Question

You and your colleagues have been assigned to the audit of a private company, Rose Pty Limited, which operates a plant nursery with a turnover of $6 million a year. The total number of full-time employees working for the company is 16, together with between five to seven casual employees as and when required on weekends. The company is run by a husband and wife team who are the directors and shareholders and a full-time accounts clerk, Sofia, who is responsible for all accounting-related tasks including accounts receivable, inventory, payroll and accounts payable. All accounting functions are performed on a standalone personal computer (PC). The access to various applications is controlled by passwords. Sofia records passwords to each application in her top drawer. Backups for all applications are done on a regular basis, appropriately labelled and maintained in a ‘backup’ case next to the PC. The office of the company is located in a small office building inside the nursery which is well fenced. The company trades seven days a week, but Sofia only works Mondays to Fridays. The office is also used by various other members of the staff to process sales invoices and dispatch documents during the weekend. A monthly income statement and balance sheet are prepared as part of the roll-forward procedure. Monthly reconciliations are also prepared by Sofia for all balances on the balance sheet; however, the directors concentrate their review on the income statement. Required: (a) From the information above, identify FIVE significant internal control weaknesses. (b) For each weakness identified in (a) above, recommend a practical and effective internal control procedure that could be introduced to overcome this weakness.

Answer 1

Five significant internal control weaknesses and effective internal control procedure to overcome tis weakness:

1. No segregation  of duties : Sofia handles all the accounts related tasks. Security of the accounting data is also in the hands of Sofia. This may lead to misapprpriation of accounting data.

This can be mitigated by proper operational control. Segregation of duties will help in controlling any misappropriations as the accounting process will be in the hands of different people.

2. Access of Accounting data : Back up of all the accounting data is taken regularly but are placed next to the PC which might lead to easy access of data to outsiders . Also loss of data can happen due to natural calamity.  

Back ups taken have to be stored in a secured place away from the normal working place. This will help in recovery of the lost data easily.

3. Lack of security of information : Passwords for all the applications are set by Sofia and these information are stored in her top drawer which is easily accessable.

Data security is a very important aspect to be taken care of. Proper internal control for security of information is to established. Passwords are to be safely stored in a confidencial place which is not easily accessable to the public.

4. No Departmentalization: A company with turnover of $6million a year would mean the level of activity is high. Sofia alone handles the whole accounting process including password settings, backups etc..

For a company with  $6millon turnover it becomes necessary to have an IT department which takes care of all applications, Accounts department which takes care to accounting , internal audit department which audits the data on a regular basis, Sales department, Marketing department etc.

5. Lack of Top management involvement: Directors concentrate their review only on the income statement. The correctness of other accounting data are not reviwed by the top management. No proper reporting controls.

Top managemet is required to review the financials from time to time. This will minimize frauds and other misappropriations.