Question

Codger Corp. — Internal Controls Codger Corp. (CC or the “Company”) is a U.S. public company...

Codger Corp. — Internal Controls

Codger Corp. (CC or the “Company”) is a U.S. public company that files quarterly andannual reports with the Securities and Exchange Commission (SEC). CC is a leading retail chain operating more than 100 department stores across the continental United States. CC department stores offer customers a variety of nationally advertised products, including clothing, shoes, jewelry, and other accessories. The Company’s supply chain ofproducts is managed through a single warehouse and distribution facility located in Kansas City, Missouri.

CC has a centralized accounting and finance structure at its corporate headquarters, whereall processes and controls related to all substantive account balances occur, includingcontrols related to accounts payable and the Vendor Master File. CC recognizes revenues from retail sales at the point of sale to its customers. Discounts provided to customers bythe Company at the point of sale, including discounts provided in connection with loyaltycards, are recognized as a reduction in sales as the products are sold. Cost of goods sold for the Company primarily consist of inbound freight and costs relating to purchasing and receiving, inspection, depreciation, warehousing, internal transfer, and other costs ofdistribution.

Case Facts

Audit Issue

On June 1, 20X2, the Accounts Payable (AP) Manager received an e-mail inquiry about the process required for a vendor to change its bank account information. The e-mail was sent from John Smith at a domain address listed as “Time-Peace.” Time Peace is a manufacturer that supplies CC-branded watches to CC’s west region department stores.In addition, John Smith is the primary contact at Time Peace with whom the Companytypically interacts.

The AP Manager responded to the e-mail request on June 15, 20X2, with the procedures required of the vendor, which include completing a vendor bank account request form. On June 20, 20X2, the AP Manager received a reply e-mail from John Smith at “Time-Peace” with a completed vendor bank account request form, which included John Smith’s signature, new bank account information, and other related information.

Upon receiving the vendor bank account request form, the AP Manager completed a separately required Vendor Change Form for internal processing. The Vendor Change Form is completed for new vendors or changes to existing vendors’ information,

including bank account information. The AP Manager sent the completed Vendor Change

Form to CC’s Assistant Controller, who reviewed and approved the request on June 24,

20X2. The bank account information was updated within the Vendor Master File on June

26, 20X2.

Throughout the month of July, valid Time Peace invoices were processed through the

Company’s accounts payable process, and the valid invoices were paid in accordance

5

with the Company’s processes for cash disbursements and wire transfers. However, because the bank account information for Time Peace was changed (as a result of the June 1, 20X2, e-mail request) approximately $2 million in payments was wired to an incorrect bank account. On August 2, 20X2, the Company received an inquiry from Time Peace about the expected timing of the $2 million in outstanding invoices. As a result of the direct interaction with Time Peace’s employee John Smith, the Company determined that the previous vendor bank account change form was received from a fraudulent domain name with the intent to defraud the Company. The e-mail domain for Time Peace is “Time Peace,” with no hyphen, rather than “Time-Peace,” with a hyphen.Both e-mails received from “Time-Peace” were determined to be from a fraudulent source (that also fraudulently used John Smith’s name in the e-mail).

As noted above, there are two employees within the Company that were involved in processing and approving the Vendor Change Form. The Company’s policy on bank account change requests was communicated by CC’s Assistant Controller in an August

20X1 e-mail that indicated that for each Vendor Change Form requesting a vendor bank account change, the accounts payable department was required to (1) obtain a previously processed and paid invoice from the vendor requesting the bank account change, (2) call the vendor using the contact information obtained from the prior invoice, (3) verify the authenticity of the requested bank account change request by directly contacting the vendor, and (4) include all relevant information obtained in steps (1) through (3) as an attachment to the Vendor Change Form. The Company’s control description relating to the review of a Vendor Change Form by the Assistant Controller is not explicit regarding the specific attributes of the review. However, because the policy was distributed by the Assistant Controller and the Assistant Controller is also the control owner (e.g., performs the review), there is a presumption that the Assistant Controller would understand that as part of her review, she should evaluate whether the AP Manager obtained sufficient information to confirm the authenticity of the bank account change request.

Other Relevant Facts

•?Materiality — $8 million.

•?The Company processed approximately 105 vendor requested bank accountchanges during FYX2 before the realization that the request from “Time-Peace” was fraudulent (from September 25, 20X1, to August 2, 20X2). After the identification of the misappropriation of assets, the Company’s internal audit department obtained and reviewed all 105 Vendor Change Forms reviewed by the Assistant Controller, noting that only five Vendor Change Forms contained the information required by the

policy. In addition, internal audit determined that the primary review procedure performed by the Assistant Controller related to the verification that the bank account number was appropriately included on the Vendor Change Form. This procedure was performed in all cases before the bank account information was input into the accounts payable system.

•?The total wire transfer payments made to the 105 vendors that requested bank account changes in FYX2 totaled approximately $56.2 million (based on an analysis prepared by Internal Audit of the invoices processed and paid by the Company afterthe processing of a Vendor Change Form for the 105 vendors).

•?There are more than 30 vendors with annual purchase activity of over $20 million (12 of which have purchase activity of over $40 million); thus, the amount ofpayments made to any single vendor in a payables cycle could approximate $2 million, assuming a cycle of 30 days.

•?The Company’s Chief Security Officer completed an internal investigation and concluded that there was no indication that the AP Manager and Assistant Controller were involved in the scheme that resulted in the $2 million misappropriation.

•?After the determination on August 2, 20X2, that the Vendor Change Form was from a fraudulent source, the Company ceased processing additional Vendor ChangeForms until it could understand the root cause of the deficiency. On September 10, 20X2, the Assistant Controller sent a reminder regarding the importance of following the vendor bank account request change policy. The e-mail also highlighted an enhancement to the process, which primarily included an enhancement to the VendorChange Form. The form was revised to include the following three new, explicit sections that are required to be completed: (1) contact phone number pulled from previously processed and paid vendor invoice, (2) name of individual at the vendor(from a previous invoice) that was contacted, and (3) date discussed/contacted. Thepolicy e-mail reiterated the requirement to include a copy of the previously processed vendor

invoice with the Vendor Change Form.

•?Internal Audit performed a thorough evaluation of the competency of theAssistant Controller and concluded that notwithstanding the Assistant Controller’s lack of historical performance, the Assistant Controller was suitably competent to perform the control.

Engagement Team Note

In planning the 20X2 audit, the engagement team obtained an understanding of the internal controls related to cash disbursements. This understanding was developed through the engagement team’s walkthrough of the cash disbursements process. As part of its walkthrough procedures, the engagement team made inquiries of appropriate personnel, inspected relevant documentation, and in certain cases, observed the control performers carrying out required control procedures. As a result, the engagement team concluded that there were no significant changes to the cash disbursements process in the current year.

The engagement team identified four risks of material misstatement relating to the cash disbursements process. For each risk identified, the team documented the control activity that addresses the risk of material misstatement in the excerpted worksheet (see

Handout 1). As a result of the Audit Issue described above, the engagement team identified a control deficiency in the following control:

CD5C The accounts payable department is required to complete the following for each Vendor Change Form requesting a bank account change:

1. Obtain a previously processed and paid invoice from the vendor requesting the bank account change.

2.   Call the vendor using the contact information from the obtained invoice.

3. Verify the authenticity of the requested bank account change request.

4. Attach all relevant information obtained in steps (1) through (3) to the Vendor

Change Form for review and approval.

The Company’s control description regarding the Assistant Controller’s review of the Vendor Change Form is not prescriptive regarding the specific attributes of the review. However, there is a presumption that the Assistant Controller would understand the primary objective of the control, which is to evaluate whether sufficient information was obtained by the AP Manager to confirm that the bank account change request was authentic.

Internal Controls -> Control DeficiencyEvaluation

Identified Risks of Material Misstatement

Cash Disbursement 1

Incorrect vendor set up in the system submits invoice without providing goods for services.

Cash Disbursement 2

Invoice is received for goods or services never received; therefore, a liability and expense are recorded when ABC has noobligation.

Cash Disbursement 3

Payments are not appropriately authorized and accurate.

Controls in Cash Disbursement Process

CD1C

Bank statements are reconciled to the general ledger regularly and differences are investigated and resolved on a timely basis.

CD2C

Cash disbursements are generated through the ERP system. The ERP system automatically records the journal entry for cashdisbursements to the accounts payable and cash sub-ledgers.

CD3C

All manually generated checks, including supporting documentation and the related journal entry, are reviewed and approved bymanagement before the journal entry is recorded.

CD4C

Finance personnel record bank account activity to the general ledger on a daily basis; management reviews recorded entries andcash position regularly for unusual activity and investigates and resolves issues on a timely basis.

CD5C

Each Vendor Change Form requesting a bank account change, the accounts payable department is required to complete thefollowing for each

Vendor Change Form requesting a bank account change:

1. Obtain a previously processed and paid invoice from the vendor requesting the bank account change

2. Call the vendor using the contact information from the obtained invoice

3. Verify the authenticity of the requested bank account change request

Attach all relevant information obtained in steps (1) – (3) to the Vendor Change Form for review and approval.

FR1C

At month-end, corporate accounting performs variance analysis for all financial statement line items as compared to prior monthand prior year to identify variances in excess of $5 million or 10 percent period to period. All variances in excess of this thresholdare to be explained.

Question: Is the Assistant Controller’s failure to properly review the Vendor Change Form a deficiency in the design or operating effectiveness of the control (or neither)?Explain/defend your answer

Homework Answers

Answer #1

In the given case, the failure of Assistant Controller to properly review the documents is a combination of design operating effectiveness.

The entity assumes that the Controller would know the basic checks to be performed and therefore, did not outline the detailed steps required. This constitutes a design failure as the steps required to be performed by a control point are not prescribed.

On the operating effectiveness front, the Controller actually did not perform the check diligently. He should have been more conscious on checking the validity of signatures, maybe checking with the converned department within the organisation on the effectiveness, etc. The controller did not exercise due diligence, resulting in operating ineffectiveness of the control. In a way, the design deficiency means that the operating effectiveness is also compromised.

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
Johnson Company— Internal Controls Johnson Company Inc. (Johnson Company or the “Company”) is a U.S. public...
Johnson Company— Internal Controls Johnson Company Inc. (Johnson Company or the “Company”) is a U.S. public company that files quarterly and annual reports with the Securities and Exchange Commission (SEC). JOHNSON COMPANY is a leading retail chain operating more than 500 department stores across the continental United States. JOHNSON COMPANY department stores offer customers a variety of nationally advertised products, including cookware, shoes, jewelry, perfume, and other accessories. The Company’s supply chain of products is managed through a single warehouse...
Background ABC Retailers Inc. (ABC or the “Company”) is a U.S. public company that files quarterly...
Background ABC Retailers Inc. (ABC or the “Company”) is a U.S. public company that files quarterly and annual reports with the Securities and Exchange Commission (SEC). ABC is a leading retail chain operating more than 100 department stores across the continental United States. ABC department stores offer customers a variety of nationally advertised products, including clothing, shoes, jewelry, and other accessories. The Company’s supply chain of products is managed through a single warehouse and distribution facility located in Kansas City,...
Consider each of the following situations: One of the mitigating controls that you wish to rely...
Consider each of the following situations: One of the mitigating controls that you wish to rely on is that any increases in credit limits are authorised by the financial controller. The audit assistant checks the company’s policy manual and notes that this control procedure is required. He concludes that the control is operating effectively and can be relied on. A test of controls of 48 sales transactions was undertaken which resulted in four errors. The working papers noted that none...
Problem 1 You are an internal audit manager in a central government department that pays subsidies...
Problem 1 You are an internal audit manager in a central government department that pays subsidies to agricultural businesses involved in the production of basic foodstuffs. You will soon be undertaking an internal audit of the claims processing unit in your department. In preparation for the assignment you are reviewing the audit file on the previous audit carried out three years earlier. You find the following extract from one of the previous internal audit’s planning schedules: • “The unit receives...
You are the internal audit senior responsible for conducting an assurance engagement of the XYZ Company payroll process.
You are the internal audit senior responsible for conducting an assurance engagement of the XYZ Company payroll process. This process has not been audited for three years and, as such, is due in the normal audit cycle. There have been no significant changes since the previous audit, that is, there were no system changes, no reorganization of personnel, and no substantive procedural changes. However, during the last assurance engagement, the internal audit function identified several observations, some of which were...
As part of the fieldwork of an audit engagement, the senior on the audit obtained and...
As part of the fieldwork of an audit engagement, the senior on the audit obtained and documented an understanding of the company's internal control relating to accounts receivable and assessed control risk related to accounts receivable at the maximum level. Alejandro, the staff person assigned to the engagement, requested and obtained from the company an aged accounts receivable schedule listing the total amount owed by each customer as of December 31, 2017, and sent positive confirmation requests to a sample...
As part of the fieldwork of an audit engagement, the senior on the audit obtained and...
As part of the fieldwork of an audit engagement, the senior on the audit obtained and documented an understanding of the company's internal control relating to accounts receivable and assessed control risk related to accounts receivable at the maximum level. Alejandro, the staff person assigned to the engagement, requested and obtained from the company an aged accounts receivable schedule listing the total amount owed by each customer as of December 31, 2017, and sent positive confirmation requests to a sample...
Background You are a manager in the audit division at Miller Yates Howarth (MYH), an accounting...
Background You are a manager in the audit division at Miller Yates Howarth (MYH), an accounting firm with offices throughout the major regional centres of NSW and Queensland. Although a medium sized firm by national standards, MYH is the second largest regional accounting firm in Australia. Most of MYH’s audit clients are in the agriculture, mining, manufacturing and property industries. All of those industries are currently under pressure, either from a downturn in commodity prices or fierce competition from overseas...
You are a manager in the audit division at Miller Yates Howarth (MYH), an accounting firm...
You are a manager in the audit division at Miller Yates Howarth (MYH), an accounting firm with offices throughout the major regional centres of NSW and Queensland. Although a medium sized firm by national standards, MYH is the second largest regional accounting firm in Australia. Most of MYH’s audit clients are in the agriculture, mining, manufacturing and property industries. All of those industries are currently under pressure, either from a downturn in commodity prices or fierce competition from overseas competitors....
The following is the description of sales and cash receipts for the Lady’s Fashion Fair, a...
The following is the description of sales and cash receipts for the Lady’s Fashion Fair, a retail store dealing in expensive women’s clothing. Sales are for cash or credit, using the store’s own billing rather than credit cards. Each salesclerk has her own sales book with prenumbered, three-copy, multicolored sales slips attached, but perforated. Only a central cash register is used. It is operated by the store supervisor, who has been employed for 10 years by Alice Olson, the store...
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT