What do you think will happen to a business not being managed by the investor itself? It can be as chaotic as a jungle or may evaporate as water under the heat of the sun without even trying to see the sunrise. This will truly happen unless you do something about it. This is where effective internal control manages a business.
Understanding Internal Controls provides an additional reference tool for all employees to identify and assess operating controls, financial reporting, and legal/regulatory compliance processes and to take action to strengthen controls where needed. By developing effective systems of internal control, management can contribute to enhancing the company's ability to meet its objectives.
Order custom essay Foltless towers hotel – an internal controls case study with free plagiarism report
The main reasons for having internal controls is to efficiently ; effectively manage the business. This is mainly to avoid and eliminate fraud. There are generally three requirements for fraud to occur - motivation, opportunity and personal characteristics. Motivation is usually situational pressures in the form of a need for money, personal satisfaction, or to alleviate a fear of failure. Opportunity is access to a situation where fraud can be perpetrated, such as weakness in internal controls, necessities of an operating environment, management styles and corporate culture. Personal characteristics include a willingness to commit fraud. Personal integrity and moral standards need to be "flexible" enough to justify the fraud, perhaps out of a need to feed their children or family illness. By developing effective systems of internal control, company can remove opportunities to commit fraud. (Delaney, P., 1983, p 458)
Managing a business would mean a lot of internal controls to be implemented to prevent possible frauds. With the supervision of Herman and Lily to Foltless Towers Hotel there are a lot of possibilities that they can be engaged in Fraud:
Intentional misstatements or omissions or amounts or disclosures in Financial Statements to deceive Financial Statements users. May involve:
1. Deception, such as manipulation, falsification or alteration of accounting records or supporting documents from which the Financial Statements are prepared.
2. Misrepresentation in, or intentional omissional from, the Financial Statements of events, transactions or other significant information.
3. Intentional misapplication of accounting principles relating to measurement, recognition, classification, presentation, or disclosure. (Delaney, P., 1983, p 498)
Examples of misstatements in Financial Statements:
1. Recording of cash without any collection at all to have a very good image to all investors.
2. Un-recording of expenses to overstate profit.
3. Understate the revenue from customer’s payment and pocket the money.
4. Intentional overstating of revenue and understating expenses to have a higher profit on the Financial Statements. This means additional bonus is given to Herman and Lily asides from the $25,000 salary. (Delaney, P., 1983, p 458)
Misappropriation of assets that involves the theft of an entity’s assets.
Misappropriation of assets can be accomplished in a variety of ways:
· Embezzling receipts
· Stealing physical or intangible assets (such as golf equipments, badminton or tennis rackets, patent, etc.)
· Causing an entity to pay for goods and services not received (often accompanied by false or misleading records or documents in order to conceal the fact that the assets are missing)
· Taking kickbacks or bribes from suppliers or customers. This can occurred from bulk orders to the company’s suppliers by getting big discounts without notifying company’s owner.
· Un-recording of cash collections or accounts receivables from customers payment from accommodations, tennis courts and badminton courts and pocket the money and collections from accounts receivables. (Horngren, T., 2006, p.112)
· Purchase ; use of merchandise or equipments for personal use. (Horngren, T., 2006, p.445) Example of these are:
- Purchase of beds, golf equipments, badminton gadgets, swimming pool’s chlorine at the expense of the company for personal use.
- Purchase of tennis rackets as a gift to a friend’s birthday or out pouring of liquors for personal parties at the expense of the company
- Use of all company facilities and equipment for personal use. More so, inviting relatives and friends for free use of all hotel’s amenities.
One of the Foltless Towers Hotel Company’s safeguards is to select an auditor of Professional ethics in dealing with the company as his client. He should not be someone you can bribe for something. He should be a man of his profession. With this, the company is being assured that audit services will be served, as it should be. As an auditor he should be equipped with the understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach. He should use professional judgment to assess audit risk and to design audit procedures to ensure it is reduced to an acceptably low level.
With the management letter, the auditor schedules the audit-planning meeting to start the audit process. This is to attest the Materiality ; Risk and Internal Control being managed by the company. Presentation of audit program may include audit sampling of the company’s receipts, disbursement, systems and management style. (Horngren, T., 2006, p.562)
Foltless Towers Hotel should have good internal controls in order to eliminate and prevent fraud. To accomplish this it should have a strong system controls that can be either Accounting System and Internal Control System.
