Internal Controls Section B (Risks and Recommendations) 2 Flashcards
Risk for GDNs not given same number as order numbers they relate to?
If GDNs are missing and company fails to raise invoices in a timely manner, could lead to a loss of revenue
Control recommendation for GDNs not given same number as order numbers they relate to?
A sequence of check of GDNs should be undertaken to identify any missing despatch notes
Risk if sales order department don’t receive copu of GDN
Not able to monitor if orders are being fulfilled on a timely basis, which could result in a loss of revenue and customer goodwill
Control recommendation if sales order department don’t receive copu of GDN
GDN should be amended to a four-part with one copy going to sales department
Risk if additional staff are drafted to help sales clerks produce sales invoices?
Increase of mistakes being made to sales invoices
Control reccomendation if additional staff are drafted to help sales clerks produce sales invoices?
Only sales clerks should raise sales invoices - recruit more sales clerks
Risk if manual entry of discounts?
A clerk could forget to manually enter discount or input wrong amount, causing loss of customer goodwill
Control recommendation if manual entry of discounts?
Invoice system should be manded to prevent sales clerks from manually entering sales discounts onto invoices
Risk if customer statements not generated and being sent to customers?
Increases likelihood of errors and invoice disputes. Which leads to cash flow issues
Control recommendation for customer statements not generated and being sent to customers?
Should sent monthly customer statements and send them out promptly
Risk if trade receivables account only reconciled annually?
Errors can’t be spotted promptly. Meaning receivables are misstated
Control recommendation if trade receivables account only reconciled annually?
Trade receivables account should be reconciled on a montlhy basis. Then reviewed by an authorised employee
Risk that customer orders are given a number based on sales person’s own identification number?
Sequential numbers mean it’s difficult to identify missing orders. Which leads to a loss of customer goodwill
Control recommendation that customer orders are given a number based on sales person’s own identification number?
Sequence check of orders should be undertaken to identify any missing orders
Risk for when each till has the same login code?
If there are cash discrepancies within the register, difficult to ascertain which employees are responsible. Cash is easy to misappropriate
Control recommendation for when each till has the same login code?
Each employee is provided with a unique logon code
Risk for when tills are reconcilied to daily sales reading are performed in total for every till rather than each till separately
When exceptions arise, it is difficult to identify which till caused differences
Control recommendation for when tills are reconcilied to daily sales reading are performed in total for every till rather than each till separately
Reconciliation done on a till by till basis rather than in aggregate
Risk for when daily sales sheets are scanned and emailed to head office?
Possibility some sales sheets could be misplaced by restaurant manager
Control recommendation for when daily sales sheets are scanned and emailed to head office?
Daily sales sheets should be sequentially numbered and be sent to head office on a daily basis
Risk for cash is stored at safe where safe key is kept under their desk?
Risk of significant cash losses due to theft if access to safe key not carefully controlled
Control recommendation for cash is stored at safe where safe key is kept under their desk?
Current key lock safe should be replaced with a digital code. This code should be updated regularly
Risk for when cashier is responsible for several elements of cash receipts system?
There is a lack of segragation of duties and errors can’t be identified on a timely basis
Control recommendation for when cashier is responsible for several elements of cash receipts system?
Key roles should be split between different members of the finance team
Risk for when credit card statements are not reviewed or reconciled straight away?
Credit card omissions won’t be identified on a timely basis, results with discrepancies with credit card company
Control recommendation for when credit card statements are not reviewed or reconciled straight away?
Cashier should reconcile credit card vouchers to monthly statement received from card company
Risk for no monitoring of student loan deductions
Risk of overpayments being made, leading to employee dissatisfaction
Control recommendation for no monitoring of student loan deductions
Payroll department should maintain a schedule of payments made to 3rd parties such as the central government
Risk for variances not analysed between budgeted wages and salaries
Management needs to understand why variances have arisen
Control recommendation for variances not analysed between budgeted wages and salaries
Monthly management accounts should be amended to include an analysis of wages and salaries compared to budgeted costs
Risk for no inter-branch transfers between stores?
