DEF Company is a large automotive dealer company operating in the field of automobile retailing that is owned by a big Holding Group Company XYZ. DEF Company buys cars from distributors of well-known brands and sells them to customers as the authorized dealer. DEF Company also provides after-sales service, spare parts and second-hand services for many automobile brands. The company has 7 branches throughout the Country. The company prioritizes customer satisfaction, and relies on its years of expertise.

DEF Company employs around 380 people and has an annual turnover of about P100million.

The Company doesn't have an Internal Audit department. But the Group Holding Company XYZ (total employee of 2000 people with consolidated annual turnover of P4 billion) has an internal audit department (4 qualified internal auditors working for the department) that audits 17 group companies based on their risk-based audit planning for their audit assignments.

DEF Company has an Audit Committee.

Incident / Case:

Auto Parts Department's Stock Planner (will be referred to as Stock Planner throughout this document) whose main duty is to plan the procurement of auto parts and to place purchase orders based on approved plan) was accused of stealing expensive parts and selling them personally in the street market. This came to management's attention through informal internal whistleblowing (one employee said that a friend of his saw the Stock Planner doing something not right).

The Management informed the Audit Committee. The Audit Committee asked the Group Internal Audit (will be referred to as Internal Audit throughout this document) to evaluate the whistleblowing information.

At the start of their investigation, Internal Audit deactivated all system access rights of the Stock Planner and asked Company management to send him on annual leave. Internal Audit interrogated the Stock Planner several times outside the company premises and investigated all his previous years' dealings looking for all possible ways for him to cheat.

Internal Audit findings noted that this person was involved in several different fraudulent activities at the same time.

It also became quite apparent that there were serious weaknesses in the Company's Internal Control System, grouped under the following three headings: (1) unapplied operational process controls;(2) ineffective financial controls; and(3) deactivated system controls.

As soon as the internal audit work was finalized the results were reported to the DEF Management, DEF Audit Committee and Group Holding Company XYZ (who is a shareholder of the DEF Company appointing some board directors).

The main findings related to the Stock Planner's fraudulent activities are as reported in the internal auditors' report:

------------------------------------------------------------------------------------------------------------------------------------------

INTERNAL AUDIT REPORT

Summary Report on Auto Parts Fraud Company DEF

PART I: FINANCIAL IMPACT OF THE FRAUD (I) AMOUNT THAT COULD BE CALCULATED UNTIL NOW:

1. Parts taken out of the inventory and the related amount were invoiced without the knowledge of the customers, receivable sitting as open item in the system: P50,801

2. Amount that was invoiced, signed with a fake stamp and collected from the customer in cash that was not posted in company accounts: P14,146

3. Parts taken out of the inventory on the basis of open job orders but not physically present anywhere in the warehouse: P36,396 (at cost)

4. Parts that were reserved in the system in the name of a customer but physically not present anywhere in the warehouse: P30,814 (at cost)

5. Amount that was borrowed from the company but not paid back: P6,500

6. Product code modifications made over 4 years (changing product codes of expensive auto parts stolen from the warehouse to paint product codes, an uncountable (liquid) product category) P408,537*

7. Some auto parts taken out of the warehouse with unauthorized/unapproved job orders P55,934

TOTAL CALCULATED AMOUNT: P603,128

* Examples for parts whose product codes were changed to paint are as follows: expensive accessories sold at the Boutique (P22,200), steel tire rim (P24,050), tyres (P11,100), injector (P6,660), Screen & Mirrors (P18,500), headlamps (P6,013), hydraulic suspension & compressor (P8,048), arm-rest tool (P4,625), indicator panel (P4,255), refrigerator (P2,775), cabrio-type car ceiling (P5,365)

------------------------------------------------------------------------------------------------------------------------------------------

PART II: DEFICIENCIES NOTED

(I) UNAPPLIED OPERATIONAL PROCESS CONTROLS:

Other Service managers confirmed that physical access to the Parts Warehouse is not restricted and that even the workshop employee could enter to the warehouse without any control.

Periodic stock counts are not performed on a regular basis.

Open job orders are not reviewed by appropriate manager on a periodic basis.

Discounts given on parts are not reviewed by appropriate manager on a periodic basis.

Material movement vouchers are not reviewed by appropriate manager on a periodic basis.

Exception reports such as overrides/changes to master data like product code changes are not reviewed by appropriate manager on a periodic basis.

Aftersales department has worked with unapproved customers on an open account basis instead of cash basis.

Aftersales insurance receivables are not followed up for collection on a timely basis by the respective operations manager.

------------------------------------------------------------------------------------------------------------------------------------------

(II) INEFFECTIVE FINANCIAL CONTROLS:

Periodic customer reconciliations are not performed.

Nobody from Finance participates in the stock-counts

Open account follow-up is not performed effectively and on time. Problematic situations are not escalated to the management.

-----------------------------------------------------------------------------------------------------------------------------------------

(III) DEACTIVATION OF SOME SYSTEM CONTROLS:

Service employee who is authorized to issue invoices has access to make changes in customer master data (including creating a new customer). The system allows changes to master data even if there has been a transaction posted over this customer.

During invoicing, changes/overrides can be made to default customer group discounts field and customer information flowing from the master data and log reports are not created to review such overrides.

---end---

1.As an external auditor, will you consider assessing the control risk at a high level?

2.Is the reliance on the work of internal auditor enough to support your assessment in number 1?

3.What are the possible conflict and its impact to the internal control?

4.What would you recommend the management about this conflict?

5.Propose a program / policy to address the issues.