- Describe a business process you have experienced (either as an external or internal participant) and what your role was.
- The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction? Explain.
- In your own words, how would you define a control environment?
- Describe a real life example of a companys profitability-driven controls. What arethe differences between a compliance-driven vs. aprofitability driven control?
Imran Jordan Kharabsheh says
1. During my years in undergrad, I performed an internship for an investment bank in the Middle East taking up the mantle of an Internal Auditor. While the other departments were always less than satisfied to see me snooping around and interrogating them on their data, I understood that what I was doing was a necessary function for the business to remain compliant. Internal Auditors, in all, serve the purpose of minimizing risk and liability the investment bank incurs.
2. These laws are necessary in order for companies to remain compliant and to steady the overall market. While the current regulations are god enough to keep most companies in line, certain companies will always find a loophole to change the accounting numbers they show investors. There is a large degree of risk involved that could potentially ruin a company or send shock waves through the economy.
3. I would define control environment as the method by which various departments and leaders in a company interact with one another and play their roles.
4. A good example of a company having profitability-driven controls is the FIFA football organization, which had a culture of secrecy built around profitability and extorting money from each other for favorable bids. The company is also known for selling streaming rights to the highest bidder, regardless of the bidder’s intent. The main difference between compliance driver controls and profitability driven controls that I would highlight would be the different approach to treating investors, with compliance driven controls favoring honesty and avoiding breaking regulation.
Rouying Tang says
Hello Kharabsheh,
Thank you for your posts for sharing your working experience in Middle East. I am curious about the business environment there and looking forward about more details in the future.
Penghui Ai says
Hi Imran. I like your answers with your personal experiences. Especially your experience in an investment bank, which help me know more about the industry.
Yuan Liu says
Hi Jordan, I am interested in about in your working experience in the Middle East. There are IT Auditing department in most of modern bank, because it can mostly minimize the risk of vulnerability from inner threat. At the same time, Auditing is also helpful to create a completed, effective and efficient company operational system.
Rouying Tang says
1. have a cousin working in Japan as warehouse manager of a small business focusing on international trading. They still used the paper booking, so she asked me to help her do something electronically for tracking the goods and products. So, I created a database via access for her. That was not something fascinating or complicated, but I think it does fit this question. Through that experience I knew something about warehouse management.
First, we need to defined each storage locations, name and number them. Check the goods name, number and other attributions like the shape, quantity and operator name, etc. in all locations.
Second, I settled transactions for filling in the data for goods coming in or out the storage locations, the attributions inputs like operator name, time, quantity, price etc. are available.
Third, I settled inquiries for searching the current goods in each locations, good counts; operators; created automatic updating monthly report regarding counting the goods and balances for the changes of each locations
The business process of warehouse management is basically about tracking the counts and changes of goods in different storage locations and who and when make those changes, then report the summaries in a regular basis.
2. I think those laws are neither sufficient nor overreacting. I think the updating laws and regulations are always necessary to reacting to the rapid changes of the new environments and new vulnerabilities.
3. Control environment referred to all business standards, processes, framework, values and culture for creating an environment to meets the internal controls. It targets on maximum the profits of stakeholders under the minimum risks and regulatory requirements.
4. An example of compliance-driven controls is like the applications of DLP tools for meeting the requirement of EDPR. The company may increase costs, but they need the related investment to maintain the business toward European consumers and their market shares in Europe. Those controls are designed for fulfilling the regulatory or ethnic requirements.
An example of the profitability-driven controls is like the required procedures to gain the approvals of budget through the managers. Those controls are for business’s profitability requirements.
Deepa Kuppuswamy says
1. I have close to 3 years of experience in IT Risk and Assurance domain and I worked as an IT Risk Analyst in Ernst & Young (EY), India. After completing my undergrad in Computer Science, I got an offer from EY. Although IT audit was a completely new field to me without a second thought I accepted the offer because of the brand of the Company. I had a great learning experience in EY; I had worked as external auditor for most of the big clients in entertainment, payroll, pharmaceutical, oil & gas industry. One downside about my work is that I use to work on an OFFSHORE model so I never really had any direct interaction with client which was a big drawback. I was good in doing the testing and documentation remotely sitting in one place but I needed a lot improvement in my business acumen skills which is really very important for an IT auditor so this made me to take up this course.
2. Various regulations like Sarbanes-Oxley (SOX), Dodd Frank act, Generally Accepted Accounting Principles (GAAP), International Financial Reporting Standards (IFRS) were passed and are very important to oversee the financial reporting and financial professionals in order to protect investors from corporate & accounting fraud an provides more transparent financial disclosures and increase the corporate responsibilities. These regulations help the auditing firms, shareholders and clients to help understand and meet the regulatory standards by understanding the restrictions, auditor independence, attorney’s responsibilities, conflict of interests and many more requirements failing to follow would result in severe penalties. United States has set forth the best regulatory framework to reduce the risk and restrict the corporate accounting scandals. Based on my understanding, these regulations are very important in order to have uniform administrative requirements, principles and standard audit requirements which would help to have uniform guidance in corporate sectors.
3. Based on my understanding, a control environment is an efficient execution of business functions and operations by delivering and achieving the business objectives to meet the company’s standards and regulatory requirements. This acts as the basic foundation and it is very important to have strong control environment in the organization structure.
4. The best real time example that I could think of for a Profitability-Driven control is Google’s Advertisement Ads. Google Ads makes a lot of profit just by a single click, it just transformed its Ad-budget into its profit driver and Google is using this as one of the largest sales channel to increase a part of its revenue. In the recent news Google said its revenue grew 26% year-over-year to $31.16 billion in the first quarter this year FY18.
Reference: https://techcrunch.com/2018/04/23/google-beats-expectations-again-with-31-15b-in-revenue/
Mahugnon B. Sohou says
Describe a business process you have experienced (either as an external or internal participant) and what your role was.
I used to Intern as an IT auditor for a firm. I remember going through the hiring/ on boarding process, being surprised that there was so much requirements, because it was my first time being in the work force. My role in this process was of course new hire.
Most the requirements were things that I needed to do/ information I needed to provide, completing tax documents for tax purpose, signing that I read understood and agreed to follow the firm’s policy on private or client information disclosure, as well as procedures to get me into their system and give me my own access to their system. I also provided my social security number as well as banking information for payment purpose. I also needed to provide a proof of address so they know where to send all the tax return related documents.
Penghui Ai says
1. I was involved in IT Department of a local manufacturer. The manufacturer recently established their IT group to operate a new operating system they bought from an application company. My job is to add each of their products into their systems and authorize different rights to each person use the operating system. This system changes the platform of the manufacturer’s business process. Originally, they get the orders from retailers through phone calls and write the invoice down, and then they ship goods by using that written invoice. After retailers receive their goods and a copy of written invoice, they will pay manufacturer if everything is correct. By changing the platform of the business process, the process itself does not changed, and it just using a faster and more efficient operating system instead of phone calls and written invoice.
2. These acts are reasonably a sufficient reaction to the failures. Policy and regulations like SOX are always updated when new fraud or failures happen. In order to prevent same failures from happening again.
3. In my opinion, control environment is a set of standards and process to help the board and senior managers to carrying out internal controls.
4. The first real life example I called up in my mind about profit-driven controls is Tencent Video’s ads in each single video. Tencent Video is a Chinese Video site just like YouTube, but the difference between their advertisement policy is Tencent Video cannot skip the ads. Therefore, I need watch 120 seconds ads. However, a compliance driven control will be more follow some specific rules or policies.
Anonymous says
1. I was involved in a summary and giving advice kind of report for a landscape garden company in China in my third undergraduate summer. We had a team of six and I was in charge of briefing and advising the IT department of the company. We did a deep investigation on every aspect and gave many useful advices on objectives like recruiting and directions for the future of the company.
2. In my opinion, these laws are a sufficient reaction. All of laws are focusing on making companies more transparent and easier for investors to make a investment. Also, the laws can also avoid fraud happened to big companies and firms like World-Con and Enron.
3. A control environment is like making some specific policy for supervision and risk management. With the control environment, the failure rate might be greatly decreased.
4. The real life experience I had is when I was using app called Day One, they offered two kind of services. One is a one time purchase with limited cloud space and limited new features, and the other one is a monthly subscription with unlimited cloud space and every new features. The subscription way costs more than the one time purchase way for costumers after 24 months.
Peiran Liu says
1. I was involved in a summary and giving advice kind of report for a landscape garden company in China in my third undergraduate summer. We had a team of six and I was in charge of briefing and advising the IT department of the company. We did a deep investigation on every aspect and gave many useful advices on objectives like recruiting and directions for the future of the company.
2. In my opinion, these laws are a sufficient reaction. All of laws are focusing on making companies more transparent and easier for investors to make a investment. Also, the laws can also avoid fraud happened to big companies and firms like World-Con and Enron.
3. A control environment is like making some specific policy for supervision and risk management. With the control environment, the failure rate might be greatly decreased.
4. The real life experience I had is when I was using app called Day One, they offered two kind of services. One is a one time purchase with limited cloud space and limited new features, and the other one is a monthly subscription with unlimited cloud space and every new features. The subscription way costs more than the one time purchase way for costumers after 24 months.
Yuan Liu says
1. I worked in the biggest pear juice company in China as a project manager, which is a pear juice puree producer. The company has the largest production in China, because the factory is built near the biggest pear farm of China, which means there is shot cut for the transaction cost. The company does not sell packaged product to customer directly, it sells pear juice puree to beverage company, such as Pepsi and Coca Cola, then let them to produce beverage and sell it to customers. My job is to connect two companies. Because there are two different standard of juice quality check between the U.S and China, the pear juice company cannot produce pear puree to match the FDA standard, which is more strict compared with Chinese food safety standard. I have to check the FDA standard and negotiate with American company about price. To catch the higher juice quality, my company has to upgrade production line and equipment. Also we re-training employees to teach them how to use new machine. At the end, our product match the standard of the FDA and export to American market successfully. We made more profit compared with Chinese Market.
2. I think these laws are a sufficient reaction, because there are lots of threat and risk in the market at the beginning of market growing. Most of threat and risk is artificial. Sometimes people choose fraud to hide the threat, which lead to a series of negative influence and serious problem coming. A reasonable and completed law can prevent similar situation happening. However, we do not know where is the risk and threat and how it stars before they truly happening in the most situation. Therefore, it is essential to do high control failures to prevent occur again.
3. A control environment is a term of financial audit, internal audit and Enterprise Risk Management. It means the overall attitude, awareness and actions of directors and management regarding the internal control system and its importance to the entity. They express it in management style, corporate culture, values, philosophy and operating style, the organizational structure, and human resources policies and procedures.
4. In my opinion, a significant example of profitability-driven controls is iPhone. Every year there will be a new generation iPhone coming up. At the meantime, Apple upgrade iOS operation system for all mobile electronic device. The purpose of these upgrade is for profit. Most of time, we do not need that high level product like iPhone Xs, which include Bionic chips, VR technology and advanced image rendering technology. I have to say these Technology is powerful but not useful for regular people. Most of Mobile phone users only need go online, phone call and camera. Every year Apple upgrades their iPhone is not for customer, its for higher profit. At the meantime, during the software upgrade, our Apple device will run slower because Apple try to push us to upgrade. I think the difference between compliance-driven and aprofitability driven control is that compliance driven let company grow up based on the compliance first, but aprofitability driven is to push company focusing on the profit first.