In May 2018, a local chemical plant had an unfortunate accident. Chemicals leaked from a plant holding tank and seeped onto the parking lot. A number of employee vehicles were damaged and required repainting. The company agreed to reimburse employees for the cost of these repairs. Employees were instructed to submit their bills for the repairs to the Controller, Jim Bemond. Jim would then issue a check to the employee for the amount of the bill. While the Internal Auditor Director questioned the Audit Committee about the monitoring of the reimbursements during a meeting a month after the accident, the Committee determined that procedures in place were adequate. Nine months later, at a full board meeting, someone made a remark about the fact that bills were still being turned in for reimbursement. By this time, the total of the damages reimbursed to employees had reached nearly $150,000. After making inquiries, it was discovered that some of the repairs were for expensive paint jobs, upgrades, buffing, body repairs, and waxing. Further investigation revealed that thousands of dollars were reimbursed for paint jobs on cars that were damaged prior to the industrial accident. Moreover, some employees had turned in bills for similar jobs just a few months apartin other words, some cars were reimbursed for the same repair twice. Although this appeared suspicious, no one caught it until the internal auditors came in one year after the accident in response to the boards inquiry and reviewed the invoices and compared them with the employee list and cars repainted.

Answer questions 1-3 below with reference to COSOs Control Activities, Information and Communication and Monitoring Principles and corresponding Focus Points.

1. What important control activities are missing?

   2. How should have the policy concerning the reimbursements been communicated to the employees?

   3. What monitoring controls should have been put in place to detect if the policy was being abused?

2. Control Environment considerations:

   4. This fraudulent activity was not material to the financial statements, however, the event has an effect on the culture of the organization. What does management need to do now that the fraud has been discovered?

   5. What is the Board of Directors responsibility now that the fraud has been discovered?

   6. What control environment principles are lacking or ineffective?