The Limitations of Internal Control Systems
Bojangles is mistaken since control risk can only be minimised in an entity but not entirely eliminated. Control risk is a component of the audit risk model. A misstatement may occur in the financial statements of an entity due to the inability of the internal controls to detect or prevent errors and fraud. As much as an entity may have internal controls there are four main factors that may cause the internal controls in place not to work. One of them is collusion. A company may have segregation of duties as an internal control however this internal control is ineffective when two people performing different roles collude in order to defraud the company or misrepresent the financial position of the firm.
Secondly there may be instances of management override. This occurs where the manager overrides the existing control procedures in order to misrepresent the financial position of the firm. The manager may record unauthorized journal entries or other post-closing adjustments such as consolidating adjustments and reclassifications. Thirdly there is the element of human weaknesses. Decisions are made by people who use their personal judgement. They also rely on the available information while facing certain pressures. Incorrect decisions may be made. Finally there may be breakdowns in internal controls when employees misunderstand the issued instructions or when they lack proper training for the job.
Cost-benefit Analysis of Internal Control Systems
Cost-benefit analysis is an important factor in the design of an internal control system. There are many benefits of having an internal control system in place such as efficiency and effectiveness in business operations, safeguarding of assets and prevention and detection of errors, fraud and other irregularities. An internal control system also enables a business to ensure there is accurate and complete financial reporting. The internal control system comprises of the policies and procedures adopted by the company in ensuring things run smoothly. However, designing an internal control system has certain costs such as training, recruitment of personnel and technical changes in the system which consume significant financial and time resources.
The management should assess the benefits and costs of implementing the controls to ensure that the company is gaining and not losing in the long-term. As the internal control system increases in complexity there will be high costs of implementation. The company should conduct a cost-benefit analysis to ensure that the internal control system adopted is suitable for the company. There is no need to incur such high costs of implementation yet the benefits are not comparable at all.
Assessment of Control Risk
To assess whether the control risk is high or low the auditor needs to perform a test of controls. This is where the auditor analyses the design structure of the internal control system to check whether it is effective. To assess the design effectiveness the auditor performs a walkthrough of the entire process from initiation of the transaction to the recording of items in the financial statements. Tools such as flowcharts and process diagrams will assist the auditor to confirm whether the internal control design is adequate to meet the entity’s objectives. Secondly the design of internal controls should assist in the prevention and detection of misstatements in the financial statements. The auditor checks whether the internal controls highlighted in the walkthrough are actually
operating on the ground. There are different approaches such as interviews, observation of personnel and perusing company documents that the auditor may use to test the operational effectiveness of internal controls. The control risk is deemed to be low if the test of controls reveals that the internal control system is effective. The auditor’s opinion after the test of controls affects the nature of substantive tests to be performed. It also affects the extent and timing of these tests. The tests are carried out on the different types of assertions in the financial statements. For the remainder of the audit, the auditor is able to place certain reliance on the internal controls since the control risk is low.
Auditing Accounts Receivable
Delays between the dates on bank statements and dates in the customer accounts may help the auditor uncover instances of lapping. This is a form of embezzlement that affects the accounts receivable. This occurs when an employee steals a customer’s payments and relies on subsequent customer payments to conceal earlier stolen money in customer accounts. The employee keeps doing this repetitively for a long time. He may also find some other way to cover the fraud. Comparing the dates on deposit slips and ledger details enables the auditor to discover delays or lags between the payment date and recording date in the ledger. The auditor should investigate the causes of these delays. The auditor should also review other internal controls such as rotation of employees and leave management. The company should also have preventive measures against lapping in addition to the detective measures. There should be segregation of duties when it comes to cheque handling and recording responsibilities in the organization.