review the implementation of the requirements of internal control and meet its reporting obligations. A risk-based approach should be adopted by the management of an organization so that a sound system of internal control is achieved as well as conducting a review on its effectives. The management is mandated to ensure that this approach is incorporated in the management system and in an organization’s governance system. Internal control should ensure facilitation of the effectiveness and the efficiency of all operational activities in order to ensure that the internal and external reports and assist in ensuring that all the necessary laws and regulations are adhered to. Earlier discussion in this paper highlights the role played by the board of directors in regard to the internal control. It is also of paramount necessity that the board of directors should in the fore front in setting necessary policies on internal control and further ensure that regular assurance that will effectively monitor the normal functioning of the internal control in meeting its objectives, in regard to the risk management in the approved manner. Factors to Consider in determining internal control policies When determining its policies in the internal control, the following factors are to be considered; Evaluating the risks that are encountered by the company. Assessing the risks involved in relation to the acceptable level. Likelihood of the risks materializing; The ability of the corporate firm to hinder the occurrence of those risks and their effect on the business; and lastly Evaluating the costs of controls and its relative benefits; Factors to consider in the maintenance of an effective internal control It is imperative to ascertain that the management plays an integral part in implementing the policies of the board of directors in regard to the risks and control. In order to fulfill the responsibility accorded to it, the management needs to identify and assess the risks encountered by the company and table them to the board and design, operate and monitor a relevant system of internal control which is mandated with the implementation of policies that are to be adopted by the board of directors. In order to maintain a sound system of internal control, the implementation stage plays an important role. This implies that once a system is effectively implemented, the board of directors, or if need be, the management is obliged to lay down the relevant policies concerning the internal control and strive to seek regular assurance that are necessary in satisfying the effective functioning of the organization. According to (Trenery 15), the following are the factors to be considered while maintaining a sound system of internal control; The nature extent of the risks that are likely to be encountered by the company; The extent and categories of risk that it views as being acceptable for the business firm to handle; The prevalence of the risks concerned ever taking place Assessment of the ability of the company to cut some of the happenings and effect on the business of risks that are to take place; Costs of operating particular controls that are related to the benefit that are ultimately achieved in the management of the related risks. 5. Discuss the importance of segregation of functions. Give a practical example of a possible outcome if segregation is not implemented. It is very critical to have duties within any institution segregated, the main advantage of duty segregation is that it makes the risks of making mistakes less; it also discourages actions which are not appropriate. When duties are segregated there is minimal occurrence of fraud cases as well as collusion among the employees. Segregation happens mainly in approval, the section of accounting and the asset custody. A good example is when control is made by one personnel there is a high chance of document forgery and other cases of fraud. Assignment 3 1. State the important steps involved in the implementation procedure for setting accountabilities and responsibilities. Accountability and responsibility is a vital element within control of an organization. The first major step is beginning with team building; this ensures that a well set team is ready to work together and maintain the proper running process of an institution. This is followed by setting specific achievable goals, and then the entire implementation process must be well defined. Another important step is offering training to all administrators to ensure competitiveness as well as maintaining high level of responsibility. Accountability is a must if the implementation process has to be successful. 2. How does an increased commitment of employees contribute towards implementation of an effective internal control system? It is worth noting that it is not only the responsibility of the management and the board of directors in ensuring that the internal control is effective, but all the employees in a given business entity have a role to play in regard to the effectiveness of the internal control. Every employee should have knowledge on the goal of the organization and his/her role in achieving these goals since effective internal control rely on the full participation of all staff at every level. Professional integrity and competence of employee are major parts of an effective internal control system. Employees can aid to offering assurance that internal control systems are operating in an adequate way by understanding their responsibilities. A vital aspect of internal control is personnel. Trustworthy, competent employees are vital to provide effective control. Employees and managers who have a clear understanding of internal control and are willing to take responsibility, are important to effective internal control system. 3. List any four incentives or reward programs for increasing employee commitments. Therefore, in order for the achievement of an effective internal control, everyone has the capacity to have necessary knowledge, relevant skills, necessary information and authority to foster establishment, operate and monitor the system of internal control which includes comprehension of the company, its objectives, the industries and the markets in which it has its operations as well as the risks the company is likely to encounter. List of reward programs: i. Bonus program that reward individual achievement. ii. Stock option initiative offers an employee the chance to purchase a particular number of a company shares at a set price. iii. Program on profit sharing is a plan of developing a pool of money to be disbursed to workers by taking an agreed percentage of organisation’s profits. iv. Offering healthcare benefits to active employees. 4. List any four factors to be considered when maintaining a sound system of internal control. For an effective internal control, every person has the duty of having a clear notion of his/her responsibility and their involvement in ensuring that the laid business objectives are achieved (Picket Spencer and Jenipher 11). Every employee has the responsibility in the internal control as a requirement for their accountability for ensuring that these objectives are achieved. List of factors to consider: i. The benefits and costs of operating relevant control ii. The likelihood of the risks crystallizing iii. The extent and nature of the risks that the organization faces iv. Categories of risks that company considers as acceptable for it to bear 5 . The Case Study In this paper, a case study is accorded the audit relationship of a public company known as Downers Ltd and its external auditor. The main aim of this case study is to connect the wide principles and features of internal control system to a real world business application. The moment one tries to identify the diverse components of an accounting system. a. The internal control questionnaire An internal control questionnaire has the objective of enabling the auditor to promptly assess all the aspects of the company’s operations of accounting. The internal control questionnaire also gives an overview of the internal controls that are operating in the business. It is imperative to ascertain that every question in the questionnaire has to be answered by either a ‘yes’ or ‘no’. In this case, when an answer is a ‘no’, then it implies weakness. In this case study, the author has used five questionnaires. i) Sales (case study document B1). Sales is defined as the activities pertaining to the process of exchanging goods and services with other goods and services, with clients and thereafter collecting revenue in form of cash. The main objective of sales is to promote an enabling environment for ensuring that every transaction of sales is turned to generate cash. In Downers Ltd, not all sales orders received from customers are in writing and they don’t have an arrangement of how to receive these sales orders. This is a minor weakness in internal control procedure. Other major weaknesses are that there is no credit manger approval of acceptance of customer order and customer credit limit is not reviewed regularly. The dispatch section is mandated to account for filing the proof of deliver where carrier copy is signed by customer and filed. Generally, Downers Ltd internal control sales have several major weaknesses. Transactions involving sales and those that involve cash receipts have a close relationship since the two are triggered with a request from a client and finalizes when cash is received. ii) Accounts receivable (case study document B2). In business, every individual knows that a company may collapse if a business is not able get money from their clients. Therefore, the business is entitled to apply all the necessary techniques in ensuring that sales are converted into cash. When credit sale takes place, the transaction is recorded in the account receivable ledger and procedures of collection are used to convert sales into cash. In Downers Ltd, responsible officials do not confirm accounts on a surprise basis at reasonable interval. In internal control of account receivable, this is a grave weakness since there are no offsetting procedures to check the accuracy of each debtors account. Also accounts written off are not controlled by an independent senior official and also not reviewed in regular basis. This is major loophole since no control is exercised over accounts once they are written off except if partial payments are subsequently received. What are objectives of accounts receivable; To record accurately all the relevant information in the column of accounts receivable ledger To quickly collect the balance of each account, by using effective collection procedure. Therefore, in order to provide an enabling environment to the internal controls to achieve the above mentioned objectives there has to be an accurate record keeping and effective collection procedures. To ensure that there is accurate record keeping; One is obliged to ensure that all the invoices that are issued are properly recorded in a numeric sequence and are at a disposal of regular accountability when need be. All the individuals involved in the posting and balancing the accounts receivable ledger are not involved with the initial transactions or writing of journals, which may include sales, cash receipts and sales returns. Monthly balancing between the accounts receivable subsidiary ledger and the receivable ledger. Monthly reconciliation between the accounts receivable ledger and the control account in the general ledger. iii) Cash receipts (case study document B3). Cash receipts originate from various sources. They can result from transactions of revenue, short and long-term borrowing, and issuance of share capital and the sale of marketable securities, investments that are long-term as well as other assets (Hightower 162). In Downers Ltd, internal control cash receipts reveals that a company messenger instead of a bookkeeper or a cashier deposits all cash receipts daily. This is a major weakness since no independent check on accuracy and completeness of the bank deposit slip and cash receipts journals. Additionally, receipts from sundry sales of stationary and rental are not independently checked and controlled. This is a major weakness since no independent records are kept of receipts from sundry revenue. iv) Cash sales For an effective internal control system, all the cash that are received are quickly recorded and are banked intact. In Downers Ltd, daily total of cash registers and other mechanical devices are not verified by an employee who don’t have access to cash since this done by cashier. This is major weakness in internal control of cash receipts since no internal check over the accuracy of the cash recording on cash register. In addition, the cashier does not compare record periodically with bankings (bank deposit slip). This has a major pitfall since there is no independent check. The organization does not have surprise checks in order to prove the correctness of over and unders, and register change and takings. Actually, internal controls of cash receipts of Downers Ltd have several major weaknesses. b) To what extent have the existing controls prevented potential dysfunction in these systems? In order to prevent dysfunction of internal control system on accounts receivable, a separate debtors ledge is maintained and it is balanced every month by a qualified accounts receivable clerk. Additionally, the total of the individual accounts is regularly compared to the control account in the general by a qualified financial accountant. In Downers Ltd, there is a receipt book register maintained by stationery officer but all issues relating to cash receipts are handled by a qualified cashier. Also, all receipts from cash sales and other over the counter collections are recorder by cash register which serially number receipts. This assists the firm to have accurate records of cash sales and over the counter collections. Existing controls are crucial in managing the entire implementation process. When the controls are followed strictly, errors will never occur at any given time within an organization. Reduction in fraud cases have been prevented by the internal controls as responsibility and accountability has been enhanced. c.) As management, what would you do to the existing systems of sales, accounts receivable, cash receipts and cash sales to improve profits? In order to improve sales at Downers Ltd, there should be a written credit authorization obtained from the credit department so as to prevent difficulty to earmark responsibility for credit granted to customers who later turn out to be doubtful. This will also eliminate giving credit terms to uncreditworthy customers. The bookkeepers on the accounts receivable ledger should not perform conflicting duties such as handling disputed items on statement and preparation of debtors statements. This would allow independent check on the accuracy of the debtors’ statement and the validity of items on dispute. In cash receipts control system, there should be an independent comparison between cash receipts journal and bank stamped deposit slips by the financial account to make sure that errors are rapidly detected and corrected. Cash received from sales over the counter should be balanced against the internal control audit tapes and verified to the every day bank deposit slip by responsible a personnel who has no other sales or cash duties. d). How can a system of internal control assist in this ailing company? System of internal control can assist Downers Ltd in the risks management that is vital to the fulfillment of its business goals. An effective internal control system contributes in protecting the company assets and investments. Sound financial controls, involving proper maintenance of accounting records are vital internal control element. They assist to make sure that the company is not susceptible to preventable financial risks and that financial information utilized within the organization and for recording is reliable. They also assist in preventing and detecting fraud hence protecting company assets. Because profit are, in certain percentage, the reward for successful risk taking in business, the objective of internal control is to assist in controlling and managing risk effectively instead of eliminating it. Assignment 4 1. What are the general controls that should exist in an EDP accounting system? The importance of General EDP Controls cannot be neglected since they provide a reasonable level of assurance that the overall objectives of the internal control are met. There 5 major types of general controls: i) The EDP department organization which ensure that no single person would have ability to access data, change program or computer system, and access the computer. ii) Application development and maintenance controls to make sure that the client effectively controls computer programmes and related documentation. iii) Hardware controls to detect machine failure. iv) Access to programs, computer files and computer equipments. v) Controls over information of master file. 2 Define what is meant by an audit trail and explain how the client’s introduction of an EDP system can alter it. How does this change affect the auditor? Audit trail can also be referred to as audit log; it is an audit record that is temporal arranged and they contain attests that directly concern to as well as ensuing from the performance of a business transaction. Introduction of EDP system will affect the auditor positively as it will minimize the work done by auditors and also it reduces errors that may arise from calculation mistakes, errors in posting, and making totals. On the other hand it may affect the results if there are errors arising from programming. EDP requires more expertise, if the auditors lack basic computer skills, they will definitely be challenged. 3. In what ways is the potential for fraud greater in an EDP system than in a manual system? Give a practical example. In environment of EDP, very few individuals who process huge information of a particular organization. However, in manual system, there exists isolation of similar work among several individuals. This causes EDP system to have ineffective or lack actual controls based on isolation of different functions. Additionally, individuals managing the electronic data systems gain knowledge regarding distribution and generation of output, processing manner, and source of data. They have huge control over information processing systems to alter program or data that can easily allow persons to commit fraud. An example: a programmer for a big bank developed a program for listing and identifying all overdrawn accounts. Later he was able to manipulate program to cause the computer to ignore overdrafts in his own account. He was able to overdraw his account at will. The fraud was detected when listing of overdrawn accounts was prepared manually. 4) Explain limit checks as a form of processing control In an effort of controlling manual input and update of data, integrity controls and authorization are required. Additionally, these modifications should be controlled by as many validation routines as effectively possible. Most of the time the authorization of users will be implemented by giving users the authority to execute particular application programs. Hence, users should only be permitted to enter or update the data in the database by utilizing these softwares. Limit check as a form of processing control is utilized as input validation routine. Limit checks are used to determine whether entered amounts surpass a predetermined lower or upper limit; for example a test of the order amount with a credit limit. 5a). Describe the weaknesses in the internal control system from the comments made to management. In EDP department, the following roles are not separated: (i) programming and application ( hardware maintenance and design of software). (ii) operations which is executing job and running the computer. (iii) data control which is input and output of data. From the management, it is clear that these roles are not separated because computer company trained all personnel in programming, system design and operation. Another weakness is that each employee is responsible for making program changes and running the program that can result to change of master file. Many transactions rely on information accuracy in the master file. Giving employees authority to change and run program would result to alteration of master file. From comments made by management, there is weakness on procedural or data controls since the material for the systems documentation are kept in a corner of the computer department. This means that there are susceptible to intentional vandalism or catastrophic loss such as fire. There exists weakness in EDP department organization since a single individual can access the data, access the computer, and alter the computer programmes or system. b). Recommend improvements in these controls and processing procedures. The roles in the EDP department should be separated such that the programmer should not have access to input data on operations of computers because his knowledge on programs can be easily utilized for gains. Also operator should not have a lot of know how of the program to modify it immediately before or during its use. Employees should not have authority of changing program in their computers; instead, any alteration on program should be properly authorized and approved by the department manager. There should be a method of ensuring that the correct version of the master file is in use. This can be accomplished by validity check where computer is programmed to make sure that the correct master file is being used. Only operators of computer should have access to the computer when processing runs. Copies of every vital files and programs should be kept off site to prevent losses that may result due to intentional vandalism, accidental erasure or catastrophic loss. No single individual should have the capability to access the data, access the computer, and alter the computer programmes or system in EDP department in order to have segregation of duties within department. 6 a) Divide the five functions among four people in such a manner as to maintain the best possible control system. In the scenario of Joyce School, I would subdivide the duties to individuals since appropriate segregation of responsibilities is a vital organization and management control. The responsibilities can be given out as follows; the computer operator and programmer are given out to one person; the remaining responsibilities are given out to four different individuals; system analyst, librarian and data control group. b) Joyce College has realized that, in fact, they can only afford two people to perform the EDP functions. Divide the functions between the two people so as to maintain the best possible control system. Since Joyce school has realized that it can only afford two individuals, I can divide the responsibilities as follows; one individual will work as a computer operator, programmer as well as system analyst, whereas the other individual will carry out, the duties of a librarian and data control group. This is because the programmer should not be allowed to access data input since he has high knowledge of the programs such that he can easily use it for personal benefits. Also librarian should be prevented from having a lot of knowledge on programming and system analysis to eliminate possibility of using that knowledge to manipulate data input. This way, the responsibilities will be segregation of duties in department of EDP. 6 c) If only one person was employed, would the internal controls be so inadequate that an audit could not be performed? Discuss If one person is employed it would mean that there would be no segregation of duties within EDP department which include data control, computer operations, and system development. By separating these roles, it means that no single EDP employee can alter application software or underlying master files and then operate computer equipment to use those altered programs or data files to process transitions. Internal controls with only one employee is no effective because he is the one to handle every EDP role lead to potentiality of misstatement on computer based accounting application, regardless of the quality of automated application controls. With one employee, it would be impossible to block EDP personnel from recording and authorizing transactions to cover theft of goods, and also to lower the possibility of processing and recording errors (Carter, 17). 7. What are the important internal control concerns in an e-commerce environment? The nature of openness of the internet makes the entities, involved in internet based electronic processes of commerce, susceptible to non-intentional and intentional attacks. Hence, the implementation of systems of internal control is important, which will have as a goal the management of inherent risks to intern-organizational systems that back real time electronic transactions. The major nature of transactions of electronic commercial, transverse both to the inter-organizational and intra-organizational environments, is responsible for the non-restriction of the internal control system. On environment of e-commerce, the information systems, the intra-organizational process of business that back the transactions of commerce and systems that utilize internet as a technology infrastructure, to implement information and communication channels of information, are not ran in a manner that is independent. An effective system of internal control in environment of e-commerce should be analyzed in a thorough way, giving similar importance both to the inter-organizational control mechanisms and to the intra-organizational control mechanisms. 8. What is an online system? State the specific internal control concerns in an online system. The web and internet based tools have penetrated almost every functional part of the business including customer and supplier relationship. The increase in business transactions on the internet has been accompanied by an increase of online internal control. Online sytsem is the process whereby there is a direct entry of data or personal transactions through terminals that ultimately results in a prompt computer files update. In an online system, there are six integral controls that are required. These are; the access controls, passwords control, system maintenance and development control, transaction logs as well as application controls. Works Cited Carter, J. Developing e-Commerce Systems, Prentice- Hall, Inc., New Jersey, 2002 Hightower, Rose. Internal Control Policies and Procedures. New Jersey: John Wiley and Sons Inc., 2009. Picket, K, Spencer Picket and Jenipher M. Internal Control: A manager's Journey. 2nd. John Wiley and Sons, 2001. Trenery, Alan. Principles of Internal Control. University of South Wales Press, 1999. Read More