ABSTRACT Title of Dissertation: INTERNAL CONTROL AND FIRM PERFORMANCE Houda Ramadan Graduation 2010 Dissertation Directed By: Professor/Doctor……………… Department of Accounting…………… University of Ajman This dissertation investigates research question arising from the regulation of internal controls required by Sarbanes-Oxley Act of 2002 (SOX). The question asks whether better internal controls can enhance firm performance? To address this question, the relation between cost of sales and internal control is estimated by an investigation and documents studies in Best Paints & Chemical Industries Ajman, UAE. Firms with weak internal controls are identified as those that disclose material weaknesses in internal controls in periodic filings from August 2002 to June 2010, as required by SOX. The research and studies results based on companies with the disclosures of material weaknesses in internal control, shows that firms with weak internal controls have lower market-value. 1
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ABSTRACT
Title of Dissertation: INTERNAL CONTROL AND FIRM PERFORMANCE
Houda Ramadan Graduation 2010
Dissertation Directed By: Professor/Doctor……………… Department of Accounting…………… University of Ajman
This dissertation investigates research question arising from the regulation of internal controls
required by Sarbanes-Oxley Act of 2002 (SOX). The question asks whether better internal
controls can enhance firm performance? To address this question, the relation between cost
of sales and internal control is estimated by an investigation and documents studies in Best
Paints & Chemical Industries Ajman, UAE. Firms with weak internal controls are identified
as those that disclose material weaknesses in internal controls in periodic filings from August
2002 to June 2010, as required by SOX. The research and studies results based on
companies with the disclosures of material weaknesses in internal control, shows that firms
with weak internal controls have lower market-value.
1
INTERNAL CONTROL AND FIRM PERFORMANCE
By
Houda Ramadan
Dissertation submitted to the Faculty of the……..
University of Ajman, in partial fulfillment
of the requirements for the degree of
Bachelor of Business Science,
2010
2
Dedication
Dedicated to my dearest Mom and Dad
3
Acknowledgments
This dissertation is a result of the guidance, support, and encouragement of my faculty, family,
and friends. They provided much needed direction throughout this process. I am so grateful for
their interest and inspiration in bringing this together.
A special thanks to Professor/Doctor……….. for his critical role as mentoring all my project. His
knowledge and patience pushed me beyond my perceived abilities. Much of the dissertation
research would have been impossible without their guidance, patience and encouragement.
His honest critique and steady guidance have been essential ingredients in my completion of
this dissertation. I hope that in my career I can connect with my students the way that
Professor/Doctor…… does.
Finance department of Ajman Holdings Group provided me constant support and essential
information necessary to accomplish my dissertation. From our meeting since I entered the
trainee program in month of July 2010 and straight on through, they have shown a sincere
interest in my work and my graduation project.
I would also like to thank my colleagues in the program for providing feedback on this
dissertation and their incredible team spirit which made the process bearable. Thank you for
your friendship and support. A special thanks to Mr. Ali Raza from Ajman Holdings Group (Best
Paints & Chemical Industries) for his patient coaching.
Special thanks to my mom, dad and sister whose love and support allow me to keep my eye on
the prize and finish this race.
4
Declaration
I certify that except where due acknowledgement has been made, the work is done by the
author alone; the work has not been submitted previously, in whole or in part, to qualify for the
best information provided in this thesis by researcher; the content of the thesis is the result of
work which has been carried out since the official commencement date of the approval of this
topic selected for this work; and, any editorial work, paid or unpaid, carried out by the
researcher itself.
Houda Ramadan30 December, 2010
Table of Contents
5
PageAbstract 1
Dedication 3
Acknowledgement 4
Declaration 5
Table of Contents 6
Chapter 1 7
1.1 Introduction & Definition 7
1.2 Motivation 9
1.3 Background 10
1.4 Objective and Significance of the Study 15
1.5 Research Problems and Questions 16
1.6 Scope and Limitations 17
1.7 Hypothesis of the Study 18
Chapter 2 19
Literature Review 19
Chapter 3 24
3.1 Hypothesis Development 24
3.2 Analysis and Interpretation of Data 26
Chapter 4 29
4.1 Internal Controls and Procurement 29
4.2 Recommendations 35
Chapter 1
6
1.1- Introduction
In accounting and auditing, internal control is defined as a process effected by an
organization's structure, work and authority flows, people and management information
systems, designed to help the organization accomplish specific goals or objectives. It is a
means by which an organization's resources are directed, monitored, and measured. It plays
an important role in preventing and detecting fraud and protecting the organization's resources,
both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual
property such as trademarks). At the organizational level, internal control objectives relate to
the reliability of financial reporting, timely feedback on the achievement of operational or
strategic goals, and compliance with laws and regulations. At the specific transaction level,
internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure
the organization's payments to third parties are for valid services rendered.) Internal control
procedures reduce process variation, leading to more predictable outcomes. Internal control is
a key element of the Foreign Corrupt Practices Act (FCPA) of 1977 and the Sarbanes–Oxley
Act of 2002, which required improvements in internal control in United States public
corporations. Internal controls within business entities are also referred to as operational
controls.
Internal controls have existed from ancient times. In Hellenistic Egypt there was a dual
administration, with one set of bureaucrats charged with collecting taxes and another with
supervising them. In the Republic of China, the Control Yuan, one of the five branches of
government, is an investigatory agency that monitors the other branches of government.
Definitions
7
There are many definitions of internal control, as it affects the various constituencies
(stakeholders) of an organization in various ways and at different levels of
aggregation.
Under the COSO Internal Control-Integrated Framework, a widely-used framework in
the United States, internal control is broadly defined as a process, effected by an
entity's board of directors, management, and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives in the following
categories: a) Effectiveness and efficiency of operations; b) Reliability of financial
reporting; and c) Compliance with laws and regulations.
COSO defines internal control as having five components:
1. Control Environment - sets the tone for the organization, influencing the
control consciousness of its people. It is the foundation for all other
components of internal control.
2. Risk Assessment - the identification and analysis of relevant risks to the
achievement of objectives, forming a basis for how the risks should be
managed
3. Information and Communication - systems or processes that support the
identification, capture, and exchange of information in a form and time frame
that enable people to carry out their responsibilities
4. Control Activities - the policies and procedures that help ensure management
directives are carried out.
5. Monitoring - processes used to assess the quality of internal control
performance over time.
The COSO definition relates to the aggregate control system of the organization,
which is composed of many individual control procedures.
Discrete control procedures, or controls are defined by the SEC as: "...a specific set of
policies, procedures, and activities designed to meet an objective. A control may exist
within a designated function or activity in a process. A control’s impact...may be
entity-wide or specific to an account balance, class of transactions or application.
Controls have unique characteristics – for example, they can be: automated or manual;
reconciliations; segregation of duties; review and approval authorizations; safeguarding
and accountability of assets; preventing or detecting error or fraud. Controls within a
process may consist of financial reporting controls and operational controls (that is,
those designed to achieve operational objectives)."
1.2- Motivation
8
The introduction of the Sarbanes-Oxley Act of 2002 (SOX), as a response to well-
publicized accounting scandals, requires all public companies to disclosed internal
controls over financial reporting. Specifically, Section 404 of SOX requires
management of public companies to issue an internal control report in which they take
responsibility for maintaining adequate internal control, and make assertions
concerning their effectiveness. The company’s auditor must then issue a separate
opinion on management’s assertions and the adequacy of the internal controls.
Moreover, Section 302 of SOX requires Chief Executive Officers (CEOs) and Chief
Financial Officers (CFOs) to certify in the company’s quarterly and annual reports that
they have reviewed the report, that the internal control report contains no
misrepresentations, that the financial information is fairly presented, that they have
reported any internal control weaknesses (including fraud) to the audit committee,
and, that they have reported any material changes in internal controls.
SOX’s regulation on internal control brings about many fundamental research
questions, like the first one the disclosures of material weaknesses in internal controls
as required by SOX provide the stock market with the information to identify firms
having poor internal controls such as deficient revenue-recognition policies, lack of
segregation of duties, deficiencies in the period-end reporting, and inappropriate
account reconciliation (Ge and McVay, 2005). Therefore, by examining the impact of
disclosures of weak internal controls on firm value, we are able to answer this
fundamental question about the relation between internal controls and firm
performance.
Initially I reviewed the guidelines for Research and Analysis Project from different
sources and university books; I choose these two topics (and decided to further select
one out of them after further research)
1. The internal control activities within an organization and company performance.
2. The business and financial performance analysis of an organization over a three
year period.
I listed down the main points regarding each of these topics, using my Graduation
studies knowledge and textbooks. I also searched for knowledge using internet. Finally,
I choose the first one i.e. “The internal control activities and company performance’’
considering the importance of internal control, SOX guidance & increasing regulatory
requirement for internal control and my personal interest in the topic are some of the
reasons to work on this topic.
1.3- Background
9
More generally, setting objectives, budgets, plans and other expectations establish
criteria for control. Control itself exists to keep performance or a state of affairs within
what is expected, allowed or accepted. Control built within a process is internal in
nature. It takes place with a combination of interrelated components - such as social
environment effecting behavior of employees, information necessary in control, and
policies and procedures. Internal control structure is a plan determining how internal
control consists of these elements.
The concepts of corporate governance also heavily rely on the necessity of internal
controls. Internal controls help ensure that processes operate as designed and that
risk responses (risk treatments) in risk management are carried out. In addition, there
needs to be in place circumstances ensuring that the aforementioned procedures will
be performed as intended: right attitudes, integrity and competence, and monitoring by
managers.
Roles and responsibilities in internal control
According to the COSO Framework, everyone in an organization has responsibility for
internal control to some extent. Virtually all employees produce information used in the
internal control system or take other actions needed to effect control. Also, all
personnel should be responsible for communicating upward problems in operations,
noncompliance with the code of conduct, or other policy violations or illegal actions.
Each major entity in corporate governance has a particular role to play:
Management: The Chief Executive Officer (the top manager) of the organization has
overall responsibility for designing and implementing effective internal control. More
than any other individual, the chief executive sets the "tone at the top" that affects
integrity and ethics and other factors of a positive control environment. In a large
company, the chief executive fulfills this duty by providing leadership and direction to
senior managers and reviewing the way they're controlling the business. Senior
managers, in turn, assign responsibility for establishment of more specific internal
control policies and procedures to personnel responsible for the unit's functions. In a
smaller entity, the influence of the chief executive, often an owner-manager, is usually
more direct. In any event, in a cascading responsibility, a manager is effectively a chief
executive of his or her sphere of responsibility. Of particular significance are financial
officers and their staffs, whose control activities cut across, as well as up and down,
the operating and other units of an enterprise.
Board of Directors: Management is accountable to the board of directors, which
provides governance, guidance and oversight. Effective board members are objective,
10
capable and inquisitive. They also have a knowledge of the entity's activities and
environment, and commit the time necessary to fulfill their board responsibilities.
Management may be in a position to override controls and ignore or stifle
communications from subordinates, enabling a dishonest management which
intentionally misrepresents results to cover its tracks. A strong, active board,
particularly when coupled with effective upward communications channels and
capable financial, legal and internal audit functions, is often best able to identify and
correct such a problem.
Auditors: The internal auditors and external auditors of the organization also measure
the effectiveness of internal control through their efforts. They assess whether the
controls are properly designed, implemented and working effectively, and make
recommendations on how to improve internal control. They may also
review Information technology controls, which relate to the IT systems of the
organization. There are laws and regulations on internal control related to financial
reporting in a number of jurisdictions. In the U.S. these regulations are specifically
established by Sections 404 and 302 of the Sarbanes-Oxley Act. Guidance on auditing
these controls is specified in PCAOB Auditing Standard No. 5 and SEC guidance,
further discussed in SOX 404 top-down risk assessment. To provide reasonable
assurance that internal controls involved in the financial reporting process are effective,
they are tested by the external auditor (the organization's public accountants), who are
required to opine on the internal controls of the company and the reliability of its
financial reporting.
Describing Internal Controls
11
Internal controls may be described in terms of: a) the objective they pertain to; and b)
the nature of the control activity itself.
Objective categorization
Internal control activities are designed to provide reasonable assurance that particular
objectives are achieved, or related progress understood. The specific target used to
determine whether a control is operating effectively is called the control objective.
Control objectives fall under several detailed categories; in financial auditing, they
relate to particular financial statement assertions, but broader frameworks are helpful
to also capture operational and compliance aspects:
1. Existence (Validity): Only valid or authorized transactions are processed (i.e.,
no invalid transactions)
2. Occurrence (Cutoff): Transactions occurred during the correct period or were
processed timely.
3. Completeness: All transactions are processed that should be (i.e., no
omissions)
4. Valuation: Transactions are calculated using an appropriate methodology or
are computationally accurate.
5. Rights & Obligations: Assets represent the rights of the company, and
liabilities its obligations, as of a given date.
6. Presentation & Disclosure (Classification): Components of financial
statements (or other reporting) are properly classified (by type or account) and
described.
7. Reasonableness: Transactions or results appears reasonable relative to other
data or trends.
For example, a control observance received." This is a validity objective. A typical
control procedure designed to achieve this objective is: "The accounts payable system
compares the purchase order, receiving record, and vendor invoice prior to authorizing
payment."
Management is responsible for implementing appropriate controls that apply to
transactions in their areas of responsibility. Internal auditors perform their audits to
evaluate whether the controls are designed and implemented effectively to address
the relevant objectives.
Activity categorization
12
Control activities may also be explained by the type or nature of activity. These include
(but are not limited to):
Segregation of duties - separating authorization, custody, and record keeping
roles of fraud or error by one person.
Authorization of transactions - review of particular transactions by an
appropriate person.
Retention of records - maintaining documentation to substantiate
transactions.
Supervision or monitoring of operations - observation or review of ongoing
operational activity.
Physical safeguards - usage of cameras, locks, physical barriers, etc. to
protect property, such as merchandise inventory.
Top-level reviews-analysis of actual results versus organizational goals or
plans, periodic and regular operational reviews, metrics, and other key
performance indicators (KPIs).
IT Security - usage of passwords, access logs, etc. to ensure access
restricted to authorized personnel.
Top level reviews-Management review of reports comparing actual
performance versus plans, goals, and established objectives.
Controls over information processing-A variety of control activities are used
in information processing. Examples include edit checks of data entered,
accounting for transactions in numerical sequences, comparing file totals with
control accounts, and controlling access to data, files and programs.
Control precision
13
Control precision describes the alignment or correlation between a particular control
procedure and a given control objective or risk. A control with direct impact on the
achievement of an objective (or mitigation of a risk) is said to be more precise than
one with indirect impact on the objective or risk. Precision is distinct from sufficiency;
that is, multiple controls with varying degrees of precision may be involved in
achieving a control objective or mitigating a risk.
Precision is an important factor in performing a SOX 404 top-down risk assessment.
After identifying specific financial reporting material misstatement risks, management
and the external auditors are required to identify and test controls that mitigate the
risks. This involves making judgments regarding both precision and sufficiency of
controls required to mitigate the risks.
Risks and controls may be entity-level or assertion-level under the PCAOB guidance.
Entity-level controls are identified to address entity-level risks. However, a combination
of entity-level and assertion-level controls are typically identified to address assertion-
level risks. The PCAOB set forth a three-level hierarchy for considering the precision
of entity-level controls. Later guidance by the PCAOB regarding small public firms
provided several factors to consider in assessing precision.
Fraud and internal control
Internal control plays an important role in the prevention and detection of fraud. Under
the Sarbanes-Oxley Act, companies are required to perform a fraud risk assessment
and assess related controls. This typically involves identifying scenarios in which theft
or loss could occur and determining if existing control procedures effectively manage
the risk to an acceptable level. The risk that senior management might override
important financial controls to manipulate financial reporting is also a key area of focus
in fraud risk assessment.
The AICPA, IIA, and ACFE also sponsored a guide published during 2008 that
includes a framework for helping organizations manage their fraud risk.
Internal Controls and Improvement
14
If the internal control system is implemented only to prevent fraud and comply with
laws and regulations, then an important opportunity is missed. The same internal
controls can also be used to systematically improve businesses, particularly in regard
to effectiveness and efficiency.
Continuous Controls Monitoring
Advances in technology and data analysis have led to the development of numerous
tools which can automatically evaluate the effectiveness of internal controls. Used in
conjunction with continuous auditing, continuous controls monitoring provides
assurance on financial information flowing through the business processes.
1.4- Objective and Significance of the Study
The objective of the study to examine the over all control environment in Best Paints & Chemical Industries and particularly in purchase and inventory areas to assess the systems and related affects on the cost of sales and profits of the company to conclude my hypothesis. Following are few objectives:
- Ascertain whether effective internal control improve purchasing and inventory management and help to reduce cost and improve profitability
- To summarize the findings and recommendations to improve the existing system and contribute in the future learning and research
- To study and identify the internal control system of purchases and inventory in Best Paints & Chemical Industries
- To determine whether established purchasing policies and procedures exist
- To determine whether adequate segregation of duties associated with the purchasing function exists
- To determine whether the purchase of material and other goods is adequately controlled
- To determine whether purchases are approved by responsible persons and the approvals are documented
The importance of this study arises from the gains that could be achieved by companies as a
result of the evaluation of the internal control systems and the rate of its adequacy to the
15
companies’ conditions and the possibility of their development to maintain their resources.
Study highlighted the crucial role of internal control in company performance few are:
1. Effective Internal control leads to the realization of the companies goals
2. The presence of effective and independent internal audit system leads to the proper
application of the internal control system regulation
3. Periodical audit of the policies and procedures of internal control leads to the
tackling of negativities and support positive
4. The corporate governance leads to the precedence of economic performance and
helps the continuity of companies
1.5- Research Problems and Questions
The research problem is represented in the fact that internal control is one of the main pillars of accounting control systems, in public and private sectors institutions. However, all objectives would be achieved by following the internal control system. The research aims to identify the extent of efficiency and effectiveness of internal control in the development of performance in the Administration of Best Paints and highlighting the role of internal control in improving performance in the administration and can improve the profitability.
Most important research questions are:
1. Is it true that internal control has a tangible role in the increase of productivity and
realization of profitability?
2. Can a good internal control system leads to perform business promptly and minimizes
efforts?
3. Can an effective internal control system leads to develop financial performance?
4. Can an effective internal control system leads to control levying and expenditure?
1.6- Scope and Limitations
16
Internal control can provide reasonable, not absolute, assurance that the objectives of
an organization will be met. The concept of reasonable assurance implies a high
degree of assurance, constrained by the costs and benefits of establishing
incremental control procedures.
Effective internal control implies the organization generates reliable financial reporting
and substantially complies with the laws and regulations that apply to it. However,
whether an organization achieves operational and strategic objectives may depend on
factors outside the enterprise, such as competition or technological innovation. These
factors are outside the scope of internal control; therefore, effective internal control
provides only timely information or feedback on progress towards the achievement of
operational and strategic objectives, but cannot guarantee their achievement.
Scope of this study was limited because of non availability of information from companies and most of the research performed based on articles and internet search.
1.7- Hypothesis of the Study
17
After reviewing of different reports and search through different sources shows a
disclosure of a material weakness in internal control as required by SOX for stock
exchanges companies might reduce firm value.
I worked with Best Paints & Chemical Industries an establishment not required to
report anything regarding SOX or internal control, I performed most of my analysis
and research on purchase and inventory areas in Best Paints therefore, I hypothesize
the material weaknesses of internal controls will be negatively associated with the firm
COST OF SALES causing financial losses.
Hypothesis: ‘‘The material weaknesses of internal controls will be negatively
associated with the firm financial profits’’.
18
Chapter 2
Literature Review
1. Introduction and Overview
When companies suddenly collapse, the often-resounding question is, “what went
wrong?” A breakdown in the internal control system is the usual cause. Internal control
is a process that guides an organization towards achieving its objectives. These
objectives include operational efficiency and effectiveness, reliability of financial
reporting, and compliance with relevant laws and regulations (COSO 1992). Absence
of these variables often results in organizational failure. The findings of the Tread way
Commission Report of 1987 in the United States (USA) confirmed absence of, or
weak, internal controls as the primary cause of many cases of fraudulent company
financial reporting.
The widespread global corporate accounting scandals that assumes near epidemic
proportions in recent years inform this study. Notable cases include Enron and
WorldCom in the USA, Parma at in Europe, and ChuoAoyama in Asia. In South Africa,
cases of accounting scandals have been recorded in JCI and Randgold and
Exploration companies. In Nigeria, the Managing Director and Chief Financial Officer
of Cadbury Nigeria plc were dismissed in 2006 for inflating the profits of the company
for some years before the company’s foreign partner acquired controlling interest.
These scandals emphasize the need to evaluate, scrutinize, and formulate systems of
checks and balances to guide corporate executives in decision-making. These
executives are legally and morally obliged to produce honest, reliable, accurate and
informative corporate financial reports periodically.
Conceptual Framework
Most of the literature on internal control frameworks includes information and
communication as one of the internal control components. Smooth flow of information
and communication across and within the organization is influenced by the nature of
the working relationship within the organization at all levels. The working relationship
coordinates organization’s activities to achieve goal congruence.
When effective working relationship exists in an organization, delegation of
responsibilities is achieved. Then internal control functions as intended. However,
when a communication gap exists for any reason, sub-optimization results with
adverse consequences.
19
Some internal control frameworks place unnecessary emphasis on detailed
explanation of the different components of the system and methods for their design.
They ignore details on how each of the components can be measured to assess their
effectiveness. This causes a dilemma. For example, where two managers use
different methods to measure the same subject and arrive at different conclusions. A
challenge arises in ascertaining who is right or wrong. When a common benchmark for
evaluation of measured results is missing, knowing the right approach becomes
difficult.
Other internal control frameworks ignore where one or more components are missing
within a given structure, but are compensated for with other controls in other
components. For example, in small companies’ segregation of duties is not possible,
but is compensated by management’s involvement in the day-to-day supervision,
verification and review of records and processes, to ensure controls function
effectively. Under the situation, all components of an effective internal control system
may not be present but the system could still function effectively. The challenge is
ascertainment of the effectiveness of the system. When such management styles
extend to large organizations unscrupulous managers of these organization’s can
manipulate the organizations to meet their personal goals.
After addressing the above limitations, internal control is a process of integrated sets
of activities originated by top personnel of an organization and embedded within all the
organization’s activities to achieve goals. This comprises two sets of variables:
dependent and independent. At the forefront of the independent variables is the
influence of authority that ensures the independent variables function to generate the
outcome of the dependent variable.
Figure 1 shows the conceptual framework components of dependent and independent
variables.
The effectiveness of internal control is the dependent variable. This is achieved by the
presence and proper functioning of all the predefined independent variables in relation
to each category of the organization’s objectives. Proper functioning of independent
variables provides reasonable assurance of proper functioning of dependent variable.
Then the organization realizes preset objectives of efficient and effective operations,
generation of accurate, reliable and informative financial reports that comply with
relevant legal and regulatory requirements. The objectives are overlapping. This
means efficient and effective operations produces accurate, reliable and informative
financial reports that comply with applicable laws and regulations.
20
Figure 1: Conceptual framework of internal control
21
ControlEnvironment
Risk assessment
ControlActivities
Information &Communication
Monitoring
I Technology
3
2
1Effectivenessof internalControl
WorkingRelationships
Authority
IndependentVariables
InvigoratesIndependentVariables
Dependent ObjectivesVariable
Objectives of theOrganization are achievedWhen interferences on theVariables caused by workingRelationships are taken intoConsideration
Source: Researchers’ DesignThe objectives, depicting overlapping interrelationships are numbered 1, 2 and 3 in Figure 1 (1) include efficiency and effectiveness of operations (2) accuracy and reliability of informative financial reporting and (3) compliance with applicable laws, regulations, policies and procedures.The independent variables determine the effectiveness of an internal control system. The presence and proper functioning of all the components of the independent variables ensures effectiveness of internal control system. This achieves each category of objectives 1, 2 and 3 in Figure
1. The independent variables comprise major and minor components. Individual minor components jointly feed into and form a specific major independent variable. The measurement of minor independent variables locates any weaknesses existing in the major independent variables. The major independent variables include:
• Control environment• Risk assessment• Control activities• Information and communication• Monitoring• Information Technology• The minor independent variables include:• Authorization and approval procedures• Human resource policies and practices• Assignment of authority and responsibility• Ineligible expenditure• Accountability obligations• Segregation of duties• Controls over access to resources• Presence of internal auditors• Verification• Reconciliation• Review of operating performance• Supervision
A direct relationship exists between the outcomes of the dependent and the independent variables. All the independent variables are relevant to each category of objectives. Internal control processes (minor independent variables) affects the effectiveness of internal control systems, which is subject to the organization’s determined objectives. All the independent variables are interdependent but each has an impact on the effectiveness of internal control systems. Different approaches to the evaluation of effectiveness of internal controls are available. The study uses the model in Figure 1. In this regard, controls evaluation is a step toward achieving the study’s objectives once the research questions are answered. The research questions are formulated to identify the existence or otherwise of each variable of internal control.
22
Research on internal controls is a relatively new but a rapidly growing area in the
accounting literature. The majority of the studies involving internal controls are focused
on investigating the characteristics of firms that disclose material weaknesses in
internal control. For example, Ge and McVay (2005) found that companies with
material weaknesses are more complex, smaller, and less profitable than firms that do
not disclose material weaknesses. Doyle et al. (2007b) confirmed Ge and McVay’s
results and also show that firms disclosing material weaknesses are younger, growing
rapidly, or undergoing restructuring. Similarly, Ashbaugh et al. (2006) document that
firms reporting internal control weaknesses have more complex operations, have
experienced recent changes in organizational structure, are at increased exposure to
accounting risks, and have fewer resources to invest in internal control. Furthermore,
Doyle et al. (2005) indicated that firms with material weaknesses have a lower
earnings quality than those that do not report material weaknesses.
Additionally, Hammersley et al. (2007) showed a negative market reaction to firms that
had reported material weaknesses in internal control per the requirement of SOX
Section 302. Using a sample of 102 firms that had reported internal control weaknesses
without other material news spanning the event window, De Franco et al. (2005)
investigated whether the market reaction to the internal control weaknesses varied by
investor size. Their findings revealed a negative market reaction during the three-day
window relative to the disclosure of material weaknesses. Beneish et al. (2006)
investigated whether the effect of material weaknesses on the cost of capital and on
stock prices is associated with audit quality. They found a negative return during a
three-day window during which material weaknesses were disclosed and also
discovered that, when audit quality was lower, the cost of capital and returns were
more negative for firms with material weaknesses. However, Ashbough-Skaife et al.
(2006) and Bryan and Lilien (2005) did not find a negative market reaction to the
disclosures of material weaknesses.
Instead of focusing on the market response as in the literature, this study investigates whether week internal controls results in increase of cost of sales and reduce profits.
23
Chapter 3
3.1- Hypothesis Development and Importance of Internal Control
Ohlson (1995) sets out a valuation model in which current market-value is related to
current accounting numbers via investors’ use of these numbers to inform
expectations of future accounting data, through an equation.
A disclosure of a material weakness in internal control might reduce firm valuedue to any one or a combination of the three reasons.
First, weak internal control might increase a firm’s cost of capital, While Ohlson (1995)
uses a risk free discounting rate to exclude the impact of information uncertainty on a
firm’s cost of capital, Easley and O’Hara (2004) have shown that increased information
uncertainty can result in an increase in a firm’s cost of capital. Ashbaugh et al (2006)
and Beneish et al (2005) have shown that weaknesses in internal control are related
to higher information uncertainty and thus higher firm’s cost of equity capital. Higher
cost of capital will increase the discount rate, decrease the present value of the
expected future abnormal earnings, and accordingly decrease the market-value.
Second, internal control deficiencies reduce a risk-averse stockholder’s expected
value of future earnings.
Third, internal control deficiencies may reduce the effectiveness and efficiency of
business operation. Cushing (1974) mathematically shows that internal controls
facilitate effective operation by enhancing the reliability of the system, which increases
the firm’s profit. Demski (1969) analyzes the informational role of controls in providing
management’s operation decisions with feed forward and feedback information.
Deficiencies in internal control reduce the effectiveness and efficiency of business
operations, which may lower stockholders’ expectation of future earnings.
Based on the above analysis, weak internal controls might reduce a firm’s market-
value by increasing the firm’s cost of capital, decreasing the precision of accounting
information, and impairing the effectiveness and efficiency of business operations. As
such, disclosures of internal control weaknesses might cause investors to reevaluate
their assessment of the quality of management’s oversight over the financial reporting
process, leading to revisions in expectations about the firm’s future profitability or to
revisions in perceptions of firm risk (Hammerley et al., 2007). I, therefore, hypothesize
the material weaknesses of internal controls will be negatively associated with the firm
24
value, efficiency and ultimately profits.
The broader objectives of internal controls are not limited to the reliability of financial
reporting as required by SOX alone. A number of key internal control frameworks,
such as COSO’s Integrated Internal Control Framework (1992) and Turnbull’s
Guidance on Internal Control (1999), have been developed prior to the high-profile
accounting scandals at the turn of the century. COSO (1992) defined internal control
as follows:
“…a process, effected by an entity’s board of directors, management and other
personnel, designed to provide reasonable assurance regarding the achievement of
objectives in the following categories:
Effectiveness and efficiency of operations. Reliability of financial reporting.
Compliance with applicable laws and regulations.”
Turnbull (1999), notwithstanding viewing internal control as a system, defines internal
control the same as COSO (1992) to achieve three objectives in operations, reporting,
and compliance. COSO (1992) and Turnbull (1999) both took a broader approach to
internal control than SOX, in terms of scope, objectives, and approach. They focused
on all controls covering the company’s entire range of activities and operations, not
just those directly related to financial reporting, and adopted a risk-based approach to
internal control (IFAC, 2006).
Although SOX’s focus on internal controls over financial reporting is under the
consideration of a cost-effective solution of reinforcing compliance and accountability
in response to accounting scandals, all enterprise-wide risks, not just the risks existing
in reporting systems, affect the reliability of financial reporting (Lin and We, 2006).
Therefore, to comply with SOX’s requirement on internal control over financial
reporting, companies will have to disclose weaknesses in internal controls covering
the objectives of reporting, operations and compliance in COSO (1992) and Turnbull
(1999)
25
3.2- Analysis and Interpretation
Best Paints & Chemical company located in new industrial area in Ajman, mainly
based on fine paints products, like industrial paints, marine paints, thinners and they
also have a variety primers paints products.
Company started its operations in 2007 and going on a successive
stages of research and development along with product innovation.
In order to protect assets, security, integrity, and improve the quality of accounting
Information to ensure that the relevant laws and regulations and unit management
principles and policies to implement to avoid or reduce risks, improve operational
efficiency of management, operation and management to achieve unit objectives to
develop and implemented a series of measures of internal controls and procedures.
Internal controls help to reduce the possibility of errors and fraud, protect corporate
assets safe; are conducive to reducing the occurrence of violations; help to reduce
business failure, the probability of financial failure; will help improve the
competitiveness of enterprises, encourage enterprises to obtain greater Economic
benefits; a conducive business management activities of solid progress toward the
established goals to ensure the enterprise development strategies and work plan is
successfully completed.
I worked in accounting departments on two years data on purchases and inventory
and I identified areas with effective controls and without effective controls. I compared
two years data to measure my results and give a numerical figure to support or reject
my hypothesis.
Due to confidentiality of information and reluctance of management to provide me all
details was not possible, hence I tried my best to conclude my research I came up with
following results,
26
Purchase systems managed very badly totally flawed Purchase system
Poorly managed as material purchased without setting any order, reorder and economic order level
Effective comparison of prices and quality for different suppliers was done but Ordering and purchasing material at suboptimal level leading to high product cost
Lack of proper reporting regarding the best option to purchase material at optimum level
Procurement staff is not working in line with target and values assigned to them or there is no such target. Expensive and suboptimal purchases reducing our profit margins
Inventory kept at sub optimal level and no order level or optimal level sets
No record maintain for slow moving items and obsolete items
No reporting requirement set for production cost, items produced and batch processing
Purchases system running on ad hoc basis and no proper controls on requisitions, quotations and ordering
These all above mentioned points and many more leads to financial losses like
Purchases at sub optimal level leads to high cost
Order can be placed with unapproved supplier will cause high cost, quality, delivery and support issues
Insufficient record of stock and purchases results in obsolete stock and expired material used in production resulted bad quality, bad reputation and loss of future orders
Lack of accountability in many areas leads to employees inefficiency and chances of mistakes and frauds
Inappropriate reporting system leads to non availability of information regarding material prices, product cost and resulted in heavy losses as products sold at gross loss
Lack of control environment and absence of effective controls resulted heavy losses in the factory as mentioned below. The company have some check and balance in the start of operations in 2007 and further in 2008 but in 2009 its cleared that controls weaken day by day resulted in losses
27
“In 2008 just after two years of operations company generated a 12% Gross Profit but
in 2009 company incurred a 10% GROSS LOSS.” Gross loss because Many
Products not covering their cost’’
It is very clear from all my work and after examining all documents I concluded that in
2007 and 2008 company managed some good controls and accountability in purchase
system that generated positive results but with passage of time these controls obsolete
as higher management not aware with corporate governance and controls procedures.
In 2008 the associated cost with purchases, production process and inventory
management was less as compared to 2009 but it should be reversed as company
streamlined its operations and purchase system with passage of time. But Best Paints
& Chemical Industries failed to achieve its targets.
I concluded with my findings that the hypothesis is true that
‘‘The material weaknesses of internal controls will be negatively associated with
the firm financial profits’’
28
Chapter 4
4.1- Internal Controls and procurement
Overview of the purchasing process
A purchase transaction usually begins with a purchase requisition being generated by
a department or support function . the purchasing department prepares a purchase
order for the purchase of good or service from a vendor. When the goods are received
or the service have been rendered, the entity records a liability to the vendor . finally ,
the entity pays the vendor .
Purchasing Objectives
1. Procure the necessary quality and quantity of goods and/or services in an efficient,
timely and cost effective manner, while maintaining the controls necessary for a
corporation.
2. Encourage an open competitive bidding process practicable for the acquisition of
goods and/or services and equitable treatment of all vendors.
3. Ensure the maximum value of an acquisition is obtained by determining the total
cost of performing the intended function over the lifetime of the task. This may include,
but not be limited to, acquisition cost, installation, disposal value, disposal cost, training
cost, maintenance cost, quality of performance and environmental impact.
4. Procure goods and/or services with due regard to the preservation of the natural
environment and to encourage the use of “environmentally friendly” products and
services.
Types of transaction and financial statement accounts affected
Three type of transaction are processed through the purchase process:
Purchase of good and service for cash or credit
Payment of the liabilities arising from such purchases
Return of good to suppliers for cash or credit
Type of documents and records
Purchase requisition
This documents requests goods or services for an authorized individual or department within the entity. Examples of such requests include and order force supplies from an office supervisor and an order for newspaper advertising space from a marketing manager.
29
Purchase order
This document include the description quality and quantity of, and other information on, the goods and services being purchased. The purchase order also indicate who approved the acquisition and represents the authorization to purchase the goods and services . the purchase order may be mailed , faxed , sent via PC\Internet , or placed pay telephone with the supplier or vendor .
Receiving report
This documents record the receipt of goods. Normally, the receiving report is a copy of the purchase order with the quantities omitted. this control activity encourages receiving department personnel to make an adequate , independent count of the goods received . Receiving department personnel record the date , description, quantity, and other information on this document . in some instances , the quality of the goods is determined by receiving department personnel . in other cases , an inspection department determine wither the goods meet the required specification s . the receiving reports is important because receiving goods is generally the event that leads to recognition of the liability by the entity .
Vendor invoice
This document is the bill from the vendor . the vendor invoice include the description and quantity of the goods shipped or service provided, the price including freight , the terms of trade including cash discounts, and the date billed. Increasingly, vendor invoices are transferred electronically between by Email or as part of an EDT system , highly integrated EDI systems between buyer and supplier may be' invoiceless ' .
Voucher
This document is frequently used by entities to control program for acquired goods and service . this document serves as the basis for recording a vendor's invoice in the
voucher register or purchase journal.
Voucher register\purchase journal
A voucher register is used to record the vouchers for good and service . the voucher register contains numerous columns for recording the account classification for the goods or services, including a column for recording credits to accounts payable, and columns for recording debits to asset account s such as inventory and expenses account such as repairs and maintenance . the voucher register also contains columns for miscellaneous debit and credits . some entities used purchase journal instead of a voucher register . with a purchase journal , either voucher or vendor's invoices may be used to record the liability. The major difference between a voucher register and a purchase journal is in the way individual vouchers or vendor invoices are summarized.
Account payable subsidiary ledger
When a purchase journal is utilized , this subsidiary ledger records the transactions with , and the balance owned to, a vendors. When a voucher register system is used,
30
the subsidiary ledger is a listing of the unpaid vouchers. The total in the subsidiary ledger should equal the balance in the general ledger accounts payable accounts.
Vendor statement
This statement is sent monthly by the vendors to indicate the beginning balance , current period purchase and payments and the ending balance . the vendor's statement represents the purchase activity recorded in the vendor's records . it may differ from the client's records because of errors or more often, timing differences due to delays in shipping goods or recording cash receipts. The client verifies the accuracy of its record by comparing vendor statements with the accounts payable records.
Bank Giros and Cheques
Goods and service are increasingly paid for through electronic transfer of funds . a remittance advice received from the vendor such as bank giro with the necessary identify data for the transaction may be used to initiate the electronic transfer. Under electronic transaction between the client and their bank , the client's bank prepares the transaction on the vendor's advice and the transaction is executed at the consent of the client . cheques signed by an authorized individual are also being used to pay for goods or services, and cheques are still popular for paying vendors in some countries.
Cash disbursements journal
This journal records disbursement , either made electronically or by cheque. The cash disbursements journal contains columns for recording credits to cash and debits to accounts payable and cash discounts. Columns may also record miscellaneous debits and credits. Payment record disbursements journal are also recorded in the voucher register or in the accounts payable subsidiary ledger, depending on which system is used by the entity.
The major functions of purchasing process
The principle objectives of the purchasing process are acquiring good and services at the lowest cost consistent with quality and service requirement and effectively using
cash resources to pay for those goods and services .
Requisitioning Purchasing Receiving Invoice processing Disbursements Account payable General ledger
31
Segregation of Duties
Segregation of duties in purchasing is an internal control, either facilitated by the finance system or through a risk managed process, to ensure that no one officer has so much control over a procurement activity that mistakes could go undetected or that the officer could be placed in a situation where they could be tempted by an inappropriate activity. The emphasis is the segregation of functional responsibilities and to create a system of checks and balances, so that a duty performed by one officer would be checked by another officer in the ordinary course of work.
Key Segregation of Duties in the Purchasing Process
i) Purchasing function should be segregated from requisition and receiving functions
Possible error: fictitious or unauthorized purchases may be made resulting in theft of goods and payment for unauthorized purchases
ii) Invoice Processing should be segregated from the AP function
Possible error: Purchase transactions can be processed at the wrong price/term or payments made for items not received- so overpayment of goods and theft of cash
iii) Disbursement function should be segregated from the AP function
Possible error: unauthorized cheques supported by fictitious documents may be issued and unauthorized transactions recorded
iv) AP function should be segregated from the GL function
Possible error: concealment of defalcation which would be detected during the reconciliation of the subsidiary ledger to the GL control account.
Storing goods received for stock
On delivery of the goods to stores or another requisitioning department , receiving clerks should obtain a signed receipt on the copy of the goods received note retained by the receiving department .
Checking and approving the supplier's invoice
For good and services supplied on credit, the supplier is usually instructed by the purchase order to send the invoice directly to the entity's accounting department . prior to being recorded , suppliers' invoices are checked and approved .
32
Unpaid suppliers' invoices and supporting documentation are held in a file in the
accounts department pending their subsequent payment . Properly approved supplier's invoices provide the basis for recording purchase transaction .
Recording the liability
In manual systems, the approved suppliers invoices are initially entered in the purchase journal, the monthly totals of which are posted to the purchase ledger control account in the general ledger . the approved supplier's invoices are sent daily to the account department for recording in the purchase ledger . an accounting supervisor should perform an independent check of the engagement of the total of the invoices recorded by accounting personnel with the daily prelist . In addition , monthly statement received from supplier should be reconciled with the recorded supplier balance .
Materiality of controls
The auditor need to understand the client's monitoring process over the purchasing process . it also involves understanding how supervisory within the process review the personnel who perform the controls and evaluation the performance of the entity's IT system . The auditor can document the purchasing process using procedure manuals , narrative description , internal control questionnaire and flowcharts .
Inherent and control risks
In assessing inherent risk of purchasing ASSERTION . the auditor should consider pervasive factors that motivate management to misstate expenditure . the might include :
Pressure to understate expenses in order to report, falsely, the achievement of announced profitability target or industry norms.
Pressure to understate creditors in order to report a higher level of working capital in the face of liquidity problem or going-concern doubts.
These factor may affect the completeness assertion and reduce acceptable detection risk , other factors that might contribute to misstatements include :
The high volume of transaction; Temptations of employee to make unauthorized purchase relating to the
existence or occurrence assertions ; Contentious accounting issues the treatment of repairs and maintenance cost
or the classification of a lease an operation or finance lease .
In most well established entities, management's own risk assessment procedures will have led it to adopt control procedure to reduce risk of misstatement occurring in the processing and recording of transaction . however , the existence and effectiveness of controls pertaining to different transaction class assertion for purchases .moreover the auditor must remain mindful of the inherent limitation of internal control ,and failure to adapt the control structure for changed circumstances .
33
Major steps in setting control risk for the purchasing process :
Control Objectives
Purchase orders are placed only with authorized suppliers Purchase orders are properly approved Purchase orders are sent to a centralized location so that they can be obtained
on the best possible terms Goods received are checked against the relevant purchase order and inspected
for quality before they are accepted Purchase invoices and credit notes are marked in some manner to indicate that
they have been previously recorded by the accounting system All approved records are updated All payments for credit purchases and cash purchases are properly controlled No unauthorized debit entries to the accounts payable account Amounts due to the suppliers are accurately determined, promptly recorded
and classified Payments are made by the appropriate personnel for authorized liabilities and
expenses which in turn should be promptly & accurately recorded Segregation of duties between:
o Initiating purchase orderso Recording receipt of invoices and credit noteso Receiving goodso Inventory accountso Accounts payableo Cash payments
34
o Banking duties Management supervision and review exists at all stages – comparing budgets
and actual
4.2- Recommendations
Further to summary and conclusion of my research I am able to recommend following to improve internal control system which can help to improve the overall control environment and achieve company objectives. Controls must be strengthened and policy should be tighten
Assign purchase staff clear target and values. If any deviation is unavoidable, prior approval should be sought from higher management
Ask Purchase staff to arrange presentations and briefings on timely basis to update about these issues. Make reporting requirements for purchase staff more strict
Request for immediate review in line with overall group policies and updated market trends.
Investigate on urgent basis, introduce change management, competent staff and new controls
Attach relevant staff benefits to achievement of their targets. Investigate past irregularities
Effective performance evaluation against targets required to achieve maximum efficiency
Nominate officers only responsible for procurement of material
Set out officers duty in authorized delegation lists
Financial Regulations should be in place requiring competitive quotations
There should be an authorized signatory list in place
Procedures notes regarding all areas of the process disseminate to all staff
Used contract suppliers wherever possible and also vetted for potential suppliers
Automate the purchasing process by implementing a software allowed to keep comprehensive record of quotations, orders, suppliers and inventory level
Requisitions/order sets should be secured and control their use. Order sets only issued to nominated managers
Maintain a database with incentives schemes offered by wholesalers/agencies TO save company money
Access to ordering and receiving functions should be restricted and put more tighter controls on ordering and receiving functions separated from invoice processing and General Ledger functions
35
Related Documents
