Audit & Assurance: Internal Control Deficiencies - Essay Example

AUDIT AND ASSURANCE Audit and Assurance Introduction Audit and assurance entail the review of an organization’s financial statements, as well as transactions in order to ensure that reporting has been done in accordance with the required standards. The review is mainly conducted by certified public accountants who carry out verification procedures to ascertain whether the documents are valid and correct. The information collected through auditing is essential as it helps an organization in decision making. Shareholders of a company develop confidence when the audit reports are positive and indicate the growth and performance of an organization. When conducting an audit, an organization can procure the services of external auditors and at the same time rely on internal auditors employed by the organization. Discussion Introduction of the report EFS (Emerald Fitness Studio) deals with the sale of fresh foods and beverages and operates a chain of several stores. This report provides a case analysis of a company known as Emerald Fitness Studio. The report will also highlight various issues related to internal controls in the organization. In addition, the report will highlight the concept of risk based audit and how it can be used to solve the problems affecting EFS. Another issue discussed in the report is the various elements of internal control, as well as the roles of auditors and statutory auditors. a) Risk-based audit is an approach that is widely used in the audit process of an organization. This concept refers to an approach used in the entire audit process with the sole aim of addressing the timing, nature, as well as audit procedures, especially in areas that are considered to have a financial risk in the company statements. With this approach, auditors ensure that they can easily identify material misstatement in the reports of the company. According to the proponents of this approach, the auditor should have an understanding of the organization, as well as the environment in which it operates. This way, auditors can possibly gain an understanding of risks within the organization that can cause material misstatement. After the risks have been identified, the auditor then assesses them with due consideration of the internal controls within the organization, the risks and their nature, as well as the audit evidence required to conduct the audit process (Khwaja et al 2011, p.11). During a risk-based audit process, the auditor gathers full information on the control environment and the organization’s culture and how it affects operations. Moreover, the auditor has to understand how the organization itself identified risks, its assessment of the identified risks, and the response to the risks. Another vital component that the auditor has to consider is the information system that guides the financial reporting within the organization. The auditor also analyzes how these systems determine how events and transactions within the organization are recorded and reported in the financial statements. Risk-based audit also entail the monitoring of controls within the organization. Therefore, the auditor, has to identify the methods used by the organization to monitor financial reporting and the actions taken when malpractices are identified (Khwaja et al 2011, p.14). The risk-based audit approach can be applied in addressing the issue of EFS inventory. While using this approach, the first step could be identifying the environment in which the organization conducts financial reporting. This way, it will be possible to identify the risks affecting the financial reports such as ledgers and sub-ledgers of EFS. The risk that the company is experiencing relates to the accuracy of fresh drinks and fresh foods inventory. When preparing the audit program for the organization, it is appropriate to use control testing (Khwaja et al 2011, p.16). This will help determine whether the internal controls of the organization address the issues in the inventory. The approach can be used by auditors to set up appropriate measures to solve identified risks. The risk-based approach can also be used to assess whether the EFS has complied with the already established control measures relating to financial reporting. b) Internal controls refer to processes introduced by the management in order to provide assurance regarding the reliability and validity of financial statements. The financial procedures, policies, as well as design of the organization’s financial reports all form part of internal control measures. Internal controls also comprise of the measures that the organization puts in place to ensure that there is integrity, accountability, and responsibility in the recording of financial information. When an organization introduces internal controls, it seeks to achieve certain objectives (Gelinas & Dull 2010, p.227). One of the objectives of introducing internal controls within an organization is to reduce errors. With proper internal controls, organizations can reduce errors in financial reporting, as a result of which there is little money wasted. Employees of the finance department ought to be aware of the procedures and processes they should follow when reporting financial statements. Thus, it is always necessary to train new employees on such processes in order to reduce mistakes that may occur due to lack of training. Financial reports become accurate and there are little errors in recording when employees have been properly trained. The objective of reducing errors helps an organization to maintain its reputation and performance (Gelinas & Dull 2010, p.228). The other objective of internal controls is to ensure that theft and fraud within the organization are prevented. There are many instances of theft and fraud in financial statements of organizations that have not established internal controls. Organizations that introduce internal controls of financial statements ensure that bank statements are properly reconciled and audit reviews are conducted internally. This avoids the misappropriation of an entity’s finances, either by the employees or the management. Internal controls also have the objective of organizing financial information in an organization. Financial information is well organized when an entity keeps proper records and follows the established internal controls. With effective organization of financial data, the productivity of an organization improves significantly. Internal controls also help in restricting unauthorized access to financial reports. This ensures that financial data is not tampered with as only those authorized by the management can access crucial financial information (Gelinas & Dull 2010, p.228). Internal controls enhance separation of duties in an organization; they state the role that each employee of the organization should play. This is essential in ensuring that the entity has a system of balances and checks. For instance, there is a clear separation of responsibilities whereby the employees who deal with payables do not handle receivables. The other objective of internal controls is to ensure that the law governing financial reporting is upheld. For example, the Sarbanes-Oxley Act states that public companies should have internal controls when conducting financial reporting. This helps investors to ascertain the financial data of the company and determine the integrity of the organization and its management (Gelinas & Dull 2010, p.229). c) Internal control systems comprise of five elements, which are communication, control environment, assessing and managing risk, control activities, as well as monitoring. As an element, the control environment refers to the attitude towards control consciousness, as well as internal control. This attitude is introduced by the employees of the organization and the management who are also involved in maintaining it. The control environment consists of aspects such as the management style of the organization, the ethical standards set up by the organization and the philosophy of management that the organization employs. Other factors that guide the control environment include mission and vision of the entity, moral of employees, and organization structure and culture (Chambers & Rand 2011, p.120). Communication is another key aspect of internal controls; this element calls for the collaboration between employees and sharing of crucial information that can help in decision making. The management should share information with subordinate employees. It is necessary to conduct communication in a timely manner in order to ensure responsibilities are carried out within the specified time. Communication should be appropriate to the users of financial statements and disseminated clearly to enhance understanding. The assessment and management of risk is another key element of internal controls. Since risks hinder the accomplishment of an organization’s goals, it is vital to identify them, and come up with the best measures on how they can be managed. Both internal and external risks that threaten performance of an organization should be identified. There are some instances when the organization cannot manage to prevent the occurrence of risks. When such a situation is experienced, it is necessary to introduce processes that will address the risk (Chambers & Rand 2011, p.121). The establishment of control activities is a central component of internal controls in a business enterprise. These refer to tools that the organization uses to minimize the occurrence of risks that hinder success of an organization. The activities are aimed at enhancing efficient accomplishment of the organization’s goals, mission, and objectives. Some of the control activities include proper financial reporting, supervision, documentation, and safeguarding the assets of the organization. Internal controls also comprise of the element of monitoring. Monitoring involves evaluating the performance of an organization after introducing controls in order to determine the effectiveness of the controls. During monitoring, the main areas of concern include focusing on the results, assessing communication within an organization, evaluating the control environment, as well as opportunities that the organization has and the risks it faces (Chambers & Rand 2011, p.122). d) Directors of a company play a distinct role from the statutory auditor when it comes to assessing internal controls and the risk management systems of an organization. While directors strive to ensure that the organization’s audit entity is effective and efficient, the statutory auditors focus on the fairness of financial accounts, as well as the truth in these accounts. Therefore, the role of directors is more confined to the internal audit of the organization while, on the other hand, statutory auditors focus more on the external audit of the organization. In addition, directors have the responsibility to ensure that they prepare and maintain accurate financial records and implement internal controls within the organization. On the other hand, the statutory auditors ascertain whether the financial statements have been prepared in accordance with the appropriate accounting standards (OECD 2011, p. 68). Moreover, the statutory auditors monitor the implementation of internal controls to ensure that risks are being averted by the organization. e) Deficiency 1 In the EFS system, there are certain internal control deficiencies that need to be addressed. First, there is a deficiency in the monthly reconciliation of the organization’s ledger accounts. It seems the checks being conducted by the studio manager do not yield accurate results. It is recommended that this reconciliation be conducted by a qualified accountant who either works within the organization or is an external auditor. The reconciliation should also be done by an independent entity, more specifically a person who has not been given the responsibility of book keeping in the organization. Moreover, the reconciliation should be reviewed by a supervisor to ensure that everything is okay. The other recommendation to solve this deficiency is proper examination of the organization’s bank statements to ensure that the correct sequence is followed when issuing checks. The statements of the bank such as ledgers should be correctly dated in order to verify when the transactions took place and avoid poor estimation of dates. Filing of bank statements is also recommended as it ensures that proper records of the transactions are kept. As a result, errors in recording of financial information are avoided and the management can minimize possible losses of finances. Deficiency 2 Another deficiency is the lack of a committee to oversee the operations of the organization. It seems that the studio manager has been accorded a lot of powers. The operations of the organization should be monitored by a committee or board, comprising of several managers and accountants (Gelinas & Dull 2010). The operations of the organization should be overseen by the board of directors, which is mandated to monitor the financial activity of the entity regularly. In addition, the board should seek explanations as to why there are variations between the expenses and the budgeted amounts. It is essential that the company’s ledger be checked by the committee. This ensures that there is accountability on the prompt payment of suppliers, as well as taxes that the organization owes the government. Another strategy that can be recommended to address this deficiency is the segregation of duties. The studio manager is mandated to oversee the all the operations of a store. Given that there might be many activities in a single store, it can be challenging for this manager to effectively control all of them, and this can lead to errors. Thus, this duty should be segregated among various employees in the organization to reduce possible risks that can emanate from the manager’s inability to perform his duties effectively. Deficiency 3 Another deficiency emanates from the production of inventory. From the case, it is evident that there is always 50% of inventory held in the back office. Although the organization has equipped each studio with two cabinets for refrigeration, the products (Excelsior fitness dairy and Vita) can only stay for one week. This implies that when one week is over, there is a possibility of these products going bad. As a result, the organization can incur losses in case these products are not purchased by customers within one week. Several internal controls can help minimize possible losses resulting from the perishability of the products. One recommendation is the reduction in the production of inventory to reduce possible losses, which can emanate from the perishability of the inventory. The management should control production and evaluate the market properly to minimize over production. Moreover, the ingredients used to produce the products should be re-examined. The organization should start incorporating ingredients that can better preserve the food products to increase the shelf life to more than one week. Therefore, EFS can hire experts who are knowledgeable in food and beverage production to give professional advice on how to improve the shelf-life of the products (Gelinas & Dull 2010). Deficiency 4 Another deficiency relates to the fact that the accountants work only on Monday nights, in the back office. Although there is restricted access to the accountant’s workplace, there can be repercussions of working on Mondays nights only. One of the impacts of working on a single day is inability to reconcile all the statements and transactions. This can lead to improper reporting of financial transactions in the organization. Working at night can also lead to boredom and burnout, and as a result, yield poor results from the accounting department of the organization. In order to improve the results of the accounting department, it is necessary for the accountants to work for several days a week. Rather than work on Monday nights only, accountants should work for five days a week. This will ensure that they keep track of the financial transactions in an organization and update their records on a daily basis. Moreover, working during the day is more convenient than at night since most of the organization’s transactions happen at day time. The management should allow the accountants to liaise with one another and work together as a team rather than work alone. This way, the accountants will have the opportunity to consult each other about crucial financial matters affecting the organization (Chambers and Rand, 2011). Conclusion of the Report. EFS is an organization facing several challenges in the recording of financial information. After evaluating the challenges being experienced by the organization, it is necessary to come up with appropriate measures to address the deficiencies. The use of risk based audit approach is applicable when addressing the challenges of the organization. Conclusion It is worth noting that audit and assurance are crucial components of financial reporting in an organization. Business entities should always make sure that financial information is properly recorded and reported in the financial statements. Organizations can introduce internal control measures aimed at reducing instances of risk within the organization. The objective of conducting an audit is to ensure that the financial information is accurate, valid, and up-to-date. The elements of internal control include communication, control environment, assessing and managing risks, as well as control activities and monitoring. References List Chambers, A D, & Rand, G K 2011, The Operational Auditing Handbook: Auditing Business and IT Processes. Hoboken [N.J., John Wiley & Sons. Gelinas, U. J, & Dull, R B 2010, Accounting information systems. Australia, South-Western/ Cengage Learning. Khwaja, M S, Awasthi, R, & Loeprick, J 2011, Risk-based tax audits: Approaches and country experiences. Washington D.C, World Bank. Organisation for Economic Co-operation and Development 2011, Board practices: Incentives and governing risks. Paris, OECD. Read More