Question

10. INTERNAL CONTROL

The following is a description of a manufacturing company’s purchasing procedures. All computers in the company are networked to a centralized accounting system so that each terminal has full access to a common database.

The inventory control clerk periodically checks inventory levels from a computer terminal to identify items that need to be ordered. Once the clerk considers that inventory is too low, he chooses a supplier and creates a purchase order from the terminal by adding a record to the purchase order file. The clerk prints a hard copy of the purchase order and mails it to the vendor. An electronic notification is also sent to accounts payable and receiving, giving the clerks of each department access to the purchase order from their respective terminals.

When the raw materials arrive at the unloading dock, a receiving clerk prints a copy of the purchase order from his terminal and reconciles it to the packing slip. The clerk then creates a receiving report on a computer system. An electronic notification is sent to accounts payable and inventory control, giving the respective clerks access to the receiving report. The inventory control clerk then updates the inventory records.

When the accounts payable clerk receives a hard- copy invoice from the vendor, she reconciles the invoice with the digital purchase order and receiving report, and she prepares an AP packet and places it into the open accounts payable file in a filing cabinet until the due date. The clerk also updates the accounts payable subsidiary ledger and records the liability amount in the purchase journal from the department computer terminal. The accounts payable clerk periodically reviews the cash disbursements file for items due and, when they are identified, prepares a check for the amount due. Finally, using the department terminal, the clerk removes the liability from the accounts payable subsidiary file and posts the disbursement to the cash account.

Required:

b. Analyze the physical internal control weaknesses in the system.

c. Describe the IT controls that should exist in the system. Be specific as to how the controls apply.

Answer 1

Answer:

The fraud will be committed by the employee only when there is opportunity to do. This happens because of improper controls system. So, only many standers have risen to guide the companies in how to maintain adequate internal control system. Also Sarbanes-Oxley Act of 2002 (SOX) requires all publicly held companies to establish and maintain the internal controls the are adequate to their business standards and procedures for financial reporting to reduce the risk of corporate frauds.

B.As in the given case fraud happened because of failure in the access controls. There should be proper and adequate controls in place so as to mitigate the fraud that is access should be given to the authorized employee and in case if there is any unauthorized access it should be identified and mitigated immediately. Controls should be proactive they should detect and eliminate the fraud before it occurs. Also in this case there should be proper segregation of duties. Every employee must be known of what are their duties and respondsibilties and limits in case they cross the limits what will be penal provisions applicable. Also segregation of duties the work done by one employee will be verified by the other employee which helps to reduce the risk to some extent. There should be surprise audit checks so that any such alteration in the financial statements can be known immediately.

C.Most essential ­element of an adequate employee fraud reporting program will be employee education about the frauds, developing the proactive fraud policies so as to eliminate the risk before it occurs, increasing the analytical review usages, surprise audits so as to find the risky factors as the employees committing the fraud can be easily identified with surprise audits, developing the hotlines where the point to point communication can be made easier with this that it reaches the predetermined destination easily without any interference so that the risk can be mitigated as we can, not only identify the fraud but we can also mitigate it by following all this we can also balance the SOX act in the organization as there will be adequate internal controls system.