Assessing Control Risk
Internal control evaluation and control risk assessment are the most difficult auditing topics for me to teach. Few of my students have any significant work experience and my school does not require Accounting Information Systems as a prerequisite for Auditing. Consequently, my students know little about business processes, transaction flows, or internal controls.
The best I can do is ask them to analyze a simple process they can all imagine in their heads – a fast food restaurant. What prevents a cashier from taking money from the drawer? What prevents a cashier from undercharging a friend? What prevents the store manager, who is evaluated based on revenue goals, from recording fictitious sales?
Some of the best teaching materials for internal controls are listed in the Financial Statement Fraud and Misappropriations of Assets sections of this website. There are several teaching cases that provide completed internal control questionnaires and ask students to assess the risk of fraud, or describe a theft and ask students to identify the internal control weaknesses that permitted the theft to occur.
Articles:
“A Fresh Look at Walkthroughs,” Richard Turpen, Internal Auditor (December 2004): 25-27. Describes how to perform a walkthrough to gain an understanding of transaction flow and identify points where financial statement misstatements may occur.
“Evaluate the Control Environment,” Michael Ramos, Journal of Accountancy (May 2004): 75-78. This article presents an internal control reliability model that can be used to evaluate a client’s control environment.
“Understanding Internal Controls,” Larry Hubbard, Internal Auditor (October 2003): 23-24. A very concise summary of the five components of COSO’s internal control framework.
Classroom Exercises:
“Using a Simple Game to Introduce Accounting Students to Certain Internal Control Concepts,” James Groff, Journal of Accounting Education (1989): 263-269. This four-person game demonstrates the importance of documentation and segregation of duties.
Cases:
“Sunshine Center: An Instructional Case Evaluating Internal Controls in a Small Organization,” Sandra Fleak, Keith Harrison & Laurie Turner, Issues in Accounting Education (November 2010): 709-720. Students apply the COSO framework to identify weaknesses in a child care center’s internal controls.
Internal Controls: A Compendium of Short Cases,” Constance Lehman, Issues in Accounting Education (November 2010): 741-754. This article presents six short, open-ended internal control cases addressing (1) hiring practices, (2) weaknesses in credit authorization procedures, (3) benefits and risks of new technology, (4) benefits and risks of remote access, (5) disaster recovery, and (6) procedures for employee reimbursements.
“Blazer Communications: A Procurement Audit Simulation,” James Worrell, Issues in Accounting Education (August 2010): 527-546. Students use generalized audit software to test internal controls over a client’s procurement function. One unique feature of the case is that audio recordings of simulated interviews of client personnel are provided in MP3 format.
“Fraud at a Public Authority,” William Brucker & James Rebele, Journal of Accounting Education (2010): 26-37. Students must identify the internal control weaknesses that allowed cash to be stolen from a municipal arena.
“The Violet Bay School District Deficit of 2005: Evaluating Internal Control and Identifying Risks,” Laurie Henry, Michael Bitter & Terry Kubichan, Issues in Accounting Education (February 2010): 119-153. Students must evaluate the internal controls of a school system using the five components of the COSO framework.
“Internal Control Evaluation of a Restaurant: A Teaching Case,” Jack Kiger & Anna Rose, Issues in Accounting Education (May 2004): 229-237. After interviewing a restaurant manager, students document and evaluate the restaurant’s internal controls over sales and cash receipts.
“Designing Audit Procedures When Evidence Is Electronic: The Case of e-Ticket Travel Revenue,” A. Faye Borthick & Jack Kiger, Issues in Accounting Education (August 2003): 275-290. Students must identify key internal controls in a paperless environment and design tests of controls.
“Developing Risk Skills: An Investigation of Business Risks and Controls at Prudential Insurance Company of America,” Paul Walker, William Shenkir and C. Stephen Hunn, Issues in Accounting Education (May 2001): 291-313. Describes internal control weaknesses at Prudential. Students must apply COSO framework and Elliott Committee risk assessment.
“Information Systems Controls and Auditing: Mathra Tool, Inc.” Ingrid Splettstoesser, Issues in Accounting Education (May 1999): 285-291. Students must evaluate the internal controls of a small manufacturing company.
Internal control evaluation and control risk assessment are the most difficult auditing topics for me to teach. Few of my students have any significant work experience and my school does not require Accounting Information Systems as a prerequisite for Auditing. Consequently, my students know little about business processes, transaction flows, or internal controls.
The best I can do is ask them to analyze a simple process they can all imagine in their heads – a fast food restaurant. What prevents a cashier from taking money from the drawer? What prevents a cashier from undercharging a friend? What prevents the store manager, who is evaluated based on revenue goals, from recording fictitious sales?
Some of the best teaching materials for internal controls are listed in the Financial Statement Fraud and Misappropriations of Assets sections of this website. There are several teaching cases that provide completed internal control questionnaires and ask students to assess the risk of fraud, or describe a theft and ask students to identify the internal control weaknesses that permitted the theft to occur.
Articles:
“A Fresh Look at Walkthroughs,” Richard Turpen, Internal Auditor (December 2004): 25-27. Describes how to perform a walkthrough to gain an understanding of transaction flow and identify points where financial statement misstatements may occur.
“Evaluate the Control Environment,” Michael Ramos, Journal of Accountancy (May 2004): 75-78. This article presents an internal control reliability model that can be used to evaluate a client’s control environment.
“Understanding Internal Controls,” Larry Hubbard, Internal Auditor (October 2003): 23-24. A very concise summary of the five components of COSO’s internal control framework.
Classroom Exercises:
“Using a Simple Game to Introduce Accounting Students to Certain Internal Control Concepts,” James Groff, Journal of Accounting Education (1989): 263-269. This four-person game demonstrates the importance of documentation and segregation of duties.
Cases:
“Sunshine Center: An Instructional Case Evaluating Internal Controls in a Small Organization,” Sandra Fleak, Keith Harrison & Laurie Turner, Issues in Accounting Education (November 2010): 709-720. Students apply the COSO framework to identify weaknesses in a child care center’s internal controls.
Internal Controls: A Compendium of Short Cases,” Constance Lehman, Issues in Accounting Education (November 2010): 741-754. This article presents six short, open-ended internal control cases addressing (1) hiring practices, (2) weaknesses in credit authorization procedures, (3) benefits and risks of new technology, (4) benefits and risks of remote access, (5) disaster recovery, and (6) procedures for employee reimbursements.
“Blazer Communications: A Procurement Audit Simulation,” James Worrell, Issues in Accounting Education (August 2010): 527-546. Students use generalized audit software to test internal controls over a client’s procurement function. One unique feature of the case is that audio recordings of simulated interviews of client personnel are provided in MP3 format.
“Fraud at a Public Authority,” William Brucker & James Rebele, Journal of Accounting Education (2010): 26-37. Students must identify the internal control weaknesses that allowed cash to be stolen from a municipal arena.
“The Violet Bay School District Deficit of 2005: Evaluating Internal Control and Identifying Risks,” Laurie Henry, Michael Bitter & Terry Kubichan, Issues in Accounting Education (February 2010): 119-153. Students must evaluate the internal controls of a school system using the five components of the COSO framework.
“Internal Control Evaluation of a Restaurant: A Teaching Case,” Jack Kiger & Anna Rose, Issues in Accounting Education (May 2004): 229-237. After interviewing a restaurant manager, students document and evaluate the restaurant’s internal controls over sales and cash receipts.
“Designing Audit Procedures When Evidence Is Electronic: The Case of e-Ticket Travel Revenue,” A. Faye Borthick & Jack Kiger, Issues in Accounting Education (August 2003): 275-290. Students must identify key internal controls in a paperless environment and design tests of controls.
“Developing Risk Skills: An Investigation of Business Risks and Controls at Prudential Insurance Company of America,” Paul Walker, William Shenkir and C. Stephen Hunn, Issues in Accounting Education (May 2001): 291-313. Describes internal control weaknesses at Prudential. Students must apply COSO framework and Elliott Committee risk assessment.
“Information Systems Controls and Auditing: Mathra Tool, Inc.” Ingrid Splettstoesser, Issues in Accounting Education (May 1999): 285-291. Students must evaluate the internal controls of a small manufacturing company.
RSS Feed