Assume you are the management accountant for the Foleo Group and Tracey Chen has asked you to assist her in assessing the organisations internal control environment before her meeting with Peter Singh next week. Specifically, she asks you to look at the Finance Department that you manage. Tracey provides you with her detailed observations of the Departments current control environment below, and asks for your input.

Finance Department:

This Department presents the highest control risk for the Foleo Group, by far. The staff within the Finance Department collect data generated by the various departments and business units within the organisation, analyse it and then generate reports that are disseminated across the organisation. Most, if not all of this data is transmitted electronically and it currently appears that all operational staff within this Department have access to the complete suite of information passing through their accounting system. The only exception to this, are the existing, but inadequate access controls over the payroll data, however it seems that these can be easily overridden, as demonstrated to me by one of the Finance staff members upon request. This unrestricted access to sensitive data has led to some serious motivational issues and at this point, it is unclear whether disgruntled employees have been able to take advantage of the Finance Departments poor control over Foleos data.

Another area of concern identified by the management accountant is the poorly restricted access to the reports generated by the Department. These reports are distributed via email (and occasionally in printed form for specific meetings) to authorised recipients, however, there is a common practice across the organisation, it seems, of sharing passwords to access other individuals email accounts and information. Whilst I am informed that this practice is in the interests of timely resolution to problems, rather than fraud, my concern is that it invites dysfunctional behaviour and represents a significant risk to Foleos information and assets.

The operational staff of this department who process all transactional data are subject to a number of controls that I implemented on my arrival at the organisation some 20 years ago, in order to minimise the risk of errors and omissions in the reports they generate. As they enter data, the accounting system has a number of inbuilt safeguards to ensure that the right type of information is being entered in the right place, in addition to requests for confirmation for entered information that is abnormally high or low for specific data types. Unfortunately, these controls along with the procedures I put in place to ensure the authenticity of transactions are routinely overridden by both operational and management staff, which is somewhat concerning, considering that James and Leon appear to be the worst offenders. As the management accountant discovered decades ago, James and Leon regularly authorise the payment of private expenses through the company bank account and access funds as and when they need cash without following the proper procedures. This has resulted in their salaries being seriously understated and the existence of improper expenses in the company financial statements. I believe this sends a poor message to the employees.

As already identified in my last report, this Department struggles to deliver the required reports at year-end and other peak times, despite utilising a range of techniques to minimise the processing time of the data. These techniques have led to errors and shortcuts that have compromised the integrity of the resulting reports, upon which Managers have based important decisions.

The access to the bank account would appear to be less of a concern. The management accountant has charged the senior accountant Phil Brown, a loyal Foleo employee of some 10 years, with the responsibility of preparing, authorising and effecting all cash payments (despite the existence of sufficient support staff to undertake these processes). This responsibility extends to supplier, payroll, petty cash and all other miscellaneous payments. Phil has walked me through the system he has in place that matches documentation from all components of the purchasing process, which is the prerequisite for any payment being authorised. He has kept meticulous files and was able to produce the purchase order, proof of delivery and supplier invoice for any payment I selected for audit. I did notice a couple of insignificant anomalies in the records, such as a suppliers name also appearing in the customer list of names, as well as Phils signature appearing on a number of receiving reports for purchased goods (a role that would normally be undertaken by the warehouse staff that received the shipment). These anomalies seemed odd to me at the time, but were quickly explained by Phil Brown. This may require further investigation.

QUESTION: Based on the weeks readings and lecture materials, explain Simons concept of the levers of control for implementing strategy.