CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT

and INTERNAL CONTROL

UNIT IV – INTERNAL CONTROL: A VITAL TOOL IN MANAGING RISK

Chapter 13: OVERVIEW OF INTERNAL CONTROL

Expected Learning Outcomes

After studying the chapter, you should be able to …

1. Explain what internal control is.

2. Describe the nature and purpose of internal control.
3. Define internal control system.
4. Explain the elements of internal control, namely:
● Control environment
● Entity’s risk assessment process
● Information system
● Control actions
● Monitoring of controls

NATURE AND PURPOSE OF INTERNAL CONTROL

Internal control is the process designed and affected by those charged with governance, management
and other personnel to provide reasonable assurance about the achievement of the entity’s objectives
with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance
with applicable laws and regulations. It follows that internal control is designed and implemented to
address identified business risks that threaten the achievement of any of these objectives.

Those objectives fall into three categories:

● Reliability of the entity’s financial reporting

● Effectiveness and efficiency of operations
● Compliance with applicable laws and regulations

Whether an entity achieves its objectives relating to financial reporting and compliance is determined by
activities within the entity’s control. However, achieving its objectives relating to operations will depend
not only on management’s decisions but also on competitor’s actions and other factors outside the
entity.

INTERNAL CONTROL SYSTEM DEFINED

2nd Semester 2019-2020 GOVBUSMANPage 1

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
Internal control system means all the policies and procedures (internal controls) adopted by the
management of an entity to assist in achieving management’s objective of ensuring, as far as practicable,
the orderly and efficient conduct of its business, including adherence to management policies, the
safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness
of the accounting records, and the timely preparation of reliable financial information.

ELEMENTS OF INTERNAL CONTROL

Internal control structures vary significantly from one company to the next. Factors such as size of the
business, nature of operations, the geographical dispersion of its activities, and objectives of the
organization affect the specific control features of an organization. However, certain elements or
features must be present to have a satisfactory system of control in almost any large scale organization.

The internal control system extends beyond these matters which relate directly to the functions of the
accounting system and consists of the following components:

a. The control environment;

b. The entity’s risk assessment process;
c. The information system, including the related business processes, relevant to financial reporting,
and communication;
d. Control activities;
e. Monitoring of controls.

A. Control Environment
The control environment which means the overall attitude, awareness and actions of directors
and management regarding the internal control system and its importance in the entity. The
control environment has an effect on the effectiveness of the specific control procedures. A
strong control environment, for example, one with tight budgetary controls and an effective
internal audit function, can significantly complement specific control procedures. However, a
strong environment does not, by itself, ensure the effectiveness of the internal control system.
Factors reflected in the control environment include:
● The function of the board of directors and its committees;
● Management’s philosophy and operating style;
● The entity’s organizational structure and methods of assigning authority and
responsibility;
● Management’s control system including the internal audit function, personnel policies
and procedures and segregation of duties.

2nd Semester 2019-2020 GOVBUSMANPage 2

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
The environment in which internal control operates has an impact on the effectiveness of the specific
control procedures. Several factors comprise the control environment, including:

1. Communication and Enforcement of Integrity and Ethical Values

Integrity and ethical values are essential elements of the internal control environment. They
affect the design, administration, and monitoring of other components of internal control. An
entity’s ethical and behavioral standards and the manner in which it communicates and
reinforces them determine the entity’s integrity and ethical behavior.
2. Commitment to competence
Competence is the knowledge and skills necessary to accomplish tasks that define an employee’s
job. Commitment to competence means that management considers the competence levels for
particular jobs in determining the skills and knowledge required of each employee and that it
hires employees competent to perform the tasks.
3. Participation by those Charged with GovernanceAttributes of those charged with governance
include independence from management, their experience and stature, the extent of their
involvement and scrutiny of activities, the appropriateness of their actions, the information they
receive, the degree to which difficult questions are raised and pursued with management, and
their interaction with internal and external auditors.
4. Management’s Philosophy and Operating Style
This refers to management’s attitude towards (a) business risk, (b) financial reporting , (c)
meeting budget ,profit and other established goals which all have impact on the reliabilityof the
financial statement
5. Organizational Structure
The responsibilities and authorities of the various personnel within the organization should be
established in such a manner asto (1) assist entity in meeting its goals and objectives and (2)
ensure that transactions are processed, summarized and reported in in an accurate and timely
manner. Organizational structure provides the overall framework for planning, directing and,
controlling operations.
6. Assignment of Authority and Responsibility
Peronnel within an organization need to have a clearunderstanding of their responsibilities and
the rules and regulations that govern their actions. Management may develop job descriptions,
computer system documentation. It may also establish policies regarding acceptable business
practice, conflicts of interest and code of conduct..
7. Human Resources Policies and Procedures
Perhaps the most important element of an internal accounting control system is the people who
perform and execute the established policies and procedures.Personnel policies should be
adopted by the client to reasonably ensure that only capable and honest persons are hired and
retained. Policies with respect to employee selection ,tranning , and supervision should be
adopted and implemented by the client. The selection of competent and honest personnel does
not automatically assur that errors or irregularities will not occur.

2nd Semester 2019-2020 GOVBUSMANPage 3

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL

B. Entity’s Risk Assessment Process

Risk assessment is the “identification, analysis, and management of risks pertaining to the
preparation of financial statement”. For example risk assessment may focus on how the entity
considers the possibility of transaction not being recorded or identifies and assesses significant
estimates recorded in the financial statements.

An entity’s risk assessment process is its process identifying and responding to business risks and
thee result thereof. For financial reporting purposes, the entity’s risk assessment process
includes how management identifies risks relevant to the preparation of financial statement that
are presented fairly, in all material respect in accordance with the entity’s applicable financial
reporting framework , estimates their significance , assesses the likelihood of their occurrence
,and decides upon actions to manage them.

Risks relevant to financial reporting include internal and external events and circumstances that
may occur and adversely affect an entity’s ability to initiate, record, process, and report financial
data consistent with the assertions of management in the financial statements. Once risks are
identified, management considers their significance, the likelihood of their occurrence, and how
they should be managed. Management may initiate plans, programs, or actions to address
specific risks or it may decide to accept a risk because of cost or other considerations. Risks can
arise or change due to circumstances such as the following:
● Changes in operating environment
● New personnel
● New or revamped information systems
● Rapid growth
● New technology
● New business models
● Corporate restructurings
● Expanded foreign operations
● New accounting pronouncements

C. Information System, including the Business Processes, Relevant to Financial Reporting

and Communications

An information system consists of infrastructure (physical and hardware components),

software, people, procedures, and data. Infrastructure and software will be absent, or have less
significance, in systems that are exclusively or primarily manual. Many information systems make
extensive use of IT.

2nd Semester 2019-2020 GOVBUSMANPage 4

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
The Information System, Including Related Business Processes, Relevant to Financial Reporting

The information system relevant to financial reporting objectives, which includes the accounting
system, consists of the procedure and records designed and established to:

● Initiate, record, process, and report entity transactions (as well as events and conditions)
and to maintain accountability for the related assets, liabilities, and equity;
● Resolve incorrect processing of transactions, for example, automated suspense files and
procedures followed to clear suspense items out on a timely basis;
● Process and account for system overrides and bypasses to controls;
● Transfer information from transaction processing systems to the general ledger;
● Capture information relevant to financial reporting for events and conditions other than
transactions, such as the depreciation and amortization of assets and changes in the
recoverability of accounts receivables; and
● Ensure information required to be disclosed by the applicable financial reporting
framework is accumulated, recorded, processed, summarized, and appropriately
reported in the financial statements.

Journal Entries

An entity’s information system typically includes the use of standard journal entries that are
required on a recurring basis to record transactions. An entity’s financial reporting process also
includes the use of non-standard journal entries to record non-recurring, unusual transactions or
adjustments. In manual general ledger systems, non-standard journal entries may be identified
through inspection of ledgers, journals, and supporting documentation. When automated
procedures are used to maintain the general ledger and prepare financial statements, such
entries may exist only in electronic form and may therefore be more easily identified through the
use of computer-assisted audit techniques.

Related Business Processes

An entity’s business processes are the activities designed to:

● Develop, purchase, produce, sell and distribute an entity’s products and services;
● Ensure compliance with laws and regulations; and
● Record information, including accounting and financial reporting information.

Business processes result in the transactions that are recorded, processed and reported by the
information system. Obtaining an understanding of the entity’s business processes, which
include how transactions are originated, assists the auditor obtain an understanding of the
entity’s information system relevant to financial reporting in a manner that is appropriate to the
entity’s circumstances.

Accordingly, an information system encompasses methods and records that:

2nd Semester 2019-2020 GOVBUSMANPage 5

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
1) Identify and record all valid transactions.
2) Describe on a timely basis the transactions in sufficient detail to permit proper
classification of transactions for financial reporting.
3) Measure the value of transactions in a manner that permits recording their proper
monetary value in the financial statements.
4) Determine the time period in which transactions occurred to permit recording of
transactions in the proper accounting period.
5) Present properly the transactions and related disclosures in the financial statements.

Communication involves providing an understanding of individual roles and responsibilities

pertaining to internal control over financial reporting. It includes the extent to which personnel
understand how their activities in the financial reporting information system relate to the work
of others and the means of reporting exceptions to an appropriate higher level within the entity.
Open communication channels help ensure that exceptions are reported and acted on.

D. Control activities
Control activities are the policies and procedures that help ensure that management directives
are carried out, for example, that necessary actions are taken to address risks that threaten the
achievement of the entity’s objectives. Control activities, whether within IT or manual systems,
have various objectives and are applied at various organizational and functional levels.

The major categories of control procedures are:

A. Performance Review
B. Information Processing Controls
1. Proper authorization of transactions and activities
2. Segregation of duties
3. Adequate documents and records
4. Safeguards over access to assets; and
5. Independent checks on performance
C. Physical controls

A brief description of these procedures follows:

A. Performance Review
In performance review management uses accounting and operating data to assess
performance, and it then takes corrective action. Such reviews include:

● Comparing actual performance (or operating results) with budgets, forecasts, prior
period performance, or competitors’ data or tracking major initiatives such as
cost-containment or cost-reduction programs to measure the extent to which targets
are being met.

2nd Semester 2019-2020 GOVBUSMANPage 6

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
● Investigating performance indicators based on operating or financial data, such as
quantity or purchase price variances or the percentage of returns to total orders.
● Reviewing functional or activity performance, such as relating the performance of a
manager responsible for a bank’s consumer loans with some standard, such as
economic statistics or targets.

B. Information Processing Controls

Information processing controls are policies and procedures designed to require

authorization of transactions and to ensure the accuracy and completeness of transaction
processing. Control activities may be classified according to the scope of the system they
affect. General controls are control activities that prevent or detect errors or irregularities
for all accounting systems. General controls affect all transaction cycles and apply to
inf0rmation processing such as a center, hardware and systems software acquisition and
maintenance and back-up and recovery procedures. Application controls are controls that
pertain to the processing of a specific type of transaction, such as payroll, or sales and
collections. These controls help ensure that transactions occurred, are authorized, and are
completely and accurately recorded and processed.

Internal controls relating to the accounting system are concerned with achieving objectives
such as:
● Transactions are executed in accordance with management’s general or specific
authorization.
● All transactions and other events are promptly recorded in the correct mount, in the
appropriate accounts and in the proper accounting period so as to permit
preparation of financial statements in accordance with an identified financial
reporting framework.
● Access to assets and records is permitted only in accordance with management’s
authorization.
● Recorded assets are compared with the existing assets at reasonable intervals and
appropriate action is taken regarding any differences.

Control activities related to the processing of transactions may be grouped as follows: (1)
proper authorization, (2) segregation of duties, (3) design and use of adequate documents and
records, and (4) access to assets, (5) independent checks on performance.

1. Proper authorization of transactions and activities

Authorization for the execution of transactions flows from the stockholders to management
and its subordinates. Before a transaction is entered into with another party, certain
conditions must usually be met.

2nd Semester 2019-2020 GOVBUSMANPage 7

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
2. Segregation of duties
No person should be assigned duties that would allow that person to commit and error or
perpetuate fraud and to conceal the error or fraud.
3. Adequate documents and records
The use of adequate documents and records allow the company to obtain reasonable
assurance that all valid transactions have been recorded.
4. Access to assets
The resources of a client can be protected by the establishment of physical barriers and
appropriate policies. Appropriate company policies are adopted so that only authorized
persons have access to company resources.
5. Independent checks on performance
The objective of a well-designed internal accounting control system is the adoption of
procedures that periodically compare the actual asset with its recorded balance. An
important part of an internal accounting control system is to determine the effectiveness of
recording policies and asset access policies.

C. Physical Controls
Controls that encompass:
● The physical security of assets, including adequate safeguards such as secured
facilities over access to assets and records.
● The authorization for access to computer programs and data files.
● The periodic counting and comparison with amounts shown on control records (for
example, comparing the results of cash, security and inventory counts with
accounting records).

The extent to which physical controls intended to prevent theft of assets are relevant to
the reliability of financial statement preparation, and therefore the audit, depends on
circumstances such as when assets are highly susceptible to misappropriation. The
concepts underlying control activities in small entities are likely to be similar to those in
larger entities, but the formality with which they operate varies. Further, small entities
may find that certain types of control activities are not relevant because control applied
by management. An appropriate segregation of duties often appears to present
difficulties in small entities. Even companies that have only a few employees, however,
may be able to assign their responsibilities to achieve appropriate segregation or, if that
is not possible, to use management oversight of the incompatible activities to achieve
control objectives.

E. Monitoring of Controls

Monitoring, the final component of internal control, is the process that an entity use to assess
the quality of internal control over time. Monitoring involves assessing the design and operation

2nd Semester 2019-2020 GOVBUSMANPage 8

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
controls on a timely basis and taking corrective action as necessary. Management monitors
controls to consider whether they are operating as intended and to modify them as appropriate
for changes in conditions. In many entities, internal auditors evaluate the design and operation
of internal control and communicate information about strengths and weaknesses and
recommendations for approving internal control.

Some monitoring activities may include communications from external parties that may indicate
problems are highlight areas in need of improvements. Customers implicitly corroborate billing
data by paying their invoices or complaining about their charges. In addition, regulators may
communicate with the entity concerning matters that affect the functioning of internal control,
for example, communications concerning examinations by bank regulatory agencies. Also,
management may consider communications relating to internal control from external auditors in
performing monitoring activities.

Chapter 14: FRAUD AND ERROR

Expected Learning Outcomes

After studying the chapter, you should be able to …

1. Explain what fraud means.

2. Explain the major types of misstatements, namely
a. Misstatements arising from misappropriation of assets
b. Misstatements arising from misappropriations of assets and explain
3. Give and explain the elements of a fraud triangle.
4. Give and explain the risk factors that contribute to misappropriation of assets.
5. Explain who is primarily responsible for the prevention and detection of fraud in a business
enterprise.
6. Give and explain the risk factors that contribute to fraudulent financial reporting.

INTRODUCTION

In the previous chapters, corporate governance has been described as the process by which the owners
and various stakeholders of an organization exert control through requiring accountability for the
resources entrusted to the organization.

This chapter introduces fraud risk and errors and how they be reduced if not totally avoided by having
effective internal control – a tool of good corporate governance.

Fraud is an intentional act involving the use of deception that results in a material misstatement of the
financial statements. Two types of misstatements are relevant to auditors’ consideration of fraud: (a)
misstatements arising from misappropriation of assets, and (b) misstatements arising from fraudulent
financial reporting.

2nd Semester 2019-2020 GOVBUSMANPage 9

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
Intent to deceive is what distinguishes fraud from errors. Auditors routinely find financial errors in their
client’s books; but those errors are not intentional.

TYPES OF MISSTATEMENTS

a. Misstatements arising from misappropriation of assets

b. Misstatements arising from fraudulent financial reporting

Misstatements arising from misappropriation of assets

Asset misappropriation occurs when a perpetrator steals or misuses an organization’s assets. Asset
misappropriations are the dominant fraud scheme perpetrated against small business and the
perpetrators are usually employees. Asset misappropriations can be accomplished in various ways,
including embezzling cash receipts, stealing assets, or causing the company to pay for goods or
services that were not received.

Asset misappropriation commonly occurs when employees:

● Gain access to cash and manipulate accounts to cover up cash thefts.

● Manipulate cash disbursements through fake companies.
● Steal inventory or other assets and manipulate the financial records to cover up the Fraud.

Misstatements arising from Fraudulent Financial Reporting

The intentional manipulation of reported financial results to misstate the economic condition of the
organization is called fraudulent financial reporting. The perpetrator of such a fraud generally seeks
gain through the rise in stock price and the commensurate increase in personal wealth. Sometimes
the perpetrator does not seek direct personal gain, but instead uses the fraudulent financial
reporting to “help” the organization avoid bankruptcy or to avoid some other negative financial
outcome.

Three common ways in which fraudulent financial reporting can take place include:

1. Manipulation, falsification, or alteration of accounting records or supporting documents.

2. Misrepresentation or omission of events, transactions, or other significant information.
3. Intentional misapplication of accounting principles.

2nd Semester 2019-2020 GOVBUSMANPage 10

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
THE FRAUD TRIANGLE

The Fraud Triangle characterizes incentives, opportunities and rationalizations that enable fraud to
exist.

The three elements of the fraud triangle are:

● Incentive to commit fraud

● Opportunity to commit and conceal the fraud
● Rationalization – the mindset of the fraudster to justify committing the fraud.

INCENTIVES OR PRESSURES TO COMMIT FRAUD

Incentives relating to asset misappropriation include:

⮚ Personal factors, such as severe financial considerations

⮚ Pressures from family, friends, or the culture to live a more lavish lifestyle than one’s personal
earnings allow for
⮚ Addictions to gambling or drugs

The incentives include the following for fraudulent financial reporting:

⮚ Management compensation schemes

⮚ Other financial pressures for either improved earnings or an improved balanced sheet

⮚ Debt covenants

⮚ Pending retirement or stock option expirations

⮚ Personal wealth tied to either financial results or survival of the company

⮚ Greed – for example, the backdating of stock options was performed by individuals who already
had millions of pesos of wealth through stock.

2nd Semester 2019-2020 GOVBUSMANPage 11

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
OPPORTUNITIES TO COMMIT FRAUD

One of the most fundamental and consistent findings in fraud research is that there must be an
opportunity for fraud to be committed. Some of the opportunities to commit fraud that the top
management should consider include the following:

⮚ Significant related-party transactions

⮚ A company’s industry position, such as the ability to dictate the terms or conditions to suppliers
or customers that might allow individuals to structure fraudulent transactions
⮚ Management’s inconsistency involving subjective judgments regarding assets or accounting
estimates
⮚ Simple transactions that are made complex through an unusual recording process

⮚ Complex or difficult to understand transactions, such as financial derivatives or special-purpose

entities.
⮚ Ineffective monitoring of management by the board, either because the board of directors is not
independent or effective, or because there is a domineering manager
⮚ Complex or unstable organizational structure

⮚ Weak or nonexistent internal controls

RATIONALIZING THE FRAUD

For asset misappropriation, personal rationalizations often revolve around mistreatment by the company
or a sense of entitlement by the individual perpetrating the fraud. Following are some common
rationalizations for asset misappropriation:

⮚ Fraud is justified to save a family member or loved one from financial crisis.

⮚ We will lose everything (family, home, car and so on) if we don’t take the money

⮚ No help is available from outside

⮚ This is “borrowing”, and we intend to pay the stolen money back at some point

⮚ Something is owed by the company because others are treated better

⮚ We simply do not care about the consequences of our actions or of accepted notions of decency
and trust; we are for ourselves.

2nd Semester 2019-2020 GOVBUSMANPage 12

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
For fraudulent financial reporting, the rationalization can range from “saving the company” to personal
greed, and may include the following:

⮚ This is one-time thing to get us through the current crisis and survive until things get better

⮚ Everybody cheats on the financial statements a little; we are just playing the same game.

⮚ We will be in violation of all of our debt covenants unless we find a way to get this debt off the
financial statements
⮚ We need a higher stock price to acquire company XYZ, or to keep our employees through stock
options, and so forth.

RISK FACTORS CONTRIBUTORY TO MISAPPROPRIATION OF ASSETS

Misappropriation of assets involves the theft of an entity’s assets and is often perpetrated by employees
in relatively small and immaterial amounts. However, it can also involve management who are usually
more able to disguise or conceal misappropriations in ways that are difficult to detect. Misappropriation
of assets can be accompanied in a variety of ways including:

● Embezzling receipts (for example, misappropriating collections on accounts receivable or

diverting receipts in respect of written-off accounts to personal bank accounts).
● Stealing physical assets or intellectual property (for example, stealing inventory for personal use
or for sale, stealing scrap for resale, colluding with a competitor by disclosing technological data
in return for payment).
● Causing an entity to pay for goods and services not received (for example, payments to fictitious
vendors, kickbacks paid by vendors to the entity’s purchasing agents in return for inflating
prices, payments to fictitious employees).
● Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a
personal loan or loan to a related party).

Misappropriation of assets is often accompanied by false or misleading records or documents in order

to conceal the fact that the assets are missing or have been pledged without proper authorization.

A. Incentives/ Pressures
1. Personal financial obligations may create pressure on management or employees with
access to cash or other assets susceptible to theft to misappropriate those assets.
2. Adverse relationships between the entity and employees with access to cash or other assets
susceptible to theft may motivate those employees to misappropriate those assets. For
example, adverse relationships may be created by the following:
(a) Known or anticipated future employee layoffs.
(b) Recent or anticipated changes to employee compensation or benefit plans
(c) Promotions, compensation, or other rewards inconsistent with expectations.

2nd Semester 2019-2020 GOVBUSMANPage 13

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
B. Opportunities

1. Certain characteristics or circumstances may increase the susceptibility of assets to

misappropriation. For example, opportunities to misappropriate assets increase when
following situation exist:
(a) Large amounts of cash on hand are processed.
(b) Inventory items that are small in size, of high value, or in high demand.
(c) Fixed assets which are small in size, marketable, or lacking observable identification of
ownership.
2. Inadequate internal control over assets may increase the susceptibility of misappropriation
of those assets. For example, misappropriation of assets may occur because of the
following:
(a) Inadequate segregation of duties or independent checks.
(b) Inadequate oversight of senior management expenditures, such as travel and other
reimbursements.
(c) Inadequate management oversight of employees responsible for assets, for example,
inadequate supervision or monitoring of remote locations.
(d) Inadequate job applicant screening of employees with access to assets.
(e) Inadequate record keeping with respect to assets.
(f) Inadequate system of authorization and approval of transactions (for example, in
purchasing)
(g) Inadequate physical safeguards over cash, investments, inventory, or fixed assets.
(h) Lack of complete and timely reconciliation of assets
(i) Lack of timely and appropriate documentation of transactions, for example, credits for
merchandise returns.
(j) Lack of mandatory vacations for employees performing key control functions.
(k) Inadequate management understanding of information technology, which enables
information technology employees to perpetrate a misappropriation.
(l) Inadequate access controls over automated records, including controls over and review
of computer systems event logs.

C. Attitude / Rationalization

1. Disregard for the need for monitoring or reducing risks related to misappropriation of assets.
2. Disregard for internal control over misappropriation of assets by overriding existing controls
or by failing to correct known internal control deficiencies.
3. Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the
employee
4. Changes in behavior or lifestyle that may indicate assets have been misappropriated.
5. Tolerance of petty theft.

2nd Semester 2019-2020 GOVBUSMANPage 14

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
RISK FACTORS CONTRIBUTORY TO FRAUDULENT FINANCIAL REPORTING

Fraudulent financial reporting may be accomplished by the following:

● Manipulation, falsification (including forgery), or alteration of accounting records or supporting

documentation from which the financial statements are prepared.
● Misrepresentation in, or intentional omission from, the financial statements of events,
transactions or other significant information.
● Intentional misapplication of accounting principles relating to amounts, classification, manner of
presentation, or disclosure.

Fraudulent financial reporting involves intentional misstatements including omissions of amount or

disclosures in financial statements to deceive financial statement users. It can be caused by the
efforts of management to manage earnings in order to deceive financial statement users by
influencing their perceptions as to the entity’s performance and profitability. Such earnings,
management may start out with small actions or inappropriate adjustment of assumptions and
changes in judgments management. Pressures and incentives may lead these actions to increase to
the extent that they result in fraudulent financial reporting. In some entities, management may be
motivated to reduce earnings by a material amount to minimize tax or inflate earnings to secure
bank financing.

A. Incentive / Pressure

Incentive or pressure to commit fraudulent financial reporting may exist when management is
under pressure, from sources outside or inside the entity, to achieve an expected (and perhaps
unrealistic) earnings target or financial outcome – particularly since the consequences to
management for failing to meet financial goals can be significant.

B. Opportunities

A perceived opportunity to commit fraud may exist when an individual believes internal control
can be overridden, for example, because the individual is in a position of trust or has knowledge
of specific weakness in internal control.

Fraudulent financial reporting often involves management override of controls that otherwise
may appear to be operating effectively. Fraud can be committed by management overriding
controls using such techniques as:
● Recording fictitious journal entries, particularly close to the end of an accounting period,
to manipulate operating results or achieve other objectives.
● Inappropriately adjusting assumptions and changing judgments used to estimate
account balances.

2nd Semester 2019-2020 GOVBUSMANPage 15

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
● Omitting, advancing or delaying recognition in the financial statements of events and
transactions that have occurred during the reporting period.
● Concealing, or not disclosing, facts that could affect the amounts recorded in the
financial statements.
● Engaging in complex transactions that are structured to misrepresent the financial
position or financial performance of the entity.
● Altering records and terms related to significant and unusual transactions.

C. Rationalizations

Individuals may be able to rationalize committing a fraudulent act. Some individuals possess and
attitude, character or set of ethical values that allow them knowingly and intentionally to
commit a dishonest act. However, even otherwise honest individuals can commit fraud in an
environment that imposes sufficient pressure on them.

RESPONSIBILITY FOR THE PREVENTION AND DETECTION OF FRAUD

The primary responsibility for the prevention and detection of fraud rests with both those charged with
governance of the entity and management. It is important that management, with the oversight of
those charged with governance, place a strong emphasis on fraud prevention, which may reduce
opportunities for fraud to take place, and fraud deterrence, which could persuade individuals not to
commit fraud because of the likelihood of detection and punishment. This involves a commitment to
creating a culture of honesty and ethical behavior which can be reinforced by an active oversight by
those charged with governance. In exercising oversight responsibility, those charged with governance
consider the potential override of controls or other inappropriate influence over the financial reporting
process, such as efforts by management to manage earnings in order to influence the perceptions of
analysts as to the entity’s performance and profitability.

2nd Semester 2019-2020 GOVBUSMANPage 16

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
Chapter 15: ERRORS AND IRREGULARITIES IN THE TRANSACTION CYCLES OF THE BUSINESS ENTITY

Expected Learning Outcomes

After studying the chapter, you should be able to …

Understand errors and frauds that may be committed in the business processes, namely:
a. Sales and Collection Cycle
b. Acquisition and Payment Cycle
c. Payroll and Personal Cycle

While business is different individuals can have striking different characteristics, most of them have some
fundamental conceptual characteristics and practices in common. The three basic business transaction
cycles include:

1. Sales and Collection Cycle

2. Acquisitions and Payment Cycle
3. Payroll and Personnel Cycle

Management should establish controls to ensure that these transactions are appropriately handled and
recorded. However, if internal controls are not properly implemented, or are overridden, fraud and
errors may occur. This chapter presents errors and fraudulent activities that could result if there is poor
internal control.

I. Sales and Collection Cycle

1. Errors in Recording Sales and Collections Transactions

Errors in recording sales include mechanical errors, such as using a wrong piece or wrong
quantity, recording sales in the wrong period (cutoff errors), a bookkeeper’s failure to
understand proper accounting for a transaction, and so on. Internal controls are
designed to prevent or detect many of these kinds of errors.

2. Frauds in Sales and Collections

Frauds in sales generally relate to fraudulent financial reporting. In contrast, frauds in
cash collections relate to misappropriation of assets, typically accomplished by clerks or
management-level employees.

a. Fraudulent financial reporting involving sales typically results in overstated sales or

understated sales returns and allowances. Managers under pressure to achieve high
profits may inflate sales to meet target profits established by senior managers, to
obtain bonuses, to retain the respect of senior managers, or even to keep their jobs.
The following methods can be used to increase sales fraudulently:

2nd Semester 2019-2020 GOVBUSMANPage 17

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
● Recording fictitious sales (creating fictitious shipping documents, sales
invoices, and so on)
● Recording valid transactions twice
● Recording in the current period sales that occurred in the succeeding period
(improper cutoff)
● Recording operating leases as sales
● Recording deposits as sales
● Recording consignments as sales
● Recording sales when the chance of a return is likely
● Following revenue recognition practices that are not in accordance with
PFRS
● Recognizing revenue that should be deferred

b. Misappropriation of Assets: Withholding Cash Receipts

1. Skimming
This refers to the act of withholding cash receipts without recording them.
Detection of unrecorded cash receipts is very difficult; however, unexplained
changes in the gross profit percentage or sales volume may indicate that cash
receipts have been withheld.
2. Lapping
This technique is used to conceal the fact that cash has been abstracted; the
shortage in one customer’s account is covered with a subsequent payment
made by another customer. An employee who has access to cash receipts and
maintains accounts receivable can engage in lapping. Routine testing of details
of collections compared with validated bank deposit slips should uncover this
fraud.
3. Kitting
This is another technique used to cover cash shortage or to inflate cash balance.
Kiting involves counting the cash twice by using the float in the banking system.
(Float is the gap between the time the check is deposited or added to an
account and the time the check clears or is deducted from the account it was
written on). Analyzing and verifying cash transfers during the days surrounding
year-end should reveal this type of fraud.

II. ACQUISITIONS AND PAYMENTS CYCLE

1. Errors in the Acquisition and payments Cycle

The following may occur in the acquisition and payments cycle:
● Failing to record a purchase in the proper period (cutoff errors)
● Recording goods accepted on consignment as a purchase
● Misclassifying purchases of assets and expenses

2nd Semester 2019-2020 GOVBUSMANPage 18

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
● Failing to record a cash payment
● Recording a payment twice
● Failing to record prepaid expenses as assets

Entities normally design controls to prevent these errors from occurring or to detect
errors if they do occur. When such controls exist, auditors test the controls to assess
their effectiveness. If the controls are not effective, auditors should perform substantive
tests to determine that the financial statements do not contain material misstatements
that arose because of possible errors.

2. Frauds in the Acquisition and Payments Cycle

a. Paying for Fictitious Purchases

This involves the perpetrator creating a fictitious invoice (and sometimes a receiving
report, purchase order and so forth) and processing the invoice for payment.
Alternatively, the perpetrator can pay the invoice twice.

b. Receiving Kickbacks
In this scheme, a purchasing agent may agree with a vendor to receive a kickback
(refund payable to the purchasing person on goods or services acquired from the
vendor).

c. Purchasing Goods for Personal Use

Goods or services for personal use may be purchased by executive or purchasing
agents and charged to the company’s account. To execute such a purchase, the
perpetrator must have access to blank receiving reports and purchase approvals or
must connive with another employee. Fraud involving the purchase of goods for
personal use is more likely to go unnoticed when perpetual records are not
maintained.

III. PAYROLL AND PERSONAL CYCLE

Historically, errors and irregularities involving payroll have been reported to occur frequently
and are largely undetected.

1. Errors
The most errors can occur in the payroll and personnel cycle are:
a) Paying employees at the wrong rate.
b) Paying employees for more hours than they worked.
c) Charging payroll expense to the wrong accounts; and
d) Keeping terminated employees on the payroll.

2nd Semester 2019-2020 GOVBUSMANPage 19

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
Good internal control can be established to prevent these errors from occurring and to
detect them if they do occur.

2. Frauds involving Payroll

The major payroll-related frauds include;
a. Fictitious Employees
Adding fictitious employees to the payroll is one of the most common defalcations.
Detecting fictitious employees on the payroll is very difficult; but auditors do
sometimes perform a surprise payoff as a deterrent to this form of defalcation.
Alternatively, the auditor may turn the check distribution over to an official not
associated with preparing payroll, signing checks, or supervising workers. Personnel
files and the employees’ completed time cards and time tickets may also be
examined to substantiate the existence of absent employees.

b. Excess Payments to Employees

Increasing the rate above the approved or paying employees for more hours that
they worked are the most common ways of paying employees more than they are
entitled to receive. These practices can be substantially reduced by requiring
personnel department officials to authorize changes in pay rates and by monitoring
total hours worked and paid for. Analytical procedures that focus on cost per unit of
actual production can also be helpful in detecting excess payments to employees.

c. Failure to Record Payroll

Companies having difficulty meeting profit targets or not-for-profit entities having
difficulty managing costs and expenses might fail to record a payroll. The omission
of payroll can be difficult to hide unless a similar amount of revenues or receipts has
been omitted. Analytical procedures can be performed to test the reasonableness
of payroll cost.

d. Inappropriate Assignment of Labor Costs to Inventory

A company having difficulty meeting profit targets might assign to inventory labor
cost that should have been charged to expense. Analytical procedures such as
comparing costs incurred to budgeted cost and verification of valuation of inventory
are some of the useful techniques in detecting such fraud.

2nd Semester 2019-2020 GOVBUSMANPage 20

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL

Chapter 16: INTERNAL CONTROL AFFECTING ASSETS

Expected Learning Outcomes

After studying the chapter, you should be able to …

1. Describe the internal control over the major components of assets of a business enterprise
namely;
a. Cash
b. Financial Investments
c. Receivables: Accounts and Notes are related revenue accounts
d. Inventories and related Cost of Goods sold
e. Property, Plant and Equipment

2. Understand the potential misstatements (due to errors) of the asset accounts and how weakness
in internal control increases the risks of misstatements.

INTERNAL CONTROL OVER CASH TRANSACTIONS

Most of the processes relating to cash handling are the responsibility of the finance department, under
the director of the treasurer. These processes include handling and depositing cash receipts; signing
checks; investing idle cash; and maintaining custody of cash, marketable securities, and other negotiable
assets. In addition, the finance department must forecast cash requirements and make both short-term
and, long-term financing arrangements.

Ideally, the functions of the finance department and the accounting department should be integrated in
a manner that provides assurance that:

1. All cash that should have been received was in fact received, recorded accurately and deposited
promptly.
2. Cash disbursements have been made for authorized purposes only and have been properly
recorded.
3. Cash balances are maintained at adequate, but not excessive, levels by forecasting expected cash
receipts and payments related to normal operations. The need for obtaining the loans for
investing excess cash is thus made known on a timely basis.

A detailed study of the business processes of the company is necessary in developing the most efficient
control procedures, but there are some general guidelines to good cash handling practices in all types of
business. These guidelines for achieving internal control over cash may be summarized as follows:

1. Do not permit any one employee to handle a transaction from beginning to end.
2. Separate cash handling from record keeping.
3. Centralize receiving of cash to the extent practical.

2nd Semester 2019-2020 GOVBUSMANPage 21

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
4. Record cash receipts on a timely basis.
5. Encourage customers to obtain receipts and observe cash register totals.
6. Deposit cash receipts daily.
7. Make all disbursements by check or electronic fund transfer, with the exception of small
expenditures from petty cash.
8. Have monthly bank reconciliation prepared by employees not responsible for the issuance of
checks or custody of cash. The completed reconciliation should be reviewed promptly by an
appropriate official.
9. Monitor cash receipts and disbursements by comparing recorded amounts to forecasted
amounts and investigating variances from forecasted amounts.

Potential Misstatements - Cash Receipts

Description of Misstatement Examples Internal Control weakness or

Factors that Increase the Risk of
the Misstatement
Recording Fictitious cash receipts Fraud:
● Overstating cash receipts ● Lack of segregation of
on the books by duties of the functions of
transferring cash access to cash and
between bank accounts record keeping; no
without appropriate effective review of bank
recording of the transfer reconciliations.
to cover up an
embezzlement of cash.

Failure to record receipts from Fraud:

cash sales ● A cashier fails to ring up ● Inadequate supervision
and record cash sales of cashiers; failure to
and embezzles the cash. encourage customers to
obtain cash receipts.

Error:
● A bookkeeper ● Inadequate controls for
accidentally omits the reconciling cash register
recording of the receipts tapes and accounting
from one cash register records; inadequate
for the day. controls for reconciling
bank accounts.

2nd Semester 2019-2020 GOVBUSMANPage 22

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
Failure to record cash from Fraud:
collection of accounts receivable ● A cashier embezzles cash
payments by customers
on receivables; without
recording the receipts in
the customers’ accounts.
● A bookkeeper
accidentally who has
access to cash receipts
embezzles cash collected
from customers and
writes off the related
receivables.
Error:
● A bookkeeper
accidentally fails to
record payments on a
receivable.
Early (late) recognition of cash Fraud:
receipts – “cutoff problems” ● Holding the cash receipts
journal open to record
next year’s cash receipts
as having occurred in this
year.
Error:
● Recording cash receipts
based on bad
information about date
of receipt.
2nd Semester 2019-2020 GOVBUSMANPage 23
● Lack of segregation of
duties between
personnel who have
access to cash receipts
and those who make
entries into the accounts
receivable records.
● Lack of segregation of
duties between
personnel who have
access to cash receipts
and those who make
entries into the accounts
receivable records.
● Inadequate
reconciliations of
subsidiary records of
accounts receivable with
the general ledger
control account.
Ineffective board of directors,
audit committee, or internal
audit function; “tone at the top”
not conductive to ethical
conduct; undue pressure to show
improved financial position.
● Failure to list and deposit
cash receipts on a timely
basis.
CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
Potential Misstatements – Cash Disbursements

Description of Misstatements Examples Internal Control Weakness or

Inaccurate recording of
purchase or disbursement
Factors that Increase the Risk of
a Fraud:
● A bookkeeper prepares a
check to himself and
records it as having been
issued to a major
supplier.
Error:
● A disbursement is made
to pay an invoice for
goods that have been
received.
● Disbursements for travel
and entertainment are
improperly included with
merchandise purchases.
the Misstatement
● Inadequate segregation
of duties or record
keeping and preparing
cash disbursements, or
check signer does not
review and cancel
supporting documents.
● Ineffective control for
matching invoices with
receiving documents
before disbursements
are authorized.
● Ineffective accounting
coding procedures may
result from incompetent
accounting personnel,
inadequate chart of
accounts, or no controls
over the posting process.

Duplicate recording and payment Error:

of purchases ● A purchase is recorded
when an invoice is
received from a vendor
and recorded again when
a duplicate invoice is
sent by the vendor.
● Ineffective controls for
review and cancellation
of supporting documents
by the check signer.

Unrecorded disbursements Fraud:

● In conjunction with
recorded (but deposited)
cash receipts, an
employee writes and
chases an unrecorded
● Ineffective control over
record keeping for and
access to cash.

2nd Semester 2019-2020 GOVBUSMANPage 24

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL

check for the identical

amount.

INTERNAL CONTROL OVER FINANCIAL INVESTMENTS

The most important group of financial investments consists of marketable stocks and bonds because
they are found more frequently and usually are of greater peso value than the other kinds of investment
holdings. Other types of investments often encountered include commercial paper issued by
corporations, mortgages, and trust deeds, and the cash surrender value of life insurance policies. The
internal auditors also must be concerned with derivatives that are used to hedge various financial and
operational risks or for speculation. Derivatives are financial instruments that “derive” their value from
other financial instruments, underlying assets, or indexes.

The major elements of adequate internal control over financial investments include the following:

1. Formal investment policies that limit the nature of investments in securities and other financial
instruments.
2. An investment committee of the board of directors that authorizes and reviews financial
investment activities or compliance with investment policies.
3. Separation of duties between the executive authorizing purchases and sales of securities and
derivative instruments, the custodian of the securities, and the person maintaining the records
of investments.
4. Complete detailed records of all securities and derivative instruments owned and the related
provisions and terms.
5. Registration of securities in the name of the company.
6. Periodic physical inspection of securities on hand by an internal auditor or an official having no
responsibility for the authorization, custody, or record keeping of investments.
7. Determination of appropriate accounting for complex financial instruments by competent
personnel.

In many concerns, segregation of the functions of custody and record keeping is achieved by the use of
an independent safekeeping agent, such as a stockholder, bank or trust company. Since the
independent agent has no direct contact with the employee responsible from maintaining accounting
records of the investments in securities, the possibilities of concealing fraud through falsification of the
accounts are greatly reduced. If securities are not placed in the custody of an independent agent, they
should be kept in a bank safe-deposit box under the joint control of two or more of the company’s
officials. Joint control means that neither of the two custodians may have access to the securities except
in the presence of the other. A list of securities in the box should be maintained in the box, and the
deposit or withdrawal of securities should be recorded on this list along with the date and signatures of

2nd Semester 2019-2020 GOVBUSMANPage 25

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
all persons present. The safe-deposit box rental should be in the name of the company, not in the name
of an officer having custody of securities.

Potential Misstatements - Financial Investments

Description of Misstatement Examples Internal Control Weakness or

Factors that Increase the Risk of
the Misstatement
Misstatement of recorded value Error:
of investments ● Failure to record change ● Inadequate accounting
in market values of manual; incompetent
investments. accounting personnel.

Fraud:
● Ineffective board of
● Misstatement of the
directors, audit
value of closely held
committee, or internal
investment.
audit function; not
conducive to ethical
conduct; undue pressure
to meet earnings targets.

Unauthorized investment Fraud:

transactions ● An employee with access ● Inadequate segregation
to securities converts of duties of record
them for personal use. keeping for and custody
of securities.

Incomplete recording of Error:

investments ● Failure to record ● a. inadequate accounting
derivative agreements manual; incompetent
which are embedded in accounting personnel.
other agreements. ● b. inadequate
monitoring by internal
auditors.

INTERNAL CONTROL OVER RECEIVABLES

2nd Semester 2019-2020 GOVBUSMANPage 26

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
Accounts receivable include not only claims against customers arising from the sales of goods or
services, but also a variety of miscellaneous claims such as loans to officers or employees, loans to
subsidiaries, claims against various other firms, claims for tax refunds and advantages to suppliers.

Sources and Nature of Notes Receivable

Notes receivable are written promises to pay certain amounts at future dates. Typically, notes receivable
is used for handling transactions of substantial amount; these negotiable documents are widely used. In
banks, and other financial institutions, notes receivable usually constitutes the single most important
asset.

Internal Control of Accounts Receivable and Revenue

To understand internal control over accounts receivable and revenue, one must consider the various
components, including the control environment, risk assessment, monitoring, the (accounting)
information and communication system, and control activities.

Control Environment

Because of the risk of intentional misstatement of revenues, the control environment is very important
to effective internal control over revenue and receivables. Management should establish a tone at the
topof the organization that encourages integrity and ethical financial reporting. These ethical standards
should be communicated and observed throughout the organization. Also, incentives for dishonest
reporting, such as undue emphasis on meeting unrealistic sales or earnings targets, should be
eliminated.

Potential Misstatements – Revenue / Receivables

Description of Misstatement Examples Internal Control Weakness or

Factors that Increase the Risk of
the Misstatement
Recording unearned revenue Fraud:
● Recording fictitious sales ● Ineffective board of
without receiving a directors, audit
customer order or committee, or internal
shipping the goods. audit function; undue
● Intentional over pressure to meet
shipment of goods. earnings targets. “top
management action” not
conductive to ethical
conduct.
Errors:

2nd Semester 2019-2020 GOVBUSMANPage 27

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
Early (late) recognition
revenue – “cutoff error”
Recording revenue
significant uncertainties exist
2nd Semester 2019-2020 GOVBUSMANPage 28
● Recording sales based on ● Ineffective billing process
the receipt of orders in which billing is not
from customers rather tied to shipping
than the shipment of information.
goods. ● Ineffective controls for
● Inaccurate billing and testing invoices, or
recording of sales. ineffective input
● Recording cash that validation checks and
represents a liability computer reconciliations
(e.g., receipt of a to ensure the accuracy of
customer’s deposit) as databases.
revenue. ● Inadequate accounting
manuals; incompetent
accounting personnel
of Fraud:
● Holding the sales journal ● Ineffective board of
open to record next directors, audit
year’s sales as having committee, or internal
occurred in the current audit function; not
year. conducive to ethical
conduct; undue pressure
to meet sales targets.
Error:
● Recording sales in the ● Ineffective cutoff
wrong period based on procedures in the
incorrect shipping shipping department.
information.
when Fraud:
● Recording sales when ● Ineffective board of
the customer is likely to directors, audit
return the goods. committee, or internal
audit function; not
conducive to ethical
conduct; undue pressure
to meet sales targets.
Error:
● Recording sales when
the customer’s payment ● Aggressive attitude of
is contingent upon the management toward
CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL

customer receiving financial reporting;

financing or selling the incompetent chief
goods to another party accounting officer.
(e.g., consignment sales).

Recording revenue when Fraud:

significant services still must be ● Recording franchise ● Ineffective board of
performed by seller revenue when the directors, audit
franchises are sold even committee, or internal
though an obligation to audit function; not
perform significant conducive to ethical
services still exists. conduct; undue pressure
to meet sales targets.

Error:
● Amount of revenue ● Aggressive attitude of
earned on franchise is management toward
miscalculated financial reporting;
incompetent chief
accounting officer.

Overestimation of the amount of Fraud:

revenue earned ● Misstating the ● Ineffective board of
percentage of directors, audit
completion of several committee, or internal
projects by a audit function; not
construction company conducive to ethical
using the percentage of conduct; incompetent
completion method individuals involved in
revenue recognition. the estimation process.
● Overestimating the ● Aggressive attitude of
percentage of management toward
completion on projects financial reporting;
by a construction incompetent personnel
company using the involved in the
percentage of estimation / accounting
completion method of process.
revenue recognition.

Internal Control over Notes Receivable

2nd Semester 2019-2020 GOVBUSMANPage 29

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
As previously stated, a basic characteristic of effective control consists of the subdivision of duties. As
applied to notes receivables, this principle requires that:

1. The custodian of notes receivable not have access to cash or to general accounting records.
2. The acceptance and renewal of notes be authorized in writing by a responsible official who does
not have custody of the notes.
3. The write-off defaulted notes be approved in writing by responsible officials and effective
procedures adopted for subsequent follow-up of such defaulted notes.

INTERNAL CONTROL OVER INVENTORIES AND COST OF GOODS SOLD

The importance of adequate internal control over inventories and cost of goods sold from the viewpoint
of both management and the auditors can scarcely be overemphasized. In come companies,
management stresses controls over cash and securities but pays little attention to control over
inventories. Since many types of inventories are composed of items not particularly susceptible to theft,
management may consider controls to be unnecessary in this area. Such thinking ignores that fact that
controls for inventories affect nearly all the functions involved in producing and disposing of the
company’s products.

Potential Misstatements – Inventory / Cost of Goods sold

Description of Misstatement Examples Internal Control Weakness or

Factors that Increase the Risk of
the Misstatement
Misstatement of inventory costs Fraud:
● Intentional misstatement ● Ineffective board of
of production costs directors, audit
assigned to inventory. committee, or internal
● Intentional misstatement audit function; “tone to
of inventory prices. the top” not conducive
to ethical conduct;
undue pressure to meet
Errors: earnings targets.
● The assignment of direct
labor costs, direct
● Ineffective cost
material costs, or factory
accounting system;

2nd Semester 2019-2020 GOVBUSMANPage 30

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL

overhead to inventory failure to update

items inaccurate. standard costs on a
● Erroneous pricing of timely basis.
investory ● Ineffective input
validation controls on
the database of
inventory; ineffective
supervision of the
personnel that enter the
costs on the final
inventory schedule.

Misstatement of inventory Fraud:

quantities ● Items are stolen with no
journal entry reflecting
the theft.
● Inventory quantities in
locations not visited by
auditors are
systematically
overstated.
Errors:
● Miscounting of inventory
by personnel involved in
physical inventory.
● Ineffective physical
controls over inventories.
● Ineffective board of
directors, audit
committee, or internal
audit function; “tone at
the top” not conducive
to ethical conduct;
undue pressure to meet
earnings targets.
● Ineffective controls or
supervision of physical
inventory.

Early (late) recognition of Fraud:

purchases – “cutoff problems”. ● Intentional recording of ● Ineffective board of
purchases in the directors, audit
subsequent period. committee, or internal
audit function; “tone at
the top” not conducive
to ethical conduct;
undue pressure to meet
Errors: earnings targets.

2nd Semester 2019-2020 GOVBUSMANPage 31

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL

● Recording purchases of ● Ineffective accounting

the current period in the procedures that do not
subsequent period. tie recorded purchases
to receiving data.

INTERNAL CONTROL OVER PROPERTY, PLANT AND EQUIPMENT

The term property, plant and equipment includes all tangible assets with a service life of more than one
year that are used in the operation of the business and are not acquired for the purpose of resale. Three
major subgroups of such assets are generally recognized:

1. Land, such as property used in the operation of the business, has the significant characteristic of
not being subject to depreciation.
2. Building machinery, equipment and land improvements, such as fences and parking lots, have
limited service lives and are subject to depreciation.
3. Natural resources (wasting assets), such as oil wells, coal mines, and tracts of timber, are subject
to depletion as the natural resources are extracted or removed.

Acquisition and disposals of property, plant and equipment are usually large in dollar amount, but
concentrated in only a few transactions. Individual items of plant and equipment may remain unchanged
in the accounts for many years.

Internal Control over Plant and Equipment

The amounts invested in plant and equipment represents a large portion of the total assets of many
industrial concerns. Maintenance, rearrangement and depreciation of these assets are major expenses
in the income statement. The total expenditures for the assets and related expenses make strong
internal control essential to the preparation of reliable financial statements. Errors in the measurement
of income may be material if assets are scrapped without their cost being removed from the accounts, or
if the distinction between capital and revenue expenditures is not maintained consistently. The losses
that inevitably arise from uncontrolled methods of acquiring, maintaining, and retiring plant and
equipment are often greater than the losses from fraud in cash handling.

In large enterprises, the auditors may expect to find an annual plant and budget used to forecast and
control acquisitions and retirements of plants and equipment. Many small companies also forecast
expenditures for plant assets. Successful utilization of a plant budget presupposes the existence of
reliable and detailed accounting records for plant and equipment. A detailed knowledge of the kinds,
quantities and condition of existing equipment is an essential basis for intelligent forecasting of the need
for replacements and additions to the plant.

2nd Semester 2019-2020 GOVBUSMANPage 32

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL
Other key controls applicable to plant and equipment are as follows:

1. A subsidiary ledger consisting of a separate record for each unit of property. An adequate
plant and equipment ledger facilitate the auditor’s work in analyzing additions and
retirements, in verifying the depreciation provision and maintenance expenses, and in
comparing authorizations with actual expenditures.
2. A system of authorization requiring advance executive approval of all plant and equipment
acquisitions, whether by purchase, lease of construction. Serially numbered capital work
orders are a convenient means of recording authorizations.
3. A reporting procedure assuring prompt disclosure and analysis of variances between
authorized expenditures and actual costs.
4. An authoritative written statement of company policy distinguishing between capital
expenditures and revenue expenditures. A dollar minimum ordinarily will be established for
capitalization; any expenditures of a lesser amount will automatically classified as charges
against current revenue.
5. A policy requiring all purchases of plant and equipment to be handled through the
purchasing department and subjected to a standard routine for receiving, inspection and
payment.
6. Periodic physical inventories designed to verify the existence, location and condition of all
property listed in the accounts and to disclose the existence of any unrecorded units.
7. A system of retirement procedures, including serially numbered retirement work orders
(bottom), stating reasons for retirement and bearing appropriate approvals.

Potential Misstatements – Investments in Property, Plant, and Equipment

Description of Misstatements Examples Internal Control Weakness or

Factors that Increase the Risk of
the Misstatement
Misstatement of acquisition of Fraud:
property, plant and equipment ● Expenditures for repairs ● Undue pressure to meet
and maintenance earnings targets.
expenses recorded as
property, plant and
equipment acquisitions
to overstate income.

Error: ● Inadequate accounting

● Purchases of equipment
manual; incompetent
erroneously reported in
accounting personnel.
maintenance and repairs
expense account.

2nd Semester 2019-2020 GOVBUSMANPage 33

CORPORATE GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT
and INTERNAL CONTROL

Failure to record retirements of Error:

property, plant and equipment
● An asset that has been ● Inadequate accounting
replaced is discarded due policies, e.g., failure to
to its lack of value, use retirement work
without an accounting orders.
entry.

Improper reporting of unusual Error:

transactions. ● A “gain” recorded on an ● Inadequate accounting
exchange of manual; incompetent
non-monetary assets accounting personnel.
that lacks commercial
substance.

2nd Semester 2019-2020 GOVBUSMANPage 34