StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Internal Control inside the Company - Assignment Example

Cite this document
Summary
The reporter states that Solomon periodically sends a member of its internal audit department to audit the operations of each of its subsidiaries including Oakdale. A member of Solomon’s internal audit staff recently completed a review of Oakdale’s investment cycle…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.1% of users find it useful
Internal Control inside the Company
Read Text Preview

Extract of sample "Internal Control inside the Company"

I. Internal Control (CMA Adapted 1289 3-4) Chapter 1 -Problem 5, Page 30 Oakdale, Inc., is a subsidiary of Solomon Publishing. Solomon periodically sends a member of its internal audit department to audit the operations of each of its subsidiaries including Oakdale. A member of Solomon’s internal audit staff recently completed a review of Oakdale’s investment cycle. The review revealed several important points. Oakdale has made both short-term and long-term investments in securities; all securities are registered in the company’s name. According to Oakdale’s corporate bylaws, long-term investment activity must be approved by its board of directors, while short-term investment activity may be approved by either the president or the treasurer. Oakdale conducts these transactions via a computer link to a registered brokerage. Purchase and sales authorizations, along with broker’s advices, are maintained in an electronic file with authorized access by Oakdale’s treasurer. An electronic inventory list is kept perpetually. The transactions are keyed in by accounting personnel who receive a buy/sale transaction sheet from the treasurer. Deposits of checks for interest and dividends earned on investments are also recorded by the accounting department. Each month, the accounting manager and the treasurer prepare journal entries required to adjust the short-term investment account. The Solomon Auditor discovered that there was insufficient backup documentation attached to the journal entries reviewed to trace all transactions. Solomon Publishing’s has established a core group of four accounting objectives utilized to guarantee sound internal control. 1- Authorization of transactions 2- Complete and accurate record keeping 3- Physical control 4- Internal verification Proposed Solution Set: The purpose of each of the four controls: 1- •Authorization of transactions is required to adequately safeguard assets against fraud and illegal transactions and provide a level of internal control. A formal system of transaction authorizations allows the commitment of company resources in accordance with management goals and objectives. Transactions must be executed according to the terms of their general or specific authorizations, by responsible personnel acting within the scope of their prescribed authority and responsibility. 2- Complete and accurate record keeping is necessary to assure that prompt, timely, and accurate recording of transactions or economic events occurs. Companies must make and keep books, records, and accounts that, in reasonable detail, accurately reflect the transactions and dispositions of assets. Furthermore, the recording of transactions is necessary to permit preparation of financial statements in conformity with GAAP. 3- Physical controls relate to safeguarding assets, documents, and records to prevent their loss, destruction, or alteration. 4- Internal verification refers to the independent review of the accuracy and propriety of another party’s work, and the testing of the recorded accountability for assets as compared to existing assets at reasonable time intervals. Applications of the Controls: Violation/Remedy A-Oakdale sold long-term securities based on the president’s approval when the board of directors’ approval is required this is a violation authorization procedures. Remedy- Implement formalized procedures (in addition to the company’s bylaws) reinforcing the policy that only the board of directors can authorize long-term security purchases, and or sales. B-Oakdale diffidence and interest checks are received by the treasurer and forwarded to the accounting department; no entry is made in the cash receipts book. It is, therefore, not possible to determine if all interest and dividend checks have been received and deposited. This is a violation of the Complete and Accurate Records procedures. Remedy- All checks should be forwarded to the group that normally opens stamps and logs incoming checks, and the checks should be recorded in the cash receipts book at the time of receipt. . (Otley, 1999)The interest and dividend checks (entries) should be reconciled by the accounting department to the monthly broker’s statements. These statements should be kept on file to assure that all checks have been received, deposited, and accounted for. C- The balance in the accounts as of the end of the month closely approximated the amounts shown on the broker’s statements. This is a violation of the complete and accurate records procedure and the internal verification procedure. Remedy- The accounting department must undertake the reconciliation of the differences and implement appropriate procedures to assure that the accounts and the brokerage statements are reconciled monthly. D-The treasurer has the authority to buy and sell securities, receives revenue, and makes journal entries related to securities. This is a violation of the authorization procedure. Remedy- Strengthen internal control so that the treasurer does not have conflicting duties. (Otley, 1999) E- Access to short-term securities is unrestricted in the accounting department. This is a violation of the physical controls procedure. Remedy- The short-term securities should be placed in a restricted facility such as a bank safe deposit box or a company safe. Access to short-term securities should be limited to a few responsible personnel and two people should be present each time the securities are accessed. Additionally, a log-book should be maintained to record any disposition of securities. II. Internal Control Chapter 2- Problem 2, Page 63 Steeplechase Enterprises, one of your Audit clients, has purchased and installed a new Electronic Data Processing (EDP) system. The new EDP system affects all current accounts receivable, billing, and shipping records. An individual operator has been permanently assigned to each of the functions, one operator for accounts receivable, one for billing, and one for shipping. Each individual operator is assigned the responsibility of running the EDP system for their assigned function; this includes all transaction processing, program changes, and reconciling. As a security measure Steeplechase Enterprises randomly rotates operators between individual functions. Further measures include access controls to the computer room and an assigned digital code for each operator. Steeplechase’s new EDP system is state of the art and robust in nature. However there are inherent vulnerabilities within the system. Each operator must initiate a manual data entry process. For instance, the billing clerk receives the shipping notice and preforms a manual sequence for every shipping notice. The billing clerk also manually enters the price of the item, and prepares daily totals that are correlated by a copy of the adding machine tape produced by the clerk. The shipping notices and adding machine tapes are then sent for data entry into the EDP system. The EDP output generated consists of a two-copy invoice along with a remittance advice and a daily sales register. The only real redundancy within the EDP system is the EDP operator who manually compares the computer-generated totals to the adding machine tapes provided by the billing clerk. This creates the inherent weakness in the Steeplechase Enterprise EDP. Problem Statement: Identify the control weaknesses present and make a specific recommendation for correcting each of them. Proposed Solution Set: A Programmers and system support personnel should have limited and monitored access to the EDP system. There activities should be restricted to testing and system maintenance only. (Otley, 1999) B The EDP system operators’ supervisor should have access to the computer room. C The tasks of maintenance, operations, and management control must be separated. (BARTH, M. B., LANDSMAN, W., & LANG, M. ,2008). D Reconciliation of the EDP log should be conducted by the computer operations supervisor or other independent employee. (BARTH, M. B., LANDSMAN, W., & LANG, M. (2008).) E EDP system documentation should be enhanced to include programs, flowcharts, and operator instructions. (Otley, 1999) F An EDP master price list file should be used to record the prices automatically for every invoice. G Processing controls, such as completeness tests, validation tests, and reasonableness tests, should be put in place to assure that errors in the input records are detected when processing occurs. (BARTH, M. B., LANDSMAN, W., & LANG, M. 2008).) H Control totals, hash totals, and record counts should be implemented to ensure the accuracy of all EDP data and to prevent errors from going unnoticed or being improperly tallied. (Vaivio, 2008) I The numerical sequence of shipping notices should be checked by the EDP system and any missing number should appear on summary control totals that are reviewed The EDP system operators’ supervisor. J Billing and cash collections should made separate from accounts receivable. (BARTH, M. B., LANDSMAN, W., & LANG, M. 2008).) III-Security and Control Assessment Chapter 3-Problem 9, Page 127 BBC Inc. is initiating a top down implementation of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework. The COSO framework will enable BBC to establish a firm corporate strategy for rick management, internal control and fraud deterrence. The necessity of a trickle down implementation creates a unique circumstance that BBC’s management must engage and solve in a fluid transition. The introduction of the COSO framework will require BBC to integrate a corporate wide computer information system that by nature will create a number of potentially hazardous security and control issues that must be resolved prior to system implementation date. The COSO Enterprise Risk Management Framework expands on BBC’s internal control, providing a more robust and extensive focus on the broader subject of enterprise risk management. While it is not intended to and does not replace the internal control framework companies such as BBC will utilize the new capacity of the framework to move toward a fuller risk management process which by nature will be more stable and secure for management. Problem Statement: Based on BBC’s plans for the implementation of a new computer system, describe the potential risks and needed controls. Classify these according to the relevant areas of the COSO framework. Proposed Solution Set: Security A-BBC should hold a training seminar. Most employees of the corporation will be using the system. The focus of the seminar is to educate users on the policies and procedures and to inform them about virus risks and appropriate counter measures they can take to prevent system compromises. B-Virus updates should be aggressively preformed on a daily basis by the systems administrator rather than on a weekly basis. C-If a password is entered incorrectly three times, the system should automatically reject any further entries. This is a security measure that prevents someone from attempting to gain unauthorized access to another user’s account. (Otley, 1999) If this situation arises, the system should log the attempt and notify system administrators of the date and time the event occurred. D-Passwords should be changed at least twice a year. The more often passwords are changed the more secure the system will be. (Otley, 1999) Furthermore, software should be installed that rejects “weak” passwords and requires users to provide complex passwords that cannot be easily blitzed to gain access to the system. E-Event monitoring should be used for purposes of a systems audit trail. The system will record the user name and then all information regarding the tasks performed during the period that they are logged into the system. F-An upper level manger should also have access to the transaction log. This will prevent any systems administrator from potentially trying to hide fraudulent actions involving the computer system. G-To prevent against physical damage in the case of fire, a water sprinkler system is not appropriate due to the damage it can cause to a computer. The automatic fire extinguishing systems should dispense an appropriate type of suppressant, such as carbon dioxide. Systems Development A-Employees should not be allowed to purchase and install software on company computers even if it is for work related reasons. All software should be purchased from a single source software provider to ensure reliability and compatibility. Program Changes A-The newly hired systems administrator should not be involved in the initial computer programming and set-up since they will be updating the system when needed. This administrator should not be permitted to acquire knowledge of how to make and hide illegal changes. B-All systems changes should be carefully documented. Creating a systemic process can help control problem manifestations that could threaten the entire system. CITATIONS: Otley, D. (1999). Performance Management: A Framework for Management Control Systems research. Management Accounting Research, 10(4), 363-382. Vaivio, J. (02/2008). Qualitative Management Accounting Research: Rationale, Pitfalls and Potential. Qualitative Research in Accounting and Management, 5(1), 64-86. BARTH, M. B., LANDSMAN, W., & LANG, M. (2008). International Accounting Standards and Accounting Quality. Journal of Accounting Research, 46(3), 467-498. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Internal Control inside the Company Assignment Example | Topics and Well Written Essays - 1750 words - 2”, n.d.)
Internal Control inside the Company Assignment Example | Topics and Well Written Essays - 1750 words - 2. Retrieved from https://studentshare.org/management/1613390-modify-all-the-wordsanswers-for-the-3-following-problems
(Internal Control Inside the Company Assignment Example | Topics and Well Written Essays - 1750 Words - 2)
Internal Control Inside the Company Assignment Example | Topics and Well Written Essays - 1750 Words - 2. https://studentshare.org/management/1613390-modify-all-the-wordsanswers-for-the-3-following-problems.
“Internal Control Inside the Company Assignment Example | Topics and Well Written Essays - 1750 Words - 2”, n.d. https://studentshare.org/management/1613390-modify-all-the-wordsanswers-for-the-3-following-problems.
  • Cited: 0 times

CHECK THESE SAMPLES OF Internal Control inside the Company

MBA Information Technology Preventing and Detecting Operational Risk Caused by Employees

billion the family stole from the company for their personal use, they caused losses investors of more than $60 billion.... Federal agencies, most often the FfC, DHS, and SEC, and state Attorneys General are imposing harsh penalties to deter weak security or internal control situations.... billion of artificially inflated company stock.... IT security and internal fraud therein has gained tremendous relevance in recent decades and lack of it has caused unfathomable losses to the organisations....
5 Pages (1250 words) Essay

The Necessity of Information Security in Modern Organizations

It is easy for a hacker to break the firewalls and plant viruses inside a computer apart from taking out all the information he or she wants.... But currently organizations realized that internal threat is as important as the... Moreover he also pointed out that “European companies to splurge on BPO services “Spend on financial services' Back office,… The above information point towards the huge dimensions of the information security related problems we are facing now....
4 Pages (1000 words) Term Paper

Insider Trading

Though the position held in the company is not mentioned in the case beforehand, Manny is seemingly knowledgeable enough of the treasure in waiting, perhaps with a basic understanding of insider trading regulatory principles to evade the consequential effects of violation scenarios.... Case Analysis Ordinarily, company employees as well as clients will most likely have access to material non-public information regarding possible advisory courses supposedly taken by clients or public companies (Harris, 2003)....
2 Pages (500 words) Essay

Positioning Firewall between Internal and External Domains

Firstly, the company reports that most of its employees are not privy to all the information.... the company notes that it became necessary to hide some of the contents and structures found in the internal domain from unscrupulous users that may interfere with its contents and structure.... Therefore, the company found it prudent to control trust through firewall, especially by positioning it between the two domains, internal and external.... s in the case with ABC company, there are several reasons why the firewall was placed in between the internal and external domain....
2 Pages (500 words) Essay

Human Factors and the Insider Threat

In order to maintain the cyber security of people under their fundamental right to be secure, it is necessary to assess the human aspects and challenges of cyber… Cyberspace increases our social interactions, social performances, improves business models, and all in all it makes our personal lives better and interactive through communicating anywhere in the world. But on the other hand, there is a range of security problems that may The cyber security is a framework which enables the users to protect their cyber assets through preventing, detecting, countering and recovering the cyber incidents (Mehan, 2008)....
5 Pages (1250 words) Research Paper

Loss prevention with a focus on internal/external threat and countermeasures

For example, a store shelf where there is no CCTV camera or… Effective loss prevention strategies include the setting up of effective internal control mechanisms.... Employees who are not good in numbers, math, or mental analysis may cause the loss of company property.... After confirming the store items were stolen, the exit guard will turn over the arrest suspect to the internal investigation department for the possible filing of theft charges....
11 Pages (2750 words) Research Paper

Data & Access Management

The main purpose of the paper "Data & Access Management" is on answering such questions like " How should the company react, if all?... How can the company increase Information Technology transparency?... The identity of company users and the respective users' scope permission followers immediately after the company starts to raise questions about whatever transpires inside the firewall.... Therefore, the employee has the access to the data centres and other assets inside the firewall....
6 Pages (1500 words) Essay

The Application Process to the Online Virtual World

, the company aims to take the traditional paper-based application process to the online virtual world thereby allowing speedy yet fulfilling user experience to its customers.... In fact, it has identified the service as a key feature for its customers, more like a differentiating factor between the company and its competitors in the market.... For this purpose, the company has heavily invested in hiring regional brokers in their various offices so as to assist its customers in filling out the application form....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us