In: Finance
1. a)The components of internal control as per the acronym Crime are as follows: | |
● | Control environment |
● | Risk Assessment |
● | Information and communication |
● | Monitoring |
● | Existing control activities |
Control Environment | |
A control environment is an organization's compliance culture comprising of organizational structure to the ethical values. Some common control activities are reconciliation of financial records, review and approval, authorizations to specific financial processes, separation of duties etc. Also the management philosophy and operating style should be aligned with the commitment to integrity and ethical values. | |
Risk Assessment | |
Another crticial component of internal control is Risk Assessment. Management should identify risky areas and controls should be implemented to identify frauds and errors that could end up in material misstatements. Management should identify what are the internal and the external risk factors to create company wide and process- level objectives. | |
b) In the above scenario the following elements are missing- there is no separation of duties with regard to purchases made by the company, a single person is controlling purchase requisitions, orders, invoices,settlement of payment as well as balancing the books of accounts. Also multiple authorizations at each level of purchase, from higher management is not in place to ensure multiple checks. Also proper risk assessment has not been conducted by the company to identify the internal risk factors posed by its own employees. This is clear from the fact the fraud has been identified only after inventory balances have been altered in the books maintained by the company. Also the company doesnt have a proper system of information and communication in place and has not encouraged staff to communicate activities to the management that are illegal. This can be understood from the fact that other employees noticed unusual deliveries however kept silent until the entire fraud took place. Hence major components of internal control are weak in the given scenario. | |
2) A-1 technology can implement internal controls as below to prevent frauds in the future: | |
● | Set proper authorizations for specific processes such as creation of purchase requisitions, creation of purchase orders, bills register, invoice processing and payment processing. All of these should require the approval of senior managers. Also authorization and approval procedures can be made complex with respect to high value purchases. |
● | Separation of duties and responsibilities should be done so that multiple checks can be implemented such as the person who processes the invoice and records the data should not be allowed to handle the payments. Payment should be handled by a different team with restrictions as to the amounts that can be paid on a single day. |
● | Internal auditor should be appointed to perform risk assessment on a regular basis and inform the results to the management. |
● | Have an information dissemination system to encourage employee communication amoung themselves as well as upper management. Provide staff with proper training and documentation. |
● | Monitoring to be done such as reconciliation of books of accounts every day, passwords to accounting softwares to be changed on regular intervals etc. |