Question

In: Finance

Johnson Company— Internal Controls Johnson Company Inc. (Johnson Company or the “Company”) is a U.S. public...

Johnson Company— Internal Controls

Johnson Company Inc. (Johnson Company or the “Company”) is a U.S. public company that files quarterly and annual reports with the Securities and Exchange Commission (SEC). JOHNSON COMPANY is a leading retail chain operating more than 500 department stores across the continental United States. JOHNSON COMPANY department stores offer customers a variety of nationally advertised products, including cookware, shoes, jewelry, perfume, and other accessories. The Company’s supply chain of products is managed through a single warehouse and distribution facility located in Chicago, Illinois.

JOHNSON COMPANY has a centralized accounting and finance structure at its corporate headquarters, where all processes and controls related to all substantive account balances occur, including controls related to accounts payable and the Vendor Master File. JOHNSON COMPANY recognizes revenues from retail sales at the point of sale to its customers. Discounts provided to customers by the Company at the point of sale, including discounts provided in connection with loyalty cards, are recognized as a reduction in sales as the products are sold. Cost of goods sold for the Company primarily consist of inbound freight and costs relating to purchasing and receiving, inspection, depreciation, warehousing, internal transfer, and other costs of distribution.

Case Facts

Audit Issue

On June 1, 20X2, the Accounts Payable (AP) Manager received an e-mail inquiry about the process required for a vendor to change its bank account information. The e-mail was sent from Larry Kennedy at a domain address listed as “Clothing-Co.” Clothing Co. is a manufacturer that supplies JOHNSON COMPANY-branded watches to JOHNSON COMPANY’s west region department stores. In addition, Larry Kennedy is the primary contact at Clothing Co with whom the Company typically interacts.

The AP Manager responded to the e-mail request on June 15, 20X2, with the procedures required of the vendor, which include completing a vendor bank account request form. On June 20, 20X2, the AP Manager received a reply e-mail from Larry Kennedy at “Clothing-Co” with a completed vendor bank account request form, which included Larry Kennedy’s signature, new bank account information, and other related information.

Upon receiving the vendor bank account request form, the AP Manager completed a separately required Vendor Change Form for internal processing. The Vendor Change Form is completed for new vendors or changes to existing vendors’ information, including bank account information. The AP Manager sent the completed Vendor Change Form to Clothing Co’s Assistant Controller, who reviewed and approved the request on June 24, 20X2. The bank account information was updated within the Vendor Master File on June 26, 20X2.

Throughout the month of July, valid Clothing Co invoices were processed through the Company’s accounts payable process, and the valid invoices were paid in accordance with the Company’s processes for cash disbursements and wire transfers. However, because the bank account information for Clothing Co was changed (as a result of the June 1, 20X2, e-mail request) approximately $2 million in payments was wired to an incorrect bank account. On August 2, 20X2, the Company received an inquiry from Clothing Co about the expected timing of the $2 million in outstanding invoices. As a result of the direct interaction with Clothing Co’s employee Larry Kennedy, the Company determined that the previous vendor bank account change form was received from a fraudulent domain name with the intent to defraud the Company. The e-mail domain for Clothing Co is “Clothing Co” with no hyphen or period, rather than “Clothing-Co.” with a hyphen. Both e-mails received from “Clothing-Co.” were determined to be from a fraudulent source (that also fraudulently used Larry Kennedy’s name in the e-mail).

As noted above, there are two employees within the Company that were involved in processing and approving the Vendor Change Form. The Company’s policy on bank account change requests was communicated by JOHNSON COMPANY’s Assistant Controller in an August 20X1 e-mail that indicated that for each Vendor Change Form requesting a vendor bank account change, the accounts payable department was required to (1) obtain a previously processed and paid invoice from the vendor requesting the bank account change, (2) call the vendor using the contact information obtained from the prior invoice, (3) verify the authenticity of the requested bank account change request by directly contacting the vendor, and (4) include all relevant information obtained in steps (1) through (3) as an attachment to the Vendor Change Form. The Company’s control description relating to the review of a Vendor Change Form by the Assistant Controller is not explicit regarding the specific attributes of the review. However, because the policy was distributed by the Assistant Controller and the Assistant Controller is also the control owner (e.g., performs the review), there is a presumption that the Assistant Controller would understand that as part of her review, she should evaluate whether the AP Manager obtained sufficient information to confirm the authenticity of the bank account change request.

Other Relevant Facts

• Materiality — $8 million.

• The Company processed approximately 105 vendor requested bank account changes during FYX2 before the realization that the request from “Clothing Co” was fraudulent (from September 25, 20X1, to August 2, 20X2). After the identification of the misappropriation of assets, the Company’s internal audit department obtained and reviewed all 105 Vendor Change Forms reviewed by the Assistant Controller, noting that only five Vendor Change Forms contained the information required by the policy. In addition, internal audit determined that the primary review procedure performed by the Assistant Controller related to the verification that the bank account number was appropriately included on the Vendor Change Form. This procedure was performed in all cases before the bank account information was input into the accounts payable system.

• The total wire transfer payments made to the 105 vendors that requested bank account changes in FYX2 totaled approximately $56.2 million (based on an analysis prepared by Internal Audit of the invoices processed and paid by the Company after the processing of a Vendor Change Form for the 105 vendors).

Based on an analysis by management the amount of payments made to any single vendor in a payables cycle could approximate $2 million, assuming a cycle of 30 days.

• The Company’s Chief Security Officer completed an internal investigation and concluded that there was no indication that the AP Manager and Assistant Controller were involved in the scheme that resulted in the $2 million misappropriation.

• After the determination on August 2, 20X2, that the Vendor Change Form was from a fraudulent source, the Company ceased processing additional Vendor Change Forms until it could understand the root cause of the deficiency. On September 10, 20X2, the Assistant Controller sent a reminder regarding the importance of following the vendor bank account request change policy. The e-mail also highlighted an enhancement to the process, which primarily included an enhancement to the Vendor Change Form. The form was revised to include the following three new, explicit sections that are required to be completed: (1) contact phone number pulled from previously processed and paid vendor invoice, (2) name of individual at the vendor (from a previous invoice) that was contacted, and (3) date discussed/contacted. The policy e-mail reiterated the requirement to include a copy of the previously processed vendor invoice with the Vendor Change Form.

• Internal Audit performed a thorough evaluation of the competency of the Assistant Controller and concluded that notwithstanding the Assistant Controller’s lack of historical performance, the Assistant Controller was suitably competent to perform the control.

Engagement Team Note

The Engagement team notes the following control is relevant to the above process:

CD5C — The accounts payable department is required to complete the following for each Vendor Change Form requesting a bank account change:

1. Obtain a previously processed and paid invoice from the vendor requesting the bank account change.

2. Call the vendor using the contact information from the obtained invoice.

3. Verify the authenticity of the requested bank account change request.

4. Attach all relevant information obtained in steps (1) through (3) to the Vendor Change Form for review and approval.

Engagement Team Note

In planning the 20X2 audit, the engagement team obtained an understanding of the internal controls related to cash disbursements. This understanding was developed through the engagement team’s walkthrough of the cash disbursements process. As part of its walkthrough procedures, the engagement team made inquiries of appropriate personnel, inspected relevant documentation, and in certain cases, observed the control performers carrying out required control procedures. As a result, the engagement team concluded that there were no significant changes to the cash disbursements process in the current year.

The engagement team identified four risks of material misstatement relating to the cash disbursements process.

The Company’s control description regarding the Assistant Controller’s review of the Vendor Change Form is not prescriptive regarding the specific attributes of the review. However, there is a presumption that the Assistant Controller would understand the primary objective of the control, which is to evaluate whether sufficient information was obtained by the AP Manager to confirm that the bank account change request was authentic.

Required:

Instructions: 1) Answer the following questions (indicate who from your team primarily complete teach question.

  1. Did control “CD5C” work effectively during the year?
  2. Is there a control deficiency related to CD5C?
  3. What are the key considerations when evaluating the severity of a deficiency in a control that directly addresses a risk of material misstatement?
  4. Does the Assistant Controller’s failure to adequately review the Vendor Change Form represent a deficiency in the design or operating effectiveness of the control?
  5. Is the failure in the vendor request change form control indicative of a material weakness in internal control over financial reporting? Significant deficiency? A Material Weakness?
  6. Would the deficiency warrant disclosure in the Company’s Form 10-K, Item 9A? If so, what information would the Company be expected to disclose?
  7. What implications does the deficiency have on other direct or indirect controls?
  8. Would you report this to the board of directors? The SEC? The PCAOB? The police?
  9. Are the financial statements materially misstated?
  10. What would the auditor change in their audit procedures to address what happened (incorrect payment)?
  11. What is the auditor’s responsibility with respect to the error discussed above (incorrect pavement)?
  12. Can you rely on any controls at this company? Would you continue the audit?
  13. Should the Controller be fired? Why or why not?

Solutions

Expert Solution

Answers to the above questions are stated below:

1. Did control “CD5C” work effectively during the year?

Answer: The control "CD5C" did not work effectively during the year since there were loopholes in following the procedures established to mitigate the fraudulent transactions. Both the AP manager and the controller at Johnson company were at fault to not follow the controls in place and hence leading to the misappropriate transactions.

2. Is there control deficiency related to CD5C?

Answer: Yes there are control deficiencies in CD5C. The controls in place do not specify the procedures to identify the fraudulent emails and spam emails. Johnson company should establish internal control to identify spam requests such verifying the email address and accepting the vendor change form signed and authorized by a senior management personnel.

3. What are the key considerations when evaluating the severity of a deficiency in a control that directly addresses a risk of material misstatement?

Answer: a. Need to asses the root cause of the deficiency.

b. Find the out the indicators which can lead to such misstatement

c. Assess the potential impact which any factor can lead to potential misstatement.

d. Build controls in place to evaluate the potential loss both for current and future period.

4. Does the Assistant Controller’s failure to adequately review the Vendor Change Form represent a deficiency in the design or operating effectiveness of the control?

Answer: A controller establishes and enforces internal policies and procedures and also ensures that they are being followed diligently with regular audits and reports them to the external auditors. In the above scenario the controller did not fulfill the job responsibility with diligence.

5. Is the failure in the vendor request change form control indicative of a material weakness in internal control over financial reporting? Significant deficiency? A Material Weakness?

Answer: The failure of the vendor request change form is a lack of material weakness which was a direct result of not following the controls and policies in place. The lack of not auditing the policies and processed at regular intervals is due to significant deficiency.


Related Solutions

Codger Corp. — Internal Controls Codger Corp. (CC or the “Company”) is a U.S. public company...
Codger Corp. — Internal Controls Codger Corp. (CC or the “Company”) is a U.S. public company that files quarterly andannual reports with the Securities and Exchange Commission (SEC). CC is a leading retail chain operating more than 100 department stores across the continental United States. CC department stores offer customers a variety of nationally advertised products, including clothing, shoes, jewelry, and other accessories. The Company’s supply chain ofproducts is managed through a single warehouse and distribution facility located in Kansas...
Briefly describe the purpose of internal controls in a company and the importance of internal controls...
Briefly describe the purpose of internal controls in a company and the importance of internal controls as related to cash.
The auditor is required to render an opinion on the system of internal controls (for public...
The auditor is required to render an opinion on the system of internal controls (for public companies). Which of the following would result in an adverse opinion being issued by an auditor related to internal controls? The control risk is assessed at a low level. The tests of controls support the documented understanding of controls. There is a material weakness in the design or operation of controls. A confirmation request is not returned to the auditor in a prompt manner.
What is the difference between testing internal controls of public versus private companies?
What is the difference between testing internal controls of public versus private companies?
Defining internal control Internal controls
Question Defining internal control Internal controls are designed to safeguard assets, encourage employees to follow company policies, promote operational efficiency, and ensure accurate accounting records.Requirements1. Which objective do you think is most important?2. Which objective do you think the internal controls must accomplish for the business to survive? Give your reason.
ABC Retailers Inc. (ABC or the “Company”) is a U.S. public company that files quarterly and...
ABC Retailers Inc. (ABC or the “Company”) is a U.S. public company that files quarterly and annual reports with the Securities and Exchange Commission (SEC) with a fiscal year end of August 31, 20X8. ABC is a leading retail chain operating more than 100 department stores across the continental United States. ABC department stores offer customers a variety of nationally advertised products, including clothing, shoes, jewelry, and other accessories. The Company’s supply chain of products is managed through a single...
Explain how internal controls affect the liquidity of a company.
Explain how internal controls affect the liquidity of a company.
Discuss the similarities and differences of internal controls reporting requirements between public and private organizations.
Discuss the similarities and differences of internal controls reporting requirements between public and private organizations.
Why are internal controls important in an organization? Describe some internal controls that relate to cash...
Why are internal controls important in an organization? Describe some internal controls that relate to cash receipts and cash disbursements. Please answer in your own words. Do not use outside resources.
Background ABC Retailers Inc. (ABC or the “Company”) is a U.S. public company that files quarterly...
Background ABC Retailers Inc. (ABC or the “Company”) is a U.S. public company that files quarterly and annual reports with the Securities and Exchange Commission (SEC). ABC is a leading retail chain operating more than 100 department stores across the continental United States. ABC department stores offer customers a variety of nationally advertised products, including clothing, shoes, jewelry, and other accessories. The Company’s supply chain of products is managed through a single warehouse and distribution facility located in Kansas City,...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT