Identifying Ethical Issues

Incident one

You are asked to produce an aged receivables' listing for your manager as soon as possible. However you do not have
up to date figures because of a problem with the computer system. A colleague suggests that to get the report done
in time you use averages for the missing figures.

There is an integrity issue here. Using averages instead of actual figures will almost certainly result in an
inaccurate listing. You should report the problem to your manager and ask for an extension to your deadline in order
to provide an accurate listing.

Incident two

You have received a letter from an estate agent, requesting financial information about one of your company's
customers that is applying to rent a property. The information is needed as soon as possible, by fax or e-mail, in order
to secure approval for the rent agreement.

There is a confidentiality issue here. You need the customer's authority to disclose the information; you may
also need to confirm the identity of the person making the request. You should also take steps to protect the
confidentiality of the information when you send it: for example, not using fax or e-mail (which can be intercepted),
and stating clearly that the information is confidential.

Incident three

While out to lunch, you run into a friend at the sandwich bar. In conversation, she tells you that she expects to inherit
from a recently deceased uncle, and asks you how she will be affected by inheritance tax, capital gains tax and other
matters.

There are issues of professional competence and due care here. You are not qualified to give advice on
matters of taxation. Even if you were qualified, any answer you give on the spot would risk being incomplete or
inaccurate with potentially serious consequences.

Incident four

A client of the accountancy practice you work in is so pleased with the service you gave him this year that he offers
you a free weekend break in a luxury hotel, just as a 'thank you'.

There is an objectivity issue here as the gift is of significant value. Think about how it looks: a third party
observer is entitled to wonder what 'special favours' deserve this extra reward — and/or how such a gift may bias you
in the client's favour in future.

Corporate social responsibility

The concept of corporate social responsibility (CSR) was established by the expectation in society that
companies are accountable for the social and ethical effects of their actions.

A company's CSR can be defined as the obligations that it feels that it has to the community, persons and
organisations connected to it and to society as a whole. For example, organisations that source materials from
developing countries may feel they should ensure workers involved in the production of those materials are treated
fairly. As accountants play a central role in the operation of a business, they are key to the organisation upholding
these values.

Economic aspects that finance professionals may consider include, supporting their organisation or clients to
be profitable, supporting local businesses when deciding on suppliers and paying them on time and looking for ways
to improve the efficiency of the organisation's finance operations.

Social aspects may include supporting policies on corporate governance and consulting the local community
when making decisions on investing in or relocating operations.
 Environment aspects are usually in relation to using less energy and creating less pollution. A finance
professional should therefore support company policies on the long-term management of resources and facilitating
the running of their organisation in a sustainable manner. These may include, for example, not printing emails unless
necessary, turning lights off at the end of the day and recycling materials used in their office.

Chapter 5: Internal Controls

A system of internal control consists of the following elements:

• The control environment

• The risk assessment process
• The information system — covered by Chapter 4
• Control activities
• Monitoring of controls

Control environment

The CONTROL ENVIRONMENT is formed by the attitudes, awareness and actions of management and those
responsible for ensuring that the internal controls within an organisation meet that organisation's needs. In other
words, the control environment is the foundation on which any internal control system rests.

The owners or management of an organisation can introduce numerous controls to ensure that nothing goes
wrong, but if everyone ignores them, and management do nothing about that, then the internal control system is not
likely to operate very well. There are various ways that a good control environment can be seen in practice:

• Management communicate and enforce integrity and ethical behaviour

• Management and staff are well trained and competent
• Management operates in a way that promotes control
• The organisation is structured in a way that promotes control
• Authority and responsibility for controls is assigned to people
• Human resources policies promote controls.

The risk assessment process

As noted above, the internal control system is all about responding to risks that the company's objectives
might not be met. Examples of risks with regard to the three identified business objectives:

1. Reporting accurately — The owner and most of the accounts team have no formal accounting qualifications and
therefore no knowledge of reporting requirements. Also, record keeping is poor and there is no central accounting
system.

2. Operating effectively — The accounts team are not all in the office at the same time, most are part time and work
different days. The Directors have recently been absent from work without adequate cover. If one of the Directors
were to become ill (or if members of the accounts team were to) there is no adequate cover. The business operates
with few formal controls and is based on trust in the integrity of staff.

3. Keeping within applicable laws and regulations — The business sells some items that are regulated, but the
Directors are not legal experts in this area. Also there is no expert in accounting and payroll regulations and no person
responsible for ensuring the business remains up to date with regulations and law.

All organisations will have some sort of process (not necessarily formal) for assessing the risks it might face
and then implementing strategies (controls) to mitigate the risks. Going back to the risks identified, we can now review
the actions the Directors might have taken in respect of the risks.

1. Reporting properly — No formal accounting qualifications are held by the Directors or staff — this used to be partly
mitigated by the use of a third party to complete the payroll (a highly regulated function), but this is no longer the
case. The Directors are keen to support staff who wish to train and obtain qualifications but leaves them to organise
this themselves.
2. Operating properly — The Directors left signed cheques to be used during their absence, so that suppliers and staff
could continue to be paid, and has now employed one full time member of staff in the accounts department.

3. Keeping the law — Very little has been done here according to the scenario. It would be expected that the Directors
are experienced in some of the regulations affecting the business but this has to be implied, it is not explicit. The
scenario does mention that the company has a firm of accountants, Southampton Accounting Services, and it could
be that they provide appropriate advice to it regarding accounting regulations and payroll law.

In terms of risk assessment, it may be the case that a smaller organisation tends to do this with the assistance
of external advisers. For example, a small organisation may be reliant on the business advice that auditors might give
in conjunction with their audit, whereas a larger organisation will rely more on internal staff and may even employ
people specifically to assess risks to the business.

Task 2

We are now going to look at another organisation, Metal Extrusions Midlands Limited (MEM).

MEM is a family business which is 80 years old. It has 6 family members on the board of directors, four of whom are
active in the business. It employs 50 staff; 40 in manufacturing, 10 in administration. The administration department
includes a finance department with a staff of five, including a financial controller. The financial controller is a qualified
accountant and is not on the board of directors. None of the directors has any accounting skills.

MEM produces metal extrusions, which is a highly mechanised operation. It has always carried out its operations in
the same factory. The factory and its machinery are very old. MEM made a significant investment in new machinery
in 1954. There have been few developments in metal extrusion since that time. However, the company has been
experiencing competition in recent years from a new company set up by two disgruntled former employees.

MEM has several suppliers of metals and the other materials required for production. There are two major suppliers,
one of which is British and the other is French. The company purchases 30% of its metal raw materials from the French
supplier, which insists on invoicing and being paid in Euros.

What business risks can you identify, particularly with regard to the business objectives of (1) reporting accurately (2)
operating effectively and (3) keeping within applicable laws and regulations?

(1) reporting properly

The fact that the qualified accountant is not on the board may impair the effectiveness of the board to report
properly. The fact that the company deals in more than one currency increases the risk of errors in the financial
statements.

(2) operating properly

The business is at risk of not operating properly due to out of date machinery. In addition, the company is
facing increased competition from a company which is likely to have more up to date equipment and may have a
useful knowledge of MEM’s operating practices.

(3) keeping within the law

The company has a number of employees and must ensure that it satisfies the many legal requirements in
relation to its employees. The company operates from an old building using old machines. It must ensure that it
operates within the boundaries of health and safety law as well.
Control activities

CONTROL ACTIVITIES are the policies and procedures that help ensure that management objectives are carried
out. There are a variety of control activities that can be used by an organisation:

• Performance reviews — comparing budgets to actual performance.

• Information processing — checking that transactions have been processed accurately, completely and have
been appropriately authorised.
• Physical controls — controls over the physical security of assets.
• Segregation of duties — making sure that a number of people are involved in recording each transaction to
minimise opportunity for fraud and error.

Control activities may include the following:

1. Approval and control of documents

Transactions should be approved by an appropriate person, for example, overtime should be approved by
departmental heads.

2. Controls over computerised applications

These may be general controls (see below) or application controls which may be built into the system (see below).

3. Controls over arithmetical accuracy

For example, when invoices are raised or received, a staff member should ensure that the invoice adds up correctly.

4. Maintaining control accounts and trial balances

You should know from your accounting studies that these can be useful in ensuring that mistakes have not been made
in 'the financial records. For example, some errors will result in a trial balance not balancing.

5. Reconciliations

Reconciling two different sources of information, such as a bank statement and a cashbook, or a purchase ledger
account and a statement from the supplier can also highlight if errors have occurred.

6. Comparing assets to records

Again, this can identify where errors have been made in recording transactions. For example, staff might compare
non-current assets owned by the organisation to those recorded as owned in the non-current asset register or cash in
the petty cash tin to the amount shown in the petty cash book.

7. Restricting access

A good way of restricting errors and particularly the fraud or theft is to restrict access to assets and financial records
— for example, by locking receipts in a safe until they go to the bank, having codes to unlock the cash tills and locking
the stores where inventory is kept.

Application computer controls

APPLICATION CONTROLS are controls relating to the transactions and standing data relevant to each
computer-based accounting system. Controls can be found over input to the computer (covering completeness,
accuracy and authorisation) processing and standing data.

For completeness, the person inputting the data might check processed output to source documents on a one
to one basis, or might check the number of transactions processed with the number of original documents. There
might be an agreement of the total value of the amount processed (a batch total) between the source documents and
the total input to the computer.
 For accuracy, the computer might have programmed controls to check the plausibility of information being
put into certain fields. For example, some fields might be wrong if they were a negative number, or the VAT field might
have to be a sensible percentage (20% or 5%) of the total field. Invoice numbers might have to have a letter as well as
number values to be valid. Scrutinising output will also help to check accuracy.

Checks over authorisation will be manual — checking to see if the source documentation input has been
evidenced as authorised by suitable personnel.

General computer controls

GENERAL COMPUTER CONTROLS are controls other than application controls relating to the computer
environment. They aim to establish a framework of overall control over the computer information system's activities
to provide a reasonable level of assurance that the overall objectives of internal controls are achieved.

Controls will exist over developing computer applications, preventing unauthorised changes to applications,
testing genuine changes when they are made, and preventing applications being used by the wrong people at the
wrong time.

General computer controls include matters of security — limiting access to computers or computer
programmes, both physically (by locking them up) and by using passwords, or creating back ups of important files and
then keeping them safe — and procedures over development and testing — isolating development and testing,
obtaining approval.

Segregation of duties is also an important general control over computers — as other users of the same
programmes would notice unauthorised changes to programmes.

Size of the organisation

Control activities are likely to be similar, regardless of the size of the organisation. However, the personnel
involved in carrying out control activities may vary. We have already mentioned in the context of the control
environment that in smaller organisations, management may be more involved in actually implementing control
activities.

Segregation of duties can be a serious problem for small organisations, where often there are insufficient staff
to allow proper segregation between duties to occur.

Task 3

Look back to the descriptions of the information systems at Cookridge and Cookridge Carpets Ltd. What do you think
of the degree of segregation of duties operating in these systems?

Think about what is appropriate to an organisation such as Cookridge and Cookridge Carpets Ltd which is small and
with limited finance staff. Could further segregation be implemented? Think this through carefully and then review
the suggested answers at the back of this workbook.

There is very little segregation of duties at Cookridge and Cookridge Carpets Limited and, although the key
sales, wages and purchase functions are carried out by different staff, the system would benefit from some segregation
being introduced. For example, payments for purchases should be authorised by someone other than Margaret. It
would be appropriate for the new, full time, senior accounts clerk (you!) to authorise all such payments.

Monitoring of controls

MONITORING OF CONTROLS is necessary to assess the quality of internal control performance over time. In
many entities, this is a function that is performed by the internal audit department. If there is no internal audit
department, it would be done as a matter of course by departmental heads — for example, the sales director is likely
to become aware of deficiencies of controls in the sales cycle because it means his department does not function as
well as it might.
 The personnel monitoring the controls will differ depending on the size of the organisation. For example, a
small organisation is unlikely to have an internal audit department. In addition, monitoring of controls is likely to be
less formal in a smaller organisation.

Purchases Systems
Control objectives in the purchases system
Task 9

Think for a moment about what the aims of an internal control system over purchases might be, and what risks it
might be aiming to mitigate. In doing so, you might find it helpful to think through the stages of the purchases process.
When you have thought it through, read through the suggestions set out below.

Ordering

• An organisation should only order goods and services that are authorised by appropriate personnel and are
for the organisation's benefit (risk — the organisation pays for unnecessary or personal goods).
• An organisation should only order from authorised suppliers (risk — other suppliers may not supply quality
goods or may be too expensive).

Receipt of goods and invoices

• An organisation should ensure that goods and services received are used for the organisation's purposes (risk
— the organisation may pay for goods/services for personal use).
• An organisation should only accept goods that have been ordered (and appropriately authorised) (risk — as
above). Check with P.O.
• An organisation should record all goods and services received (risk — the organisation fails to pay for
goods/services and loses suppliers). On GRN Note.
• An organisation should ensure it claims all credits due to it (risk — organisation pays for goods it does not use).
• An organisation should not acknowledge liability for goods it has not received (risk — organisation pays for
goods it has not received).

Accounting

• An organisation should only make authorised payments for goods that have been received (risk — organisation
pays for goods it has not received).
• An organisation should record expenditure correctly in the accounting records (risks — financial statements
are misstated, and the organisation does not pay for genuine liabilities).
• An organisation should record credit notes received correctly in the accounting records (risks — financial
statements are misstated, and the organisation pays for items unnecessarily).
• An organisation should record liabilities in the correct accounts payable (purchase ledger accounts) (risk —
organisation pays the wrong supplier).
• An organisation should record liabilities in the correct period (risk — financial statements are misstated by
recording purchase but not inventory or recording inventory, but not the associated liability).

Payments

• An organisation should only make payments to the correct recipients and for the correct amounts which are
authorised (risk — organisation pays the wrong supplier).
• An organisation should only pay for liabilities once (risk — the organisation pays more than once and the
supplier does not correct the mistake).

Task 10

For each of the objectives given in bullet points above, can you think of a procedure(control) which will help achieve
the objective? When you have thought it through, read the next section, which gives you some examples of controls.
Controls in the purchases system

Task 11

Which stages of the purchases system do you feel ought to be dealt with by different staff members, and why? Read
through the following text to see the answer.

The key areas of concern are:

A person could order and pay for personal goods through the organisation, so ordering and payment should be
separated. The risk of fraud will also be reduced if the person who writes out the cheques is different from the person
who signs the cheques.

Ordering

• An organisation should have a central policy for choosing suppliers.

• The necessity for orders should be evidenced before orders are authorised.
• Orders should only be prepared when purchase requisitions are received from departments.
• Orders should be authorised.
• Orders should be pre-numbered and blank order forms should be safeguarded.
• Orders not yet received should be reviewed.
• Supplier terms should be monitored and advantage should be taken of discounts offered.

Goods and invoices received

• Goods received should be examined for quality and quantity.

• Goods received should be recorded on pre-numbered goods received notes.
• Goods received notes should be compared with purchase orders.
• Supplier invoices should be checked to orders and goods received notes.
• Supplier invoices should be referenced (numerical order and supplier reference).
• Supplier invoices should be checked for prices, quantities and calculations.
• Goods returned should be recorded on pre-numbered goods returned notes.
• There should be procedures for obtaining credit notes from suppliers.

Accounting

• Purchases and purchase returns should be promptly recorded in daybooks and ledgers.
• The accounts payable (purchase ledger) should be regularly maintained.
• Supplier statements should be compared with accounts payable.
• Payments should be authorised and only made if goods have been received.
• The accounts payable (purchase ledger) control account should be reconciled to the list of balances.
• Goods received but not yet invoiced at the year end should be accrued separately.

Payments

• Cheques should be requisitioned and requests evidenced with supporting documentation.

• Cheque payments should be authorised by someone other than a signatory.
• There should be limits on the payment amount individual staff members can sign for.
• Blank cheques should never be signed.
• Signed cheques should be despatched promptly.
• Payments should be recorded promptly in the cashbook and ledger.
• Cash payments should be limited and authorised.
Task 12

What are the objectives of the following controls?

▪ The necessity for orders should be evidenced.

▪ Supplier invoices should be matched to goods received.
▪ Supplier statements should be compared with accounts payable.
▪ Blank cheques should never be signed.

You should also review the list of all the controls given above and ensure that you understand what the objectives of
the controls are.

▪ The necessity of orders should be evidenced so that goods are only purchased for genuine business reasons.
▪ Supplier invoices should be matched to goods received. Supplier invoices should be referenced so that they
can be recorded in sequence and so that they can be found easily in the event of disputes.
▪ Supplier statements should be compared to the accounts payable ledger to discover errors in recording in the
accounts payable ledger and/or to discover whether the company is being charged for genuine liabilities.
▪ Blank cheques should never be signed as this makes it easier for cash to be stolen from the company/spent
on goods which are not for business use.

Sales systems
Control objectives in the sales system
Task 4

Think for a moment about what the aims of an internal control system over sales might be, and what risks it might be
aiming to mitigate. In doing so, you might find it helpful to think through the stages of the sales process — for both
credit and cash sales.

It might be helpful to think about Cookridge and Cookridge Carpets Ltd, the example Case Study at the back of this
workbook. How does their current sales system operate and what risks are there? When you have thought it through,
read through the next section, which gives you some examples of controls.

Here we are focusing mainly on the risk of credit sales. When an organisation is making cash sales, no credit is
granted, and often there is no formal order as the customer chooses and pays for goods which are available. Risks
associated with cash sales are more in respect of the cash element which is discussed at the end.

Orders and extending credit

▪ An organisation should only supply goods to customers who are likely to pay for them (risk — the organisation
loses goods of value and does not receive value in return). This is often termed as only selling to customers
with a good credit rating.
▪ An organisation should encourage customers to pay promptly (risk — the organisation loses the value of being
able to use the money in their business or interest on the money in the bank due to late payment).
▪ An organisation should record orders correctly (risk — the organisation sends the wrong goods to the
customer causing added cost or risk of loss of the customer).
▪ An organisation should fulfil orders promptly (risk — the organisation loses customer).

Despatching and invoicing goods

▪ An organisation should record all goods it sends out (risk — goods are sent out and not invoiced, and the
organisation loses money).
▪ An organisation should correctly invoice all goods and services sold (risk — insufficient amount is charged and
the organisation loses money).
▪ An organisation should only invoice goods it has sent out/despatch (risk — organisation charges for goods in
error and loses customer).
▪ An organisation should only issue credit notes for a valid reason (risk — organisation issues credit notes
incorrectly and loses money).
Recording and accounting for sales, credit control

▪ An organisation should record all invoiced sales in its accounting records (sales ledger and general ledger)
(risks — sales are not recorded and wrongly omitted from financial statements, and payment is not chased as
sale was never recorded).
▪ An organisation should record all credit notes in its accounting records (risks — as above, financial statements
likely to be misstated and potential to lose customers by chasing cancelled debts).
▪ An organisation should record all invoiced sales in the correct sales ledger accounts (risks — losing customers
by chasing the wrong customer for the debt and not receiving the money from the correct customer).
▪ An organisation must ensure that invoices are recorded in the sales ledger in the correct time period (risk —
errors in the financial statements due to counting both the sale and the related inventory (stock) as assets or
counting neither).
▪ An organisation must identify debts for which payment might be doubtful (risk — organisation fails to take
action until it is too late to retrieve the debt and, in the worst case, organisation wrongly records bad debts
as assets in the financial statements).

Receiving payment (cash)

▪ An organisation should record all money received (risk — the money could be stolen or lost, customers could
be lost through chasing payments already made by the customer, the financial statements are likely to be
misstated).
▪ An organisation should bank all money received (risk — (with consequences as above), the organisation loses
out on interest that could be being made on receipts).
▪ An organisation should safeguard money received in the period until it is banked (risk — money may be stolen
in the interim period).

Task 5

For each of the objectives given in bullet points above (Control objectives in the sales system), can you think of a
procedure (a control) which will help achieve the objective? When you have thought it through, read through the next
section, which gives you some examples of controls.

Controls in the sales system

We shall list some examples of controls in the sales system relating to the objectives outlined above, but
before we do, it is relevant to emphasise the importance of segregation of duties in a sales system.

Task 6

Which stages of the sales system do you feel ought to be dealt with by different staff members, and why? Read through
the following text to see the answer.

It is possible that a person could create a false customer in order to steal the organisation's inventory (stock)
and then not pay for it. This would only be possible if the same person were in charge of orders and credit
control/accounts receivable (sales ledgers).

There are two key potential frauds with regard to the receipt of cheques and/or cash from customers. First, a
staff member may intercept cheques when they arrive at the organisation and steal them before they are recorded.
Second, a staff member may steal cheques and/or cash and misallocate them to the accounts receivable (sales ledger)
records (in other words, make it look as if the customer is further behind in payment than he actually is on an ongoing
basis/ Teeming and lading). Such a fraud may not be discovered as the customer may never appear behind enough in
payments to be chased for overdue debts. In order to prevent such frauds, several people should be involved in dealing
with cheque and/or cash receipts.
Orders and extending credit

• Credit terms offered to customers should be authorised by senior personnel and reviewed regularly.
• Credit checks should be carried out on new customers.
• Changes in customer data (for example, their address) should be authorised by senior personnel.
• Orders should only be accepted from customers with no existing payment problems.
• Order documents should be sequentially numbered so that 'false sales' can be traced.

Despatching and invoicing goods

• Despatch of goods should be authorised by appropriate personnel and checked to order documents.
• Despatched goods should be checked for quality and quantity.
• Goods sent out should be recorded.
• Records of goods sent out should be agreed to customer orders, despatch notes and invoices.
• Despatch notes should be sequentially numbered and the sequence should be checked regularly.
• Returned goods should be checked for quality and recorded on goods returned notes (GRN).
• Customers should sign despatch notes as proof of receipt.
• Invoices should be prepared using authorised prices and quantities should be checked to despatch notes.
• Invoices should be checked to ensure they add up correctly.
• Credit notes should be authorised by appropriate personnel.
• Invoices and credit notes should be pre-numbered and the sequence should be checked regularly.
• Inventory records should be updated from goods sent out records.
• Sales invoices should be matched with signed delivery notes and sales orders.
• Orders not yet processed should be regularly reviewed.

Recording and accounting for sales, credit control

• Sales invoice sequence should be recorded and spoilt invoices recorded and destroyed.
• Sales receipts should be matched with invoices.
• Customer remittance advices should be retained.
• Sales returns and price adjustments should be recorded separately from the original sale.
• Procedures should exist to record sales in the correct period.
• Receivables statements should be prepared and checked regularly.
• Receivables statements should be safeguarded so they cannot be amended before they are sent out.
• Overdue accounts should be reviewed and followed up.
• Write off of bad debts should be authorised by appropriate personnel.
• The accounts receivable control account should be reconciled regularly.

Receiving payment (cash)

• There should be safeguards to protect post received to avoid interception.

• Two people should be present at post opening, a list of receipts should be made and post should be stamped
with the date opened.
• There should be restrictions on who is allowed to accept cash (cashiers or sales people).
• Cash received should be evidenced (till rolls, receipts).
• Cash registers should be regularly emptied.
• Tills rolls should be reconciled to cash collections which should then be agreed to cash banked.
• Cash shortages should be investigated.
• Cash records should be maintained promptly.
• There should be appropriate arrangements made when cashiers are on holiday.
• Receipts books should be serially numbered and kept locked up.
• Cash and cheques should be banked daily.
• Paying in books should be compared to initial cash records.
• All receipts should be banked together.
 • Opening of new bank accounts should be restricted to certain personnel and authorised by senior
management.
• Cash floats held should be limited.
• There should be restrictions on making payments from cash received and restricted access to cash on the
premises.
• Cash floats should be checked by an independent person sometimes on a surprise basis.
• Cash should be locked up outside normal business hours.

Task 7

What are the objectives of the following controls?

▪ Credit checks should be run on new customers.

▪ Sales invoices should be sequentially numbered.
▪ Receivable statements should be prepared regularly.
▪ Restrictions on who is allowed to receive cash.

You should also run through the lists of controls given in the text above to ensure you can identify the objectives
behind each of them.

▪ Credit checks on new customers are to ensure that the customer is a good credit risk and able to pay for
goods/services purchased.
▪ Sales invoices should be sequentially numbered to ensure that fictitious sales invoices are not raised (and
used to then misappropriate genuine payments for other invoices).
▪ Receivable statements should be prepared regularly to check that the sales ledger has been kept correctly
(customers are likely to draw attention to debts that are not genuine) and to encourage trade
receivables(debtors) to pay promptly.
▪ There should be restrictions on who is allowed to receive cash for the business to minimise the risk of cash
being stolen or lost.

Task 8

Here is some information relating to sales at XYZ Limited:

Peter receives sales orders in a variety of ways: by telephone, by email and in person. Whenever he receives an order,
he notes it in the sales order book. Some orders can be fulfilled from shop inventory (stock), others must be ordered
from suppliers.

When an order is delivered, Peter raises a despatch note on his computer. The computer automatically raises an
invoice when a despatch note is raised. These documents are printed off and sent to the customer. When the
documents are printed, the computer programme automatically updates the sales daybook which is also on the
computer. When customers pay, Peter enters the details of the cheques into the cashbook.

Some of the controls in the system have been highlighted. Some of these are manual controls and others are
computerised. For instance, orders are manually recorded in the order book, but sales invoices are automatically listed
in the sales daybook as a result of a computer programme.

The system at XYZ Limited is very basic and is far from perfect. Can you recommend any other controls that should
exist in the system as outlined above? List out as many as you can, that are appropriate to XYZ Limited, before
reviewing the suggested answers at the back of this workbook.

▪ Sales orders should be recorded on pre-numbered documents.

▪ Despatch notes should be checked to sales orders prior to despatch.
▪ The accounts receivable ledger should be written up more frequently to aid credit control.
▪ Accounts receivable ledger should be reviewed frequently to check for irrecoverable(bad) debts.
▪ Someone other than Peter should record and bank receipts.
Wages Systems
Control objectives in the wages systems
Task 13

Think for a moment about what the aims of an internal control system over wages and salaries might be, and what
risks it might be aiming to mitigate. In doing so, you might find it helpful to think through the stages of paying wages
and salaries. When you have thought it through, read the next section, which gives you some examples of controls.

Setting wages and salaries

• An organisation should only pay employees for work they have done (risk — the organisation overpays).
• An organisation should pay employees the correct gross pay, which has previously been authorised (risk —
the organisation overpays).

Recording wages and salaries

• An organisation should record gross pay, net pay, and relevant deductions correctly in the payroll records (risk
— organisation may make incorrect payments to staff/tax offices and financial statements may be
misstated).
• An organisation should record payments made in the bank and cash records and general ledger (risk —
financial statements may be misstated).

Paying wages and salaries

• An organisation should pay the correct employees (risk — angry, unpaid workforce and/or the organisation
pays the wrong people).

Deductions

• An organisation should ensure all deductions have been properly calculated and authorised (risk — breaking
the law, incorrect pension contributions).
• An organisation should ensure they pay the correct amounts to taxation authorities (risk — breaking the law
and incurring fines).

Task 14

For each of the objectives given in bullet points above, can you think of a procedure (a control) which will help achieve
the objective? When you have thought it through, read through the next section, which gives you some examples of
controls.

Controls in the wages system

Task 15

Which stages of the wages system do you feel ought to be dealt with by different staff members, and why? Read
through the following text to see the answer.

Where there is no segregation of duties it would be possible for the person responsible for the wages system
to authorise an inappropriate salary for himself, or enter someone who is not an employee onto the payroll.

Setting wages and salaries

• Personnel records should be maintained and referred to when calculating wages and salaries.
• Engaging employees, setting rates of pay, changing rates of pay, overtime, non-statutory deductions from pay
and advances of pay should all be authorised and recorded.
• Changes in personnel should be recorded.
• Hours worked should be recorded, time should be clocked.
• Hours worked should be reviewed.
• Wages should be reviewed against budget.
Recording wages and salaries

• Payroll should be prepared, checked and approved before payments.

Paying wages and salaries

• Wage cheque for cash payments should be authorised.

• Cash should be kept securely.
• Identity of staff should be verified before payment.
• Distributions of cash wages should be recorded.
• Bank transfer lists should be prepared and authorised.
• Bank transfer lists should be compared to the payroll.

Deductions from pay

• Separate employees' records should be maintained.

• Total pay and deductions should be reconciled month on month.
• Costs of pay should be compared to budgets.
• Gross pay and total tax deducted should be checked to returns to the tax authorities.

Task 16

What are the objectives of the following controls?

▪ Changes in personnel should be recorded.

▪ Payroll should be properly prepared.
▪ The wage cheque for cash payments should be authorised.
▪ Costs of pay should be compared to budgets.

You should also review the list of all the controls given above and ensure that you understand what the objectives of
the controls are.

▪ Changes in personnel should be recorded so that the right employees are paid for work done.
▪ A payroll should be prepared to ensure that employees are paid the correct amounts and the correct
deductions are made, and posting to the general ledger can be checked.
▪ The wage cheque for cash payments should be authorised so that cash is not stolen.
▪ Costs of pay should be compared to budgets because any discrepancies observed might reveal errors in
calculation or in payments made to staff or leavers inappropriately.

Internal Audit

Internal audit is a function within an organisation that is independent from the managers. This independence is vital
as one of the duties of the internal audit function is to review and test internal controls (policies and procedures) that
management have implemented, and to make recommendations to improve them.

The internal audit department will usually report to an audit committee, which for large organisations will include non-
executive directors of the organisation. Many smaller organisations will not have an internal audit department and
may outsource the internal audit function to third parties such as their external auditors.

Internal auditors are also an important tool in risk management in an organisation. They will monitor and evaluate the
organisation's risk management processes, and whether these processes protect the owners of the organisation in
terms of their investment within it. For example they will review how the accounting systems of the organisation are
kept secure, free from error and backed up in case of a system crash.
Internal auditors will also use risk assessment to review which areas of the organisation are at the greatest risk of a
loss of controls and prioritise their activities accordingly. A typical internal audit project will include the following
processes:

1. Decide and communicate the scope and objectives of the audit.

2. Review and map the relevant area of the organisation. This could include interviews with staff as well as
documenting systems and processes with tools such as flowcharts.

3. Ascertain the key risks in the area under review.

4. Identify the current controls in place.

5. Test that the controls are effective, by identifying a sample of the controls to test, and then adjusting the sample
based on the results of the testing.

6. Document the work done and report to management with recommendations to improve.

7. Follow up to ensure that the recommendations have been implemented appropriately.

Controls include system controls, manual controls, personnel controls and accounting controls. One way to
review the controls in place is to review the critical incidents that have occurred. For example inventory levels are
recorded on Excel spreadsheets and the warehouse manager should update the spreadsheets when inventory is
delivered into the warehouse, or when inventory is moved from the warehouse into the showroom. However, when
the new warehouse manager, Joe Bloggins, was appointed he carried out an inventory check and found that there was
a shortfall of L 3,000 in the actual physical inventory against that on record. This was because there was no evidence
of when goods had been taken from the warehouse to the showroom. This shows that the internal control in place —
the spreadsheets that should be updated every time inventory levels change or items of inventory are moved — was
not working effectively.

Chapter 6: Analysis of fraud for Task 3

Task 1

Consider all the probable frauds that could occur within the accounts department of Cookridge and Cookridge Carpets
Ltd — even if the controls currently in place make such a fraud unlikely. List as many as you can.

Frauds that could occur within the accounts department include:

Theft of assets — computers or other assets could be stolen by any of the staff within Cookridge and Cookridge Carpets
Limited due to the easy access to the accounts office.

Overstatement of wages — there are no controls in place to approve actual wages paid to staff, so the wages clerk
could overstate wages by either overpaying on hours worked and/or the hourly rate.

Theft of cash from the office — petty cash is kept in the staff room and there is little control over access to the office.
There is no one member of staff responsible for the petty cash tin and the only control is a sheet on which any expenses
paid for using petty cash should be logged. However, this control is currently ineffective as it would appear that it is
not being used. Staff also have been borrowing money from this tin on occasions. There are frequently discrepancies
over the amount that should be in the tin and surprise at finding the tin empty or running low.

Theft of cheques — there are few controls in place to store the cheque book securely and it has been found in an
unlocked drawer together with blank, signed cheques.

Overstatement of hours worked — the stores supervisor could add more hours to the staff rotas than physically
worked by staff.

Theft of inventory — there is no mention of controls such as inventory counts to prevent the theft of inventory from
the warehouse. The excel spreadsheet used to record movements of, or changes to the level of, inventory is also an
ineffective control as staff fail to update it.
Overpayment of supplier invoices — there is no control to check that cheques prepared to pay suppliers equate to
the amount physically owed and invoiced.

Under recording of goods sold — there are few controls in place to ensure goods purchased are accurately recorded.

Writing off of debts — there are no controls to ensure that debts from customers are not written off.

Theft of cash or cheques from the mail — no separate controls are in place to record cash and/or cheques received.

Theft of cash and/or cheques from tills — the tills are not balanced each evening so there is no accountability for any
missing cash and/ or cheques.

Theft of cash via the set up of a ghost employee — there are no controls over the addition of new starters to the
Payroll system, such as a requirement for documentation that cannot be over-ridden, segregation of duties, or linking
to HR records. This means that a person could set up a fictional employee and keep the wages 'earned' for themselves.

Fraud Controls
Staff controls — such as supervision, segregation of duties, good recruiting processes (including the following up of
references), training and membership of professional bodies.

Management controls — such as effective, well trained managers, authorisation of journals, control limits on
expenditure and purchases and authorisation levels for activities. This would also include an internal control or audit
role.

Physical controls — such as keeping asset registers or assets under lock and key, access controls to offices and other
places of work. Also controlling access to systems as discussed in Chapter 4.

General controls — such as double checking calculations, reporting on exceptions, signing for wages received and
rules and procedures in place for staff.

Task 2

Taking 5 of the potential frauds analysed in Task 1, construct a fraud matrix, to detail the current controls in place, the
implications of fraud to the organisation, the risk to Cookridge and Cookridge Carpets Limited and recommendations
to improve the controls. Ensure the recommendations you make are appropriate to the organisation.

Potential fraud Controls currentlyin Risk to the Implications Improvement identified

place organisation
1=low,
5=high
1.Theft of assets Physical access to the 2 Loss of assets Access code changed and only
accounts department such as key staff have knowledge of it,
controlled by keypad computers and non-current asset register kept.
but with common entry possibly key data
code. and information.
2.Overstatement None. 4 Overpayment of All wages are countersigned on
of wages – wages wages to staff. completion and system used to
clerk calculate wages based on hourly
rates signed off by
management.
3.Theft of cash Petty cash is kept in the 2 Loss of cash Door to office should remain
from the office staff room and office has locked rather than propped
keypad access. Contains open. Petty cash tin should be
notebook for recording stored in locked cupboard or
expenses charged to safe. One member of staff
petty cash, but this should be responsible for the
control is often not petty cash.
followed.
4.Theft of Cheque book kept in 4 Cheques could be Cheque book is kept in safe and
cheques locked drawer – but used for own log of cheques kept to ensure all
control not always purchase/cash. accounted for.
followed.
5.Overstatement None. 3 Overpayment of Staff should sign in and out of
of hours worked – wages to work and this should be used for
showroom showroom staff. wages calculations and
supervisor countersigned by showroom
supervisor – a more
comprehensive control, though
perhaps not appropriate to the
company would be a time
keeping system based on staff
clocking in and out of work.
6.Theft of An Excel spreadsheet 4 Loss of inventory. Regular inventory checks and
inventory from showing inventory levels perhaps random checks on staff
warehouse and location of as they leave work.
inventory is in place,
however, this document
is not always updated
and inventory checks
back to it do not tend to
occur.
7.Under recording None. 3 Reduced Accounting system linked to tills
of goods sold revenue. could be initiated plus
supervisory checks on tills. Also
inventory checks to identify
‘lost’ inventory.
8.Overpayment of None. 3 Increased costs. Accounting system should be
supplier invoices used that matches invoices to
purchase orders and goods
received, this will produce
reports on total payments for
reconciliation. Also BACS
payments for suppliers.
9.Writing off None. 3 Increased costs. All debts written off must be
customer debts authorised by business owner.
10.Theft of cash/ Cash and cheques 2 Lost Mail opening should be
cheques from the received are written into cash/cheques, witnessed by an additional staff
mail day book. reduced revenue. member. Cash and cheques
received are double checked by
the witness.
11.Theft of cash/ None – tills are not 3 Lost Staff are paid an additional 30
cheques from the reconciled until the cash/cheques. minutes at the end of the day
tills following day. and reconcile their own tills
before leaving work.
12.Theft of wages Documentary evidence 3 Lost cash / Set up a control in the Payroll
arising from the should be provided increased costs. system to prevent the set up of
payment to a before any new starter a new employee until
ghost employee can be set up on the documentary evidence has been
Payroll system, logged. Set up a process of
however, there is checking and authorisation so
evidence that this is not that a new starter can only be
always the case. paid once the new starter and
the supporting evidence have
been checked and authorised by
 the senior accounts clerk. This
should be done via a separate
log in to the Payroll system.
Carry out regular checks of the
Payroll records against the HR
system and vice versa.
The use of cash to Cash is kept in the safe. 5 Pay staff by BACS, reducing the
pay wages could use of cash.
lead to the theft
of cash.
The use of cash to None – wages are not 5 Either ensure a thorough check
pay wages could double checked or of wages calculated and cash
lead to the payroll countersigned. included or pay staff by BACS as
staff colluding above.
with weekly staff
and adding more
cash to the pay
packet than
earned and on the
wages slip.
Cheques are None. 5 Allow a second signatory for
signed and left when absent and reduce use of
blank for staff to cheques through BACS wages
use when the and payments.
owners are
absent. This
increases the risk
of fraudulent use.
There are no None 3 All new suppliers and customers
controls re new should be entered to a central
suppliers or accounting system and
customers and so authorised either by owner or
staff could senior accounts clerk.
defraud the
organisation by
setting up a bogus
supplier and
making payments
to it or setting up
a bogus customer
and purchasing
goods from it.

Examples of fraud

Examples of accounts receivable fraud

1. Stolen cash receipts – cash received is not recorded in the ledgers and is instead taken by employees.

2. Overcharging on sales – goods sold are overcharged, with employees keeping the additional amount received from
customers.

3. Inflating customer orders – with additional goods being retained by employees for own use or to sell on privately.

4. Writing off debts – writing off amounts owed and then possibly also keeping any payments made.

5. Raising credit notes to reduce amounts owed and then keeping part of any payment made.
6. Teeming and lading – allocating one customer’s payment to another in order to balance the books and detract from
a shortfall.

One of the controls in place to prevent such examples of fraud might be good company records of goods sold
with reconciliations to actual inventory in place.

Task 3

Considering each of the potential accounts receivable frauds identified above, suggest a suitable control that might
reduce the risk of fraud for a medium sized organisation. What other, more general, examples of controls can you
suggest to reduce the risk of accounts receivable fraud?

Stolen cash receipts — clear procedures, and segregation of duties, controls for accepting cash payments and
recording through the ledgers, also good controls for storage of cash and banking.

Overcharging on sales — sales systems such as bar coding that ensure prices are generated automatically.
Authorisation of amendments to prices on system.

Inflating customer orders — segregation of duties and supervisory controls regarding matching orders to goods
sent/handed to the customer.

Writing off debts — all debts require management authorisation to be written off.

Credit notes — all credit notes also require management authorisation before they can be processed on the system.

General controls include:

• Reconciliations of key customer accounts

• Spot checks of invoices to customer discounts
• Authorisation of all customer orders over a certain amount
• Not allowing customers to deal with only one member of staff.

Examples of accounts payable fraud

1. Ordering goods for own use – and then paying for them through the organisation’s accounts payable.

2. Fictitious suppliers – making payments to suppliers that do not exist and using personal bank accounts to receive
the money.

3. Paying for genuine goods but instead of paying suppliers, paying the money into personal bank accounts.

4. Teeming and lading – paying into private bank accounts payments owed to suppliers, and then using later payments
to pay to the original suppliers and so on, constantly using funds allocated to alternative suppliers to pay off the earlier
debts, with the hope that this will hide that an amount of money owed has not been paid.

One of the controls in place to prevent such examples of fraud would be segregation of duties with
organisations not allowing the same member of staff to place orders with suppliers, book in goods received and then
process payments to them.

Task 4

Considering each of the potential accounts payable frauds identified above, suggest a suitable control that might
reduce the risk of fraud for a medium sized organisation. What other, more general, examples of controls can you
suggest to reduce the risk of accounts payable fraud?

Ordering goods for own use — segregation of duties between ordering, booking goods into inventory and payments,
plus supervision of each activity including appropriate authorisations.

Fictitious suppliers — management authorisation of all new suppliers added to the system and reconciliation of
payments to invoices, also segregation of duties.
Paying amounts into own bank account — authorisation of all amendments to banking details on the system,
segregation of duties between amending details and processing payments.

Teeming and Lading — cash reconciliations, reconciling payments made to suppliers and invoices, segregation of
duties.

General controls include:

• Authorisation of all purchase orders

• Ordering from approved suppliers only
• Matching of goods received to purchase orders
• Matching of invoices to purchase orders and goods received
• Payments through BACS only and system generated to reflect invoices processed.

Examples of payroll fraud

1. Ghost employees – having more employees on the payroll than physically exist within the organisation.

2. Overstating overtime pay – paying for more hours than physically worked.

3. Increasing hourly rate/salary – paying a higher hourly rate or salary than contracted for.

4. False expense reimbursement claims – expenses are often paid through payroll and false claims may be processed
this way.

5. Keeping employees on the payroll once they have resigned – and amending the bank details so that the pay is paid
into own/third parties account.

6. Unofficially recruiting new staff – and adding their details to the payroll system.

One of the controls in place to prevent such a fraud would be the competence and integrity of the person
completing the payroll. This might be strengthened if that person has a payroll or accounting qualification, and is a
member of a professional body such as the AAT. There are other, more specific, controls that can be put in place to
lower the risk of payroll fraud.

Task 5

Considering each of the potential payroll frauds identified above, suggest a suitable control that might reduce the risk
of fraud for a medium sized organisation with 2 payroll staff. What other, more general, examples of controls can you
suggest to reduce the risk of payroll fraud?

Ghost employees — reconciling the number of staff on the payroll to physical staff in the organisation plus good
controls in connection with adding and removing staff from the payroll system.

Overstating overtime pay — clearly documented overtime rates for staff and management/supervisor authorisation
of overtime hours worked.

Increasing hourly rate/salary — clearly documented pay rates plus all amendments to the hourly rate on the system
should be countersigned by management. Perhaps also segregation of duties so only one of the payroll staff can amend
rates, and the other reviews and gets authorisation for this from management.

False expense claims — all receipts included and travel checked for mileage and to diary. All claims authorised by
management.

Keeping employees on the payroll — All resignations have to be officially documented and one member of the payroll
staff is responsible for removing them from the system, the other checks this and management countersign.

Unofficial recruitment of new staff — All recruitments have to be officially documented and one member of the
payroll staff is responsible for adding staff to the system, the other checks this and management countersign.
Examples of general controls include:

• Exceptions reporting — where the accounting system produces reports that highlight exceptions to the normal
payroll such as particularly high payments, hours worked etc. These are checked and countersigned by
management
• Management countersigning the payroll staff's own pay
• Spot checks on members of staff's pay to ensure it is accurate in relation to their pay scale and normal hours
worked
• No cash payments to staff
• Management checks on the payroll reports to look for duplicate bank details for example
• Rotation of payroll staff

The impact of fraud on the organisation

Financial — fraud involves the theft of funds or assets from an organisation. This in turn affects its profitability and
the owner's investment in the organisation. It can also impact a company's share price.

Reputation — exposure of fraud can affect an organisation's reputation with all internal and external stakeholders.
This in turn could lead to loss of business.

Employee morale — the trust of existing employees could be damaged. Future recruitment and retention of staff
might also be affected.

Chapter 7: Cost benefit analysis

The Cost Benefit Analysis (CBA) takes your recommendations and analyses them in terms of the costs and
benefits to the organisation of implementing them. Both costs and benefits can be categorised under the headings of
tangible and intangible.

Tangible — these are costs and benefits that are easy to value in terms of time and/or money. For example, if
recommending a new computer system then tangible costs would include:

• The cost of the system itself

• The loss of staff time while they are training
• The cost of future licences and improved speed of processing.

Task 1

A firm of accountants has decided to train all new staff in basic bookkeeping as part of their induction programme.
What tangible costs might there be to such a decision? What would your estimates of these costs be? Think of costs
not just in terms of money spent but also in relation to time and any other quantifiable measure.

Tangible costs associated with training might include:

➢ Cost of training course — say £500 per employee

➢ Cost of lost chargeable hours (as the staff will not be working on clients accounts) — 5 days x 7.5 hours per
day = 37.5 hours at a chargeable rate of, say, £25 per hour = £937.5
➢ Travel expenses to the training provider — say £15 per day x 5 days = £75.

Intangible — these are costs and benefits that cannot be quantified in financial terms. (Not to be confused with
intangible assets, which can be and are quantified.) For example a new computer system may: Improve the motivation
and morale of staff. Although happier, more motivated staff may be more efficient, resulting in an increase in
organisational productivity, this is more difficult to value in monetary terms.
Task 2

What would be the intangible costs of the training outlined in Task 1? Try to jot down as many as you can and then
review our suggested answers at the back of this workbook.

Intangible costs might include:

➢ Other staff discontent as new staff are provided with training they did not have
➢ Loss of efficiency as new staff's induction is extended and therefore they are not available to work on clients
➢ Client dissatisfaction due to delays in completion of work due to staff not being available.

Task 3

What tangible and intangible benefits might there be to such training as part of an induction programme for new staff?
Try to think about why an organisation would want to include this training as part of such an programme. When you
have listed both tangible and intangible benefits then review the suggested answers at the back of this workbook.

Tangible benefits might include:

➢ Staff are better trained, so chargeable fee could be increased — from £25 to £30 per hour
➢ Fewer errors in work completed leading to less supervisor time spent on new staff's work and a reduction in
having to amend work completed incorrectly — say 4 hours per week

Intangible benefits might include:

➢ Staff are better trained in basic knowledge so more motivated and efficient
➢ Staff morale improves/ will feel more dedicated to the company as they feel valued due to the investment in
training them
➢ Clients always see well trained and knowledgeable staff so organisation reputation is enhanced.

Opportunity cost — another important type of cost to include is the opportunity cost of the recommendation. An
opportunity cost can be defined as the value of an activity which has not taken place, because of a decision to do
something else.

For example, in the tasks above, the organisation has chosen to send all new staff on a bookkeeping course.
When completing the tasks you will (hopefully) have listed both tangible and intangible costs and benefits of this
decision. One of the costs we have included in our example answers is an opportunity cost. Can you see which one?

The answer is that the revenue lost, because the new staff are not working for clients and therefore are not
generating chargeable hours, is an opportunity cost of the decision. Where possible try to identify the opportunity
costs of your recommendations.

Cost Benefit Analysis of Cookridge and Cookridge Limited

Costs

The company should use centralised accounting software package which is specifically created for large
organisations. The basis for choosing the package should include ease-of-use, the Help facility and the user manuals.
Appropriate training for staff is required. There would be an opportunity costs of the staff attending the training in
that they would not be available to complete their work at the company. Cookridge would face some disruption
whilst the system is installed and set up. There will be a need to pay for additional staff time to enter data on
customers, suppliers and employees into the system so that it is fully operational.

A further cost the organisation should consider, but one harder to quantify, is that of staff discontent at a
change to the current system. Staff within the accounts team may be unhappy about needing to learn new working
practices, increased controls and how to operate a new system. Other employees may see the increased controls in
place as preventing them carrying out their work and unnecessary. There would be a cost associated with producing
procedure manuals to ensure staff know the expected working practices and procedures surrounding the system.
There should also be a rota produced for cover, when staff are absent.
Benefits

The first benefit to Cookridge would be the ability to produce reports from the centralised system that provide
complete information that shows the full financial position of the organisation. These reports can be reviewed on a
regular basis by both the Directors and the senior accounts clerk. The cash related reports should help ensure cash
flows are effectively managed. This will benefit the organisation by reducing overdraft fees.

Cash flow forecasts will enable the Directors and senior accounts clerk to estimate the cash inflows and
outflows to the organisation, manage cash balances more effectively and reduce the overdraft and related fees. It
will also assist with the planning of any significant cash expenditure. Overdraft fees and interest payment could be
reduced. The payroll will be accurately produced when required, with the benefit of the system being up to date on
payroll rules and regulations such as tax rates. This swill produce a benefit of more accuracy, fewer queries and
'increased efficiency of staff time. It is estimated that the system will speed up the completion of the payroll by
approximately 4 hours per month.

Another benefit would be improved supplier relations — reports on supplier payments due could be run and
suppliers paid on time. This could also benefit the credit terms and conditions that suppliers grant Cookridge, further
improving cash flow. A further benefit is the significant reduction in the risk of fraud and improvement of controls
within the system together with improved cost control. Central reports will assist both the owner and the senior
accounts clerk with analysing payments and wages and identifying where costs are higher than expected.

A benefit would also be improved morale of staff. The accounts team would benefit from training, including
formal accounts training as requested and this would improve their efficiency and effectiveness as well as morale.
Better motivated staff should result in lower staff turnover and also improved commitment to the organisation. The
morale of the non-accounting staff would be improved by the timely completion of accurate wages.

Task 5

An example of SWOT analysis for Cookridge and Cookridge Carpets Limited:

Strengths

• An open plan accounts office ensures that when staff are in and working with each other they can
communicate freely and cover each others work when absent.
• The cheque book is kept in a locked desk in the office — but see weaknesses.
• Current inventory system has good detail included.
• Credit reference agency used to decide whether to grant credit.
• Some credit control procedures are in place.
• Controls re: cash and cheques coming into the office – manual day book then accounts.
• Staff seem keen to improve systems – Accounts receivable clerk has implemented some initiatives.
• Cash movement is reduced by using cash to make up wages.

Weaknesses

• As most accounts staff are part time there are often occasions when no one is in the office. Because all staff
can access the office and the accounts system with common passwords there is a risk of lack of control. There
will also be issues concerning communication between staff as they are not all in the office at the same time.
• Poor access control to the accounts office. Keypad entry system is not used and door is propped open. Can be
accessed via the same stairs that are used by customers of the showroom. There is a risk as members of the
public could access the office.
• Stand alone computers with no central system or database means that the system does not produce central,
standard/meaningful reports for key stakeholders.
• Staff, as a whole, are not qualified in accounting which poses a risk of errors and relaxed controls and also a
lack of accountability.
• Cash is withdrawn to pay wages – any use of cash poses a risk of theft.
• Showroom and warehouse staff are paid in cash which poses a risk of theft.
 • Office staff are paid by cheque – the frequent use of cheques can lead to the risk of cheques being stolen and
fraudulently used.
• There appears to be a lack of planning in the work of the accounting team, highlighted by the fact that when
the payroll was first bought in house, a temping agency was contracted to run it for the first two months. This
could have led to errors and inconsistencies in the work, and therefore within the hand over of the system to
the payroll clerk once employed.
• Manual calculation of weekly payroll with no secondary check is a weakness as it can lead to errors or
fraudulent increases in staff pay.
• Debts are often not followed up further to the initial phone call.
• The cheque book is kept in an easily accessible drawer that is sometimes left unlocked.
• Staff are not trained in excel, increasing the risk of errors.
• No further check on new credit customers other than credit reference agency.
• It is possible to set up new credit customers in the system without having gone through the required credit
reference checks.
• Lack of controls over new starters in the payroll and HR system. New starters can be set up with very little
information and no documentary evidence or approval.
• Manual completion of invoices, on Word, has potential for errors.
• Cash is not counted when removed from the tills on weekdays.
• Poor controls surrounding petty cash, leading to frequent discrepancies of amount and IOUs (signed
documents acknowledging a debt).
• Inappropriate use of petty cash as a pay day loan.
• No contingency planning – staff able to take on each others roles when absent.
• No controls or authorisation over changes to contracted agreements with existing suppliers.
• Staff cannot use each others systems.
• No control on authorisation – signing of blank cheques to cover absence.
• No controls on payments to customers.
• Payments to suppliers are made without checking systems or informing other staff.
• Lack of controls on staff hours have led to incorrect rotas and staff pay.
• Two weeks pay packets completed in advance – this is a weakness as too much cash was in the office.
• Wages should be completed correctly each week, not in advance and adjusted later.

Opportunities

• There is an opportunity to use one central accounts system on networked computers which will ensure that
there is better cover for work when staff are absent and better reporting of key financial data to relevant
stakeholders.
• There is an opportunity to train staff in accounting and also in the systems they use, making them much
more aware of the controls and procedures they should be operating with and also more efficient.
• There is an opportunity to train staff in each others roles – perhaps with a back-up member of staff for each.
This could motivate staff and also ensure cover during absence.
• There is an opportunity to outsource the payroll and internal audit functions to the company accountants.

Threats

• Having the accounts prepared on Excel poses a risk that errors can be made to the spreadsheets that will not
be easily identified, and therefore the inventory and accounting information may be incorrect.
• There is a threat to the physical security of both the accounts office and the staff employed in that department
due to the lack of entry controls to the office.
• There is a threat to the office and its systems by the common use of one password across the organisation –
any staff who wanted to could access the office and the accounting systems and the data held within them.
• The lack of formal procedures and controls in respect of accounts payable and receivable has led to an
overdraft that the bank has asked to be repaid. This is a cash flow threat to the organisation.
 • There appears to be no back-up taken of the current systems which is a threat as if the systems in use failed,
key financial data would be lost.
• Regulatory environments – this is constantly changing, for example, potential changes to VAT rates. The
accounting system needs to recognise these changes and react accordingly.
• While a relationship with a debt collection agency is in place, this is rarely used due to the costs involved. This
may means that debts are never recovered.

Chapter 3: The accounts department

Task 1

Advantages of a centralised accounts department include:

• Greater senior management control of the department's activities

• Standard, consistent procedures
• Decisions can be made taking into account the 'big picture' or the organisation as a whole
• The organisation can employ, and benefit from the skills and experience of, more senior, qualified managers
and accountants
• In uncertain times the organisation will benefit from strong, central leadership
• Reporting may be quicker and benefit from standard report layouts and central information

The disadvantages of a centralised accounts department might include:

• Less decision making, and therefore empowerment of junior staff

• Accountants and managers at a central location may lose touch with the operational side of the organisation,
weakening decision making abilities
• Senior management can be tied up making decisions that should be made lower down the organisation
• Communication and interaction between the accounts department and other functions of the organisation
my be impaired
• Other parts of the organisation might resent controls being imposed by a central accounting department due
to a lack of knowledge and appreciation of the department's requirements.

Chapter 4: Accounting systems

Task 1

Advantages of a centralised system might include:

• All data is stored in one central place so greater control

• Improved security
• Staff can all use the same system leading to efficiencies in training etc.
• Centralised reporting
• Consistent reporting
• Quicker access to information

Advantages of a decentralised system might include:

• Each individual system can be more relevant to that area of the organisations needs
• Lower risk of errors/breakdowns affecting the whole organisation
• Lower level staff might have more control and autonomy over their system thus improving morale
• Quicker access to information from each, individual system.

Task 2
The advantages of having a user manual for all of the activities that take place within an accounts department include:

▪ Quick and efficient training of new staff

▪ Better visibility of the controls in place
▪ Consistent approach to completing activities
▪ Easier to rotate staff between roles and responsibilities
▪ Easier to evaluate staff
▪ Improved supervisory and management control
▪ More effective time management

Disadvantages of such an approach might be:

▪ Increased risk of 'outsiders' being able to operate the system

▪ Procedures may stifle innovation and improvements to processes
▪ User manuals take time to complete
▪ The manuals may become out of date quickly
▪ The manuals need to be tested to ensure they accurately reflect the systems in place
▪ Staff often do not conform to manuals, negating the benefits of having them.

Task 3

Passwords must not be written down, shared, or generic. Passwords must be changed regularly. When staff
leave, access must be cancelled on the day they leave the department. Access can only be set up for new staff with
management authorisation. Staff access to different parts of the system must be regularly reviewed

It is important that rules and controls are in place to protect the integrity of the system and the organisation. If
one password is used by all staff (generic) then there is little point in using them as the whole system is open to all.
This lack of control then increases the risk of errors, from staff using parts of the system they are not trained to, and
fraud.

It is also important that new access to the system is controlled so that staff are not granted access to parts of the
system they do not require and that as staff leave, their access is cancelled promptly so that they can not continue to
use the system, and other staff can not use their passwords. Often organisations make sharing of passwords a
disciplinary offence to ensure that controls are maintained.

Task 4

Recommendations to improve the accounts payable and payroll systems might include:

Accounts payables system

▪ New suppliers should only be set up on the system after documented approval from the business owner.
▪ An integrated accounts system should be implemented, that shows inventory levels and invoices due for
payment. Inventory delivered and invoices received should be entered to this system.
▪ Purchase orders should be raised for all inventory purchases, and should be appropriately authorised.
▪ Inventory deliveries should be matched to purchase orders on receipt.
▪ Inventory deliveries should be checked for accuracy and quality on receipt.
▪ Invoices should be matched to purchase orders and goods received before payment.
▪ Invoices should be appropriately authorised for payment.
▪ Payments to suppliers should follow standard payment terms.

Payroll system

▪ All managers and supervisors should complete weekly sheets on actual hours worked by staff.
▪ Staff should sign in and out of work, with the relevant time noted.
▪ All overtime hours should be appropriately authorised by management.
▪ The Sage payroll system should be used to calculate wages due based on hours worked and authorised.
 ▪ BACS payments should be implemented for all staff.
▪ If cash and cheque payments are to continue, these should be collected only by the relevant members of staff
and signed for on collection.
▪ Procedures should be in place to cover payroll staff member’s absence.

Task 6

Sustainability review of the accounting system of Cookridge and Cookridge Carpets Limited:

Sustainability issue – Corporate social responsibility / environmental

Observation – The mission statement states that 'we are trying to be a greener company and we recycle wherever
possible; we promise to remove all of the packaging from customers' premises, and dispose this in an environmentally
friendly way.

Recommendations – This mission should be supported by a series of objectives, policies and procedures to ensure this
happens in practice.

Sustainability issue – Environmental

Observation – used ink cartridges are placed in the bin when they are removed from the printer.

Recommendations – These items may need to be disposed of in a specific way due to the chemicals involved. Many
types of ink cartridge can be recycled. This should be done if possible.

Task 8

An example ethical review for Cookridge and Cookridge Carpets Limited:

1. Current practice – Disclosure of personal details (address and telephone number) of a member of staff to an
individual on the phone.

Principle breached (Confidentiality) – There is a requirement to, in accordance with the law, respect the confidentiality
of information acquired as a result of professional and business relationships and not disclose such information to
third parties without proper and specific authority unless there is a legal or professional right or duty to disclose.

Recommended practice – Personal details of staff should be stored in accordance with the Data Protection Act and
not disclosed without the permission of the employee in question, or unless there is a legal or professional right or
duty to disclose.

2. Current practice – Christmas party bill was split in order to get around HMRC tax deductible expense limits.

Principle breached (Professional behaviour) – By asking Margaret to breach HMRC rules in relation to the bill for the
Christmas party, John has failed to comply with relevant laws and regulations. By failing to confront John rather than
carrying out his request, Margaret has assisted John in breaching this principle.

Recommended practice – The full £160 does not qualify as a tax deductible expense and as such should not be treated
as one. HMRC rules should be fully complied with at all times.

3. Current practice – John asked Paula to produce a set of accounts that show the company in the ‘best possible light’
in order to secure a bank loan.

Principle breached (Integrity) – Producing accounts designed to mislead the bank as to the position of the company
represents a lack of honesty. To comply with the fundamental principle of integrity, a member must be straightforward
and honest in all professional and business relationships.

Recommended practice – Accounts should be prepared that show the company in a true and fair light.

4. Current practice – Peter placed an exceptionally large order with a supplier on the basis that the supplier had
promised to sponsor his next motorcycle show if the order was increased. Peter has a favourite group of suppliers he
likes to use, mainly because they are sometimes willing to sponsor his motorbike and racing efforts.
Principle breached (Objectivity) – A member shall not allow bias, conflict of interest or undue influence of others to
override professional or business relationships. Peter is allowing conflict of interest to affect his professional
relationship and judgement. He should be selecting suppliers based on the value for money they offer, not those that
offer personal favours in exchange for the business.

Recommended practice – A formal approved supplier list should be established. Where an approved supplier is not in
place, a minimum of three quotes should be obtained and the supplier that offers the best value for money should be
chosen.

Sample case study at Page 142

The Data Protection Act 1998 — This regulates how the organisation processes and stores sensitive information on
customers, suppliers and employees.