Question

Case and Questions

Internal Control Case- 20 marks

Many banks have suffered losses from their ATM operations due to embezzlement schemes perpetrated by employees. One such bank was the Yorkshire bank branch in Cambridgeshire.

Two tellers of Yorkshire bank branch in Cambridgeshire were arrested and charged with stealing more than £78,000 from its ATM over two years. The alleged ringleader was Jean Moronese, who had worked at the branch since 2012 and served as its head teller since 2018. According to media reports, Moronese told law enforcement authorities that she initially began taking money from the branch’s ATM in 2013 to pay her credit card bills, rent and day care expenses. Moronese ‘begged’ and confessed to Kelly Barksdale one of the tellers to help her conceal her thefts ‘because she didn’t want her children to see her go to jail. Barksdale was apparently persuaded by Moronese’s tearful plea and agreed to help her cover up the embezzlement scheme. Eventually, Barksale joined Maronese to steal from the Bank’s ATM cash machine.

According to the local police, Moronese and Barksale simply changed the ledger control sheets that were supposed to report the amount of cash stored in the ATM and in the locked vault within the ATM. Yorkshire Bank internal control procedures mandated that three employees be involved in resupplying the ATM and its locked vault and in maintaining the ATM ledger control sheets. However, either Moronese or Barksdale completed those tasks by themselves.

The Police also commented on the branch’s failure to require employees to comply with internal control procedures. Also, the bank failed to implement internal accounting safeguards, by ensuring that those safeguards are being followed by all employees at all levels of the business.

Questions:

1.     List four things that should be included as part of the audit documentation during the Yorkshire banking case .

2.     As a senior auditor in the Yorkshire bank ATM case list the risk assessment procedures you will use in your auditing engagement (3 mark).

3.     Prepare a list of internal control procedures that banks and other financial institutions have implemented, or should implement, for their ATM operations (3 mark).

4.     Identify specific audit procedures that may be applied to ATM operations. Which, if any, of these procedures might have resulted in the discovery of the embezzlement scheme at Yorkshire bank branch? Explain (4 mark).

5.     When is analytical procedure used and what are the purpose during the Yorkshire bank case (3 mark)?

6.     As a senior auditor to Yorkshire bank case, how can you maintain good professional judgement in your day-to-day operations (4 mark).

Answer 1

1. Audit documentation includes, for e.g.,

1. checklists

2 analysis, issues memoranda,

3. summaries of significant findings or issues,

4., audit programs

2. Risk Assessment is a key part of Auditing Process. It may includes:

1. Obtaining an understanding of bank for understanding bank’s internal control to evaluate whetherwith the oversight of those charged with governance, bank have created and maintained a culture of honest and ethical behavior, as well as assessing whether the control environment contains any deficiencies in established processes.

2. inquiries with management help to get an understanding of internal controls, we also need to see examples of these being performed.

3.Walkthroughs are to be performed, with the help of bank personnel, to observe segregation of duties along with inspecting certain documents (invoices, purchase orders, etc.) that are used as supporting evidence for the operation of key controls that impact financial reporting.

4. Analytical procedures are also performed.

3. In 1992, the committee of sponsoring organizations of the Treadway Commission(COSO) issued a landmark report on internal control. The report identified five key components of effective internal controls. Banks and other financialinstitutions can and should implement these for their ATM operations. The components are:1.Control environment – this component serves as the basis for the othercomponents; since it underscores Board and senior management’s understandingof the importance of controls.

2.Risk assessment – this component is used to identify the risks that can deter thebank or financial institution from achieving its objectives. This component helpsto determine how risks should be managed and what controls are needed.

3.Control activities – this component includes the policies and procedures that arein place to safeguard against the risks identified from the risk assessment.

4.Information and communication – this component includes all the accounting,information, and communication systems that would assist all relevant parties (theBoard, management, auditors, customers, and other stakeholders) in determiningif the banks or other financial institutions are successfully managing risks.

5.Monitoring – this component allows to evaluate internal controls and determine ifthe controls are effective or ineffective. In other words, if current internal controlsare sufficient in mitigating risk, or if the internal control allow for fraud

4 Audit procedures that may be applied to ATM operations are as follows:

Control environment- The board should periodically review policies and procedures to ensurethat proper controls have been implemented. There should also be a system in place to monitor ifbank employees are complying with the set policies and procedures with instances ofnoncompliance being reported to the Board. Incidents of noncompliance should have somefollow-up and testing for compliance.

Risk assessment– An evaluation of risks and control issues should accompany a bank’sATM operations. Internal audit personnel should always be involved in the risk assessmentprocess for ATM operations. Technology is an integral part of ATM operations and should alsobe assessed for risk factors and control issues.

Control activities– Independent verification and reconciliations are integral to theintegrity of audit procedures for ATM operations. Segregation of duties and dual controls arecrucial to any operation that involves the handling of bank assets, particularly cash. Moreimportant than segregation and dual controls is having a system in place that ensures thatpersonnel are complying with the policies and procedures regarding segregation of duties anddual controls. A vacation policy in place for employees that mandate at least one consecutiveweek’s absence from duties is necessary for critical employees involved in ATM operations.

if any, of these procedures might have resulted in the discovery of the embezzlement scheme at Yorkshire bank branch then it can be taken care of immediately.

5 the analytical procedures are performed during the completion phase of an audit. The primary purposes is to give the auditor one last objective look at the financial statements and see if there are any possible places for misstatements and  to assess whether they are consistent with the auditor's understanding of the bank.

6  Auditor can deliver professional, high quality audits through:

1. a strong & good internal culture focused on quality audits and professional skepticism.
2. applying appropriate experience and expertise to audits.
3. effective internal supervision and review.
4. robust accountability mechanisms.
5. accepting and addressing findings from audit inspections, including findings on asset values and revenue recognition.