Question

Spring Water Spa Company is a 15-store chain in the Midwest that sells hot tubs, supplies, and accessories. Each store has a full-time, salaried manager and an assistant manager. The sales personnel are paid an hourly wage and a commission based on sales volume.

The company uses electronic cash registers to record each transaction. The salesperson enters his or her employee number at the beginning of his/her shift. For each sale, the salesperson rings up the order by scanning the item’s bar code, which then displays the item’s description, unit price, and quantity (each item must be scanned). The cash register automatically assigns a consecutive number to each transaction. The cash register prints a sales receipt that shows the total, any discounts, the sales tax, and the grand total.

The salesperson collects payment from the customer, gives the receipt to the customer, and either directs the customer to the warehouse to obtain the items purchased or makes arrangements with the shipping department for delivery. The salesperson is responsible for using the system to determine whether credit card sales are approved and for approving both credit sales and sales paid by check. Sales returns are handled in exactly the reverse manner, with the salesperson issuing a return slip when necessary.

At the end of each day, the cash registers print a sequentially ordered list of sales receipts and provide totals for cash, credit card, and check sales, as well as cash and credit card returns. The assistant manager reconciles these totals to the cash register tapes, cash in the cash register, the total of the consecutively numbered sales invoices, and the return slips. The assistant manager prepares a daily reconciled report for the store manager’s review.

Cash sales, check sales, and credit card sales are reviewed by the manager, who prepares the daily bank deposit. The manager physically makes the deposit at the bank and files the validated deposit slip. At the end of the month, the manager performs the bank reconciliation. The cash register tapes, sales invoices, return slips, and reconciled report are mailed daily to corporate headquarters to be processed with files from all the other stores. Corporate headquarters returns a weekly Sales and Commission Activity Report to each store manager for review

Required

Are these strengths aligned with the COSO ERM framework? Explain how and why

What critical risks does the company face? (Relate your answer to the COSO ERM framework.)

What solutions and controls should be implemented to mitigate these risks and improve the quality of system control?

Answer 1

In this scenario , this is very much aligned with the COSO ERM framework. Components of internal control pertaining to COSO are as follows

- Control enviornment

- Risk Assessment

- Control Activities

- Information & Communication

-Monitoring Activities.

In This scenario." Control Activities" are actions established by policies and procedures that help to ensure that managements intructions that are intended to limit risks to the acheivmenet of the organization objectives are carried out.

Control activities may be preventive or detective and can include a rang of activities such as authorizations and approvals, verifications reconciliations and business performance reviews. Segregation of duties is typically built in to the selection and development of control activities. In this scenario segregation of duties is highly present which is a strength to the company as a whole.  

B. Monitoring activies is the risk in this scenario. There is less or Zero monitoring activities pertaining to the role of the manager. Managment must monitor the entire internal control system. Monitoring is an activity overseen and or performed at the management level for the purpose of asessing the operation and effectivness of existing internal controls. monitoring assesses the quality of internal control system performance over time to determine whether the components of internal control are present and are functioning.

C.Risk assessment is the risk that this organisation face. Risk is the possibility that something will occur that will adversely affect the organisations acheivement of its objective. Risk assessment involves idenitfying and asssessing risks to the achivement of objectivie, relative to the organization's established risk tolerence.