1 / 25

Internal Control Part II

Learn about the objectives and types of internal controls in organizations, including preventive, detective, and corrective controls. Discover the significance of organizational controls, authorization, supervision, and personnel security plans in safeguarding assets and promoting accountability. Explore the role of well-documented procedures, clear job descriptions, and controlled access to resources in maintaining a strong internal control system. Enhance your understanding of segregation of duties, employee management plans, and hiring/firing procedures to ensure ethical behavior and operational efficiency.

Télécharger la présentation

Internal Control Part II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Internal ControlPart II March 4, 2010

  2. Today, we will…. • Talk about how controls work in an organization. • Discuss what we are trying to achieve with our system of internal control. • Discuss how certain processes that we have seen before address certain control objectives (from number 2. Above).

  3. First, let’s play a game!

  4. What are the objectives of controls? • Protect assets • Ensure accurate reporting (and supporting documents)

  5. The primary tools of control • Accountability - holding specific individuals responsible for stewardship of assets and the accounting records. • Processes that will discourage dishonesty, check for errors, and help detect problems. • Oh yes, and a corporate culture in which these tools are taken seriously and that honesty and accuracy really matter.

  6. Control types… • Preventive Prevents problems from arising. Reconciliations are an example of preventive controls. • Detective Detective controls detect problems - hopefully before the problems affect the financial statements. Note, with regard to fraud, that detective controls - if they are communicated to employees - are also preventive. For example, if we perform surpise audits, and we tell employees that we are going to do them, then the employees would refrain from stealing. • Corrective Corrective controls attempt to “fix” problems after they have occurred. Bonding of employees is an example of a corrective control.

  7. Control types… • Organizational controls • Segregation of duties • Authorization • Personnel controls • Supervision • Employee management plans • Personnel security • Hiring and firing procedures • Policy controls • Well-documented procedures and policies • Well-defined job descriptions • Resource control • Controlled access to assets and data • Accountability

  8. Segregation of duties • Typically this is the first thing that you try to do • If someone wants to steal something and continue working at the company, then they might need to cover up their theft by forging or altering documents. • This was the case with the auto parts clerk (Tony Alvarez) who created bogus refunds • This was also the case with the accounting clerk (Kay Lemon) who wrote checks for inventory purchases and to herself, but recorded the inventory purchase in the books for the sum of the two checks. • Recording, Access (or custody), and Authorization should be segregated - most importantly recording.

  9. Authorization • We typically have two kinds of authorization - general and specific. We talked about this last class.

  10. Supervision • If employees know that they are being watched and supervised, they are less likely to do something unethical. They also are more likely to communicate any personal problems that they might have to their superiors if they are in frequent contact with their supervisors.

  11. Employee management plans • There are two types of employment management plans that you should consider: • Employees should be encouraged to communicate issues that seem wrong (turn in their fellow employees). • In addition, employees should feel free to talk to their supervisors about problems they are experiencing. As Tony (the auto parts clerk) said, If he had gone to them with his problems, he is certain that they would have helped him. This is called an open-door policy and was also discussed in the portion of the video on prevention. It helps to mitigate that corner of the fraud triangle.

  12. Personnel security plans • Forced vacations and job rotation • Employee bonding

  13. Hiring and firing procedures • Good hiring procedures are important because employees that are not well-suited to their task are more likely to experience frustration and react by acting inappropriately. • Good termination procedures are important because employees that are “on their way out” have a very negative impact on the psyche of the organization.

  14. Well-documented procedures and policies • Well-documented procedures and policies are important because they describe what is OK and what is NOT OK. Recall that this is really much of what Sarbanes-Oxley is all about. CEOs can no longer claim ignorance as a justification. By the same token, well-documented internal policies and procedures define the boundaries of behavior. In addition, they help employees know what to do in various unexpected circumstances.

  15. Well-defined job descriptions • As with well-defined policies and procedures, well-defined job descriptions set boundaries of activities. They also formalize supervision and segregation of duties characteristics.

  16. Access to resources • Data should be safeguarded. Only authorized personnel should be allowed to engage in transaction recording. • Assets should be locked up. • Someone should be accountable for both of these. This is the “go to” person if something is wrong… the first person to suspect. They must, however, have the authority to protect and control the resources (either assets or data).

  17. What are we trying to achieve? • Let’s talk now about procedures that make up our system and what we are hoping to achieve with these procedures. Let us also try to classify each of these procedures. • First, though, what are we trying to achieve (specifically). Recall that we said we want to protect assets and that we want to ensure accurate financial reporting. Let’s break these down.

  18. Protect assets / accurate information • Every transaction that we record should be a valid (legitimate). It must EXIST and it should be PROPERLY AUTHORIZED. We call this validity. • Every transaction that exists should be recorded. We call this completeness. • Every transaction should be recorded accurately. There should be no errors or valuation problems.

  19. Incentive issues • If we are looking at theft issues, recording problems are typically a result of an attempt to hide embezzlement (misappropriation of assets). • If we are looking at reporting issues (such as hiding losses or “window dressing”) the recording problems typically relate to income increasing manipulations of the accounting system. • These are NOT mutually exclusive - they may both exist.

  20. Let’s look at some of our system characteristics… • We engage in a sale on account. Let’s look at how we ensure that the sale was a legitimate sale. • Every sale must be properly authorized • How do we make sure that a sale exists? For every sale, there must be some proof, such as a customer receipt or a bill of lading that proves that goods were transferred. How do we make sure that all sales get recorded? We require that everything that leaves our loading dock has a sales order and, at the end of the period, we check to make sure that all sales orders are accounted for. How do we ensure accuracy of recorded sales? The accounts receivable clerk reconciles the invoice and the sales order. The shipping clerk reconciles the bill of lading and the sales order.

  21. In general… • We guarantee existence by requiring some document that has been “verified” by an external entity such as a customer or a bank or a representative of UPS or FED-EX or whoever. • We require that the individual that is responsible for authorizing transaction sign his name (or initial or add a digital signature) on the document. This is critical, because this individual is to be held accountable. Remember that this system relies on accountability. • We guarantee completeness by requiring that every transaction have the appropriate documentation and that the documents be pre-numbered. At the end of the period, we check to make sure that all documents are accounted for. • We guarantee accuracy by having reconciliations at various points in the process. We also use computer packages to enter information. We must, though, worry about the issue of stuff getting into the computer correctly. We will talk about that next class, though.

  22. An example - Causeway

  23. C Key data B/T B/T C/R Listing Desposit slip Desposit slip Summary of Cust Accts Total Of C/R Prints C/Rlisting &Summary D C C/R Listing Summary of Cust Accts D G/L office Mailroom Accts. Rec Computer Cashier Customer R/As B Log Txns Verify Post A/R A Txn log Checks Check R/A Endorse Check Annotate R/A Prepare B/T A/R master Compares Compare Printsdeposit slip R/As Checks Desposit slip Desposit slip A Check Deposit slip B Bank

  24. Summary • Assets are protected by making sure the checks are not worth anything to anyone else (since they are endorsed immediately) and by the fact that there is a deposit slip and record that are kept independently. They must reconcile with the deposit. • Completeness is ensured by reconciling the R/As and checks. If one of either of these is missing, the reconciliation would not work out. Also batching helps with the completeness. • The two reconciliations ensure that the input data is accurate. • What about existence and authorization????

  25. Different systems - different issues • Let’s go back to how a misstatement occurs. Either it is a mistake (error) or it is intentional (fraud). If someone is using the accounting system to hide a theft, then they are attempting to record something to make it look like no assets were stolen - either they never existed, they were used in the normal course of business, or they were sold. Segregation of duties is the main way to protect against this. If someone is trying to make the business look better than it is (like Enron), then the controls should relate to ensuring existence of income transactions and ensuring completeness of expense transactions. For example, we would want to guarantee existence of sales - since bogus sales are one way that a company can make profits look better than they really are and guarantee the completeness of purchases since purchases are closed directly into cost of goods sold.

More Related