Case Assignment #4
To: Charles Ward
From: Sam Teaman
Date: February 23, 2019
Subject: To assess Oceanview Marine Company’s control risk and plan tests of controls and the substantive tests of transactions.
Introduction: The purpose of this memo is to show the set of Internal Controls and what is in the Control Environment for Oceanview Marine Company. An assessment of control risk and plan tests of controls will also be made while conducting substantive tests of transactions.
General Description of Key Procedures:
On WP 10-8 we summarized the aspects of the control environment to see if they are effective or ineffective.
On WP 13-1 we completed an evaluation of Internal Controls over acquisitions.
On WP 13-3 we completed an Internal Control questionnaire while we observed the flowchart provided in WP 13-2.
On WP 13-4 we completed an assessment of control risk for acquisitions by also using the flowchart provided in WP 13-2.
On WP 14-1 we compiled a planning format for the tests of controls for acquisitions from the information formulated in WPs 13-3 and 13-4
On WP 14-2 we compiled a planning format for the substantive tests of acquisitions transactions while using the information formulated in WPs 13-3 and 13-4.
Description of Findings:
While summarizing the aspects of internal control in WP 10-8, there were three ineffective controls that should be taken into consideration. The controls that are ineffective from WP 10-8 are Audit Committee, the Internal Audit, and the IT department. There is a lack of Audit Committee and Internal Audit in Oceanview, which is not seen to be a risk because of the size Oceanview really is. Typically, smaller companies will not provide themselves with an Audit Committee or Internal Audit so the control risk is low with these controls. No segregation of duties found in the IT department is the only control that is prone to be a control risk. This is not something to take lightly because a segregation of duties in the IT Department, as they surveillance all the technology aspects and assets of the company, is beneficial to the company and when not present can be a cause for major concern.
While completed the Internal Control questionnaire in WP 13-3, there was inadequacy in two controls. A lack of independent comparison of dates on receiving reports to dates recorded in the voucher register. The other control showing potential risk lack of a policy requirement of purchases daily as close to time of receipt of goods as possible. None of these controls were found in the flowchart provided in WP 13-2. The only affect possible from these control deficiencies is the timing of the acquisitions.
Internal Audit Team Recommendations: There are some recommendations in this part of the Audit that should be brought to Oceanviews attention. We recommend that the tests provided in WP 14-1 be used for the sales acquisitions from the tests of controls, while also endorsing Oceanview to use the suggestions provided in WP 14-2 for the substantive testing of sales acquisitions.
Identification of Any Fraud Risks: From what is stated above concerning the insufficient controls that are displayed in the questionnaire and summarization of internal control risks, there are three main control deficiencies that correlate to two possible fraud risks. The lack of an IT department and the risk of a lack of correct timing on sales acquisitions transactions.
The lack of control in the IT department is a fraud risk due to the amount of access they do have to transaction records and any assets pertaining to the company and possibly take the money for themselves.
Timing of sales acquisitions can pose a real risk to the company as not being adherent to proper recording of dates at the correct time could be a benefit to Oceanview. How this is a benefit to the company in an improper manner is they can rewrite the amount profit made in a certain month and that will directly affect the amount they are taxed from the said amount of profit.
Identification of any Related parties and any Material related party transactions: From the information gathered in the workpapers, there is no related parties nor are there material related party transactions in this section.
Management Suggestions: The following are suggestions created for the audit. They were created to help ensure policies that benefit the timeliness of the acquisitions and promote a segregation of duties between the IT department and the users in the company.
From WP 13-3: There should be policy made to compare dates on receiving reports to dates recorded in the voucher register. This will benefit the timeliness of the acquisitions.
From WP 13-3: Formulate another policy that requires recording of purchases daily that is as close to the time of the receipt from the purchase.
From WP 10-7: Ensure the IT department balances who does the recording of transactions and custody of assets by implementing a policy that allows this to evaporate from being a fraud risk. There should be a group within that deals with custody of assets and another that handles the recording of transactions.
Description of Actual Hours Spent V.S. Budgeted Hours: From WP 6-3, the budgeted time for this section in the Audit was 15-17 hours. The actual time spent performing this section is approximately 8 hours.
Conclusions: From the information compiled, Oceanview in fact does have an effective set of Internal Controls, Control Environment, and substantive test of transactions.
There were in fact five controls found ineffective. The first two found happen to be the lack of an Audit Committee and Internal Audit team, which posed no control risk due to the size of Oceanview. The three that happened to pose a control risk were the segregation of duties in the IT department (WP 10-8), a lack of comparison between dates of receiving reports and dates recorded in the voucher register (WP 13-3), and the lack of a policy that requires recording of purchases daily as close to the time of the purchase receipt (WP 13-3).
There was a recommendation on WP 14-1 for control testing and a recommendation on WP 14-2 for substantive testing.
The fraud risk factors that were found were the lack of a segregation duties in the IT department, and the timing of acquisitions. The key fraud risk would be the segregation of duties within the IT department.
A key suggestion to management that is also displayed on WP 10-7 is to segregation of duties for who is overviewing the custody of assets, and who records the transactions. A suggestion on WP 13-3 also lists suggestions for the timing of acquisitions.
The Budgeted Time said on WP 6-3 did not in fact equal the actual time spent on this part of the audit.