Question

Assume you are the management accountant for the Foleo Group and Tracey Chen has asked you to assist her in assessing the organisation’s internal control environment before her meeting with Peter Singh next week. Specifically, she asks you to look at the Finance Department that you manage. Tracey provides you with her detailed observations of the Department’s current control environment below, and asks for your input. Finance Department: This Department presents the highest control risk for the Foleo Group, by far. The staff within the Finance Department collect data generated by the various departments and business units within the organisation, analyse it and then generate reports that are disseminated across the organisation. Most, if not all of this data is transmitted electronically and it currently appears that all operational staff within this Department have access to the complete suite of information passing through their accounting system. The only exception to this, are the existing, but inadequate access controls over the payroll data, however it seems that these can be easily overridden, as demonstrated to me by one of the Finance staff members upon request. This unrestricted access to sensitive data has led to some serious motivational issues and at this point, it is unclear whether disgruntled employees have been able to take advantage of the Finance Department’s poor control over Foleo’s data. Another area of concern identified by the management accountant is the poorly restricted access to the reports generated by the Department. These reports are distributed via email (and occasionally in printed form for specific meetings) to authorised recipients, however, there is a common practice across the organisation, it seems, of sharing passwords to access other individuals’ email accounts and information. Whilst I am informed that this practice is in the interests of timely resolution to problems, rather than fraud, my concern is that it invites dysfunctional behaviour and represents a significant risk to Foleo’s information and assets. The operational staff of this department who process all transactional data are subject to a number of controls that I implemented on my arrival at the organisation some 20 years ago, in order to minimise the risk of errors and omissions in the reports they generate. As they enter data, the accounting system has a number of inbuilt safeguards to ensure that the right type of information is being entered in the right place, in addition to requests for confirmation for entered information that is abnormally high or low for specific data types. Unfortunately, these controls along with the procedures I put in place to ensure the authenticity of transactions are routinely overridden by both operational and management staff, which is somewhat concerning, considering that James and Leon appear to be the worst offenders. As the management accountant discovered decades ago, James and Leon regularly authorise the payment of private expenses through the company bank account and access funds as and when they need cash without following the proper procedures. This has resulted in their salaries being seriously understated and the existence of improper expenses in the company financial statements. I believe this sends a poor message to the employees. As already identified in my last report, this Department struggles to deliver the required reports at year-end and other peak times, despite utilising a range of techniques to minimise the processing time of the data. These techniques have led to errors and shortcuts that have compromised the integrity of the resulting reports, upon which Managers have based important decisions. The access to the bank account would appear to be less of a concern. The management accountant has charged the senior accountant Phil Brown, a loyal Foleo employee of some 10 years, with the responsibility of preparing, authorising and effecting all cash payments (despite the existence of sufficient support staff to undertake these processes). This responsibility extends to supplier, payroll, petty cash and all other miscellaneous payments. Phil has walked me through the system he has in place that matches documentation from all components of the purchasing process, which is the prerequisite for any payment being authorised. He has kept meticulous files and was able to produce the purchase order, proof of delivery and supplier invoice for any payment I selected for audit. I did notice a couple of insignificant anomalies in the records, such as a supplier’s name also appearing in the customer list of names, as well as Phil’s signature appearing on a number of receiving reports for purchased goods (a role that would normally be undertaken by the warehouse staff that received the shipment). These anomalies seemed odd to me at the time, but were quickly explained by Phil Brown. This may require further investigation.

Question c: Select three control you have suggested in part(b) and describe how each will work towards achieving the overarching objectives of The Foleo organization. Answer:i.Surprise visit - it will make the hidden facts,reason of faulty misrepresentation crystal clear and the peron accountable could be penalized for the same on evidence ii.Ombudsman - it will give the courage to all honest workers to report any irregularities and give a sound base to further investigate on matters which were not known before iii.Financial software - it will prepare bias free reporting and would detect any wrong entries preventing the scope of dubious entries in accounting.

Please answer this

For the three (3) of the controls you selected in part (c), classify each as one of the Simons’ levers of control and explain why. (HINT: Refer to the Simons reading for information on the levers of control.)

Answer 1

The internal controls could be categorised into : detective, preventative, and corrective.

Controls could be defined as the policies and procedures or technical safeguards which are put in place by the organisation for the prevention of the problems and protection of the assets of the organization.

a) Preventive controls are the controls which are put in place to avoid the negative event from occurring.

b) Detective controls are those controls that which are being used after the fact of a discretionary event.

c) Corrective controls are those controls put in place after the detective internal controls discover a problem.

The following the classification of the controls could be made as follows:

i) Surprise visit are the detective controls- it will make the hidden facts,reason of faulty misrepresentation crystal clear and the peron accountable could be penalized for the same on evidence

ii) Financial software is corrective controls- it will prepare bias free reporting and would detect any wrong entries preventing the scope of dubious entries in accounting.

iii).Ombudsman is Detective controls- it will give the courage to all honest workers to report any irregularities and give a sound base to further investigate on matters which were not known before .