PRINCIPLES OF INTERNAL CONTROL ACTIVITIES
Study objective 2
Identify the principles of internal control activities.
Each of the five components of an internal control system is important. Here, we will focus on one component, the control activities. The reason? These activities are the backbone of the company’s efforts to address the risks it faces, such as fraud. The specific control activities used by a company will vary, depending on management’s assessment of the risks faced. This assessment is heavily influenced by the size and nature of the company.
The six principles of control activities are as follows.
• Establishment of responsibility
• Segregation of duties
• Documentation ...view middle of the document...
Use of identifying passcodes enables the company to establish responsibility by identifying the particular employee who carried out the activity.
Transfer of cash drawers
ANATOMY OF A FRAUD
Maureen Frugali was a training supervisor for claims processing at Colossal Healthcare. As a standard part of the claims processing training program, Maureen created fictitious claims for use by trainees. These fictitious claims were then sent to the accounts payable department. After the training claims had been processed, she was to notify Accounts Payable of all fictitious claims, so that they would not be paid. However, she did not inform Accounts Payable about every fictitious claim. She created some fictitious claims for entities that she controlled (that is, she would receive the payment), and she let Accounts Payable pay her.
Total take: $11 million
THE MISSING CONTROL
Establishment of responsibility. The healthcare company did not adequately restrict the responsibility for authoring and approving claims transactions. The training supervisor should not have been authorized to create claims in the company’s “live” system.
Source: Adapted from Wells, Fraud Casebook (2007), pp. 61–70.
Segregation of Duties
Segregation of duties is indispensable in an internal control system. There are two common applications of this principle:
1. Different individuals should be responsible for related activities.
2. The responsibility for record-keeping for an asset should be separate from the physical custody of that asset.
The rationale for segregation of duties is this: The work of one employee should, without a duplication of effort, provide a reliable basis for evaluating the work of another employee. For example, the personnel that design and program computerized systems should not be assigned duties related to day-to-day use of the system. Otherwise, they could design the system to benefit them personally and conceal the fraud through day-to-day use.
SEGREGATION OF RELATED ACTIVITIES.
Making one individual responsible for related activities increases the potential for errors and irregularities.
For example, companies should assign related purchasing activities to different individuals. Related purchasing activities include ordering merchandise, order approval, receiving goods, authorizing payment, and paying for goods or services. Various frauds are possible when one person handles related purchasing activities. For example:
• If a purchasing agent is allowed to order goods without supervisory approval, the likelihood of the agent receiving kickbacks from suppliers increases.
• If an employee who orders goods also handles receipt of the goods and invoice, as well as payment authorization, he or she might authorize payment for a fictitious invoice.
These abuses are less likely to occur when companies divide the purchasing tasks.
Similarly, companies should assign related sales activities to different individuals. Related selling activities...