Question 2

Internal control

Internal control is an accounting system with procedures and policies that ensure reliability and
accuracy in all accounting reports. The internal control much helps organizations in fraud prevention,
risk control, identifying financial issues proactively, and generation of timely and reliable reports,
among others. Organization leaders comprehend it is fundamental to have precise financial
information to drive tasks and measure achievement. Be that as it may, mistakes, extortion, and
different issues can happen without the best possible controls set up, preventing operational
proficiency and development. While some entrepreneurs expect internal control systems are just
intended for more significant associations, these capacities are pivotal for organizations of all sizes in
all businesses. Some of the internal control that should be prescribed to Hellen's organization
w include

Segregation of duties

By not executing duties, Separation is usually putting the organization in danger. Probably
the most significant threat is exposure to increased risk of fraud, at the point when an
individual is given the sole duty of two clashing assignments, the danger of fraud increments.
Having more than one individual complete these duties decrease this danger. In most
influential organizations, the responsibilities of the organization's very critical functions are
regularly segregated among various workers. For those in small ventures with local human
resources, it's normal for a solitary worker to be exclusively answerable for finishing
numerous errands in a critical function. Be that as it may, neglecting to divide obligations
appropriately can bring about a more danger of mistakes or even frauds. For the most part,
allotting various individuals the duties of approving transactions, recording, keeping up care
of related resources, and account reconciliations can be an effective way of internal control.
Every worker ought to have explicit employment duties, ideally characterized recorded as a
hard copy. Reassignment of detailed obligations inside a cycle to other suitable people can
altogether assist with moderating dangers.

The recommendation Is the use of the Separation of duties scanner. This is because they are
known to produce test outcomes for only minutes. They incorporate one of the most
significant assortments of the Separation of Duties Rules that are likewise utilized by
majority audit firms. Essentially run the Separation Of Duties SCANNER against the
specific organization applications to detect all infringement for the chose rules to recognize
concealed Separation of duties clashes. in Viewing the results utilizing progressed
examination that eradicates False Positives and quickens the remediation cycle. Precise
control proof gathered by Separation of duties SCANNER can be imparted to process
proprietors, application administrators, I.S. Security, and the organization auditors. There are
usually no hardware, software, or configurations required for the Separation of duties
SCANNER. There is always prompt access to the Separation of duties Rules for your venture
application. The only requirement for proprietors is to upload the application security
model's snapshot and get the work done without any technical resources.

Oversight and review

Lack of good overview and oversite can be hazardous to an organization. Businesspersons

are regularly so involved with their business's essential and operative purposes that it is hard
to make a fair reflection on essential internal control checking techniques. Legitimate
oversight is necessary for the internal control system and a substantial part of fraud
expectation and detection. Revision of specific vital measurements, sales, business ledgers,
money reports, fluctuation reports, finance synopses, and other information consistently may
assist you with distinguishing matters that can arise. In most cases, when management has
their finger on the beat of business performances helps in giving important data to effective
decision making.

The recommendation is increasing overview and oversight of internal control. Internal

controls without overview and oversight cannot be sufficient. Organizations may consider
choosing a trusted confidant who regularly reviews the company's bank statements, cheques
issuance or payment registers, and bank reconciliations. Audit finance proclamations for
apparition workers and unapproved raises, hours, or even costs should always be
documented. Impress all workers on the need to have a supporting document on any
payments and occasionally audit a few transactions and supporting reports for legitimacy and
accuracy. In particular, businesspersons should always follow tactics and policies to
emphasize on it to investigate budgetary reports and comprehend the pattern and changes in
the business' money related information. There should always be stress on considering month
over month or trimestral changes just as differences amongst expenditure plans and actuals.

an adequate review of audit logs

producing audit logs for changes being made to your delicate information and necessary
frameworks and observing those logs for indications of potential fraud dangers. Logging and
observing should cover the aggregate of the organization I.T. foundation; as any place
organizations can make changes, there is the potential for penetrates security. The issue
numerous organizations face is that if they empower audit logs on their necessary I.T.
foundation, they are immediately barraged with unmanageable measures of crude log data as
changes are, as a rule, continually made. To such an extent, that it very well may be
inconceivably hard to gather any significant understanding from observing them. Insufficient
logging and monitoring leads to data breach and influence your capacity to respond rapidly
and viably to fraud dangers. On the off chance that a dubious or unapproved change in
organizations I.T. foundation goes unnoticed because of inappropriate log checking
rehearses, the opportunity to deliver the danger presented to fraud exposure is gone. In the
majority of the various kinds of information penetrate your association is probably going to
confront, including hacks, phishing assaults, ransomware, and insider dangers, careful
logging and observing will assist you with distinguishing and respond quicker.

The recommendation is to have a log management product. Log records are an incredible
wellspring of data just on the off chance that you review them regularly. Just buying and
deploying a log, the management item won't give any extra security. The organization needs
to utilize the data gathered and break it down consistently. In cases of a high-hazard
application, this could mean computerized surveys on an hourly premise. Workers should
also be trained on how to monitor activities in the network acceptable policy

Timely identification of abnormal transactions

Critical, irregular transactions as a vast transaction that can be outside the ordinary course of
business for the organization or that, in any case, have all the earmarks of being unordinary
because of their planning, size, or nature are very dangerous. An organization's critical,
abnormal exchanges can do composite bookkeeping, and fiscal report divulgence could
present expanded dangers of material error.

The recommendation is to implement both detective and preventive controls. The goal of
these control types is unique. Preventive controls endeavor to hinder or keep unwanted acts
from happening. They are both proactive controls that help to forestall a misfortune.
Instances of preventive controls are a detachment of obligations, appropriate approval,
satisfactory documentation, and physical command over resources. Investigator controls,
then again, endeavor to recognize unfortunate acts. They give proof that misfortune has
happened yet don't keep trouble from happening. Instances of detective controls are surveys,
examinations, analysis variances, reconciliations, physical inventories, and organization
audits. The two kinds of controls are essential to a viable internal control framework. From a
quality outlook, preventive controls are crucial since they are proactive and underline
quality. Nonetheless, detective controls assume an essential job giving proof that the
preventive controls are working and forestalling any organization losses.

User access rights for information systems

In most organizations, employees are frequently approved extra admittance to information

systems than the usual activity obligations they should carry. These may be an
accomplishment of its straightforwardness of usage or because allowing access may not
realize the new worker's job. In any case, allowing such information availability may open
the business to extra dangers that business heads may not know about. Employees should
begin with exceptionally restricted admittance to an information system with just the rights to
perform essential capacities to that client's work. As the workers' outstanding task at hand
grows, extra access rights might be allowed. All clients' entrance rights should be looked into
on an occasional premise to guarantee a genuine business reason for the entrance allowed to
every client. Even though this methodology requires additional time and exertion, it can
improve controls and security set up.

The recommendation is restricting access to the financial system. The most widely
recognized bookkeeping programming utilized by organizations enables its employees to
alter and erase past transactions, prompting a simple disguise of robbery or fraud.
Organizations should always hold ADMIN rights if conceivable to the organization's
accounting system and consider confining user admittance to just regions important for their
capacities. These will help lessen the odds of an individual making bogus passages and
concealing their tracks. An audit of voided and erased exchanges will show any changes or
erasures and help uncover anomalies in strategies. On the off chance that endorsement rights
are conceded to a representative or accountant in the organization's online payment services,
a review of credit updates ought to be performed to guarantee the legitimacy of gave credits
and deflect the making of bogus credit reminders to cover any caught money. These will
reduce the chances of misappropriation of organization funds by its employees.

Fraud symptoms
Fraud symptoms are indicated as various situations that are contributing factors to
organizational fraud. It may not mean anything at present times but may show a possible risk
of fraud occurring in the future. Frauds are categorized into two categories, namely, direct
fraud and indirect fraud. Direct fraud happens when a worker takes organization money,
stock, supplies, gear, or different resources. An employee can build up unexisting
organizations and have their managers pay for never really conveyed services. Likewise, an
employee can set up imaginary payroll and have their checks sent to their location or a close
family member's location. Direct fraud happens when employees accept hush money or
payoffs from sellers, clients, or others outside the organization to encourage lower deals
costs, higher buy costs, non-conveyance of merchandise, or sub-par products' conveyance.
Some of the fraud symptoms include accounting anomalies, analytical anomalies, extravagant
lifestyles, unusual behavior, tips, and complaints. Accounting anomalies usually result from
employees' uncommon procedures and processes. This may include excessive credits,
increased past due accounts, missing documents, payment duplicates, and alteration of
documents. Records that can't be found can be a warning for fraud possibility. Even though it
is expected that a few papers will be lost, the audit should search for clarifications concerning
why the archives are missing, and what steps were taken to find the mentioned things. The
examiners will frequently choose a substitute thing or permit the auditee to select a substitute
without deciding if an issue exists. Analytical anomalies involve financial statements that do
not make sense. Irregular analytical connections represent them. Organizations ought to
perform financial information examination to decide abnormal connections that should fill in
as warnings demonstrating possible fraud. They may include Unexplained inventory shortages
or adjustments, Deviations from specifications, Increased scrap, Excess purchases, Too many debit or
credit memos, Significant increases or decreases in account balances, ratios, or relationships,
Physical Abnormalities, Cash shortages, and overages, and Excessive late charges.

In bank reconciliation, fraud indication can be considered when some checks or deposits do not
include, but the reconciliation is balanced yet. An occurrence of scrap is also a more significant
indication of fraud possibility. It is usually subject to short inspection, and thus fraudsters target it as
a favorite way of fund embezzlement from organizations. It would be a greater possibility of stealing
and reselling the materials later on and therefore, should analyze a sudden rise in scrap. Missing
stores could mean the culprit departed suddenly with the assets; missing looks could demonstrate
one made to a bogus payee. Luxurious ways of life or life changes are among the most effortlessly
distinguished warnings and symptoms of possible fraud from the company. Administrators and other
employees may see if a worker is driving a way of life that their pay couldn't uphold. These sorts of
warnings are just conditional proof of possible fraud and should be thoroughly investigated before
much harm occurs. For the most part, uncommon conduct is another warning of fraud possibilities.
The culprit will frequently show unusual behavior that can be a good indicator of fraud possibility
when keenly looked at. The victim may not ever get away from work or ask for sick leave or any
personal lave, as they may fear that one will detect their actions of fraud. The individual may not
relegate out work in any event when over-burden and may even consider working overtime when
there are so many other employees that would assist in the same task.

Moreover, other behaviors might be conduct changes, which may involve employees engaging in
drinking alcohol, smoking, being defensive for no substantial reasons, and strange impatience and
dubiousness. A person who has perpetrated wrongdoing might be overwhelmed with dread and
blame, which would then be able to prompt expanded pressure. The individual may then display
bizarre social changes. No particular conduct signals extortion except for a sudden change in conduct
is a sign. Although some abnormal behaviors may result from work-related stress or illness,
sometimes it may be an indicator of fraud.

Additionally, tips or protests will be gotten now and again, which demonstrates that a fraudulent
action is going on. Objections have been known to be the absolute best wellsprings of
misrepresentation and ought to be paid attention to. Albeit very often, the complainant's thought
processes might be suspect, the charges, as a rule, have merit that warrants further examination.