In order to determine what internal controls are needed for a business there are several items that need to be reviewed. These items include standard business transactions, business risks, and ethical dilemmas (Whittington & Pany, 2019). Below I will address each item, and give my overall view on the controls I feel are needed for RNS to achieve their goals now and how current events can affect these items in the future.
According to entrepreneur Peter Baskerville (2015), “In accounting, a financial transaction is an event that impacts on the monetary value of an asset, liability, or the owner’s equity of a business and causes it to change” (par. 1). The major financial business transactions of RNS are sales, purchases, payments, and receipts. A sale is the legal transfer of a goods or services from RNS to a customer by way of cash or credit increasing RNS’s revenue (Baskerville, 2015). If the sale was made using credit, RNS would record the sale in accounts receivable.
Purchases occur when RNS acquires products or services from independent suppliers in order to make sales. (Baskerville, 2015). RNS can make these purchases by either using cash, or on account (credit). If the purchase is made on account, RNS would record the purchase in accounts payable.
Receipts are financial transactions that show proof of the legal transfer of goods or services. (Baskerville, 2015). In the event that a product is damage upon receiving, the receipt will be necessary to prove the purchase was made and receive a replacement item. This can apply to both RNS and its customers.
Payments refer to financial transactions RNS has made to pay for goods and services they have purchased (Baskerville, 2015). When payments are made by a consumer, RNS will decrease its accounts receivables. If RNS makes payment to a supplier for goods or services received, the decrease will occur in the RNS’s accounts payable.
Highest Business Risks:
According to John Spacey (2015), “A business risk is a future possibility that may prevent you from achieving a business goal” (par. 1) High business risk factors for RNS include competition, the state of the economy, marketing costs, use of credit, and budgeting. In today’s world technology has become one of the highest producing industries. For RNS to thrive, they must pay close attention to the competitions marketing strategies and sales. Companies of highest threat to RNS are Lenovo (market share 22.5) and HP (holding 21.7), who hold the largest market shares in the industry as of 2018 (Holst, 2019).
With the economy and the use of credit, consumer confidence is crucial. It will impact the amount of revenue RNS generates. High levels of confidence result in increased sales. Individuals will spend more, especially on credit, allowing businesses to reap the financial benefits (Hamel, 2016). Low levels result in decreased inventory and sales. Careful watch of accounts receivables will be important, especially during these times when revenue is down. Unemployment and low income largely contribute to low confidence and reduced revenue (Levin, 2010).
With budgeting and marketing costs, strategic planning plays a crucial. Marketing costs can easily exceed RNS’s budget. Staying within a budget will reduce the risks of having to make cuts to another operational need. Having an outside source assist can improve RNS’s chances of success. Hiring a marketing consultant can help with both making important decisions and networking, while keeping costs down (Thompson, 2018).
Two internal controls that I feel are appropriate for RNS are preventative and detective. Preventative controls will reduce the risk of errors and/or irregularities (Nelson, 2019). How? Here are some examples: Having a supervisor or director be the only individual approving purchase orders and budget requests, not having the same person record cash as well as control the cash, and have password restrictions on sensitive company information. RNS should also maintain adequate documentation and control of their assets (Nelson, 2019). Items to include: purchase order, approval, date of purchase, receipt, and an invoice.
Defective controls will detect errors and irregularities that have already occurred (Nelson, 2019). How? Here are some examples: through reconciling banks statements and RNS’s general ledgers, audits such as the one I am performing, and manual inventory checks. Internal controls cannot provide 100% assurance because the potential for human error that may not be discovered in a timely manner is almost always a guarantee (Nelson, 2019). This is why it is important to identify the errors and/or irregularities to ensure corrective actions is taken to provide the most accurate financial statements RNS is able to produce.
Ethical issues can ultimately affect the outcome of any audit, whether it be a financial audit, or compliance audit. One dilemma I see with RNS is employee integrity. Since RNS is not managed by its owners they are relying on the employees they have hired to be honest and trustworthy. If an employee is deceptive, there is an immense risk that the financial information that the auditors are examining will produce an inaccurate picture of RNS’s true financial standing.
Another ethical dilemma would relate to taxes. Are the owners filing taxes according the federal and state laws that are in place? Are they keeping tax records for the required 7-year period (Ingram, 2019)? If the answer is no to one or both of these then the accuracy of the financial statements will be in question, resulting in an audit finding that can have negative consequences for RNS and its owners.
The computer and software industries are everchanging. A company that has gained popularity this year may not be as popular next year. Once RNS has emerged, success will be based on some of the items I have discussed.
The risks to a business can change over time depending on new technology that has emerged. It is important to stay one step ahead in identifying these risks. If a risk ends up becoming a reality in the future, a well-prepared business can reduce the impact on its revenue, productivity, and its customers (Davis, 2019).
Internal controls need to be monitored and adjusted to reflect the current events of the business to ensure continued success. Take the economy for instance. If the economy is facing a possible recession, it may be time to reassess and tighten your budget, limit your inventor, or eliminate a project (Quain, 2018). This may require additional internal controls. Or perhaps an issue has developed with an employee that needs to be addressed. For a company to continue to be successful, managers need to ensure they are in communication with all employees and that if a problem does occur, the proper measures are taken in a timely manner (Quain, 2018). This could also require an additional internal control, or possibly just a modification to the existing control in relation to the employee.
Audit Plan: Internal Controls for Cash
Objective: To provide a detailed analysis of RNS’s overall performance in relation to cash flows and financial statements.
The first step of the audit process will relate to control environment. The control environment is one of the most important components of internal control. If management cannot establish a set of standards, structures, and processes to provide a strong foundation for performing internal control, the business will not achieve its goals (Clarke, 2018). As auditors, we must gain an understanding of RNS and its environment in order to allow us to consider the inherent risks, including fraud, of the business (Whittington & Pany, 2019). To gain the understanding needed, our team will perform the following:
- Analyze management’s policies and procedures governing financial reporting
- Analyze the preventative, detective, and corrective controls of RNS
- Analyze the integrity and ethical value of shareholder, management and other personnel
- Analyze the board of directors understanding and execution of their responsibilities governing financial reporting
The second phase will be to perform a risk assessment for cash. Cash is one of the easiest components of a business to embezzle, and one that can easily go undetected. Auditor must detect material misstatements, whether due to errors or fraud, to provide reasonable assurance that the financial statements of RNS are true and correct (Whittington & Pany, 2019). Once risks are identified, controls need to be established to reduce the risk of future material misstatements occurring. To determine the risks associated with material misstatements and determine the appropriate controls needed, our team will perform the following:
- Interview external sources to gain insight on the company’s performance and reputation
- Interview personnel within RNS to gain insight on the effectiveness of management’s policies and procedures relating to cash (handling, receipts, recording, & disbursement)
- Observe activities relating to client transactions and reporting of these transactions
- observe analytical procedures performed in relation to cash
Testing the effectiveness of the controls used by management can assist in the detection or prevention of material misstatements (Bragg, 2018). If weaknesses are uncovered, the control will need to be reevaluated and a new control must be implemented to reduce future risks of material misstatements occurring. To test the effectiveness of the controls used by RNS management, our team will perform the following:
- Initiate a cash transaction to test the controls used and the effectiveness of these controls
- Examine journal entries relating to cash for evidence of material misstatements
- Evaluate managements response to unusual, irregular activity regarding cash
- Analyze accounting estimates for evidence of fraudulent activity
Information and Communication:
Information is a key component of a business’ ability to carry out internal control responsibilities, and communication is necessary to ensure all relevant personnel know the expectations and requirements of these controls (Accounting and Financial Advisory, & Afa., 2015). If weaknesses exist, policies may need to be reviewed and updated to ensure information and communications between management and its employees is as effective as possible. To determine the effectiveness of RNS’ information and communication strategies, out team will perform the following:
- Closely examine policies and procedures governing cash to ensure they are easy to understand and carry out
- Analyze policies relating to cash handling to ensure there are no discrepancies. For example, having the same person receive cash that will also record the cash
- Observe management’s method of communicating with other personnel to determine if weaknesses exist
- Observe management’s policies for employee reprimand to ensure they are accurate and effective
Continuous monitoring, from both the management team of RNS and its auditors, will be essential to ensure the business is progressing towards its goals and maintaining compliance with the generally accepted accounting practices. Our team is committed to providing the following:
- Reevaluating the business’ risks over time to identify new risks or eliminate old
- Continuous tests of controls in relation to cash flows to identify if changes need to be made
- Evaluate and determine that all material misstatements have been corrected, and that proper procedures are in place to avoid reoccurrence
- Evaluate the board of directors ongoing responsibilities governing financial reporting
In order to perform a successful audit, our team will need to examine the financial statements of RNS, such as the balance sheet, the income statement, the statement of retained earnings, and the statement of cash flows and related notes (Whittington & Pany, 2019). This step is important because it allows our team to identity any material misstatements or errors present, and assist our team determining whether or not RNS is in compliance with the generally accepted accounting principles, and whether or not the company is moving in the right direction to reach its primary goals. It will also help in reducing the risks of fraud, material misstatements, and misappropriation of assets in the future (Clements, 2019).
If a majority of RNS’ data is overseas, our team will need to perform the audit according to the International Standards of Auditing. We will also need to determine the generally accepted auditing standards and/or the generally accepted accounting practices that exists in the country the data is associated with. It’s important for our team to understand the custom and practices of each country to properly address the risks associated with the audit, including fraud (“Auditing in Foreign”, 2015). These risks can be both country specific, or internationally as a whole.
The use of analytical procedures will help our team determine the appropriate sampling plan to use for this audit. The first analysis our team will use is the trend analysis. For this procedure, our team will use diagnostics to compare the current balance of an account to that of previous years to see what kind of deviation exists. The procedure will be performed over several different RNS accounts.
The second will be ratio analysis. For this procedure, our team will use different ratios, such as current assets divided by current liabilities, and compare the results to that of previous years (Brown, 2016). We will also perform this analysis using several RNS accounts to evaluate as many deviations as possible.
To ensure the data we are using for these procedures is as accurate as possible, our team will rely on the data from the internal control evaluation that was performed. If the data provided evidence of errors and/or material misstatements, we will need to take this into account when performing the listed procedures as it could potentially affect the outcome of each analysis.
Types of Audit Evidence:
Throughout the audit process our team will use various types of audit evidence. For instance, our team will request documentation from the bank that RNS uses to determine if the bank’s balance matches RNS’ cash balance. We will also examine bank reconciliations to identify any adjusting entries made, the income statement and balance sheets for material misstatements, and the statement of cash flows relating to RNS’ operations activities to determine the company’s ability to control cash.
Along with documentation, our team will perform a series of observations and inquiries. For instance, the team will observe client transactions to examine RNS’ internal controls for cash handling. We will examine cash receipts against these transactions for accuracy and completion, and perform inquires with management on their accounting practices. This, and the evidence provided above, will both back up our audit documentation and allow our team to form an opinion on the accuracy of RNS’ financial statements and RNS’ compliance with GAAP.
Considerations to Subjective Areas:
There will be times during the audit when it’s necessary for our team to rely on professional judgement. For instance, when dealing with accounting estimates, our team will need to determine if the estimates have been developed, if they are reasonable, and if they have been properly accounted for and disclosed according to PCAOB standards (Whittington & Pany, 2019). The reason being, sometimes estimates are done in favor of management.
Another instance would be in relation to related party transactions. Company’s have been known to use related party transactions to commit fraud. It’s important for our team to determine if the proper disclosures have been correctly recorded and properly disclosed (Whittington & Pany, 2019). If discrepancies are identified, our team must address the discrepancies with management for further information.
Planning the Nature and Extent of the Audit Documentation:
When planning the nature and extent of our audit documentation, several factors need to be considered. First, our team will consider the risks that were identified during the risk assessment phase and how they can potentially impact the financial statements of RNS.
Second, we will consider the nature of the auditing procedures that were performed. These include, the tests of internal controls, analytical procedures, observations, and inquiries.
Third, we will consider the amount of professional judgement our team used in analyzing the data and examining the results of procedures performed. This will also include the subjective areas where professional judgement was of high priority.
Lastly, our team will consider the level of significance relating to the audit evidence our team obtained. This will also include the extent of the errors and/or material misstatements that were identified throughout the audit process.
Responsibility for IT Risk Coverage:
According to Ray Dunham (2018), “an information security policy is a statement, or a collection of statements, designed to guide employees’ behavior with regard to the security of company data, assets, IT systems, etc. These security policies define the who, what, and why regarding desired behavior, and they play an important role in an organization’s overall security posture”. With technologies fast changing pace, these policies can provide adequate coverage if they are reviewed and updated on a consistent basis, with the exception of social media. Although acceptable use, access control, and other items are detailed out in these policies, unless the company is continuously monitoring the actions of their employees, especially with internet use, it is unlikely that these policies will fully prevent the use of social media in the workplace (Dunham, 2018).
As technology continues to grow in popularity, so does the use of social media. It’s imperative that a company consistently review and update the policy, and make sure employees understand the policy in its entirety, so ensure the company is protecting the IT aspect of their business.
