Deck 8: Internal Control and COSO Framework

Joan is the owner of a small manufacturing company.In prior years,your firm has conducted a review engagement of the company.However,this year,Joan obtained a loan from the federal business development bank and is required to have an audit of her financial statements.When you started asking about controls and procedures at the company,Joan got pretty upset.
"All you need to be concerned about is the numbers! Why are you asking all of these questions? It takes too much time away from my staff to answer these questions! Just check the numbers and let us get on with our work!"
You calmed her down a bit,and reminded her about the general discussion that occurred with the engagement letter.You have invited her for coffee to briefly explain the following items:
1.Why auditors are concerned about internal controls.
2.Why auditors are required to be concerned about internal controls.
3.What you need to do to understand internal controls.
4.What you will do once you have documented your understanding of internal controls.
Required:
Explain what you will say to Joan.

A)Describe the three basic concepts (assumptions)underlying the study of internal control and assessment of control risk.B)Describe the inherent limitations of internal control.

A)Describe the four broad objectives of management when designing an effective system of internal control.B)Describe the aspect of internal control that auditors are primarily concerned with for a financial statement audit.

Define a system of internal control.How does risk affect a system of internal control?

You,a PA,have been assigned as the in-charge auditor of a long-time audit client of your firm,Mikla Tool Inc.(MTI).MTI is owned by George Mikla,an experienced machinist.George established the business over 20 years ago,and it has grown into a $10-million-a-year business with an excellent reputation for high quality machined parts.MTI has regular clients in the automobile parts sector and in the healthcare sector.The company has recently begun producing parts for environmentally friendly products such as recycling containers.The business is versatile in dealing with a variety of metals as well as plastics,using both manually controlled and machine controlled (computerized)equipment.The following description is based on your review of prior files,and planning discussions with personnel at MTI.
Equipment suppliers have helped MTI develop efficient operations by providing sample programs for standard operations and by providing training to employees.One of the suppliers unfortunately sent sample programs that had been infected by a virus.George's daughter,Tiffany,had to cleanse the servers and each of the machines of the malicious software.When contacted,the supplier did not know that the software was infected and apologized profusely.
The company's four CAD/CAM terminals and printers are connected to the company's central local area network.The local area network is maintained by Toni Lee,the owner of a computer shop conveniently located three blocks away.All computer equipment,software,and supplies are now purchased from Mr.Lee,who is responsible for installing and maintaining equipment,upgrading software,and maintaining user profiles on the network.To reduce the amount of Mr.Lee's work as network administrator,he has set up passwords by function.
There is one user identification code (userid)and password for accounting (shared by Tiffany,George,and the accounting clerk,Isabel).The plant supervisors share another userid that is used for production control and to initiate the time-keeping system every morning.A separate userid and password allowing for only enquiry into the job costing system has also been set up and can be used by all employees.
A standard routine has been set up to back up the accounting systems.Either Tiffany or the accounting clerk inserts one of seven tape cartridges into the system at the end of the day (they are labelled with the day of the week),so that the company has a full set of accounting backups for the week.Tiffany keeps the backup files in her office.These are particularly important,since during the last office move,two years ago,the original software for the accounting system was misplaced.
The network has two central servers,eleven user stations,and five printers.The user stations are set up as follows: four CAD/CAM,two time-keeping,two production planning and control,two accounting,and one for George.
A good working relationship is extremely important for satisfying some of the company's larger customers.MTI has paid for computer equipment for each of the supervisors so that they have fully functioning computers at home.If a rush job requires weekend work,these senior personnel can work at home to get the necessary quoting or design work completed.Since the at-home systems are identical to the office systems,Mr.Lee simply copied the MTI systems to the home computers.Files can be easily taken home and then brought back to the office using thumb drives.It is understood that when times are slower,a day off can be taken to compensate for this weekend work.
It has been almost 10 years since Tiffany arranged for the implementation of the network and the purchase of the standard integrated accounting packages (general ledger,order entry/accounts receivable,purchases/payable and payroll),and for the purchase of the job-costing and time-keeping systems.A variety of reports are printed daily,weekly,or monthly from the job-costing system.These reports are used for monitoring employee hours,the status of the jobs,the costs accumulated for particular jobs,and the work-in-progress inventory.
The weekly report of hours from the job-costing system is approved by the production supervisors and is used as an input source for hours worked into the payroll system.The accounting clerk enters the hours into the accounting system so that weekly payroll cheques and reports can be produced.The accounting clerk handles most data entry.
Tiffany is really pleased with their accounting clerk,Isabel,who has been with the company for three years.She insists that fate had a hand in getting Isabel working for MTI.Isabel had been "pounding the pavement," having recently immigrated,and had no Canadian business experience.Her accounting skills were rudimentary but she quickly learned the accounting software and has reorganized the filing systems.Tiffany considers her as indispensable.When Isabel goes on holiday,many things just don't get done! Tiffany can do the payroll in a pinch,but accounts payable and cash disbursements are always done by Isabel.If she's away,suppliers are simply told to wait,or Tiffany issues a manual cheque for recording later.Isabel is very good at clearing queries from suppliers and ensuring that new suppliers are set up properly.The purchasing supervisor and his staff rely on Isabel,as she checks the account allocation of purchases and makes any necessary corrections.
Tiffany or George are signing officers,although Tiffany realizes that she checks supporting materials more thoroughly than George,who usually just queries Isabel verbally about larger purchases.
In the past,MTI's audit has been entirely substantive.However,your partner has decided that with MTI's growth,it is time for the company to consider adding additional internal controls.Accordingly,he has asked you to draft a management letter to be addressed to George and Tiffany.
Required: A)Prepare a draft management letter,clearly identifying the weaknesses (W),impact or implications of the weaknesses (I),and recommendations for improvement (R).
[The following is a theory question that does not require examples from the case,although examples could be used.] B)Explain how the control environment and general IT (information technology)controls are related.Describe the impact of the control environment and of general IT controls on different types of application controls and on the audit process.

HomeTown Tanning Company is the largest leather tanning operation in Canada.Hides from various animals are stretched and treated,then cut into shapes for shipment to wholesalers.
Computer-assisted operations are important in maintaining temperature,humidity,and proper mix proportions in chemical solutions used for the tanning process.Computer assistance has helped improve the quality of the tanning process,as well as provide a safer environment for employees.Computer operations and backup are supported by the warehouse manager,Joe.
Individual hides are tagged with a bar code and tracked for quality control purposes.The HomeTown Tanning Company uses a centralized microcomputer-based system for its manufacturing and accounting operations.The two owners of the company are active in the business and approve all new hardware and software acquisitions.
The controller is responsible for network upgrades as well as for maintaining passwords and user identification codes on the network.Accounting transactions are entered by accounting staff,although the controller has the ability to review and correct transactions.
Required:
List the six categories of functions that need to be separated from each other.Does HomeTown Tanning have these functions separated? For any functions that are not separated,indicate the potential impact upon controls and upon the audit.

Dimple Leather is a chain of retail stores that sells leather clothing and accessories across Canada.Each store has point-of-sale equipment that is linked to a local server.At night,local accounting information is transmitted to the head office computer and any updates to prices or other adjustments are transferred to the local office.
Required:
Define the control environment.List the components of the control environment.For each component,provide an example of a control that might exist at Dimple Leather.

A)List the four types of general computer control systems.B)Adequate segregation of duties is an important control procedure.Describe the specific functions that should be separated for segregation of duties to prevent both intentional and unintentional misstatements that are of significance to auditors.C)Adequate documents and records are important for effective internal control.Five principles dictate the proper design and use of documents and records.One principle is that documents and records should be prenumbered consecutively to facilitate control over missing documents and to aid in locating documents when they are needed at a later date.Discuss each of the other four principles of adequate documents and records.

A)Discuss what is meant by the term "control environment" and identify four control environment subcomponents that the auditor should consider.B)List the steps that management follows in assessing risks relevant to the preparation of financial statements in conformity with an applicable financial reporting framework.C)How does the auditor obtain knowledge about management's risk assessment process? D)Explain how management's risk assessment process differs from the auditor's risk assessment process.E)What is the relationship between management's risk assessment process and audit evidence?

A)The COSO internal control framework consists of five components.Describe each of these components. B)Custody of assets and reconciliation should be separated to contribute to strong internal control.List the general categories of activities that should be separated.