Accounting System – The series of tasks and records of an entity by which transactions are processed as a means of maintaining financial records. Such items:
- Identify, assemble, analyze, calculate, classify, record, summarize and report transactions and other events.
Internal Control System – All the policies and procedures (internal controls) adopted by management of an entity, to assist in achieving management’s objective of ensuring, as far as practicable:
- The orderly and efficient conduct of business, including adherence to management policies,
- The safeguarding of assets,
- The prevention and detection of fraud and error
- The accuracy and completeness of the accounting records, and
- The timely preparation of reliable information (Komodo, K., 2006, p. 56)
Why study the accounting system and internal controls?
The understanding of the relevant aspects of Accounting and Internal Control Systems (AICS) together with the inherent and control risk assessments and other considerations, will enable the auditor to:
- Identify the types of potential material misstatements that occur in the Financial Statements.
- Consider factors that affect the risk of material misstatement; and
- Design appropriate audit procedures
- In a Financial Statement audit, the auditor is only concerned with those policies and procedures within the Accounting and Internal Controls Systems that are relevant to the Financial Statement assertions.
- When developing the audit approach, the auditor considers
- The preliminary assessment of control risk* and
- The assessment of inherent risk* in order to determine:
- The appropriate detection risk to accept for the Financial Statement assertions
Control risk – the risk that a misstatement, that could occur in an account balance or class of transactions and that would be material Individually or when aggregated, will not be prevented or detected and corrected on a timely basis by the accounting and internal control systems. (Komodo, K., 2006, p. 66)
Inherent risk – susceptibility of an account balance or a class of transactions to misstatement that could be material, Individually or when aggregated with misstatements in other balances or classes assuming that there were no related internal controls.
The internal control system extends beyond those matters, which relate directly to the functions of the accounting system and comprises. (Komodo, K., 2006, p. 66)
The control environment” which means the overall attitude, awareness and actions of directors management regarding the internal control systems and its importance in the entity. The control environment has an effect on the effectiveness of the specific control procedures. A strong control environment, for example, one with tight budgetary controls and an effective internal audit function, can significantly complement specific control procedures. However, a strong environment does not, by itself. Ensure the effectiveness of the internal control system. (Komodo, K., 2006, p. 126)
Factors reflected in the control environment include:
- The function of the board of directors and its committees
- Management’s philosophy and operating style
- The entity’s organizational structure and methods of assigning authority and responsibility
- Management’s control system including the internal audit function, personnel policies and procedures and segregation of duties. (Komodo, K., 2006, p. 356)
“Control procedures” which means those policies and procedures in addition to the control environment which management have established to achieve the entity’s specific objectives. Specific procedures include:
- Reporting reviewing and approving of reconciliation’s.
- Checking the arithmetical accuracy of the records.
Controlling applications and environment of computer information systems, for example, by establishing controls over:
- Changes to computer programs
- Access to data files
- Maintaining and reviewing control accounts and trial balances.
- Approving and controlling of documents.
- Comparing internal data with external sources of information.
- Comparing the results of cash, security and inventory counts with accounting records.
- Limiting direct physical access to assets and records.
- Comparing and analyzing the financial results with budgeted amounts.
Identify ways to increase security in users’ computer, record keeping and payment systems. (Komodo, K., 2006, p. 696) According to the software security company Symantec, it takes only 20 minutes for an un-patched and unprotected computer to be attacked once connected to the Internet. In that time, the pristine computer could be turned into a zombie. Zombies are machines that have been secretly taken over by hackers. The zombie networks are leased to criminals who use them to send spam or attack Web sites.
Some criminals want to put keyloggers on the computer, to steal passwords, credit card numbers and other sensitive data. There are plenty of vandals out there, too, who want to destroy the data for fun. And advertising outfits, many shady, hope to put spyware on the computer. With that, they will track what have been surfed and buried. (Investor Words, 2006. p 34)
Macro-level planning, a process that is usually conducted by audit management, identifies the audits that will be performed within the organization, while micro-level planning focuses on how to plan an individual audit. The importance of macro planning and its implications are relatively obvious. In this instance, we'll examine micro-level planning: how to scope the audit, acquire management cooperation, and ensure that the right skills are available. (Hubbard, 2000, p 4-57)
The process of deciding which areas, cycles, functions, activities, systems, or other entities to audit is often linked to a risk assessment process. Sometimes auditors are uncertain about how this process relates to the overall COSO risk assessment formula, which focuses on objectives, risks, and controls. In fact, the COSO model is relevant from both internal auditing and management perspectives and objectives. (Hubbard, 2000, p 4-57)
For example, the objectives for an audit could relate to internal auditing's aims for performing the audit, such as, "Ensure the audit provides a value-added service to management." The risks could correspond to those aims: "Management may not think auditors have the technical abilities to add value to their operations" or "The audit may the Internal Audit assignment or ensuring that staff plan and conduct the audit assignment under the Internal Auditor's supervision. (Hubbard, 2000, p 4-57) Work papers documenting the planning will include:
- The audit objectives and scope of work
- Background information about the activities to be audited, including the risks associated with the area
- The resources necessary to perform the audit
- The names of individuals who need to know about the audit
The results, if appropriate, of an on-site survey to become familiar with the activities and controls to be audited, to identify areas for audit emphasis, and to invite auditee comments and suggestions
The audit program
How, when, and to whom audit results will be communicated; and (8) the approval of the Internal Auditor if the audit work plan was completed by an assistant. (Hubbard, 2000, p 4-57)
The Internal Auditor will prepare an audit assignment for each new audit. The audit assignment will designate the staff, beginning date, completion date, and audit objectives. The audit objectives will be determined by the Internal Auditor but may be altered jointly by the Vice Chancellor for Administrative Affairs and the Internal Auditor. (Hubbard, 2000, p 4-57)
Areas of accountant's liability
- Common law (case law)
- Statutory law (SEC regulations)
- Criminal law
Common Law Liability
A. Liability to clients direct contractual relationship
1. Liability occurs if accountant fails to perform as agreed under contract
1.1 Accountants are required to perform professionally with same degree of skill and judgment possessed by an average accountant
1.2 Accountant is not an insurer of F/S and thus does not guarantee against losses from irregularities. (Hubbard, 2000, p 4-57)
The "normal" audit is not intended to uncover fraud, shortages, defalcations, or irregularities in general but is meant to provide audit evidence to express an opinion on fairness of F/S.
1.3 Accountant is not normally liable for failure to detect fraud, irregularities, etc. unless
- "Normal" audit would have detected it, or
- Accountant by agreement has undertaken greater responsibility such as defalcation audit
1.4 The accountant is liable for damages attributable to his
1.4.1 Breach of contract
1.4.2 Negligence lack of reasonable due care
1.4.3 Gross negligence lack of even slight care
1.4.4 Fraud??intentional wrongful act causing harm
2.1 For the accountant to be liable, damages must be the proximate result
2.2 Limited to losses that use of reasonable care would have avoided
2.3 Punitive damages not normally allowed for breach of contract or ordinary negligence
3.1 Best defense is to show that you did a high quality audit
3.2 Contributory negligence may be a defense in many states if client's own negligence substantially contributed to accountant's failure to perform audit adequately.
B. Liability to third parties (Hubbard, 2000, p 4-57)
1. For many years, the courts held that the CPA's liability extended only to those with whom he was in privity. In the normal accountant client relationship, there is no privity of contract between accountants and third parties. Traditionally, accountants could use a defense of no privity against suing third parties. More recently, the courts have expanded liability to some third parties:
1.1 Ultramares landmark decision
1.1.1 upheld precedent that disallows third party action for ordinary negligence
1.1.2 set precedent that allowed third party action for gross negligence
2. The courts now allowing third parties in all states to recover damages when gross negligence or fraud is involved.
3. The ability of third parties to recover against accountants for negligence is more complex and varies by state.
3.1 Credit Alliance States--allow recovery to third party beneficiaries (Hubbard, 2000, p 4-57) Third?party beneficiary ?? client and accountant intended this party to be primary beneficiary under contract
3.2 Second Restatement of Torts States--allow recovery to foreseen (Hubbard, 2000, p 4-57) parties
3.3 Foreseen party ?? nonprivity third party who CPA knew would rely on financial statements for specified transaction Leading case is Rusch Factors--1968
3.4 Rosenblum States--allow recovery to all those whom the auditor should reasonably foresee as recipients of financial statements
3.5 Foreseeable party ?? nonprivity third party not identified to the CPA by specified person or member of limited class, who may foreseeably be expected to receive the accountant's audit report, and in some way to act or forebear to act in reliance upon it. (Hubbard, 2000, p 4-57)
3.6Foreseeable third persons have some form of business relationship to or interest in the client which makes such reliance plausible.
4. To recover damages, plaintiff must prove
4.1 Material misstatement or omission on financial statements
4.2 Accountant's fault caused damages to third party
4.2.1 Actual damages if based on negligence
4.2.2 Actual damages plus punitive damages may be added if based on gross negligence or fraud
Although the intention of the Securities Act was good (to protect the investing public), the legislation has been a nightmare for CPAs. (Hubbard, 2000, p 4-57)
A. Securities Act of 1933 regulates the initial offering of securities through the mails or interstate commerce.
Companies must file registration statements (R/S) and prospectus, which contain F/S that have been audited by an independent CPA. (Hubbard, 2000, p 4-57)
1. Section 11 of the Securities Act of 1933 makes it unlawful for the initial registration statement to contain an untrue material fact or to omit a material fact
2. Proof requirements
2.1 Any purchaser of registered securities may sue; the purchaser generally must prove that the specific security was offered through the R/S
2.2 Plaintiff (purchaser) must prove damages were incurred
2.3 Plaintiff must prove there was material misstatement or omission in the F/S included in the R/S (Hubbard, 2000, p 4-57)
2.4 Plaintiff need not prove reliance on F/S (unless purchase took place after one year of the offering)
If "2.2" and "2.3" above are proven, it is a prima facie case (sufficient to win against the CPA unless rebutted) and shifts the burden of proof to accountant who may escape liability by proving
3.1 Due Diligence -- i.e. after reasonable investigation the CPA has reasonable grounds to believe th(Hubbard, 2000, p 4-57) at the F/S were true and there was no material misstatement
3.2 Plaintiff knew financial statements were incorrect when investment was made, or
3.3 Lack of causation ?? loss was due to factors other than the misstatement or omission (Hubbard, 2000, p 4-57)
B. Securities & Exchange Act of 1934 ??regulates subsequent trading
- Regulates securities sold on national stock exchanges
- Requires each company to furnish to SEC an annual report (Form 10?K) which includes audited F/S (Hubbard, 2000, p 4-57)
- Accountant civil liability comes from Section 10 (and Rule 10b?5) and Section 18 (Hubbard, 2000, p 4-57)
3.1 Section 10 (and Rule 10b?5) ?? make it unlawful to
a. Employ any device, scheme, or artifice to defraud
b. Make untrue statement of material fact or omit a material fact
c. Engage in act, practice, or course of business to commit fraud or deceit in connection with purchase or sale of security(Hubbard, 2000, p 4-57)
4. Proof requirements (Hubbard, 2000, p 4-57)
4.1 Purchasers and sellers of registered securities may bring suit
4.2 Plaintiff (purchaser or seller) must prove damages were incurred
4.3 Plaintiff must prove there was a material misstatement or omission in the financial information
4.4 Plaintiff must prove reliance on the financial information
5. The auditor's defense is to prove to scienter or no reliance.
Criminal Law (Hubbard, 2000, p 4-57)
A. Securities Act of 1933 and Securities Exchange Act of area 1934 (Hubbard, 2000, p 4-57)
1.Can be found guilty for willful illegal conduct
1.1 Omission of material facts needed to not mislead
1.2 Putting false information on the R/S
1.3 Examples of possible criminal actions
- CPA aids management in a fraudulent scheme
- CPA covers up prior year's F/S misstatements
2. Subject to fine of up to $10,000 and/or up to 5 years in prison
3. Key court decision
- 3.1 Continental Vending (1969)
- 3.2Equity Funding (1978)
- 3.3 ESM (1986)
B. Criminal violation of Internal Revenue Code (Hubbard, 2000, p 4-57)
- For willfully preparing a false return (perjury)
- For willfully assisting other to evade taxes (tax evasion)
- Federal False Statement Statute (Hubbard, 2000, p 4-57)
- Federal Mail Fraud Statute (Hubbard, 2000, p 4-57)
In the Foltless Towers Hotel Company, Mr. Basil Foltless manages the business well remotely. It is how important that a company displays the use of effective internal control. Positively, internal controls are things done by owner/management and their employees to get the job done right. Doing it right could be mean quality manufacturing delivered on time, safely and for a reasonable profit.
An internal control system is efficiently implemented with proper recording of sales with the use of Official Receipt for and reference to all deposits of all collections after a given cut off. Reports should be of proper aging of receivables. The use of Requisition form and Purchase Order for every transaction should be followed. All deliveries are supported by Delivery Receipts and Memorandum of Receipt is accomplished for every issuance. Disbursement is being made through checks monitored through its payment terms. Releasing of thus is done only with the supplier’s official receipt. It is required that Access of funds is restricted for Custodian only. Remember to use of petty cash system for small expenses. Replenishment of the established fund duly represented by official receipts. Bank Reconciliation is being done every month to balance receipts and disbursement of the company. Cash flow statement is properly presented for the company’s use. Financial statements are being presented fairly and duly signed and certified by a Certified Public Accountant.
- Delaney, P., 1983. Delaney/Gleim Cpa Examination Solutions. New Jersey: John Wiley & Sons, Inc. pp 400-600.
- Horngren, T., 2006. Introduction to Financial Accounting. Charles T. Horngren 2006. Accounting for Dummies. John A. Tracy. Pp. 115-700.
- Komodo, Kim., 2006. 6 steps to help secure your brand-new PC. [internet]. Available from: http://www.microsoft.com/smallbusiness/resources/technology/security/6_steps_to_help_secure_your_brand_new_pc.mspx. [cited 30 April 2006, p. 100-989
- USNH Vice Chancellor for Financial Affairs/Treasurer., 2001. PETTY CASH FUNDS. [Online].
Available from: http://www.finadmin.unh.edu/pol_proc/chapter_04/pro04_001.html
[cited 01 May 2006].
- Investor Words, 2006. MOST COMPREHENSIVE FINANCIAL GLOSSARY. [internet]. Available from: http://www.investorwords.com/ [cited 01 May 2006].
- Microsoft, 2006. Try Microsoft Update today. [internet]. Available from: http://go.microsoft.com/?linkid=3646726 [cited 01 May 2006]. P. 4.
- Tohmatsu, Deloitte Touche, 2006. Auditing Standards. [internet]. Available from: http://www.iasplus.com/country/philippi.htm [cited 01 May 2006]. P.16.
- Information for accountants, 2006. Internal Controls and Auditing. [internet]. Available from: http://www.informationforaccountants.com/internalcontrolsites.html [cited 02 May 2006]. P 67.
- AICPA, 2006. Accounting Standards. [internet]. Available from: http://www.aicpa.org/index.htm [cited 02 May 2006]. P. 89.
on Foltless towers hotel – an internal controls case study
It is intended for professional consultants who wish to make a case on internal control for owners of hotel businesses. The author is concerned about the gap in the agency relationship, as the owners rely on the information presented by management which may lack integrity as the basis for decision making.
It touched on risks and controls within the accounting, revenue, expenditure, purchases, receiving, storage, security, procurement, maintenance, disbursement, cash, bank, regulatory and sales or marketing cycle. It is intended for professional consultants who wish to make a case on internal control for owners of hotel businesses.
The presentation is on the Internal control of the financial and operational system in a mid size hotel. It touched on risks and controls within the accounting, revenue, expenditure, purchases, receiving, storage, security, procurement, maintenance, disbursement, cash, bank, regulatory and sales or marketing cycle.
Approval and Budgetary control should be in place for expenditures. Process Purchases Risk Unauthorized, substandard and inflated prices on the goods purchased. Illegal or private goods may be smuggled in and sold in the Hotel, without the attention of management.
Did you know that we have over 70,000 essays on 3,000 topics in our database?