Acctg 3116 - Governance, Business Ethics, Risk Management and Internal Control

Chapters 13 - 15

Module 6 - Overview of Internal Control, Fraud and Error,

Errors and Irregularities in Transaction Cycles

Chapter 13
OVERVIEW OF INTERNAL CONTROL

Nature And Purpose Of Internal Control

Internal control is the process designed and effected by those charged with governance, management and other
personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to
reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws
and regulations. It follows that internal control is designed and implemented to address identified business
risks that threaten the achievement of any of these objectives.

Those objectives fall into three categories:

 Reliability of the entity’s financial reporting

 Effectiveness and efficiency of operations
 Compliance with applicable laws and regulations

Whether an entity achieves its objectives relating to financial reporting and compliance is determined by
activities within the entity’s control. However, achieving its objectives relating to operations will depend not
only on management’s decisions but also on competitor’s actions and other factors outside the entity.

Internal Control System Defined

Internal control system means all the policies and procedures (internal controls) adopted by the management of
an entity to assist in achieving management’s objective of ensuring, as far as practicable, the orderly and
efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the
prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the
timely preparation of reliable financial information.

Elements of Internal Control

Internal control structures vary significantly from one company to the next. Factors such as size of the business,
nature of operations, the geographical dispersion of its activities, and objectives of the organization affect the
specific control features of an organization. However, certain elements or features must be present to have a
satisfactory system of control in almost any large scale organization.

Internal control consists of five integrated processes per the Committee of Sponsoring Organizations of the
Treadway Organization (COSO) framework, including the control environment, risk assessment, control activities,
information and communication, and monitoring activities.

The Sarbanes-Oxley Act (SOX) is an important piece of legislation focusing on internal controls and was created
in response to financial statement frauds, which resulted in the collapse of companies such as Enron and
WorldCom in the early 2000s. The passage of SOX in 2002 had a major impact on companies, affecting the
design and implementation of internal controls. All companies that trade on U.S. stock exchanges must comply
with the requirements of this legislation as they design and implement their internal controls.

COSO Framework’s 17 Principles of Effective Internal Control

December 30, 2013 , the Committee of Sponsoring Organizations of the Treadway Commission (COSO) updated
its Internal Control — Integrated Framework. The updated principles-based framework, which supersedes the
original 1992 framework, now explicitly describes its principles rather than simply implying them, thus making it
easier for companies to apply the principles. The revised COSO framework’s 17 principles of effective internal
control are as follows:
Internal Control
Principles
Component
1. Demonstrate commitment to integrity and ethical values
2. Ensure that board exercises oversight responsibility
Control environment 3. Establish structures, reporting lines, authorities and responsibilities
4. Demonstrate commitment to a competent workforce
5. Hold people accountable
1. Specify appropriate objectives
2. Identify and analyze risks
Risk assessment
3. Evaluate fraud risks
4. Identify and analyze changes that could significantly affect internal controls
1. Select and develop control activities that mitigate risks
Control activities 2. Select and develop technology controls
3. Deploy control activities through policies and procedures
1. Use relevant, quality information to support the internal control function
Information and
2. Communicate internal control information internally
communication
3. Communicate internal control information externally
1. Perform ongoing or periodic evaluations of internal controls (or a
Monitoring combination of the two)
2. Communicate internal control deficiencies

Depending on a company’s facts and circumstances, making the transition to the updated framework can take
time, so it’s a good idea to begin the process as soon as possible. Companies may begin by familiarizing
themselves with the aforementioned 17 principles and other COSO guidelines. Then, companies may evaluate
the current state of their internal control system and develop a plan for correcting any weaknesses.
https://weaver.com/blog/coso-frameworks-17-principles-effective-internal-control

The Internal control system extends beyond these matters which relate directly to the functions of the
accounting system and consists of the following components:

a. The control environment

b. The entity’s risk assessment process
c. The information system, including the related business processes, relevant to financial reporting,
and communication;
d. Control activities
e. Monitoring controls

A. Control Environment

The control environment which means the overall attitude, awareness and actions of directors and management
regarding the internal control system and its importance in the entity. The control environment has an effect on
the effectiveness of the specific control procedures. A strong control environment, for example, one with tight
budgetary controls and an effective internal audit function, can significantly complement specific control
procedures. However, a strong environment does not, by itself, ensure the effectiveness of the internal control
system. Factors reflected in the control environment include:

 The function of the board of directors and its committees;

 Management’s philosophy and operating style;
 The entry’s organizational structure and methods of assigning authority and responsibility;
 Management’s control system including the internal audit function, personnel policies and procedures
and segregation of duties.

The environment in which internal control operates has an impact on the effectiveness of the specific control
procedures. Several factors comprise the control environment, including:
1. Communication and Enforcement of Integrity and Ethical Values
Integrity and ethical values are essential elements of the internal control environment. They
affect the design, administration, and monitoring of other components of internal control. An
entity’s ethical and behavioral standards and the manner in which it communicates and reinforces
them determine the entity’s integrity and ethical behavior. Integrity and ethical values include
management’s actions to remove or reduce incentives and temptations that might prompt
personnel to engage in dishonest, illegal, or unethical acts. They also include the communication
of entity values and behavioral standards to personnel through policy statements, a code of
conduct, and management’s example of appropriate behavior.

2. Commitment to Competence
Competence is the knowledge and skills necessary to accomplish tasks that define an employee’s
job. Commitment to competence means that management considers the competence levels for
particular jobs in determining the skills and knowledge required of each employee and that it
hires employees competent to perform the tasks.

3. Participation by those Charged with Governance

An entity’s control consciousness is influence significantly by those charged with governance.
Attributes of those charged with governance include independence from management, their
experience and stature, the extent of their involvement and scrutiny of activities, the appropriateness of their
actions, the information they receive, the degree to which difficult questions are raised and persuade with
management, and their interaction with internal and external auditors. The importance of responsibilities of
those charged with governance is recognized in codes of practice and other regulations or guidance produced
for the benefit of those charged with governance include oversight of the design and effective operation of
whistle blower procedures and the process for reviewing the effectiveness of the of the entity’s internal
control.

4. Management’s Philosophy and Operating Style

This refers to management’s attitude towards a) business risk, b) financial reporting, c) meeting budget,
profit and other established goals which have impact on the reliability of the financial statements.
Management’s approach to taking and monitoring business risks, its conservative or aggressive selection
from alternative accounting principles, its conscientiousness and conservatism in developing accounting
estimates, and its attitude toward information processing and the accounting function personnel are
factors that affect the control environment.

5. Organizational Structure
The responsibilities and authorities of the various personnel within the organization should be established in
such a manner as to 1) assist the entity in meeting its goals and objectives and 2) ensure that transactions
are processed, recorded, summarized and reported in an accurate and timely manner. Organizational
structure provides the overall framework for planning, directing and controlling operations.

6. Assignment of Authority and Responsibility

Personnel within an organization need to have a clear understanding of their responsibilities and the rules
and regulations that govern their actions. Management may develop job description, computer system
documentation. It may also establish policies regarding acceptable business practice, conflicts of interest
and code of conduct.

7. Human Resources Policies and Procedures

Perhaps the most important element of an internal accounting control system is the people who perform
and execute the established policies and procedures. Personnel policies should be adopted by the client to
reasonably ensure that only capable and honest persons are hired and retained. Policies with respect to
employee selection, training, and supervision should be adopted and implemented by the client. The
selection of competent and honest personnel does not automatically assure that errors or irregularities will
not occur. However, adequate personnel policies, coupled with the design concepts suggested earlier in this
section, enhance the likelihood that the client’s policies and procedures will be followed.

B. Entity’s Risk Assessment Process

 Risk assessment is the “identification, analysis, and management of risks pertaining to the preparation of
financial statements”. For example risk assessment may focus on how the entity considers the possibility
of transactions not being recorded or identifies and assesses significant estimates recorded in the financial
statements.

An entity’s risk assessment process for identifying and responding to the business risks and the results
thereof. For financial reporting purposes, the entity’s risk assessment process includes how management
Identifies risks relevant to the preparation of financial statements that are presented fairly. In all material
respects in accordance with the entity’s applicable financial reporting framework, estimates their
significance, assesses the likelihood of the occurrence, and decides upon actions to manage them. For
example, the entity’s risk assessment process may address how the entity considers the possibility of
Unrecorded transactions or identifies and analyses significant estimates recorded in the financial statements.
Risks relevant to reliable financial reporting also relate to specific events or transactions.

Risks relevant to financial reporting include external and internal events and circumstances that may occur
and adversely affect an entity’s ability to initiate, record, process, and report financial data consistent with
the assertions of management in the financial statements. Once risks are identified, management
considers their significance, the likelihood of their occurrence, and how they should be managed.
Management may initiate plans, programs, or actions to address specific risks or it may decide to accept a``
risk because of cost or other considerations. Risks can arise or change due to circumstances such as the
following:

 Changes in operating environment. Changes in the regulatory or operating environment can result in
changes in competitive pressures and significantly different risks.

 New personnel. New personnel may have a different focus on or understanding of internal control.

 New or revamped information systems. Significant and rapid changes in information systems can
change the risk relating to internal control.

 Rapid growth. Significant and rapid expansion of operations can strain controls and increase the risk
of a break down in controls.

 New technology. Incorporating new technologies into production processes or information systems
may change the risk associated with internal control.

 New business models, products, or activities. Entering into business areas or transactions with which
an entity has little experience may introduce new risks associated with internal control.

 Corporate restructurings. Restructurings may be accompanied by staff reductions and changes in

supervision and segregation of duties that may change the risk associated with internal control.

 Expanded foreign operations. The expansion or acquisition of foreign operations carries new and
often unique risks that may affect internal control. For example, additional or changed risks from
foreign currency transactions.

 New accounting pronouncements. Adoption of new accounting principles or changing accounting

principles may affecting risks in preparing financial statements.

The basic concepts of the entity’s risk assessment process are relevant to every entity, regardless of size, but the
risk assessment process is likely to be less formal and less structured in small entities than in larger ones. All
entities should be established financial reporting objectives, but they may be recognized implicitly rather than
explicitly in small entities. Management may be aware of risks related to these objectives without the use of a
formal process but through direct personal involvement with employees and outside parties.

Consideration Specific to Smaller Entities

Many small business entities are carried out entirely by the engagement partner (who may be a sole
practitioner). In such situations, it is the engagement partner who, have personally conducted the planning of
the audit, would be responsible for considering the susceptibility of the entity’s financial statement to material
misstatement due to fraud and error.

C. Information System, Including the Business Processes, Relevant to Financial Reporting and Communication

An information system consists of infrastructure (physical and hardware components), software, people,
procedures, and data. Infrastructure and software will be absent, or have less significance, in systems that
are exclusively or primarily manual. Many information systems make extensive use of IT.

The Information System, Including Related Business Processes, Relevant to Financial Reporting

The information system relevant to financial reporting objectives, which includes the accounting system,
consists of the procedures and records designed and established to:

 Initiate, record, process, and report entity transactions (as well as as events and conditions) and to
maintain accountability for the related assets, liabilities, and equity;

 Resolve incorrect processing of transactions, for example, automated suspense files and procedures
followed to clear suspense items out on a timely basis;

 Process and account for system overrides or bypasses to controls;

 Transfer information from transaction processing systems to the general ledger;

 Capture information relevant to financial reporting for events and conditions other than transactions, such
as the depreciation and amortization of assets and changes in the recoverability of accounts receivables;
and

 Ensure information required to be disclosed by the applicable financial reporting framework is accumulated,
processed, summarized and appropriately reported in the financial statements.

Journal Entries

An entity’s information system typically includes the use of standard journal entries that are required on a
recurring basis to record transactions. Examples might be journal entries to record sales, purchases, cash
receipts, and cash disbursements in the general ledger, or to record accounting estimates that are periodically
made by management, such as changes in the estimate of uncollectible accounts receivable.

As entity’s financial reporting process also includes the use of non-standard journal entries to record
non-recurring, unusual transactions or adjustments. Examples of such entries include consolidating
adjustments and entries for business combination or disposal or recurring estimates such as the impairment of
an asset. In manual general ledger systems, non-standard journal entries may be identified through inspection
of ledgers, journals, and supporting documentation. When automated procedures are used to maintain the
general ledger and prepare financial statements, such entries may exist only in electronic form and may
therefore be more easily identified through the use of computer-assisted audit techniques.

Related Business Processes

An entity’s business processes are the activities designed to:

 Develop, purchase, produce, sell and distribute an entity’s products and services;
 Ensure compliance with laws and regulations; and
 Record information, including accounting and financial reporting information.
Business processes result in the transactions that are recorded, processed and reported by the information
system. Obtaining and understanding of the entity’s business processes, which include how transactions are
originated, assists the auditor obtain and understanding of the entity’s information system relevant to financial
reporting in a manner that is appropriate to the entity’s circumstances.

Accordingly, an information system encompasses methods and records that:

 Identify and record all valid transactions.

 Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions
for financial reporting.
 Measure the value of transactions occurred to permit recording of transactions in the proper accounting
period.
 Determine the time period in which transactions occurred to permit recording of transactions in the proper
accounting period.
 Present properly the transactions and related disclosures in the financial statements.

Communication involves providing an understanding of individual roles and responsibilities pertaining to internal
control over financial reporting. It includes the extent to which personnel understand how their activities in
the financial reporting information system relate to the work of others and the means of reporting exceptions to
an appropriate higher level within the entity. Open communication channels help ensure that exceptions are
reported and acted on.

Communication takes such forms as policy manuals, accounting and financial reporting manuals, and
memoranda. Communication also can be made electronically, orally, and through the actions of management.

Application to Small Entities

Information systems and related business processes relevant to financial reporting in small entities are likely to
be less formal than in larger entities but their role is just as significant. Small entities with active management
involvement may not need extensive descriptions of accounting procedures, sophisticated accounting records,
or written policies. Communication may be less formal and easier to achieve in a small entity than in a larger
entity due to the small entity’s size and fewer levels as well as management’s greater visibility and availability.

D. Control Activities

Control activities are the policies and procedures that held ensure that management directives are carried
out, for example, that necessary actions are taken to address risks that threaten the achievement of the
entity’s objectives. Control activities, whether within IT or manual systems, have various objectives and are
applied at various organizational and functional levels.

The major categories of control procedures are:

A. Performance Review
B. Information Processing Controls
1) Proper authorization of transactions and activities
2) Segregation duties
3) Adequate documents and records
4) Safeguards over access to assets; and
5) Independent checks on performance
C. Physical Controls

A brief discussion of these control procedures follows:

A. Performance Review
In a performance review management uses accounting and operating data to assess performance, and it
then takes corrective action. Such reviews include:

⚫ Comparing actual performance (or operating results) with budgets, forecasts, prior performance, or
 competitors’ data or tracking major initiatives such as cost-containment or cost-reduction programs
to measure the extent to which targets are being met.

⚫ Investigating performance indicators based on operating or financial data, such as quantity or

purchase price variances or the percentage of returns to total orders.

⚫ Reviewing functional or activity performance such as relating the performance of a manager

responsible for a bank’s consumer loans with some standard, such as economic statistics or targets.

Personnel at various levels in an organization may make performance reviews. Performance reviews may
be used by managers for the sole purpose of making operating decisions. For example, managers may
analyze performance data and base operating decisions on them because the data are consistent with their
expectations. This type of review improves the reliability of the data. However, when managers follow
up on unexpected results determined by a financial reporting system, performance reviews become a
useful control over financial reporting.

B. Information Processing Controls

Information processing controls are policies and procedures designed to require authorization of
transactions and to ensure the accuracy and completeness of transaction processing. Control activities may
be classified according to the scope of the system they affect.

General controls are control activities that prevent or detect errors or irregularities for all accounting
systems. General controls affect all transaction cycles and apply to information processing as a center,
hardware and systems software acquisition and maintenance, and back up and recovery procedures.

Application controls are controls that pertain to the processing of a specific type of transaction, such as
payroll, or sales and collections. These controls help ensure that transactions occurred, are authorized, and
are completely and accurately recorded and processed. Example of application controls include checking
the arithmetical accuracy of records, maintaining and reviewing accounts and trial balances, automated
controls such as input data and numerical sequences checks and manual follow-up of exception reports.

General IT-controls are policies and procedures that relate to many applications and support the effective
functioning of application controls by helping to ensure the continued proper operation of information
systems. General IT-controls commonly include controls over data center and network operations; system
software acquisition, change and maintenance; access security; and application system acquisition,
development, and maintenance.

These controls apply to mainframe, mini-frame, and end-user environments. Examples of such general
IT-controls are program change controls, controls that restrict access to program or data, controls over the
implementation of new releases of packaged software applications, and controls over system software that
restrict or monitor the use of system utilities that could change financial data or records
without leaving an audit trail.

Internal controls relating to the accounting system are concerned with achieving objectives such as:
⚫ Transaction are executed in accordance with management’s general or specific authorization.

⚫ All transactions and other events are promptly recorded in the correct amount, in the
appropriate accounts and in the proper accounting period so as to permit preparation of
financial statements in accordance with an identified financial reporting framework.

⚫ Access to assets and records is permitted only in accordance with management’s authorization.

⚫ Recorded assets are compared with the existing assets at reasonable intervals and appropriate
action is taken regarding any differences.

Control activities related to the processing of transactions may be grouped as follows: (1) proper
authorization, (2) design and use of adequate documents and records, and (3) independent checks on
performance.
 1. Proper authorization of transactions and activities
As suggested earlier authorization for the execution of transactions flows from the stockholders to
management and its subordinates. The auditor uses this documentation to determine whether business
transactions are properly authorized.

2. Segregation of duties
An important element in designing and internal accounting control system that safeguards assets and
reasonably ensures the reliability of the accounting records is the concept of segregation of
responsibilities. No one person should be assigned duties that would allow that person to commit an
error or perpetuate fraud and to conceal error or fraud.

3. Adequate documents and records

The use of adequate documents and records allow the company to obtain reasonable assurance that all
valid transactions have been recorded.

4. Access of assets
The resources of a client can be protected by the establishment of physical barriers and appropriate
policies. For example inventories may be kept in a storeroom, or negotiable instruments may be placed
in a safe deposit box. Appropriate company policies are adopted so that only authorized persons have
access to company resources. Safeguarding of assets is more than establishing physical barriers.
A client should design its internal accounting control system so that documents authorizing the
movement of assets into an organization or out of the organization are adequately controlled.

5. Independent checks on performance

The objective of a well-designed internal accounting control system is the adoption of procedures that
periodically compare the actual asset with its recorded balance. Regardless of the effectiveness of
internal control system, some transactions may not be accurately recorded, and some assets may be
misappropriated. An important part of an internal accounting control systems is to determine the
effectiveness of recording policies and asset access policies. This is accomplished by periodic counts of
assets by the client and comparing the counts to the balances in general ledger accounts. Examples are
the count of inventory and the preparation of monthly bank reconciliation.

C. Physical Controls
Controls that encompass:
⚫ The physical security of assets, including adequate safeguards such as secured facilities over access to
assets and records.

⚫ The authorization for access to computer programs and data files.

⚫ The periodic counting and comparison with amounts shown on control records (for example,
comparing the results of cash, security, and inventory counts with accounting records).

The extent to which physical controls intended to prevent theft of assets are relevant to the reliability of
of financial statement preparation and therefore the audit, depends on circumstances such as when assets
are highly susceptible to misappropriation.

The concepts underlying control activities in small entities are likely to be similar to those in larger entities,
but the formality with which they operate varies. Further, small entities may find that certain types of
control activities are not relevant because of controls applied by management. For example,
management’s retention of authority for approving credit sales, significant purchases, and drawdown’s on
lines of credit can provide strong control over those activities, lessening or removing the need for more
detailed control activities. An appropriate segregation of duties often appears to present difficulties in
small entities. Even companies that have only a few employees, however, may be able to assign their
responsibilities to achieve appropriate segregation or, if that is not possible, to use management oversight
of the incompatible activities to achieve control objectives.

E. Monitoring of Controls
 Monitoring, the final component of internal control, is the process that an entity uses to assess the quality
of internal control over time. Monitoring involves assessing the design and operation controls on timely basis
and taking corrective action as necessary. Management monitors controls to consider whether they are
operating as intended and to modify them as appropriate for changes in conditions. In many entities,
internal auditors evaluate the design and operation of internal control and communicate information about
strengths and weaknesses and recommendations for internal control.

Some monitoring activities may include communications from external parties. For example, customers
implicitly corroborate sales data by paying their bills on questions. Also, bank regulators, other regulators,
and outside auditors may communicate about the design or effectiveness or internal control.

Monitoring activities may include using information from communications from external parties that may
indicate problems are highlight areas in need of improvement. Customers implicitly corroborate billing
data by paying their invoices or complaining about their charges. In addition, regulators may communicate
with their entity concerning matters that affect the functioning of internal control, for example,
communications concerning examinations by regulatory agencies. Also, management may consider
communications relating to internal control from external auditors in performing monitoring activities.

Application to Small Entities

Ongoing monitoring activities of small entities are more likely to be informal and are typically performed as a
part of the overall management of the entity’s operation. Management’s close involvement in operations
often will identify significant variances from expectations and inaccuracies in the financial data leading to
corrective action to the control.

Chapter 14

FRAUD AND ERROR

Introduction

Fraud is an intentional act involving the use of deception that results in a material misstatement of the financial
statements. Two types of misstatements are relevant to auditors’ consideration of fraud:
a) misstatements arising from misappropriation of assets, and b) misstatements arising from fraudulent financial
reporting.

Intent to deceive is what distinguishes fraud from errors. Auditors routinely find financial errors in their client’s
books, but those errors are not intentional.

TYPES OF MISSTATEMENTS
a) misstatements arising from misappropriation of assets
b) misstatements arising from fraudulent financial reporting

Misstatements arising from Misappropriation of Assets

Asset misappropriation occurs when perpetrator steals or misuses an organization’s assets. Asset
misappropriations are the dominant fraud scheme perpetrated against small business and the perpetrators are
usually employees. Asset misappropriations can be accomplished in various ways, including embezzling cash
receipts, stealing assets, or causing the company to pay for goods or services that were not received.

Asset misappropriation commonly occurs when employees:

 Gain access to cash and manipulate accounts to cover up cash thefts.

 Manipulate cash disbursements through fake companies.
  Steal inventory or other assets and manipulate the financial records to cover up the Fraud.

Misstatements arising from Fraudulent Financial Reporting

The intentional manipulation of reported financial results to misstate the economic condition of the organization
is called fraudulent financial reporting. The perpetrator of such a fraud generally seeks gain through the rise in
stock price and the commensurate increase in personal wealth. Sometimes the perpetrator does not seek
direct personal gain, but instead uses the fraudulent financial reporting to ‘help’ the organization avoid
bankruptcy or to avoid some other negative financial outcome . Three common ways in which fraudulent
financial reporting can take place include:

1. Manipulation, falsification, or alteration of accounting records or supporting documents.

2. Misrepresentation or omission of events, transactions, or other significant information.
3. Intentional misapplication of accounting principles.

THE FRAUD TRIANGLE

The Fraud Triangle characterizes: incentives, opportunities and rationalizations that enable fraud to exist.

The three elements of the fraud triangle are:

 Incentive/Pressure to commit fraud

 Opportunity to commit and conceal the fraud
 Rationalization - the mindset of the fraudster to justify committing the fraud.

Incentives or Pressure to Commit Fraud

Incentives relating to asset misappropriation include

 Personal factors, such as severe financial considerations

 Pressure from family, friends, or the culture to live a more lavish lifestyle than one’s personal earnings
allow for
 Addictions to gambling or drugs

The incentives include the following for fraudulent financial reporting:

Management compensation scheme

 Other financial pressures for either improved earnings or an improved balance sheet
 Debt covenants
 Pending retirement or stock option expiration
 Personal wealth tied to either financial results or survival of the company
 Greed - for example, the backdating of stock option was performed by individuals who already had
millions of pesos of wealth through stock

Opportunities to Commit Fraud

One of the most fundamental and consistent findings in fraud research is that there must be an opportunity for
fraud to be committed. Although this may sound obvious - that is, “everyone has an opportunity to commit
fraud” - it really conveys much more. It means not only that an opportunity exists, but transaction are such
that the perpetrator assesses the risk of being caught as low. Some of the opportunities to commit fraud that
the top management should consider include the following:

 Significant related-party transactions

 A company’s industry position, such as the ability to dictate terms or conditions to suppliers or
customers that might allow individuals to structure fraud transactions
 Management’s inconsistency involving subjective judgments regarding assets or accounting estimates
 Simple transactions that are made complex through an unusual recording process
  Complex or difficult to understand transactions, such as financial derivatives or special-purpose
entities
 Ineffective monitoring of management by the board, either because the board of directors is not
independent or effective, or because there is a domineering manager
 Complex or unstable organizational structure
 Weak or nonexistent internal controls

Rationalizing the Fraud

For asset misappropriation personal rationalizations often revolve around misstatement by the company or a
sense of entitlement (such as, “the company owes me!”) by the individual perpetrating the fraud. Following
are some common rationalizations for asset misappropriation:

 Fraud is justified to save a family member or loved one from financial crisis.
 We will lose everything (family, home, car and so on) if we don’t take the money.
 No help is available from outside.
 There is “borrowing”, and we intend to pay the stolen money back at some point.
 Something is owed by the company because others are treated better
 We simply do not care about the consequences of our actions or of accepted notions of decency and
trust; we are ourselves.

For fraudulent financial reporting, the rationalization can range from “savings the company” to personal greed,
and may include the following:

 This is one-time thing to get us through the current crisis and survive until things get better.
 Everybody cheats on the financial statements a little; we are just playing the same game.
 We will be in violation of all of our debt covenants unless we find a way to get this debt off the
financial statements.
 We need higher stock price to acquire company XYZ, or to keep our employees through stock options,
and so forth.

Risk Factors Contributory to Misappropriation of Assets

Misappropriation of assets involves the theft of an entity’s assets and is often perpetrated by employees in
relatively small and immaterial amounts. However, it can also involve management who are usually more able
to disguise or conceal misappropriations in ways that are difficult to detect. Misappropriation of assets can
be accompanied in a variety of ways including:

 Embezzling receipts (for example, misappropriating collections on account receivable or diverting

receipts in respect of written-off accounts to personal bank accounts).
 Stealing physical assets or intellectual property (for example, stealing inventory for personal use or for
sale, stealing scrap for resale, colluding with a competitor by disclosing technological data in return for
payment}.
 Causing an entry to pay for goods or services not received (for example, payment to fictitious vendors,
kickbacks paid by vendors to the entity’s purchasing agent in return for inflating prices, payments to
fictitious employees).
 Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for
personal loan or related party).

Misappropriation of assets is often accompanied by false or misleading records or documents in order to conceal
the fact that the assets are missing or have been pledged without proper authorization.

A. Incentive/Pressure
1. Personal financial obligations may create pressure on management or employees with access to cash or
other assets susceptible to theft to misappropriate those assets.

2. Adverse relationships between the entity and employees with access to cash or other assets susceptible
to theft may motivate those employees to misappropriate those assets. For example, adverse
 relationships may create by the following:
a) Known or anticipated future employee layoffs.
b) Recent or anticipated changes to employee compensation or benefit plans.
c) Promotions, compensation, or other rewards inconsistent with expectation

B. Opportunities
1. Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation.
For example, opportunities to misappropriate assets increase when following situations exist;
a) Large amounts of cash on hand or processed.
b) Inventory items that are small in size, of high value, or in high demand.
c) Fixed assets which are small in size, marketable, or lacking observable identification of ownership.

2. Inadequate internal control over assets may increase the susceptibility of misappropriation of assets may
occur because of the following:
a) Inadequate segregation of duties or independent checks.
b) Inadequate oversight of senior management expenditures, such as travel and other reimbursements.
c) Inadequate management oversight of employees responsible for assets, for example, inadequate
supervision or monitoring of remote locations.
d) Inadequate job applicant screening of employees with access to assets.
e) Inadequate record keeping with respect to assets.
f) Inadequate system of authorization and approval of transaction (for example, in purchasing).
g) Inadequate physical safeguards over cash, investments, inventory, or fixed assets.
h) Lack of complete and timely reconciliation of assets.
i) Lack of timely and appropriate documentation of transactions, for example, credits for merchandise
returns.
j) Lack of mandatory vacations for employees performing key control functions.
k) Inadequate management understanding of information technology employees to perpetrate a
misappropriation.
l) Inadequate access controls over automated records, including controls over and review of computer
systems event logs.

C. Attitudes/Rationalizations
1. Disregard for the need for monitoring or reducing risks relate to misappropriation of assets.
2. Disregard for internal control over misappropriation of assets by overriding existing controls or by failing
to correct know internal control deficiencies.
3. Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the employee.
4. Changes in behavior or lifestyle that may indicate assets have been misappropriated.
5. Tolerance of petty theft.

Risk Factors Contributory to Fraudulent Financial Reporting

Fraudulent financial reporting may be accomplished by the following:

 Manipulation, falsification (including forgery), or alteration of accounting records or supporting

documentation from which the financial statements are prepared.
 Misrepresentation in, or intentional omission from, the financial statements of events, transactions
or other significant information.
 Intentional misapplication of accounting principles relating to amounts, classification, manner of
presentation, or disclosure.

Fraudulent financial reporting involves intentional misstatements including omissions of amounts or disclosures
in financial statements to deceive financial statement users. It can be caused by the efforts of management to
manage earnings in order to deceive financial statement users by influencing their perceptions as to the entity’s
and profitability. Such earnings management may start out with small actions or inappropriate adjustment of
assumptions and changes in judgments by management. Pressures and incentives may lead these actions to
increase to the extent that they result in fraudulent financial reporting. Such a situation could occur when, due
to pressures to meet market expectations or desire to maximize compensation based on performance,
management intentionally takes positions that lead to fraudulent financial reporting by materially misstating the
financial statements In some entities, management may be motivated to reduce earnings by material amount
to minimize tax or inflate earnings to secure bank financing.

Fraud, whether fraudulent financial reporting or misappropriation of assets, involves incentive or pressure to
commit fraud, a perceived opportunity to do so and some rationalization of the act.

A. Incentive/Pressure
Incentive or pressure to commit fraudulent financial reporting may exist when management is under
pressure, from sources outside or inside the entity, to achieve an expected (and perhaps unrealistic)
earnings target or financial outcome - particularly since the consequences to management for failing to meet
financial goals can be significant.

B. Opportunities
A perceived opportunity to commit fraud may exist when an individual believes internal control can be
overridden, for example, because the individual is in a position of trust or has knowledge of specific
weaknesses in internal control.

Fraudulent financial reporting often involves management override of controls that otherwise may appear to
be operating effectively. Fraud can be committed by management overriding controls using such techniques
as:

 Record fictitious journal entries, particularly close to the end of an accounting period, to manipulate
operating results or achieve other objectives.
 Inappropriately adjusting assumptions and changing judgments used to estimate account balances.
 Omitting, advancing or delaying recognition in the s of events and transactions that have
occurred during the reporting period.
 Concealing, or not disclosing, facts that could affect the amounts recorded in the financial statements.
 Engaging in complex transactions that are structured to misrepresent the financial position or
financial performance of the entity.
 Altering records and terms related to significant and unusual transactions.

C. Rationalizations

Individuals may be able to rationalize committing a fraudulent act. Some individuals possess an attitude,
character or set of ethical values that allow them knowingly and intentionally to commit a dishonest act.
However, even otherwise honest individuals can commit fraud in an environment that imposes sufficient
pressure on them.

Responsibility for the Prevention and Detection of Fraud

The primary responsibility for the prevention and detection of fraud rest with both those charged with
governance of the entity and management. It is important that management, with oversight of those charged
with governance, place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to
takeplace, and fraud deterrence, which could persuade individuals not to commit fraud because of likelihood of
detection and punishment. This involves a commitment to creating a culture of honest and ethical behavior
which can be reinforced by active oversight by those charged with governance. In exercising oversight
responsibility, those with governance consider the potential for override of controls or other in appropriate
influence over the financial reporting process, such as efforts by management to manage earnings in order to
influence the perceptions of analysts as to the entity’s performance and profitability.
Chapter 15
ERRORS AND IRREGULARITIES IN THE TRANSACTION CYCLES OF THE BUSINESS ENTITY

Management should establish controls to ensure that these transactions are appropriately handled and
recorded. However, if internal controls are not properly implemented , or are overrided, fraud and errors may
occur. Errors and fraudulent activities that could result if there is poor internal control.

I. Sales and Collection Cycle

1. Errors in Recording Sales and Collections Transactions
Errors in recording sales include mechanical errors, such as using a wrong piece or wrong quantity,
recording sales in the wrong period (cut off errors). a bookkeeper’s failure to understand proper
accounting for transactions, and so on. Internal controls are designed to prevent or detect many of
these kinds of errors.

2. Frauds in Sales and Collections

Fraud in sales generally relate to fraudulent financial reporting to contrast, frauds in cash collections
Relate to misappropriation of assets, typically accomplished by clerks or management-level employees.

