-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years ago
A reminder that the first exam of the semester will be conducted by Blackboard and must be completed between Friday October 7 and Sunday October 9 (midnight).
Some specifics:
Will include course content […]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years ago
I apologize for the incomplete post earlier – it’s been quite a week personally. Good comments and discussion last week. You raised the key points but let me share my thoughts.
Q1: Who has a ‘great’ OTC proc […]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years ago
Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
Assume the ‘One Piece at a Time’ video scenario could happen. If you a […] -
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years ago
Couple of links Re: the recent Wells Fargo fraud / control failure
Link 1 Link 2
Alternately, this week you may answer one of these questions:
How could this happen in the world of Sox and ot […]
-
The CEO should be part of the 5,000 employees who got fired. He is incompetent (because he does not know what is going on in his company) or he was aware of the fraud. Francly, I think he was aware of the fraud but decided not to react.
The worst thing is that the fraud did not even increase the bank revenue. It’s a risk that managers and salespersons took for nothing. The CEO responsibility is to make sure everybody is following the rules. I know that Wells Fargo is a big company with branches everywhere in the country, but a fraud like this can’t occurred without top management knowing about it. The best thing to do for the CEO is to resign.-
Hi Said,
I would agree with you and think the CEO should resign. Throughout my readings, I couldn’t identify if the fraud was material or not, in the sense that it had a substantial impact on the financials of the company. However, in my post I suggested that an investigation be made on the CEO and if found he had knowledge of the fraud, should be held accountable in some degree. With that being said, if the amount from the fraud is not material in respect to the financial statements, then there is a serious company culture that Wells Fargo needs to address. If they are pushing over 5,000 employees to the point that they feel the need to commit fraud, then the organization needs to rethink its message and policies.
-
Well said both of you. I completely agree. The CEO should be held accountable whether he knew or not. I mean it seems as if he had an idea of what was going on so therefore, he should have addressed the situation. Paul, like you I could find whether the fraud was material or nonmaterial.
Additionally, Paul your statement hits the nail right on the head: “If they are pushing over 5,000 employees to the point that they feel the need to commit fraud, then the organization needs to rethink its message and policies.” The majority of these employees are living below the poverty line and were welfare recipients, which displays a lot. These people were vulnerable across the line; if they didn’t hit these quotas they lost their jobs. I think Senator Elizabeth Warren shed light on this issue, “You squeezed your employees to the breaking point, so they would cheat customers and you could drive up the value of your stock and put hundreds of millions of dollars in your own pocket,” Warren said. “And when it all blew up, you kept your job, you kept your multimillion-dollar bonuses, and you went on television to blame thousands of $12-an-hour employees who were just trying to meet cross-sell quotas that made you rich.”
Source: http://fusion.net/story/350752/wells-fargo-sued-class-action-lawsuit/
-
-
-
How could this happen in the world of Sox and other regulations?
U.S. law requires banks to enforce “Know Your Customer” guidelines, whereby accounts are opened only by “genuine” customers, with documentation that establishes identity and legality of funds.
Just one example of how punishing whistleblowers is against the law: after the Enron bankruptcy, the Sarbanes Oxley Act was designed to prevent the “I’m the CEO and I know nothing” defense by requiring at a minimum that the CEO and CFO personally certify the accuracy of financial reports and the adequacy of internal controls. It also required public companies to create secure channels for internal whistleblowers to report if they saw what looked like legal or regulatory violations. From the National Whistleblower Center:
Unlike most whistleblower laws, the SOX’s whistleblower protection provisions are not limited to providing a legal remedy for wrongfully discharged employees. In addition to containing employment-based protections for employee whistleblowers, the law contains four other provisions directly relevant to whistleblower protection. First, the law requires that all publicly traded corporations create internal and independent “audit committees.” As part of the mandated audit committee function, publicly traded corporations must also establish procedures for employees to file internal whistleblower complaints, and procedures which would protect the confidentiality of employees who file allegations with the audit committee….
Fourth, Section 3(b) of the SOX contains an enforcement provision concerning every clause of the SOX. This section states that “a violation by any person of this Act [i.e. the SOX] . . . shall be treated for all purposes in the same manner as a violation of the Securities Exchange Act of 1934.” This section grants jurisdiction to the SEC to enforce every aspect of the SOX, including the various whistleblower-related provisions. It also provides for criminal penalties for any violation of the SOX, including the whistleblower-related provisions….
In addition to these four provisions, the law contains an employee protection provision which permits whistleblowers to file a complaint before the U.S. Department of Labor alleging unlawful retaliation.
-
As most of us know, Wells Fargo has recently disclosed that a large scale fraud has taken place within the company, which resulted in 5,300 employees being fired or about 2% of its workforce. This fraud essentially involved employees who made up fake accounts or enrolled existing users into new but unwanted programs in order to meet company incentives. Many customers who had accounts created in their names, have been financially affected with them being charged for actions like insufficient funds or overdraft fees. While fraud can occur in any company, one of the areas of concern is that Wells Fargo had identified that 5,300 employees were involved in creating over 2 million fake accounts. Not only that, there are reports that many whistleblowers have come forth, but were retaliated against and lost their jobs. This is to suggest that this fraud was not some rare occurrence, but actually a serious red flag for a lack of controls and ineffective company policy.
Now that a background was provided, the question raised is that “How could this happen in the world of SOX and other regulations?”. SOX, short for the Sarbanes-Oxley Act, is an act that directly aims to prevent the exact fraudulent activities that Wells Fargo had performed. The two main areas that are covered in the act is that the management of publicly traded companies have to sign off that the financial statements are accurate and that companies need to establish internal controls, which must be audited and reported upon. With that being said, I think one of the main reasons why this fraud could happen in the world of SOX, is that often times these organizations are seen as “too big to fail” and because of that they rather hide a fraud then prevent it. All one has to do is look at the settlement, which was $190 million. This amount is miniscule in comparison to the $86 Billion in Revenue and $22.89 Billion in Net Income that Wells Fargo had in 2015 according to its 2015 Income Statement. With this being said, the CEO had a choice. He could either correct the issue, pay a settlement, and take a stock value hit or continue the path of the company all while growing the company’s stock value. As we know, the CEO decided to refrain from correcting the fraud until now, resulting in a $19-Billion-dollar stock value decline.
Unfortunately, a CEO would rather sweep a fraud like this under a rug in order to avoid losing market value. Other than the hit in stock value, Wells Fargo’s only accountability was a $190-million-dollar settlement which equates to less than 1% of their total net income for the year 2015. In order to reduce fraud like this from occurring, you need to make it so that an executive doesn’t refrain from correcting an issue if it means keeping a high stock value. While SOX allows the SEC to hold executives accountable, enforcement needs to be made and actually hold them accountable. Personally, I feel that an investigation should be made upon the extent of knowledge that the CEO, John Stumpf, had of the fraud occurring. If he was aware that the fraud was occurring over the past 5 years, then he should be charged with perjury much similar to the executives at Enron or Tyco. While I don’t believe the fraud had a huge financial impact on Wells Fargo, it is fraud none-the-less. I think if one takes away the incentive to sweep something under the rug as opposed to correcting an issue at first, then CEO’s would make the moral decision more often. With all that being said, a company’s culture plays a big issue as well as the auditor’s ability to not be influenced by their client. It will be interesting to see how Wells Fargo will be impacted going forward.
-
couldn’t***
-
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years ago
Reminder: Exercise 1 – Procure to Pay Process is due (via e-mail) on Thursday September 22 Saturday September 24 at 11:59 pm.
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
Which portion of the Order to Cash (O […]-
1. As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
I prefer any website I can use Paypal for payment personally, but for sake of argument I will say Ebay for example since they allow Paypal payment. Ebay makes it very easy for me to search for and find a product I am looking for, and even offers a convenient layout to compare prices and vendor ratings. Ebay also works great because I can make a purchase after finding a product I want, avoid paying sales tax, and potentially avoid paying any shipping fees. The fact that Ebay links my information to my login, and I can easily use Paypal through my login, I am not burdened with entering my contact, shipping, and payment information with each purchase. The reason I prefer Paypal is because Paypal offers great protections to me as a consumer for online purchases. Paypal protects my detailed purchasing information from online fraud by reimbursement of any fraudulent activity or from misleading transactions with online vendors. The ease of the streamlined system for me to make a purchase, pay for my purchase, track, receive, and, if needed, return my purchase, makes Ebay’s O2C process great in my opinion.
-
1. As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
As a loyal customer of Amazon, I think it has a great OTC process based on my 4+ years’ experience. For example, when I add a product to my shopping cart and check out, Amazon process the order by following steps:
a) the quantity available for the listing is subtracted from the quantity in Manage Inventory. If there was a quantity of one at the time the order was placed, the listing will be removed from Amazon offer page and appear in Manage inventory with a quantity of zero while the order is being processed. Amazon holds all orders for 30 minutes, which gives us an opportunity to cancel orders. The canceled orders will appear in Manage Orders as canceled and will be grayed out.
b) Amazon verifies the payments of order:
Unshipped–payment verification is successful
Pending–payment verification is initially unsuccessful or extended.
Canceled–an order gets canceled if payments authorization does not succeed or in cases of fraud.
c) When payment is verified, Amazon does:
Changes the status to unshipped
Sends an order confirmation to the buyer with the estimated delivery date
Sends an order notification
If an order is delayed because of Amazon’s processes, it will provide the buyer with a new delivery date based on the date the order is released from Pending status
d) Once an order is in unshipped status, the buyer must either fulfill or cancel the orderSource from: https://www.amazon.com/gp/help/customer/display.html?nodeId=200168990
-
2. Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
I think the most vulnerable to theft, fraud or failure is the customer payments. Amazon will cancel the order if the payment authorization does not succeed and/or in cases of fraud, meaning once Amazon sees the payment is approved, then it trusts you and changes the status of the order, however, if the payment is not approved, it will change the status of the order to canceled, which Amazon does not approve you to do further status.
-
Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
I think the shipping note/delivery is the most vulnerable portion of the Order to Cash. The all process is considered complete only when the customer receive the product. The shipping portion is then critical to the completeness of the transaction and it is also exposed to theft, fraud and failure.
First of all, the fraud can come from within the company, someone can easily change the delivery address or even put the wrong product. The mistake can be unintentional or intentional (theft and fraud).
Also, if the company hires third party businesses it increase the probability of failure because the company and its third parties have to match their system (which is really difficult). We all experienced at least once the lost of a package in the delivery process. Sometimes the package get lost due to system failures or human errors. -
2. Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
Ans. The order to cash has 4 processes:
1. Quotation/order entry
2. Provision of goods or services
3. Billing(invoice)
4. Incoming payment
All the 4 processes are vulnerable to threats equally.Quotation or order entry is most vulnerable to human errors or frauds. The risk associated with this incorrect or incomplete sales document can lead to lower sales or debts. The automatic completeness check must be in place for control purpose wherein documents are checked for incompleteness and reworked when necessary. Duplicate entry can cause miscalculations.
Also in billing Change transaction and triangular deals are not reflected correctly. Incorrect representation of sales tax. Incorrect determination of net prices which can lead to loss of sales and profit. There is also a risk for fraudulent actions.
Source: Auditing and GRC Automation
-
Yes Said. The example is a great one. I am sure every one of us have atleast one case of misplaced delivery. Even without the third party involved we have lot of fraud happening. Do you think there is a way to prevent it? Is this only due to human error?
-
Binu,
We can’t do nothing about human errors, but we can reduce fraud. There should be a tracking system from the order creation to the delivery. In that way, the company can track the order from A to Z. For example, let’s say I order three books from Amazon. The system will create my order and assign an order number. Then, the warehouse manager will receive the order number and it characteristics (books titles, quantity, delivery range date…). His/her team assembled the my order and re-virify the order. Next, the shipping team receives my order and verifies with the order number what is in the package. Then they make the delivery (in-house) or hire a third party to do it. At this point, a theft or failure can occur only if someone steals my order from the delivery truck or the driver delivers my order somewhere else.
-
You’re partially right when you say that we can’t do nothing about human errors. Since human errors are mostly unintentional, it would be difficult to put a check at every step where human involvement is needed. Also, it might not be feasible to put a person at every step to verify and re-verify the order with the customer as it would probably open up more doors to a failure of some kind, it can also lead to a customer getting irate about the constant follow-up (I know I would be, if someone were to keep calling me for every order I placed). We can however, reiterate to the employees about areas prone to incorrect details being entered and ensure that they are more watchful of those and make it a point to enter the information or complete the task right the very first time itself.
-
-
Binu, I believe log management and analysis can track such kind of problems. It is important to maintain the logs of all kind of transactions so that issues such as someone changing the delivery or address details can be tracked. It is a good kind of detective control for such issues.
-
-
2. Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
Issuing order invoices is the portion of O2C which I see as the most vulnerable to theft, fraud, or failure of some kind. Without proper controls, there is an incentive and opportunity for employees to issue fraudulent orders to fictitious customers. This type of fraud is exacerbated by sales target pressures put on employees and is playing out publicly currently with Wells Fargo for example. Even without an added pressure, employees due to economic fears might inflate sales to help ensure their individual job security with a business. This is especially easy for an employee to pull off if they have access to the portion of the process to cancel or remove the orders after they’ve been accounted for. A policy of separation of duties can help mitigate this risk of fraud by removing the “opportunity” portion of the fraud triangle. Discouraging sales target incentives can help lessen the “pressure” side of the fraud triangle too.
-
That is really good insight to that “link of the chain.” That is definitely an area of the O2C process that involves a lot of moving parts and is the actual physical movement of goods. At that point, like you mentioned, there are more personnel involved in both the business and outside of the business that pose new threats to the order and potentially have incentive and opportunity to intentionally or unintentionally cause a failure for the business.
-
I actually think that Apple Pay offers a convenient way to make purchases within Apple’s platform, and is easy to use at retailers when available. For example, my wife uses the Starbuck’s app to purchase coffee at work. Apple Pay allows her to reload funds to her account from her phone. Once a card is stored in Apple Wallet and then linked to Apple Pay, it can be used to make in purchases within iOS. Once the funds are placed in the Starbucks account, an order can be placed at any Starbucks location so she can order coffee and have it ready when she arrives at the store without ever having to use cash or a credit card.
While Apple Pay is convenient within iOS, it only sporadically available at physical retailers. While it has expaned since its inception in 2014, it is still not universally/widely used. Still, where it is available, I have generally had a very easy time using it and even found it faster than credit cards with an EMV chip. And it is always easy use a phone instead of reaching for a wallet.
Apple Pay can reduce the risk of credit card fraud because the card is stored on the device and uses a one time code for each transaction, similar to an EMV chip. However, EMV chips are irrelevant for online purchases because credit card numbers are used. If Apple Pay expands to new Macbooks and either incorporates a finger printer reader or syncs with the iPhone to authorize transactions, than purchases can be made directly through a computer without using a credit card for every transaction. Almost like PayPal.
-
As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
I would like to use Amazon to buy something. If we consider the ERP system flow, this is typically categorized into the following eight sub-processes:
1.Customer presence
2.Order entry (creation of order / booking of order)
3.Order fulfillment (physical & digital fulfillment)
In its broadest definition, the possible steps in the process are:Product Inquiry – Initial inquiry about offerings, visit to the web-site, catalog request
Sales Quote – Budgetary or availability quote
Order Configuration – Where ordered items need selection of options or order lines need to be compatible with each other
Order Booking – The formal order placement or closing of the deal (issuing by the customer of a Purchase Order)
Order Acknowledgment / Confirmation – Confirmation that the order is booked and/or received
Invoicing / Billing – The presentment of the commercial invoice / bill to the customer
Order Sourcing / Planning – Determining the source / location of item(s) to be shipped
Order Changes – Changes to orders, if needed
Order Processing – Process step where the distribution center or warehouse is responsible to fill order (receive and stock inventory, pick, pack and ship orders).
Shipment – The shipment and transportation of the goods
Delivery – The delivery of the goods to the consignee / customer
Settlement – The payment of the charges for goods / services / delivery
Returns – In case the goods are unacceptable / not required
4.Distribution
5.Invoicing :A typical invoice contains:The word invoice (or Tax Invoice if in Australia and amounts include GST).
A unique reference number (in case of correspondence about the invoice)
Date of the invoice.
Credit terms.
Tax payments if relevant (e.g. GST or VAT)
Name and contact details of the seller
Tax or company registration details of seller (if relevant)[e.g. Australia Business Number (ABN) for Australian businesses.]
Name and contact details of the buyer
Date that the product was sent or delivered
Purchase order number (or similar tracking numbers requested by the buyer to be mentioned on the invoice)
Description of the product(s)
Unit price(s) of the product(s) (if relevant)
Total amount charged (optionally with breakdown of taxes, if relevant)
Payment terms (including method of payment, date of payment, and details about charges for late payment)
6.Customer payments / collection
7.Cash Application
8.Deductions (If invoice Short Paid by Customer)Source: https://jellychic26.wordpress.com/2013/07/12/order-to-cash-process-of-amazon/
-
Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
It may appear in the order processing. For example , the orders may not correctly Authorized. What’s more, if customers want to modify the delivery or ship-to address, someone may be intended to change the some target address, and then they explain that they did not receive products.
Credit also contained the risk, such as the external control issue, information leakage appeared in the credit card information. -
Who in a company should be responsible for the controls of that company’s Order to Cash (OTC) Process? Why?
CIO is responsible for OTC, because he is the top management in the overall organization system. the CIO will listen the SAP gourp report in order to make some decisions. What’s more, Order-to-Cash Director is specific responsible for the controls of that company’s order to cash process. The Order to Cash Director oversees the Contract Entry, Billing and Credit and Collections Departments. Responsible for ensuring the following:
* Credit review and approval processes comply with company internal controls
* Sales contracts are recorded timely according to company processing cutoffs and with high accuracy
* Invoices are provided to customers timely with high accuracy
* Timely cash collection, dispute resolution and escalation to customer contacts as needed
* Accounts Receivable (AR) aging is managed within company targets
* Proper review and approval of credit memos, write offs, refunds, etc.
* Financial close processes are completed within corporate deadlines
* Appropriate support of Legal department in collection / settlement efforts
* Timely reporting to management of quarterly AR metrics (DSO, AR aging, etc.)
* Directs various cross-functional teams in supporting process and system improvements
* Manages 3 direct reports and their sub teams.
-
What key (1-2) competencies does the person responsible in a company for the Order to Cash (OTC) need to have? Why?
Strong interpersonal and leadership skills. Positive, self-motivated and an exceptional desire to win. Superior people skills: team-oriented, fast learner and personable understanding of business requirements and functionality
Understanding of integrated business management systems. Ability to quickly identify and analyze technical risks & impacts and define alternatives & prioritizations to remove technical roadblocks. Ability to manage multiple deliverables independently in a fast-paced environment.Resource: http://www.careerbuilder.com/job/J3L7F36WBYSKTZBFV29
-
As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
I purchased two new mattresses, one for myself and one for my son. The OTC process we received seemed to work ‘great’. My family was very pleased with the entire OTC process.
Here was our experience.
We visited the store and selected the two mattresses based on the floor models. I negotiated a deal with the sales representative and agreed to the price, delivery, set-up, and financing terms. The sales representative searched his system to determine if the make and models were at this location. The mattresses were at this location and a delivery day / time was set for the next day. The mattresses arrived the next day and on time. The delivery drivers contacted me by phone 30 minutes before they arrived. The delivery driver successfully set-up the frames and placed the box spring and mattresses in both bedroom sets. Once the job was completed, the delivery driver had me sign a receiving slip and presented me with a receipt.About two months later, we received a bill from the company for 3 years of interest free monthly payments. We contacted the billing department and scheduled automatic payments for the next 36 months.
The entire process was smooth and will visit the store for all of my future furniture needs.
-
Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
The portion of OTC process I see most vulnerable to theft, fraud or failure is the sales process. I believe the sales process is most vulnerable because it has “Many Flavors” to sneak a taste. Here are a few example for the list provided in on page titled The Many Flavors of Sales Order of the Power Point.
1. Standard Order – Delaying or placing future orders for extra commission and personal incentives.
2. Free of Charge – Offering samples to family or friends
3. Returns – May not account for the return and take it
4. Credit / Debit – Making side deals for personal benefit
5. Tax Scenarios – Dishonest tax practicesThe more “Flavors”, the more areas of risk and possibility of fraud, theft, or failure.
-
Who in a company should be responsible for the controls of that company’s Order to Cash (OTC) Process? Why?
I believe the C-level executives (CFO, COO, & CIO) should create the controls for the company’s OTC process. The control framework should be a joint operation to accurately identify the risks, and allocate the appropriate resources to mitigate the risk. The CFO will identify the Pre-sales & Sales, Billing, Financing, and Payment controls, the COO will set controls on the direct labor, direct materials, production, and shipping, the CIO will set controls and policies on the IT infrastructure.
-
What key (1-2) competencies does the person responsible in a company for the Order to Cash (OTC) need to have? Why?
Each responsible party should have a passion to achieve the organizations mission statement and accomplish / exceed the company’s goals. They have to believe in what the company is doing, why they are doing it, and how they are doing it. The other core competency each leader should possess is the success of the stakeholder (Customers, Employees, Shareholders, and other associated with the company). Understanding what the company wants to achieve is great, but identifying what key stakeholders want is the only way to keep people satisfied, putting the company in a better position to consistently grow.
-
In my opinion, the person responsible for the Order to Cash process needs to have –
• Accounting knowledge, and
• Sales & Distribution knowledgeThis is because :
• The Order to cash process manages the life-cycle of a sales process
• It consists of the sub-processes of receiving customer orders and processing them.
• Orders are received via different Sales channels
• Orders are fulfilled though transportation & logistics
• Invoice is generated and referenced as sales
• Debt is recorded and collected through collections management
• Funds are received and are to be accounted as appropriateAll the above steps make use of Accounting and Sales & Distribution knowledge so a person well-versed in these areas would be able to visualize and design a great O2C model.
-
Well put, Yulun. I too am impressed with Amazon’s Order to Cash process. However, I would like to add a few points here which are integral to an O2C process –
~ Managing customer Master data – Since the buyers are required to furnish their contact details/delivery address or verify the delivery address while placing an order, it would be rare that the order is created with incorrect delivery address. If somehow the address entered is incorrect, there is an option to change the delivery address by contacting their customer care
~Refund process – Amazon’s refund process is streamlined too. The customer can request a refund by initiating a refund. Amazon gives the customer a number of ways(such as UPS dropoff or shipping via another logistics company) in which the item can be shipped back to Amazon’s warehouse. They even provide the customer with a shipping label so that errors in putting correct shipping address do not occur. Once the Returns department has received the returned goods, they verify the item and its condition and if all is well, they initiate the refund process by involving the concerned team which is authorized to process refunds.-
Nice post, and you are absolutely right about the managing customer master data portion. However, there can still be mistakes especially at the delivery. I have received several times other customer packages from Amazon. The deliveries were made by third parties shipping companies (UPS, USPS, Fedex…) In that case, the error was human. The drivers were certainly having a long day and delivered to the wrong address.
-
Mansi,
Rightly said. Managing customers master data is a very important portion of the order to cash process. One simple mistake, putting a wrong address for example, can cause an unnecessary time to correct the order process. That is why the current order to cash systems are becoming more automated. We know that less human involvement results in better outcomes in terms of works done correctly. I also agree that Amazon is one of the very first runners in the race of implementing the fully automated order to cash system.
-
-
I totally agree with you Mansi! And thank you for adding. I trust Amazon because it has a 30 days’ refund policy and I can get the money back if some products I bought are bad, which makes people feel safe for online shopping! In adding (just got it), Amazon also organizes customer’s preferences from customer’s clicks and browses to the products. Based on that, Amazon sends customers about the similar products by Emails or Facebook, allowing you to click again and have more chance to buy them. However, sometimes I feel scared because Amazon has my all information and knows my styles.
-
Yes Yulun. Amazon return policy provides users the comfort to know that if they do not like the product, they will be able to return the product. So the customers tend to buy more products as this is completely feasible and saves on lot of time and money. Also the sales and discount coupons available make it even more attractive. It also has the Prime account which gives special advantages to the users. Yes, I agree that all the information -PII provided are vulnerable to threat and may be our privacy is being breached to certain extend.
-
-
I also like they refund process. Online vendors have an inherent disadvantage relating to returns/refunds. However, Amazon is able to make the process more convenient than many vendors with physical locations. The drop of locations are definitely easy to use. Printing off the the shipping label is very easy, and can be shipped at any UPS location. While a vendor with a physical store is limited to locations it has stores, Amazon is able to leverage any UPS location as well as their Amazon lockers. Thereby providing many more locations from customers to choose. As soon as the package is shipped, Amazon then refunds the purchase.
-
And Amazon also lets us change the pick up location incase of returning the product.
-
-
-
Your example of an employee changing/modifying the delivery address is great. That type of error would cause a loss for the business, and the incorrect changes might not even be intentional either. A separation of duties and a check in the ERP system could help mitigate that type of loss though.
-
Customer data collection and updation is indeed an important process. Check can be made when order is placed. The customer details in order must be mapped to customer master data. If not a new record must be created. Good quality of customer data must be verified.
There must be mandatory fields in customer data and if a record is modified, there has to be a check and a separate person must authorize the change. Completeness and accuracy being the two main factors.
-
-
I agree with your two key competencies selected. The entire process entails both of those aspects from beginning to end as you explained. It’s hard to limit it to just two because I also think a risk awareness mentality is so important as well. Since the person would be responsible for the entire process I think they should be aware of where the inherent risks are in the process and know ways to mitigate those risks as much as reasonable possible. But like you said, without having a solid knowledge of accounting and sales processes the person might not be able to properly identify where those risks are because they might not know whey risks are there.
-
You’re absolutely right, Sean. It’s hard to limit the competencies to just two as there are other aspects of the role which are equally important. Having a risk awareness mentality is key to the role to spot pitfalls and plan mitigation strategy therefore someone with Accounting and S&D experience would be a great fit as they would already know the process, its inherent or associated risks and the best possible solutions considering impact and ROI to overcome those risks.
-
-
I think Honeygrow has an awesome order to cash process because the ordering process is very easy with plenty of terminals for order to be processed quickly.
First you walk into the restaurant and walk up to an available kiosk. Tap the screen to start your order. You can select from stir-fry, salad, honeybar, or drink. If you pick food, you can customize it yourself with the available options or go straight to a suggested option. When you are finished creating your order you hit the looks good button. Then chose if you want it to go or to eat in the store. you will then have the option to add a drink or dessert. The next screen will have a summary of your order. If everything looks good hit done. It will then ask you if you are paying with cash or credit. If you hit cash, a receipt of your order will be printed and you go to the cash register to pay. The cashier will process your payment and mark your receipt as paid. If you hit credit, there is pin pad next to the kiosk that you can use to complete your payment. A receipt of your order will be printed afterwards. When you complete your order on the kiosk, the order will be electronically sent from the kiosk to the touch screens behind the counter where the workers stations are. There are different stations behind the counter and you can see them making your food. Duties are segregated in a way that each worker has a specific task which can be making the stir-fry, the salads, or the honey bars for example. There is also someone working at the cash register, and someone working at the pick up counter. When an order pops up on the screen, the workers will see whose station is in charge of putting together that order. If it is their station, the cooks will prepare the food. Once the meal is made and the complete order is assembled, the cook who prepared the food will bring the meal to the pick up counter, and the worker at the pickup counter will call out the order number. The customer whose order it is will hear their number and go to the counter to pick up their meal and voila!-
I really like their process too. They are able to process a large number of customers efficiently and I’ve never waited there too long, regardless of how long the line was. Having the customer order on a computer helps the process because less employees need to take orders, and it is less expensive to buy additional computers. Allows the employees to focus on their tasks with lest interruption, and essentially allocates resources much more efficiently.
-
-
Per my understanding, the VPs of Sales & Services, Finance and Production in conjunction with the CTO should be incharge of the Order to Cash process. The entire order to cash process requires personnel involvement of the departments headed by these VPs along with the Specialists that help manage the technology aspect of the process, who report in to the CTO. To make the process a successful and smooth-functioning one, buy-in from each of these business area leaders is required.
-
I definitely agree with you that leadership and interpersonal skills are a must . However, I would like to add that the person in charge of the oTc process should have some customer relationship management experience and above all some computer skills, including experience with ERP systems, MS Office etc. because they will constantly be in contacting with the operating system so knowing how to use it should be key skill required.
-
Rightly pointed out Alexandra. Customer relationship management experience will definitely help.
I also agree with Wenlin that the knowledge of business is utmost important. without understanding how business works. A person has to understand how a business works to detect if anything has gone wrong in the O2C process.-
Great points; knowledge of the business and effective interpersonal skills are most definitely key competencies in the OTC Process. However, I would say sense of a strong analytical skills trumps the business knowledge.
To be an effective leader one must possess the tenacity of analytics and strong communication skills. These skills may be seen as transferable but, they bring way more to the table when being an effective employee and manager. They set the stage for your work as well as your ability to handle situations that may occur.
-
-
I strongly agree with Alexandra. The person also need the communication skills. Ability to work effectively in a diverse work group and to achieve results through team efforts. Ability to perform in a high pressure environment and/or crisis situation and render good decisions to resolve the problems, maintain safety and ensure adherence to Corporate Code of Conduct.
-
-
you are right Binu.
For instance, there would be fraud at the first step of OTC if the sales teams offer preferential terms to close a deal whereas the adjusted terms are inappropriate and unauthorised. Similarly, free goods and samples can be inappropriately used resulting in loss of assets. -
Yulun, I’m not sure I understand your answer well here. If there is a payment authorization step that allow companies to cancel suspicious orders, where is the vulnerability to fraud?
-
Alex! you are correct! I thought the questions was asking if the companies know the most vulnerabilities to theft! For correction, I think the most vulnerable to theft that Amazon sees is that the customer lies by saying they don’t receive his package shipped from Amazon. Based on its good customer service, I think Amazon will ship a new package again and delivery to the customer.
-
Exactly. I think this is a good point that customers may lie to the customer service that they didn’t receive the package Yulun. However, from my experience of operating the Customer Service System, customers’ order and other account information is available in the system. If customers claim that they didn’t receive the package, customer service agent will track the package by using UPS or USPS delivery number to check whether the customers already sign for their package or not.
-
Fangzhou,
You may be right, but based on my experience Amazon send you a new package if you tell them you didn’t receive your package. In fact, last year I ordered something from Amazon. I was not home when UPS delivered the package, so my neighbor took the package. So, when I got home I already received a mail from Amazon saying that my package was delivered, but I could not see my package. I then contacted the customer service and they were ready to send me another package. Later on the day my neighbor knocked my door and gave me my package. As a honest person, I contacted back the customer service and told them that I finally received my order.
-
-
-
-
Joshua, Apple Pay may seem to be more secure than using your actual card but that would not stop a hacker who has already hacked your credit card info and actually use it to create an Apple Pay account on their own device. That is an issue. In fact, that exact scenario poses what is probably the biggest fraud risk.
-
To add to your point Alexandra, Apple Pay would have its own vulnerabilities and potential to fraud.
So many applications are target to hackers. Eventually, Apple Pay will have bank or credit account details stored. -
Definitely agree that Apple Pay does have its risks and some have definitely already been written about. None of the current payment systems are really secure, it’s really more a matter of how good they are comparatively to one another. And hackers will definitely exploit more vulnerabilities in Apple Pay over time, especially if becomes more popular. I do think that it is better to allow fewer businesses access to my credit card information, which is what Apple Pay, EMV chips, and PayPal allow. If Apple Pay and PayPal are adopted by more businesses on the internet, than it will further reduce a credit cards exposure. Apple Pay can always be hacked, but there is a smaller probability my card being stolen if less businesses have access to it, and if it is used on less websites.
-
I agree with you, Apple pay also has its own vulnerabilities. Apply Pay need your credit card information, when you add your new card. Apple Pay can always be hacked, and be targeted. However, Apple Pay is significant to make our process of payment convenient.
-
-
I have a slightly different view on which of the sub-processes are more vulnerable to fraud, theft or failure. To me, it seems that the order entry step is prone to more human errors – the customer or the representative can make mistakes in entering the customer data aswell as quantities and the order specification. The payment process is vulnerable to theft and fraud as it involves transfer of money via customer payment info as hackers would want to get their hands on customer card data for their future use. Provisioning of goods or services and invoicing steps are less prone to failure unless the infrastructure is poorly configured.
-
Mansi,
I am glad you brought that up. Frankly, I did not think about hackers. I was only thinking how the company can mess up a customer order. It is true that during the payment process, hackers can take advantage of the company and the customers at the same time. In fact, they can steal customers information (credit card, addresses…), which makes the payment process really vulnerable to fraud and theft.
-
-
As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
The only company after Amazon that has a great OTC process that I can think of is Flip Kart, which is a direct competitor of Amazon in India.
The process is as follows:
Order Management:
Order is placed by customer through the front-end e-commerce website of Flipkart
Order is then downloaded onto the Order Management System (Not sure if the OMS is on the back-end Enterprise System or on the web-store)Order Fulfillment:
Here, the inventory from the warehouse gets allocated to the quantity on the order
A picklist is generated for the picker in the warehouse to pick goods and transfer them to the picking locationCustomer Billing:
The documents required with the goods are prepared (shipping labels, invoice, etc.)Distribution:
The order is packed and is assigned with a third party courier depending on the shipping location
Shipment is transferred over to the courier company and shipment is out of the warehouse (database is updated to reduce the SKU)
Goods are sent to ship-to-location and the invoice is sent to bill-to-locationCustomer Collections: Payment method is credit card, debit card, Cash on Delivery, Pay Pal, etc.
Customer Returns Management: Handling the goods that have been return by the customer. For Cash on Delivery goods, the customer doesn’t need to send the item via mail; the courier company associated with Flipkart arranges the pick up from the ship-to-location.
I think they have a good O2C process as the cash on delivery increases the complexity of the process. Cash on Delivery method is possible only because of a preventative control called OTP (one-time password), which is an extra level of security that Flipkart uses as an multi-factor authorization.
The way Cash on Delivery works is, when a customer selects Cash on Delivery as a payment method, an OTP is sent to the registered phone number in the form of text message. The customer has to enter the pin on the webstore and complete the transaction.
-
1 As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
As a loyal customer of Dunkin Donuts over two years, I personally believe it has a great Order to Cash process because the ordering process is very easy and quick. When you walk in to the Dunkin Donuts location, it has all the food display for the customers to select. A customer can customize the drink such as sugar, cream, and flavor. When the customer finishes the order and then the cashier repeats and confirms the payment amount. He or she can choose the method to pay such as cash, cards, coupons or DD credits. A receipt of the order will be printed for the customers with the order details. The order will be processed based on the order details and hand the ordered items to the customer according to the order number. The whole process of OTC may take up to 3 – 5 minutes depending on the line.
Recently, Dunkin Donuts introduced a new ordering feature, order on-the-go which enables customers to place the order by using their smartphones. The OTC process is much simplified compared to the OTC process above.
1. Select a location
2. Select food
3. Customize
4. Order
5. Pick up and skip the long line -
As customers, we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
I found a great definition of OTC in amalto’s website. “Order to Cash is an essential business process that can either boost your bottom line when managed efficiently or leave you in the dust of your competition. It determines how quickly your business is paid for the products or services you sell and directly impacts your relationship with customers.” One company I think that has a great OTC process meeting the definition above is Foot Locker in which I recently had a great experience. A couple weeks ago I went to Food Locker to see any shoes if I liked to purchase. And I found the shoes that I wanted to buy. I asked the clerk if they had the shoes in my foot size. He went back to check it and came out to tell me they currently didn’t have a stock in their store. But he offered if I wanted to order it through their online store while I was in the store. He said I could just pay the amount at the cashier and the shoes would be delivered to my house. After couple days I received my shoes.
I really liked what Foot Locker offered to me, and I thought it was such a smart way to run the store. The reason is that they don’t have to carry all their inventory in each physical store. Each store can carry minimum inventories in the store and if they are out of stock for a specific item when customers ask it for buying. Then they can simply lead the customers to order it through online. (I understand the reason why some people go to the physical store is to buy the products at the day they go there, but like shoes? I don’t mind waiting a couple days to wear them.)
Finally, the whole process was very smooth and flawless. Without punching every my credit card number on their website, I could just slide my card at the cashier and tell the cashier the address where I wanted my shoes to be delivered. I think it was a pleasure experience.
-
Sean,
I also like Paypal’s smooth streamline of its process. My first experience of using Paypal was years ago when I was in Korea. I think Paypal was the first platform that I used for my online payment. However, I still recalled it was very simple to use, and every step was straightforward. As you mentioned, I also believe Paypal is one of very secure online transaction payments.
-
Binu,
In between quotation and provision of goods processes, I think there lies a process of Credit Management, which is also vulnerable to theft. Credit Management is ensuring customer is credit worthy and credit can be extended to the customer. The credit approval process must be multilayered, so that no one personnel should be able to perform credit approval duties.
-
I meant fraud* and not theft.
-
Mansi,
I strongly agree that understanding of life-cycle of a sales process is something a person responsible for O2C must know. In addition to the goals that you mentioned I think the person should also be focused on achieving wide goals by improving process to bring best possible business solutions for the company.
-
Binu,
Thank you for your post. However, for some companies who use SAP, quotation or order entry is not really vulnerable to fraud or theft. In fact, the system won’t let you enter the same information twice (PO number) . It will give you an error, which reduces the risk of double entry.
-
I agree Said. That would mean they are taking precautions to mitigate that risk. If these application where not in place that would impose great risks right. So on a broader perspective, I still believe it is a risk which is fairly of concern.
-
-
What key (1-2) competencies does the person responsible in a company for the Order to Cash (OTC) need to have? Why?
As we know, the Order to Cash process involves a customer ordering a product or service to begin with, and ending with the seller receiving the payment. When I think of the Order to Cash process, the two underlying processes that come to my mind are documenting/recording items such as orders and invoices with the other process fulfilling the order. With that being said, I think the two main competencies a person responsible for the OTC process must have are good communication skills and have technical knowledge in accounting information systems. The reasons why I say a person responsible for OTC should have those two competencies, is because that individual has to work with a wide range of employees throughout the process. To just think of a few, some groups of employees that this individual will need to communicate with are accountants, salespersons, warehouse workers, transportation workers, and probably a couple of more. Therefore, you need to be able to communicate to different individuals throughout the process. Similarly, I think being technical in accounting or information systems or both is beneficial since the OTC involves many different areas. If you are responsible for the OTC process throughout a company, then you should be able to understand the systems involved and how an order results to a payment within an ERP or other information system.
-
Who in a company should be responsible for the controls of that company’s Order to Cash (OTC) Process? Why?
I would say the two individuals responsible for the controls of the company’s Order to Cash would be the CFO and the COO. In my mind, the two major elements of the Order to Cash process is the accounting of the orders and the fulfillment of the orders. Therefore, I believe the CFO (Chief Financial Officer) should be responsible for implementing controls revolved around the company’s accounting in the Order to Cash process. Since they are responsible for producing the financial statements and signing off on them, I would believe that the CFO would have an integral part in the design and implementation of the accounting controls. With that being said, for the fulfilling of the orders, I would say the COO (Chief Operating Officer) would be responsible. Since their role is to management the day to day operation of the organization, I feel the COO would have a large responsibility of controls around fulfilling the orders which consists of packaging, transportation, and sales.
-
Paul,
Great assessment on responsibility for the controls of that company’s Order to Cash process. I also agree with you that COO and CFO are two main characters that have significant responsibility for company’s Order to Cash process. I really believe both COO and CFO are equally contributing to OTC process because if either one of them is not taking good care of or overseeing the OTC process, it just cannot be fulfilled. There are a lot of financial payments or possible refunds involved in OTC processes; therefore, CFO should be heavily included in all the transactions. At the same time, COO should oversee every transaction movement of ordering, packaging, transportation/delivering and sales.
-
Great point Paul, I agree both are equally responsible for the OTC process since one controls the financial side and the other the operation. The Operating officer must ensure that the whole order process flows smoothly and is user friendly for customers. The day to day operations to get the order in, process, packing, and shipped is in their hands. They must make sure all those processes are in order so that the customer can received their item on time. The financial officer must verify the payment process to make sure the company is getting paid. They must verify that they are not over spending and that they are making a profit from the sale. Both are responsible for getting the customer their order.
-
-
As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
One of the company’s that I believe to have a good Order to Cash process is Valve Corporation. Valve is a software and video game developer that created a video game client called Steam. Essentially this software client/application, which is made available to PC users, can be downloaded for free from Valve’s website. From the application, you can purchase not only games developed by Valve but from a majority of the developers on the market which houses thousands of games with millions of users. With that being said, Valve has really transformed the Order to Cash process with Steam. Instead of the old method where a game is ordered, comes in the mail or picked up at a store, and uses a disc to play, Steam allows users to download the game over the internet instantaneously. For Valve, there is no packaging or transportation in the Order to Cash Process. Likewise, once a game is purchased, the transaction is instantaneous with the delivery of the good. While this is a different scenario than most Order to Cash situations due to the fact that the good is digital, it does demonstrate how a company has transformed an industry that once required physical goods to going digital, all while improving the Order to Cash process.
-
Nice answer. I’m a fan of valve, too, one thing that impressed me mostly is its Provision of goods or services process, once you purchased one game, it will be automatically recorded in your account, if you replace your computer or device, just log on your steam account and re-download it with no charge.
-
Hi Ming,
Definitely became a big fan of Valve/Steam when I switched over to playing on a PC. You bring up a good point though about how a game is permanently recorded to your account. This helps with the Order to Cash process since customers don’t need to worry about their product being “lost” or any claims made about not receiving a product can be quickly handled. With that being said, it’s worth to mention that a tradeoff of offering a digital product on a digital platform is that the need for software developers and technical employees is greater. I can imagine that the Steam platform integrates in some way with Valve’s accounting information systems.
-
-
-
Hi Said,
Couldn’t agree with you more. I think the shipping portion is definitely an area that is susceptible to fraud. However, I just wanted to point out that the Order to Cash process is not just complete when the order is received by the customer, but is complete when the payment for the order is received by the seller. There are some areas of fraud when the money is received as well that affects this process.
-
Paul,
Most of the time the seller take the money from your account when they ship the goods. For example, whenever I order something from Amazon they charge me only when they have shipped the package.
-
Said, I agree with you 100% that the shipping portion is the most vulnerable fraud in the O2C process. This is obviously the area where the person committing the fraud is trying to get the goods purchased by someone else. Without delivery, there is no gain from the actor.
-
-
-
Said,
Really good point. Human errors are the all-time enemy like we’ve been discussing this in previous week questions. The most effective solution to minimize the human error is making every process automated. And we’ve seen more and more automated technology in the phase of delivery these days. For example, Amazon is trying to utilize drones to deliver products to customers. The drones will have an auto-confirmed address or be possibly pre-GPSed as the order has been processed. In this way, human involvements will be much reduced.
-
Hi Abhay,
You bring up a really good point about credit management. In a fraud situation, an individual can raise the credit limit or worthiness on a particular customer in return for compensation or something else. Since sometimes credit worthiness can result in more favorable purchase terms, customers might be willing to bribe or somehow influence a credit manager. This can result in a fraud situation much similar to a kickback scheme when we were discussing the Procure to Pay process. However as you mentioned, multilayered approval process could help mitigate the risk.
-
Hi Abhay and Paul,
You both brought up a very interesting issue about credit management fraud in the OTC process. A good credit score gives people access to credit when they need it or want it at the lowest rates or more favorable terms. I think the credit managers should be as independent as auditors because they are reviewing the customers’ credit and the credit report will be used to determine whether or not to accept the customer.
I agree that the credit score companies should have certain control like multilayered approval to ensure information they gather and distribute is a fair and accurate. Actually, there is a “Fair Credit Reporting Act(FCRA)” passed in the 70s to protect consumers from misinformation being used against them.It offers very specific guidelines on the methods credit reporting agencies use to collect and verify information and outlines reasons that information can be released.
For more information about the FCRA:
-
-
Hi Yu Ming,
I would agree that sellers such as Dunkin Donuts that have the products located at a store will have the best Order to Cash processes. Since the product can be provided to the customer usually within a couple of seconds, it makes for a very secure and easy transaction. With that being said, I think Dunkin Donut’s new ordering application will add a new twist to its OTC process. Despite what seems like to be a very simple transaction, Dunkin Donuts still has to make sure that the orders being placed on the application will be available when picked up. Either that, or all of their orders made on the application will be made fresh. Nonetheless, I think Dunkin Donuts OTC process will still have a very simplified manner in which they receive compensation for its products.
-
Sean, thank you for sharing! Ebay is a very good platform for shopping! It also provides great customer service to its customers. Many large companies, like Bestbuy and Newegg, they also have shops on ebay and also provide same customer services, making shopping online easier and trustful. I use Ebay and Amazon a lot because they provide a safe shopping experience for me. Paypal is a trustful a payment method to customers, and many customers are protected by Paypal.
-
Yulon, I was not aware that BestBuy and Newegg also sold on Ebay. I buy a lot of books online because I am constantly reading, so I had noticed Barnes & Noble sold books on Ebay. That was the only brick and mortar big name seller I had noticed selling on there. Now that you mention those two other companies I wonder if it is actual an ideal distribution method for other retailers to use. Online selling sites like Amazon and Ebay already have a platform up and running with millions of buyers associated daily, and that would give other sellers access to to those buyers through a selling platform that those businesses didn’t have to foot the bill to develop and put into production. With the platform in place too, many functions of the O2C are already being conducted by the selling platform which helps mitigate some of the risk of fraud for those individual companies that choose to sell through those sites. I’m glad you mentioned this because it really got me thinking more about that type of marketing and distribution strategy, and the savings in risk and cost associated with the added reach to all the new customers!
-
-
Agreed! The bad internal controls allow people to perform bad behaviors! The shipping department can easily change the shipping address and make a fraud. I also agree with you that the third party’s system is not matching to the company. In addition, the external control is also necessary. If a customer performs badly, saying he did not receive package from the company, I think the company would probably ship a new one to the customer.
-
Q] Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
A]
Order to Cash process has multiple potential processes vulnerable to fraud. I believe the preparation of sales order is the most vulnerable one. This document collects data from all ends, customer, product, order, delivery. The correctness of this document defines success of the transaction.Multiple things recorded in this document can cause a problem.
1. Customer data must be correct. Address, contact details etc
2. Duplicate customer data can cause inaccurate orders. Duplicate sales order can a problem.
3. Quotation given to customer can be erroneous either incomplete or incorrect
6. The sales document header, product details, delivery time can be missing or wrong.
7. Customer data or product data can be missing
8. There is potential theft in changing price on the receipt. Price change must be authorized
9. Inappropriate discounts can be given
10. Free goods or sample goods can result in loss
11. Unauthorized credit notes can cause theft or loss
12.Deliveries without sales order can lead to fraud -
Great point Fred. The competency to stakeholders success is very important. Attention to detail while performing each activity like checking the sales order, checking the quotation correctness, verifying customer data is important.
-
Yu Ming,
You mentioned about the order on-the-go process and its interesting. Does DD ask you for the time of pick up in the application while you place the order?
The staff at DD also must be simultaneously working on in restaurant customers and they should have the knowledge of which order should get priority. If in their O2C process a time estimate is there would be of great help towards customer satisfaction. -
I agree with you Said. Indeed, the vulnerable portion of shipping and delivery process may cause potential theft and fraud no matter unintentional or intentional. From my experience in the customer service, in the most cases, the reason why customers didn’t get their packages is because they unintentional input the wrong address when they check out, but not intentional fraud.
-
3. Who in a company should be responsible for the controls of that company’s Order to Cash (OTC) Process? Why?
I would believe CFO (Chief Finance Officer) and COO (Chief Operating Officer) should be responsible for the controls for the company’s Order to Cash process. Accounting is a major part of the OTC process in which the billing process, an invoice, accounts receivable, cash received is created and released to financial accounting. I would believe that the CFO should be responsible for participating in designing the OTC process and place controls to ensure the reliability, integrity, availability, confidentiality of the OTC process. The COO is responsible to ensure the operational efficiencies and effectiveness of the OTC process. He or she will place the controls to operating devices/systems, employees and shipping.
-
I would like to add to your point.
OTC needs control of CFO and COO along with end to end process managers and staff in a way:
a.It is important to achieve real-time visibility into operational data across the chain from planning to return
b. Break down operational “silos” and provide visibility into the performance of key metrics
c. Constantly monitor orders flowing through the supply chain and report data, exceptions, and proactive alerts
d. Facilitate analysis by segments such as carrier performance, geography, inventory network integration, etc.
Therefore there is a need of a process control owner at each and every step of OTC in order to perform all the above steps.
-
-
Priya,
You raised a good concern, it is very important to prioritize which kind of order should be taken care of. I personally never used the on-the-go ordering but I think it depends on how DD set up the policies toward its operational structure. I agree with you point that DD can satisfy both different orders of customers if their O2C process works well in terms of estimate of time handing the food items over to its customers.
-
1. As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
Order to cash process includes following steps:
• Customer presence
• Order entry (creation of order/booking of order)
• Order fulfillment (physical & digital fulfillment)
• Distribution
• Invoicing
• Customer payments/collection
• ReceiptOrder-to-cash process includes multiple departments, companies, and back-end enterprise applications. Therefore, in order to have a great OTC process it is important for each department to complete its part of the overall process error-free and transfer correct information across functional boundaries.
I think Domino’s has one of the best Order to Cash process with a 99.6% success rate of 30-minute pizza delivery. There Order to cash process is as follows:
Customer presence: Order is placed online or in store
Order entry: Order is flashed on the kitchen screen (Takes 4 minutes for the order to Oven process)
Order fulfillment: Pizza maker looks at the order and gets the job done
• Takes 6 minutes to bake the pizza
• Takes 5 minutes to cut and packDistribution: They have 8-minute delivery time
Customer Payment/collection: Either online or cash on delivery
Receipt: System generates the receipt which is send to the customer along with the pizza.
There is a buffer time of 7 minutes to perform task such as payment collection, traffic, rain etc.
-
Great explanation Priya. I would like to add an example to it.
Lets take the example of GBI. In order to assemble a cycle, we would need to take order of various required to make a cycle. Now if there is an error in sales order preparation in a way that it misses some parts of a cycle, it can ultimately lead to delay in assembling and hence would be a loss to business.
Therefore it is very important to secure this step from any kind such kind of issues. -
Very well quoted Binu.
Quotation or order entry is most vulnerable to human errors or frauds.
For this reason companies are using IT systems like Point of Sale so that such issues can be avoided.
Point of Sale system can help in:
A. POS Software features help you track return statistics.
B. POS software features enable you to print digital receipts.
C. POS software offers check fraud protection.
D. POS software features allow you to track customer purchases, and returns, whether you have one store or twenty.
E. Tracking returns by receipt and customer is the best way to thwart fraud. -
As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
I think that must be Jingdong, one of the biggest online shopping malls in China. What impresses me mostly can be list as follows:
Multiple payment methods: on delivery; online; remittance; installment (this is in connection with your credit)
Logistics speed: based on my six years’ experiences, I could receive most of my orders within 24 hours, hardly later than 48 hours.
Delivery fees: if you can’t meet free shipment requirement and don’t want to pay the fee, you may choose pick-up by customer, just 5 minutes away from my dorm. -
2 Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
I would see the most vulnerable to theft, fraud or failure is in the quotation or order entry process as it is the beginning of the whole OTC process and it affects the rest of the OTC process. Wrong prices, quantities, wrong customer information can be entered into the system because of human errors, fraud, or miscommunication between both parties. Fraud like bribery and kickback program is also a big vulnerability in the beginning of OTC because customers always want favorable terms.
With that being that, I think this vulnerability can be mitigated by segregation of duties where one personnel provide the sales quotes for customers and another personnel is responsible for accepting the quotes and documenting the sales order.
-
Hi Mansi,
Good points! Having the competencies in accounting knowledge and sales & distribution knowledge is a must because he or she is responsible to oversee the whole OTC process. Like the benefit Sean brought up, having the solid knowledge of accounting and sales process enables the OTC manager to identify risks associated with OTC process. I would like to add to your point that having the solid knowledge also enables the OTC manager to determine the needs of the companies and customers.
-
I think double check is also a good method for mitigating the vulnerabilities, after finishing each step. a confirmation page will be created, the customers or personnel could confirm whether the information and data is correct.
-
Nice point Ming. Double check verification can mitigate human errors. Also there can also be another person to verify the correctness of the data or by setting constraint checks we can reduce lot of human error.
-
-
Nice post Yulun,
I am also a big fan of Amazon and I think the transparency of the Order to Pay process protects the customers when they are shopping in the amazon website. Customers clearly know what they are buying, the rating of the products, who they are purchasing from, how to pay, shipping methods and delivery date. And they have a strong customer service team backing up the customers which indicates making purchases can be fast, secured and comfortable for customers.
-
What key (1-2) competencies does the person responsible in a company for the Order to Cash (OTC) need to have? Why?
I believe the key competency would be the technical skills and knowledge in accounting since the order to cash process will play an important role in involving with revenue recognition, invoicing and cash received. Without accounting knowledge, it is difficult to assess the risks such as inherent risks, fraud risk and place the right controls to mitigate the risks. Having good knowledge of accounting is absolutely essential for this specialized role.
-
In addition to accounting knowledge, he should also be technically well versed and know the business and its goals well. He should be able to analyze the risks and suggests way to mitigate it. He/she should have complete understanding of the process and should be quick decision maker when issues pop up.
-
-
As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
I believe Amazon has the greatest OTC Process. As a prime member, I order from Amazon very frequent, probably more than I should. I think amazon has one of the easiest navigable site, literally just a click of the button. My favorite aspect is most definitely the two day shipping. However, that isn’t a huge step in the OTC Process.
When considering ERP system flow, there are 8 steps in the OTC Process:
1. The customer presence on the site
2. The selection of the order item
3. Order fulfilment
4. Distribution from factory
– Amazon verifies the payments of order:
– Payment verification: Amazon changes the order status, contacts customer of the orders status as well notify the customer regarding their est. delivery date
5. Invoicing, the creation of the receipt
6. Customer payment
7. Cash application
8. Deduction of invoiceThis process sounds much more complex than what it is on via Amazon website. Amazon is able to make this process quick and painless and that’s why I will continue to be a loyal customer.
-
Q1. As customers we experience various companies’ order to cash process (OTC) whenever we busy something. Which company do you believe has a ‘great’ OTC process? Why?
An OTC process that I recently observed and appreciated was with Starbucks, within their mobile application specifically. Once you create an account, you can store card information there, meaning you do not have to input it every time you want to order.
You can order your food/drink of choice, select the location you want to pick it up from, and then pay, all within the application. The Starbucks location you chose will have a receipt of your order printed, so they can fill it while you’re on your way. Then, once you get the location, you do not have to wait in line and can just pick your drink up from the counter and go. This is incredibly convenient, especially first thing in the morning when the line is out the door. The app also includes a history tab, so you can see all your past transactions.
-
Q2. Which portion of the OTC process do they see as the most vulnerable to theft, fraud, or failure of some kind? Explain.
I believe the order entry portion within the OTC process is one of the steps most vulnerable to theft, fraud, or other failure. First there is the risk of human error, which is not intentional, but can still cause problems for the organization by messing up orders. There can also be intentional fraud, such as a sales team adjusting terms for customers without permission in order to boost sales.
-
Q3. Who in a company should be responsible for the controls of that company’s OTC process? Why?
The Chief Operating Officer and Chief Financial Officer are the individuals that should be responsible for the controls of the OTC process. The COO would be responsible for the controls within the non-accounting portion of the process, such as packing and transport. The CFO would oversee the controls of the accounting portion of the process, including goods issue and invoice creation.
-
Annamarie Filippone – I see what you mean about upper management being responsible, I don’t know if that is what it looks like at every business. Do you think upper level management really plays a role in the OTC process? I feel like more times than not, they delegate that sort of stuff to the middle line management. Honestly, I think everyone should be held accountable. There are so many moving parts in the OTC process, and everyone involved shoule be held accountable.
-
-
Q4. What key (1-2) competencies do the person responsible in a company for the OTC need to have? Why?
I think an important competency for the person responsible for the OTC process is technical skill and understanding of the system that is utilized for this process. OTC has many steps, each with its own set of requirements and risks. By understanding how the systems operate for each step, the responsible party can better understand potential threats, as well as remediate issues as they occur.
-
Annamarie, I totally agree with you. The person who is responsible in a company for the OTC should have technical skills and background of the OTC process. Without knowing what occurs within each step, it is very difficult for he/she to determine what are the potential threats and what actions should take in place to minimize or resolve the threats.
-
-
I actually really like PayPal too. Took me a while to appreciate it and only really used it for Ebay purchases until the past couple years. For one, it’s definitely more convenient than having to reenter a credit if there is a PayPal link on the site. And it does seem to be one of the more secure platforms from what I’ve read. They do have good controls in place when buying something on Ebay. For newer sellers, there’s a waiting period from when the payment is sent and is received by the seller. That way there is adequate time for the item to ship and any problems to be reported. Definitely would make it more difficult for a seller to commit fraud. But still, not perfect.
-
Deepali,
In addition to what you mentioned, I think ship-to-address and bill-to-address are also very important. I have had incidents in the past, when the item was shipped on to bill-to-address.
-
Definitely agree that this part of the process is very susceptible to fraud, and Wells Fargo is a great example. I would be interested to see more information about the internal controls that were used. Clearly the employees felt pressure, and many employees independently exploited the same gap in internal controls. The accounts were most likely dormant since the customers were unaware, and also likely were multiple of these accounts linked to these employees. Shouldn’t have been so easy for employees to create so many accounts without customer permission, and more importantly it’s evident that Wells Fargo did not have controls, both preventative and detective. Seemed to be no effort to review these accounts after the issue first became apparent a few years ago.
-
Great current example! I’m not sure just yet that there were no controls though. There could very well have been controls at Wells Fargo, but the failure point might have been separation of duties. There may have been controls in place that were handled by colleagues, as a “second set of eyes” to look at the record, or the controls may have been handled by the employees’ direct line supervisors who more than likely were benefiting from the fraud themselves so they overlooked what was happening. I think the real lesson with this scandal is that more thought has to go into whether or not to incentive sales targets as opposed to other measures like KPI’s, who benefits from the incentive, and how to properly incentivize employees to mitigate the pressure to commit fraud.
-
-
I mentioned their app in my first post. Great example of OTC process. Extremely easy to order and pay before every setting foot in the door. Also significantly reduces the wait time, sometimes I’ve gotten there and it’s ready, which couldn’t be more convenient.
-
Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind?
I believe the order fulfillment step in the OTC process is the most vulnerable to theft, fraud or failure. Inherently, there is the risk of human error, which at most times is not intentional whatsoever; however, it causes huge problems for business. Many wholesalers still use the manual data entry processes, which significantly increase the chances of human error while also slowing down their order-to-cash (OTC) processes and putting customer payment data at risk. By integrating with automated inventory management solutions, all of these issues can be dramatically reduced.
-
Who in a company should be responsible for the controls of that company’s Order to Cash (OTC) Process? Why?
I believe that there are two individuals that are responsible for the controls of a company’s OTC Process: the Chief Financial Officer (CFO) and the Chief Operating Officer (COO). The CFO’s role in the OTC process is to provide the accounting basis behind the process by implementing controls specifically tailored to the company’s accounting. As for the COO’s role is to make sure the order fulfillment process is fulfilled as well as provide transparency. Both the CFO and the COO have huge stakes in the OTC Process; they are both in charge of the financial statements and with that being said, they are responsible for the controls of the company’s OTC process just in different realms of the process.
-
Great example Said.
Here are a few other examples of frauds that could occur within the shipping process:
Manipulation of financial statements, commercial bribery and cash skimming. More specifically, the shipping and ports industry are susceptible to:
-Cargo theft and misappropriation of assets
-Revenue leakage
-Unsupported payments
-Falsifications of shipping and customs papersExecutives can reduce the risk of serious fraud by promotion honesty and high ethics, implementing a code of conduct reinforced by a whistle blowing system and evaluating and improving anti-fraud processes and control activities.
-
Question: Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
In my point of view, the shipping process is the most vulnerable to theft, fraud or failure. First of all, in most cases, shipping process involved a third party to ship the order, which means the contractors also have the accessible authority to access in the system. Under this situation, the safety of customers’ personal identify information and order information may be stolen by data leak.
Besides the potential risks of information assets, the physical products may be stolen or unintentional loss during the shipping process. Moreover, because in many cases, the contractors are usually allowed to access to the system and update the delivery information, this have risk in potential fraud since the contractors have authority to change the shipping information. Therefore, the effectiveness of detective control is very important in this situation.
-
1. As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
I believe Amazon has the best OTC process. I am a frequent user of Amazon and always trust their whole delivery process. First off, when looking for an item I need, I would just simply pick out the item I want and put it in my cart and click the save for later. I would then check it daily and wait for the price to drop and once it does, I would purchase it. The fact that they offer this is pretty great and they also offer the buy the product new or used, so you can buy or sell products through Amazon.
Now for the delivery process. I am a student so I sign up for Amazon prime and can get items that are eligible for 2 days delivery. With that items are expected to arrive to customers within 2days once they place their order. Also when placing an order, if you made a mistake or simply decide you do not want the order, you can go to your account settings and into orders and just simply cancel the order you had place by just going to one of the options listed for cancellation. It’s simple and easy for users. In that order settings also, you are able to view the status of your order and track it. That way you know where your items are at all times. If a problem should arise, then you would get an email notification with the details and how to proceed.
For the payment process, Amazon gives you the ability to add as many cards as possible, from Debits and credits. You can add it and Amazon will save the card information for future orders. It is safe and secure and if you see any orders that you did not place on your account. You are able to contact Amazon to let them know and they can nullified the order. With these easy convenience and user friendly navigation, I would say this is why I think Amazon has a great OTC process.
-
2. Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or
failure of some kind? Explain.I would say the payment process is the most vulnerable to theft, fraud or failure. Thieves can steal customer credit card information and place orders online through them. With that there are no measures in place to cancel the order unless the customer finds out before hand about it. If they don’t then the thief can just simply place the order, wait for it to get delivered to whatever address they put and then pick the item up and the victim would never know until they look at their credit card statement. Sites do ask for billing address now so that can help protect users but if the thief has that information along with the card info then that is an issue. Not being able to verify if it is the real customer/user making the order is the biggest issue. So with that I would say payment is the most vulnerable in my opinion.
-
Agreed Fred, the stakeholders needs are the most important and the company must satisfy that need in order to retain and get more customers. If the OTC process is not good and customers do not received their product on time or received the wrong item then they would not want to do future business with the company. Making sure the process is correct and an easy flow would keep things in order and make everyone happy. Making sure everyone in the process is satisfied will keep the process going and run more smoothly. Everything has to flow correctly and putting the needs of the stakeholders first will ensure the business is on the right path and will continue to grow like you said.
-
Good example Annamarie, I have to give this Starbucks app a try. I like how you explained how easy it is to make an order, pay for it, and then just pick it up from the counter without having to wait in line. It is so convenient and the fact that you do not have to re-do the payment information is super helpful. It sounds like its secure and user friendly so that’s a plus.
-
I think Best buy has a great OTC process, according to my recent purchase of a laptop. When I chose the laptop model, I asked the sale representative whether the laptop is available today. And the sale checked their inventory system and told me there is no inventory in this location, so I order one and the laptop will ship to my address in two days. Two days later, I received the laptop, and it was charged as the list price. The process is smooth.
-
Absolutely, I agree with you. The shipping process has higher risk for the serious fraud. From my personal experience, I did not receive my product or I receive others products. I believe log management and analysis can track such delivery problems.
-
Well said. I was not really sure about this answer. But after reading this post it gave me a little better insight. I guess CIO is responsible for any controls in a organization. Order to cask should be a joint operation by CFO, CIO and COO.
-
Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
I think delivery process is the most vulnerable. I think there is so many threats exploiting the vulnerability of delivery process. For example, if you live in a house, there is no one to receive the package when you and your family go out for work, sometimes the UPS staff will just drop the package in front of your door. There is some many intentional or intentionally threats to cause the loss of your package, like the wind blow away the package, or the theft intentionally take the package away.
-
I agree with you that delivery process is vulnerable. I think a company with good OTC process should enhance their distribution process. Perhaps, when delivery to the customers make sure the package is delivered in person. The company should note the shipping carriers do not leave the package unattended, also the company should make sure that the customers signed when they received the package. I have seen people call the customer services to request another order to be send because they” claimed” they didn’t receive the order. Once the company has the delivery signature on hand, they can use that as an evidence that the order was successfully delivered.
-
Jianhui Chen – You make a very good point. I would of probably though of miskeyed information of the order. I guess because that is very common. In all reality theft is actually just as common when it comes to the OTC process. The examples you made are very valid, and I am sure each of our very own class mates have experienced one them. I know, I have had a package taken off my porch before. Amazon, was really good about it and asked if I wanted a refund or another product.
-
-
I strongly agree with you, The quotation and order entry are most vulnerable. The company can use the SAP software to mitigate the risk ,and the company also can use the Point of Sale system to mitigate the risk.
-
I want to add that caused by couriers, sometimes, they carelessly put the physical products in front of doors, which may easily be stolen, lost, damaged, and reported to company that the orders safely delivered. I actually experienced it that when Amazon informed me “delivered”, I found my package two days later in a garbage can.
-
Thanks for adding your experience. You are right, put the package in front of the door has potential risk that the package might be stolen. Actually, I was thinking that if this scenario literally occurred, who should take the responsibility of losing the package? Because the customer choose this type of delivery, they should have basic knowledge that it’s not the most save method to ship, so do you think the customers should also take part of the responsibility of their own choice?
-
This is a good question. I think what company such as Amazon should do is enhance their distribution process. They should have a contract with the shipping carrier to make sure the delivery person don’t leave the package unattended. In addition, they should make sure the customer signed when they received the package. In Ming Hu’s case, I think the shipping carrier should take the responsibility of losing the package because they should not leave the package unattended. I think it’s ridiculous that the delivery person put the package in the garbage can, what he/she should have done is at least add a delivery note saying where he/she left the package at.
-
Exactly, you mentioned the contract between the outsourcer and contractor. Signing a contract to identify and clarify the responsibility is an appropriate way to solve this issue. In fact, I never choose “in front of the door” option to deliver the valuable packages, because I know that it may loss. However, if it’s a common package, then I may choose this option since it’s more convenient. Therefore, whether to choose delivery in front of the door is really depends on the specific situation.
-
-
-
-
I had an experience once when I was trying to pay online the website redirected me to another page. Thankfully I noticed it showed much higher price than what was the actual cost of the product and then realized that it was a hoax website. So I agree with you that payment process is very vulnerable to fraud. Also certain sites store the credit/debit card details. This also imposes a risk which cannot be neglected.
-
2. What portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
a. As in a typical business model, every single part of the Order of Cash chain could be mistaken by human errors because the process is linked together. However, the fulfillment and distribution processes look extremely vulnerable to failure. The reason is that the order entry is usually secured because customers tend to double check their orders even after the purchase of products. However, at the point of fulfillment, it is extremely easy for workers to mess up since they are constantly under high pressure at long hours of work. Some failure might occur in configuring the order, perhaps there is more than one item in the order. In addition, if a employee fail to update the inventory there might be an issue as well. From my personally experience, last week I was purchasing clothes online from one of the retailer store. After I purchased the order, the website still showing the item was in stock. However, two days later, I received an email saying that the item I purchased was out of stock. From a customer’s perspective, I was dissatisfied because I spend time to order the item and I was not able to receive it. Similarly, distribution seems equally vulnerable because of the possibilities of creating human errors such as shipping to the wrong address, made wrong determination of which carrier to use for shipment might delaying the time of customer receiving the order. Furthermore, theft also occurred in fulfillment distribution process. There is possibility that employees take the item and “pretend” it was packaged into the order. -
What key (1-2) competencies does the person responsible in a company for the Order to Cash (OTC) need to have? Why?
The persom responsible for th Order to Cash (OTC) process in a company needs to posses two major skills:
– Order entry (creation of order/booking of order)
– Order fullfillment ( physically & digital fullfillment)
All while making sure orders are created and booked accurately. There are valubale skills that are key when it comes to the OTC process. -
Vu Do – This is an issue that theives are perfecting everyday. What are some ways you think consumers can protect themselves, and retailers/vendors protect their customers? Many people are still oblivious to this growing issue in the consumer world.
-
My personal favorite O2C process is used by Wawa when ordering a sandwich. It is very convenient and eliminates the potential of error when entering the initial order since the customer is responsible for inputting the ingredients for the sandwich they are ordering. It also helps streamline the process by giving the order fulfillment employees (the sandwich makers) start the process of completing the order while you continue to shop for additional items you may want with your sandwich like a drink or bag of chips. Also, the system allows for real-time inventory so if they run out of a specific ingredient for your sandwich they just remove it form the ordering application. Once the order is paid for you have to take the slip that is printed out once your sandwich request is entered which is then stamped as paid with a custom stamp which must be collected by the employees making the sandwich before giving it to the consumer. Overall I think it is a very efficient process and gives the consumer a great deal of control while not sacrificing but rather enhancing the order fulfillment process. This is one of the primary reasons that Wawa has such a strong and loyal customer base.
-
4. What key (1-2) competencies does the person responsible in a company for the Order to Cash need to have? Why?
1. Technical skill is a must for the person who is responsible in a company for the OTC process. This person needs to have an understanding of how the OTC operates including what occurs in each parts of the process. Without having the knowledge of how OTC process operates, it is difficult for this responsible person to make determination of possible vulnerable part of the OTC chain. In addition, he or she is not able to take actions in resolving the potential threats.
2. The ability to lead and communicate effectively is another important competency. A Successful leaders need more than technical prowess, soft skills such as conflict resolution, change management and strategic thinking are very important for sustaining organizational and personal growth. -
3. Who in a company should be responsible for the controls of that company’s order to cash process? Why?
I believe that the Chief Executive Officer should be responsible in terms of establishing a well-organized Order of Cash process chain that is properly staffed. The Chief Executive Officer has knowledge of entire company’s operational strategy as well as financial stability. He should be knowledgeable to create proper opportunities to improve OTC process of the company, such as to digitize order entry, fulfillment, and monitor OTC performances.
-
1. As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why? Amazon. You are required to login, find your product, place your order, pick a payment process, a shipping address and billing address and the delivery date. The order is in process with amazon and them completed once payment is confirmed, they also track your order status for you and ensure delivery on the actual date you picked. I am extremely pleased with amazon as I can research my products, find ratings and similar products. It is also a secure and easy transaction that occurs, also if you need to make modifications or return your order they make it that easy.
2. Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain. The most vulnerable to theft can be the credit card process. The credit card be miss-used as the shipping address not have to match the billing. Someone an amazon’s end can steal your information. Amazons system could get hacked and a thief can get a hold of your credit cards saved and used in transactions.
3. Who in a company should be responsible for the controls of that company’s Order to Cash (OTC) Process? Why? The CIO or equivalent should be responsible as polices are implemented from the top down. There can also be someone who directly manages the process and they would also be enforcing policies very strictly that are decided on.
4. What key (1-2) competencies does the person responsible in a company for the Order to Cash (OTC) need to have? Why?
The person should have previous CRM experience since they are managing customer orders along with other computer program knowledge.
The person should also have strong leadership, interpersonal and communication skills so they can enforce policies and connect with their employees and customers at an efficient and professional level. This will also help the person when dealing in high pressure environments for example in a call with an angry customer whose order was incorrect. -
1. As customers, we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
a. I believe a company with great OTC process should be properly staffed at every single department including order entry, fulfillment, distribution, even customer services. I agree with many of you that Amazon has a great OTC process. I have been using Amazon for purchasing in many years, I have so many positive experiences with Amazon whether in ordering, shipping, making returns, or even customer services. Everytime I ordered from Amazon, I am able to receive my order in two days because I am an prime member. Amazon is very convenient to use because you are able to track you order status online. In term of payments, you have so many options to choose from Visa, Master card, discover, etc. It is pretty secure because every time I use a different device to purchase item it will ask me to verify the credit card information. In addition, amazon has a very simple return process. You are able to log in your account choose the options either UPS pick up from your location or you drop off. Moreover, Amazon has a very good customer service, you are able to get problem resolved very quickly.
-
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
Great discussion this week. You raised all the important points but let me share my thoughts.
Q1: ‘Assertions’ are important to who? You shared many good scenarios and examples. In my view, assertions are im […]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
In class this week you noticed some discrepancies in the Exercise 1 Guide vs. the submission sheet. I just updated (on the Assignments -> Exercise 1 page) the guide to clarify a few questions and assure the q […]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
In class we discussed several dimensions of Management Assertions. Which do you believe is the most im […]-
2.In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Management Assertion are the statement or fact that the management claim. Management Assertion dimensions is a measure to check the validity.
Dimensions of Management Assertions:
• Occurrence
• Existence
• Timing
• Completeness
• Accuracy
• Valuation
• Rights(Ownership)
• Summarisation/ Presentation
• ClassificationThe most important is Completeness as it means that all transactions are included as and when it occurs. Because it covers the other dimension to a large extend. If all transactions are recorded properly in time then accuracy is maintained, timings, and occurance are in check, it provides proof to existence of the asset, liability or equity, value of the property can also be determined
-
1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Assertions are important to a business’s creditors and investors. Both groups rely on assertions provided by the business about its fiscal health and state in order to acquire lines of credit to conduct business. If a creditor or investor loans money to a business on the basis of false assertions then either group is potentially at a significant risk of losing their investment. That loss of investment could further impact the business of those who extended the credit/loans themselves. This ties back into the previous discussion of some of the intentions of Sarbanes-Oxley to reinforce trust in both investors and creditors in publicly traded companies.
-
I definitely agree with you Sean. I’d even add that assertions are also important to investors, since most of the financial metric used to evaluate a company’s stock is computed using figures from the company’s financial statements. If the figures are inaccurate, that would obviously result in misleading financial metrics, such as earnings per share (EPS), which both analysts and investors commonly use to evaluate stocks
-
I agree. We definitely saw what happens to investors when false assertions are made with Enron and Worldcom. We still see it today too, but not on as grand of a scale. “Financial engineering” and stock manipulation definitely take place through corporate financial reporting tactics, and many of them never come to light because once a few good quarters return enough profitability the business is able to “fix” the changes quietly.
-
I also think that Assertions are important to investors, suppliers, bank, customers, oversight bodies, share holders and also to stock market. Because people buy shares or invest in the company based on the company’s financial position and performance.
-
I think that it is. Assertions are important to those people, groups or organizations who need these assertions to make decisions, take actions. As you said, investors decide whether to invest in, bank decide whether to loan to, suppliers decide whether to collaborate with, etc, all based on assertions.
-
-
-
Rightly said, assertions are important to investors. Investors must have right to correct and accurate data about the financials of the company. The investor has interest in growth and management of the organization he has invested in. Also the assertions give him clear picture of how his investments have been used.
I also believe they are important to auditors and management.
Auditors get a clear idea of what the company is stating and assertions gives the start point of the audit. If the auditor is unable to obtain a letter containing management assertions from the senior management of a client, the auditor is unlikely to proceed with audit activities. One reason for not proceeding with an audit is that the inability to obtain a management assertions letter could be an indicator that management has engaged in fraud in producing the financial statements.
For management, assertions are a planning tool. Lets not consider all companies want to engage in fraud. Assertions can be used to summarize the financials to plan better fro next year. It also could be used as a marketing tool to attract more investors.
-
-
Itotally agree with your opinion Sean. Assertions are very important to creditors and investors in the business. I think a clear and accurate management assertion can really help creditors and investors better understand the industry in real. Moreover, I believe that the assertions are also important to the auditors. For example, if the management assertions are related to the cut-off of transactions, then the auditor should ensure the transactions have been recognized in the correct accounting periods.
-
Agreed Sean, Assertions are important to investors and business creditors. Providing assertions will show the creditors if the business is doing good or not so they can decide to provide loans or a line of credit like you said. Investors also rely on it to decide whether to invest or not. No one wants to invest in a business that is going downhill so they depend on the assertions to make their decision. Sarbanes-Oxley like you mention reinforces the rules of providing truthful assertions to the public. It is very important to have good informed information and not falsify documents. No one wants to be mislead.
-
Sean, you’ve rightly said that besides Accountants, assertions are important to business creditors and investors. I’d like to add that assertions would be important to even government bodies like the IRS. I’m not sure how common or feasible it is to evade paying tax, by reporting lower sales or huge business losses to IRS. If there is a discrepancy in the tax report and assertions, it could either signal some kind of fraud being committed – either tax fraud or deceptive marketing practices.
-
-
Q4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
The Procure to Pay process is a means to obtain or manage raw materials in manufacturing products or providing a service. The nature of the Procure to Pay process is fairly complicating and should be a seamless process from point of order to payment. Technology can help the process be automated by introducing efficiency controls. (Source: http://searchfinancialapplications.techtarget.com/definition/procure-to-pay-P2P)
In general, the Procure to Pay processes are as follows:
1. Determination of requirements
2. Source determination
3. Vendor selection
4. PO processing
5. PO monitoring
6. Goods Receipt
7. Invoice Verification
8. Payment processingThe portions I see as the most vulnerable to failure are ‘Determination of requirements,’ ‘Source determination,’ and ‘Vendor selection.’ The reason I choose them as vulnerabilities of the process is because all other steps except them are quite depending on technology to some extent, but for Determination of requirement, Source determination and Vendor selection, they usually requires human powers to complete the tasks. For example, determining wrong requirements or source can lead to selecting wrong vendors, which will destroy the whole Procure to Pay process at the beginning. And some people who are just up to no good can manipulate or falsify the processes which can be resulted in a fraud. I still see some vulnerability in other portions as well; however, human error/manipulation is the all-time enemy.
-
Binu,
Thank you for the post! I agree with you that Completeness is one of the most salient factors of the management assertion dimension. If I can add to your point, I also think of Accuracy as another important factor. As an auditor, he/she would look into whether the data is precise or doubtful. A single inaccurate data found in the end of the audit can more than likely have an auditor to revisit or re-investigate the whole audit process. It is critical to have all data accurate possibly in every portion of the process.
-
Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind?
“P2P involves the transactional flow of data that is sent to a supplier as well as the data that surrounds the fulfillment of the actual order and payment for the product or service”.
That being said I think that the first 3 steps are the most vulnerable to theft, fraud and failure.
In fact, the first step (Determination of requirements) is the key to everything. Let’s say the person responsible to order mess up at the very beginning (ordering the wrong quantity, parts…). In that case the whole process will be a failure. Next, (Source determination and Vendor selection) is where the fraud can happen. It is possible to collude with the suppliers. For example, the purchaser can have an understanding with the supplier to inflate the price of the materials. Ley’s say the company is ordering 10,000 helmets and the person responsible to order finds a supplier willing to provide a helmet at $30. Instead of $30, he/she asks the supplier to charge $32 per helmet for a total of $320,000. After completion of the process, both the purchaser and the supplier will have $20,000 to share.Source: http://searchfinancialapplications.techtarget.com/definition/procure-to-pay-P2P
-
Good point Said. I also think that the good receipt step is also highly “prone” to Fraud because there could be instances where there are receipts for goods that are never been delivered. This type of fraud is not easy and sometimes impossible to detect right away. Take for example a building site. If the concrete is being supplied by a “friendly” supplier, the deliveries are signed for but they are never actually dropped off. The truck leaves the site without dropping off the concrete. The “friendly” supplier gets paid twice for a single delivery. Now it will cost more to build xyz than estimated but the supplier gets more money. Does it make sense?
-
Great post Said. The Ordering process has potential to be fraudulent and can incur loss to the company
1. Unauthorized ordeing can lead to loss
2. Quantity of items to order can be erroneous. Either error can be good are ordered less than estimated or more than estimated
3. Number of goods requested mismatch the number of goods received.
3. Understanding of requirements can go wrong
4. Inaccurate estimates in terms of funds available to order the goods.
5. Time frame can be erroneous. Improper planning , receiving only half the raw materials can become a problem if few materials are perishable.
6. Agreeing to terms unacceptable by tenders
7. Favoritism in selecting vendor
8. Failure to select a good vendor
9. Misunderstanding contract conditions placed by the vendor
10.Variations in tax payment, foreign exchange payment
11 .Loss or damage to goods in transport or in storage -
Great points Said, agreed with all of them. I like the example you gave, the first step determination of requirement definitely is a human error. Because the said employee mess up by ordering the wrong parts, that lead to failure and the company cannot put any safeguard in for human error. The next step determination and vendor selection is where most fraud happens. People get tempted and think they are able to get away with it so they would take advantage of what they can for their own self interest. Companies must beware of this and put measures in place to prevent it. The example you provided with the helmet is something that can cost the company a lot of money in the long run. If the company is not aware of the price changes then there is nothing they can do if this does not get uncover and detected.
-
-
Question 1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Management’s assertions are not only important to accountants, it is also important to auditors and financial statement users. From the auditor standpoint, assertions are important because it is those dimensions of management’s assertions that they need to audit. For example, a financial auditor needs to audit that a company’s inventory exists which refers to the existence dimension. Therefore, the auditor will then perform a physical inventory count to make sure that the inventory recorded on the financial statements actually exists. To issue an opinion, auditors need to know the different dimensions of management’s assertions in order for them to perform their audit.
In addition, financial statement users are another important users of management assertions. Since management assertions are in the form of a company’s financial statements, users of the financial statements rely that these assertions are complete, accurate, and all the other dimensions. These users consist of investors, creditors, customers, government users, and the overall general public which make decisions based off of management’s assertions on a daily basis.
-
Question 3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainI fortunately have not been a victim of fraud and have not had many experiences where I was pressured to commit an act that was morally or legally questionable. However, I do have one experience where I was put into a situation that was legally questionable. I had previously worked at an outpatient medical practice as an aide. This practice was one location of a practice that had more than 30 locations throughout Pennsylvania. To keep the story short, the previous practitioner of the location had continued treating patients after they had been officially discharged. This means that some services that were provided were not being charged. Since the practitioner’s compensation was based on a salary and not the number of patient’s seen, this meant that she was not financially troubled by her actions while the organization she was part of was being hurt. As an aide, it put me into a tough spot since I had set up and assist the practitioner in treating these uncharged patients.
With that being said, I don’t believe the practitioner was pocketing any money or had any financial incentives outside the business to do so. However, I do not know exactly if that was the case or not. Regardless, I was pressured into an act that was 100% illegal. I ended up staying with that practice for another 4 years, however, a new practitioner had been hired relatively soon after starting those illegal practices were stopped.
-
That’s interesting, Paul. When I first started reading your post, I was expecting the practitioner to wrongfully treat patients longer than necessary, thereby eventually charging higher fees and making the “business” more profitable. However this seems to be a complete opposite- the patients were being treated for free after getting discharged . Do you know why the practitioner would commit such fraud if he had no financial gains?
What ulterior motive could there be in this case ?-
Hi Mansi,
I do think the ulterior motive for this case was that the practitioner wanted her patients to receive further treatment to prevent them from getting worse again. While this might be a moral or just cause, it still involved ripping off the company as a whole since their resources were being used without taking in any revenue.
-
-
-
Question 4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
Based on my knowledge and experiences, I would say that the start of the procurement process is the most vulnerable to theft or fraud. As we learned in the reading assignments, fraud can take form in a number of ways. However, fraud essentially boils down to a deceitful act with the purpose to gain from it. With that being said, the exact two steps that I believe are the most vulnerable to fraud are when selecting a vendor and identifying the source of the supplies. One of the most common frauds when involving the procurement process is a “kickback scheme”. This essentially works when an employee has a relationship with a supplier/vendor and use this relationship to their advantage but negatively impacts the company.
For example, an employee of XYZ company might have a brother who owns an office equipment wholesale company. If the employee at XYZ can get his brother as an approved vendor, then the employee might be able to purchase excess products to improve his brother’s business. In return, the employee at XYZ might get money back from him or a very nice holiday gift. While most kickback schemes will vary in some way, by establishing an appropriate vendor list that removes conflicts of interest throughout an organization, one can mitigate the risks of fraud.
-
The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Assertions are also important to auditors because they assist them in considering a wide range of issues that are relevant to the authenticity of financial statements for example.
The consideration of management assertions during the various stages of audit helps to reduce the audit risk. -
3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainI have been a victim of fraud in the past with my credit card being used to purchase items in a different state. I had capital ones Credit card that I only use often since I was in undergrad. I made some purchases online and a month later when I went to check my credit card statement I noticed that it was higher than expected. So I log online and check my statement and seen that there were some purchases made in a different state and on items I did not buy. So I called customer service and told them what happen and they deactivated my account to make sure the thief can’t use my card anymore and sent me home a new card with new numbers and refunded me. So it is important to keep track of your statement to make sure you periodically check it to make sure there are no suspicious activities that you did not authorize.
-
In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
In my opinion, accuracy is the most important because the principal element an auditor reviews is the reliability of the financial statement assertions. The main objective of the work performed by the auditor is that of obtaining reasonable assurance as to whether the financial statements, as a whole, are free from material misstatement, so that the auditor is able to express an opinion on the financial statements and report accordingly in the report.-
Interesting point, Brou. I thought “completeness” was the most important one because what if, for example, significant liabilities were never recorded by an organization.
-
Good point Brou, I can see why you would make accuracy the most important. The information auditors review must be accurate and free from errors or the results you provided would be inaccurate. It would not look good presenting your finish findings to the company and then finding out that information within the report are inaccurate. So it is very important to have information that is accurate since like you said, the auditors responsibilities are to report financial statements that are free from material misstatement.
-
-
Vu, something similar happened to me twice with my debit card. The first time I was in Philly checking my bank account and noticed that my card was used to purchase gas in new jersey. The second time I was travelling from phoenix to Philly before taking off i checked my statement and and the minute I landed I did the same thing, and realized an unusual charge on my statement : someone used my information to pay their rent in Denver while I was on the plane! SMH. The funny thing is that I never lost my debit card. It was with me the whole time.
I eventually went to a banking center and they cancelled my debit card, gave me a temporary one, opened a case and refunded me the money.
I think that frequent online purchases are the causes of these type of frauds. I do not know how, but hackers cant definitely access our credit cards information through online shopping.
Now to be ‘safer” i’d rather use Paypal or a prepaid visa card for online shopping -
3. Have you ever: Been a victim of fraud.
When I separated from the US Navy, I was at the time stationed in Bremerton, Washington. I was moving back to Philadelphia, Pennsylvania, and I owned two trucks at the time. Well, I couldn’t simultaneously drive a moving truck with all of my household goods and both trucks back, so I hired a vehicle shipping company to transport my trucks for me. I was informed that it would take the company two weeks to get my trucks from Washington to Philadelphia. Well, two weeks slowly grew into two months and only one truck had shown up. When I contacted the company there was no response, and I soon received a notice from a vehicle impound in Las Vegas, Nevada that my other truck had been in their custody for over two weeks. So, I had to fly out to Vegas to pay to get my truck out of impound and then drive it back. I ended up getting caught in a blizzard and stuck in St. Robert, Missouri for almost a week. All told when I finally got both trucks to Philadelphia it had cost me close to $10K and I couldn’t really do anything to recover and of the losses.
-
Didn’t you have an insurance?
And sometimes it is better to do research before contracting those vehicle shipping companies because some of them are just a fraud.-
I did have insurance, but my insurance company had a minimum length of time that had to pass in order for the truck to be considered a loss. Also, the police department in Philly was of little help because they informed me that I could not open up a theft case because I paid the business to take the trucks and it was a civil dispute at that point. Frankly, I think the police just didn’t want to be bothered. Being notified immediately of the impound would have saved me quite a bit from getting the truck released and would have more than likely got me through Missouri well before the blizzard came through. I forgot to add in my original post, I am pretty sure that a case in the text book for the Legal class required in Fox Undergrad degrees had the same gentleman sued in the case that I hired to transport the trucks.
-
Hi Sean,
That is a really unfortunate experience. From a standpoint of controlling risks, in hindsight do you think there was anything that you could have done to mitigate the risk of almost losing a truck? Other than insurance and doing research on the company, there isn’t much I can think of that could prevent that fraud from occurring since a lot of trust needs to be put into the moving company to fulfill their duty.
-
There isn’t really much else I could have done. The only other thing I could think of is had the company escrow the value of my vehicles before transport to an account I could empty in the event my vehicles were not delivered. I suppose too that I could have purchased a specialized transport insurance, but specialized insurances are pricey by their very nature and the fact that they are hard to quantify and spread the risk for. At the end of the day they I was grateful I lived in a city and had everything I needed within walking distance which made having no vehicle for a while much easier to cope with, and the fact that vehicles can always be replaced made it easier to deal with too.
-
-
-
-
Sean, thank you for sharing your story. It scared me because I also have a couple friends using auto delivery companies to ship cars from Philadelphia to another city, one was to St. Jose and another one was to Texas. Their cars were totally fine, maybe the company is credible and their cars are not good as yours.
-
I’m glad it worked out successfully for them. Whenever I hear people discussing shipping vehicles I always cringe a little and offer my experience as an incentive for them to properly vet their shipper.
-
-
Sean,
It is my first time hearing of this kind of fraud. It sounds horrible and I couldn’t imagine how frustrated you were. As you mentioned, having an insurance sometimes means nothing depending on which situations you are involved in. Like your case, you couldn’t get much out of your insurance based on the insurance contract you had with your insurance company. At this point, one control I can think of is having a firm, bold contract with the vehicle shipping company. That could make the company accountable for losing your truck or in your case you could’ve used the contract when asking a help for the police. Above all, I was just upset that you had to use your own money to recover all the damage.
-
-
Daniel, you are right, humans are the biggest threat to the procure to pay process. Any steps involving humans actions i risky. In fact, given human nature, it’s impossible to stamp out fraudulent intent. However, organisations can reduce the likelihood of a successful attempt at misappropriation with the right checks and balances in place. Unfortunately, paper-based or manual processes (still used in some P2P functions) are riddled with opportunity for deliberate fraud or simply good old-fashioned human error.
-
Brou,
I agree. Paper-based or manual processes are definitely a factor causing human errors. In my last job at a grocery store, some vendors’ sales representatives were still using a paper order sheet to take an order. Those vendors often made errors with their orders. For example, they didn’t deliver us the items that I ordered or sent us wrong items by human error. Then I had to make a call to make complaints and usually took a week to get right items. As opposed to those paper-based processes, vendors who were using an electronic device to take an order tended not to make mistakes since most of the steps were automated.
-
-
I agree that employees are the threat to the vulnerabilities in an ERP system like SAP. I think that a separation of duties and responsibilities policy can help to alleviate a lot of the opportunity for fraud, and a mandatory vacation policy or job rotation policy can help bring the fraud to light before it gets to a very large size.
-
Great point Sean. Segregation of duties can also help in performing log analysis so that if any fraud occurs it can easily be traced and actions can be taken to overcome it.
-
Sean.
Rightly said. The SoD(Segregation of Duties) is considered to be mandatory implement control in large corporations. This is because the SoD is effective and efficient in mitigating employees’ fraudulent actions. The example of the SoD is that the person handling cash cannot be the same person that records cash amounts in the company’s general ledgers.
-
-
Have you ever had evidence of fraud occurring? Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
I have both had evidence of fraud occurring and been pressured by my boss to commit a fraudulent act. In fact, I witnessed my boss using the company’s credit card to go out on happy hours and have fun. Then, she would pressure me to lie on the expenses report and say that the credit card was used for business purpose with clients.
Obviously as an intern, I was “afraid” to say anything about it and, unfortunately did what i was asked for, knowing that it was wrong. -
It was difficult to “blow the whistle’ knowing that she was your boss and that you were an intern. You will have been seen as the ‘troublemaker”.
-
You are absolutely right. This happens all the time, even if companies say that they have bidding process to chose suppliers. It is really easy to come with a scheme in a company. In fact, if the person responsible for purchasing and one or two persons from the bidding process committee team up, they can do a lot of bad things.
-
Said,
Exactly. This is why from a financial audit standpoint that the procurement process is considered a high risk area which means it’s a big area of focus. From a IT auditor standpoint, we need to test to make sure the procure to pay applications are set up properly to segregate the duties within this process. Likewise, if this area isn’t monitored appropriately then as you said, individuals can do a lot of bad things. The downside is though that it is extremely hard to identify collusion especially from an external auditor standpoint.
-
Great point Paul!
I never thought to think about that aspect in the vendor selection. I decided to further research the kick-back scheme and stubbled upon how to investigate whether or not this is happening in your particular company.
The author explains, that there a number of ways to prevent it and detect it, but I really enjoyed her excerpt explaining audit clauses. She states, “Under such a clause, the company would have a right to look at the accounting records of the vendor to determine whether there was a fraud or misrepresentation”.
-
-
-
In fact, completeness does not mean anything if the data are not accurate. I think that it can be complete if it is not accurate. We must be sure of the accuracy of all data before asserting anything, because a single mistake makes the whole process questionable.
-
Probably. I thought that if all the transactions are being recorded in time then some sort of accuracy would be maintained. Well, as you said it is not necessary because there could be human error or even misrepresentation of data.
-
-
Q1. The concept of “Assertions” is important to accountants. Who else is it important to? Why?
One group that assertions are important to, besides accountants, would be auditors. As we discussed in class, assertions require the existence of controls, which auditors will test. In addition, assertions would be important to any individuals that use an organization’s financial statements, such as investors. This is because these individuals are depending on the accuracy, completeness, etc. of these statements to make decisions that can positively or negatively affect them.
-
Q2. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
It is difficult to label one dimension as the most important, as all must be included in an effective assertion. But if there’s one I must put focus on, I would choose Accuracy. This means that transactions have been recorded with the correct amounts and within the appropriate accounts. If you do not have accuracy, then there is also no true completeness, valuation, summarization, etc., since they would all be based on incorrect information.
-
I agree with you about arguing one assertion as more important than another. I personally feel that completeness and accuracy are both equally paramount. I would consider both of them as important to each other as having two legs is important to walking. I think a person could make an argument for one over the other based upon their personal preference, but like you stated “there is also no true completeness” without accuracy I think could just as easily be flipped and say their is no real accuracy without completeness.
-
I definitely agree that accuracy is the most important of the three if one had to be chosen. Without the accuracy, the other dimensions would most likely not be correct. It is especially difficult to have a correct summary without accuracy because the summary itself would not be correct. It would be difficult to record accurate valuation with inaccurate amounts, and may not faithfully represent the company’s obligation.
-
I agree with you all, many think that completeness is the most important but in my opinion, without accuracy, all other dimensions won’t be valid. It is very important to ensure all the data is accurate because one inaccurate data can result in the auditors issuing wrong opinion.
-
-
-
Q3. Have you ever:
-Been victim of Fraud?
-Had evidence of, suspicions of fraud occurring?
-Been pressured (by an employer) to commit an act that was morally or legally questionable? ExplainLuckily, I have never been the victim of fraud. I try to take actions that reduce the chances of this, such as checking my card statements every month. In addition, I have never been pressured by an employer to commit morally or legally questionable acts. At several of my previous jobs, however, I witnessed fraud from my fellow interns. This fraud came in the form of time theft, in which interns reported a larger number of hours than they actually worked in order to receive greater pay.
-
Q4. Which portion/step of the Procure to Pay process do you see as the most vulnerable to theft, fraud, or failure of some kind? Explain.
I think the beginning portion of the Procure to Pay process (Steps 1-3) is the most vulnerable to fraud or failure, because it is potentially subject to a great deal of human error or collusion. Incorrect requirements determination would cause failure throughout the rest of the process, which is why extra care must be taken here. Source determination and vendor selection are where the opportunities for fraud arise, with employees of an organizing perhaps coordinating with suppliers in order to benefit (typically in the form of kickbacks).
-
You made a good point Annamarie. Requirement determination is most vulnerable to theft. I would like to quote an example from the GBI case study discussed in the class.
If there is an error in the requirement determination for different parts which are needed to make a cycle due to which some parts are missed, it can lead to delay in assembling of the cycle. This can further lead to delay in order completion and may lead to loss.
-
You’re right Annamarie. The steps where humans are involved are the most vulnerable to theft, fraud or error as humans have motives to perform fraud and theft. Even when there is no motive and no deliberate false information entered, humans are more prone to making mistakes – stayed up late the night before, missed having coffee, looming deadline, all these could be root-causes due to which incorrect data has been entered.
-
-
You are very lucky you were refunded the losses to your debit card. Credit card losses are much easier to recover because the laws regarding what the card holder is responsible for in the event of fraud are much more protective than they are for losses incurred from debit card fraud. You have a very limited window of time to “catch” debit card fraud before it automatically becomes the responsibility of the cardholder to bear the loss. That is why using a credit card for your transactions and then paying it off monthly is a safe practice for consumers.
-
Whenever I see things happening like that at a business, or hear about them happening, makes me wonder what else is going on. Also, how much worse could other things be that might be taking place too. I think a lot of behavior like your example is just the “tip of the iceberg” in a sense. That behavior, and exposing you to it as both an intern and a subordinate, could begin to create a workplace culture that could facilitate worse behavior elsewhere over time.
-
Hi Sean,
Good point that you brought up about these actions being the tip of the iceberg. We talk a lot in our classes about the “tone at the top” and this could be an example where employees don’t respect the policies put in place. If they are willing to share that exploitation with an intern, what else are they doing that they wouldn’t dare to share with an intern? Unfortunately, I think the herd mentality applies to expense fraud like this. What I mean is that if an employee sees that everyone is taking advantage of the system and committing fraud, then why shouldn’t they do it as well.
-
-
Daniel,
I strongly agree with your point. There are various ways to describe one matter, which can be misunderstood and quickly snowball the process into a huge mess. Human error is inevitable and thus if occurs in the first step, can lead to problems in the research phase, which can lead to a wrong vendor selection in the next phase.
-
1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Assertions are important to accountants, and they are also playing important roles to auditors and business investors. For auditors, they need to obtain a letter containing management assertions from the senior management of a client; otherwise, the auditors cannot proceed with audit activities. One reason is that the inability to obtain management assertions could be an indicator that management has engaged in fraud in producing the financial statements.
For investors, they need to know business assertions because assertions help make better decisions. When an investor views published financial statements and he also has assertions from management, and these are the bases of an investor to make decisions. -
2. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Management assertions include several different assertions: occurrence, completeness, accuracy, timing, classification, stigmatization/presentation, existence, rights, valuation. Each is important. In my opinion, completeness is the most important. It relates to all three classifications: transaction-level assertions, account balance assertions and presentation and disclosure assertions. It helps check whether all the transactions are correctly included in a financial statement, and helps whether the work is accurate and completed.
-
Yulun,
you are right that completeness is important, In my opinion, I think accuracy is more important than completeness because without record accurate information, even all the business events are recorded they do not reflect much value because they are inaccurate.-
I don’t agree with you. Maybe you are right that without recording accurate information, even all the business events are recorded they do not reflect much value. But without recording complete information, even all the business events are recorded still may lead to fraud, failures, theft, etc. Just look at WorldCom, by removing some existing items from Income Statement, huge losses turned into enormous profits,
-
-
-
3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainI have not been victim of Fraud because I am always being careful of these kind of things to prevent happening. I am careful to use credit cards and my personal accounts and information. However, my friend’s credit card was used from Michigan and was stolen for around $1,500, luckily he got everything back from the bank. It is true I do have an experience been pressured to commit an act that was morally questionable. I was working in a construction company last year. And our manager was a good friend of our boss, however, sometimes he orders some personal supplies by using companies account from some online websites. So I think that is not good.
-
4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
Based on http://blog.procurify.com/2013/04/03/the-complete-procure-to-pay-cycle/
The typical procure to pay cycle as below:
Identification of Requirement
Authorization of Purchase Request
Final Approval of Purchase Request
Procurement
Identification of Suppliers
Inquiries
Receipt of the Quotation
Negotiation
Selection of the Vendor
Purchase Order Acknowledgement
Advance Shipment Notice
Goods Receipt
Invoice Recording
3 Way Match
Payment to SupplierI think the most vulnerabilities take place in the steps made by human errors. So for the first part, identification of requirement it the most vulnerable step to theft, fraud and failure. It is the first step, and is the most important step because if it fails, the rest of steps will be all wrong.
-
The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
The concept of Assertions is just as important to the stockholders / stakeholders of the company. When the management team develops financial statements, the public perceives this information to be true. The information is announced during the quarterly or annual report shareholders meeting. The results of these reports will influence a person’s decision to buy or sell stock in the company.
Another person who might find these assertions important are the employees. Employee job security is important with many people with families and long-term financial obligations. They may have turned down other opportunities thinking the company was performing well, when in reality it was going bankrupt, leading to a lay-off notice.
-
In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
In my opinion, the most important management assertion is Financial Reporting / Company Stability. The management team compensation packages of many publicly traded companies are based around performance and stock price, which go hand in hand. When a company is performing well, the stock price tends to go up, and visa versa. This is what makes the financial assertions the most important. When you look at equities, the shares are spread out over many different accounts, such as retirement, savings, and financial firms managing financial products like ETF’s. The financial integrity affects a vast majority of stakeholder’s vs only those close to the company.
-
Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainI have been a victim of fraud recently, committed by a restaurant waitress / manager. My wife and I went out to a chain restaurant, ordered dinner, and paid the total bill and tip with a credit card. When my monthly statement arrived, I noticed the total charge for our dinner was $100 more than I remembered. I called the restaurant and manager apologized, gave me back $90, and a free dinner. I was told it was an “honest” mistake. The server must have hit an extra “0” when entering the tip.
The current process for credit card payments are to run the credit card for the bill and leave it open to enter the tip, after the customer has left. This leaves a lot of room for fraud.
-
Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
I believe the step most susceptible to fraud is the Vendor selection. Many organizations have “preferred” vendors, who are the first and sometimes the only vendor employees can use. In order to entice the purchasing manager to buy products, the selling company may offer gifts or promotions to be put on the list.
In my teen / early 20’s, I worked for a maintenance supply company that would charge outrageous prices for standard cleaning products, light bulbs, and paper products. One quart of all-purpose cleaner may cost $2.00 in the store, would cost the buyers over $10, for a very similar product. Here was the catch. We would sell the purchasing manager $200 worth of products for $1,000, but include an xbox and playstation as a “promotional” item. The invoice would show $1,000 of maintenance supplies, but never mention anything about an xbox or playstation. Everyone but accounts payable knew what was going on, but the purchasing managers liked getting “greased” for orders.
-
The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Management’s assertions are extremely important to accountants, as well as auditors. They assist auditors by allowing them to observe a wide range of issues that are relevant to the validity of financial statements. The auditors test the validity of these assertions by conducting a number of audit tests.
-
2. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
I believe accuracy is the most important aspect of an audit review. The main purpose of the work performed by the auditor is obtaining reasonable assurance that the financial statements are correct.
For example, an auditor needs to audit that a company’s inventory exists, which refers to the validity (reasonable assurance) of their financial statements. As a result, the auditor will perform a physical inventory check to make sure that the inventory recorded on the financial statements is valid. From there they would issue an opinion and by doing so, the auditors needed to know the different scopes of management’s assertions so they can properly perform their audit. -
Unfortunately, the same thing happened to me as well!
My credit card was somehow obtained by someone in California and they were able to make purchases via internet. Thankfully, Chase was able to freeze my account, as well as refund me the full amount and send me a new credit card that week,I agree, with you Alex. The more frequent online purchases are made by a user, the more susceptible they are to these type of frauds. For some reason, hackers are able to access our credit cards information through online shopping, which definitely made me more aware of using my credit card via internet. Alex, I as well use paypal to decrease my chances of fraud again.
-
Hi Annamarie,
You brought up a good point that fraud can be as simple as charging more time then was actually worked. In the case of the interns charging more time, do you think at the time they realized they were committing fraud? Also, what do you think their motives were for committing time theft?
-
Paul, you raised some interesting questions.
I don’t think they realized they were committing fraud, I guess most of them were thinking it’s okay or not a big deal for them to report some extra time. I think their motive for committing time theft is very simple, which is to gain more money.I have seen one of my co-worker in the past sat in the employee breakout room for more than half hour while she is still on the clock. She was literally waiting to clock out. and go home. Was she considered as committing time theft?
-
-
Hi Fred,
I would agree that the primary purpose of management’s assertions is targeted toward to stockholders and other stakeholders of the company. While it is important for management itself to have accurate financial statements to make decisions off of, it is even more important for investors and other stakeholders like creditors. If I want to give XYZ company one million dollars, I need to know if they are in the financial position to pay me back or not. In this case, management’s assertions in the form of financial statements are the way I can make an intelligent decision if I should make that company a loan or not.
-
4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
I believe the beginning of the procurement process is the most vulnerable to theft or fraud. From the reading and class discussion, we can see that theft and fraud can happen in multiple ways and that many fall victims to it, including myself.
The first process of procurement is the supplier selection. The vulnerabilities that can affect this phase is misrepresentation of the supplier. Fraud in this phase is based on vendors who are given a contract, but in reality their selection for the contract we based on fraudulent activity. By misrepresentation a vendor could disguise themselves as a reputable business, but in fact be bankrupt, and without this information companies award these contracts to them, without knowing the risk involved. As a result, a company will most likely lose money and never receive their goods that they purchased.
-
Fred, I completely agree that the initial stage of the procurement process has many risk involved with fraudulently activity.
I’m shocked about this real life example but, would you mind elaborating on what “getting greased” means? I’ve never heard that term before and would like to understand how this was beneficial to the purchasing manager?
Also, a follow-up question: Did he ever get caught for doing that?
-
Q 1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Assertion can be important criteria in Material requirements.
Material correctness requirements define the logic of calculation, evaluation, and reporting of certain financial statement items within external reporting. Implementation of these requirements in the form of IT supported processes requires various application controls in order to guarantee the fulfillment of specific audit relevant criteria in the production of the figures and for this reason assertion is important.
These criteria have established as assertion and are summarized as CEAVOP:
• Completeness
• Existence
• Accuracy
• Valuation
• Ownership
• Presentation -
Q 3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainI have never been a victim of fraud. I always try to take preventive measure to keep my important information safe. For example, I always keep a backup copy of all my important documents so that in case I miss them somewhere, I am always up with the backup. I never leave my personal or office laptop unattended.
I have been an evidence of fraud occurring at one of the organization’s I have worked with.
The interns were not issued an employee card and were asked to sign and enter in the premises of the organization. So there was no exact record of their work hours. Also they were allowed to use their personal USB on office laptops because of which they were easily transferring important information to their personal devices. There was no restriction on the use of printers without id cards and they were using the printer for personnel use.
-
We can explain this with three parameters that are:
Confidentiality: Rights(Ownership)
Integrity: Accuracy
Availability: CompletenessSo in my opinion all three of them are most important.
-
Great example Paul. Standards and policies defined by an organisation form the basis of an audit and are a kind of assertions for the auditor. It helps the auditor in defining the scope of audit.
-
Question: The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Indeed, the concept of Assertions is important to accountants, but it also important to auditors and Investors. From auditors’ perspective, when they audit the financial statements of a company, it’s important to find out what management’s assertions are supposed to audit. For instance, if the assertions are related to assets or liabilities in the financial statements, auditors should ensure the accuracy of the financial statements, and make sure the related amounts are appropriate.
From investors’ perspective, some of them may barely understand the industry and have limited understanding of company’s financial statements. In this case, the accurate and clear management assertions can help investors better understanding the company and making good decisions.
-
1 The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Besides accountants, management’s assertions are also very important to auditors. When it comes to the audit of a company’s financial statement, where the auditors rely on management’s assertions regarding the business, the auditors test the validity of management assertions by conducting a series of audit tests.
For example:
Auditors need to audit that salaries and wages expense that has been incurred during the period in respect of the personal employed by the entity, which refers to the “Occurrence” dimension. Therefore, the auditors must perform a set of payroll audit procedures such as verifying active paid employees, verify pay rates and hours paid -
2 In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
It is actually difficult to determine which management assertion is the most important one as each assertion functions differently. If any of them is missing, the auditor’s opinion won’t be trustworthy at all.
I would choose “Accuracy” is the most important assertion because a company can easily commit a fraud by cooking the book and it is very difficult for the auditor to detect all the fraud. Auditors review the accuracy of amounts and other data to ensure the company has recorded transactions and events appropriately.
Example: Worldcom cooked its book by inflating its asset by as much as 11 billions
-
3 Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainI have been a victim of debit card fraud last week with my card being used three times without my authorization in another state, Binghamton, NY. I was shocked because I have never been to this city in New York. I received the message alert from Citibank saying that they have identified possible fraud on my bank account. Eventually, I contacted the Fraud Prevention Department to report the fraudulent transaction on my card. Citibank refunded the credits into my account, disabled my debit card and mailed me a new one.
In my opinion, even though I put all my controls in place, such as I never shared my card with anyone and lost my card or wallet. There is still a risk that the hacker can get assess to my account information through online shopping or they can install the malware onto the checkout card reader to steal my card information to commit frauds.
I have never been to pressured to commit an act, but if I have, I would refuse to commit an act based on my moral standard, and report the fraud to upper management.
-
I believe the step of P2p process most vulnerable to theft, fraud or failure happens when processing the invoice or payment and selecting vendors.
I believe almost everyone has the experience where you write a wrong check or invoice. It is very easy to modify the vendor payment information or manipulate the clients name, address on voucher / refund.
Price can increase in purchase order to establish a kickback program which is defined as a form of negotiated relationship between supplier and vendor in which a commission is paid to the bribe-taker in exchange for services rendered.
For example: a building contractor might give a portion of what he or she is paid to a government official who approved the building plans for the project. This part invoice selecting vendors and issuing the commission in the contract.
-
This answer is for Q4. Sorry.
-
Good example of the “kickback scheme”. I agree with what you said that the start of the procurement process is the most vulnerable. Indeed, if the employee has relationship with a vendor, he or she might get benefit from it and has potential risk in damaging the interest of the company. However, I was thinking that the decision maker in a company is usually the head of the department or management, if the one who take a “kickback scheme” is in a high position, then who can supervise his boss?
-
Hi, Fred
You made a great point. The current credit payment system definitely need to be strengthen to prevent fraud, you are absolutely right that leave the tip open for merchants to enter after customers left leaves a lots room for fraud. Back in high school, I worked as a server in restaurants, I have seen customers just signed their names and leave the tip and total amount section blank. The practice of such negligence give the chance for waiter/waitress to commit fraud.
Also, it’s good that you implemented detective control to mitigated the risk by reconciled your bank statements, I am sure many people nowadays don’t even bother to look at their statements. That’s why preventive control is very important, people need to be trained on how serious lacking knowledge of securing their information assets can impact them.
-
Add on to my answer to Paul’s question, I think in the case of employee committing time theft touched on two parts of the fraud triangle. Employees must perceive an opportunity to commit and conceal their fraud (which in this case I assume the interns report their own time sheet). In addition, employees are able to rationalize their offenses as something other than fraud activity (such as low compensation, and company is profitable).
-
Hi Wenting,
I had the fraud triangle in mind when I raised the question. In my experiences, those who commit time theft rationalize the theft since they are underpaid and not as “respected”. However, I find the same ones who commit time theft and rationalize this way are those who will not show up to work or go on social media when on the job. I think one of the best ways to prevent time theft is actively monitoring employee time cards.
-
Yes, you are right. From my past experience working at Greyhound Bus Lines, we used to have the card to swipe in and out from work. In addition, we had to clock out for half hour lunch when we work a shift for more than six hours. I have seen some of my co-workers didn’t swipe out for lunch, so they can get an extra half hour pay. However, before we get paid, the operation supervisor usually caught them from time theft when she was checking the bi-weekly time report. As you mentioned, in order to prevent time theft, it’s very important to implement monitoring system to check employees’ time record.
-
-
-
I agree with you, it’s not a good idea to use business account for both business and personally use, or use personal account for business use. The owner of the construction company did not comply with the economic entity principle, in which the transactions associated with a business must be recorded separately from those of its owners or other businesses. It’s very important for business owners to have a business account ONLY for transactions that are related to that business. For example, for those who work from home IRS has very strict rules about what can be deducted as “business expenses.” If owners use their personal account for business use, then the IRS may frown upon those deductions, even if they are legitimate business expenses. In addition, it is very time consuming when it’s time to file the business return, owners have to filter which transactions are business expenses, and which are personal expenses. Therefore, it is very important to have separate accounts for business and personal use.
-
3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainFortunately, I have never been a victim of fraud. I have a habit of keep all the receipts and reconcile the receipts with the bank statements every month. Also, I always log out my work computers when I walk away from my seat, and keep my personal laptop in save place. I never leave or share my sensitive information such as SSN #, passwords in public. In addition, I save a backup copy of important files to prevent them being loss or misplaced somewhere. I think it’s important to have preventive and detective controls to mitigate the risks of becoming a victim of fraud.
I have encountered suspicion/evidence of fraud while I was preparing tax return for business owners. In order to reduce tax liability, many of the business owners reported a large amount of meal and entertainment, even travel expenses. I am sure that part of the expenses are for personal use. As an accountant, I was been pressured by clients to commit an act that was morally or legally questionable. Tax payer asked me to markup the expenses, and report the expenses that are not exist. I don’t want to put myself in trouble because I know that the clients will pass the buck to me if anything happens. Therefore, I performed my due diligence. I refused clients who don’t have the evidences such as receipts to support that the expenses are legitimate business expenses. Also, I alerted clients by doing so will triggered audit.
-
Q] Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainI have experienced a fraudulent activity in my life. I was did take care to not fall prey to it, however I was almost on the verge of being a 100% victim.
Before travelling to Philadelphia, I was looking for houses to rent nearby campus on airbnb and I found a good match. I shared a link of that with my would be roommates and we all liked the house. We got in touch with the owner and inquired about utilities and we let him know we were interested. Within a week, we got a mail from airbnb confirming that the house is verified and that we could proceed with the payment within 1 month of receiving that mail. They send us a link to the payment and further process in the same mail. The mail stated we needed to pay directly to owners account as owner had chosen no other option with airbnb. We were worried to proceed as paying full amount upfront to owner was risky.
We spoke to few friends who had used airbnb and they told us that airbnb always asks to pay to either airbnb account or cash on arrival. In our case airbnb asking us to pay to owner’s account was suspicious.
We had some questions regarding the payment process so we contacted airbnb via the link given in the mail. We found that in the mail, the option to chat live with airbnb representative always redirected to 404 Error: Page not Found. This was again suspicious. So we tried to speak to airbnb via the live chat link provided on their official website instead of following the link via the email we had received. This time the chat worked and what we came to know was a shock. Airbnb never asks users to pay to owners account. They verified our house and told us that it was a fraud.
What was the case?
The hacker has actually tried phishing attack via the email he sent us. He had created his profile on airbnb and that is how he got our emails.
What we did?
We contacted airbnb to blacklist that account and they did. -
Q2 In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
A2 Different dimensions of Management Assertions can be listed as below :
1) Occurrence
2) Existence
3) Timing (cutoff)
4) Completeness
5) Accuracy
6) Valuation
7) Rights (Ownership)
8) Summarization / PresentationTo me, Accuracy is the most important of all. Assertions are what the management claims. If the management cannot claim accuracy in all their transactions, it is a red flag right there. Without accuracy in transactions, all other assertions, however true cease to hold any value.
-
Paul, do you think cut off, the correctness of timeline and period of recording of the below levels is also important one.
Transaction level – Transactions can be reported to occur in a different period of month or cycle.
Account balance level – Account balance can be hidden under balance sheets of a different financial year or period.
Assertions are done for disclosure of information to prevent fraudulent activities. I believe fraud can be easily camouflaged under incorrect period reporting. -
Alexandra I was about to ask Vu Do if he had lost his credit card, when I read your post where you mentioned that you had not lost yours. In spite of that the hacker could access data. I agree with you that hackers may not physically require a card to steal money. As you mentioned, we enter card details everywhere we shop online, may it be for clothes or paying mobile bills.
I was curious to know if you had shopped online using mobile device or your computer. I wanted to know if mobile applications are more vulnerable?
It definitely depends on the network that you have used. Public WiFi or WiFi where numerous people are connect will have more potential of risk.-
I agree with you Priya.
Nowadays, technology growing rapidly. People tend to use their mobile devices more than PCs. I don’t think it’s the matter of what device we use for online shopping, it’s more of the effort to download security software and make sure you are connecting to websites using encrypted HTTPS connections. However, it’s always a good idea to shopping online from home because it’s more secure than public WiFi. Mobile applications can be vulnerable when you use it in public because the connections are often insecure, sensitive information such as credit cards numbers, addresses, phone numbers and account number could be intercepted for other purposes.
-
-
1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Assertions are management’s claims about the recognition, measurement, presentation, as well as disclosure of information presented in the financial statements. The concept of “Assertions” is not only important to accountants, it is also important to managers, auditors and investors. It is very important for managers to have accurate assertion because what they provided in assertion will have impact on auditors and investors’ decisions. Also, assertions require the existence of control. If managers provided inaccurate assertion, it represents that the business was inefficient in internal control, and managers and even business’ reputation will be ruined as well. In auditors’ perspective, they evaluates financial records based on assertions embedded in the financial statements. Auditors typically use assertions to help them to figure out what audit tests they should perform and what information they should gather. Assertion is also important to investors because they make investment decisions based on the financial statements. Therefore, an assertion plays a very essential role for basically anyone who reviews and uses the company’s financial statements.
-
I have only been a victim of fraud when my credit card or debit has been stolen and used to make fraudulent transactions. Credit card fraud is common now so my experience is definitely not unique. But there have been multiple occasions when either the bank caught the activity, I noticed suspicious transactions on my account, or I’ve been sent a new card because I used it at a vendor that experienced a breach or security incident. I have learned to use my credit card instead of debit card for most transactions, especially online because money is not taken out of my checking account and credit cards typically have more consumer protections than debit cards.
– Had evidence of, suspicions of fraud occurring?
There was definitely evidence of fraud in many of the examples because my cards were used to make unauthorized transactions. In one example when I was deployed while in the military, my debit card was used to make $300 of purchases at Disneyland in Anaheim. There was evidence that I was clearly not in the United States, nor able to make that transaction. I discovered the charges quickly and my bank deposited the money back into my account a few days after I contacted them.
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainWhen I was in the Army I was responsible for hazardous material and ammunition for my battalion, which meant that I was usually accountable for most of these issues. There were definitely times when my superiors wanted me to cut a corner in interest of meeting a deadline. I was always careful to cover everything because I was ultimately responsible. And although something may have seen minor, if there were to be an issue, the consequences could be significant because of it involved hazardous material which is often times dangerous. I knew if something went wrong, I would be blamed regardless of the circumstances and figured the initial blow back would be much less than if I acquiesced and there was an issue. I’m sure everyone who has had a job has faced pressure to cut corners in some way, which be for something very minor or significant.
-
I hadn’t considered fraud from this perspective before. I’ve definitely witnessed interns incorrectly recording times. I also agree that they most likely did not perceive it as theft or fraud. Although I think that some did not try and rationalize it, it may just have been easy or not considered that big of a deal. At my internship we were required to record our own hours and our managers would then approve the time sheet at the end of each pay period. But it is difficult for them to verify every day over a two week period unless they closely monitor interns, which is not always possible. This example is different than employees who are required to clock in and out and have much less control over time entries.
I do want to note that many companies have been accused of time theft too. I’ve personally known people who were required to show up early to their shift and were not allowed to sign until it officially started. But were expected to be early to prepare, but were not compensated for that time.
-
In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
I believe among several dimensions, “Accuracy” is the most important dimension. “Accuracy” means amounts and other data relating to recorded transactions and events have been recorded appropriately. In my opinion, I think without accuracy even all other dimensions are properly followed they do not reflect much value because the information are inaccurate. Therefore, I truly believe that all other dimensions of Management Assertions only hold values when the assertions are accurate.
-
I’ve actually thought about this before when using my credit card at a restaurant. The transaction is approved before the tip is added, which must then be applied to the credit card. The last step doesn’t require any verification from the customer as when the first time the card was run. The receipt that is given does not account for the final transaction amount, so there is no way for the customer to know the final amount charged until later. Definitely aren’t adequate controls in this transaction.
-
My credit cards have also been compromised this year. Feels more and more common place every year. I’ve found it better to use a credit than debit if you’re able to since it doesn’t take money out of your account. That way if there is an issue, don’t have to wait for the funds to be deposited back into your account. I definitely agree that you can take all of the right precautions and still have issues through no fault of your home. A few years ago my wife’s credit card account had fraudulent activity and had a new one mailed. Before the card had arrived, yet alone activated, it already fraudulent transactions on it. Still do not know how that happened and American Express didn’t seem to have a good explanation.
-
The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Audit Assertions are the implicit or explicit claims and representations made by the management responsible for the preparation of financial statements regarding the appropriateness of the various elements of financial statements and disclosures.
Assertions assist auditors in considering a wide range of issues that are relevant to the authenticity of financial statements. The consideration of management assertions during the various stages of audit helps to reduce the audit risk. -
In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Accuracy is the most important, which is the transactions are recorded at the appropriate amounts. This means that there have been no errors while preparing documents or in posting transactions to ledgers. What’s more, Assets, liabilities and equity interests have been included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments have been appropriately recorded and related disclosures have been appropriately measured and described. -
Well put, Daniel – I agree with your view that processes which require human involvement, are more vulnerable to fraud, theft or failure as humans can purposely act against laid processes for a variety of reasons such as personal gain, partiality, favoritism etc. Apart from this, as you pointed out, humans are also prone to making wrong judgement calls and typographical and manual errors which could result in failure of the process not functioning as designed.
-
I strongly agree with your point. The human errors also may be on purpose, some people may select the vender, which give the person some interests. What’s more, manual processes can reduce the human errors, and increasing efficiency. A separation of duties and responsibilities policy can reduce the risk.
-
Not only in paper work even in data entry also wrong information can be filed.
By human error it can also mean deleting an entry by mistake or falsely entering wrong information as well.
-
Of course, the human error also appeared in information level, so separation of duties and responsibilities can mitigate the risk to an acceptable level.
-
-
-
I agree with your opinion, Management’s assertions related with auditors and financial statement users. The auditors test the validity of these assertions by conducting a number of audit tests. And financial statement users can use those assertions to trust the reliable information, and then make a decision to investment.
-
3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
Explain
1. I have not personally been a victim of fraud; however, my father has been a victim of credit card fraud a few times. The first we were traveling to Canada and there were several charges that were made locally as we were not in the state. We had proof of travel during the time line. The second time this occurred my dad was admitted into the hospital during the time his cards that he had on him were being used around the vicinity of the hospital. Even though most card companies say you have full protection against fraud, its hard to say you were a victim of fraud unless you have proof that you weren’t there. -
1. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Assertion is a confident and forceful statement of fact or belief, the different kinds of assertion dimensions are listed below:
1. Occurrence
2. Existence
3. Timing (Cut off)
4. Completeness
5. Accuracy
6. Valuation
7. Rights (Ownership)
8. Summarization / Presentation
All assertion dimensions are important but the most important assertion dimension in my opinion is completeness. This makes sure that all existing transactions are recorded and that all records that should be included should be fact included. This ensures that we have the whole picture. That all assets, liabilities, and so on are included in the correct places. -
In the example mentioned if the company XYZ’s employee has a brother who can supply the raw materials that the company is looking for, is it wrong to give the contract to that brother? Is not the purpose of getting raw materials met? If there are benefits to the company as a whole in doing a business with this seller will this still be a risk?
-
Yes totally, I agree with you that assertions are important to anyone who reviews and uses the company’s financial statements.
-
4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
Payment processing in my opinion is the most vulnerable to theft, fraud or failure of some kind. When payments are being processed they can have payment information stolen and then used for fraud. Once the information is taken it can be used or sold to others for them to use. This is vulnerable because people have access to the data and there is no real way to secure this information.-
Apologies, this is supposed to be an answer not a reply.
-
-
4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
Payment processing in my opinion is the most vulnerable to theft, fraud or failure of some kind. When payments are being processed they can have payment information stolen and then used for fraud. Once the information is taken it can be used or sold to others for them to use. This is vulnerable because people have access to the data and there is no real way to secure this information. -
1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
The concept of assertions is important to Auditors in addition to accountants. “Auditors are required by ISAs to obtain sufficient & appropriate audit evidence in respect of all material financial statement assertions. The use of assertions therefore forms a critical element in the various stages of a financial statement audit. Assertions assist auditors in considering a wide range of issues that are relevant to the authenticity of financial statements. The consideration of management assertions during the various stages of audit helps to reduce the audit risk.”
http://accounting-simplified.com/audit/introduction/audit-assertions.html#sthash.3J7Pkl59.dpuf -
3. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
The most vulnerable portion of the Procure to Pay process is the first three steps:
1. Determination of requirements
2. Source determination
3. Vendor SelectionThe reason why these steps are most vulnerable for theft and fraud is there are a lots of human involvement. Human make errors all the time and are very easy tempted by money or things that are on their interests. An employee might committing fraud if he or she has the opportunity, under pressure, and rationalize his or her behavior by believing that they have genuine reasons for committing fraud. Some common human errors are data entry errors, such as wrong address entered, invoices sent to wrong customers, and items didn’t match with what customer ordered, etc. In addition, kickbacks scheme might take place in vendor selection. In many cases, there are unwritten clauses in supplier contracts. Suppliers will give cash or freebies to cover “commission “.
-
Wengting, thank you for your story. On the side of personnel, most of people would like to reduce their tax liabilities. and they also know that is illegal. plus, there are lots of companies that use legal ways to do illegal things, for example, reducing tax liabilities, avoid tickets, or other law issues. It is hard to avoid because the law can not be 100% perfect. On the side of a tax staff, it is a stress if people put pressure on you to do illegal things. You did good jobs and performed integrity.
-
Some common controls to reduce the risks of theft and fraud are segregation of duties, use three ways match wherever possible, have purchasing policies, implement procurement Independence with suppliers, and monitor vendor/source/price decisions, etc.
-
Q: In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
The several dimensions of Management Assertions we talked about are as follows:
Occurrence
Existence
Timing
Completeness
Accuracy
Valuation
Rights
Summarization
PresentationAs for me, each of them is very important, but the most important one is Completeness. Completeness indicates all existing transactions are recorded and what should be included are in fact included. From the real-world case we discussed in class about WorldCom, it was lack of completeness of its assertion, some existing transactions were removed from income statement, that led to such a shocking fraudulence.
-
Great answer, I remember one of our professors said before, the effective way to reduce human errors is using automated controls for replacing manual controls. From real-world view, those human involvements are more likely to make mistakes, no matter intentionally or unintentionally, especially compared to automated processes.
-
I agree with you, and I believe that each of them is very, very important, but we should focus more on the word “most”, not the “important”. So I think that we need a comparison standard to draw our conclusion.
-
Hi Fred,
Thank you for sharing your story, I’ve also thought about this case before like Josh and this actually happened to me before. When we hand our card to the waiter at a restaurant, it’s already a vulnerability because the waiter can physically write down our name, card number, security code, or even more. And they can also manipulate the tip amount.
I think it is very important to check on our bank statement every month to ensure there is not suspicious event, but in my personal thought, many people won’t check on their statement just because they are afraid to look at how much they’ve spent for a month.
-
Q: The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Assertions are not only important to accountants, but also to auditors. Qualified auditors are engaged to examine the financial statements, including related disclosures produced by management, to give their professional opinion on whether those statements fairly reflect. And in many cases this is required by law.
-
Q2.
Dimensions of management assertions: occurrence, existence, timing, completeness, accuracy, valuation, rights, summarization, and classification. I think “accuracy” is the most important, if the information and data are not accurate, other dimensions such as valuation, summarization would not be accurate as well. -
Q1. Assertion is important to auditors, because a letter containing the management assertions from the senior management of a client is necessary for an auditor to proceed with audit activities.
http://www.accountingtools.com/questions-and-answers/what-are-management-assertions-in-auditing.html
-
Jianhui – Very good point and great link! Assertions are important in the audit world. It is pretty much what audits revolve around. What was learned through inquiry, what was seen, what is factual? These are some questions I ask myself after walkthroughs with clients, during my audits. It all goes back to assertions!!
-
-
Hi Paul,
I completely agree with you that the financial statement users aka, shareholders, creditors, customers and government users, are important to the concept of assertions. They really rely upon the auditors to provide correct opinions on the public-held firms that they want to invest or investigate. It indicates that the auditors are required to be familiar with all assertions.
-
In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Assertions important for the class that we discussed are:
> Occurrence/Existence (timing)
> Completeness (are events recorded)
> Accuracy/Valuation (accuracy means if it is correct? valuation means if its measured correctly)
> Rights (do I truly own it at the given date?)
> Summarization/presentation (am I summarizing it correctly?)I think that the completeness is the most important assertion. Completeness asserts that all business events of the company are recorded.
For e.g.: Hidden liabilities can be a biggest concern for auditors if the company doesn’t record them.
-
Priya,
Interesting point. I didn’t really think about “favoritism” when it comes to selecting vendor. It actually made me think to segregation of duties and different access controls that are needed to mitigate such risks.
-
Josh,
Thanks for your suggestion, you are completely right. Using a credit card is easier to prevent fraudulent transactions since it does not take money out of my account. Your case sounds very suspicious how transactions went through a card when the card is not activated. American Express still owes you a valid explanation.
-
Thank you for providing the example. It does appear that preventive controls weren’t at place at that organization that led to waste of company resources.
Did you ever bring it up to the concerned personnel?
-
Yu Ming, Thank you for your sharing. In my opinion, completeness is more important than accuracy in this topic. a business or an organization needs to record all events first and make sure the completeness of all information or data related to the event. and then other terms can be involved. if a business illegally deleted some important data, other jobs may not find it.
-
thank you for your sharing Weng Ting,it is so true that management should provide accurate assertion first to avoid further auditing or other related works.
-
Ming, Thank you for mentioning the case of WorldCom in your discussion. They cooked the book by removing data from income statements, leading huge influence and fraudulence.
-
Totally agreed! And good explanations for each term listed above. Completeness is the most important than other terms because first thing you have to do is to make sure that all information and data recorded appropriately.
-
Q4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
The most vulnerable parts of the Procure to Pay process are the Vendor / Purchase Order, and Goods / Service Receipt process. Ways the Vendor process can be vulnerable are lack of vendor validity. Inappropriate practices of authorizing purchase. Lastly, this process posses a big vulnerablity to inproperly retaining of records. The second process Good/Service receipt process has very similar vulnerabilites. Such as not being able to keep records of goods / services received and big one inventory manipulation.
-
Ming Hu – I agree, assertions are also important to Auditor’s. The point you made is true. How about when it comes to IT Auditing? It applies the same in a different context. Instead of reviewing financial statements, an auditor may review user (privileged) access to tools that generate financial statements, rights to promote code into production etc.
-
Abhay – I like the points you made. Especially the point about completeness. I know for me in my current role, Completeness and accuracy are things that come up alot in meetings, audits, etc. It is a very valuable piece in audit. Especially when attestations are said to be occuring.
-
I fortunately have not been a victim of fraud, that I know of. I was never pressured to do fraudulent activities by an employer either. I have however witnessed colleagues committing fraud. I was an outside sales rep and we were to be reimbursed mileage expenses instead of given a company car. There were some controls in place through the SAP system that was used to request payment for reimbursement and that was if any reimbursement payment was over $1000 there would be a flag and it would be reviewed manually by an auditor. Anything under $1000 usually just flowed through automatically for payment unless it was randomly selected. Many of my colleagues would input mileage for in person meeting that never actually occurred.
-
In my opinion, while all assertions are of importance, the most critical in reviewing and giving an accurate picture is the accuracy of the data reviewed. Again, as with most controls, humans are the most difficult element to control and with the validity of the information that was entered. If inaccurate data was reviewed the entire picture of the audit would be in question.
-
Laly,
Getting greased means someone is paying off another person for a contract. Politicians getting “greased” by developers is an example.
Here is how it benefited the purchasing manager.
The purchasing manager would be assigned a budget by the CFO. Most of the time, budgets stay static unless there is a disruption in the business. So, as long as the purchasing manager doesn’t exceed the budget, they would continue to get the same amount. The purchasing managers are smart and realize the CFO has over budgeted this quarter, but is threatened that the budget will get cut if they don’t spend the money. The purchasing manager doesn’t want to get the budget cut, so he will have to spend it.
This is where we come in. The purchasing manager knows he can perform the duties of the department for only $10,000 but the CFO gives them $20,000. So, we tell the purchasing manager that they will get the supplies they need and promotion items for buying from us. The purchasing manager spends the $20,000 with us. We send them $10,000 in supplies, but mark them up to $20,000, and send them $5,000 in “promotional” items, like xbox’s, autographed sports items, heck, we would tell them to pick what they wanted off a website and let us know.
So, the purchasing manager gets the supplies, and a “promotion” or a gift, but the invoice only shows $20,000 in supplies. Never mentioning anything about the “promotional” items the purchasing manager received.
Summary, the purchasing manager used company money to purchase personal items and the company I worked for hid the sale of the xbox in the cost of supplies.
For the record, I quit this job when one of my buyers, whom I developed a friendship with got fired because the management figured out what was going on. This is when I first felt the word “integrity”.
-
Hi Priya,
I would have to follow up with what Ming had said that I believe it is “most” important. Timing is definitely an important part. However, if an asset isn’t even recorded on the financial statements then timing wouldn’t even be taken into consideration.
-
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
Great job on the discussion. This is what I want to see every week. I think you raised all the salient points but let me summarize and share my views.
Q1: Business Process Experiences: You have ex […]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
Reminder: Exercise 1 – Procure to Pay Process is due (via e-mail) on Thursday September 22 at 11:59 pm.
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
I had planned to arrange that a couple of our classes would actually meet on Temple campus to give opportunity of those who can to meet face to face with fellow classmates, etc. As it turns out for some visa […]
-
Edward N Beaver posted a new activity comment 8 years, 1 month ago
In your answer you said ‘Profit driven controls usually focus on “profits” rather than “efficiency”. My experience is that profit improvements can come from both revenue (top line) growth / improvements as well as bottom line cost improvements. Efficiency is a common (but not only) driver for cost reductions and hence profit growth.
-
Edward N Beaver posted a new activity comment 8 years, 1 month ago
Said, your job was a step in the broader Procurement or Procure to Pay process we discussed in class. You handled tasks in what I described as the ‘Invoice Verification’ step. It’s interesting to see how in your description, how interconnected your task was with with others in the process. We’ll learn more about this process and how…[Read more]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
Thanks all for persisting through some of the first on-line class issues we had. I trust you were able to genuinely participate and learned about what we’re doing in the class as well as starting to learn the […]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
Some specifics I learned from our fist class that hopefully will make all future classes happen more smoothly:
The password for all classes is ‘Process’. I apologize for not sharing that prior to our first c […]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
Describe a business process you have experienced (either as an external or internal participant) and what your role was.
The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted […]-
My role as a business development executive gave me exposure to the business process of “generating revenue” for the company. The Revenue Generation Cycle moves through multiple business functions and involves, “A series of logically related activities… to produce a… result.” (class powerpoint).
The cycle begins with the research and development function producing a product that will sustain a competitive advantage over the competition. The marketing / sales function will target a specific audience by producing a marketing campaign. The supply chain manufacture the expected demand produced by the marketing campaign. The warehouse will house and distribute the finished goods to the customers. Finally, he Finance function will process the invoices and collect payments.
A more direct experience would be inside the Marketing / Sales function. Inside the Marketing / Sales function is another process called the Sales Cycle. A “Sales Cycle” starts from marketing research conducted by the company. The initial research is usually referred to as a “Cold” lead. The cold lead is then passed to an inside sales representative who will conduct a qualify or reject the lead. Rejected leads are kept and labeled for future campaigns, but the qualified leads will be passed to an account executive. The qualified leads are usually referred to as, “Suspect”. The account executive will transition the Suspect into Prospect by conducting a screening process to determine if the good/service can produce business value for both parties. If the answer is yes, the sales manager approves the deal and it moves out of the Marketing / Sales function.
-
Question: Describe a business process you have experienced (either as an external or internal participant) and what your role was.
One business process that I have experienced as an internal participant was billing and collections, while interning in the accounting/finance department of a major transportation company. The process went as follows:
1. Customer, such as another transportation company, requests a price quote for a particular good or service from us (renting out train cars, for example).
2. Our company provides price quote.
3. If customer approves, a contract is created and signed by both parties.
4. Good or service is provided.
5. Invoice is created in SAP and sent to customer, and they are expected to pay within 30 days.
6. If payment is not received within 30 days, a collections notice is sent as reminder.
7. Collection notices are sent out on periodic basis from then on, until payment is received and the transaction is marked complete within SAP.I had several roles within this process. First, I created invoices in SAP to be sent to customers, after receiving the sales information from my co-worker. I was also responsible for sending collection notices to customers flagged as very late (90 days or more without paying).
-
Answer to Q 3:
An environment which is in compliance with the defined set of standards and policy is considered as a control environment. Such environment is built in an organization to:
• Ensure reliability in the processes and operations
• To take preventive actions against any kind of fraud such as financial, security, data breach etc.
• To make sure that everyone in the organization have common set of principles to follow so as to maintain a uniformity
• Assignment of authority and responsibility
• Generate trust and reliability in its clients with respect to all the business operations shared between the organization and the client as well as to provide them reliable reportingExample of control environment:
IT Auditing:
To check whether Information Technology controls:
• Ensure data integrity
• Safeguard IT Infrastructure
• Are aligned with the business objectives and goals -
Answer to Q 1: :
INFORMATION SECURITY EXCEPTION BUSINESS PROCESS
Purpose: Method to obtain an exception to compliance with a security policy or standard
Scope: Organization’s security policy and standards
Description: Exception may be granted by the Information security team of the organization for a non-compliance with a standard resulting from:
• Implementing a solution which cause minimal risk to the organization
• Implementing a solution with equivalent protection
• Inability to implement a standard due to some limitationProcess
• Requester will submit the exception form with the description through data governance portal
• Form is received by information security team
• Exception is assigned to a Security Analyst in the team
• Security Analyst will gather all the necessary information
• Security Analyst will contact the requester if more information needed
• Make a decision on the level of risk it can cause to the organization
• If RISK: LOW-> APPROVE, copy the manager in the decision
• IF RISK: MEDIUM OR HIGH-> Call a meeting with the team and the manager, discuss the details such as what all risk it may cause if the exception is approved and what are the alternatives to this.
• Manager will make a decision on whether to deny, approve or suggest an alternative to the exception
• Notify the requester
• Requester may appeal against the denial by submitting additional documents or requesting a meeting to discuss the decision.MY ROLE:
I was an internal participant of the above business process. I worked as a Security Analyst in the team. Exceptions were assigned to me directly. I use to review the details, request additional information from the requester if needed and decide on whether to approve the exception or additional reviews are needed. I was responsible for calling a meeting with the manager based on the level of risk it may cause.Example:
• Requester will submit the form with all the details such as what kind of data it is, reason for migration, duration for which data will remain on the new server, penetration testing report of the server on which data needs to be migrated.
• Exception is received by the Information security team and is assigned to an Analyst.
• Analyst will review all the details such as the type of data and how crucial is it. For example, if it is a PHI (Patient health information) data, it needs high level of protection.
• Penetration test reports of the server will determine the level of vulnerability of the server based on which it will be decided whether the data is safe or not.
• Based on these fact the Analyst will take a decision on the level of risk and will approve the exception or pass it to the manager for further reviews. -
Question: The Sarbanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction?
Laws like SOX were an appropriate reaction, especially given how much harm resulted from high-profile control failures. Enron, for example, cost people billions of dollars in total, from lost shareholder value to the loss of retirement funds for employees, due to the misuse of mark-to-marketing accounting. If the company signed a long-term contract to provide power to a plant still under construction, they immediately recorded the estimated profits (even if the actual number ended up being much different).
It is clear that this was blatant misleading of shareholders, and the fall of companies such as Enron and WorldCom made it clear that such practices must be stopped. Regulations like SOX help prevent accounting fraud by requiring management to confirm the accuracy of financial disclosures, as well as establish internal controls within the organization and report on their efficiency.
-
Question: In your own words, how would you define a control environment?
A control environment comes from the perceived attitude and actions of upper management regarding the importance of the internal control system within an organization. This environment is reflected in a variety of ways within an organization, including the organizational structure, culture, and business procedures.
The attitude of upper management will trickle down through the organization and be perpetuated at all levels, so it is crucial that management recognizes the importance of the internal control system. A lax or even annoyed attitude toward the ICS will result in a weak control environment overall, while a proactive and positive attitude regarding the ICS will create a stronger control environment for the organization.
-
Question: Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability-driven control?
An example of a profitability-driven control within an organization is price comparison prior to vendor selection. Many cost-conscious organizations, such as Walmart, will complete a thorough comparison of potential vendors before selecting one. There are no legal regulations that require an organization to choose the lowest-priced vendor for goods or services ordered, therefore this is not compliance-driven. However, selecting a lower-priced vendor will reduce costs and increase profitability, thus making it profitability-driven.
Compliance-driven controls are focused on adhering to legal regulations applicable to the organization, while profitability-driven controls are focused on maintaining earnings from business activities. However these two are not mutually exclusive, since compliance (or lack thereof) to legal regulations can have an effect on profitability.
-
1. Describe a business process you have experienced (either as an external or internal participant) and what your role was?
As an internal auditor I was also responsible for audit scheduling and initiating audit process.
Function : Information and Data Security
Process : Audit Scheduling and Initiating process
Aim : The aim of the process was to prepare audit schedule and gather information from stakeholders to kick start the audit
Timeline: At the beginning of financial year my team would have to release the audit schedule and hence we started the below process a month prior
to the plan release date. I was the core team member and performed below activities.The process is as follows:
1. Reviewing the Company Audit Plan for the financial year
2. Mapping company audit plan to client audit plan requirement
3. Preparing the schedule on basis of the mapping
4. Publishing first draft of schedule to stakeholders
5. Collating data from the responses of the stakeholders
6. Making changes in the first draft schedule on basis of data collected from step 5
7. Sending the updated schedule to management for approval
8. Post approval, releasing final schedule to stake holders
9. Collating internal and external compliance requirements to make list of documents required for audit from the auditee’s side
10. Initiating audit and sending the preparatory lists to the stake holders
11. Commence the opening meeting to set the audit agenda -
3. In your own words, how would you define a control environment?
Control environment is established by defining set of policies and procedures by the governing body (board of directors/ senior management) of the organization. The control environment establishes the culture, practices and behavior in the organization.
Ex. To list a few examples of control mechanisms, we can state that a company ‘X’ has a control environment if below policies are implemented
1. The management conducts meetings at regular intervals to plan policies to be implemented. They also take effort to create awareness about those policies among the employees
2. All employees undergo the background check process
3. No visitor is allowed in the facility unless accompanied with an escort
4. Control in physical environment ex. Access protected doors, electronic surveillance
5. Control in logical environment ex. Authorization and authentication for software applications
6. Controls around information ex. Backup of data is taken once a week.It is necessary that the implementation of controls must be verified and validated. Monitoring the controls will help maintain the code of the organization.
-
Question #2 The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction? Explain.
Sarbanes-Oxley initiated many new and needed changes for corporations. These changes were called for to rebuild the trust between the public and businesses regarding the integrity of financial reporting. SOX required a separation of duties and responsibilities for corporate personnel to spread decision-making ability to prevent the ease of collusion. CEO’s going forward would be required to sign and certify their 10K’s and 10Q’s, and face criminal prosecution for any purposely misleading statements. Also, to prevent a conflict of interest for outside auditing companies, SOX set limits and restrictions on the types of services and products an auditing business could offer a company they are auditing.
In my opinion, I believe the changes instituted by SOX were greatly needed and not an overreaction. Many of the changes seem to be common sense solutions that the businesses should have realized the need for without the passage of a law requiring the changes. Although, some people may be firm believers in “caveat emptor,” the boards of the businesses failed to be the “voice for the small investor” which exhibited the need for the regulations to be created too. -
In your sentence, “A control environment comes from the perceived attitude and actions of upper management…,” how high up the chain do you mean? I completely agree with you that fostering a company culture of the importance and significance of ICS is key to its success. In your opinion, does the CEO’s attitude hold more weight in the program’s success or do the “front-line” leaders have more impact?
-
I agree with your point Annamarie.
Laws like SOX are not only sufficient but also prove beneficial for the management to establish control over the happenings in the company. SOX mandates to exhibit clarity with the shareholders and thus helps in building trust. -
Question: Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability-driven control?
Compliance driven controls are those regulatory decisions that are taken in order to follow set of procedures and standards. They help establish controlled environment.
ex. A company implements SOX compliance controls.Profitability driven controls aim at increasing the business revenue and lessen the cost factor to benefit the financials of company.
ex. Company chooses to use raw material of grade B instead of raw material of grade A. -
Great post Annamarie!
I also think having compliance driven controls helps increase profitability in some cases.
There would be a huge one time cost to establish compliance controls and may take time to be implemented. However, in the longer run the well established control will help the company against fraudulent data, law suits, miscommunication in turn saving the money the business could have lost in future. -
Question: Describe a business process you have experienced (either as an external or internal participant) and what your role was.
Role: End of Lease portfolio owner. Managing the laptop replacement for entire Hyderabad region with over 2000 laptop changes per quarter. Assigning the technicians in respective block (walk up) and making sure the resources are provided and coordinating with asset team and business for the change of laptop. Monitor and verify if all the necessary changes are made and if there are any exceptions.
End of Laptop Change process:
• A mail is communicated to all employees whose laptop lease would expire 6 months prior informing that the lease would expire on this day(xx/xx/xxxx) and they would receive a survey after 3 months to choose a laptop model of their preference.
• Three months prior to the date of change another mail is sent asking for their choice of laptop and giving them a deadline (a period of 30 days) to reply by.
• Another mail is sent 3 days prior to the deadline reminding the user. If a survey is not received in time a default model is chosen for the user.
• Once the inputs are received this information is send to the procuring (Asset management team) to procure the laptops from the respective vendors.
• One month in advance the machines are received and images are deployed.
• One week before the laptop change another mail is sent to the user to submit the laptop on a particular date(xx/xx/xxxx) and to take the necessary backup incase needed and also mentions the good practices.
• On the date of submission, the user walks into the nearest available IT walk up and submits the laptop for change with the adapter.
• The technician then checks the configuration, runs various tools to copy data and install applications and ensures that the data is intact and informs the user to pick up the new laptop.
• Follow- ups are send to those who has not submitted the laptop and check for alternatives.
• A survey is then send to each user to check if they are happy with the laptop and also to see that everything is working fine as previous.
• The machines are then wiped after the retention period and then sent to Asset management team to return to the vendor. -
Describe a business process you have experienced (either as an external or internal participant) and what your role was.
I was an inventory accounting assistant for Total, an oil and energy company. My job was to process gas transportation suppliers’ invoices and entered them in SAP for payment. Those suppliers transport gas from one warehouse to another or to a specific gas station. First, the supplier has to pass the bidding process, and then receive an instruction ticket whit the location and quantity to transport. Upon arrival to the warehouse or the gas station, the supplier presents the ticket to the warehouse manager who will put the info in SAP. Then, the supplier sends us an invoice. I verify the invoice to see if it has the correct cost center, account number, PO number…and then give it to my supervisor for signature. Then, I enter the invoice in SAP for payment. Another department has already created the client account and PO number in SAP, so all I have to do is to put the quantity transported and the total amount of the invoice, the cost center in which the supplier is being paid from etc.…And finally, I write down the transaction number on the invoice and pass it to the accounting department who will make the payment and generate a receipt.
-
Said, your job was a step in the broader Procurement or Procure to Pay process we discussed in class. You handled tasks in what I described as the ‘Invoice Verification’ step. It’s interesting to see how in your description, how interconnected your task was with with others in the process. We’ll learn more about this process and how interconnected the steps are over the next few weeks.
-
Question: Describe a business process you have experienced (either as an external or internal participant) and what your role was.
Background: During my bachelor’s degree in MIS, I was working as a Technology Analyst intern at EMSI Inc., which is a leading manufacturer’s representative and it served the international market. Their product lines consisted of electrical raceways to customized instrumentation.
Business Process:
1) Customer sends a request to buy items to the sales team.
2) Sales Quotation is provided by the sales team to the customer.
3) A credit check request is generated for the Accounting department.
4) If the customer’s credit is satisfying then customer order is documented and sent to Supply Chain & logistics department or else the request is forwarded to the manager for authorization.
5) In the latter case, manager decides whether to approve, deny or propose different suitable conditions.
6) Order is scheduled for delivery.
7) Order is shipped to the customer and invoice is created and sent to the customer.
8) Customer sends the payment that is collected by and recorded by Accounting department in general ledger.My Role:
One of my responsibilities was around data integrity. The customer information was usually input by either customer or a sales team and due to many customizations made to the NetSuite ERP, there was a specific way (rule) to input the information to ensure the data isn’t corrupted when it passes through different business functions.Additionally, I was also involved with the IT team for the ERP & CRM customization to improve the experience of the different business functions for different business processes.
-
Question: In your own words, how would you define a control environment?
The control environment is the internal control of the environment. It stands for the upper manager’s attitude and awareness in the organization in order to reduce the risk of the entity. This environment includes many aspects such as business structure, corporate culture, values, operating style, human resource policies and procedures.
The upper manager should take positive attitude to control environment. The control environment is that how a company is operated by its management, reflecting such matters as their philosophy and operating style.
-
I agree with your thoughts, however, I think the environment should include more aspects. For example, many companies have high values and seek to promote honesty and integrity among their employees on a day-to-day basis. What’s more, competence is the knowledge and skills necessary to accomplish tasks that define the individual’s job.
-
4. Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability driven control?
Profitability controls can be achieved by meeting customer demand, achieving high sales, controlling costs by reducing or limiting excessive spending. So for example, if a project requires a certain software which is licensed like Adobe Acrobat used for editing documents and the license cost is too high and the similar features are available with Nitro Pro 9 which is slightly cheaper, then the project can get the cheaper software as it is not affecting the business objective.
Profitability driven controls are in the interest of the company’s profit based on the objectives of the firm where as compliance driven controls are bound by the legal policies or by the compliance standards set by the firm. A good firm should be able to achieve profitability and still remain compliant to the policies.-
I totally agree with your point Binu that compliance driven and Profitability driven should not be kept mutually exclusive.
Your example illustrates the same in a very good way. I would just like to add a little description to the same example to show how profitability and compliance driven can be kept mutually inclusive..While selecting the cheaper version of the software it is also important to check if that software which is being selected is not leading to any kind of violation or non compliance and is not leading to any kind of vulnerabilities to the system.
-
Binu,
Your Adobe Acrobat vs. Nitro Pro 9 example shows a company may want to achieve profit maximization by using cheaper software because these both software can achieve the same objective. However, if a company wants to continue in the long run, I think it better choose Adobe Acrobat because it can function better and it support most computer systems, even tablets and smartphones. It’s also in conformity with other business partners in terms of software consistency.
In one word, by using cheaper software, it can achieve profit maximization in the short run because it saves money. but in order to achieve profit maximization in the long run, it would have to choose the more expensive software such as Adobe Acrobat.
-
Agreed, for a profit-driven control the company would buy lower cost software which will maximize the profitability of the company. I like how you explained the example with the Adobe Arcobat and Nitro Pro 9. If both software function the same and both can be use on the project, why go with the higher cost. Each project has a limit for the amount of money that can go into it and having lower cost software will open up more money to go towards other resources for the project.
-
Yes true, but sometimes buying the cheapest software is not strategically the right thing to do. Here, we are comparing Nitro Pro 9 and Adobe Acrobat. In the long run, it will be wise for a company to choose Adobe Acrobat even if the company is small and does not need Acrobat features for the moment. In fact, the company aims to grow in the future and will be needing those Acrobat features.
-
I definitely agree that purchasing the cheapest software is not always the best decision. Price should always be considered when comparing competing products, but should not be the sole determining factor. I have only used Adobe Acrobat so I can’t comment on the difference between them other than price. But in my experience having the right software can be crucial and beneficial. Similar to many other strategic decisions, an appropriate balance needs to be achieved between price and functionality. There is always a point at which something becomes prohibitively expensive, and it is in important to identify where that is. It is about determining the extra value that is gained from additional cost and if it is worth it.
-
-
-
-
Yes. SOX was more like the right thing to do approach. And keeping a standard helps who are coming up in the market or the ones already existing to keep a check on the policies so as not to cheat others and to keep it fair.
-
Answer to Q2.
An example of profitability driven control is a bank tending to keep its interest rates low for the following reasons:
• When economic activities weaken, monetary policy makers can push the interest rate targets below the economy’s natural rate so as to lower the cost of borrowing. This help spurs business spending on goods. Example: home sales increase when mortgage rates are low than when they are high.
• Low interest rate will also help the banks in improving the balance sheets and bank’s capacity to lend.
• This helps raise the industry’s net interest margin(NIM) and boosts its earnings and capital.However, it will have following disadvantages:
• Lower interest rates encourage borrowing and higher debt as it provides higher incentives to spend rather than save.
• If Short-term interest rates are low relative to long-term rates, banks and other financial institutions may over-invest in long-term assets and if the interest rates rise unexpectedly, the value of those assets will fall leading to losses for the bank.
Since there are no legal regulations that is being followed while lowering or increasing the interest rates and for this reason no standards and compliance is followed.
Compliance driven approach will focus on implementing particular standards and controls within an organization whereas profitability driven approach will focus on achieving good monitory profits. In the above example compliance driven approach will focus on defining standard interest rate risk policies and procedures. This will in some way safeguard the organization from loses which they might face by following just profitability driven approach. So both should follow each other and should not be exclusive of each other. -
This response is for Question 4. Apologies for the typo.
-
My response to Q1 (Describe a business process you have experienced (either as an external or internal participant) and what your role was.)
I was involved in Service Delivery Account Management as a Transition Project Manager and over saw the end-to-end Project Management process for the Transition. At a broad level, the process can be broken down into the below steps:
1. Initiation and Planning
a. Defining Project Team
b. Identifying and validating requirements
c. Identifying and Mitigating Risks (runs throughout the Project duration)
d. Dividing Project deliverables into smaller individually managed tasks
e. Estimation of Effort, Duration etc.
f. Creating Project Schedule based on effort, product, activities etc.
2. Executing and Controlling
a. Knowledge Transfer
b. Shadowing
c. Change Management
d. Financial Management
e. Project Control and Execution
f. Project Management Review
g. Go-Live
h. Documentation (Signing off of Compliance Task matrix, Statement of Work, Global Risk Review, Issues and Risks )
3. Project Closing
a. Documentation Acceptance Signing off between Client and Org.
b. Business Acceptance Gate approvals
My role as the Transition PM was to Transition technology operations for multiple service lines for a US based Client. I served as the single point of contact for the Cross-Geo and Client Executive Management and handled Escalation and Communication management facets of Project as well. -
I agree with Annamarie in the sense that laws like SOX are “appropriate reaction” to the control failures encountered in the past. These laws not only protect shareholders, by obligating companies to disclose financial information, but also raise awareness on the importance of internal controls in the market.
Indeed, organizations have to regularly test the effectiveness of their internal controls, which allow them to manage risks. However the main question here is to know if they are in fact sufficient to fight corporate fraud. I think there is always a way around the system, so no they are not sufficient reaction to the high profile control failures. -
The environment control is achieved based on the organization`s policy, procedures and efficacy. The control environment is a way to achieve the internal control. It will direct impact on the enterprise internal control implementation and enforcement of business objectives, which direct influence the whole strategic target. On the other hand, control environment will help to provide the basic rules and framework built, it will influence the employee awareness, including staff ethics, integrity, the management style and the mode of the development of organization.
-
Question: In your own words, how would you define a control environment?
Control environment can refer to an organization culture in which there is an emphasis on internal control and compliance to rules and regulations. That is an organization in which management and employees have a preventive attitude toward risk, such as elaborated policies and/or risk management measures.
-
I do agree with you, but I just think SOX is not enough because corporate fraud still exist. We still have inside trading and people like Bernard Madoff who will always take advantage of the system. Also, SOX laws really focus on management and high hierarchy employees. What about the accounting assistant at the bottom of the pyramid? The point is that corporate fraud is not just a management ‘thing’, and we will need more strict laws.
-
Bernie Madoff ran a private investment firm, whereas SOX’s requirements are more for publicly traded corporations. So Madoff had much more control over the corruption that he was a part of. If the financial collapse had never taken place in 2008/2009, I wonder if we’d have even known about what he was doing.
I think the requirements and regulations placed on the auditing firms has definitely helped prevent a lot of the collusion and corruption that spurred the need for SOX. Without the incentives that were there for the auditors previously, and since the auditing leads have to be regularly cycled, there is a much lower likelihood of collusion from the auditors and their firms.-
Yes you are right, as a private investment firm his firm was not required to be audited by firms registered with PCAOB created under SOX; which allowed him to “fabricate his books”. That’s why I am saying that laws like SOX should be more strict and applicable to firms other than publicly traded corporations.
-
I completely agree with Sean. Piggybacking off of what Sean stated, SOX’s set standards and regulations prevent a lot of corruption. SOX requires audit boards to institute procedures in which they review auditing, internal control irregularities, and accounting, to overall ensure protection.
-
-
I believe, if the management has to sign on agreeing that they are responsible for the financial accounting that is happening within their company, it mandates the management to have adequate internal control and also maintain that control.
To maintain this type of control, a framework is established by management and there is an audit team to ensure that all employees are following the defined policies.
-
-
Describe a business process you have experienced (either as an external or internal participant) and what your role was.
While working in an Auto commercial insurance company the main business process I was part of was the auto policy renewal process. Below are the simple steps:
1-At renewal period, policy clerks gather the data (loss exposures) from customers through filled out questionnaires
2-Policy clerks submit data to the underwriting assistant who compare the data from previous policy period and check for accuracy
3-The underwriting assistant submits the data to the Underwriters who verify again the information, evaluate the exposure and provide a quote based on the renewal rates.
4- The Underwriters share their proposal with the customer’s agent
5- the agent proposes the new quote to the customers who make a final decision
6- if they renew, they send a check for their premium and a signed disclosure form to the policy clerks who inform the underwriting assistant of renewal.
7- the underwriting assistants then send out Id cards and certificate as well as new policy to the customer.If they don’t renew the renewal process ends at step 6.
As an underwriting assistant my role was to check the accuracy of the data received by the policy clerk (step 2), issue and send out certificates and ID cards.
-
Answer to Q 2.
Sarbanes-Oxley act was implemented in the year 2002 following the major corporate and accounting scandals including Enron and WorldCom. Since then, there have been many question marks on whether the law is a sufficient reaction to the failures or are they just an overreaction.
There have been cases in past 14 years since this law has been implemented which proves the inefficiency of SOX.
Some of the examples which I would like to highlight to prove my point are:
The SEC says it has brought civil false-certification charges against more than 200 parties, including executives at companies involved in the crisis like Fannie Mae, Freddie Mac and Countrywide. But the SEC hasn’t used false certification against executives from any of the major banks suspected of misleading the public about their finances during the crisis.
Richard Fuld, former CEO of Lehman Brothers Holdings Inc. A bankruptcy examiner’s report on Lehman’s 2008 collapse said there was enough evidence to support claims that Mr. Fuld failed to ensure the firm’s quarterly reports were accurate, because he knew or should have known Lehman had cut its balance sheet through questionable transactions. But the government hasn’t charged Mr. Fuld with false certification or other wrongdoing.
In one more such case, there haven’t been any charges against James Cayne, Bear Stearns Cos. ex-CEO, which spiraled into a liquidity crisis that led to a 2008 forced sale to J.P. Morgan Chase & Co. Mr. Cayne and other Bear executives recently agreed to a $275 million settlement of shareholder litigation accusing them of misleading investors about the firm’s finances—including allegations that Mr. Cayne falsely certified Bear’s financial reports. The executives denied wrongdoing, saying they settled to avoid further litigation.
-
Question: The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction? Explain.
SOX is the appropriate law, and it is a sufficient reaction to the failures. The SOX also called Public Company Accounting Reform and Investor Protection Act. Section 302 directly requires an ICS that guarantees reliable financial reporting. And Section 404 required the management of an organization must disclose the scope and effectiveness of the internal controls for financial reporting in an ICS report. An external auditor must also submit a confirmation.( AGAS Chapter 1) For example, In the case of Enron, several major banks provided large loans to the company without understanding, or while ignoring, the risks of the company. Investors of these banks and their clients were hurt by such bad loans, resulting in large settlement payments by the banks. Therefore, the SOX law is necessary for protecting investors.
-
Did you ever receive paperwork for an order not in the system? I imagine that data can get lost for a number of reasons. Was there a policy in place for you to follow to make corrections, or did you have to escalate to somebody with a higher level of authority?
-
I did receive from time to time some orders that were not in the system. In that case I just have to call the warehouse or the gas station where the gas was delivered and ask them to verify the order number and the ticket. If they received the product and the ticket they will have to do an entry in the system, otherwise I pass the invoice to my supervisor who will call the department in charge with contracting suppliers to see if they ever issued that order.
-
-
I agree with you guys. As a compliance driven control helps increase profitability in some case, it can also drive a company out of business. Considering the example in your post Priya where a company chooses to use raw material of grade B instead of raw material of grade A. What if grade A is the standard and the company can’t afford it?
Compliance driven controls can be a huge burden for some companies in difficult financials situation.-
What you say is right Said, If grade A is too costly the investment cost is going to increase. However if the standard recommends to use grade A must be with logical reasons. In longer term grade B material will incur more costs to company in terms of return of goods as users were not satisfied, poor quality or it might lower the brand value.
According to the research conducted by Lord & Benoit, they talk about section 404 of SOX. Critics believe incurred control costs are huge. But their research on 2000 plus companies proves the increase in average share value of the companies that exhibit compliance to section 404.[Lord & Benoit Report (2006):] The research showed that over the two year period there was a:
– 27.67% increase in the average share prices for companies that had effective controls
– 25.74% increase in average stock prices for companies that had ineffective 404 controls in year one but effective 404 controls in year two (0.6% increase in year one and 25.14% increase in year two).
– 5.75% decrease in average stock prices of companies that reported ineffective 404 controls in both years (9.85% decrease in year one partially offset by a 4.11% increase in year two)
-
-
In your own words, how would you define a control environment?
I would define a control environment by the corporate culture regarding ICS. When a business has an ICS in place and the management takes the ICS policy and procedures seriously, the attitude of the company toward control systems is reflected as such. The attitude and culture of control should be positively reinforced through continual training over time for employees.
-
I agree with you Walsh, Control environment is not hard to understand the definition. For me, i would like to think control environment is set the rule in an organization. And it connect to many aspects like Wenli Zhou and Annamarie Filippone mentioned before including business structure, corporate culture, values, operating style, human resource policies and procedures.
-
Great example, Sean. Further to the key difference that you mentioned, I’d like to add that the Compliance driven controls rarely change over short time spans whereas profitability driven controls often allow some flexibility based on various factors such as Client / Supplier relationship, long term gains, prospects of new Business as well as timely fulfillment of Contractual obligations. Compliance driven controls are non-negotiable.
For instance, an IT company might reduce its profit margins for delivering a Service if it expects possibility of getting more business from a high-value Client. Profitability controls in this case are flexible and dictated keeping in mind the bigger picture of forming a long term relationship which eventually would be profitable in the longer run.
-
I like your definition Sean, control environment has to have the right policy and procedure in place for employees to understand. Everyone must follow it and if they all agreed upon it, then it will produce a positive outcome. It is like having rules in place and if no one likes the rules then it will have a negative impact on the results they produce but if they agreed upon it and understand why it’s necessary then they will produce a more positive result.
-
-
I am not sure I agree that your examples were failures of SOX. SOX instituted the require that CEO’s personally certify their business’s financial reports. The bill also gave SOX “teeth” by making the CEO criminally liable for materially misleading financial statements. If the SEC and/or the DOJ declined to bring any charges against executives in publicly-traded corporations under the SOX clause, that isn’t a failure of SOX to prevent fraud so much as it’s a failure of regulatory bodies of enforcing punishments and accountability when fraud is found.
-
I agree with your thoughts but since SOX is governed and administered by SEC, ultimately it proves that there is a loophole in the system which needs to be managed.
Therefore I am not against the point that it has not beneficial but it is insufficient to manage the big scams and require to be followed in a strict way.-
Well put, Deepali – I agree with your point and second you. While SOX has been effective in limiting instances of fraud, it surely isn’t 100% effective. A good law firm would easily be able to find loopholes in SOX and keep its client safe from being charged with fraud. It is these loopholes and grey areas that need working on to make SOX more effective.
-
-
-
I agree with your thought, I believe that compliance means conforming to a rule and profitability means company more attention to increase the revenue and decrease the cost. The interests rate example is a very good example to show that both profitability and compliance is not exclusive but support each other.
-
But compliance can lead to a lack of profitability as well. what if a company is required to have a certain amount of software and hardware but with their revenue this requirement end up being very costly? This would obviously impact the overall profitability. we all know that information security is costly, Sox laws also are costly but mandatory. these can limit the revenue growth of an organization.
-
That’s where divisions exist. To a specific organization, in compliance with certain provisions or standards may be very costly just like you described above. But from an overall aspect, compliance focuses on ensuring that the whole industry is on right track which may lead to increasing profitability of industry as a whole rather than reduces one specific organization’s profitability, even it really did in real life. Just like the existence of traffic regulations may cost your extra time on your trip, but it maintains safety and orderliness of traffic conditions as a whole.
-
True. I was only focusing on an organization specifically not the industry as a whole. Thanks for your comment.
-
As Ming Hu commented, all company within the industry will have to comply to the same laws. This places them on an even playing field. It is then up to the companies reduce cost elsewhere in order to increase profitability. Companies who does this well will rise to the top in terms of profitability.
-
-
-
-
-
I agree with Zhou`s thought. SOX is not just a law, it protect those investors who unfamiliar with company that they want to invest large loans. SOX is like a bridge to connect with shareholders and investors.
-
I agree with Kochhar about control environment.
Actually, after i ready your answer, I more think about what is the requirements of the control environment. Perhaps, if company need to control environment, CPA should pay more attention to the management under the supervision of integrity and ethical culture, and try to prevent or detect the fraud the right and wrong control.
-
this is question 4: In your own words, how would you define a control environment?
-
I agree with Annamarie and Priya that SOX has been beneficial to the management to establish controls over the processes.
But we cannot ignore the cases such as Lehman Brother case and Bear Stearns Cos. Case which occurred after the implementation of the law where the senior management of the organizations were left uncharged in spite of their wrong doings. Therefore, I also agree with Brou point that SOX is not a sufficient reaction to control failures.
-
Question: In your own words, how would you define a control environment?
The control environment includes the factors that have important influence in establishing a policy or project to minimize the potential risks of an organization. It also stands for the understanding, attitude, and action about the internal control of upper management. The control environment ensures the efficiency of implement of the internal control.
The upper management should take the responsibility to prevent the potential risks damage the benefit of the organization. For example, if the upper management of a company underestimate the significance of internal control, the organization may not have any implement in data backup and disaster recovery, which is a huge risk for the company’s information assets. If the servers damaged by the natural disaster or hacking, the company may lose all information of contracts, orders, and projects without backup servers.
-
1. Describe a business process you have experienced (either as an external or internal participant) and what your role was.
Business process: IMPLEMENTATION OF IN-HOUSE DEVELOPED PROCUREMENT SYSTEM
In my past job, H MART, which is an American grocery store specialized in Asian products, I had a chance to experience implementing new procurement system to branch stores. At that time, H MART”s stores were not systematized in their ordering and receiving sector. Everything was conducted in paperwork. As the company was growing, CEO envisioned to digitalize their procurement system. The IT team developed their own program in-house. My role was UAT (User Acceptance Testing). Testings I had conducted are as following:
a. Compared the system’s ordering and receiving procedures with our old way to handle ordering and receiving.
b. Tested saving invoices and searching invoices.
c. Tested the system to find possible bugs or glitches
d. Tested the integrity of the system.
e. Tested authorization(gradual access) and authentification(who can access) of the system.
f. etc.It took so many hours for me to exercise all the criteria of testing. But I admit it was one of my very first time testing an operational program, and interesting to see how technology could make the same job so much easier.
-
Answer to Q 2.
Sarbanes-Oxley act was implemented in the year 2002 following the major corporate and accounting scandals including Enron and WorldCom. Since then, there have been many question marks on whether the law is a sufficient reaction to the failures or are they just an overreaction.
We all know that the Sarbanes-Oxley Act resulted from a series of high profile financial scandals that occurred at Enron, WorldCom which seriously impaired investors’ enthusiasm and confidence. By defining responsibility of management stratum and strengthening independence of CPA, the law aims to improve accuracy and reliability of organizations’ disclosures so as to achieve proper market supervision.
In my opinion, I don’t think these laws are an overreaction. Based on the consideration that so huge losses were caused by top manager’s misuse, we cannot be over-optimistic to market itself to prevent same situations’ re-occurring, therefore, external control is very necessary. Only by combining external control and internal control, using compulsory regulations to raise the cost of financial crime so as to prohibit such fraudulence and misuse, we may rebuild a fair market environment.
-
Question: The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction? Explain.
The Sabanes-Oxley Act was a response to accountants’ failure of Enron Corp, WorldCom and Arthur Anderson by providing a new regulatory framework against fraud for public-held company and to strengthen the internal control and corporate governance within public companies.
Even though the SOX has been challenged for its efficiency and effectiveness over the past years because financial failures still happened after SOX enacted, I still believe it is a more appropriate law to follow by both public-held firms and CPA firms to provide right financial information for investors.
Section 302 of SOX requires the CEO and CFO to take responsibility and accountability for all financial disclosures where CEO and CFO are required to sign the annual report and only the CFO is required to sign the quarterly reports.
Section 404 requires the upper management to maintain and reinforce adequate internal control over financial reporting because the effectiveness of the internal control also has to be disclosed in its reports.
This shows that financial data accuracy and internal controls are in place to safeguard financial data to be transparent for the public in order to protect investors.One of the main purposes of SOX is to reform the independent relationship between public corporation and the audit firms.
-
I agree with you Annamarie. The Wal-Mart example really shows how profitability-driven controls works in corporation. Since Wal-Mart business strategy is “everyday low price”. If walmart doesn’t select the vendors with the lowest costs, It cannot afford to offer the lowest prices of its merchandise to its customers.
A company can achieve profitability driven controls while achieving compliance-driven controls? Based on the wal-mart example, obviously it is profit-driven, but it recently has invested heavily on its customer service lines, improving grocery items such as Organic food, and lastly the online stores. If a company can achieve compliance-driven controls, it can have a positive effect on the profit because both controls are not mutually exclusive.
-
Q1: Describe a business process you have experienced (either as an external or internal participant) and what your role was.
I want to share some of my experience about my part-time job as a resident assistant and an accountant assistant in a real-state company since last September. Our business process is about to rent a unit to a new customer, collect money from him and prepare everything for the new tenant.
Business process:
1. A new customer, such as a new Temple student, calls to request some information including price, sqft, lease length about different types of apartment we have.
2. I answer all questions and check availability of apartments by a tenant system and make an appointment if he is coming to have a tour about the apartment.
3. The new Temple student comes, and I will show to him the sample room of his desired type of apartment, let’s say, one-bedroom apartment.
4. After the tour, if he decides to live here for a one-year contract lease, he needs to fill out the application form and I will copy his at least two IDs.
5. After his application form is approved (mostly around one week), I will call him to come to the office to pay for all money for signing the lease.
6. Lease signed and money paid, I will set up a time for him to pick up his keys and move-in packages 2-3 days ahead his lease start date.
7. I deposit all payments from the customer by using a bank service application on PC, and I also put him into the tenant system and the system will show that the room is taken by him.
8. I check with maintenance department to make sure the room is available on time.
9. I prepare and active all keys and swipe card for him, and put him into different service systems, for example, callbox system, parking garage system, bike room system and general tenant system, etc.
10. Now, the tenant picks the keys and all move-in packages.During this business process, I have several different roles. First, I am a customer representative to answer phone calls and information and make appointments. Second, I create an account and a lease for the new customer and deposit all money into the account. And third, I active all services and system for the new customer.
-
Q3: In your own words, how would you define a control environment?
The control environment is the upper management’s attitudes and also refers to some other factors, including internal controls, integrity, organization’s structure, etc. The upper management’s attitudes will influence in the internal control of an organization and it is important for upper management to understand and well manage internal control within and organization.
For example, within an organization, upper management will care about the attitudes and behaviors of all different employees, day-to-day responsibilities, and short-term and long-term goals of the organization.
Upper management also needs to know the importance of potential risks, building a secure organization. For example, the loss of key person’s flash drive and password. If management and employees within the organization do not care about the internal risks, the costs of the risks would be really high. -
I do agree your points, but I think the upper management should also take the responsibility to enhance the level of ICS. If the decision makers in an organization underestimate the significance of the Iternal Control System, the internal control environment will become weaker. For example, if the upper management didn’t realize the importance of data backup or disaster recover plan, the information assets of organization may suffer huge lose in unethical hacking.
-
I agree with your comments and I think your explanation and examples explained control environment well.
In addition, I would say that risk management within an organization is so important for the business. Some risks can be accepted, some can be transferred and some can be mitigated, but never ignore the risks(learned from Risk Management class during undergraduate).
Organizations should plan and manage risks before they real happen. Mostly the costs to manage risk are not high, but if the risk real happens, the costs will be extremely high to fix to problem.
Based on our major, IT auditing and cyber security, it is a reminder for all of us: never ignore risks.
-
Based on your work experience, it looks that gathering data from customers is really important for renewal the auto insurance. cuz you have to compare the previous data and the data you gathered from the questionnaires that they filled out.
My concern is that what if that there is a tiny possibility that the company loses any data, how do you check for the policy date and how to renewal?
Another concern based on my experience, my auto insurance policy costs differently every 6 month. What if the customers do not want to renew because of the increase of the renewal price?Thank you again for sharing your experience!!:)
-
1. Describe a business process you have experienced (either as an external or internal participant) and what your role was.
When I was working as an Associate Application Developer for Highmark BlueCross BlueShield, I was assign the task of fixing the ID Card phone number in the back. The process for the ID Card was as follow:1. The customer gets insurance
2. Receive ID Card
3. Visit Doctor
4. Doctor use numbers on the back of the card to check their information
5. Information gets sent back from insurer verifying everything is correct
6. Doctor proceeds and customer pays deductable if anyMy role was to correct the issue of having printed ID Cards that produce missing phone numbers on the back of the cards. I worked on this project for 6 months, looking through codes and running tests with new codes to fix the issue. I manage to add some code to the original program and all ID Cards were printing the correct numbers on the back thus fixing the issue in the business process.
-
Good example to show how important it is to establish a control environment. Researches show that not implementing the data backup and disaster recovery can lead to downtime in data center and can cost an average of $505,500 per incident.
-
Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability driven control?
A profitability-driven control is meeting a minimum gross sales margin. A gas station knows how much to charge for each gallon of gasoline sold each day based upon the market rate of gasoline per gallon plus the overhead and operating costs to run the business. As the price of gasoline changes each day, the gas station owner knows how much to adjust the price per gallon of gasoline to maintain the minimum gross sales margin to maintain profitability.
The key difference between a compliance-driven control and profitability-driven control is a compliance-driven control is mandated by a specific law or regulation. Profitability-driven controls are not mandated by law and are at the discretion of the business and its governorship. A compliance-driven control is also a minimum level of control that is required by law whereas a profitability-driven control has no minimum beyond that set by management or the board.
-
Q2: The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction? Explain.
We all know that the Sarbanes-Oxley Act resulted from a series of high profile financial scandals that occurred at Enron, WorldCom which seriously impaired investors’ enthusiasm and confidence. By defining responsibility of management and strengthening independence of CPA, the law aims to improve accuracy and reliability of organizations’ disclosures so as to achieve proper market supervision.
In my opinion, I don’t think these laws are an overreaction. We cannot be over-optimistic to market itself to prevent same situations’ re-occurring, based on the consideration that so huge losses were caused by top manager’s misuse which had not been detected in advance due to lack of external supervision, we may clearly see that external control is very necessary. Only by combining external control and internal control, enacting compulsory regulations to raise the cost of financial crimes so as to prohibit such fraudulence and misuse, we may rebuild a fair market environment.
-
I agree with your opinion. Sabanes-Oxley Act in the US is not an overreaction. I thought the law is not enough to reduce the business risk such as Lehman Brother case. By implementing the law, the senior manager still did some wrong things leading to bankruptcy. So I thought the Sabanes-Oxley Act should be improved and revised in order to preventing the top manager’s wrong practices.
-
I agree with your opinion that Sabanes-Oxley Act is not an overreaction but may not be enough to reduce business risk. Huge companies are responsible for many of their stakeholders. The decision of a few senior managers in the company may place the entire stockholder at risk. I think that there should be internal independent bodies to audit decisions made by the company at the stakeholder’s interests,
-
-
Q1: Describe a business process you have experienced (either as an external or internal participant) and what your role was.
When I was work in a bank, my job was a financial center client service.
My duties:
– help customers to open checking account
– help customers to apply credit account
-identify customer financial needs, goals and objectives; comfortable asking customers about their personal finances
-respond and assist customers with inquiries; Sometimes, I need asking for my manager to get help and learn how to solve some problems.
-Meet or exceed sales goals by influencing customers to learn about products/services that will benefit them.
-check the available bank application forms.I thought my job did both the internal control and external control.
-
I agree with you. Walmart focus on the ” low price everyday “strategy, so Walmart would chose the lower price supplier, and then customers was able to buy cheaper product, this is a Walmart’s profit-driven. What’s more, the Walmart chose the vender and supplier was also obey the law. Compliance-driven controls are focused on obeying the law. Therefore, If the company make the correct strategy, the relationship between compliance-driven controls and profit-driven will be not mutual.
-
In fact, while choosing the cheapest supplier Walmart must make sure that this supplier meets the standards. In this case compliance-driven controls and profitability-driven controls are not mutually exclusive to the extent that Walmart is looking to make profits but also looking for the supplier who meets the most to standards.
-
Walmart actually looks for suppliers who meet their own standard. I believe I read in a case study from Harvard Business Review that Walmart is such a huge player in the retail industry that suppliers cannot afford to lose their business partnership. They are almost forced to sell their products at a low price to Walmart or risk losing their sales to another supplier who is willing to sell it to Walmart for that low price. It is alarming how Walmart have become the standard that most suppliers have to adhere to, price wise.
-
Yes in fact, Walmart has power over their suppliers. They force them to meet the requirement of their standards. But, those standards are also what Walmart needs to meet in order to operate in legal regulations.
-
-
-
-
In my opinion, while the Sarbanes-Oxley Act helped in making the Executive Management accountable for the lapses in control measures and in turn reducing instances of Fraud in the Finance industry, it certainly isn’t sufficient or there wouldn’t have been other cases of fraud after the law came in effect.
Did it achieve the goal of reduction in fraudulent practices – Absolutely. Is it sufficient by itself to entirely keep check on fraud ? Definitely No. There remains a lot of room for improvement.
Sarbanes-Oxley has essentially made it impossible for the smaller firms to do business due to higher operational costs. This obviously is in favor of the bigger businesses and quite unfair to the smaller players in the market.
-
Question: The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction? Explain.
The Sabanes-Oxley Act in the US is a sufficient reaction to the high profile control failures. After a series of accounting scandals in public corporations like Enron and Worldcom, the Sarbanes-Oxley Act passed on July 30, 2002. Within these accounting scandals and financial frauds, the Internal Control System of public companies was lax and nonfictive. To prevent similar control failures, happen again, the SOX enhance the weight of ICS through the SOX 302 – ICS and SOX 404 – ICS.
According to the section 302, the organization’s management are required to confirm their responsibility for” setting up and maintaining such an ICS”in writing. Moreover, the section also requires an effective internal control system to guarantee the financial reports are reliable. Because of the section 302, now, upper management of major public corporations needs to take the responsibilities in evaluating the effectiveness of ICS. Section 404 requires organization’s upper management disclose the effectiveness and weakness of the internal controls in an ICS report, which can help investors and shareholders better understand the performance of the company in real, and prevent the potential financial fraud. Both of section 302 and 404 enhance the importance of ICS of an organization, so these laws are a sufficient reaction to the high profile control failures.
-
In your own words, how would you define a control environment?
Control environment is a set of standards, processes, and structures achieved by the upper management to provide the basis for carrying out internal control to trickle down throughout the organization. A well-functioned internal control can define culture and behavior within an organization.Conversely, if upper management failed to demonstrate and communicate throughout the organization, it will lead to a weak control environment within an organization which means internal controls, risk managements and business governance will not be value throughout the organization. It will lead to inconsistency such as differences in value, business ethics and behavior between the lower level and the upper level.
-
I agree with you, whether control environment of an organization is weak or effective, to a large extent, up to its upper management’s attitude and awareness toward the importance of control environment. The establishment of an organization’s culture, ethic and standards, structures highly hinges on upper management’s attention and participation so that it could be followed uniformly by lower level and medium level.
-
-
I do agree with your opinion that the SOX was needed. The section 302 and 404 requires the management of an organization take the responsibility in confirming the effectiveness and weakness of the internal control for financial reporting in an ICS report, and according to the section 404, an external auditor must also submit a confirmation. In this case, the independence of auditing ensures the reliability of reports.
I also believe that these laws enhance the weight of the ICS of an organization, and the disclose of ICS report can also help those “small investors”who barely know the industry understanding the performance of the organization. -
Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability driven control?
In my opinion, a profitability-driven controls mean that a company will take the most risk and be active in the market to focus on increasing the annual revenue.
Ex: Apple – being active in innovating its products released each year with different functions, designs and better quality. Even though Apple follow the legal provisions in the U.S. It does not really care about the Foxconn labor commit-suicide rate in China.
Differences between a compliance-driven vs. a profitability driven control:
1. Short-term benefits vs. Long-term benefits
2. More risk taking vs. less risk takingBut generally, organization can achieve both controls in parallel because they are not mutually exclusive.
-
Question: Describe a business process you have experienced (either as an external or internal participant) and what your role was.
Experience: Customer Service Department in the China Construction Bank.
Background: The China Construction Bank (CCB) is the second largest bank in China. There are different teams in the customer service department, I was in the individual investment team.
My role: Because I have no experience in finance, so my job was collect basic information of potential clients, and answer their questions online. More importantly, I need to classify the clients and transfer them to different level of investment advisors by using the Online Customer Service System.
Process:
1. Log in the online customer service system by using employee account.
2. Choose online service option individual investment service current date
3. The system will randomly choose customers who want to consult the invest plan and profitable funds in the CCB.
4. Flow the question list and ask several questions like “how much money you want to invest?”or “Which kind of investment do you prefer? High-return but high-risk or Low-return but save?”
5. If the amount of investment $10,000 but $100,000, click “Transfer”option, and transfer this client to available professional individual investment advisor.
8. If the customers have some other questions which is no related to investment or you have no answer, click “Transfer”option, and transfer this client to the manager.
9. At the end of a day, check and save data in current date, click “Finish Report”option.
10. Log out the system. -
Great post Zhou, the attitude of the upper management is crucial to directly affect how a company is operated. And how to achieve a positive control environment is very important, I think that business governance has to be transparent and clear to follow for its lower-level. Employees should be provided with ongoing training,support and mentor programs from the senior management to gain more understanding of the business policies, culture, operating style within the organization so that lower level employees can carry out their proper responsibility effectively.
-
1 Describe a business process you have experienced (either as an external or internal participant) and what your role was.
Over my summer, I interned in a real-estate company in California as a junior accountant. I was part of a team of professionals working to manage daily accounting tasks.
My responsibilities included:
1. Assigned to assist with reviewing expenses and payroll records.
2. Update accounts receivable and issue invoices
3. Update financial data in databases to ensure the information will be accurate and available to other professionals to review.
4. Assist in preparing monthly report.
5. Ensure all business transactions are recorded.
6. Ensure all business invoices are paid by the due time.
7. Verify financial data is accurate
8. Verify real-estate disclosures signed by using Docusign. -
I agree with you. The SOX act is an enhance of protection for those investors. Besides of protection, I think the SOX act were established to regain the trust with the investors because the financial numbers are more reliable more under the SOX act. Investors and shareholders won’t invest in a company that they don’t trust so independent auditors are in need to review the financial disclosures of a public-held companies and responsible to issue their opinions to inform investors about how the company is performing.
-
You’ve explained the controlled environment really well, Deepali. I’d like to add that within Safeguarding IT Infrastructure, the below activities are extremely critical to gauge the level of Control within the organization :
1) Tracking and maintaining Issues and Risks
2) Timely Server patching activities
3) Accurate On and Offboarding process for personnel.
4) Timely verification of “Continued Business Need” for access to various IT systems. -
I agree with your thought on compliance-driven vs profitability driven control.
A profitability-driven company can only go so far to lower their costs. At some point, they will hit a wall set by laws and regulations. A profitability-driven company may ignore this and try to work around it.
I think the Apple example you provided perfectly demonstrates this. Apple tried to maximize their profits, however, manufacturing their products in the US was probably too costly due to relatively high minimum wage set my state laws. Apple hit this wall where they were unable to lower their cost anymore and they decided to outsource in China.
-
1. Describe a business process you have experienced (either as an external or internal participant) and what your role was.
I am currently working in Temple University’s International Admissions office. As all of us know, applying to a University involves many steps. Basic run down of the admissions process:
1. Potential applicants will need to submit their application materials
2. The application materials will have to be indexed into the student’s application
3. Once the application is complete, an admissions counselor will review the application
4. Counselor will make an admission decision
5. Once the decision is made, the student will be notified of their acceptance both electronically as well as physically through mail.My role involves the safe transfer of documents student submit to our office into our system as well as notifying students of their acceptance both electronically and physically. An example of a typical work process:
1. Students submit documents to our office either electronically or by mail.
2. I will open the mail or download and print the documents and compile the documents.
3. The documents is then sent to be scanned and indexed to the applicant.(A counselor will take over this step)
4. The application is reviewed and a decision is made(Back to me)
5. A report is generated of all the students who was accepted and denied.
6. I will notify all the students of their admissions decision first by email.
7. Then, the physical acceptance packages will be prepared to mail to the respective students. -
Question 2:
In your own words, how would you define a control environment?Based on my internship experiences as both an Internal and IT Auditor, I would define a control environment as the attitude of those throughout an organization towards how its members “control” or gain confidence that business processes are working properly and reliably. Since controls are just policies and procedures that aim to increase effectiveness, efficiency, and reliability or certain processes, it is up to those in management positions to develop these procedures and policies as well as enforce them.
In a positive control environment, those managers and executives set a “tone” which identifies that controls have a positive effective on processes and are beneficial in meeting that organization’s objectives. Due to this positive attitude toward internal controls, that tone is carried throughout an organization which can result into a well-designed internal control system that is properly followed throughout the organization.
In contrast, an organization that has a negative control environment, there is no tone at top of the organization supporting a good control environment. An organization can have on paper a very robust and well-designed control environment but ultimately have a tone where the controls are not followed and become ineffective. Likewise, a company with a negative attitude might not have even have internal controls designed into their business processes. Ultimately, a control environment is the attitudes of which an organization’s members have toward an internal control system.
-
I agree, a control environment is the tone of a company. This includes the firm’s attitude, susceptibility to change or problems, its leadership, etc.
-
1)
I am apart of the IT development process, an internal process, in which I help develop a set of requirements for new applications and other items and then carry it through the development process with other members such as a developer and QA. This process flows through many functions of the business.2. The idea comes through sales or upper management
3. The idea passes through a team to see if its feasible
4. I take the idea and I write up requirements and detail them out
5. I then review them with appropriate teams
6. The development begins on the item (i.e. coding for an application)
7. Development completes, QA tests
8. Business owner’s tests
9. The item is released
10. The item is used internally or for external members
11. If the item is made for external users, then it goes to sales and then will get sold -
I think it can go up to the C suite or the Board. I believe if the boards attitude influences the C Suite and then downwards. Therefore, i believe it starts all the way at the top.
-
I agree, these laws are a sufficient reaction to the high profile control failures. These laws help place internal controls into companies to help protect their investors and to make the market a safer place. This makes senior management accountable for what goes on in their company. Without these laws it would make it unsafe for not only investors but all of the employees who would lose their jobs like they did in Enron. The more people you hold accountable for actions the less likely a firm or person is to fraud.
-
I agree, compliance driven controls are more controls to keep information safe and profitability driven controls are put in place so the company has the ability to make as much profit as possible by following certain rules. For example, a hospital has to protect its patient information and educate their staff on certain policies such as HIPPA. However, a profitability control may be to have two patients in one room to help reduce certain costs for the hospital and they will still get the same revenue and more profit.
-
As you said, there are no legal regulations that require an organization to choose the lowest-priced vendor, but there are regulations that such selection or transaction must be in compliance with, such as the selection should be legal or satisfies certain standards, so that is still compliance-driven. Only if certain conditions are fulfilled, you may choose the lowest-priced vendor, This is what I disagree with you, but I agree with you that compliance-driven and profitability-driven is not mutually exclusive.
-
I Agree with Alexandra that SOX just forms the basic platform for providing control and is not sufficient in itself to prevent fraud. But without it, it would be a open field for more fraudulence. It always helps to learn from the past and to prevent it, instead of regretting later.
-
I agree with you Yu Ming that Adobe may be a better software in itself. But we need to consider what the objective of the business is. If it does not care about the additional functionalities and is not really concerned about the availability and only need few of the features which are also available in Nitro Pro 9 and if it is still compliant to the companies policy, one can consider the later.
-
Yu Ming,
You make a strong case, the longevity of a company sometimes outweighs the profitability. For this specific example, the use of Nitro Pro 9 hinders the company’s ability to assimilate on all platforms. Subsequently, by saving some money in the beginning by purchasing the cheaper software to increase ones profit, they take a larger hit in the long run, due to the software’s inability to be versatile.
Overall, most would think maximizing profitability and saving money would be the number one priority. However, one must take into account the loss of business that can occur due to their choice.
Yet, I completely understand what Binu means. Smaller businesses and companies may just want Nitro due to its affordability and its features for personal use, yet larger companies might need to the insurance of functionality and stability of Acrobat. Overall, the objectives and size of a businesses must be taken into account, when considering compliance-driven vs. profitability driven controls.
-
-
I agree with you Sean, SOX was needed to build the trust for the integrity of financial reporting. After companies like Enron and WorldCom, there had to be measures put in place to prevent anything like that from happening again. The public needs to know that they can trust what is being reported on companies financial sheets. SOX being there will help kind their mind at ease for now.
-
I would say that cooperation from both the C-suite and “front-line” leaders is necessary to establish a strong control environment. While the C-suite can set the tone for the entire organization by including a strong internal control system as a company value, lower level employees will look to the “front-line” leaders to see how this general idea is implemented in their everyday work.
-
I totally agree and only brought it up from personal experience in the military. What is put out by “the brass” in D.C, and what is said by your Commanding Officer, can be totally lost by the time it gets down to whoever is directly in charge of you and your colleagues. I believe they are both important, but figuring out how to get them both aligned can be a challenge in some environments.
-
-
Great explanation. The occurrence of such shocking financial scandals arose from serious control failure, By enacting a series of legal provisions with which organizations must be in compliance, to raise the importance of ICS within organizations as you said above so as to create a legal and effective control mechanism, not only for evaluation but very helpful for detecting potential risks in advance to ensure that investors and shareholders’ interests are under proper protection.
-
I agree with Annamaire and Pryia. Laws and regulations like SOX are not only adequate but needed. SOX not only aids management by establishing rules and set standards for compliance, but also creates a cohesiveness of protection amongst the organization, shareholders and general public.
Regulations are an appropriate response. They hold senior management liable for their actions and inevitably prevent fraud within the organization. -
1.In your own words, how would you define a control environment?
A control environment is an established setting in which regulations and procedures are used and enforced by governing bodies of an organization; their main purpose is to influence the control consciousness of their establishment such as providing discipline and structure.
A few examples of a control environment influences can include but are not limited to:
– The organization’s skill set, integrity, and overall ethical values
– The philosophy and operating style of its management team
– The way management allocates power and responsibility amongst their employees
– The overall direction and attention of its organizationOverall, internal control can aid an organization’s success, by ensuring its attainment of basic business goals. However, internal control cannot change characteristically poor management. Also, shifts in policy and procedures, competitors’ engagements or economic conditions can undermine a control environment.
-
Well explained Priya. Control environment is all about making an organization secure. I would add to this that control environment also relies on integrity, ethical values and also skills and employees competences. Another example of control mechanisms could be training session for employees. The control environment is other to be efficient should be understood.
-
Hi Sean,
I think the example you have given provides a clear example of what a profitability-driven control is. While it not might 100% relate to your example, I think alot of times companies implement these profitability-driven controls within their information systems. While a gas station might have a control where the price of the gasoline is adjusted each day by the owner to ensure profits, a larger organization might have these controls in place that restrict an employee from buying or selling a product or service under/over a set limit. By doing so, they can reduce the risk element of an employee potentially losing money on a sale or purchase all while increasing their profits.
-
Yu Ming,
Although, SOX has been found to improve market liquidity but for smaller public entities, there is a high cost of compliance associated that burdens them. It also demoralizes risk taking in the US’s public entities, which reduces the competitiveness in the market.
-
Hi Priya,
I have had a very similar experience as you. While I was only an intern for a year performing Internal Audit work, I did participate in some scheduling and audit planning. To take this one step further, I am going to identify how the audit process worked once the opening meeting has been held. It will be interesting to see if my experiences were similar to yours.
Process: Audit Testing
1. Commence the opening meeting to set the audit agenda
2. Review written procedures to identify if they align with procedures discussed in opening meeting
3. Requests documentation/evidence necessary to test
4. Review documentation and ask any questions that are still unanswered
5. Compile testing findings
6. Conclude findings in audit report
7. Meet with auditee to discuss conclusion and provide report -
Priya,
I have had a very similar experience as you. While I was only an intern for a year performing Internal Audit work, I did participate in some scheduling and audit planning. To take this one step further, I am going to identify how the audit process worked once the opening meeting has been held. It will be interesting to see if my experiences were similar to yours.
Process: Audit Testing
1. Commence the opening meeting to set the audit agenda
2. Review written procedures to identify if they align with procedures discussed in opening meeting
3. Requests documentation/evidence necessary to test
4. Review documentation and ask any questions that are still unanswered
5. Compile testing findings
6. Conclude findings in audit report
7. Meet with auditee to discuss conclusion and provide report -
Binu,
I was just wondering, was this laptop change a part of a control policy to make sure all the users always have
updated hardware? Because a vendor lease can always be extended. So, I was just wondering the reason behind this process unless there are any hardware issues with the machine. -
Paul,
You correctly said that executives need to set a “tone” in an organization. Since you have already got some internship experience as an IT Auditor, I was wondering if you ever experienced any resistance from any level management employee(s) for the newer control policies? If yes, how did you bring change in their attitudes?
-
Mansi,
I addition to the higher costs incurred by the smaller companies, I think it also demoralizes the risk taking attitude among the public companies in America. But having said that, I believe that since the repercussions related to Enron, Worldcom, etc. were significantly large and protecting the investors became a task of utmost importance, SOX bill was an appropriate reaction.
-
I agree, Abhay. My point was just that. Formation of SOX regulations was certainly called for (to tackle dipping shareholder trust in the US markets). But it seems more like a short-sighted, hasty stop gap arrangement to rebuild investor trust as opposed to well thought loop-hole-free regulations that would hold the right people accountable and not just the Senior Management by the threat of jail time.
-
-
Reading Yu Ming’s example of Apple being compliant in the USA but not caring about the Foxconn labor commit-suicide rate in China, raised a good question : would you say that a profitability driven company can be unethical?
-
I very much believe so. Profit-driven companies tend to act unethically, through still within bounds of the law. Nike sweatshops are another example of a company moving out of the country at an attempt to reduce their costs.
-
-
Good sharing! You were on the management side and your experience includes detailed planning, management controls and finalizing project! in the real word, i recognized that a detailed planning before doing the tasks is more important, and even the internal management control for all part of works is also important.
Thank you for sharing!
-
I absolutely agree with Mansi that SOX laws are in favor of bigger firm, which is very unfair. Small businesses shouldn’t be required a lot of internat control. The reason being that they have a simple organizational structure. In fact, they usually do not have as many business models and department as a big firms like Apple, for example, would have. Additionally all the big scandals that led to the creation of these laws occurred in big firms and were costly to shareholders. However, small firms do not have the same type of shareholders as big firms. Take the example of a small firm created by family members. These people have no interest in cheating themselves. Therefore, they do no need SOX laws per say. I’d say these laws are discriminatory in a way. The goal was supposed to “fix” the industry, secure organizations, and create favorable environment for investors. Unfortunately, it seems like it is also pushing away small businesses.
-
Thank you for sharing, Daniel! I have been there lots of times cuz I think it sells multiple diverse products and special snacks there. I think for nowadays, there are a lot of companies that are switching from a paper-work-station to a computer-work-station. And now, you have already had the chance working in the old system supermarket, it is a really good opportunities for you to have the imagination to change these kinds of companies.
Just like in another class (MIS 5202) we talked about the Stars Ambulance case, which saying there are lots of problems and challenges to switch or change, or add-value to a system which is already there. Management team does not like changes. So, as being a major in ITACS, I think we are in the role to make changes in there future!
Cheers!
-
Yulun,
Indeed, gathering data is a crucial step because underwriters rely on this information to accurately price the account. I’m not sure I’m answering your question right but, should previous policy year data be lost, I believe, the insurance company would have to treat every business they had before as new business. However, I’d think that clients have also copies of their policies so it shouldn’t be a problem for them to share the information with their insurance company. Chances that an insurance company loses all their data are very minimal because given the nature of their business they have major risk control prevention in place and tons of data backup.
Also, customers are free to switch insurance companies if they are not satisfied with their rate. Renewal with a specific insurance company is not mandatory. However, if a customer want to cancel coverage during current policy period, they may be subject to cancellation fee. I’d say talk to your insurance company first and evaluate your options. Hope that helps.
-
Thank you again for you shares! You answered all my questions! Based on your work experience, I recognized that data protection is so important for any business. Just like what we talked about the insurance policy, if the company lost it, plus the client lost it, we have to treat them as new customers because of the data lose, which will make customers unhappy because they become new customers to the company again and possibly they may switch to another insurance company.
-
Hi Abhay,
I have a couple of experiences where management had shown resistance to either new controls or testing certain controls. Since auditors are not the control designers, they are not the ones implementing it or forcing employees to practice new controls. However, since auditors are the ones testing the controls there could be resistance back when an auditor tells them a certain control is not working effectively. The one experience that comes to mind is during my Internal Audit internship I working on a fixed asset audit. As part of the audit, we had to test the process around disposals of assets and the processes of recording the disposal of assets was determined to be ineffective. We received a lot of push back by management stating that the risk wasn’t big enough, the responsibility wasn’t theirs, and that overall it wasn’t worth the effort. As auditors, we couldn’t enforce them to make the changes that we suggested, but if they were to not change those procedures, each time that process is audited it would result in ineffective and most managers do not want to see that on their “record”. Sometimes you can convince managers or employees to adopt a certain control, but other times you have to find different avenues to coerce change.
-
Hi Laly,
I have never thought about the impact of competition or economics and its affects on an internal control environment. In the perfect world without competition or strict financial goals, I am sure most organizations will pay heavy attention to controls that particularly affect the reliability of the financial statements and protected information. However in bad economic times when companies are trying to make their businesses more efficient, managers might spend less time on controlling the reliability of financial statements and compliance and more on making a bigger profit. Not only that, but stress on an organization can cause employees to try to circumvent those controls in place ultimately making them less effective. That was a very interesting point that you brought up which was something I have never thought of prior.
-
Annamarie,
I am familiar with the business process you have experienced. The one thing I would like to mention is how a net 30 vs. immediate payment makes the business process much harder for the internal staff. Finding a solution to assist the cumbersome business processes, or “Working Smarter, not Harder” makes the added burden more manageable.
Many business work on a net 30 or longer billing cycle, which adds another level to the billing process, consumes time, and opens up the risk of bad debit.
Prior to moving back into the technology industry, I was running a small U.S. Veteran staffing business full-time. We helped business recruit and retain U.S. Veterans. The billing cycle included a pro-rated 90 day invoice.
The terms were:
-100% money back for the first 30 days if the placement doesn’t work out
-66% back for 31-60
-33% back for 61-90Company is invoiced on the day of termination or the 90th day of employment.
This left a LONG time for things to happen and more difficult to manage. Using an SAP system helps automate the process. As a small company, we didn’t have the resources to purchase an automated billing system. There is something to be said about solutions that automate or reduce the problems that may arise from any “business process”.
-
Priya,
You list great examples in your post and immediately though of the co-location (data center) my organization uses. We are housed in two separate data centers. One in Philadelphia (Equinix) and one in Newark, DE (HostMySite). Both are managed independently and have multiple levels of redundancy, but the one thing that impressed me was the controlled environment.
Since many of our customers are regulated by HIPAA and SOX, the security requirements for data is at the forefront of both regulating organizations.
Now, we use both services in our sales pitch by saying, “Do you know where the competition is storing your data?” Are you sure it isn’t at there office location, or at the owners house. What would happen if a disgruntled employee decided to compromise your system, or worse a fire destroys their Network Operation Center (NOC) at the main office. You and your company would be without your hosted system.
-
Yes, I agree with you opinion. You mentioned that the upper management now are required to sign on the 10K’s and 10Q’s, which is a good example to explain the management needs to take responsibility in confirming the financial reports under the requirement of the SOX. According to the Section 404 of SOX, management now also needs to confirm the effectiveness and weakness of control environment in an Internal Control Report, and I think this can help small investors who have barely knowledge about the organization better understand the industry.
-
Hi Paul. Yes the audit steps did go the way you mentioned. Step 3 surprisingly took the longest time. Understanding of what documentation is requested is very necessary. Auditees spend time in collecting all the data and presenting it, and they do it form Auditee perspective. It might not be the same as what auditor expects. Spending more time in opening meeting and writing down all requirements clearly before the opening meeting always helped.
-
Priya,
In my experiences this seems to be the most frustrating thing about being an auditor. I’ve seen multiple methods to combat this which includes assigning a designated auditee to feed all the documentation requests through to providing an example of last years requested documentation. It frustrates both the auditor and the auditee if both can’t align what needs to be tested early on. You are most certainly right in that communication early on is key to reducing this frustration.
-
-
Regarding the differences you mentioned that Compliance driven control has short term benefits. I quiet disagree with that. Compliance driven control may have long term benefits as well. As in if the company is complaint to all its policies then they might not have to waste money with lawyers or with government to get things right after a control failure. Do you have an example to explain?
-
Yes, I believe SOX changed the way a public company worked. It made it more alert and cautious. SOX caused companies to have a greater internal control of financial reporting, independence among more-focused management team and increased expertise. SOX imposed new ethic requirement, disclosure requirements, new reporting and audit practices, created internal reporting and structures upon which Dodd- Frank Wall Street Reform and Consumer Protection Act was built.
-
Q: Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability driven control?
A: Profit driven marketing is to optimize revenue growth by leveraging economics of scale. Profit driven controls usually focus on “profits” rather than “efficiency” by analyzing all key components of a strategy and recognize the limit of optimum profitability.
A real life example of profitability-driven controls are Beats Electronics. In order to maximize profitability, the company would optimize the advertisement spending and allowing a better awareness, recognition and reputation of their brand. However, the analysts would identify the optimum spending on advertisement and adjust the price of products accordingly so that the profits are not only retailed at reasonable price, but also looks classy for a company with such reputations.
Profitability-driven controls focuses on maintaining profit from business activities, while compliance-driven controls focuses on correctness and is based on legal provisions. However, these two types of controls are not mutually exclusive, so organization can achieve both controls in parallel.
-
Q 2:
Sox act is in sufficient action. As to prevent such event like Enron bankruptcy, and regain the investors’ confidence on the information the public companies provided, US congress passed the Act. it protect the investors from high possibility of fraud risks, cause of the act require public companies’s financial disclosures and keep them from the accounting fraud. -
Q4:
Example of profitability-driven: the textiles manufacturers, they would try to increase the profit margin by keeping the revenue and reducing the cost, and they still follow the regulations.
the difference is that complacence-driven control with set of standards and policies needed to be considered.
but -
Q: The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction? Explain.
A: The Sabanes-Oxley Act (SOX) served as sufficient reaction to protect corporations from accounting errors and fraudulence. The primary purposes are to improve accountabilities of corporations by introducing mandatory storage of several specific types of records from a business, as well as keeping all records for an extended period of time. In another words, corporations are mandated to store all business and financial records by following the exact measurements and guidelines set by SOX. In this case, SOX determines exactly how and what types of records should be kept, hence lead to an absolute clear and fair ground to help extinguishing accounting errors and fraudulence. -
Q3
The top management of the company establishes of kind of policies, rules affects the way to solution problem, and respond to crisis etc. A good internal control environment and system can enhance the development of the company. but in some state owned company in China, they didn’t have good control environment, bureaucratism plays important role in the companies’ management, so they have low effectiveness on decision-making and production. For example,Xinhua is the a state-owned book store, dominating the market before 2010. The state-owned company, filled by corruption and bureaucratism, has low effectiveness to response to the market. In 2010, Dangdang.com, an online bookstore, come out and dominate the market soon and Xinhua bookstore’s domination ends. -
Q1: The experience I share is about my intern at a textile and laces manufacturer company in China this summer. The company’s business is to sell the textile product such as laces and lace trims to laces product trading company, and finished clothes manufacturers.
Business Process:
1. The existing or potential customers will request the information on the price, the availability and samples of laces product they need.
2. After checking the price and avability of the products, we will offer the price, shipping method and payment method (T/T ect.) as well as send the samples of the laces the manufacturer request as soon as possible.
3. The customers will close the deal if the price, delivery date and quality of the sample meets the their satisfaction. and they will pay 30% deposit before production starts.
4. After the product the customers request is ready, We will contact logistics company to shipping. And the customer will pay the remaining 70% before shipment.My role is the sale representatives, and the responsibility to maintain good relationship with the existing and prospective customers, to develop plan and strategies to achieve sales target, and to ensure that availability of products suits the needs of the customers.
-
Q: In your own words, how would you define a control environment?
A: A control environment is the cornerstone of the internal control system, it supports and decides other elements. In an organization, the control environment represents upper management’s attitudes, awareness and actions towards controls and focus they have on IT controls. The “Top-Down” approach to control are most often use in the organization environments, it means that the managements set the tone for the focus of and adherence to controls.
A good control environment will include communicating ethics, employing good staffs who have positive influence, participation and professionalism. Also, management’s philosophy and operating style is very important in a good control environment. -
It is true that SOX places more burden on corporations, it was a necessary reaction to the corporate scandals. While most companies are not defrauding their investors, it only takes on large enough company to collapse to reverberate through the economy. If a company the size of Met Life or AIG were to fail, the global economy could fall into a recession. Additionally, it is important for people to have trust and confidence in the market for it function properly. Scandals such as Enron undermined confidence, and many lost trust in large corporations and regulatory organizations. Increased regulatory oversight is essential for regain the public confidence and trust, even though it may disproportionately effect smaller companies.
-
I agree that HIPAA is a compliance control for a hospital because it does protect health data and is a legal requirement. It might also be possible to consider HIPAA with profits. If a hospital suffers a data breach because HIPAA requirements were ignored, then reputation and financial losses could be significant. Reputation is one of the most important risks for any organization and hospitals need patients/customers to trust their them with their healthcare data. Financials losses can typically be absorbed through insurance and retention, but damage to a reputation can last far longer.
-
Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability driven control?
A compliance driven control is focused on legal and regulatory requirements, while profitability driven controls concerned with revenue and expenses, and not mandated. Companies use profitability driven controls to maximize revenue, while minimizing risk.
Google’s recent pause of its expansion of its fiber network is an example of profitability driven control. It is expensive to build infrastructure for a fiber broadband network for a city. Google reportedly spent $1 billion in Kansas City, which included digging up streets and yards to lay underground fiber cable citywide. The process is slow and expensive, which caused google to delay plained expansion into two markets. It is now testing a wireless alternative to delivery gigabyte internet to customers, which could dramatically lower expansion costs. There is no legal requirement for Google to consider a wireless alternative to fiber cables, it is a profit driven decision. The company wants to reduce its financial investment with future expansions, which would increase profits while reducing its risk.
-
Q: Describe a business process you have experienced (either as an external or internal participant) and what your role was.
A: One of my experiences that I want to share is working as tax accountant in a small CPA accounting firm. My job was to prepare individual and business tax returns for clients.
In my company, we use a CRM called insightly to track our work progress. I think this is a very useful tool for business owners. It make sure that employees are on top of their project at every stage. For example, if I were absent and a client call in for immediate response, my co-workers will able to search the name of the client and look the history/comments that I left for that client’s project.
We have a pipeline for each project, the following are the pipeline for preparing a business tax return:
1. Interview: in this step, I will have three tasks, which are calculate the depreciation, gather financial statements and complete tax organizer. This step is where I contacting the clients in person, by phone or emails to get the tax information I need to prepare the tax return.
2. ATX: In this step, I will have two tasks, which are input data to ATX and review tax returns. I will compute all the information I gathered from clients into ATX. After I have a draft copy I will review the tax return to make sure the balance sheet balances and all the data is correctly inputted.
3. Signature: in this step, I will have two tasks, which are obtain efile signature and process payment. I will send the draft copy and efile form to get the approval from clients. Also, I will send client our service invoice through quick book.
4. Process tax return: in this step, my task is to print/email the tax return copy, payment coupon to clients if necessary.
5. Efile: in this last step, I will make sure all the tasks from stage 1-4 are completed, and then I will efile the tax return for clients. -
In your answer you said ‘Profit driven controls usually focus on “profits” rather than “efficiency”. My experience is that profit improvements can come from both revenue (top line) growth / improvements as well as bottom line cost improvements. Efficiency is a common (but not only) driver for cost reductions and hence profit growth.
-
Sean,
I agree with you and most of the replies. SOX puts management responsible for the reporting and actions of the company. You mention common sense and others have mentioned fraud still existing with strict SOX regulations, that burden small businesses.
In my opinion, common sense isn’t the standard when business leaders are responsible for stock prices. This is why fraud still exists, unknowingly in organizations. I am not implying all business are corrupt, but merely agreeing that fraud still exists and rules must be changed to adapt to a changing environment. This will unfortunately increase the cost of doing business under SOX regulations but it’s better than having your retirement fund invested in another Enron or MCI / WorldCom.
-
Jianhui,
You make an interesting reference with Xinhua and Dangdang.com. I am not familiar with the reference.
When you say, “Low effectiveness to response to the market” because of “corruption and bureaucratese”, do you mean management’s hands are tied when making business decisions because of the threats or bribes from outside parties? I agree this is puts a blanket over internal controls but do you think the failure was internal controls or the death of brick & mortar bookstores, similar to music / record stores?
-
Deepali,
Your example of compliance vs. profitability controls was a great way to sum up both controls in one industry. The banking industry must maintain compliance controls set by the federal reserve, this restricts the real profit of the bank but also protects the consumer from profitability controls prior to the compliance controls.
I believe compliancy controls will always follow profitability controls in a Market economy.
-
Rightly said, Yulun.
