Case study, Pages 4 (865 words)
The internal control concepts that the Levis ignored were
Segregation of duties – No one person should be responsible for all transactions from the beginning to the end. Betty had too many responsibilities that were interwoven and should have been performed by more than one person. She handled the cash that came in, maintained the cash receipts and the sales records. Another concept that this relates to is that no one individual should perform more than one of the following; recording transactions, authorizing transactions and maintaining custody over the assets.
Betty was able to do all three; selling jewelry, putting items in layaway, recording sales, maintain cash receipts and accepted the cash. Betty was allowed to have incompatible duties, which allowed her to commit fraud of $350,000.
- Physical safeguarding of assets – She physically handled all the cash that came in and had ample opportunity to skim the cash even before any transactions were recorded.
- Proper Authorizations – Betty had authority to record and authorize the transactions which should not have been the case.
- She should not have the authority to record sales returns, or having access to layaway or jewelry items. This authority should be given to a manager above her.
- Independent checks – the activity performed by Betty was never checked as there was trust placed in her.
- Proper documentation – there were problems with maintaining proper trail documentation or with missing documentation which should have been monitored and entered into system to keep an easy track of instead of depending on filing papers.
The case states that the CPA served as their accountant for almost 40 years providing a wide range of accounting and business issues.
The CPA had the responsibility to follow up on the tip that was provided of possible fraud and carefully monitor and test the systems to make sure there was no fraud. The auditor failed to do so. The CPA must exercise due professional care, and if the CPA was performing one of the three tasks mentioned, then he probably was not exercising due professional care since this is a small company and over $350,000 in fraud was committed.
It was also mentioned that the CPA mentioned that there were occasional shortages in the cash receipts records that seemed larger than normal for a small retail business. $350,000 is a material amount for this business and would change the users of financial statements viewed the financial statements. It was so material, that it almost forced the store to close. 3. There would be five internal control issues I would discuss with them. They are:
- Control Environment- The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity’s people; management’s philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors.
- Risk assessment – Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change.
- Control activities – Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity’s objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as segregation of duties, proper authorizations, physical safeguard of assets, independent checks, proper documentation, approvals, verifications, reconciliations, and reviews of operating performance.
- Information and Communication – Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. Effective communication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. They must have a means of communicating significant information upstream. There also needs to be effective communication with external parties, such as customers, suppliers, regulators and shareholders.
- Monitoring – Internal control systems need to be monitored – a process that assesses the quality of the system’s performance over time. This is accomplished through ongoing monitoring activities, separate evaluations, or a combination of the two. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures.