Risk Evaluation and Mitigation by Internal Control
Internal control is defined as a process effected by an organization’s structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization’s resources are directed, monitored, and measured.
It plays an important role in preventing and detecting fraud and protecting the organization’s resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations.
At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization’s payments to third parties are for valid services rendered.) Internal control procedures reduce process variation, leading to more predictable outcomes.According to the COSO Framework, everyone in an organization has responsibility for internal control to some extent. Virtually all employees produce information used in the internal control system or take other actions needed to effect control. Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with the code of conduct,
Need essay sample on "Risk Evaluation and Mitigation by Internal Control"? We will write a custom essay sample specifically for you for only $ 13.90/page
The Chief Executive Officer (the top manager) of the organization has overall responsibility for designing and implementing effective internal control. More than any other individual, the chief executive sets the “tone at the top” that affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive fulfills this duty by providing leadership and direction to senior managers and reviewing the way they’re controlling the business.
You may also be interested in Kudler fine foods virtual organization
Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and procedures to personnel responsible for the unit’s functions. In a smaller entity, the influence of the chief executive, often an owner-manager, is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief executive of his or her sphere of responsibility. Of particular significance are financial officers and their staffs, whose control activities cut across, as well as up and down, the operating and other units of an enterprise.
Management is accountable to the board of directors, which provides governance, guidance and oversight. Effective board members are objective, capable and inquisitive. They also have a knowledge of the entity’s activities and environment, and commit the time necessary to fulfill their board responsibilities. Management may be in a position to override controls and ignore or stifle communications from subordinates, enabling a dishonest management which intentionally misrepresents results to cover its tracks. A strong, active board, particularly when coupled with effective upward communications channels and capable financial, legal and internal audit functions, is often best able to identify and correct such a problem.
AIS at Kudler Fine Foods
When a company is considering purchasing software there are three types of software that the company could possibly look at. They are customer solutions, General ERP and industry specific solutions (VISCO, 2005). Considering any of these choices, there will be advantages and disadvantages; the Kudler team feels that the advantages of industry specific software outweigh those of any of the other alternatives.
Five advantages that Kudler will experience by choosing industry specific software, according to Venture Information System (VISCO) (2005), are:
1. Benefit from the fact that your competitors are doing the same thing
2. Reduced cost of programming.
3. Work with a vendor that understands the company’s needs.
4. Ability to mold your software to fit your business instead of molding your business to fit your software.
5. Shorter Learning curve
Accounting specific software has to be able to collect, record, store and manipulate financial data, and then translate this information into significant information for management decision making (Hunton, Bryant & Bagranoff, 2004). Documentation is a characteristic of AIS and is defined as “all the flowcharts, narratives, and other written communications that describe the inputs, processing, and outputs of AIS (Hunton et al., 2004)”.
Nine reasons can be given as to why documentation is so important, those reasons are: 1) explain how the system works, 2) train others, 3) help developers design new systems, 4) control system development and maintenance costs, 5) standardize communications among system designers, 6) provide information to auditors, 7) document a business’s processes, 8) help a company comply with the Sarbanes-Oxley Act of 2002, and 9) establish employee accountability for specific tasks or procedures (Hunton et al., 2004).
The conversion of any AIS can be both difficult, as well as time consuming. Automation, enhancement, and maintenance of each individual system must all be considered. Consequently, it is necessary to prioritize the transfer of all major individual departments. The order of prioritization for the four systems should be inventory, accounts receivable, accounts payable and payroll.
According to the information provided in the financial documents of Kudler Fine Foods the company’s highest risk from lack of automation lies in the inventory department. The Retail Enterprise Management System currently in use by the company does not have an inventory module. Inventory is being tracked manually mostly by visual inspection through store visits by the manager.
Kudler Fine Foods must stock a number of varying products, many with short or minimal shelf lives. All these products must be accounted for, tracked, and recorded up until their time of sale. Should errors occur, inventory can be one of the most difficult procedures to go back and correct. The second highest priority enhancement should be to the Accounts Receivable process.
The module currently in use is very limited, and this process is being accounted for on a cash basis. Enhancements need to be made to the system to convert to an accrual basis, which a better method of matching income with expenses and it will also bring the company into compliance with GAAP.
The Accounts Payable process appears to need minor enhancements and would fall into the 3rd priority for upgrades. Even though AIS conversions can involve a substantial amount of time and work, there is a great deal of benefit ascertained by their implementation. It is our recommendation that Kudler Fine Foods employ industry specific software capable of handling its accounting needs throughout all departments. Planned and prioritized correctly, disruptions should be manageable with minimal effects on everyday operations.
Risk Evaluation and Mitigation by Internal Control
Risk analysis is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal. This technique also helps to define preventive measures to reduce the probability of these factors from occurring and identify countermeasures to successfully deal with these constraints when they develop to avert possible negative effects on the competitiveness of Kudler Fine Foods. The method that has been chosen to perform a risk analysis for Kudler is called Facilitated Risk Analysis Process (FRAP).
FRAP analyzes one system, application or segment of business processes at time. FRAP assumes that additional efforts to develop precisely quantified risks are not cost effective because:
such estimates are time consuming
risk documentation becomes too voluminous for practical use
specific loss estimates are generally not needed to determine if controls are needed.
After identifying and categorizing risks, a team identifies the controls that could mitigate the risk. The decision for what controls are needed lies with the business manager. The team’s conclusions as to what risks exists and what controls needed are documented along with a related action plan for control implementation.
Three of the most important risks a company might face are unexpected changes in revenue and costs from those budgeted and amount of specialization of the software planned. Risks that affect revenues can be unanticipated competition, privacy, intellectual property right problems, and unit sales that are less than forecast; unexpected development costs also create risk that can be in the form of more rework than anticipated, security holes, and privacy invasions.
Narrow specialization of software with a large amount of research and development expenditures can lead both business and technological risks since specialization does not lead to lower unit costs of software. Combined with the decrease in the potential customer base, specialization risk can be significant for a firm. After probabilities of scenarios have been calculated with risk analysis, the process of risk management can be applied to help manage the risk.
Discussing about the Inventory System for Kudler, it can be found out that the prime risk involved is Sales Forecast. This can easily go wrong for any company, and if it does, the target that is to be achieved and the measurement of the success/failure rate for the entire organization would produce a false picture to the management.
Also, this might induce an increased cost to Kudler and a poor mangement of resource available to the managers. The only way out can be involving highly experienced and efficient management, who could provide with a sales forecast on the basis of current economic condition and market demand and all these have to be done with a precision index of 95%-98%. Employing proper internal control methods to this would mean proper forecast of sales which would in turn result into ambient budgeting and smooth running of business towards a growth objective.
The Accounts Receivable Process in another one that we need to consider in our risk analysis and mitigation discussion. The main risk involved in Accounts Receivable Process is the one related to uninterrupted inflow of cash to Kudler. Though modern day ERP systems have robust business model implementations to keep track of the clientelle, it is sometime not foolproof or in that sense, fraud-proof enough to safeguard the organization to the core.
Whenever an organization is selling some products or services, it is risking its cash inflow to potential fraudulent transactions, or sometimes, bad debt. The same problem that some bank, credit card or financial institutions might face some day or the other, applies to Kudler Fine Foods as well. And to mitigate this risk, what Kudler needs to do, is to employ all its experience to make sure that all account receivable are safeguarded and at the same time, the customer goodwill (which might then be at stake also if the collection and follow up process in not thoroughly professional) has to be kept intact, if not even bettered.
Employing proper internal control methods to this would mean proper maintenance of Accounts Receivables which would in turn result into ambient financial health for Kudler and smooth running of business.
If Accounts Receivable Process is important to the survival of an organization, Accounts Payable is sometimes even more critical. Because, what one does here is spending cash against some product or service that one is buying from someone else. Accounts Payable process involves various activities like tracking products ordered, tracking terms of payment, tracking payment type and time of payment, forecasting liabilities and accounts paid etc. Now, there can be several risks involved in the process.
First one of them being improper tracking of products ordered, which might jeopardise the inventory of Kudler. Again, if payment terms and conditions are not monitored on a regular and thorough basis, some unexpectable payment terms can arise and this might lead to judicial proceedings which would again be an overhead to the company. Then comes proper tracking of payment amounts and payment timelines which would allow Kudler to efficiently plan for its outflow of funds so that the inflow–outblow balance is safeguarded. One more risk involved is forecasting of Kudler’s liabilities to the sundry debtors and vendors.
This forecasting is again a key to success or failure of the business model that is on work. So, it is evident from the above discussion that, an efficient and effective management control should be employed at all levels so as to ensure a proper flow of the entire Accounts Payable process. Employing proper internal control methods to this would mean proper maintenance of Accounts Payables which would in turn result into ambient financial health for Kudler and smooth running of business.