IT Internal Controls:
Internal controls, in regards to IT, will help ensure that appropriate security measures are in place to reduce the risk of company and personal data being exposed to unwanted hands. One control would be the segregation of duties. For example, having an information systems manager to supervise the operation of the department, having a systems analyst be responsible for designing the information systems, and having designated personal prepare and verify input data for processing (Whittington & Pany, 2019).
Other controls can consist of cross-training programmers, rotating operator assignments, and set mandatory vacations (Whittington & Pany, 2019). If the internal controls are strong, they will provide adequate security measures. It’s important when performing the audit, that our team test these internal controls for weaknesses to assist RNS in maintaining the highest level of security possible with the everchanging IT industry.
Vulnerabilities will always exist in the IT industry. Mostly because the industry changes so quickly and hackers are getting smarter. Some areas of vulnerability to consider include virus and malware, software, and passwords. Virus and malware vulnerabilities can be reduced by using proper software geared to address these areas of concern. By keeping subscriptions current, RNS can reduce the risk of damage to both the business’ IT assets, as well as, the release of personal data.
For software vulnerabilities, RNS will need to consistently monitor technology changes and immerging threats to be sure they have the proper patches installed to prevent unwanted information from being release. This can be achieved through proper internal controls relating to the software sector.
Lastly, for password vulnerabilities, RNS can develop internal controls designed to address password protection. By making password changes required every 30-90 days, RNS can reduce the risk of hackers, or any unwanted party, from accessing the business’ network. Revisiting the internal control process on a regular basis will ensure that weakness that may exist are strengthened.
- Accounting and Financial Advisory, & Afa. (2015, May 22). COSO – Information and
- Communication & Monitoring Activities. Retrieved from
- Auditing in Foreign Jurisdictions [PDF]. (2015). CPAB.
- Baskerville, P. (2015). Financial Transaction in accounting. Retrieved from
- Bragg, S. (2018, January 20). Tests of controls. Retrieved from https://www.accountingtools.com/articles/what-are-tests-of-controls.html
- Brown, G. (2016, October 26). Types of Analytical Procedure Audits. Retrieved from https://smallbusiness.chron.com/types-analytical-procedure-audits-18524.html
- Clarke, I. (2018, July 26). Effective Internal Control Environment & Risk Assessment. Retrieved from https://linfordco.com/blog/internal-control-environment/
- Clements, J. (2019, February 04).ul The Importance of an Audit System to Companies. Retrieved from https://smallbusiness.chron.com/importancThise-audit-system-companies-14705.html
- Davis, M. (2019, July 01). Identifying and Managing Business Risks. Retrieved from https://www.investopedia.com/articles/financial-theory/09/risk-management-business.asp
- Dunham, R. (2018, April 25). Information Security Policies: Why They are Important to Your Organization [Web log post]. Retrieved from https://linfordco.com/blog/information-security-policies
- Hamel, G. (2016, September 29). Economic Factors Affecting Businesses. Retrieved from https://yourbusiness.azcentral.com/economic-factors-affecting-businesses-4557.html
- Holst, A. (2019). PC computer market share worldwide by vendor 2018. Retrieved from https://www.statista.com/statistics/267018/global-market-share-held-by-pc-vendors/
- Ingram, D. (2019, February 05). How to Conduct a Financial Audit. Retrieved from https://smallbusiness.chron.com/conduct-financial-audit-10228.html
- Levin, L. (2010, November 15). How Consumer Confidence Impacts the Markets. Retrieved from http://tradingmarkets.com/recent/How_Consumer_Confidence_Impacts_the_Markets-887024.html
- Nelson, D. (2019, March 03). Types of Internal Controls in Accounting. Retrieved from https://bizfluent.com/info-8181582-types-internal-controls-accounting.html
- Quain, S. (2018, May 04). Internal & External Factors That Affect an Organization. Retrieved from https://yourbusiness.azcentral.com/internal-external-factors-affect-organization-11641.html
- Spacey, J. (2015). 20 Types of Business Risk. Retrieved from https://simplicable.com/new/business-risk
- Thompson, C. (2018, July 04). How Can A Marketing Consultant Help. Retrieved from https://www.marwickmarketing.com/how-can-a-marketing-consultant-help/
- Whittington, R., & Pany, K. (2019). Principles of auditing & other assurance services. New York, NY: McGraw-Hill Education.
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this assignment and no longer wish to have your work published on the UKDiss.com website then please: