Thursday, October 10, 2019

Internal Control and Risk Evaluation

A risk is the chance of a negative event occurring. Internal controls are policies and procedures set in place to reduce the occurrence of an associated risk. Risks are never entirely eliminated; however, internal controls help reduce the occurrence and balance the risk. This brief will discuss the risks of Kudler Fine Food’s current Accounting Information System (AIS). In addition, the internal controls designed to mitigate the risks. Furthermore, this brief evaluates the internal controls for the AIS. Last, this brief addresses other controls, outside of the AIS that Kudler’s may need. Identify Risks According to Hunton, Bryant, and Bagranoff (2004), â€Å"business enterprises face a variety of risks, including business, audit, security, and continuity risks. † Business risk means the company may not achieve its goals and objectives. A review of Kudler’s strategic plan will help determine the business risk. The adoption of the new Just-In-Time (JIT) inventory system would be an IT timing risk. An IT timing risk is an example of an internal business risk that Kudler would face. An audit risk is the likelihood that Kudler’s external auditor would make a mistake in his or her opinion of the financial statements. Audit risks are broken down further into inherent, control, and detection risks. Every business has inherent risk because doing business is risky in itself. Control risks are the likelihood the internal controls the company has in place would not prevent a material error. Detection risks are the likelihood the audit procedure would not detect material errors. Security risks involve data access and integrity. The AIS converts raw data into useful information. To ensure the data integrity, Kudler will need to control the risks associated with collecting and processing the data. By implementing the JIT inventory system and point of sale system, data is processed as soon as something purchased from the stores. This mitigates human error under the old system. Continuity risks are associated with the AIS’ availability, backup, and recovery. Kudler’s will need to implement stronger firewalls and larger servers. This will ensure when Kudler’s does business online, customers will be able to access the website at any given time. Any down time of the website would be potential loss of business. Internal Controls Management must design and implement the internal controls. However, this is just two steps of the control process. Management must evaluate the controls for effectiveness. Kudler’s size would not necessitate an internal auditor; however, an external auditor would be beneficial in testing the effectiveness of the controls. In addition, Kudler’s would need to document policies and procedures to establish an audit trail. According to Bagranoff, Simkin, and Strand, (2008, p. 50-251), these documents should include: 1. â€Å"A chart of accounts (with the purpose of each general ledger account)† 2. â€Å"A complete description of source documents individuals must use to record accounting transactions† 3. â€Å"A comprehensive description of the authority and responsibility assigned to each individual† Controls Outside the AIS Kudler faces other external threats as well. T hese threats can be reduced by securing the AIS with firewalls, anti-virus, anti-spam, and other anti-spyware software. This will deter any potential hacker from accessing confidential information. Whereas, the software will not completely eliminate the risks involved with doing business over the Internet or remotely from each store, the risks will be greatly reduced. Conclusion Risk assessment and internal controls are vital to Kudler’s continued success. Kudler will need to monitor the effectiveness of the internal controls once the new JIT inventory system is in place. In addition, management will need to assess the risks associated with expanding business. However, these risks are balanced out by the expected increase in business transactions to ensure Kudler’s lasting success.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.