Many businesses are concerned with information technology risks. Many organizations are concerned with different types of risk and attempt to control risk as they are assessed. In order to control risk, organizations must create control environments that set the tone of employee awareness and promote operational efficiency. One attempt to control risk is through risk assessment. The purpose of risk assessment is to identify organizational risks and evaluate additional or specific control procedures.
The purpose of this paper is to analyze and assess the risks within the flow charts of accounts payable, accounts receivable, inventory, and payroll recommended by learning team E for Kudler Fine Foods, design internal controls to mitigate risks to the system, evaluate the application of internal controls to the system and discuss other controls outside the system that Kudler Foods may need. Risk Assessments The accounts payable risk assessment is the validation of purchase orders.
This flow chart should incorporate a matching invoice system where the purchase orders are required to match the receiving information. The matching system allows the purchase order to precede the arrival of the vendor’s invoice therefore allowing the accounts payable department to have both receiving information and purchasing information when the invoice arrives. Incorporating a matching procedure helps ensure that the invoice for goods or services has been received and the amount of the invoice is authorized via purchase order by authorized personnel.
This system also ensures that goods being paid for have been authorized by proper personnel. All disbursements should be made by check and digitally signed and authorized by authorized treasury personnel in the accounts payable department. Management should be concerned about purchases that cannot be traced to inventory, and purchases paid at full price for shipments tagged as having missing or defective merchandise. Although Kudler has some perishable items within its inventory, management should also be concerned about high levels of written off waste or scrap product.
Proper internal control measures will signal management of any irregularities. The accounts receivable flow charts show the initiation of procedures, then prepare daily reports, then download sales information from Point of Sales System; authorized personnel should verify information before generating reports to be sent to clients. Customer reports and disputes should be handled by marketing personnel or a separate customer service department. Management should be concerned and notified about frequent complaints of shipment shortages or price changes.
Verifying sales orders and shipments will prevent charges to fictitious accounts. It is important that management monitor sale and shipping activities regularly and note any discrepancies or changes to these accounts over a given period. Shipping of large orders should be verified by a supervisor or authorized personnel. The inventory flow chart show the initiation of purchasing procedures, inventory additions should be dated with the date of the receiving report. Receiving reports should follow the matching principles of the purchase orders.
A pre- installed, pre-numbered invoice system can aide in the document matching control. Inventory issues should be dated with the date of the shipment. Variances are investigated by authorized personnel, such as shipping documents not associated with a sale. Payment releases with authorized digital signature upon verification. The digital signature prevents check theft and forgery. The payroll flow chart shows the initiation of the personnel procedures. Authorized personnel should verify any input of employment records before a file is generated.
Records should be maintained in the human resources department. Time records require supervisor approval. Any changes made to employee records require an employee change form with the signature of the employee, department supervisor signature, and supervisor approval. Major changes such as name, birth date, direct deposit, mailing address, or social security number cannot be changed without employee signature, supporting or witness documents, and requested change forms. Other internal controls outside the system
Kudler Fine Foods can also benefit from implementing a few general control procedures outside the system. For example, written procedures should be available and initialed by employees concerning how inventory is to be physically recorded and input into the automated system. Restrict the number of employees who have keys to the premises. Physically lock up and guard merchandise that is of high value or that can be easily converted into cash. The use of surveillance equipment or cameras can be used to monitor physical access to inventory and other company properties such as equipment.
Provide procedures for identification of slow moving or damaged inventories are another internal control that could be incorporated outside the automated system. To prevent payroll related fraud, Kudler should implement an id process when employees are hired. A current photo identification document should be scanned into the employee file with verified address, and other vital information concerning the employee. Notification should be given to management of employees opting out of direct deposit payment and must obtain employee signature upon receiving a paycheck.
Kudler should also incorporate a verification system for terminated employees that do not wish to receive final pay bank direct deposited. Kudler’s goal is to implement and maintain the necessary internal controls to protect the company against fraud and theft. Internal Control points in the Flow Charts In a controlled environment, risk management requires constant attention. Internal control procedures can mitigate loss if specific procedures and policies are timely implemented.
Some control procedures include the proper authorizations and approvals, segregation of duties and implementing password access to computer systems (Hunton, 2004). Kudler Fine Foods would greatly benefit from implementing additional control procedures to its automated system recommended by team E. The additional document processes are shown in the attached flow charts or A/P, A/R, Inventory, and Payroll processes created by Kudler Fine Foods. Accounts Payable Flowchart: (Phoenix, 2008) (1) 3. (2). 1. Approved by supervisor 2 paid by authorized personnel 3 digital signature required
Accounts Receivable Flowchart: 1. 1. Prepared by authorized personnel Inventory Flowchart: 1 2 1. Should follow invoice matching principles 2 investigation of variance by supervisor 3 digital signature and authorized approval3 Payroll Flowchart (Kudler Fine Foods, 2010): 1 3 2 1 Authorized verification of supervisor and department head 2 Authorized change requests 3 Supporting documents References: Hunton, J. Bryant, S. & Bagranoff, N. (2004). Core concepts of information technology auditing New York: Wiley and Sons University of Phoenix. (2008) Kudler Fine Foods.
Retrieved from University of Phoenix, ACC 542-Accounting Information Systems website ———————– Personnel Records Personnel Records Vendor Codes and Master Files Check Printing Accounts Payable Procedure Tax and Freight Allocations Multiple Bank Accounts Purchase Order Input addresses for International Purchase PO information posts to Vendor Order in AP Large F&A Cash Check To General Ledger F&A Transactions entered manually Accounts Receivable Procedure Prepare Daily Reports Download Sales information from POS Verify information General Accounting To General Ledger
Purchasing Procedure Count Merchandise Received Input Merchandise Received Stock Merchandise Transmit to Purchasing Function Transmit to General Accounting Compare Purchase Order to Receiving Report Variance? Investigate Variance with Purchasing Function Authorize Vendor Payment Yes No Prepare Wire Transfer Submit Wire Transfer Journalize Wire Transfer To General Ledger Download Time Records Verify Approval of Time Records Prepare Payroll and Update Employee Earnings Records Employee Pay Voucher Distribute to Employees Verify Accuracy of Input File Personnel Records ACH Transmission to Banks