Essay on Internal Control Risks

Control risk associated with the audit also appears to be moderate based on the findings from interim audit procedures conducted in July and August 2007. The controls in place were found to be effective.

* Documents used: customer order, sales order, shipping document, sales invoice, sales journal, remittance advice, bank deposit list, cash receipts jornal, credit memo, sales return and allowance journal, uncollectable account authorization form, a/r master file, a/r trail balance, monthly statement

Stage 2: Test of internal controls - By testing the effectiveness of the internal controls the auditor can determine the control risk that lies within the company. The audit team can perform tests of controls by making inquiries of appropriate client personnel, examining documents, records, and reports maintained by Smackey, observing control-related activities such as the one done for the inventory procedures for returned Best Boy Gourmet dog food, and re-perform the client procedures.

Sales invoices are prepared in batches on a daily basis using numbered sales invoices. Sales invoice numbers are automatically generated by the company’s computer system. The accounts receivable clerk does not have appropriate computer rights to override the computer-generated invoice number. Upon preparing sales invoices, the accounts receivable clerk verifies that the first invoice number of the batch is consistent with the last invoice number of the previous batch. Inconsistencies or skipped sales invoice numbers are investigated and resolved before new sales invoices are prepared. The items shipped are compared to the items billed for proper quantity, price, and other sales order terms.

D.(2)- As goods leave the shipping dock, the system generates a bill of lading and associated sales invoice, which is automatically recorded in the sales journal.

(2) Internal Control Phase: The auditor normally assesses the risk of material misstatement by examining both the general control environment and the application controls per business process

Bill of ladings for goods shipped from a vendor to the purchasing company should always include the company's purchase order number.

Auditors have the responsibilities as well as management to report internal controls. The auditors must examine closely management’s claim of effectiveness and also physically test the controls. After the examination, the auditors should express their opinion and any recommendations to fix any internal control weaknesses.

The interview with Colin Smith, from Office Products Depot, meant I was able to identify the accounts receivable subsystem they used and their accounts receivable management. I focussed on their policies for the offering and checking of credit, managing credit levels, charging the credit customers, receiving payment from credit customers and the general management of credit customers. I will be using the information from the interview with Colin as well as information from fictitious accounts receivable to explain their policies.

.7.8.Prenumbered sales invoices are kept in a sales journal.The invoices are numbered from 0001 to 5000.

Performing internal tests of controls is intended to assess the operating effectiveness of those internal controls. Here the staff would select an area of control to test, perhaps inventory management and return policy. They would then look at the procedures that help prevent fraud or error, talk to management, and observe activities. They would notice there is very little control in place for this area. There is no management oversight or dock security measures, no direct recording of sales receipts, shipping labels, or matching to accounts receivable. This would be noted as an area of additional concern. The next stage is to perform substantive testing procedures, where the purpose is to collect audit evidence that the management assertions made in the financial statements are reliable and in accordance with GAAP. Since my staff is good, they would have noticed the company’s sales projections are weak in control and are overstated by around 11%. They would perform a substantive test of detail in this area by selecting a sample of items from the account balances and finding bank statements, invoices, and test of details of balances. They would likely see specifically where the over-projections are being made. Lastly, in finalization, they would compile a report to management detailing any important matters, evaluating the audit evidence, and considering the type of audit opinion that should be reported. Specifically here, they would

payment. It also includes the product, the price the customer paid as well as manufacturing

The second control is risk assessment. Evaulating risk assessment involves identifing whether management has implemented controls to leviate risky areas that may lead to matieral misstatements. When Johnson was asked about risk assessment, he seemed to brush it off.

When testing of internal controls indicates that there may be significant deficiencies, then the auditor

ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify