FOLEO FONES CASE STUDY - Chapter 9:

Assume you are the management accountant for the Foleo Group and Tracey Chen has asked you to assist her in assessing the organisation's internal control environment before her meeting with Peter Singh next week.Specifically, she asks you to look at the Finance Department that you manage.Tracey provides you with her detailed observations of the Department's current control environment below, and asks for your input.

Finance Department:

This Department presents the highest control risk for the Foleo Group, by far. The staff within the Finance Department collect data generated by the various departments and business units within the organisation, analyse it and then generate reports that are disseminated across the organisation.Most, if not all of this data is transmitted electronically and it currently appears that all operational staff within this Department have access to the complete suite of information passing through their accounting system.The only exception to this, are the existing, but inadequate access controls over the payroll data, however it seems that these can be easily overridden, as demonstrated to me by one of the Finance staff members upon request.This unrestricted access to sensitive data has led to some serious motivational issues and at this point, it is unclear whether disgruntled employees have been able to take advantage of the Finance Department's poor control over Foleo's data.

Another area of concern identified by the management accountant is the poorly restricted access to the reports generated by the Department.These reports are distributed via email (and occasionally in printed form for specific meetings) to authorised recipients, however, there is a common practice across the organisation, it seems, of sharing passwords to access other individuals' email accounts and information.Whilst I am informed that this practice is in the interests of timely resolution to problems, rather than fraud, my concern is that it invites dysfunctional behaviour and represents a significant risk to Foleo's information and assets.

The operational staff of this department who process all transactional data are subject to a number of controls that I implemented on my arrival at the organisation some 20 years ago, in order to minimise the risk of errors and omissions in the reports they generate.As they enter data, the accounting system has a number of inbuilt safeguards to ensure that the right type of information is being entered in the right place, in addition to requests for confirmation for entered information that is abnormally high or low for specific data types.Unfortunately, these controls along with the procedures I put in place to ensure the authenticity of transactions are routinely overridden by both operational and management staff, which is somewhat concerning, considering that James and Leon appear to be the worst offenders.As the management accountant discovered decades ago, James and Leon regularly authorise the payment of private expenses through the company bank account and access funds as and when they need cash without following the proper procedures.This has resulted in their salaries being seriously understated and the existence of improper expenses in the company financial statements.I believe this sends a poor message to the employees.

As already identified in my last report, this Department struggles to deliver the required reports at year-end and other peak times, despite utilising a range of techniques to minimise the processing time of the data.These techniques have led to errors and shortcuts that have compromised the integrity of the resulting reports, upon which Managers have based important decisions.

The access to the bank account would appear to be less of a concern.The management accountant has charged the senior accountant Phil Brown, a loyal Foleo employee of some 10 years, with the responsibility of preparing, authorising and effecting all cash payments (despite the existence of sufficient support staff to undertake these processes).This responsibility extends to supplier, payroll, petty cash and all other miscellaneous payments.Phil has walked me through the system he has in place that matches documentation from all components of the purchasing process, which is the prerequisite for any payment being authorised.He has kept meticulous files and was able to produce the purchase order, proof of delivery and supplier invoice for any payment I selected for audit.I did notice a couple of insignificant anomalies in the records, such as a supplier's name also appearing in the customer list of names, as well as Phil's signature appearing on a number of receiving reports for purchased goods (a role that would normally be undertaken by the warehouse staff that received the shipment).These anomalies seemed odd to me at the time, but were quickly explained by Phil Brown.This may require further investigation.

(a) Based on Tracey's observations as well as the week's readings and lecture materials, identify five (5) lapses in the H.O. Finance Department's control environment and explain the risks that each present.

(HINT:Ensure you identify the controls that might be missing and explain the implications for the organisation of EACH missing control.) (2 marks)

The five lapses with attached risks are as follows -

1)Unauthorised access of data - The employees are free to access the financial and confidential data all across the staff line which carries the threat of security breach in which data can be passed on to rivals by any insider which would lead to loss

2)Poor data transmission control - the data transmitted lacks security provision where it can be easily manipulated by any one thus causing the threat of wrong and irregular reporting.

3)lack of security norms - passwords, login details are shared among the employees which lead to the threat of disclosure of confidential data thus there would be no control in the premises.

4)lack of accountability - the person assigned the duty to supervise himself is found under doubtful lens when his signatures were found in inappropriate forms thus his words can not be deemed to be fully true,the threat of insider trading and fraud exist in this aspect.

5)Poor scrutiny - there is no scrutiny of the data, reports which poses the threat of fraud existing in the company.

(b) Suggest a specific control that you might introduce to address each of the lapses identified in part (a) and classify each control suggestion as either preventive or detective in nature.Explain your choice of classifications.

(HINT:Refer to the Garrison reading for information on these classifications.) (1.5 marks)

1)Auditing - entire financial and crucial aspects of the organization would be properly screened and analysed in order to detect any loopholes in them in time bound manner so that any scope of fraud or misrepresentation do not exist.it can be considered as detective nature.

2)Surprise visit - i would inspect on surprise visit so that on ground reality and truth could be assessed and culprit could be caught red handed.it is of detective nature.

3)Installing financial reporting software with security measures - in this mechanism only the eligible members could be given access and confidential data could be saved from external risk, it is of preventive measure.

4)Appointing an ombudsman - in this office any complaints regarding faults existing within the organization could be reported so that strict actions could be made on the basis of it.it is of detective nature

(c)Select three (3) controls you have suggested in part (b), and describe how each will work towards achieving the overarching objectives of the Foleo organisation. (0.6 mark)

(HINT:You may need to revisit the entire Foleo Case Study and/or the exercises you have completed so far to refresh your memory of the overarching objectives of the organisation.)

(HINT:Ensure you identify and explain the specific objective that each control will relate to.)

1)Surprise visit - it will make the hidden facts, reason of faulty misrepresentation crystal clear and the peron accountable could be penalized for the same on evidence.

2)Ombudsman - it will give the courage to all honest workers to report any irregularities and give a sound base to further investigate on matters which were not known before

3)Financial software - it will prepare bias free reporting and would detect any wrong entries preventing the scope of dubious entries in accounting.

(d) Based on the week's readings and lecture materials, explain Simons' concept of the levers of control for implementing strategy.

(HINT:Ensure you identify and explain all four (4) levers in your response.)

(HINT:Refer to the Simons reading for information on the levers of control.) (0.6 mark)

The concept of the levers of control for implementing strategy are:

1)Core values - The objective and policy right from the beginning must be well planned and articulated so that there is no ambiguity afterwards. The belief system, Policy, protocols must be well apt for proper working of the organization

2)Risk to be avoided - it consists of executing certain financial prudential norms so that wealth could not be misused or pushed to risk. Budgetary system, operational guidelines must be provisioned so that financial management goes in regulation

3)Strategic threat- It states that organization is prone to threat and any misfortune event and therefore we must establish an interactive control system throughout the organization so that quick and instant solution could be devised to overcome the crisis.

4)Critical performance - the entire work must be properly evaluated in due time so that any deviation or loss of organization assets could be minimized to greatest extent. Diagnostic control system, valuation control, incentives are some of the strategies to be adopted

(e)For the three (3) of the controls you selected in part (c), classify each as one of the Simons' levers of control and explain why.

(HINT:Refer to the Simons reading for information on the levers of control.) (0.3 mark)

______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________