Customers are less likely to contact individual stores themselves and company losing valuable sales
Control recommendation for no inter-branch transfers between stores?
Inter-branch sustem shjould be established between stores, with inter-branch inventory forms being completed for store transfers
Risk for no GRNs not being processed regularly?
Result in delays for supplies being paid as purchase invoices can’t be agreed to a GRN
Control recommendation for no GRNs not being processed regularly?
Copy of GRNs should be sent to accounts department on a more regular basis
Risk for GRNs only being sent to accounts department
Significant level of unfilled orders leading to a loss of sales and stock-outs
Control recommendation for GRNs only being sent to accounts department
GRN should be created in three parts
Risk of when supplier statement reconciliaitons can’t be performed?
Result in errors in recording of purchases and payables not being identified in a timely manner
Control recommendation of when supplier statement reconciliaitons can’t be performed?
Supplier reconciliations should be performed on a monthly basis and should be reviewed by a responsible official
Risk of when high value inventory is stored in warehouses via a four digit access ?
Considerable number of individuals are aware of codes. Increases risk of fraud
Control recommendation of when high value inventory is stored in warehouses via a four digit access ?
Access code should be changed and only a few employees should be aware of it
Risk of when invoices are authorised by finance director but only paid 75 days after receipt of invoice?
Risk that company is missing out on early settlement discounts
Control recommendation of when invoices are authorised by finance director but only paid 75 days after receipt of invoice?
Policy of making payment after 75 days should be reviewed
Risk of when employees can serve friends/family
Could give goods away for free or grant unauthorised discounts
Control recommendation of when employees can serve friends/family
CCTV cameras should be placed in shops to act as a fraud deterrent
Risk of when if store needs changing, a junior sales cerk is sent to bank by a till operator to change it into smaller denominations?
Risk of cash being misplaced or stolen on the way to the bank
Control recommendation if store needs changing, a junior sales cerk is sent to bank by a till operator to change it into smaller denominations?
If further smaller denomination notes are required, store manager should authorise member of staff to obtain cash from bank and fully record movements in and out
Risk of when overtime reports are authorised atter payment has been made
This could result in unauthorised overtime or amounts being paid incorrectly
Control recommendation of when overtime reports are authorised atter payment has been made
All overtime should be authorised by a responsible official prior to payment being processed by payroll department
Risk of when bonus is input by clerk with no additional review
Could result in errors or fraudulent entries, leading to increased payroll costs
Control recommendation of when bonus is input by clerk with no additional review
All entries should be double checked against written confirmation from director by another member of team to ensure any bonuses are correct
Risk of when internal audit teams are undertaking performing counts?
Internal audit should review controls and perform sample test counts. Not doing the actual count
Control recommendation of when internal audit teams are undertaking performing counts?
Internal audit counters should sample check counting undertaken by counting teams to provide control over completeness and count
Risk of when additional sheets not sequentially numbered
Supervisor can’t ensure completeness of all inventory sheets, resulting in understatement of inventory
Control recommenadtion of when additional sheets not sequentially numbered
Team should enter on a blank sheet that is sequentially numbered, any unused sheet should be returned at end of the count
Risk of when inventory sheets not signed?
Difficulty to contact counting team if no signatures
Control recommendation of when inventory sheets not signed?
Inventory sheets should be signed by relevant team upon completion of an aisle
Risk of when third party inventory included in count?
Results in inventory being overstated if these are not removed from inventory count sheets
Control recommendation of when third party inventory included in count?
Inventories belonging to third parties should be moved to one location
Risk of when assets recorded in the non-current asset register have not been physically verified for some time
There is an increased risk of loss, theft or misplacement as there is no check that the assets still exist in their correct location.
Control recommendation for when assets recorded in the non-current asset register have not been physically verified for some time
Additional resources should be devoted to completing the physical verification of all assets within the register. Any assets that cannot be located should be written off.
Risk of when the (HR) department has been busy; therefore, the payroll department has set up new joiners to the company?
This is a lack of segregation of duties, as employees are able to set up new joiners in the payroll system and process their pay, this increases the risk of fictitious (“ghost”) or duplicate employees
Control recommendation of when the (HR) department has been busy; therefore, the payroll department has set up new joiners to the company?
All new joiners set up by payroll should be reviewed and agreed against employee files to confirm that they are bona fide.
Risk of when the bank reconciliations are only reviewed by the financial controller if the sum of reconciling items is significant; therefore, some are not reviewed?
The bank reconciliations could contain significant errors, but a low overall amount of reconciling items, as there could be compensating errors which cancel each other out
Control recommendation when the bank reconciliations are only reviewed by the financial controller if the sum of reconciling items is significant; therefore, some are not reviewed?
The bank reconciliations should be reviewed by the financial controller monthly, even if the reconciling items are not significant, and this review evidenced by a signature on the bank reconciliation.
Risk of when invoices are authorised by the finance director, but paid only 75 days after receipt of the invoice?
There is the risk that Equestrian Co is missing out on early settlement discounts.
Control recommendation for when invoices are authorised by the finance director, but paid only 75 days after receipt of the invoice?
The policy of making payment after 75 days should be reviewed. Earlier payment should be considered if settlement discounts are sufficient.
Risk of when the purchase orders below $1,000 are not authorised and are processed solely by the purchase order clerk who is also responsible for processing invoices?
This could result in purchases that are not required by the business.
Control recommendation for when the purchase orders below $1,000 are not authorised and are processed solely by the purchase order clerk who is also responsible for processing invoices?
All purchase orders should be authorised by a responsible official using a digital signature, regardless of value
Tests of control for when the purchase orders below $1,000 are not authorised and are processed solely by the purchase order clerk who is also responsible for processing invoices?
Select a sample of purchase orders and confirm that each one has the appropriate digital signature from the authorised signatories matrix.
Risk of when Goods received notes (GRNs) are sent to the accounts department every two weeks?
This will delay processing of invoices (understanding liabilities) and payments to suppliers as the purchase invoices cannot be agreed to a GRN
Control recommendation for when Goods received notes (GRNs) are sent to the accounts department every two weeks?
A copy of the GRNs should be sent to the accounts department more often, perhaps daily.
Tests of control for when Goods received notes (GRNs) are sent to the accounts department every two weeks?
Enquire of the accounts clerk how frequently GRNs are received, to assess if they are sent promptly
Risk of when GRNs are only sent to the accounts department and not to purchasing department?
Failing to send a copy to the purchasing department means that it is not possible to monitor the level of unfulfilled orders
Control recommendation for when GRNs are only sent to the accounts department?
Either the purchasing department should also receive copies of GRNs via email
Tests of control for when GRNs are only sent to the accounts department?
Review access logs and permissions within the purchasing module to verify that both the purchasing and accounts departments can access GRNs
Risk of when supplier statement reconciliations are no longer performed?
Errors in the recording of purchases and payables may not be identified in a timely manner
Control recommendation for when supplier statement reconciliations are no longer performed?
Supplier statement reconciliations should be performed monthly for all suppliers and reviewed by a responsible official
Tests of controls for when supplier statement reconciliations are no longer performed?
Re-perform a sample of the reconciliations to confirm that they have been carried out appropriately.
RIsk for monthly management accounts do not analyse the variances between actual and budgeted wages and salaries; this is because there are no overtime costs.
These could arise due to the recruitment of extra employees which was not budgeted or an increase in wage pay out rates
Tests of control for monthly management accounts do not analyse the variances between actual and budgeted wages and salaries; this is because there are no overtime costs.
Monthly management accounts should be amended to include an analysis of wages and salaries compared to the budgeted costs
Risk of each restaurant maintains a petty cash float of $400; at any point in time the receipts and funds present should equal the float?
This could be due to sundry purchases without a relevant receipt or voucher. There is also a possibility that the cash is spent on non-business related items or stolen.
Control recommendation of each restaurant maintains a petty cash float of $400; at any point in time the receipts and funds present should equal the float?
A petty cash log should be maintained so the purchase of sundry items is recorded in the log along with the sum borrowed, date and employee.
Risk of the reconciliations of the tills to the daily sales readings are performed in total for all five tills at each venue rather than for each till?
It will be difficult to identify which till caused the difference and, therefore, which employees may require further till training or may have acted fraudulently
Control recommendation of the reconciliations of the tills to the daily sales readings are performed in total for all five tills at each venue rather than for each till?
Reconciliations should be prepared on a till-by-till basis rather than in aggregate and any discrepancies noted should be investigated immediately
Risk of daily sales sheets are scanned and emailed to head office on a weekly basis
A possibility that some sales sheets could be misplaced by the restaurant manager
Control recommendation of daily sales sheets are scanned and emailed to head office on a weekly basis
Daily sales sheets for each venue should be sequentially numbered and remitted to head office daily
Risk of cashier is responsible for several elements of the cash receipts system
There is a lack of segregation of duties and errors may not be identified on a timely basis.
Control recommendation of cashier is responsible for several elements of the cash receipts system
These key roles should be split between different members of the finance team
Risk of cashier is not checking credit card payments have resulted in cash receipts by Camomile Co
Risk that receipts of cash by credit card may have been omitted
Control recommendation for not checking credit card payments have resulted in cash receipts by Camomile Co
The cashier should reconcile the credit card vouchers per restaurant to the monthly statement received from the card company
Risk of company values inventories using standard costs, which are not kept up-to-date
If standard costs were reviewed 18 months ago, there is the risk that costs are misstated as changes in raw materials and wages inflation may not have been adjusted for
Control recommendation of company values inventories using standard costs, which are not kept up-to-date
A senior manager in the production department should review all currently used standard costs
Tests of control of company values inventories using standard costs, which are not kept up-to-date
Obtain a copy of the standard costs used for valuation of inventories, determine when the last review was and inspect for evidence of review by the production director
Risk of overtime worked is not authorised before it is paid. The information per employee is collated and submitted to payroll by a production clerk, but not authorised?
These reports are reviewed sometime after the payments have been made which could result in unauthorised overtime
Control recommendation of overtime worked is not authorised before it is paid. The information per employee is collated and submitted to payroll by a production clerk, but not authorised?
All overtime should be authorised by a responsible official before the payment is processed by the payroll department
Tests of control of overtime worked is not authorised before it is paid. The information per employee is collated and submitted to payroll by a production clerk, but not authorised?
Review the overtime report for evidence of authorisation and note the date to confirm that this was before the payment of the overtime
Risk of when discounts given to customers who purchased goods during the 15% off weekend are entered separately on the sales invoices by sales clerks?
This could result in giving unauthorised sales discounts as there does not seem to be any authorisation required
Control recommendation of when discounts given to customers who purchased goods during the 15% off weekend are entered separately on the sales invoices by sales clerks?
During the period of any special offers (e.g. the 15% off weekend), the authorised sales prices file should be updated by a responsible official
Risk of when client services managers are given responsibility to chase customers directly for payment once an invoice is outstanding for 90 days?
Client services managers are more likely to focus on customer relationships and generating further revenues rather than chasing payments
Control recommendation of when client services managers are given responsibility to chase customers directly for payment once an invoice is outstanding for 90 days?
A credit controller should be appointed, and it should be their role, rather than the client services managers, to chase any outstanding sales invoices which are more than 30 days old
Control deficiency when employees can serve friends or family?
Significant fraud risk employees could fail to put goods through till but retain cash paid by family members
Control recommendation when employees can serve friends or family?
CCTV cameras placed in shops to record daily till transactions. Acting as deterrent to employees
Control deficiency when junior sales clerk sent to bank
There is a risk of the cash being misplaced or stolen on the way to the bank or collusion between the junior clerk and till operator as no record appears to be kept of the money removed from the till in these instances and no confirmation of how much cash is returned is carried out
Control recommendation when junior sales clerk sent to bank
Caterpillar’s head office should stipulate a float amount per till and how the note denominations should be comprised. When assigning the cash float in the morning, the store manager should ensure that this policy is adhered to.
Control deficiency for warehouse manager supervises the count?
The warehouse manager is familiar with the inventory, but has overall responsibility for the inventory and so is not independent.
Control recommendation for warehouse manager supervises the count?
An alternative supervisor who is not normally involved with the inventory, such as an internal audit manager, should supervise the inventory count.
Control deficiency of IA teams performing counts
Internal audit should review the controls and perform sample test counts to confirm the count is being performed accurately and effectively.
Control recommendation for IA teams performing counts
The internal audit counters should sample check the counting undertaken by the ten teams to provide an extra control over the completeness and accuracy of the count.
Control deficiency of counted areas not flagged?
Some areas of warehouse could be double counted or missed out
Control recommendation of counted areas not flagged?
All aisles should be flagged as completed, once the inventory has been counted
Control deficiency for additional sheets not sequentially numbered
The supervisor will be unable to ensure the completeness of all inventory sheets
Control recommendation for additional sheets not sequentially numbered
This blank sheet should be sequentially numbered, any unused sheets should be returned at the end of the count, and the supervisor should check the sequence of all sheets at the end of the count.
Control deficiency for inventory sheets not signed
If any issues arise with the counting in an aisle, it will be difficult to follow up as the identity of the counting team will not be known
Control recommendation for inventory sheets not signed
All inventory sheets should be signed by the relevant team upon completion of an aisle. When the sheets are returned, the supervisor should check that they have been signed
Control deficiency inventory movements during the count
Goods may be missed or double counted due to movements in the warehouse
Control recommendation for inventory movements during the count
The goods which are manufactured on 31 December should be stored to one side, and at the end of the count should be counted once and included within finished goods
Control deficiency for third party inventory included in count
There does not appear to be a method for counters to identify which items are third party inventory. There is a risk that these goods may not be correctly removed from the inventory count sheets, resulting in inventory being overstated.
Control recommendation for third party inventory included in count
All inventories belonging to third parties should be moved to one location. This area should be clearly marked and excluded from the counting process.
Control deficiency website and inventory system not integrated
This can result in Pear accepting customer orders when the goods are not available. This can cause them to lose sales and customer goodwill.
Control recommendation website and inventory system not integrated
The website should be updated to include an interface into the inventory system; this should check inventory levels and only process orders
Control deficiency for customer signatures not obtained
Customers may falsely claim that they have not received their goods. Pear would not be able to prove that the goods had in fact been delivered and may result in goods being sent out twice
Control recommendation for customer signatures not obtained
Pear should remind all local couriers that customer signatures must be obtained as proof of delivery and payment will not be made for any despatches with missing signatures
Control deficiency for unfulfilled sales orders
This can lead to a loss of customer goodwill and if it persists will damage the reputation of Pear as a reliable supplier
Control recommendation for unfulfilled sales orders
Once goods are despatched they should be matched to sales orders and flagged as fulfilled.
Control deficiency for sales discounts set by sales team
In order to boost their sales, members of the sales team may set the discounts too high. This will lead to a loss of revenue and profit for the company.
Control recommendation for sales discounts set by sales team
Regular review of sales discount levels should be undertaken by the sales director, and this review should be evidenced.
Control deficiency for authorisation of purchase requisitions?
Production supervisors are not sufficiently independent or senior to authorise asset expenditure.
Control recommendation for authorisation of purchase requisitions?
Asset expenditure authorisation levels to be established. Production supervisors should only be able to authorise low value items, any high value items should be authorised by the board.