A. Fraudulent Financial Reporting

Fraudulent financial reporting involving sales typically results in overstated sales or understated sales
returns and allowances. Managers under pressure to achieve high profits may inflate sales to meet
target profits established by senior managers, to obtain bonuses, to retain the respect of senior
managers, or even to keep their jobs. The following methods can be used to increase sales
fraudulently:

⚫ Recording fictitious sales (creating fictitious shipping documents, sales invoices, and so on)
⚫ Recording valid transaction twice
⚫ Recording the current period sales that occurred in the succeeding period (improper cutoff)
⚫ Recording operating leases as sales
⚫ Recording deposits as sales
⚫ Recording consignment as sales
⚫ Recording sales when the chance of a return is likely.
⚫ Following revenue recognition practices that are not in accordance with PFRS
⚫ Recognizing revenue that should be deferred.

b. Misappropriation of Assets: Withholding Cash Receipts

1. Skimming
This refers to the act of withholding cash receipts without recording them. An example is when a cashier
in a retail store does not ring up a transaction and takes the cash. Another example is when an employee
who has access to cash receipts and maintain accounts receivable records can record a sale at an
amount lower than the invoice amount. When the customer pays, the employee takes the difference
between the invoice and the amount recorded as receivable. Detection of unrecorded cash receipts is very
difficult; however, unexplained changes in the gross profit percentage or sales volume may indicate the
cash receipts have been withheld.

2. Lapping

This technique is used to conceal the fact that cash has been abstracted; the shortage in one customer’s
account is covered with a subsequent payment made by another customer. An employee who has access
to cash receipts and maintains accounts receivable can engage in lapping. Routine testing of details of
collections compared with validated bank deposits slip should uncover this fraud.

3. Kiting
This is another technique used to cover cash shortage or to inflate cash balance. Kiting involves
counting the cash twice by using the float in the banking system (Float is the gap between the time the
check is deposited or added to an account an the time the check clears or is deducted from the account it
was written on). Analyzing and verifying cash transfers during the surrounding year-end should reveal
 this type of fraud.

II. Acquisition and Payment Cycle

1. Error in the Acquisitions and Payment Cycle

The following may occur in the acquisitions and payments cycle:
⚫ Failing to record a purchase in the proper period (cutoff error)
⚫ Recording goods accepted on consignment as a purchase
⚫ Misclassifying purchases of assets and expenses
⚫ Failing to record a cash payment
⚫ Recording a payment twice
⚫ Failing to record prepaid expenses as assets

Entities normally design controls to prevent these errors from occurring or to detect errors if they do occur.
When such controls exists, auditors test the controls to assess their effectiveness. If the controls are not
effective auditors should perform substantive tests to determine that he financial statements do not
contain material misstatements that arose because of possible errors.

2. Fraud in the Acquisitions and Payment Cycle

A. Payment for Fictitious Purchases
This involves the perpetrator creating a fictitious invoice (and sometimes a receiving report, purchase
order and so forth) and processing the invoice for payment. Alternatively, the perpetrator can pay
the invoice twice.

B. Receiving Kickbacks
In this scheme, a purchasing agent may agree with a vendor to receive a kickback (refund payable to
the purchasing person on goods or services acquired from the vendor).

This is usually done in return for the agent’s ensuring that the particular vendor receives an order from
the firm. Often a check is made payable to the purchasing agent and mailed to the agent at a location
other than his or her place of employment. Sometimes the purchasing agent splits the kickback with
the vendor’s employee for approving and paying it. Detecting kickbacks is difficult because the
buyer’s records do not reflect their existence. However, when the vendors are required to submit
bids for goods or services the likelihood of kickbacks is reduced.

C. Purchasing Goods for Personal Use

Goods or services for personal use may be purchased by executive or puchasing agents and charge to
the company’s account To execute such a purchase, the perpetrator must have access to blank
receiving reports and purchase approvals or must connive with another employee. Fraud involving
the purchase of goods for personal use is more likely to go unnoticed when perpetual records are not
maintained.

III. Payroll and Personnel Cycle

Historically, errors and irregularities involving payroll have been reported to occur frequently and are
largely undetected.

1. Errors
The most errors that can occur in the payroll and personnel cycle are
A) Paying employees at the wrong rate.
B) Paying employees for more hours than they worked.
C) Charging payroll expense to the wrong accounts, and
D) Keeping terminated employees on the payroll.

Good internal control can be established to prevent these errors from occurring and to detect them if
they do occur

2. Fraud involving Payroll

The major payroll-related frauds include.
A. Fictitious Employees
Adding fictitious employees to the payroll is one of the most common defalcations. Detecting
fictitious employees on the payroll is difficult; but auditors do sometimes perform a surprise payoff
as a deterrent to this form of defalcation, Alternatively, the auditor may turn the check distribution
over to an official not associated with preparing payroll, signing checks, or supervising workers.
Personnel files and the employees’ completed time cards and time tickets may also be examined to
substantiate the existence of absent employees.

B. Excess Payments to Employees

Increasing the rate above that approved or paying employees for more hours that they worked are
the most common ways of paying employees more than they are entitled to received. These
practices can be substantially reduced by requiring personnel department officials to authorize
changes in pay rates and by monitoring total hours worked and paid for. Analytical procedures that
focus on cost per unit of actual production can also be helpful in detecting excess payment to
employees.

C. Failure to Record Payroll

Companies having difficulty meeting profit targets or not-for-profit entities having difficulty managing
costs and expenses might fail to record a payroll. The omission of payroll can be difficult to hide
unless a similar amount of revenues or receipts has been omitted. Analytical procedures can be
performed to test the reasonableness of payroll cost.

D. Inappropriate Assignment of Labor Cost to Inventory

A company having difficulty meeting profit targets might assign to inventory labor cost that should
have been charged to expense. Analytical procedures such as comparing costs incurred to
budgeted cost and verification of valuation of inventory are some of the useful techniques in
detecting such fraud.
Acctg 3116 - Governance, Business Ethics, Risk Management and Internal Control
Chapters 16 - 17

Module 7 - Internal Control Affecting Assets, Liabilities and Equity

Hyphen
Chapter 16
INTERNAL CONTROL AFFECTING ASSETS

Internal Control Over Cash Transactions

Most of the processes relating to cash handling are the responsibility of the finance department,
under the direction of the treasurer. These processes include handling and depositing cash receipts,
signing checks, investing idle cash; and maintaining custody of cash, marketable securities, and other
negotiable assets. In addition, the finance department must forecast cash requirements and make
both short-term and , long term financing arrangements.

Ideally, the functions of the finance department and the accounting department should be
integrated in a manner that provides assurance that:

1. All cash that should have been received was in fact received, recorded accurately
and deposited promptly.
2. Cash disbursement have been made for authorized purposes only and have been
properly recorded.
3. Cash balances are maintained at adequate, but not excessive, levels by forecasting
expected cash receipts and payments related to normal operations. The need for
obtaining loans for investing excess cash is thus made known on a timely basis.

A detailed study of the business processes of the company is necessary in developing the most
efficient control procedures, but there are some general guidelines to good cash handling practices
in all types of business. These guidelines for achieving internal control over cash may be
summarized as follows:

1. Do not permit any one employee to handle a transaction from beginning to end.
2. Separate cash handling from record keeping.
3. Centralize receiving of cash to the extent practical.
4. Record cash receipts on a timely basis.
5. Encourage customers to obtain receipts and observe cash register totals.
6. Deposit cash receipts (intact) daily.
7. Make all disbursements by check or electronic funds transfer, with the exception
of small expenditures from petty cash.
8. Have monthly bank reconciliation prepared by employees not responsible for the
issuance of checks or custody of cash.
9. Monitor cash receipts and disbursements by comparing recorded amounts to
forecasted amounts and investigating variances from forecasted amounts.
Potential Misstatements - Cash Receipts
Description of Misstatement Examples
Recording fictitious cash Fraud:
receipts - Overstating cash receipts on
the books by transferring cash
between bank accounts without
appropriate recording of the
transfer to cover up an
embezzlement of cash.
Failure to record receipts Fraud:
from cash sales - A cashier fails to ring up and
record cash sales and embezzles
the cash.
Error:
- A bookkeeper accidentally
omits the recording of the
receipts from one cash register
for the day.
Failure to record cash from Fraud:
collection of accounts - A cashier embezzles cash
receivable payments by customers on
receivables, without recording
the receipts in the customer’s
accounts.
- A bookkeeper accidentally who
has access to cash receipts
embezzles cash collected from
customers and writes off the
related receivables.
Error:
- A bookkeeper accidentally fails
to record payment on a
receivable.
Early (Late) recognition of Fraud:
cash receipts - “cutoff - Holding the cash receipts
problems” journal open to record next
year’s cash receipts as having
occurred in this year.
Error:
- Recording cash receipts based
on bad information about date
of receipt.
Internal Control Weakness or
Factors that Increase the Risk of
the Misstatement
- Lack of segregation of duties of
the functions of access to cash
and record keeping; no effective
review of bank reconciliations.
- Inadequate supervision of
cashiers; failure to encourage
customers to obtain cash
receipts.
- Inadequate controls for
reconciling cash register tapes
and accounting records;
inadequate controls for
reconciling bank accounts.
- Lack of segregation of duties
between personnel who have
access to cash receipts and those
who make entries into the
accounts receivable records.
- Lack of segregation of duties
between personnel who have
access to cash receipts and those
of segregation of duties between
personnel who have access of
recording.
- Inadequate reconciliations of
subsidiary records of accounts
receivable with the general ledger
control account.
- Ineffective board of directors,
audit committee, or internal audit
function; “tone of the top” not
conducive to ethical conduct;
undue pressure to show
improved financial position.
- Failure to list and deposit cash
receipts on a timely basis.
 Potential Misstatements - Cash Disbursements
Description of Examples Internal Control Weakness or
Misstatement Factors that Increase the Risk of
the Misstatement
Inaccurate recording of a Fraud:
purchase or disbursement - A bookkeeper prepares a check - Inadequate segregation of duties
to himself and records its as of record keeping and preparing
having been issued to a major cash disbursements, or check
supplier. signer does not review and cancel
supporting documents.

Error: - Ineffective control for matching

- A disbursement is made to pay invoices with receiving documents
an invoice for goods that have not before disbursements are
been received. authorized.

- Ineffective accounting coding

- Disbursements for travel and procedures may result from
entertainment are improperly incompetent accounting personnel,
included with merchandise inadequate charts of accounts, or
purchases. no controls over the posting
process.
Duplicate recording and Error:
payment of purchases - A purchase is recorded when an - Ineffective controls for review
invoice is received from a vendor and cancellation of supporting
and recorded again when a documents by the check signer.
duplicate invoice is sent by the
vendor.
Unrecorded disbursements Fraud:
- In conjunction with recorded - Ineffective control over record
(but deposited) cash receipts, an keeping for and access to cash.
employee writes and chases on
unrecorded check for the identical
amount.

INTERNAL CONTROL OVER FINANCIAL INVESTMENTS

The most important group of financial investments, consists of marketable stocks and bonds because they are
found more frequently and usually are of greater peso value than the other kinds of investment holdings.
Other types of investments often encountered include commercial paper issued by corporations, mortgages
and trust deeds, and the cash surrender value of life insurance policies. The internal auditors also must be
concerned with derivatives that are used to hedge various financial and operational risks or for speculation.
Derivatives are financial instruments that “derive” their value from other financial investments, underlying
assets, or indexes. For example , a simple derivative would involve a commitment by a company to purchase a
commodity at a certain price at some point in the future. Other derivatives are much more complex, involving,
for example, relationships between fluctuations in European interest rates and the price of copper.

The major elements of adequate internal control over financial investments include the following:

1. Formal investment policies that limit the nature if investments in securities and other
financial investments.
2. An investment committee of the board of directors that authorizes and reviews financial
investment activities for compliance with investment policies.
3. Separation of duties between the executive authorizing purchases and sales of securities
and derivative instruments, the custodian of the securities, and the person maintaining
the records of investments.
4. Complete detailed records of all securities and derivative instruments owned and the
related provisions and terms.
5. Registration of securities in the name of the company.
6. Periodic physical inspection of securities on hand by an internal auditor or an official
having no responsibility for the authorization, custody, or record keeping of investment.
7. Determination of appropriate accounting for complex financial instruments by competent
personnel.

In many concerns, segregation of the functions of custody and record keeping is achieved by the use of an
independent safekeeping agent, such as stockholder, bank or trust company. Since the independent agent has
no direct contact with the employee responsible from maintaining accounting records of the investments in
securities, the possibilities of concealing fraud through falsification of the accounts are greatly reduced. If
securities are not placed in the custody of an independent agent, they should be kept in a bank safe-deposit
box under the joint control of two or more of the company’s officials. Joint control means that neither of the
two custodians may have access to the securities except in the present of the other. A list of securities in the
box should be maintained in the box, and the deposit or withdrawal of securities should be recorded on this
list along with the date and signatures of all person present. The safe-deposit box rental should be in the
name of the company, not in the name of an officer having custody of securities.

Complete detailed records of all securities and derivative instruments owned are essential to satisfactory
control. These records frequently consists of a subsidiary record of each security and derivative instrument,
with such identifying data as the exact name, face amount or value, certificate number, number of share, date
of acquisition, name of broker, cost, terms and any interest or dividend payment received. Actual interest and
dividends should be compared to budgeted amounts, and significant variances should be investigated. The
purchase and sale of investments often is entrusted to a responsible financial executive, subject to frequent
review by an investment committee of the board of directors.

Potential Misstatements - Financial Investments

Description of Misstatement Examples Internal Control Weakness or

Factors that Increase the Risk of
the Misstatement
Misstatement of recorded Error:
value of investments - Failure to record changes in - Inadequate accounting manual;
market values of investments. Incompetent accounting
personnel.
Fraud:
- Misstatement of the value of - Ineffective board of
closely held investment. directors, audit committee, or
internal audit function; not
conducive to ethical conduct;
undue pressure to meet
earnings targets.
Unauthorized investment Fraud:
transactions - An employee with access to - Inadequate segregation of
securities coverts them to personal duties of record keeping for and
use. custody of securities.
Incomplete recording of Error:
investments - Failure to record derivative - a) Inadequate accounting
agreements which are embedded manual; incompetent
in other agreements. accounting personnel

- b) Inadequate monitoring of
internal auditors.

INTERNAL CONTROL OVER RECEIVABLES

Account receivables include not only claim against customers arising from the sale of goods or
services, but also a variety of miscellaneous claims such as loans to officers or employees, loans to
subsidiaries, claims against various other firms, claims for tax refunds and advances to suppliers.
Sources and Nature of Notes Receivable

Notes receivable are written promises to pay certain amounts at future dates. Typically, notes
receivable is used for handling transactions of substantial amount; these negotiable documents are
widely used. In banks and other financial institutions, notes receivable usually constitutes the single
most important asset.

Internal Control of Accounts Receivable and Revenue

To understand internal control over accounts receivable and revenue, one must consider the various
components, including the control environment, risk assessment, monitoring, the (accounting)
information and communication system, and control activities.

Control Environment

Because of the risk of intentional misstatement of revenues, the control environment is very
important to effective internal control over revenue and receivables. Of particular importance is an
independent audit committee of the board of directors that monitors management’s judgments
about revenue recognition principles and estimates, as well as an effective internal audit function.
Management should establish a tone at the top of the organization that encourages integrity and
ethical financial reporting. These ethical standards should be communicated and observed
throughout the organization. Also, incentives for dishonest reporting, such as undue emphasis on
meeting unrealistic sales or earnings targets, should be eliminated.

Potential Misstatements - Revenue/Receivables

Description of Misstatement Examples Internal Control Weakness or Factors

Recording unearned revenue
Fraud:
- Recording fictitious sales without
receiving a customer order or
shipping goods.
- Intentional overshipment of goods.
Errors:
- Recording sales based on the
receipt of orders from customers
rather than the shipment of goods.
that Increase the Risk of the
Misstatement
- Ineffective board of directors’ audit
committee, or internal audit
function; undue pressure to meet
earnings targets. “top management
action” not conductive to ethical
conduct.
- Ineffective billing process in which
billing is not tied to shipping
information.

- Inaccurate billing and recording of -Ineffective controls for testing

sales. invoices, or ineffective input
validation checks and computer
reconciliations to ensure the
accuracy of databases.

- Recording cash that represents a - Inadequate accounting manual;

Early (late) recognition
revenue = “cutoff error”
liability (e.g,, receipt of a customer’s
deposit) as revenue.
of Fraud:
- Holding the sales journal open to
record next year’s sales as having
occurred in the current year.
Error:
- Recording sales in the wrong
incompetent accounting personnel
- Ineffective board of directors’ audit
committee, or internal audit
function; not conducive; undue
pressure to meet sales targets.
- Ineffective cutoff procedures in the
 period based on incorrect shipping shipping department.
information.
Recording revenue when Fraud:
significant uncertainties exist - Recording sales when the - Ineffective board of directors’ audit
customer is likely to return the committee, or internal audit
goods. function; not conducive to ethical
conduct; undue pressure to meet
sales targets.
Error:
- Recording sales when the - Aggressive attitude of management
customer’s payment contingent toward financial reporting:
upon the customer receiving, incompetent chief accounting
financing or selling the goods to officer.
another party (e.g., consignment
sales)

Recording revenue when Fraud: - Ineffective board of directors’ audit

significant services still must be - Recording franchise revenue when committee, or internal audit
performed by seller the franchises are sold even though function; not conducive to ethical
an obligation to perform significant conduct; undue pressure to meet
services still exists. sales targets.

Error: - Aggressive attitude of management

Overestimation of the amount
of revenue earned.
- Amount of revenue earned on toward financial reporting;
franchises is miscalculated. incompetent chief accounting
officer.
Frauds:
- Misstating the percentage of - Ineffective board of directors’ audit
completion of several projects by committee, or internal audit
construction company using the function; not conducive to ethical
percentage-of-completion method conduct; incompetent individuals
revenue recognition. involved in the estimation process.

- Overestimating the percentage of - Aggressive attitude of management

completion on projects by a toward financial reporting;
construction company using the incompetent personnel involved in
percentage-of-completion method the estimation/accounting process.
of revenue recognition.

Internal Control over Notes Receivable

As previously stated, a basic characteristic of effective control consists of the subdivision of duties. As applied to notes
receivable, this principle require that:

1. The custodian of notes receivable must not have access to cash or to general accounting records.
2. The acceptance and renewal of notes to be authorized in writing by responsible official who does not have custody of
notes.
3. The write-off of defaulted notes be approved in writing by responsible officials and effective procedures adopted for
subsequent follow-up of such defaulted notes.

INTERNAL CONTROL OVER INVENTORIES AND COST OF GOODS SOLD

The interrelationship of inventories and cost of goods sold makes it logical for the two topics to be considered
together. The controls that assure the fair valuation of inventories are found in the purchases (or acquisition)
cycle. These materials, inspecting goods received, recording the liability to the vendor, and valuation of
inventories also is affected by the production (or conversion) cycle, in which various manufacturing costs are
assigned to inventories, and the cost of inventories is then transferred to the cost of goods sold.

Sources and Nature of Inventories and Cost of Goods Sold

The term inventories is used in this chapter to include:

1. Goods on hand ready for sale, whether the merchandise of a trading concern or the finished goods of a
manufacturer,
2. Goods in the process of production; and
3. Good to consumed directly or indirectly in production, such as raw materials, purchased parts, and supplies.

Internal Control Over Inventories And Cost Of Goods Sold

The importance of adequate internal control over inventories and cost of good sold from the viewpoint of both
management and the auditors can scarcely be overemphasized. In some companies, management stresses
controls over cash and securities but pays little attention to control over inventories. Since many types of
inventories are composed of items not particularly susceptible to theft, management may consider controls to
be unnecessary in this area. Such thinking ignores the fact that controls for inventories affect nearly all the
functions involved in producing and disposing of the company’s products.

Potential Misstatements - Inventory/Cost Of Goods Sold

Description of Misstatement Examples Internal Control Weakness or Factors

that Increase the Risk of the
Misstatement
Misstatement of inventory Frauds:
costs - Intentional misstatement of - Ineffective board of directors, audit
production costs assigned to committee, or internal audit
inventory. function; “tone of the top” not
conducive to ethical conduct; undue
- Intentional misstatement of pressure to meet earnings targets.
inventory prices.

Errors:
- The assignment of direct labor costs, - Ineffective cost accounting system;
direct material costs, or factory failure to update standard costs on a
overhead to inventory items is timely basis.
inaccurate.
- Ineffective input validation controls
- Erroneous pricing of inventory. on the database of inventory costs;
ineffective supervision of the
personnel that enter the costs on the
final inventory schedule.
Misstatement of inventory Frauds:
quantities - Items are stolen with no journal - Ineffective physical controls over
entry reflecting the theft. inventories.

- Inventory quantities in locations not - Ineffective board of directors’ audit

Early (late) recognition of
purchases - “cutoff problems”.
visited by auditors are systematically
overstated.
Error:
- Miscounting of inventory by
personnel involved in physical
inventory.
Fraud:
- Intentional recording of purchases in
the subsequent period.
Error:
- Recording purchases of the current
period in subsequent period.
committee, or internal audit
function; “tone at the top” not
conducive to ethical conduct; undue
pressure to meet earnings targets.
- Ineffective controls or supervision
of physical inventory.
- Ineffective board of directors’ audit
committee, or internal audit
function; “tone at the top” not
conducive to ethical conduct; undue
pressure to meet earnings targets.
- Ineffective accounting procedures
that do not tie recorded purchases to
receiving data.

“Tone at the Top” is a term that is used to define management's leadership and commitment towards openness, honesty,
integrity, and ethical behavior
INTERNAL CONTROL OVER PROPERTY, PLANT AND EQUIPMENT

The term property, plant and equipment includes all tangible assets with a service life of more than a year that
are used in the operation of the business and are not acquired for the purpose of resale. Three major
subgroups of such assets are generally recognized:

1. Land, such as property used in the operation of the business has the significant characteristic of not being
subject to depletion.

2. Buildings, machinery, equipment and land improvements, such as fences and parking lots, have limited
service lives and are subject to depreciation.

3. Natural resources (wasting assets), such as oil wells, coal mines, and tracts of timber, are subject to
depletion as the natural resources are extracted or removed.

Acquisitions and disposals of property, plant and equipment are usually large in dollar amount, but
concentrated in only a few transactions. Individual items of plant and equipment may remain unchanged in
the accounts for many years.

Internal Control Over Plant And Equipment

The amount invested in plant and equipment represents large portion of the total assets of many industrial
concerns. Maintenance, rearrangement( relocation) and depreciation of these assets are major expense in the
income statement. The total expenditures for the assets and related expenses make strong internal control
essential to the preparation of reliable financial statements. Errors in measurement of income may be
material if assets are scrapped without their cost being removed from the account, or if the distinction
between capital and revenue expenditures is not maintained consistently. The losses that inevitably arise
from uncontrolled methods of acquiring, maintaining, and retiring plant and equipment are often greater than
the losses from fraud in cash handling.

In large enterprises, the auditors may expect to find an annual plant budget used to forecast and control
acquisitions and retirements of plant and equipment. Many small companies also forecast expenditures for
plant assets. Successful utilization of a plant budget presupposes the existence of reliable and detailed
accounting records for plant and equipment. A detailed knowledge of the kinds, quantities and condition of
existing equipment is an essential basis for intelligent forecasting of the need for replacements and additions
to the plant.

Other key controls applicable to plant and equipment are as follows:

1.A subsidiary ledger consisting a separate record for each unit of property. An adequate plant and equipment
ledger facilitate the auditor’s work in analyzing additions and retirements, in verifying the depreciation
provision and maintenance expense, and in comparing authorizations with actual expenditures.

2. A system of authorization requiring advance executive approval of all plant and equipment acquisitions,
whether by purchase, lease or construction. Serially numbered capital work orders are a convenient means of
recording authorizations.

3. A reporting procedure assuring prompt disclosure and analysis of variances between authorized
expenditures and actual costs.

4. An authoritative written statement of company policy distinguishing between capital expenditures and
revenue expenditures. A dollar minimum ordinarily will be established for capitalization; any expenditures of a
lesser amount automatically classified as charges against current revenue.

5. A policy requiring all purchases of plant and equipment to be handled through the purchasing
department and subjected to a standard routine for receiving, inspection and payment.
6.Periodic physical inventories designed to verify the existence, location and condition of all property listed in
the accounts and disclose the existence of any unrecorded units.

7.A system of retirement procedures, including serially numbered retirement work orders (location), stating
reasons for retirement and bearing appropriate approvals.

Potential Misstatements - Investments in Property, Plant and Equipment

Description of Misstatement Examples Internal Control Weakness or

Misstatement of acquisitions of
property, plant and equipment.
Factors that Increase the Risk of
the Misstatement
Fraud:
- Expenditures for repairs and - Undue pressure to meet
maintenance expenses recorded as earnings targets.
property, plant and equipment
acquisitions to overstate income.

Error:
- Purchases of equipment erroneously - Inadequate accounting manual;
reported in maintenance and repairs incompetent accounting
expense account. personnel.

Failure to record retirement of Error:

property, plant and equipment.
Improper reporting of unusual
transactions.
- An asset that has been replaced is - Inadequate accounting policies,
discarded due to its lack of value, e.g., failure to use retirement
without an accounting entry. work orders.
Error:
- A “gain” recorded as an exchange of - Inadequate accounting manual;
nonmonetary assets that lacks incompetent accounting
commercial substance. personnel.

