University of Phoenix
ACC 542: Accounting Information Systems
Instructor Thomas Cappels
January 13, 2014
Risks & Internal Controls: Kudler Fine Foods
SEI Accounting has created this brief to address the risks and internal control concerns of Kudler Fine Foods (KFF) following the company’s review of updated automated systems previously recommended by this firm. When implementing internal control systems within an organization, four main objectives can be identified as the desired outcome: safeguard assets, check the accuracy and reliability of the company’s accounting data, promote operational efficiency, and finally to encourage adherence to prescribed managerial policies (Bagranoff, 2008). Management at KFF has reviewed the flowcharts presented by this firm for the following systems: payroll, accounts payable, accounts receivable, and inventory. This brief will identify the risks of updating these systems, clarify internal controls that can mitigate those risks and how to apply them, as well as describe other quality controls that can be further implemented to safeguard both company assets and data.
Risks can originate from both external and internal sources. Risk assessment is used to identify areas requiring control procedures in order to keep company assets secure. Such organizational assets can include cash, inventory items, and vital information. “The greatest internal threat to an e-commerce website is poor management” (Doe, 2012). While KFF does not utilize e-commerce at this time, the organization plans to implement an e-commerce site in the near future. Poor management of this system could put the company at higher risk. Employee fraud is a major concern for the organization. It is possible to enter fraudulent transactions in order to divert assets to themselves or others. Employees would have the ability to gather personal information, such as credit card numbers, and could potentially use them for personal gain. This business process can be at risk if ever there was a flaw in the way in which data is entered, processed by the system, or communicated to various users. If KFF management based decisions on data outputs that are not completely accurate due to poor data inputs or errors in the processing the data, the company could be headed for organizational disaster.
An outside threat of major concern, one that mirrors an interior threat, is fraud. A fully automated system runs the risk of being hacked by individuals searching for credit card numbers and/or other information. Viruses and other malicious spyware, such as the Trojan horse, are also a constant threat to any system that can be accessed via the internet. These problems can also be created by internal users attempting to upload items or to insert an infected flash drive into a company computer terminal.
Internal Controls to Mitigate Risks and Their Applications
Internal controls can be identified as policies and/or procedures that companies use to help protect company assets. The data processing system this firm has recommended for KFF includes payroll, inventory, accounts payable, and accounts receivable. Six control protocols need to be implemented into the internal control system: (1) a good audit trail, (2) sound personnel policies and practices, (3) separation of duties, (4) physical protection of assets, (5) internal reviews of controls, and (6) timely performance reports. (Bagranoff, 2008)
A good audit trail occurs when managers follow the initial source document completely through to final reporting and then backwards again. This is done do insure accuracy of transactions and verification of all funds/sources. In addition, a ‘policies and procedures manual’ is required along with ‘Code of Conduct’ rules. Employees must understand the hierarchy within the organization as well as the correct procedures for how things must be done for accuracy and accountability. All