Risks are the last things that a company wants to ignore it. A risk can be defined as a measure of threat, which means a risk can also be described as potential losses or a damage to an organization. You hit it right on the head as it is crucial to set up the right risk management plan within the organization. One of the best options to mitigate risks is using the Frameworks. They are well-designed lists/documents that elaborate each step of the required actions with a compliance to reduce risks.
-
Annamarie,
I appreciate sharing your experience!. I also had an experience similar to yours regarding sending/receiving invoices through an automated system. The one I used was, however, nothing close to SAP system, though. I used the in-house developed system while I was working for a grocery store. The system only comprised simple functions (creating sales reports, billing and receiving invoices, for example). But one thing I was the most impressed with the system was (like you mentioned 30 days payment period) it automatically pushed out a notification to customers, whoever we were filling out invoices to, before and after the 30 days payment period. Thanks to the notification, it was much easier for us to collect the payment. Additionally, we were able to extract an Excel data file from the system, so we could look over data of which payments were overdue.
-
Priya and Paul,
I really thank you both sharing your experiences and explaining steps of the audit process. I’ve also heard that it is absolutely labor intensive to collect right evidence/documentation for auditees.
As I have a none of an experience in internal auditing, could you tell me how long it took to complete an auditing process? I can assume a time could vary depending on the case; however, I just want to have a sense of an average time in general. Thanks! -
Hi Paul,
Thank you for sharing your experience! Several days ago, I had a chance to talk to an IT Audit manager from MetLife. And he described an internal auditor’s role as “The role of internal audit is to provide independent assurance that an organization’s risk management, governance and internal control processes are operating effectively.” He also mentioned that the main duties of the internal auditor include observing and documenting findings but not an execution of control changes. Control changes independently rely on management’s decision.
-
Sure thing Daniel. I think it really depends on the type of audit that is being performed. From your standard Internal Audit, which is to say that Internal Audit is performing a non-compliance audit for their own understanding of a process, that would usually take like 2-3 months depending on the size of the department and complexity of the process in audit. For SOX control testing, that can have a pretty significant range depending on the Internal Audit department’s capabilities. This is normally done by external auditors but can be performed by Internal Auditors if the external auditors can place reliance on the testing. Due to this, testing can range from hours to months. My experience was that SOX testing took a couple of months around the end/beginning of the year, but the work was spread out among eight auditors,
Hope this helps!
-
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 1 month ago
(Updated Thursday September 1 – corrected incorrect dates and times – differed from what I shared in Class 1)
I want to go over your weekly activities a second time to make sure there is no confusion.
Via […]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 2 months ago
Attached document contains feedback from prior classes on these questions:
Why Should I Take this Course? (What Key Things will I Learn?)
What Should I do to Assure Getting a Good Grade in this C […]
-
Edward N Beaver wrote a new post on the site Auditing Controls in ERP Systems 8 years, 3 months ago
Welcome to MIS 5121 Online! I hope you are as excited to get started as I am. You will learn the the fundamentals of ERP Systems, the business processes they enable and the controls necessary to assure they w […]
- Load More
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
Mr. Cash had the opportunity to commit the fraud because he worked on the assembly line and had access to all the parts that were used to create a Cadillac. He also worked there for 20+ years which gave him the time to take everything needed to build one piece by piece so GM wouldn’t notice. It helped that he was able to fit most items in his lunch box, and those items too big to could fit in an accomplice’s motor home.
Mr. Cash had incentive to commit the fraud because it wouldn’t cost him a dime to carry the fraud out and get the car he wanted. He also put the pressure on himself to drive around in style, drive everybody wild, have a one-of-a-kind, and the only one in town. Since he always wanted one that was long and black he felt the need to do so as well.
Mr. Cash easily rationalized the fraud to himself because he believed he’d have it all by the time he retired since he planned to work there for 20+ years. That statement makes the argument that he felt he deserved it and ties in with he built them, didn’t own one, and held his head in shame for it. He never considered himself a thief, so he believed GM wouldn’t miss just one little piece; especially if he dragged it out over several years.
2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
First, if feasible, I would institute an access control policy and segregate portions of the assembly process and line physically. By separating the various assembly processes, and the personnel who conduct them, it would limit physical access to all parts needed to assemble a product. Separating the processes physically could also possibly limit interaction between employees from removed assembly processes that would help mitigate collusion to commit fraud. Limiting access through segregation of the processes and assembly could have a residual effect on employees to commit fraud too just from knowing that they would look out-of-place in areas they aren’t normally supposed to be.
Second, again if feasible, I would institute a policy and program to track each part used at each point in the assembly process. The policy would “check out” or “issue” parts to the employee doing each process. By associating each part for each process with a specific employee would create accountability. That accountability through the process would help prevent theft/fraud since employees would know they would be associated by name to each part or piece issued to them for use in assembly. Any missing part requiring the re-issue of another part would immediately raise a red-flag to possible theft/fraud in an area of the assembly process.
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
The fraud triangle consists of three parts; Pressure, Opportunity, and Rationalization. Throughout the song, the environment described several areas that would be favorable to fraud. The first area that came to my mind was the pressure portion of the fraud triangle. Cash states that he had always wanted a long black car and it was to the point that he would hang his head and cry over not having one. This demonstrates that Cash was under a deep pressure to have the car that he wanted, to the point that not having it was affecting his attitude. Likewise, there was an area of rationalization. Later in the song, Cash sings that “I never considered myself a thief, but GM wouldn’t miss just one little piece, especially if I strung it out over several years”. In this, Cash is rationalizing that his actions had no effect on GM or those around him. Lastly, I would say that there was the opportunity to commit fraud due to the lack of oversight. Cash said he was able to take parts in his big lunchbox which might be easily unnoticed. However, Cash sang, “the big stuff we snuck out in my buddy’s mobile home”. If there are no monitoring of products such as the engine or trunk, then many employees would have had the opportunity to steal. I think overall, the three areas of the fraud triangle were present in the GM environment which made it more susceptible to fraud.
You are absolutely right Paul. Not only Johnny was under pressure to please other with his unique car, but also had the mean to do so, for free.
There was definitely a lack of monitoring in this case, which set the opened the door “easy” crimes.
The mobile home used for the bigger pieces part of the song stuck out to me too. It showed how collusion allowed the fraud to take place, at least parts of the fraud to “large” for one person to carry out themselves. That is many times an integral part of fraud, especially in environments where there are controls to try and prevent/detect fraud. If the right people collude to commit fraud they can mask and hide fraudulent acts because they’re in positions to both commit the fraud and to hide it afterward.
Hi Sean,
You bring up a really interesting point about collusion. As IT auditors, one of our responsibilities (if not main responsibility) is to test internal controls specifically around the IT systems. With that being said, internal controls have one significant “shortcoming” which is that they are prone to collusion. Whether it be authorizations or segregation of duties, if individuals can collude than they can effectively bypass internal controls without much effort. This makes fraud a harder topic to pinpoint especially when performing an audit. I linked an article below that goes into detail about collusion and internal controls. In respect to Cash and his collusion, I think it would be hard to set up an internal control that would prevent him from colluding to get the pieces.
Link: http://www.kellogg.northwestern.edu/accounting/papers/novoselov.pdf
Your point about collusion made me consider it from a different perspective. Even if he didn’t need or receive any help, other employees could still be complicit. He stole a lot of parts over a long period of time, and more than likely someone would see him placing one in his lunchbox or another incriminating act. Even without proper audits or controls, other employees could have allowed it to occur even if not intentionally.
I didn’t even consider that angle of collusion, so that’s a great observation. I’m sure a lot of people have seen somebody use company resources at work for personal matters, or even take company resources home rationalizing their minor cost to replace for the business. Thanks for bringing that aspect up.
2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
If I were the operations manager, I would implement a control that measures the number of completed GM vehicles to the number of major components to a car. Theoretically, in order to finish 1 GM car, then 1 GM engine should be used. An engine more than likely than not will fit into the vehicle unlike nuts and bolts which might have scraps or broken pieces. Therefore, a daily reconciliation between the number of engines (other major parts should be used too) and the number of completed cars against the engine inventory amount will identify the number of misused or stolen parts. On top of this control, physical controls should be used to make sure that the major vehicle components, such as engines, are appropriately locked in a safe storage area. If the Order to Cash process is secure, especially with making sure the inventory count is correct, then this control can be useful in preventing fraud such as theft of GM car components. One could argue that an employee can still commit fraud, however, by monitoring major components of a car the financial portion of the risk is greatly reduced.
Paul,
Nice post. However, one car can use more than one major component. In your example “in order to finish 1 GM car, then 1 GM engine should be used”. What if the engine is defective? The employee should be able to replace a component if it’s not working.
What they can do as you said, is to do daily reconciliations where the employees will explain for example why he/she used more than one engine for one car.
3. Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
One area that comes to mind of the OTC process that will be different for domestic and international companies would be around foreign exchange risk. Foreign exchange risk is the risk that the currency exchange rate can have an effect on the value of a transaction or investment. In this case for the order to cash process, a sale for a product can be made, but by the time the payment for the transactions has been received, a loss can be had on that transaction. While there does not seem to be to be much published online about how controls can mitigate foreign exchange risk, a control that could be used is to utilize forward exchange contracts for sales that reach a certain threshold. Essentially a foreign exchange contract is an agreement to which a certain amount of foreign currency will be bought on a specific future date. While this might not mitigate foreign exchange risks on all sales, large sales can mitigate the risks by using these contracts.
I agree with you Paul. Cash flows will be dubbed in different currencies, and the effects of currency devaluations must be addressed in all financial analyses risk. Unlike their domestic financial management counterparts, multinationals are subjected to exchange rates that differ based on inflation rate in foreign countries where they operate. High inflation will result in currency decline, making it difficult and unpredictable to operate profitably. Additionally, the process of exchanging currencies when transferring money between countries can be expensive and inconvenient.
Paul,
You are absolutely right. Most international companies charge different prices according to their location. In fact, this control allow them to mitigate the foreign exchange risk. For example, Apple charges the iPhone 7 at 769€ in France, $899 (CAD) in Canada, and $649 in the US.
Great example of the new iPhone 7 Said. Indeed, the foreign exchange risk may cause the changes in products’ current price, and I think there are more reasons to cause the different price of the same product in different countries. For example, the import tariff policies in different countries is different, and this may also significantly affect the price of products.
4. As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
Two less obvious inventory control measures that come to my mind are the tracking of scrap material and surprise inventory counts. For the tracking of scrap material, this helps the organization as it identifies materials that are still usable and those that are not. From a financial reporting standpoint, this is necessary are you need to accurately disclose the amount of inventory the company has. From a business standpoint, this is necessary as it helps in analyzing the waste of the company which identifies where to improve processes that are causing the waste as well as the control helps identify if the company needs to purchase more materials. Therefore, a control around waste should be implemented that has procedures about measuring the amount of scrap before disposal.
The other less obvious control that came to my mind was performing regular inventory checks for inventory that is obsolete or unused. Much similar to the scrap material control, the aids in accurately disclosing the correct amount of material as well as provides information for the business to make decisions of off. A company can implement a monthly inventory review and identify that if inventory is over a certain number of months old, then that inventory should be sold or discarded to provide storage area for new inventory. Therefore, a control like this can help a company manage its current inventory better and give more information for better decision making going forward.
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
This video is actually a song in which the singer (johnny) leaves his home in Kentucky to work in an assembly line at General Motors (GM) in Detroit, MI. The first year he participated in the creation of a Cadillac. He then gradually developed an admiration for the car. He wanted it decided, but couldn’t afford it nor steal it. So he had the “genius idea” to steal auto parts every day one at a time over several years. He hid new pieces in his lunch box every day until he obtained what he thought were all the necessary pieces to build his own Cadillac. So with the help of his friends they attempted to assemble the parts. Unfortunately, because he stole pieces in different year, the parts did not necessarily match (in that case the engine and the transmission were not from the same year). This did not stop them from building a very unique car which was the center of attention as he wanted.
Using the Fraud triangle, I can tell that the incentive came from the fact that eh worked on the cadillac, admired it and wanted one as well. He just had a desire for a status symbol that would make people talk about him in the street.
There was opportunity for fraud because he was a trusted worker, not doing anything “obviously” different in the assembly line every day, hence people could not be suspicious at all. And quite frankly who would think that someone would steal piece of a car over several year to actually build it at home?
Finally, he told himself that it was a big deal for GM. They wouldn’t miss a piece, especially if it was done over several years. He believe that the crime he committed was not actually one.
2) Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
If I was the operations manager, I would use detective controls to mitigate employees theft and fraud. In order words, I would manage inventory in a way that the Physical inventories would be done at least once a year by individuals who are not responsible for inventory records and who do not work in the same assembly line. So that chances that they are friends with Mr. cash for example, are limited. I would also install security devices to monitor inventory as well if possible.
I would also limit the access to auto parts pieces and install security camera everywhere that would be permanently checked. Even if they are not regularly checked, just by installing them chances that employees will steal the good are very low.
good analysis Sean.
I also think that he had opportunity to commit fraud because not only he was a trusted employee but also he had “connection”. He had friends on site who helped him as well. I don’t think that he could have done this alone.
you are also right on the incentive part. I mean he didn’t pay anything, and for him GM wouldn’t even notice part missing so it wasn’t a big deal either. He could have an awesome car for free. Who wouldn’t be tempted?!
Sean, I would think that every pieces are store at the same location so segregating portions of the assembly process wouldn’t necessarily prevent inventory fraud. Right?
It would depend on the specific business more than likely. Business A may store every piece in the same building for instance while Business B stores parts in separate locations to streamline issuance (as in the pieces needed for specific assembly steps are stored closer to the locations where those steps are accomplished to cut down on lost work-hours wasted going longer distances to get more pieces). More importantly, and maybe I should have been more clear, by segregating the assembly processes physical (i.e. requiring access to different parts of an assembly plant to conduct different assembly steps) would separate the workers’ access to just the parts their process required. The workers would not have access to each and every part required to assemble an entire product fully. Now, the personnel who issue parts from a single location would have access to all parts, but the personnel who issue parts from segregated storage locations would not have access to all parts. Does that clarify it better?
oh okay.
yes it does! thank you.
Adopting business B’s method is a better way to prevent inventory fraud obviously.
Surprise inventory count is a good one! In fact, employees won’t expect it, which makes it easier to detect fraud. If a fraud is detected once, chances are that it will not happen again because they would be scared to be caught. Similarly, if employees know that there are surprise inventory counts once in a while, the idea of stealing shouldn’t even cross their mind unless they count on “luck”.
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
The ‘One Piece at a Time’ video explains the fraud triangle model. The three factors include: 1.Perceived unshareable financial need, 2. Perceived opportunity and 3. Rationalization. These factors cause someone to commit occupational fraud. These 3 concepts are prevalent in the premise of Johnny Cash’s song. The song depicts Cash’s yearning for a Cadillac while working in the assembly line at General Motors.
Johnny knows that he cannot afford the car or directly steal the car from his job; he decides that he will just steal the auto parts every day on the job with his friends for several years, in order to build his own Cadillac. Mr. However, once Johnny and his friends have the pieces to create their very own Cadillac; they notice the pieces didn’t quite coincide and end up with their very own unique Cadillac. Jonny and his friends were able to rationalize this fraud by stating that this large profitable company would not miss the pieces they gradually stole.
From the song, you can clearly see the Fraud Triangle. He wanted the car and knew he couldn’t afford it, so he used his position within GM as an opportunity to steal from the company to obtain the product. In this instance, the environment was favorable for Fraud. He worked for GM on the assembly line and like most companies they believe their employees would have integrity and therefore be a trusted employee. He didn’t raise any suspicions throughout the years, the measure he took by stealing parts over the year would not be easily picked up by management or others.
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
Ans: Fraud Triangle also know as Cressey’s hypothesis explains the factors that result in someone committing occupational frauds as pressure, perceived opportunity and rationalization Intersect.
Johnny was working in Detroit in assembly line of the car company Cadillac where he was in department that assembled the wheels. He would watch every day the cars that drove by and this made him want a car for himself that was unique and different from others.
1. Pressure: He had always wanted a car worth hundred grant. And now he was placed in an area where there were he saw them everyday and which made him envy and want a car more than ever before. And as he didn’t have that much money with him he felt pressurized to commit fraud.
2. Perceived Opportunity: In this company they were allowed to carry their lunchboxes in and out and no one checked what was in it, so he would be able to take smaller parts like nuts and bolts in them. The company did not maintain any record of the parts and so even if he takes some no one would notice especially as it would be over a period of few years. Also for the bigger parts like fuel pump, engine they would be able to carry it in his friend’s mobile car.
3. Rationalization Intersect: He had planned to take this parts in a period of several years and he rationalized with the fact that as he was doing little by little everyday, it would amount to nothing for the company he wasn’t really taking much and so he wasn’t stealing.
All this factors made him commit the fraud.
2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
If I was to assume the position as the Operations Manager in Johnny Cash’s song, the number 1 key control I would implement would be making sure the assembly line parts were counted for and solely designated for an exact number of cars. This detective control would be implemented by my ability to manage the physical inventory and combat theft from the assembly line. Not only would it combat the theft, the employees would be made examples of. In the case of ‘One Piece at a Time’ video, the culprits would have known that management picked up on this and would be deterred to continue.
2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.’
Firstly I would have a control that would have all parts properly accounted for and the inventories are maintained well.
Secondly a control should be in place to monitor what goes in and what comes out from the company. That security checks are in place when an employee comes in and out of the work place.
Good thinking Binu, I too was of the opinion of putting in monitoring controls through the plant and introducing start of the shift and end of shift inventory checks. Apart from these I can think of having metal detectors or scanners(like the ones at Airport security checks) being used to have the personnel scanned during entry into and exit from the factory floor.
Great point Mansi. In my organisation we had a scanner installed at the entry to check personal electronic devices such as hard drives, pen drives etc so that no data breach can occur. Metal detector can work in the way for a car making(manufacturing) firm. This will help in stopping such kind of theft to a great extent.
There was a case before the Supreme Court of the United States recently about security checks employees had to go through at the end of work shifts at warehouses for Amazon. The workers, after clocking out, were forced to wait in long lines to go through security check points before exiting the warehouse. These check points were instituted to prevent theft. Well employees felt they should have been paid during their time in the lines since the time often reached or exceeded 30 minutes in length. The workers ultimately lost the suit, but it definitely raises the awareness that controls have to be carefully considered during development and before deployment to ensure they don’t create more problems than they solve.
Sean,
You are absolutely right. In my previous post. I said that I would install security cameras to monitor employees. This can bring more problems than solutions. In fact, in psychological point of view it can decrease employees productivity because they will be anxious.
Also, as you said it takes time to check everybody; which raises questions like “Should we paid employees for the waiting period?
All good points!
I agree with Said, Instead of employee bag check, installing security cameras could prevent employees theft. Like Amazon, Apple was sued by a class representing 12,000 employees, arguing time spent complying with an “Employee Package and Bag Searches” security policy amounted to compensable overtime under the Fair Labor Standards Act.
Ultimately, the workers lost the suit. Some employees also reviewed that they were being treated like criminals because of that policy in a psychological perspective.
I think conducting employee background check before hiring to ensure the employee’s moral standard could be helpful in addressing the risk.
That’s interesting, Sean. Thanks for the information on the Amazon case. I agree with your view that considerable thought should be put in before planning and implementing controls. Apart from the monetary aspect, standing in line for 30-40 mins a day for a check would have it’s share of problems. To tackle that problem, may be the company can introduce random checks to be done on employees. Just the thought or fear of getting caught stealing could be a deterrent to this kind of fraud.
I would be curious to see if the cost implement mandatory searches of employees is effective at preventive thefts. And if it is, is it cost effective? I can see a scenario where it does reduce employee thefts but the cost to implement the program could be larger than any potential savings from stolen inventory.
Personally, I do think that the employees should be paid for their time, especially if it takes up to 30 minutes. Amazon does have legitimate concerns, but employees should still be treated with some respect and made to feel that there time is valued.
The detective controls is to mitigate employees theft and fraud. security cameras and guards at the assembly line. The guards will be responsible to check employee lunch boxes and others bags. This is an effective method to monitor the inventory.
I agree with you, implementing security cameras and guards at the assembly serve as detective controls. Managers can look at video of employee’s actions throughout the day to detect potential theft. In addition, having guards can quickly detect and notify management of attempts by employees or outsiders to steal company’s inventory or other assets. With security cameras and guards I think it is not easy for potential theft to steal because they know they are being monitored.
Very apt Binu.
I would also like to add that employee physical access log system can be in place. In this example, when Mr Cash was stealing big auto parts that could not have been carried in lunch box, he might have come with his friends at odd hours. A access record would be a great control here .
I think your first suggestion is not easy to detect, cause Mr, Cash stole one piece each time, even you detected that there’s a piece among hundreds is lost, how could you determine it is stole or missed?
Yes Ming. It will not tell us if a part was stolen or missed when it is a small number. But by checking the inventory we can know the trend. That is if it is happening regularly, what parts are missing and who was responsible or present at the time when the parts were missing.
Alex,
Like you, I thought implementation of a detective control would be the most beneficial from the operations manager’s perspective. Not only would the manager be able to see that theft and fraud was occurring, but given a chance to punish/ apprehend the culprits as well as mitigate the risk. These employees would have been blindsided by such a control. As for the implementation of security cameras, that is a great addition.
A 1 The Fraud triangle is a model for explaining the factors that result in one committing occupational fraud. It consists of 3 components – Pressure, Opportunity and Rationalization.
In the ‘One piece at a time” video, Johnny Cash goes on to say how he started to work as an Assembly line worker, installing wheels at General Motors in Detroit. Every day as he saw the gorgeous cars around, he started longing to get one for himself. The constant craving of owning one of the cars and the urge to show-off, pressured him to devise a plan so that he too could own a Cadillac one day by stealing one part at a time from the factory and later assembling it at home. The longing constitutes the Pressure component of the fraud triangle.
Cash had the opportunity of committing fraud as he was a worker at the factory and had easy access to the automobile parts. He also had a frend who would help him flick the parts out of the factory. This constituted the opportunity component of the Fraud triangle.
Finally, Cash goes on to justify his plan by stating that for the company, each part that he would be taking would only be one part which wouldn’t be of much significance or have a huge impact over GM over the course of years. This is the Rationalization component. In this way, all 3 components being present in this situation, made the environment perfect for Cash to commit occupational fraud.
Great control Sean! I really liked the idea of having designated process: “By associating each part for each process with a specific employee would create accountability. That accountability through the process would help prevent theft/fraud since employees would know they would be associated by name to each part or piece issued to them for use in assembly. Any missing part requiring the re-issue of another part would immediately raise a red-flag to possible theft/fraud in an area of the assembly process”.
By implementing such a policy most definitely creates a realm of accountability! This process points out directly the culprit of the fraud by raising the red flag. I didn’t think of associating each part of the process with a specific employee, rather just the inventory. Good job!
Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
This video is actually a song, One Piece at a Time, the singer,Johnny, worked assembly line in GM at Detroit when he leave home. He went a car, but he cannot buy it. So he decided to steal auto parts every day until assembling a car. And he did not need to pay money. However, the parts were from different years so he cannot use the car.
According to the Fraud triangle, as opportunity perspective he could steal different parts several years, so the GM company was lack of the internal control, and lack of oversight. He was able to take parts in his big lunchbox which nobody noticed. As incentive perspective, the financial pressure pushed him to steal parts, because he cannot earn enough money to buy a car. The car is his personal needs.
Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
To monitor the inventory of supplies, materials and products needs to be accurate in order for your business to run efficiently. To make sure your inventory reflects what you purchased and created, you need the right inventory management system.
Control procedures are crucial to your company’s purchasing activities. Basic activities, such as segregating duties, can reduce your company’s risk of financial fraud. Employees responsible for making purchases, for example, should not be the same employees receiving the goods or handling payments to vendors.
Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
The one different area in the international corporation is about the shipment Tracking. The shipment process may be lost the products or product damaged from overseas shipping. the control should provide visibility into the location of goods throughout the life of the trade. This includes entry and exit from ports, title exchange and proof of delivery. Tracking provides a status report regarding the arrival of goods at their final destination.
I would also like to add that the company should consider the geographical conditions to where the shipment will be delivered. If there is extreme change in climate of where product is made and where the shipment is suppose to reach may damage the product. Also the conditions while transporting goods must be favorable for the products and must be controlled.
In case of international shipping the perishing ability of items and time taken for shipment and further delivery must be considered.
A centralized quotation database is a must which considers the currency exchange between the boundaries of a country.
As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
Don’t get caught with too much inventory. “Afraid of being caught short, it’s easy to spend too much on inventory, which can eat up working capital and erode profits. Warehousing isn’t free, of course, and inventory that sits on a shelf is subject to damage, depreciation, and even obsolescence. Old inventory can be very hard to move. Your options aren’t great,’ says Paul Huppertz, a logistics expert with The Progress Group, a supply chain consulting company based in Atlanta. ‘You may end up marking it down, selling to discounters, or shipping it to overseas liquidators.’
“To fix it: Start with some decent projections of how much supply you’ll need and when you’ll need it. The best gauge is what you’ve sold in the past. If you’ve sold 100 items per month for the past 12 months, chances are that you’ll need 100 this month. Then there’s seasonality: Do you usually see a fourth quarter spike with holiday sales? Or, if you’re in the home and garden business, do you see more activity in the spring selling season? ‘You can also identify and quantify less obvious patterns such as month-end spikes,’ says Huppertz.”
You should be able to break down your inventory into three basic categories: safety, replenishment, and excess or obsolete stock. “This breakdown makes it easier to make sound decisions about appropriate levels for each of these three areas. It helps determine the minimum safety stock needed to provide an insurance policy against supply chain problems either from manufacturing glitches or distribution uncertainties so that customers get what they ordered. It’s useful for pinpointing the amount of inventory required to replenish deliveries every two weeks. And it helps companies find ways to avoid a backlog of excess or obsolete inventory.
Resource: http://www.camcode.com/asset-tags/expert-tips-on-inventory-control-methods/
No worries. Thank you for bringing that question up though so I had the opportunity to work on conveying an idea more clearly.
Thank you! Our QA/QC program in the Navy was run in that way. Any system that was covered under the QA program had to have specific parts supplied for repair and replacement. Those parts could only be stored in a specific location before issues, only issued to qualified personnel, and stored in specific “controlled material lockers” that were audited twice a year at a minimum. Each piece had various pieces of associated paperwork to track the material from “cradle to grave” and each piece had to have a label attached to it denoting whether or not it was a “good” part/piece or a “rejected” part/piece. The program and method worked very well, created accountability and integrity, but is obviously not feasible in every scenario due to the added costs.
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
The Fraud Triangle is a combination of 3 factors (pressure, opportunity and rationalization) that cause someone to commit occupational fraud.
First, the environment was favorable to fraud because Johnny always wanted a Cadillac but did not have the money for it. The fact that he was put in the assembly line pushed him to come with his genius idea to steal one piece at a time until he assembles his own special car.
Next, he had the opportunity to smuggle the parts out of the company. In fact, he put the smaller pieces in his lunchbox and the bigger parts in his friend’s car.
Finally, Jonh knew his illegal activities would not hurt the company as he planned to steal the parts little by little. The company would not noticed anything because it was one piece at a time.
Generally speaking, people need the incentive to commit fraud. Once they have the incentive, they look for possible ways (opportunities) to commit fraud. Then, all they have to do is to convince themselves that their actions are justifiables and won’t hurt anybody.
Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
First, I will install security cameras and guards at the assembly line. The guards will be responsible to check employee lunch boxes and others bags. This control system will help me monitor what’s coming in and out of the assembly line. Also, I will assign a number of component to each employee. The employee will issue a report on a daily basis saying how much components he used and why. This will simply help me to control my inventory and keep track of it.
I strongly agree with you, the surprise inventory count is an effective way to detect fraud. Your employees cannot prepare the inspection. This way can help you to easily find and control fraud.
Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
Doing business in a international level is complex. When shipping internationally, a company faces many challenges. One of the biggest challenge is “transit” and “custom”. For example, someone in Zimbabwe orders a good from an US company. Most of the time, the company will hire a third party (UPS, DHL, Fedex…) to deliver the good. In that specific case the OTC process becomes complicated, because the company has to make sure that the third party (let say DHL) will deliver the good. What if DHL comes and say that the good was seized by custom? The company should have a strong control that will eliminate any kind of failure or fraud during the all process.
Also some countries don’t have sophisticated address system like the US. In order to avoid any kind of fraud or theft at the delivery, the company and its third party will have to implement different controls than what they have in the US. They can implement a verification system where the recipient will show the receipt of the order and a proper ID (only the person who ordered the good can receive the package).
1 Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
The Fraud triangle consists of three factors that result in someone committing occupational frauds. Those factors are pressure/incentive, perceived opportunity and rationalization.
Johnny is an autoworker on the Cadillac assembly line where the environment did not have efficient controls to stop continual theft of auto part from the assembly line for multiple years.
1. Pressure/incentive: Johnny worked in the assembly line and his responsibility was to stalling wheels on cars, which brought him the incentive to get a car but he couldn’t afford. Johnny states that he had always wanted a fancy Cadillac car that was long and black and worth hundred grant. This feeling of jealousness, envy and emptiness toward a fancy car implies that he is under pressure to own one that sadly he couldn’t afford.
2. Perceived Opportunity: The opportunity to commit fraud is the circumstances that allow fraud to occur, and is the only condition over which the company has complete control. The company did not have monitoring of its products. No one would even notice that there was anything missing because the lack of control environment allowed employees to steal parts. Small parts could simply be carried over in a finished lunch box and bigger parts could also be stolen by friend’s car.
3. Rationalization: this element takes place in the mind of the perpetrator. In this case, Johnny would not consider himself as a thief and he realized what he was doing wouldn’t hurt GM much as he was only taking a little everyday. He also realized he could build a car by himself if his plan worked over a period of time.
2 Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
If I were the operation manager of the assembly line, I would implement an inventory check to address the risk of employee theft. The inventory-tracking system uses a POS system that tracks inventory automatically or, at a minimum, use paper-based inventory-tracking sheets to send a signal to employees that inventory is indeed being monitored.
Second, I would also invest an employee reward program. This strategy is similar as the segregation of duties strategy where money bonus would encourage employees oversee each other. Sometimes, employees know and tolerate who is stealing from the company but they would not report it to the senior executives. The employee who reports others’ unlawful behavior would get a bonus.
Hi, Yu Ming
I like you mentioned about implement inventory check, this is very important because it monitor the amount of inventory is up to date.
Your second suggestion brought up the ethical dilemma that employees might facing in work environment.
For my personal opinion I would prefer to give employee bonus when he/she has achieve a high performance. I am skeptical about give out bonus when someone reports other’s unlawful behavior. I think for most case, people will remain silence anyway. My take is people should report any misconduct that can clearly cause a serious detrimental effect to the company as a whole.
I like the second way! The money bonus way will increase internal controls since everybody is watching to another person. However, I am worry about one thing. If a person, lets say A, reports a steal of person B. Yes, B is fired, however, will A still stay in this company anymore? My thinking is that B’s friends in the company and also other not B’s friends but also work in the same position, they will hate A because A reports people. Another worry is that if everybody is watching to other people. People will feel scared if they are under watched, and creating other problems, like reducing the efficiency to produce, working environment is not friendly, and fighting between groups.
Yes I agree with Yulun. This type of control will not work in this case as it will create animosity between people and thus creating a very hostile environment. What if a person complains about another person but upon finding out it was found that this person was really not responsible for the theft. This would mean a loss of reputation and lack of trust between the employees.
Thank you Binu for supporting! it is true that some methods can solve some problems, but we also need to think about more not creating other big problems! we have to balance the pros and cons and think all consequences in every part!
Absolutely, I agree with you. The company can segregation of duties to monitor the inventory. Some employees took responsibility for purchasing parts, and others can take charge for the physical counters.
Hi Paul,
Great post, the surprise inventory count can give employees deterrence so that they would be afraid to get caught. And I strongly agree with the measure of tracking of scrap material, which could help the organization identify which part of its processes needs to be improved in order to create less waste. This control could be beneficial for the organization in the long run because it creates less waste as well as help organization same money.
Hi Yu Ming,
When I wrote out my answer I don’t remember having deterrence in mind for the surprise inventory count. You are right, this could prevent those working with inventory from stealing or damaging any products. However, segregation of duties plays a big role in maintaining inventory. If the warehouse workers were the one’s counting the inventory when it was received, they could easily just record that 1 or 2 weren’t received and walk out with those products. Therefore, receiving inventory and storing inventory should be two separate processes with their own staff.
Hi Said,
You are right, with incentives, employees would look for opportunities to commit fraud and they would comfort themselves that it wouldn’t hurt the company as a whole. I really liked how you summarized the three element of the fraud triangle into two sensitives. It is not rare to see an employee like John to commit fraud in the company if three three elements are telling him to commit the fraud to satisfy his personal need.
Great summary Sean and I agree with you Brou. He was a trusted employee and having that kind of rapport from others within the company made it easier to commit the fraud over the course of 20 years without anyone suspecting..
Hi Said,
Exactly. Not only can employees explain why he/she used more than one engine, an operations manager can then go inspect the engine(s) that did not fit the bill for each day. This can serve two purposes. The first purpose is, as we discussed, to prevent fraud from occurring and making sure that no one is stealing. The second purpose is to identify what piece is wrong and possibly go back and correct that issue on the assembly line. If GM were making their engines, then this exercise would serve almost like a quality control check and possibly make corrections to prevent future defects.
Hi all,
To add to the conversation, I don’t think a security checkpoint will be too effective in terms of preventing fraud in the case of GM and Cash. For most of the car parts, anything of value will be too big and heavy to move by person without some form of aid. Therefore, something like the engine or axel would be noticed by security alone if security personnel were attentive. Not only that, other employees or management more likely than not would be able to see the theft occurring and could speak up or prevent the theft.
This raises another question, are the nuts and bolts of enough value that potentially hurting employee morale and paying for security checkpoints justified? In the case of Amazon or Apple that Sean and Yu Ming have mentioned, they sell products of high value that can easily be concealed in their pockets. Therefore, it would make sense from a risk/benefit perspective that they have security check points. However, in the case of GM and Cash, I think standard physical controls that monitor who enters a building such as security personnel and surveillance, will be just as effective in identifying and preventing the theft of valuable car parts.
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
A: The Fraud Triangle framework states that an individual is motivated to commit fraud when three factors come together: the pressure on the individual, the opportunity to commit fraud and the ability to rationalize the crime.
The scenario described in the “One Piece at a Time” video illustrated the Fraud Triangle framework very well. The main character Johnny Cash is an autoworker working on an assembly line in Detroit. The working environment was favorable to Fraud because there was not any controls taking place in the assembly line to safeguard physical inventory and prevent their assets being stolen. Therefore, Mr. Cash came up with an idea of stealing one piece of part at one time to build his own car.
Mr. Cash wanted a Cadillac so badly but he couldn’t financially afford to buy a car. He is feeling envy every time when he saw those beautiful cars come in. This shows that Mr. Cash is under pressure both financially and mentally because he’s not able to afford things he longing for.
The opportunity to commit fraud is very high because the working environment didn’t have proper policy and controls to monitor the inventory. It’s extremely vulnerable for employees to steal company’s asset without being caught. In Mr. Cash’s case he has been stolen parts in years but nobody noticed because he took one piece at a time.
The last parts of the fraud triangle framework is rationalization. In Mr. Cash’s perspective, he would not consider himself commit fraud because he only took one part at a time and in his mind that would not make any significant difference to GM.
Q1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
The scenario in ‘One Piece at a time’ is about an autoworker on the Cadillac Assembly line.
In terms of fraud triangle, it can be explained based on three points:
A. Fraud opportunity: Mr. Johnny Cash was working as an autoworker on the Cadillac assembly line. There were no check controls on the inventory and no record was maintained of how much parts are received and how much are used. Also there were poor internal controls and employees were allowed to carry their personal items such as lunch box without any security check. He even stole bigger parts such as fuel pump using his friend’s car. This all proves lack of oversight and poor internal controls
B. Incentive or Pressure: Mr. Johnny Cash wanted cardillac but he didn’t had enough money to buy one. So it was financial and emotional force that put him to commit fraud.
C. Rationalization: He had in his mind thoughts such as company is profitable so it wouldn’t cost much to the company if he will steel parts in several years. Also since his compensation is low it was a point to justify his thoughts that he is not doing anything wrong.
Q 2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
If I am the operations manager responsible for the assembly line, I would establish following controls:
A. I will set up an Inventory control check to keep a well-documented record of the incoming and used inventory. This will give the correct idea of when and where the parts in the inventory are being used.
B. I will put in physical control over the inventory. This will help in managing unauthorized access over the inventory. No employee should bring in or take out any kind of personal item without a security check.
I believe a security check point in the context of the song would work. If you go back to the song, Mr. Cash talks about walking out with a bunch of gears in his lunch box. Now, I’m no vehicle expert, but there are only so many parts on a vehicle that have gears, and those gears are inside those parts which more than likely implies he was taking the “guts” of parts each time in order to assemble the larger part, say a transmission or differential gear, once he had all the pieces outside of the plant. Now, a check point would go a long way of an employee taking smaller pieces out in a lunch box with the intent of assembling the bigger overall piece. Kind of goes along with taking out the car piece by piece in order to assemble the car in totality on the outside. Would you agree in that context?
Sean,
I see what you mean. I think in that context a security checkpoint would be effective since it would prevent the theft of small pieces that are built into something valuable. However, I suppose the real question is would it be worth it? I’ll go back to amazon as an example. The company sells items such as jewelry, electronics, and other expensive products. If amazon performed a cost benefit analysis, it might come to the conclusion that the benefit of a security checkpoint outweighs the cost, since the theft of say two pieces of jewelry equaling $80,000 would be greater than the cost of a security checkpoint that equals $50,000. With that being said, I think if the GM plant from the song did a cost benefit analysis then the costs would outweigh the benefits. I say this because the value of the parts stolen each year are likely less than the cost of the equipment and staff at the security check points. I suppose a good number of factors would have to be taken into consideration to make that decision. I agree that a security checkpoint would be effective, I just don’t know if it’s the right choice to prevent the fraud.
I agree. One place I worked they gave mobile phone to their employees and the asset management was responsible for issuing and taking back the returned phone once the user left or once they were due for an upgrade. The returned phones were not really tracked or counted as management assumed that it didn’t cost the much to the firm. One of the employee however resold the mobile phones and this went unnoticed for a long time like almost 3-4 years. This happened not only for mobile phones but also for smaller asset items like headset etc.
When this was found out and audited, they found that a total 5 crore Rupees worth assets were missing and much more which were not even listed.
This resulted in most of the asset management team to be fired and others concerning this situation also were removed.
I believe this was due to weak controls and so I guess we cannot really rule out a control based on the current cost implications. Like the song writer says he was planning to get an entire car assembled at the end of few years.
Yeah, I agree Sean. In theory, every company would implement precautionary measures like the Navy. But in some instances the equipment is most definitely worth this extra measure that is for sure. Once again, thanks for the insight and idea of such a control.
Great point Magaly. Defining the return on investment is very important. Sometimes such frauds occur due to this reason only that the cost needed to put in security controls doesn’t justify the cost the of product.
Rightly pointed out Deepali. Organizations/companies always count on the ROI factor. Even though you have implemented the world greatest security system by investing a lot of money, if you are not making any profits over your investment on the security system, it is worth nothing. For the security perspective, it is hard to measure the ROI because the security itself is intangible. To that end, as we discussed earlier in this class, it is important to quantify the security measures and then we can properly calculate our ROI in implementing the security systems.
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
The Fraud traingle has 3 compements
1. PESSURE to commit fraud
2. OPPOURTUNITY to commit fraud
3. RATIONALIZATION to the commit fraud
One piece at a time is a beautiful elucidate of the fraud triangle. This song describes a worker Mr. Cash’s fraud to steal automobile parts from the company he is working in,one piece at a time, to build the car he desires. We can understand his thought process and actions in terms of the fraud triangle
1. Pressure –
This situation talks about 1949 which was the period after Great Depression. The world economics was not in a great situation. Mr Cash was working for a assembly line in an automobile factory.He feels deprived on the luxury of cars. He says that he used to watch the beautiful cars and cry as he wanted one for himself. He felt the need to be better than others so that others could envy him. He wanted to drive in style and show the world he was different. He wanted a car but considering his financial condition it was not possible for him to buy one. He had the pressure of being fired in case he was caught in a fraud.
2. Opportunity –
Mr cash was working on a assembly line and hence he had access to all the parts required for a car to be built. He realized that he could collect pieces of car by carrying them in a lunch box, one piece at a time, everyday. This would mean he is getting parts of car without paying for it. He thought if 1 part goes missing everyday, the GM would not care or even understand that 1 part is lost over the span of several years. He took help from his friends to steal the car parts while carrying the big parts that would not fit in his lunch box.
3. Rationalization-
He convinces himself that he is not a thief. He feels stealing one part everyday wouldn’t be a great loss to the company. He convinces himself that he deserves the car when he has worked for so many tears and post retirement he should have some reward. He also convinces himself how great he would feel while driving the car that no one else around him would have.
The environment was favorable in many ways
1. He had access to all the parts of various cars in an assembly line, more access than required.
2. There was no supervision regarding what was going in and out of the factory.
3. He had help from his colleagues who did not think it was wrong. The environment and culture in the company was not strong to protect against fraud.
4. There was dissatisfaction within in the employees
Great point Deepali. In addition to the control you mentioned I think division of duties is important. Mr Cash should not have access to all parts of all the cars. Employees could be distributed on basis of which parts they handle. The shift timings could be adjusted to ensure employees do not have access to everything,
Also development of an environment which discourages fraud in the company should be built. If one person even tries to commit fraud the other employee’s should be able to convince why he shouldn’t commit fraud against company. Satisfaction of employees within the firm they work is important.
Rightly said Priya. Satisfaction of employees is achieved by setting up good organisation policies and procedures.
Every employee must me made accountable for the work they are doing and should motivate by given incentives, appreciations, promotions for their good efforts and at the same time they must be trained to follow the policies so that fraud cannot occur.
Great discussion everyone.
After reading the posts I would say that combination of controls is a good idea.
Lets say employees ave to wait for long security or bag search,
Solution – Have a sample check at random and on random days.
Security cameras- If employees feel they have been constantly under surveillance and if that affects productivity,
Solution – Have security cameras at defined points. Especially at all entry and exit points and near critical zones.
2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
A: If I am the operations manager responsible for the assembly line I would implement the following controls:
1. I will make sure security camera and security guards at the assembly line are implemented. As I mentioned earlier under Wenlin’s post with this detective control, managers can look at video of employee’s actions throughout the day to detect potential theft. In addition, having guards can quickly detect and notify management of attempts by employees or outsiders to steal company’s inventory or other assets. Also, with security cameras and guards I think it is not easy for potential theft to steal because they know they are being monitored.
2. Separation of duties is a must. For example, shipping and receiving duties should be separated from those who issuing invoices or paying bill.
3. Perform surprise inventory count at infrequent intervals to test the accuracy of the perpetual accounting system. Surprise count is a good method for testing whether inventories comply with controls. Also, it will set an expectation among employees that people are checking on the inventories to make sure the amount are up to date.
The One Piece at a time video shows examples for each area of the Fraud Triangle.
1. Perceived Opportunity
As an employee, he knew the environment and knew there was a poor lack of internal controls and oversight. The company never checked employee bags for merchandise. I remember working at a department store. They scheduled the same ending times for employees and positioned a security guard next to the time clock. The security guard would check all bags for merchandise.
2. Incentive or Pressure
He believed his Cadillac would be the best in town, even though he failed to steal the correct parts. He was already into deep and felt he needed to continue with the fraud. The company could have had an “amnesty” box, where you could put parts, or items back without repercussions. The may have returned the items after he realized they were not the right products.
3. Rationalization
He believed one day he would get caught but would be rich by the time he got caught. There was an obvious poor relationship between employee / employer. The company could allow for unions, which would attract the best talent. They could offer employee discounts for parts. Maybe even offer profit sharing. This would reduce the chance of stealing because the employees knew they were getting the parts at cost and much lower than retail price.
2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
I would implement the controls mentioned in answer 1.
I would schedule the employee shifts in 3 or 4 time blocks. This will have all employees entering and leaving the assembly area at a specific time during the day.
At the starting and ending times for each block, I would position a security guard at the employee entrance / exit. The security guard would check all bags, and lunch boxes for items.
3. Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
The order to cash process requires prompt delivery to maintain a trustworthy reputation. The decision to ship internationally increases risks compared to domestic shipping services.
The first example is not knowing where your package is. I had purchased something off of amazon before becoming a prime member. The item was being shipped from China. The tracking number amazon provided didn’t show where my package was during delivery. Domestically, the tracking information is displayed because of an effective ERP system that allows bar code scans and tracks the package at each location. The international companies may not have the same ERP system, which makes it difficult to communicate.
You would have to stipulate different shipping terms in the Service Level Agreement. Use preferred shipping partners and work with them to develop a better tracking system.
The second is the quality of the product. Amazon must be careful who they allow as suppliers. United States regulations don’t apply in other countries. You may be purchasing an item from a dirty manufacturing plant with poor quality items. The supplier is found to use toxic materials, that would normally be regulated by the FDA. Now your reputation is destroyed.
You would have to put more resources into inspections. The international company doesn’t have the FDA, which is fully paid for through taxes. The company selling products in the United States would have to spend the money on quality controls.
4. As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
The most obvious, but less obvious is cameras in stores, class rooms, living areas, ect. The “eye in the sky” allows the security team to review a crime scene to help identify the criminal and victim or protect the company from inventory loss. These measures are effective, but sometime the technology doesn’t produce a good enough quality of a picture..
The second example would be hotels holding $50 on a credit card when you check into the hotel. The hotel will issue the $50 back after they calculate any charges made to the room. This protects against stolen towels, pillows, and other removable items. This is very effective but it only covers $50. What if the guest takes $100 worth of items but is only approved for $50 on the given credit card. The hotel won’t know until they try and run it for another $50. Now they have to wait until the bank authorizes another $50, which may never happen.
Q1. Using the Fraud Triangle, analyze the “One Piece at a Time” video scenario and explain how the environment was favorable to Fraud.
The three necessary pieces of fraud – Pressure, Opportunity, and Rationalization – were all present in the scenario presented by “One Piece at a Time”.
The pressure comes from Johnny himself. He’s always wanted a Cadillac, and wanted to be the envy of town as one of the few people who had one. The opportunity came from working on the assembly line and by having a friend at the company that was willing to help him. This allowed him to easily sneak pieces of the car out over time. This behavior was rationalized with the idea that the company would not notice little pieces going missing over an extended period of time, and that they would not suffer as much this way, versus stealing an entire car at once.
Q2. Assume the “One Piece at a Time” video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
The first control I would implement would be tracking components better by having them checked out by the employee responsible for that part of the assembly process. This would create accountability within the organization and make it easier to investigate missing parts. In addition, I would create stronger physical controls, especially for larger components. These parts would be separated, each kept in its own locked storage area.
Q3. Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1-2 specific examples.
Transporting goods internationally opens itself to increased risks that domestic shipping may not have. A company must ensure that any third party it is using for the actual transport has a track record of successful international delivery. A lost shipment, whether from actually going missing or from being seized by customs, will not only create additional costs for replacement, but it will also lead to a negative experience for the customer, who may decide to take business elsewhere.
Thanks for your sharing. Shipment is a literally big problem, international transportation means more parties involved, long time period, different import/export policies, which may cause difficulty in tracking, easily in losing or damaging of products. It puts a high demand for companies to control international transportation.
Q4. As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
One inventory control measure that comes to mind is controlling the quantity of inventory on-site at any given time. Having too little of inventory could lead to an organization running out before they can get more. This not only reduces the amount an organization can produce or sell, but also may lead to customers going elsewhere if they do not want to wait for restock. On the flipside, having too much inventory not only creates more costs for an organization, but also increases the potential for theft. By tracking and maintaining proper levels of inventory, an organization can reduce these risks.
Annemarie,
I agree with, excess of inventory is costly and increase the risk of theft. In fact, it is an incentive for the employee to commit fraud. Plus, it is really easy in this case to steal because the excess inventory may not properly racked in the warehouse. Someone can just take what he/she wants.
What about if someone takes something that has been in the inventory for years? Are there any controls for that?
Good point Annamarie, knowing your inventory on-site is very important because you do not want to have items that are hot on the market run out of stock. You want to be able to have a delivery out for that item as soon as the last 2 are on the shelf. Having too much is also a problem since it takes up more space in your storage. They must then find a way to get rid of the items that are overstock, usually a sale. But being able to maintain the inventory is very important and will minimize the risk of like you said theft on the overstock items and lose of sale on items that are selling quickly.
Annamarie Filippone – You make a valid point of running our of inventory too soon, and by having to much can create an atmosphere for theft.. Most companies utilize third party companies to manage their inventory. Or have a designated team to mangage and forecast future shipments automatically. I really think these are the best setups. scenerios, When another companies is working out the logistics and the company just need to perform their own internal inventory checks periodically.
Great point on scrap inventory Paul. I recently read a news that companies are now working on following such controls. Some of the items which remain unsold and are about to reach the “best before” dates will be tracked. All such items will then be sold for free. This will avoid the waste of product and people in need will be able to use it as there are such products which don’t expire but are best before a certain date. But after their best before date the company cannot sell those. For this fact in spite of sending them to waste such controls can help in utilization of products.
Hi Deepali,
Interesting point about donating the scrap metal to a good cause. Maybe this will encourage or motivate employees when performing their duties for this control since it is benefiting those in need and not seen as a “waste”. Likewise, companies might change their policies on how long it keeps obsolete items since these items will be put to better use.
Brou,
Don’t you think getting inventory check with people who are not doing it regularly can again be a reason for mistakes. Rather we can set up an isolated inventory check department who are not a part of any work force in the organisation. This will help in a better way to maintain the integrity.
Good point Wenlin. It is important to maintain the uniqueness and accountability of every system. This can only be possible by putting in proper segregation of duties and if it doesn’t justify the cost we can use compensating controls to manage it.
1 Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
Compared to domestic shipping, international shipping often times pose higher risk for the customers. Since international shipping will often take more time to deliver the item. The more time it takes to deliver an item, the more probable that the item will get lost. Because of the unavailability of the tracking system until the package arrived to domestic, customers are not easy to track their package. people purchase from oversea may take more risk from international shipping because of lack of controls in its tracking system and quality. The tracking numbers provided may not be the same outside the US because there are more parties getting involved in international shipping such as foreign shipping companies.
Control and solution: work with the shipping companies to develop a solid shipping process to increase the communication level as well as ensure the package is deliver on time.
I agree with you that international shipping is exposed to more risks than domestic shipping because more than one vendor can be involved here. And also it will be time consuming to track the lost packages. The chances of theft is also more. It also involves various costs like international shipping costs, And might have import/export custom checks and custom charges.. Various countries can have various laws regarding shipment of goods.
As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
As a customer walking into a shop, we might only see some security guards or jewelry cases but there are many inventory control to prevent inventory loss.
The first less obvious inventory control measure that came to my mind is security camera. Having a effective security system of inventory can directly contribute to bottom line by reducing unnecessary expenses. Security cameras can reduce incidents of inventory theft. Cameras can either installed in the shop to prevent shoplifting or in the inventory warehouse to prevent inventory theft.
The second less obvious inventory control measure is separation of duties. Theft by collusion becomes harder to commit when more people are getting involved in a multi-step process. Do not allow the same person to place inventory orders and check the accuracy of incoming shipments.
http://smallbusiness.chron.com/ways-control-accounting-inventory-5204.html
Well said. In the second control, I guess it is better to have at least 50$ in possession rather than having a total 100$ loss. And the chances of it happening also are rare. So can this not be ignored? I mean would you want to increase it to 100$ which might be too costly for most customers.
Hi Priya,
Really great post, The environment part you mentioned is very helpful in understanding the whole scenario of Mr. cash’s story. The culture, the environment, working atmospheres and controls attract Mr. Cash to become a theft. He is working on the assembly line and he had access to all different car components. I think that by separating the assembly line into different process will limit the access for Mr. Cash based on the segregation of duty theory. One employee will be specialized on one assembly process and the others will be specialized another. That way will also increase the productivity and efficiency.
Definitely agree that the culture is an important component to fraud, and this particular example. Although the employees may not be able to afford the cars they manufacture, there clearly seems to be something else behind their actions. One thing could be that they do not have loyalty to the company, or feel positively towards it. Some companies have higher employee satisfaction than others in the same industry and similar job functions. If these sentiments are already present, then the rest of the fraud components can more easily fall into place. In a way, it can build a foundation for fraud to occur.
Great point of using the segregation of duty Yu Ming. You are right, in this case, one of the reason why Mr. Cash can access to all different car components is because the lack of segregation of duty. If the company can enhance the implement of establishing the segregation of duty related procedures, he may not have the accessible authority in all process, and mitigate the risk of stealing. Besides, I also believe the management should establish a more effective process in monitoring the assembly line, and detective control the potential risks in fraud.
Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
All three components of the fraud triangle are present in the video, rationalization, pressure/incentive, and opportunity. First, the subject definitely felt pressure/incentive to commit the fraud. He began to work on the assembly line for Cadillacs and became jealous the luxury care because he mostly would not be able to afford it himself. Every day he went to work to build an item he could never have and desired. Jealously created the motivation to commit fraud in this example. After the desire manifested, he then devised a plan to build the car himself with stolen car parts. Second, because he worked at an assembly line manufacturing Cadillac, he had access to the parts/inventory. He used this opportunity to steal the parts by concealing them inside of his lunch box and transporting them to his home, where he would build the car. Third, he easily rationalized it because GM would not miss any of the parts. GM is such a large company that the stolen parts would not negatively impact him, so in a way it was a victim less crime in his perception. For some people it can be easier to justify stealing inventory from a larger company as opposed to a smaller or locally owned business. Had he known the owner and could see a tangible and immediate impact from his theft, he might have felt differently about it.
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
The fraud triangle includes pressure or incentive, opportunity and rationalization. In the video, the first could be pressure. Cadillac was a good car at that time whereas many workers on the assemble line did not have it. So workers wanted and admired the car because it was good.
The second could be opportunity. Since the fact that he worked at the assemble line, and tried to steal small parts back to home, the reason of that was the company lacked internal controls and oversight on the lines.
The third could be rationalization. Since the fact that the company was GM, which was a big company and workers thought the company was profitable and they got low payment. So people tried to steal some parts.
2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
If I were the operation manager, I would implement a software that is to track where each part goes. If the part goes to next direct line, the software will show green on it; if the part goes to a wrong place, it will show red on it and it tells the location that the part was stopped. If the part is broken, it will show yellow and the part will directly go to recycle line.
Another way, I would install cameras to have an overlook on the top to see any frauds. Plus, I would set assemble line leader to track frauds. This way could help reduce the opportunities to steal.
3. Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
Shipping domestically is different in shipping internationally. Domestic companies can easier track its packages and contact to the third party shipping carrier like UPS, USPS or Fedex if making some changes based on the similar time zone, local policies and currency. International companies have more risks to lose their packages because different countries have different policies, time zone, currencies and languages, making shipments harder. This is the reason that many companies buy insurance on their goods for shipping internationally to cover the costs if goods are lost.
I agree with you that international companies have more risks to lose the packages. Indeed, different policies and time zone could be important reasons to higher the risk of losing packages, and I want to add one more, the multiple shipment processes could also higher the risk in losing international packages. In fact, international packages usually involved in two or more shipping companies. For example, a customer wants to ship a package from LA to Hong Kong, the shipping process may include 2 parts: LA to Tokyo, and Tokyo to Hong Kong. When the package transferred from one shipping company to the one another, the risk of losing the packages significantly increased.
correct Fangzhou! Thank you for adding that! more companies will involve more different policies and regulation. if two companies have interrupted, can’t imagine what do they solve the problem with some on-process shipments!
Well put, Yulun. In addition to the point you made about insurance, I’d like to add that shipping costs also could be greater and a tad complicated. Doing business internationally would require working with multiple shipping companies and local vendors for door-to-door delivery as well. Shipping internationally would mean a longer duration to deliver to the end customer so you would also need to have a system in place to keep the customer informed of the whereabouts of his/her order.
Yes Mansi! if the products transfer in many locations, that will be involved more different policies because different countries have different policies and currencies!
Question 1: Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
The Fraud Triangle includes the pressure, opportunity, and rationalization. In the case of “One Piece at a Time”, Mr. Cash worked on assembly line, which offered him the opportunity to steal one piece of the car at a time through a big lunchbox, because he “always wanted one that was long and black”.
From the fraud triangle’s perspective, Mr. Cash was under the pressure that he really wants that car which worth “at least a hundred grand” after he retired. Since he worked on the assembly line, and he had the opportunities to steal parts of the car from the line. Within the song, Mr. Cash mentioned that “getting’ caught meant getting’ fired”, but the problem is, he never got caught.
The environment of the factory was lack of effective policies or systems of monitoring the assembly line. If the company had procedures like double check the amount of parts, or the manager asks why Mr. Cash brings a big lunchbox every day, he might not able to keep steal the parts of cars from the line one piece at a time without being caught.
Question 2: Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
If I’m the operations manager responsible for the assembly line, the first control I will implement is establishing a detective control process to ensure the total amount of parts is the same, and if someone steal the parts from the line, the unbalance amount of parts will alarm and quickly find out where loss the amount of the parts. If the amount of parts in the process is balanced, then the parts will be marked as “checked”. This can limit the “opportunity” of the Fraud Triangle, and mitigate the risk of stealing. The second control I will implement is establishing policies and procedures to enhance the physical protection of the parts. For example, the important parts of cars like engines should be locked and the managers should double check the amount of the parts before they leave the storage.
Question 3: Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
One different in the controls of a purely domestic company vs. an international company is the time period of the shipping. For example, if the customers purchase products in a purely domestic company, since they order the products to receive the shipment, it usually less than a week. Some premium service even offers a 2-days guaranteed shipping like Amazon Prime. However, if the customers purchase from an international company, the shipping process usually two time slower than the domestic company, and it usually more expansive.
Moreover, the risks of losing the package for the international purchasing also higher than the purely domestic purchasing. Because the international shipment usually requires different third parties to ship the package, and when one shipping company hand over the packages to another shipping company, the risk that losing the packages naturally increased.
4. As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
Obvious inventory controls include installing cameras or making property locked. For less obvious inventory control, the first way is using electronic data interchange and bar code scanning can help eliminate data entry errors. People count wrong numbers or are fraudulent because of intentionally or unintentional manual count. we can have two people to count a same bulk of inventories to reduce the risks.
Another way is using ABC method for inventory control. This is one of the common methods used across retail industry and it is at times coupled with other methods for better control on inventory. This is more of an inventory classification technique where in products are classified based on the sales contribution and importance of the same in their assortment plan.
you are correct! if the parts have been counted and designed for an exact number of cars, workers will reduce to steal parts because each part has a direct way to go. If the number of parts is wrong, the company will inspect it. Your way reduces the opportunity to steal and increase internal control!
the third way is a good way! surprise count will allow people feel scare all the time because they don not know when the manager or related people or person will come to check.
Q1. 1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
Pressure – This is what motivates Mr. Cash to commit the crime at the first place. His motivations to taking the parts of Cadillac piece by piece from the assembly line were his desire to drive around in style, drive everybody wild, have a one-of-a-kind and the only one in town.
Opportunity – Mr. Cash had the opportunity to commit a crime because he worked at the GM’s automobile assembly line for 20+ years and had access to all the parts he needed to build a Cadillac. He was able to take out most of the parts with his lunch box and if the parts were too big to carry within the lunch box, he had an accomplice with a motor home.
Rationalization – One thing clear in this mind was he had never considered himself as a thief. He was going to work for GM more than 20 years and he took out the parts piece by piece over several years. And he was the one that was building a car. In my opinion, that argued that he wasn’t stealing a car, but he was just getting a help from GM to build his own car.
Q2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
If I were the operations manager responsible or the assembly line, I would implement two specific controls to prevent frauds
The first one is a Segregation of Access. In the ‘One Piece at a Time’ video, Mr. Cash basically had access to all the parts he needed to build a Cadillac. If he had a limited access to all the parts, GM could’ve prevented Mr. Cash from committing the crime. As an operations manager, I would create different groups in an assembly line and each group would have only limited access to the parts that they are only responsible for.
The second control I would like to establish is a ‘Matching system’. What I mean by the ‘Matching system’ is if there are 100 parts sent to an assembly line, in the end of each day or each process of the assembly, those 100 parts should be recounted or monitored. That was we can count what is missing or has been completed.
Brou,
Great point. ‘Connection’ is always an important fact to consider when it comes to a crime. Personally, I have a great example of how people utilize a connection to commit a crime. When I was working for a grocery store, there was an incident happened that one employee was dragging out fruits our of the store. He has a connection in the store with another employee who worked in the produce department. So whenever the produce worker went outside to dump the trash, he also brought out fresh fruits as well. And the employee who wanted the fruits drove his car near to the dumpster. He put those fresh fruits in his car and took them to his house. He was able to commit the crime because he had a great connection with the employee who worked in the produce department.
I Agree, Wenting. Having random inventory checks and segregation of duties should greatly help in reducing fraudulent activities of the sort that Mr.Cash was carrying out. Regarding monitoring controls, however I believe they should be placed only where high worth parts are involved such as an engine or chassis even though these items are large and noticeable. Lost nuts and bolts are actually not going to make a difference to the company and without the larger parts, the smaller parts anyways wont be theft-worthy. On the other hand, you don’t want to be adding to the chaos by monitoring the tiniest parts in a way that your attention is drawn away from the more valuable parts.
The second control you mentioned here helps us in detecting if a fraud happened. It does not really prevent it from happening. If you find that there were only 99 parts and 1 was missing, how will this control to check or stop this from happening.
Binu,
You’re right. The second control sounds more of a detective control to me as well. If you have the matching system installed on every milestone (every 10% completion, for eg), this can give the management some idea about the theft area.
Binu,
Thank you for your comment! In my opinion, the second control I mentioned could be possibly preventing a person from committing a fraud. For example, like a real life scenario, you know there is always a police car on the entrance of the highway you are taking to go to work all the time. Then, you would not tend to or not at all speed up there.(unless you are willing to get a ticket) So my approach to the second control is a similar concept to my example. If you know that a manager is going to count every part that you assemble in the end of your work, you tend not to steal a part from your work. However, I also appreciate your point because this control is not designed to prevent a fraud totally. But in real life situations, you will definitely see this kind of controls in organizations or companies. For the ROI perspective, controls, like I mentioned, could be selected over more sophisticated/complicating controls because it is simple, cost-effective, and efficient (to some extent) to prevent a fraud.
Daniel,
I agree with you. In a financial point of view, this control is cheapest. The only problem is that it will be time consuming and won’t prevent fraud at 100%. However, the fact that the employee knows that there is an inventory reconciliation at the end of the day will push him to well behave. Unless he/she has a good explanation about the missing piece, I don’t think he/she will steal it.
1. As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
Another control is to use the most effective method to calculate the safety stock levels rather than going with the simple thumb rule, for example, all goods made in the factory will need 10 days of safety stock. Statistical formulas dealing with accuracy of sales forecasts, service-level data for each stock keeping unit and production lead times should be used. The issue with the rule-of-thumb is that it typically is based on products with unpredictable delivery histories. Efficiency of operations increase if standard statistical formula looking at historical data of each product is used.
In some cases, it can also be a good option to considering using an outside inventory management team. For example, a large retailer like Amazon who has “cyber Mondays” every November. The third party management can count the full stock, determine reorders and scrap unwanted goods to send back to the vendors as per the contract.
SOURCE: http://www.bain.com/publications/articles/ten-ways-to-improve-your-inventory-management-wsj.aspx
Yulun,
I agree. Human errors as we all know are inevitable and the only way to mitigate them are to make processes automated or have a supervision. Data entry errors can also be resolved if we have the real time inventory updating at Point of sale.
Surprise inventory audit can actually yield results that the auditors might not get if they announce their visits. Inventory valuation fraud comes to my mind that the management with an intention to fraud uses to manipulate the numbers. The way it works is that if an organization has multiple inventory warehouses, and the management knows where auditors are going to be at a specific day, the management can then conceal shortages at places that are not scheduled for a visit.
So in this case, a surprise inventory audit should be proven effective.
Fred, Binu,
Do you guys think it will be better not to have a fixed value, like $50, and have the customer credit card information as a perquisite for reservations and a control for the hotel to mitigate theft? That way, you can just bill the customer for whatever items that are missing; and importantly, have this in the contract.
Using the Fraud Triangle analyze the “One Piece at a Time” video scenario and explain how the environment was favorable to Fraud.
Johnny’s opportunity was that he worked on assembly line at Cadillac where he had access to the parts for a car, and due to lack of inventory control, he stole one piece at a time by himself or with help from his friends without attention
Besides, his incentive for committing fraud was that the plan he devised wouldn’t cost him too much, as a result, he got a dreamed car worth $100,000 with long-term effort, which would be the envy of most any man.
Finally, each time a piece spanned 20 years wouldn’t do any hurt to GM, this mentality justified his fraud, he even didn’t consider himself a thief.
Paul,
Thank you for bring up the concept of the collusion. I absolutely agree with you that Mr. Cash was not able to get away from internal controls (if there were any) for a long time without a help of other employees. He had been dragging the parts from the assembly lines over a long period of time, and in the end, he wasn’t caught and built his Cadillac. In Korea, there is a saying that “if your tail is too long, someone will step on it.” That is, he was taking the parts out of his work for a long period of time, and someone should have caught him doing that.
As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
“First-in, first-out” is a widely used principle of inventory management. It means that oldest stock (first-in) gets sold first (first-out), not newest stock. This is particularly important for perishable products to avoid unsellable spoilage.
For example, as we purchase milk, the stores usually push the oldest product to the front of the fridge and replace newer milk behind those cartons. The cartons of milk with the nearest expiration dates are thus the ones first sold, whereas the later expiration dates are sold after the older product. This ensures that older products are sold before they perish or become obsolete, which may become profit lost.
Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud?
Pressure: Mr. Cash is eager to have a long black car, but he don’t have enough money, which motivates him to consider committing an illegal act to realize his goals.
Opportunity: Mr. Cash gets the trust from his company. And GM corp don’t did well on its process monitoring, which give Mr. Cash an opportunity to solve his financial problem with a low perceived risk of getting caught.
Rationalization: The vast majority of fraudster are first-time offenders with no criminal past; they don’t view themselves as criminals. The fraudsters justify the crime to himself in a way that makes it an acceptable or justifiable act. So does Mr. Cash. Mr. Cash thought he is not a thief, as he thought what he did doesn’t have any harm on GM corp.
Source: http://www.acfe.com/fraud-triangle.aspx
Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
In the video, we get that Mr. Cash can get any auto parts without any authrization, and after he steal it, and no body in the asseble line aware the missing parts. Firstly I will implement preventive controls: when the employees get auto and trunk parts needs to get the approval from the inventory managers. The segregation of duties is necessary for monitoring the inventory
1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
For the video everything was set up for fraud being that he was already working on the assembly line and the opportunity was there. He feel as though he could get away with it which gave him the motive to commit the fraud. He then felt as though he can get it part by part and get away with it. His want for the car overtook his good nature so he began to get the parts to build his Cadillac part by part. Once he started, there was no turning back. Working on the assembly line and learning the inside part of everything that is going on gave him the ability to rationalize the option presented in front of him. He believe what he was doing made sense and that there would be no backlash towards it so he began and that was that.
Good points Dan, agreed the pressure was there for Mr. Cash to commit the fraud. Working on the assembly line and seeing all the parts come through. He could have his chance to build the one of a kind Cadillac and be the only one in town with it. So the pressure to stand out and be different got to him and cloudy his judgment. His desire took over and he began to commute the fraud by stealing one part at a time.
Not bad Yulun, having cameras in place will be a good resource to turn to just in case you need to check the tapes for anything suspicious. With the cameras in place, employees will be more unlikely to commit fraud for fear of getting caught and losing their job over it. Being able to rewind and go back to view past recorded videos is also helpful just in case you want to double check something. Cameras would definitely minimize the risk of the kind of activities Mr. Cash was committing in the video.
Great points, I liked the separations of duties for inventory control measures. With that in place for an example of the locked jewelry cases, you can have it so one person knows the code to one vault and another person say the manger knows the code to the second door within the vault. That way, when there is access to the vault, the two that knows the combination are the ones responsible. If a theft breaks in, then they won’t be able to access the vault without having both the people there.
As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
I would say some of the lesss obvious control measures include hidden cameras that capture a wide range of footage. In addition to the cameras, I would say sales personnell being attentive for the customer experience and to prevent loss. If sales staff are keeping their eyes on customers, that can prevent some loss. As for the cameras, you just never know where they are and what they can see.
3. Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
International shipping opens doors to many new opportunities, however there is a greater risk of fraud. When you ship or receive a package internationally, there is very limited control that consumer or even shipper have over the shipped items. Sometimes, you won’t even know if the item has reached its destination. As said, for international company, they often hired third party such as DHL, FedEx, and UPS, etc. It’s difficult to keep track of the shipping, the status of the shipping might or might not updates depends on where you are and which carriers you choosing.
In addition, compared to domestic shipping, international shipping take longer delivery time, therefore it increases the risk of package being lost and damaged if it’s fragile product for example. Also, the shipping cost for internationally is significantly higher than domestic shipping.
Moreover, there are also customs need to take into consideration. Such as import duties, taxes, etc. All these customs information should determine and make clear before the items shipped out.
Jianhui Chen – I agree that segregation of duties need to exist. What are some other things you think may work to mitigate that type of risk from occuring? I think maybe if the assembly line had a relationship with the local auto part vendors and had like a parts check-in/check-out system that may help. If they are working together, there will be eyes on everything.
Abhay V Kshirsagar – I like your thought of having an outside management team. Having an outside team is a great way to mangage the resourses/inventory of the company. I think this will definitely help to mitigate losses. Maybe they can utilize the outside company for a short period of 6 months of so. Until they can continue with the better recommended practices.
1. As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
-Hidden cameras that only managers and security personnel know the location of. This deters employees from stealing as well as consumers
-Only one entrance and exit for employees, this allows you enforce protocols on employees and prevent theft by employees.
-Plain clothed (non-uniform) security officers, this helps catch customers who are trying to steal.
4. As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
One less obvious inventory control measure is security camera, it’s effective to implement security camera inside the store. However, it might not be effective all the time because of the angles that camera is installed at. Sometime the camera cannot capture the image you want, or the quality of the image is very not clear.