Chapter 17
INTERNAL CONTROL AFFECTING LIABILITIES AND EQUITY

INTERNAL CONTROL OVER ACCOUNTS PAYABLE

The term accounts payable (often referred to as vouchers payable for a voucher system) is used to
describe short-term obligations arising from the purchase of goods and services in the ordinary
course of business. Typical transactions creating accounts payable include the acquisition on credit
merchandise, raw materials, plant assets and office supplies.

Other sources of accounts payable include the receipt of services, such as legal and accounting
services, advertising, repairs and utilities. Interest-bearing obligations should be included in
accounts payable but shown separately as bonds, notes, mortgages, or installment contracts.

Invoices and statements from suppliers usually evidence accounts payable arising from the purchase
of goods or services and most other liabilities. However, accrued liabilities (sometimes called
accrued expenses) generally accumulate over time, and management must make accounting
estimates of the year-end liability. Such estimates are often necessary for salaries, pensions,
interest, rent, taxes and similar items.

In thinking about internal control over accounts payable, it is important to recognize that the
accounts payable of one company are the accounts receivable of other companies. It follows that
there is little danger of errors being overlooked permanently since the client’s creditors will
generally maintain complete records of their receivables and will inform the client if payment is not
received. This feature also aids auditors in the discovery of fraud, since the perpetrator must be able
to obtain and respond to the demands for payment. Some companies, therefore, may choose to
minimize their record keeping of liabilities and to rely on creditors to call attention to their record
keeping of liabilities and to rely on creditors to call attention to any delay in making payment. This
viewpoint is not an endorsement inaccurate or incomplete records of accounts payable, but merely
recognition that the self-interest of creditors constitutes an effective control in accounting for
payables that is not present in the case of accounts receivable.

Discussion of internal control applicable to accounts payable may logically to the entire purchase or
acquisition cycle.

Potential Misstatements - Accounts Payable

Description of Misstatement Examples Internal Control Weakness or

Inaccurate recording of
purchase or disbursement
Misappropriation of purchases
Duplicate recording
purchases
Late (early) recording of cost of
purchases - “cutoff problems”
a Fraud:
- A bookkeeper prepares a check to
himself and records it as having
been issued to a major supplier.
Error:
- A disbursement is made to pay an
invoice for goods that have not
been received.
Fraud:
- Goods are ordered but delivered
to an inappropriate address and
stolen.
of Error:
- A purchase is recorded when an
invoice is received from a vendor
and recorded again when a
duplicate invoice is sent by the
vendor.
Fraud:
- Purchases journal “closely early”
with this period’s purchases
recorded as having occurred in
subsequent period.
Factors that Increase the Risk of the
Misstatement
- Ineffective segregation of duties of
record keeping and preparing cash
disbursements, or check signer does
not review and cancel supporting
documents.
- Ineffective controls for matching
invoices with receiving documents
before disbursements are
authorized.
- Ineffective controls for matching
invoices with receiving documents
before disbursements are
authorized.
- Ineffective controls for review and
cancellation of supporting
documents by the check signer.
- Ineffective board of directors’
audit committee, or internal audit
function; “tone at the top” not
conducive to ethical conduct;
undue pressure to meet earnings
targets.

INTERNAL CONTROL OVER OTHER DEBTS

Business corporations obtain substantial amounts of their financial resources by incurring debt and issuing
capital stock. The acquisitions and repayment of capital is sometimes referred to as the financing cycle. This
transaction cycle includes the sequence of procedures for authorizing, executing, and recording transactions
that involve bank loans, mortgages, bonds payable, and capital stock as well as the payment of interest and
dividend.

Internal Control Over Debt

Authorization by the Board of Directors

Effective internal control over debt begins with the authorization to incur the debt. The bylaws of a
corporation usually require that the board of directors approve borrowing. The treasurer of the corporation
will prepare a report on any proposed financing, explaining the need for funds, the estimated effect of
borrowing upon future earnings, the estimated financial position of the company in comparison with others in
the industry both before and after the borrowing, and alternative methods of raising funds. Authorization by
the board of directors will include review and approval of such matters as the choice of a bank or trustee, the
type of security, registration with the SEC, agreements with investment bankers, compliance with the
requirements of the state of incorporation, and listing of bonds on a securities exchange. After the issuance of
long-term debt, the board of directors should receive a report stating the net amount received and its
disposition as, for example, acquisition of plant assets, addition to working capital, other purposes.

Use of and Independent Trustee

Bond issues are always for large amount - usually many millions of pesos. Therefore, only relatively large
companies issue bonds; small companies obtain long-term capital through mortgage loans or other sources.
Any company large enough to issue bonds and able to find a ready market for securities will almost always
utilize the services of a large bank as an independent trustee.

The trustee is charge with the protection of the creditors’ interest and with monitoring the issuing company’s
compliance with the provisions of the indenture. The trustee also maintains detailed records of names and
addresses of the registered owners of bonds, cancels old bond certificates and issues new ones when bonds
change ownership, follows procedures to prevent over issuance of bond certificates, distribute interest
payments, and distributes principal payments when bonds mature. Use of an independent trustee largely
solves the problem of internal control over bonds payable. Internal control is strengthened by the fact that
the trustee does not have access to the issuing company’s assets or accounting records and the fact that the
trustee is a large financial institution with legal responsibility for its actions.

Interest Payments on Bonds and Notes Payable

Many corporations assign the entire task of paying interest to the trustee for either bearer bonds or registered
bonds. Highly effective control is then achieve, since the company will issue single check for the full amount of
the semiannual interest payment on the entire bond issue.

INTERNAL CONTROL OVER OWNER’S EQUITY

The three principal elements of strong internal control over share capital and dividends:

1. The proper authorization of transactions by the board of directors and corporate office.
2. The segregation of duties in handling these transactions (preferably the use of payments), and
3. The maintenance of adequate records.

Internal Control On Equity

Control of Share Capital Transactions by the Board of Directors

All changes in share capital accounts should receive formal advance approval by the board of directors. The
board of directors must determine the number of shares to be issued and the price per share; if an installment
plan of payment is to be used, the board must prescribe the terms. If plant and equipment, services, or any
consideration other than cash is to be accepted in payment for shares, the board of directors must establish
the valuation on the noncash assets received. Transfers from retained earnings to the Share of Capital and
Paid-in Capital accounts, as in the case of stock dividends, are initiated by action of the board. In addition,
stock splits and changes in par or stated value of shares require formal authorization by the board.

Independent Registrar and Stock Transfer Agent

In appraising internal control over share capital, the first question that the auditors consider is whether the
corporation employs the services of and independent share registrar and a share transfer agent or handles its
own capital share transactions. Internal control is far stronger when the services of an independent share
registrar and a stock transfer agent are utilized because the banks or trust companies acting in these capacities
will have the experience, the specialized facilities, and the trained personnel to perform the work in an expert
manner. Moreover, by placing the responsibility for handling share capital certificates in separate and
independent organizations, the corporation achieves to the fullest extent the internal control concept of
separation of duties.

Internal Control over Dividends

The nature of internal control over the payment of dividends, as in the case of stock issuance, depends
primarily upon whether the company performs the function of dividend payment itself or utilizes the services
of an independent dividend-paying agent. If an independent dividend-paying agent is used, the corporation
will provide the agent with a certified copy of the dividend declaration and a check for the full amount the
dividend. The bank or trust company serving as stock transfer is usually appointed to distribute the dividend,
since it maintains the detailed records of shareholders. The agent is to be recommended from the stand-point
of internal control, for it materially reduces the possibility of fraud or error arising in connection with the
distribution of dividends.

In small corporation that does not use the services of dividend-paying agent, the responsibility for payment of
dividends is usually lodged with the treasurer and the secretary. After declaration of a dividend by the board
of directors, the secretary prepares a list of shareholders as of record, the number of shares held by each, the
amount the dividend each is to receive. The total of these individual amounts is proved by multiplying the
dividend per share by the total number of outstanding shares.

Dividend checks controlled by serial numbers are drawn payable to individual stockholders in the amount
shown on the list described above. If the shareholders ledger is maintained on the computer master file, the
dividend checks may be prepared by the computer directly from this record. The stockholder list and dividend
checks are submitted to the treasurer with the total of share outstanding and mailed without again coming
under control of the officer who prepared them.

Cash in the amount of the total dividend is then transferred from the general bank account to a separate
dividend bank account. As the individual dividend checks are paid from this account and returned by the bank,
they should be matched with the check stubs or marked paid in the dividend check register. A list of
outstanding checks be prepared monthly from the open stubs or open items in the check register.
The list should agree in total with the balance remaining in the dividend bank account. Companies with
numerous shareholders prepare dividend checks in machine-readable form, so that the computer may
perform the reconciliation of outstanding checks.