Internal Control Risks Identified in Apollo Shoes
Assessing control risk is the process of evaluating the design and operating effectiveness of a company’s internal controls as to how it prevents or detects material misstatements in the financial statement assertions of management (Hayes, Dassen, Schilder, & Wallage, 2005). The conclusion reached as a result of assessing control risk is referred to as the assessed level of control risk. When assessing controls the auditor looks for weaknesses in a company’s internal controls for two reasons: to determine the nature and extent of the substantive tests the auditor will perform and to formulate constructive suggestions for improvements (Hayes, Dassen, Schilder, & Wallage, 2005).
…show more content…
Pre-numbering is meant to prevent both the failure to bill or record sales and the occurrence of duplicate billings and recordings. However, it does not do much good to have pre-numbered documents unless they are properly accounted for. To use this control effectively, a billing clerk should file a copy of all shipping documents in sequential order after each shipment is billed, while another employee should periodically account for all numbers and investigate the reason for any missing documents (Arens, Elder, & Beasley, 2012).
The sales order forms were kept in the sales clerk’s working area where many people passed through during the day. Estimated dollar amounts were prepared by sales clerks and written on the order forms. The sales orders are then hand carried to the credit manager, who is in the treasurer’s department. Typically, the computer automatically prepares the sales invoice after the customer number; quantity, destination of goods shipped, and sales terms are entered (Arens, Elder, & Beasley, 2012). The computer calculates the invoice extensions and total sales amount using the information entered, along with prices in the inventory master file.
The issues specified leave room for fraud and misstatements in sales, accounts receivable and revenue. Therefore, the
Control risk associated with the audit also appears to be moderate based on the findings from interim audit procedures conducted in July and August 2007. The controls in place were found to be effective.
* Documents used: customer order, sales order, shipping document, sales invoice, sales journal, remittance advice, bank deposit list, cash receipts jornal, credit memo, sales return and allowance journal, uncollectable account authorization form, a/r master file, a/r trail balance, monthly statement
Stage 2: Test of internal controls - By testing the effectiveness of the internal controls the auditor can determine the control risk that lies within the company. The audit team can perform tests of controls by making inquiries of appropriate client personnel, examining documents, records, and reports maintained by Smackey, observing control-related activities such as the one done for the inventory procedures for returned Best Boy Gourmet dog food, and re-perform the client procedures.
Sales invoices are prepared in batches on a daily basis using numbered sales invoices. Sales invoice numbers are automatically generated by the company’s computer system. The accounts receivable clerk does not have appropriate computer rights to override the computer-generated invoice number. Upon preparing sales invoices, the accounts receivable clerk verifies that the first invoice number of the batch is consistent with the last invoice number of the previous batch. Inconsistencies or skipped sales invoice numbers are investigated and resolved before new sales invoices are prepared. The items shipped are compared to the items billed for proper quantity, price, and other sales order terms.
D.(2)- As goods leave the shipping dock, the system generates a bill of lading and associated sales invoice, which is automatically recorded in the sales journal.
Auditors have the responsibilities as well as management to report internal controls. The auditors must examine closely management’s claim of effectiveness and also physically test the controls. After the examination, the auditors should express their opinion and any recommendations to fix any internal control weaknesses.
The interview with Colin Smith, from Office Products Depot, meant I was able to identify the accounts receivable subsystem they used and their accounts receivable management. I focussed on their policies for the offering and checking of credit, managing credit levels, charging the credit customers, receiving payment from credit customers and the general management of credit customers. I will be using the information from the interview with Colin as well as information from fictitious accounts receivable to explain their policies.
.7.8.Prenumbered sales invoices are kept in a sales journal.The invoices are numbered from 0001 to 5000.
Performing internal tests of controls is intended to assess the operating effectiveness of those internal controls. Here the staff would select an area of control to test, perhaps inventory management and return policy. They would then look at the procedures that help prevent fraud or error, talk to management, and observe activities. They would notice there is very little control in place for this area. There is no management oversight or dock security measures, no direct recording of sales receipts, shipping labels, or matching to accounts receivable. This would be noted as an area of additional concern. The next stage is to perform substantive testing procedures, where the purpose is to collect audit evidence that the management assertions made in the financial statements are reliable and in accordance with GAAP. Since my staff is good, they would have noticed the company’s sales projections are weak in control and are overstated by around 11%. They would perform a substantive test of detail in this area by selecting a sample of items from the account balances and finding bank statements, invoices, and test of details of balances. They would likely see specifically where the over-projections are being made. Lastly, in finalization, they would compile a report to management detailing any important matters, evaluating the audit evidence, and considering the type of audit opinion that should be reported. Specifically here, they would
payment. It also includes the product, the price the customer paid as well as manufacturing
The second control is risk assessment. Evaulating risk assessment involves identifing whether management has implemented controls to leviate risky areas that may lead to matieral misstatements. When Johnson was asked about risk assessment, he seemed to brush it off.
When testing of internal controls indicates that there may be significant deficiencies, then the auditor
ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify