CHAPTER 7

Cards (34)

  • Entity-level controls
    Controls that are applied broadly at the company level and essentially affect the entire corporate culture as well as the functioning of transaction-level controls
  • Examples of entity-level controls
    • Corporate charter identifying the roles of the board of directors and committees
    • Internal audit function
    • Controls over management override
    • Code of conduct in the workplace
    • Controls under the risk assessment component
    • Monitoring process
    • Code of corporate governance
  • Transaction-level controls
    Internal control procedures deployed and implemented for every major transaction and accounts of the company
  • Transaction-level controls are more specific and applicable to specific business processes or transactions such as revenue and collections, expenditures and disbursements, production process, payroll, and the like
  • Hard controls
    Controls that have tangible or physical characteristics
  • Soft controls
    Controls that do not have tangible characteristics
  • Preventive controls
    Controls intended to avert the happening of negative events like fraud, processing errors, and noncompliance
  • Automated/computerized controls
    Controls built into computer programs and systems to ensure system integrity, reliability, and security
  • Specific control activities for cash
    • Prenumbered use of official receipts
    • Daily deposit of collections
    • Bonding of cash custodians
    • Authorization for opening bank accounts
    • Comparison of deposit slips with cash book
    • Separation of duties between cashier and accounting personnel
    • Use of cash registers
    • Preparation of daily cash collection reports
    • Use of cash vaults and locks
    • Access to cash vaults only for authorized personnel
    • Preparation of monthly bank reconciliations
    • Prenumbered use of vouchers and checks
    • Approval of cash disbursements
    • Limited authorization to sign checks
    • No signing of blank checks
    • Mutilation of voided checks
    • Control over signature machines
    • Control over interbank transfers
    • Checks not payable to cash
    • Physical control of unused checks
    • Cancellation of paid vouchers
    • Surprise cash counts
    • Periodic confirmation of cash balances
  • Specific control activities for investments
    • Proper authorization of investment purchase transactions
    • Use of safety deposit box for investment documents
    • Bonding of investment custodian
    • Investment custodian function separate from investment accounting
    • Limited access to safety deposit box
    • Dual control for access to investments
    • Investment securities in company name
    • Periodic internal audit
    • Periodic appraisal of investments
    • Authorization for disposal of investments
  • Specific control activities for sales and accounts receivable
    • Credit approval before deliveries
    • Use of credit limits for customers
    • Use of prenumbered sales order
    • Independence between credit and sales departments
    • Prenumbering of shipping documents
    • Control over returned goods
    • Control over scrap sales
    • Periodic reconciliation of A/R subsidiaries
    • Periodic confirmation of customer balances
    • Sending of billing statements
    • Control over write-off of accounts
    • Periodic A/R ageing schedule
    • Segregation of collection from A/R posting
    • Review of proper pricing
    • Sales cut-off procedures
    • Ensuring accurate quantities dispatched
  • Specific control activities for inventories
    • Periodic inventory counts
    • Use of perpetual inventory records
    • Periodic comparison of GL and perpetual records
    • Periodic comparison of records and physical count
    • Investigation of inventory discrepancies
    • Use of prenumbered receiving reports
    • Separation of inventory custodian from accounting
    • Adequate insurance on inventories
    • Physical safeguards against fire and theft
    • Authorization over inventory purchases
    • Inspection procedures on receipt
    • Procedures for dispatch of inventories
    • Procedures on inventory returns
    • Inventory requisitions before purchasing
    • Control over in-transit goods
  • Fixed asset control procedures

    • Use of detailed property records
    • Periodic comparison of property records with physical assets
    • Periodic counts of fixed assets
    • Policy on capitalization of expenditures
    • Physical safeguards over assets (e.g., machines, equipment, facilities)
    • Use of property identification numbers (for specific identification of assets)
    • Adequacy of insurance over fixed assets
    • Fixing of the accountability of fixed asset custodians
    • Review of depreciation computations
    • Control over fully-depreciated fixed assets
    • Review of useful lives
    • Control over disposal of fixed assets
    • Control over scrap sales
  • Payroll control procedures

    • Effective hiring procedures
    • Maintenance of personnel data records (201 files)
    • Use of time clock or through biometric device
    • Supervisor review of time cards
    • Review of payroll calculations (gross salaries, withholding tax, SSS premiums, net pay)
    • Procedures in distributing payroll checks
    • Control over unclaimed wages
    • Transmittal to the bank of official roster of employees for ATM payroll arrangements
    • Periodic head count of all company personnel
    • Control over the rendering of overtime
    • Access controls to prevent unauthorized use of payroll system
    • Timely removal of retired employees from payroll system
    • Periodic audit of payroll
  • Accounts payable and purchases control procedures

    • Independence of A/P function from purchasing function
    • Periodic reconciliation of A/P subsidiary records with the A/P control account
    • Control over purchase returns
    • Review of vendor's invoices
    • Matching of purchase order, receiving report, and vendor invoice
    • Reconciliation of vendor statements with A/P detail
    • Review of A/P debit balances
    • Review of unmatched receiving reports
    • Review of A/P postings
    • Bidding procedures for significant purchases
    • Investigation of discounts not taken
    • Periodic comparison with budgets
    • Checking for personal purchases
    • Vendor accreditation procedures (the company buys materials only from duly-accredited vendors)
    • System access to create, edit, or delete purchase orders is restricted to authorized personnel
    • Ability to create or add or delete vendor records in the vendor master is restricted to authorized personnel
    • Periodic audit of A/P balances
    • Comparison of purchase amounts to budgets
  • Fraud
    An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage
  • Categories of fraud
    • Fraudulent financial reporting
    • Misappropriation of assets
    • Corruption
  • Fraudulent financial reporting
    A kind of fraud that results in manipulated financial statements and misleading accounting report and records, usually resorted to by corporate executives to show that the company performed well when in fact it performed poorly
  • Misappropriation of assets
    Theft of company assets, fund, or resources, including embezzlement of cash, inventory pilferage, theft of fixed assets, theft of intellectual property, false billing schemes, and ghost employee schemes
  • Corruption
    Irregularities that result in illegal kickbacks, under-the-table schemes, bribery, and the like
  • Elements of the fraud triangle
    • Pressures to commit fraud
    • Opportunities
    • Rationalization
  • Pressures to commit fraud
    Financial pressures that can motivate people such as company officers and employees to commit fraud, such as economic or financial difficulty, need to sustain an extravagant lifestyle or vices
  • Opportunities
    Perceived opportunities to commit fraud when there are no internal controls nor an audit process in the company
  • Rationalization
    Belief system or attitude of people in the company that can justify committing fraud, such as believing that stealing is not bad for as long as it is to feed one's family
  • Control deficiency
    A missing control, or an existing control that is not designed properly, or is properly designed but is not operating effectively
  • Types of control deficiencies
    • Deficiency in design
    • Deficiency in operations
  • Deficiency in design
    A critical control is not properly designed and does not meet the control objective, or is simply ineffective
  • Deficiency in operations
    A critical control is designed properly but does not perform in the intended manner and is unable to address the identified risks
  • Types of audits performed by internal auditors
    • Operational audits
    • Compliance audits
    • Financial audits
  • Operational audits
    Examinations intended to ascertain whether management has conducted business operations effectively and efficiently
  • Compliance audits
    Examinations intended to determine whether the company or any of its department is able to adhere to prevailing laws and regulations
  • Financial audits
    Examinations focused on determining whether the company's finance function as well as financial reports are accurate or reliable
  • External auditors express opinion on the truthfulness of the financial statements of the company, focused on the fairness of corporate financial statements insofar as adherence to applicable accounting standards are concerned
  • External auditors must be certified public accountants (CPAs), internal auditors need not be CPAs but they need to possess competence in the field of internal auditing