Scanwell Logistics Ltd.’s Internal Control & Profitability

Abstract

Scanwell Logistics (HK) Ltd. is facing financial losses now for the last few years and in fact the losses as per current year interim financial statements are threatening to bring the company at the brink of liquidation. This has put a clear doubt on the efficiency on the working of existing controls. As per the Committee of Sponsoring Organization of The Treadway Commission (COSO) internal control is “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.” (IFAC, August 2006)¹

In this write up an analysis has been made of the present working of controls so that an efficient workable module is formulated for the company to bring down the losses and change the company into a profit yielding entity.

Acknowledgements

The cooperation extended by employees and officials of “Scanwell Logistics (HK) Ltd.” is laudable. The patience shown by them in understanding the intricacies of various concepts of internal controls is highly appreciable.

Introduction

Scanwell Logistics (HK) Ltd. is facing basic internal control related problems despite an existing control system in operation. These problems relate to continuous shortening of credit period resulting from increasing debtors’ collection period and decreasing suppliers’ credit duration. The employees’ strength has reached a stage where inefficiency rules the discipline. Records often lead to wrong and irrelevant conclusions; and there is always a danger of loosing business to competitors because of high quotations resulting from ever increasing overhead costs. The atmosphere in the company leads to confusions resulting into inefficient and often wrong decision making. Thus financial losses have become the order and creditors are threatening seeking legal recourses. Under such a scenario Scanwell Logistics (HK) Ltd. requires a control system that ensures smooth and reliable processing of financial data that produces reliable and accurate financial information and statements. The system should create an environment to safeguard assets. It should also promote strict compliance of applicable laws, and above all promote effectiveness and efficiency in the operations of the company. All these are in fact attributes of an effective internal control system that can only lead Scanwell to an efficient atmosphere that will enhance its profitability and creditability. A researched effort has been made to analyze various concepts of controls of Scanwell Logistics in order to find out effects of their implementation on efficiency and profitability. Suggestions about revamping of internal controls and further development of a workable module for Scanwell Logistics (HK) Ltd. have also been made. It is felt that success of such module depends on its serious and sincere implementation and administration of recommended controls

Literature Review

Internal controls are designed, implemented, and monitored by the entity’s board of directors, management, and other personnel. Management must establish and maintain controls those effectively to efficiency and profitability of the company. This concept is consistent with the requirement that management is responsible for the preparation of the financial statements in accordance with GAAP; and this was aptly clarified when annual financial reports of the University of Virginia for the year ended June 30, 1994 were submitted stressing that “management is responsible for maintaining the university’s system of internal controls that includes careful selection and development of employees, division of duties, and written accounting and operating policies and procedure augmented by a continuing internal audit program.” (Charles T. Gillet and Leaonard W.Sandridge, 1994)²

Whatever may be the size or type of organization, the managers and accountants must remain careful about the limitations of accounting systems and to plug those risks internal controls play an important role. It must be remembered that “All good systems of internal control have certain features in common. These features can be termed as checklist, which may be used to appraise any specific procedure of cash, purchases, sales, payroll, and the like” (Noordin Shiraj Oct. 1997)³

Corporate accounting failures have rocked the corporate world over last few years. With the result there has been spurt in the development of new legislation, standards, and other guidelines in order to raise the standard of corporate governance. There may be different sources of development of standards or guidelines, but the objective of all such development is one and that is good governance, and the fact is that good governance is not possible without effective internal controls. Accordingly internal controls are the basis on which the principles of good governance rest. This importance of internal controls was judged earlier than 2002 when Sox Act was promulgated in US. Prior to those three important internal control frameworks were developed, namely COSO in USA, Turnbull in UK, and CoCo in Canada. COSO came out with its Internal Control- Integrated Framework (ICFR) in 1992 but the event mostly went unnoticed. But with the passage of SOX act, its importance increased dramatically. The reason for this that SOX required only large entities (those registered with stock exchanges with public issues) to recognize internal controls through various compliances. COSO ICFR was a ready made material for such large companies, and accordingly COSO framework was mostly used by such companies at initial stages. The important thing to note is that smaller public and non- public companies found this framework more complicated. In order to improve the value and importance of ICFR, COSO introduced ‘Internal Control over financial reporting- Guidance for smaller public companies’. Still it was not properly understood by smaller public companies. Jeffery E. Michelman and Bobby E Waldrup⁴

in their article ‘Improving Internal Controls in Financial Reporting’ published in April 2008 stated that smaller companies that are characterized by any of following 10 features that are listed in the article would be highly benefited by ICFR of COSO. Keeping these factors in mind our analysis of Scanwell Logistics (HK) Ltd. revealed that while revamping the Internal Control system of Scanwell the following features need careful consideration:

1. Large number of cash transactions,
2. Complicated accounting issues, yet relatively simple accounting systems.
3. Large number of clients/ customers with relatively small transaction amounts.
4. Professional owner of the organization who is focused on service delivery but lacks any formal training in accounting or business.
5. An office manager who is professionally trained in some field other than business.
6. Lack of attention to background screening or employment policies.
7. A “black box” information system with no useful management reports.
8. An organizational structure that complicates the supervision process.
9. Complicated regulatory reporting issues.
10. No audit.

On our assessment of performances of Internal Control installed with Scanwell Logistic, it was observed that controls were not performing as efficiently as normal control should perform. The reason is that internal controls are promoted and installed in any organization to achieve objectives using only required resources. In other words efficiency is promoted to save costs and resources and still obtaining optimum results. The promotion of efficiency using effective internal controls is reflected from undernoted snippets:

• It is now being advocated that auditors always concerned about effects of internal controls over efficiency of the organization in their reports to management but momentum to such suggestions have picked up only after some spectacular cases of corporate fraud. Mathew Leitch⁵ in his article “Reengineering Internal Controls for efficiency” has given the following examples of increase in efficiency when different steps of internal controls are taken by any organization on Business Process Reengineering (BPR):

• The existing module of Internal Controls working at Scanwell Logistics (HK) Ltd can be modified in a variety of ways in order obtain maximum efficiency from operational activities of the unit or organization. As per University of Danvar⁶ “Controls can be designed for various functions. Some controls can be installed to prevent undesirable outcomes before they happen (preventive controls). Others controls can be installed to identify the undesirable outcome when they do happen (detective controls).Still others can be installed to make sure that corrective action is taken to reverse undesirable outcomes or see that they do not recur (Corrective controls).”
• Those controls that are not promoting efficiency in Scanwell Logistics (HK) Ltd needed to be dropped or amended, so that ‘all internal controls should be balanced in the light of their economic utility, practicality, and protection of personnel. Where the costs of protection far overweigh possible losses or where proposed controls would cause gross inefficiencies, such controls may not be feasible and other alternative may be more advisable.’ (OBFS)⁷
• Internal Controls are installed to achieve some mission or objectivity, and that mission not efficiently then the very purpose of promoting internal controls would be lost. Mr. David Cram⁸, CPA has rightly stated in his write-up ‘Implementing an Internal Control Framework’ that “Internal Controls are the procedures and practices we implement to help our organizations achieve their missions. They are the things we do to promote efficiency, reduce the risk of loss, help ensure our financial statements are accurate, and comply with laws and regulations”.

When efficiency is not promoted by the controls then they become useless and need revitalization as the organization has to make all out efforts to attain efficiency in meeting its objectives. Internal controls cannot have any other objective bit to enhance efficiency.

The basic objective of internal Control is to develop an integral internal process. This process is affected by an entity’s management and other personnel involved in risk assessment. The important thing to note is that controls provide only reasonable assurances regarding achievement of objectives in categories that bring effectiveness and efficiency of operations, reliability on financial reporting; and compliance with applicable laws and regulations. However in order to assess the effects of internal control over efficiency and profitability of an entity, the influence of five basic concepts of internal control, namely control activities, risk assessment, information and communication, monitoring, and control environments needed to be analyzed in respect of effects of efficiency and profitability. Based on such assessment and after consulting, pursuing, and convincing the employees of a sample company about benefits and effects of internal controls, the development of a conceptual framework of internal controls has been suggested. The success of such module of internal controls depends on employees’ sincerity in implementation of controls. The internal controls are bound to effect efficiency and profitability if implemented in right earnest. Internal control is a functional approach and each entity or unit is responsible for its own internal controls and efficiency; and to ensure this the entity or unit has to implement a set of operational control procedures with in area of its responsibility⁹.

It is believed that best practices affect every thing around. Internal controls even when not applied out of legal or other compulsion are certainly best things to happen for corporate governance. Therefore implication of establishing controls is going to bring in awareness about keeping up the efficiencies to a level at least to safeguard about inefficiencies creeping in to the organization’s workings. In other words the efficiencies are bound to increase with implementation of controls at any level of functioning of the organization. Therefore controls when implemented in a systematized manner have a direct effect on business operations and their efficiency. Thus it is important that controls are introduced following the understated check list to boost efficiency as direct effect of implementation of controls:

• The first step should be to measure the entity’s requirements of controls.
• There is no harm when internal controls are employed in the fashion as those are employed in larger companies that the entity under consideration, as thereby the probability of direct effect on efficiency get vastly increased.
• All regulations impacting organization’s working should be identified immediately.
• Establish a governance policy around each control, so that implementation becomes compulsory.
• Members of top management should lead each project.
• Staff members should be given adequate training before start of implementation of controls.
• There should be regular assessment of the project so that pitfalls, if any, are instantly repaired.

It is believed that many important issues are solved through an efficient internal control framework, and enhancement of profitability is one of those issues that are results of effective internal control system. However in the case of Scanwell profitability was not enhanced as much because of efficiency of internal control, but basically because the quality of services in which Scanwell deals.

Robort M. Torok and Patric J. Gordon¹⁰ in their book ‘Operational Profitability’ have stated that “Mobilizing embedded corporate knowledge is a cornerstone of profitability. If a company is going to reactivate its proactive and reactive capabilities, it cannot afford to reinvent the same solutions over and over again, it cannot afford to make same mistake again and again, it cannot make large changes when small one will do, and it cannot afford to ignore the pearl begging the recognition.” But how these precautionary measures are achieved so that profitability is enhanced to the maximum. Internal control is the solution, as it provides the followings checks and measures:

i). Internal controls plug leaks and extravaganza not adding to profitability. Cost control is the basic formula for enhancing profitability. “Automation of operating expense control system is a strategic move that will provide significant profitability improvements across the organization.” (Chris Levush, August 2007)¹¹

ii). “Internal Controls- the optimal way to profits. As a business grows it is impossible for one person to keep the same level of personal control over it. You can’t be everywhere at once. But if don’t replace personal presence with good internal controls, you are going to have problems.” (AICA)¹²

Revenue recognition plays the pivotal role in enhancement of profitability. Therefore, it depends a lot on internal audit model adopted by the entity to have an effect on raising revenue or profits. Accounting rules or procedures differ from industry to industry depending upon applicability of particular accounting standard or GAAP to that industry. The management must analyze the transactions of their company and the revenue recognition procedure applicable to company before deciding about an internal control model that will help in enhancing the profitability of the company. However, internal controls that help in enhancing profitability must follow the following policies and procedures:“

• Establish and ensure compliance with the company’s revenue recognition policies and procedures.
• Conduct meetings at least quarterly to review and discuss significant transactions, how revenue can be recognized, and requirements of revenue recognition and ways to satisfy them.
• Supervise other departments with a role in revenue recognition issues, such as contacts management.
• Train sales department personnel and others as to proper conduct of business under revenue recognition rules.”(Gerald D. Bloch, April 2003)¹³

In an interview to Tidrick, Donald E., published in CPA Journal Nov. 2005 issue, Larry Rittenberg, the chairman of COSO stated “Fundamentally, controls exist only to mitigate risk. So every internal control framework has to start with a systematic approach to identifying risk. It is also important to recognize that organizations are in the business of taking risks. Management and boards have to determine their risk ‘appetites’ and their risk tolerances.” (Tidrick, Donald E., November 2005)¹⁴

Accordingly, risk management is one of the important conceptual ingredients of any comprehensive internal control framework. Control framework should be developed to contain checks that reduce or mitigate risks that affect the results. Gauthier, Stephen J.¹⁵in his article ‘From internal control to enterprise risk management’ suggests that for a comprehensive control framework that manages the risk assessment require under noted five components:

• The establishment and maintenance of sound control environment,
• The regular, ongoing, assessment of risks,
• The design, implementation, and maintenance of control policies and procedures to compensate for identified risks,
• Adequate communication; and
• The regular, ongoing monitoring of control related policies and procedures to ensure that they continue to function as designed and to insure that identified problems are handled appropriately.

It is now established that internal controls are now legally required to be tested. “A report called ‘Internal Control Integrated Framework’ of the Committee of Sponsoring Organization of the Treadway Commission (COSO) has established broad definition of internal control that extends to all objectives of an organization. The COSO report establishes three categories of controls:

• effectiveness and efficiency of operations,
• reliability of financial reporting, and
• compliance with laws and regulations.” (Ernest & Young, Belgium)¹⁶

K.H.Spencer Pickett in his book Internal Control: A Manager Journey¹⁷ has suggested following ten imperatives for the development of a successful internal control conceptual framework:

1. Explain Expectations: Internal control must have some objective to achieve and that needed to be explained to personnel implementing the controls.
2. Take a back seat: Implementation of control process should be free from unnecessary reviewing during the course of processing. The results should be reviewed on completion of control process.
3. Secure Equitable involvement: Personnel should be empowered to suggest changes when desired results of control processing.
4. Get Something going: Controls should be flexible to introduce fresh suggestions when expected qualities of results are not achieved or to make further improvements. Rigidness should not have a place in the framework.
5. Step over puddles: Though rigidity is dangerous for the success of controls, but unnecessary changes with any objectivity should not be accepted as that may disturb even present processing and hitherto expected results of controls.
6. Tackle obstacles: Control should be equipped to meet the expected barriers in its implementations
7. Unlock energy: Routine controls should not become non- enthusiastic or boring as per standard set to achieve.
8. No hidden costs: Actual costs for maintaining effective controls should not exceed the budgeted costs.
9. Ongoing process: Inter controls should be an going process in order to maintain comparability between two results.
10. Encourage add on in the controls so that technical changes in business processing may not render the controls ineffective.

Methodology

In order to evaluate the ability of existing controls established at Scanwell to assess the risks, questionnaires were used as the main weapon of assessment. Individual and group interviews of employees were conducted in order to gauge the level of knowledge and understanding about internal controls possessed by the employees. This interview process is adopted because ‘qualitative research interview seeks to cover both a factual and a meaning level, though it is usually more difficult to interview on a meaningful level.’(Kvale)¹⁸

The answers to the questionnaires revealed real problems with existing system. In fact most of the respondents were not even aware of the exact process of working of different aspects of controls. It must be remembered that there are three important aspect of any type of controls to be successful in achieving the objectivity. First is that there must exist a management system to establish, operate, maintain and improve the internal control systems. Second, creation of an atmosphere that ensures that controls are applied properly so that adversities are mitigated. Thirdly controls are reviewed as per changing needs of the organization. Questionnaires were framed for Scanwell in such a fashion that all these three aspects of existing control system were brought to light.

It is pertinent to mention here that in 1992 COSO issued the optimum framework of internal control that consisted of five interrelated components or concepts, namely Control Activities, Risk assessment, Information and communications, Monitoring, and control environments. Though a lot of changes have taken place since then, but these components of internal control remain as the pillar of control system. Keeping in view these concepts and in order to dig out the working and understanding of concept that was being misunderstood at Scanwell, workshops were organized to discuss the impact different aspects of controls over the execution of objectivity of the Scanwell. The idea was to bring out real reasons for losses the present controls were compared with standardized affectivity of controls.

Interactions of guest speakers at workshop stressed that ‘Control activities are the policies and procedure that help ensure that management directives are carried out. They help to ensure that necessary actions are taken to address risks to achieve the objectives of the entity. Some sort of ‘control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets, and segregation of duties.’ (COSO)¹⁹

The discussion on controls at the workshop established that controls basically relate to authorization of transactions, recording information using adequate documents and records, and independent checks on performance.

A special session was conducted to analyze the ‘risk assessment’. As it is known that

‘Risks are things that prevent an organization from meeting its objectives, and controls are those things that manage or mitigate the risks. Risk is now an issue that affects all parts of business and influence business success and failures.’(Terry Carnahan)²⁰

Risk assessment is as crucial component of internal control as measuring of blood pressure of human body by a medical practitioner. The purpose of risk assessment is identification, analysis, and management of risks that are relevant to preparation of financial statements. Risk assessment, for example, may address how the entity considers the possibility of unrecorded transactions or identifies and analyzes significant estimates used in the formulation of financial statements.

Every one agreed at the workshop that risks that are relevant to preparation of financial reporting include internal and external events such as change in working or operating environments like new recruited staff, new or revamped information systems, unexpected or very rapid growth, new method or technology of production, new lines, products or activities, foreign operations of the company, and new accounting pronouncements.

In order to achieve high proficiency through controls, it is imperative to prioritize the risks after those have been identified as to assess the frequency of occurring or resurfacing of the risks, visualize the impact of risk both in quantitative and qualitative terms, and determine actions to mitigate the risk. It must always be remembered that “risk assessment as a component of internal control plays a key role in selection of appropriate control activity to undertake.”(Luminita Ionescu)²¹

A fact that was most disturbing in case of Scanwell was that most of the employees were completely ignorant about the importance of controls in the field of information and communication. This particular feature of controls is so important in any type of success of a company like Scanwell. Keeping in view such disturbing answers to the questionnaire, a special session with employees was called to discuss the already provided answers of the questionnaire on this particular aspect of controls. This was done to reconfirm the findings based on answers already provided by the employees. Beside seeking confirmation of earlier answers, the session was taken as an opportunity and it was explained to employees that the how information and communications from control systems are not only important for keeping financial accounting system update but these features of controls really help in enhancing the general efficiency of working of the entity.. More clearly the employees were told that information includes the methods and systems established to record, process, summarize, and report the transactions reported by the entity. On the other hand communication involves providing an understanding of designated roles and responsibilities in respect of internal control that help in maintaining financial reporting. Every one during the discussion agreed to the fact that ‘information should travel in all directions to ensure that all members of the organization are informed and decisions and actions of different units are communicated and coordinated of communication is essential for an organization to maintain an effective system of internal control. A communication system consists of methods and records established to identify, capture and exchange useful information. Information is useful when it is timely, sufficiently detailed and appropriate to the user.’ (Alan G. Hevesi, 2005)²²

In the special session it was also discussed and observed that monitoring of controls carry the real effect on efficiency. Earlier answers to questionnaire also revealed that virtually there was no monitoring of controls at Scanwell. There is no use of establishing the controls if there is no monitoring of controls. Monitoring is one of those components of internal control that considers that establishment of internal control and its maintenance is the responsibility of management. Monitoring is a process whereby it is seen that internal control is adequately designed as per requirements of the organization, those are being properly executed as earlier envisaged by the management, and controls are effective in bringing the desired efficiency and profitability. Monitoring can also take the shape of evaluation of controls on regular basis. However, ‘the scope and frequency of separate evaluation will depend primarily on an assessment of risks and effectiveness of ongoing monitoring procedure.’(COSO)²³

Further in the special session with employees of Scanwell to discuss their answers to questionnaires it was emphasized that in order to achieve desired efficiency and profitability, the control environment of the organization has to set a disciplinary tone of an organization. The effect of the control environment should be such that entire work force should get influenced to achieve the desired efficiency. That is why it is said that control environment is the foundation of all other components of internal control. ‘An effective control environment is an environment where competent people understand their responsibilities, the limits to their authorities, and are knowledgeable, mindful, and committed to doing what is right and doing it the right way.’(Understanding Internal Controls)²⁴

At Scanwell the control environment was not at feature of the systems, and this used to be one of causes contributing to general inefficiency in the company. Control environment of any entity should possess the features that provide internal controls an impetus to improve upon all the time. The following features provide the required drive in controls that allow controls to make necessary adjustments with changes that time bring into the ingredients of corporate governess, namely commitment of workforce to competence, management of human resources, efficient organizational structural, active management including board of directors and audit committee, integrity and ethical values among human resources, and suitable assignment of authority and responsibility. It was pointed out to employees that the COSO issued following principles of internal controls for strengthening the components issued in 1992; and as per November 2005 issue of “Tone at the Top”²⁵, a publication of The Institute of Internal Auditors, these principals are as under:

A high powered committee was formed to formulate the corrective measures required to be taken in the controls, so that staff at Scanwell may come to know about the actual reasons for failures resulting into losses. The committee was also responsible for establishing the conceptual framework of controls for Scanwell. The committee came to the conclusion that basically any business transaction that constitute an agreement is based on traditional contractual laws where under an offer is made and accepted to formulate an enforceable agreement. “With on line contracts, it is sometime more difficult to determine whether these traditional requirements have been satisfied. In particular, in the context of internet, there may be uncertainty as to what constitutes an “offer” or an “acceptance’’ (Javad Heydary and Jindra Rajwans)²⁶. To a great extent such problems have been solved by the enactment of e- commerce legislation.

Accordingly in order to ensure the validity of on- line transaction, the internal control at the very first step must ensure that transactions are as per e-commerce legislation. As the basic objective of ensure compliance with laws and regulations. Formulation of e-commerce legislations like Uniform Electronic Commerce Act (UECA), 1999 in Canada, and Uniform Electronic Transactions Act (UETA) in US provides a company like Scanwell Logistics enough avenues to confirm validity of online transactions if that act of validation is made a compulsory internal control activity of the company. Even in India e- commerce laws have been enacted that can strengthen internal control process of Scanwell. Legally speaking enough infra structure has been provided to check validity of on- line transaction, but as Deshmukh²⁷ has stated that “New laws such as UETA, UECA, and E-SIGN have facilitated validity of transactions in the online world, though compliance with these laws remains an important internal control issue.”

In every on line transaction verification of identity of the person carrying on the transaction and the computer machine through which transaction is being carried through is very important. Though Scanwell Logistic (HK) Ltd. has got developed a new logistic system called ‘scanlog’ for private using, but the company rarely relied on information provided by scanlog for identification of identities. As per Mathew D. Ford²⁸

“Identity authentication is the process whereby some chosen attribute of a real world entity (‘the distinguish character or personality of an individual’) is demonstrated to belong to that identity.”

It was important to understand whether existing controls at Scanwell were capable of identifying the risks that hamper the efficiency and growth leading to profitability. According during workshop session interviews of senior staff was organized and it was found that risks, though pointed out by the systems were never identified during the general working of the company. Whatever may be the functioning style of internal controls, basic requirement is that controls should be developed to identify the risks that are detrimental to business operations. Risks that are detrimental to business operations generally take place in many formats like business interruptions due to any reason, fraudulent business reporting, loss or destruction of assets due lack in their safeguards, and management taking erroneous decisions due to vested interests prevalent in certain section of the management.

A high level committee was formed with representative of each section of business of Scanwell was required to discuss all such factors that contribute to risk creation. It was decided that those factors need extensive study and consideration during the course of development of fresh internal control system for Scanwell. All efforts were made to equip high level committee with information that may reveal the weaknesses of exiting controls, so that those are taken care of during revamping of controls. Accordingly it was brought to the notice of high level committee of Scanwell that in January 2003, PWC issued a whitepaper providing guidelines or factor for making a internal control framework a success. These guidelines are as under:

“Executive should implement a framework for internal control to establish and evaluate controls across an organization to build public trust.

The key players in financial reporting supply chain- executives, board of directors, and independent auditors—must work together, with critical cross checks, to achieve a similar goal.

Companies have no choice as to whether to put effective controls in place; therefore, decision must be made about how best achieve compliance and create a culture of accountability that supports it, now and in the future.

Companies should create a spirit of transparency, cultivate a culture of accountability, and employ people of integrity.

When evaluating its internal control and procedures, companies may find it useful to apply an internal control maturity framework to determine whether existing or proposed controls for a given activity are rigorous enough to manage related risks and sufficiently documented for subsequent internal and external review.

Clear documentation of the design of internal controls over financial reporting and of testing the effectiveness of these controls will be critical.

While implementing effective internal controls to satisfy financial and other reporting obligations, companies can reap extended benefits by applying a dynamic risk management process that covers critical risk exposures and enable the company to identify and respond quickly to changing conditions.” (PWC, January 2003)²⁹

Findings and Analysis

Based on the methodology adopted to review and assess the frameworks of internal controls being practiced at Scanwell, the findings and analysis of thesis ‘Effects of Internal Control on Efficiency and Profitability’ has been grouped under following three sub headings, namely benefits and costs of internal controls, Reliability of Internal Controls, and limitations of Internal controls.

It was found that financial losses at scanwell were direct result of creeping inefficiency and reduction of credit period. Often information provided or generated through controls was ignored. This put a lot of pressure on very tight working capital available with the company. The current and quick working capital ratios were playing at much less than the required standard. The company was not in a position to raise equity because of losses performed over the last few years. Borrowing were proving costlier and eating the margin away. If this trend continues, the company is shortly going to face very disturbing results.

As the subject matter of the write up is to draw out the effects of internal control over the profitability of the entity, it is important to realize the fact that all positive results affected by operations of internal control add to the profitability of the entity. It was observed that there was considerable uncertainty in making a linkage between parameters drawn in the suggested framework of internal control and the benefits that are to drawn there from.

Keeping in view the above facts a lineage based on results of methodology adopted was established and the benefits based on the parameters of the suggested framework of internal controls and other findings are analyzed to ‘ensure compliance for more effective business results (i.e. profitability), compliance with any regulatory compliance requirements, compliance with any general business operation for more effective implementation, and greater overall cost reduction and more efficient use of resources for a better ROI.’(ICM Features and Benefits)³⁰

This is true that in order to reap the benefits in the shape of effects on profitability from operations of internal controls, the entity has to bear some costs. As per Ontario Securities Commission³¹, these costs can be broken into initial internal costs, initial ongoing costs, ongoing internal costs; and ongoing external costs. Scanwell incurred all these costs but of no avail. There were no corresponding benefits. Losses were increasing year after year and controls seem as liability to the company.

During the course of workshop and special sessions with employees to discuss the results of methodology adopted , it was observed that internal control models or frameworks are meant to provide a great deal of assurance and reliability on the results produced by the entity through its financial statements. In other words internal controls promote reliability.

Functioning of controls at Scanwell reduced controls as unreliable tools because of non- implementation of various measures reflected at the initial working of controls.

Anthony S. Chan³² in his article ‘The Benefits of an Early Control Assessment’ in November 2006 issue of The CPA Journal has stated that reliability on controls provided valuable benefits to the entity like it enhances the control environment and set the right tone at the top; establishes proper ownership and accountability to “build controls into the culture”; realign risks and controls with business objectives and drive value into the compliance process; maintain the right risk- management focus to reduce the organization exposure to fraud and errors that could result in material misstatements;

identifies control issues that may been overlooked in the past, including non- GAAP practices and accounting estimates; update and maintain relevant accounting policies and procedures; and develop appropriate guidance to comply with SOX section 404 provisions.

Scanwell was unable to generate accurate and reliable reports required to submit under the Sarbanes Oxley Act only because of unreliable internal controls. In absence of a clear certification from management about effectiveness of controls, Scanwell earned an adverse remark from the independent auditors and this is going to create some trouble for the company in the coming years as well unless there is complete revamping of controls. This is because implementation of reliable internal controls has advantages of achieving or providing help in achieving the following matter:

1. Compliances under Sarbanes- Oxley and other statues get an automatic help.
2. Staff get a standardized mechanism to follow the routine activities. Exceptional activities automatically get systematized when routine is standardized.
3. A foundation for the improvement get established for operational and other routine activities of the entity.

The question that arises for Scanwell is that whether installed framework of internal controls was working as expected out of such controls. That is to say are we wrongly taking the general limitations of controls as inefficiency? Unfortunately that is not the fact. It was observed that are employees and staff members who are responsible for success of any framework of internal control did not provided any checks about limitations and reliability on the working of such framework.

When company is not alerted on alarming situations pointed by controls, we can not blame the limitations of controls as the cause of failures of achieving the objectives.

Conclusions

Internal control framework provides reasonable assurance about achievement of objectivity of the entity. Such assurance may be effective to enhance efficiency and profitability only to the extent internal controls are practiced sincerely and honestly in the organization. Internal Controls are like tools and use of such tools is in hands of persons responsible to implement the controls. Basically controls help in assessing the risk, and on that basis control activities are decided. Not only controls are useful in avoiding the mishaps like frauds and embezzlements, but also by enhancing efficiency controls provide a push to profitability. It is true that perfection can never be achieved, but by assessing the risks the entity can plan growth knowing its limitations and obstacles. Accordingly, the framework of controls is required to be planned keeping in view resources at disposal of entity.

Interviews and answers to questionnaires provided mixed reactions of the employees of Scanwell. Based on such reactions some conclusions have been drawn from the findings and results of interviews and replies of questionnaires. Generally respondents were not aware of intricacies about working of the internal controls. This was also observed during workshops conducted to judge the workings of the controls at the Scanwell. Employees were not even aware of basic terminology used in various controls. They had no knowledge about working procedures and other intricacies of controls. The employees

were made to understand during workshops that ‘controls are not just a concept that applies to finance and administration. They are fundamental parts of everyone’s responsibility’ (Katie Quaranta, June20, 2008)³³. Awareness creates a mental state where under implementation of controls become easy and a routine affair. Employees will be reluctant to follow any regulation or parameter that is new and unheard of by them. Alongside the establishment of internal controls, creation of awareness about those among those who are responsible for their implementation would add a sense of responsibility among themselves. Therefore training of implementation of control should be part of the process of establishment of the controls.

Discussion level on various issues pertaining internal controls implementation was poor. It was like Katie Quaranta’s survey where she reported that “Feedback from survey respondents indicated that they did not entirely understand what internal controls or internal control environment means”³⁴

The response was similar in findings against interviews and answers to the questionnaires. However, discussion made the staff aware that even frauds could result from inefficient controls hampering the achievement of mission of any organization if some sort of controls were not adopted. They appeared keen when following key benefits, like the one enunciated under an Internal Control awareness program (Price Waterhouse Coopers)³⁵.As per the awareness program “Internal Controls are no regime for finance staff but all management who are required to take ownership of and sign off on controls”. This point was stressed even to interviewees who were not keen to pursue with interview as they were not following the basic terminology used for internal control operations.

It was also realized that for effective internal controls, it is necessary to regularly make an evaluation of internal controls. It must be remembered that though the responsibility of evaluation of controls rests with top management, but supervisors play a vital role in evaluation. “Supervisors can evaluate the work of internal audit department through review of its papers, including risk assessment methodology used. If satisfied, supervisor can use inter audit report as primary mechanism for identifying control problems.” (BIS)³⁶. However it was found independent auditors there were generally no reports available of any sort of evaluation function ever carried by internal staff of the Scanwell.

The approach of interviewees was not positive but certainly not negative. We can say the approach was passive as they were not aware of internal control modus operandi to sort out the entity’s obstacles in achieving its missions. Similarly the questionnaires were not completely answered because of same reasons. But these comments are not applicable to accounting staff.

The traditional objectivity of internal control is to plug risks directly related to business transactions. Risks are there in all business processing of any type. The fact is that in large organization risks in accounting processing rarely disturb the business functioning. Internal control failures always result from non identification of risks at management level. Such non identification makes the functioning of controls limited to that extent in their operations. But some experts believe that controls are effective whatever may be the limitations, as benefits outweigh the cost and limitations suffered by internal control systems. As stated by David W.White CPA³⁷ “The objective of internal control structure should be to control that are adequate overall. The spirit of this objective is to have adequate internal controls in place and functioning throughout the organization.”

Though effective monitoring on a continuous basis is an essential component of a sound system of internal control. ‘The management, however, cannot rely solely on the embedded monitoring processes within the company to discharge its duties. It should regularly receive and review reports on internal control.’ (ICAEW, September, 1999)³⁸

Fr. Vanstapel expressed that “because internal control depends upon human factor, it is subject to flaws in design, error of judgment or interpretation, misunderstanding, carelessness, fatigue, distraction, collusion, abuse, or override.” (Fr. Vanstapel)³⁹. Limitations are there in every system, but the implementation of controls has to rise above those limitations to achieve desired results.

Recommendations

Control framework of Scanwell is required to be established keeping in view the basic requirements of the Scanwell of putting breaks to losses as well as making controls to comply with legal and statutory requirements. Therefore the basic traditional concepts like control activities, risk assessment, information and communication, monitoring, and control environments should form the main ingredients of the control system of the Scanwell. This is because basic limitations of control systems should be auto corrective without much indulgence from the management.

It must be remembered that planning or providing of framework of controls does not always ensure safeguarding of assets unless those controls are practiced effectively by the personnel of entity. Therefore there should be an evaluation of controls at regular intervals in order to maintain the reasonable assurance of controls in enhancing the efficiency in operational activities of the entity. It is only then controls may become cause for reducing the costing of products or services and pushing the profitability up.

After the happenings of Enron and other scandals, experts now believe that frauds and other embezzlement of funds and resources are basically due to non- existence of controls or ineffective controls, if those were there just to meet some legal compliances. Scanwell require controls that effectively put a sort of embargo on emergence of frauds and misappropriation of funds. It must be remembered that ‘there are generally three requirements for fraud to occur- motivation, opportunity, and personal characteristics. Motivation is usually situational pressure in the form of a need of money, personal satisfaction, or to alleviate a fear of failure. Opportunity is access to a situation where fraud can be perpetrated, such as weakness in internal control, necessities for an operating environment, management style and corporate culture. Personal characteristics include a willingness to commit fraud. ……. It is difficult to have an effect on individual’s motivation for fraud. Personal characteristics can sometimes be changed through training and awareness programs. Opportunity is the easiest and most effective requirement to address to reduce the probability of fraud. By developing effective system of internal control, you can remove opportunities to commit fraud.’(Jeffery E. Michelman and Bobby E Waldrup, 2008)⁴⁰. Accordingly for the development of a conceptual framework of internal controls it is not only necessary to safeguard resources but also important to make provisions to check and/ or mitigate or eliminate risks responsible for occurrences of frauds and financial scandals

Scanwell is a logistic company with its head offices at Hong Kong and other offices scattered around the globe, but mainly at South East Asia, India, US, and Canada. It is stated that each branch has around 50 staff and 6 departments that includes IT, Accounts, Operations, Sales and Marketing, customer, and administration department. Naturally being a logistic company with IT connected departments, Scanwell requires a control system that checks the online working of the company with inter-connected far placed offices. Scanwell require controls that are effective for online working in order to ensure the validity of transactions as well as mutual authentication of identity.

During the process of revamping of conceptual framework of internal controls for Scanwell it is imperative that requirements of legislation like Sarbanes- Oxley be taken into account. The independent auditors are required under Sarbanes- Oxley Act, 2002 to assess the effectiveness of internal control as they have to certify the effectiveness by the top management. Also, as per sec 404 of the act, annual reports of registered companies must contain a report on effectiveness of internal controls adopted. These legislative requirements must be kept in mind for revamping controls for Scanwell in order to facilitate the generation of required reports and certification process.

Other major aspects to be considered in revamping the control system of Scanwell are ‘risks’ involved in earning profits and the availability of resources to formulate the controls. Risks are always associated with profit earning; but an internal control system that eliminates the risk of loss cannot be a workable system. Care should be taken that controls help in converting those risk effects into positive profitability. Similarly it is seen that lack of resources to establish and implement internal controls are the greatest hindrances in achieving the optimum effectively of internal controls. Therefore finding and generation of resources should also be encouraged to keep controls working effectively at Scanwell.

Another aspect that should be considered is the fact that there is an inherent limitation in internal control over financial reporting. Internal controls cannot provide an absolute assurance of achieving of the objectives of financial reporting. The basic reason for that is involvement of human diligence and compliances. This involvement is subject to human failures and lapses in compliance required for implementation of internal controls.

Business processing is management prerogative function. It is also the duty of management to carry out business processing in a lawful and orderly manner in order to achieve business objectivity. But what will happen when management fails to discharge its duties truthfully and legally. Internal controls and accounting systems are abused when management intend to achieve some goals unlawfully. Under such circumstances internal controls are bound to reduce the efficiency expected from their implementations. All such limitations and discounting factors has to be considered by Scanwell so that process of earning profits is least affected.

When the objectivity is to covert losses of Scanwell into profits through proper legislative measures, then control framework should take the format that also effectively meet the expectations of GAAP. Controls must direct the business towards achieving the strategic objectives of the company. Written rules and procedure of controls should become the strength of the Scanwell in order to maintain compliance as per GAAP and enhance the revenue effectively. The organizational structure of the Scanwell should take form of a revenue recognition committee in order to have an effective financial management enforcing workable credit control. Historical prices should form part of a database that should provide guidance in fixing current prices of services keeping in view related affecting factors.

.Glossary of terms

Framework: “The frameworks describes the critical principles and components of an effective enterprise risk management process, setting forth how all important risks should be identified, assessed, responded to and controlled.” (COSO)⁴¹

Reliability: “Evidence quality refers to the relevance and reliability of evidence” (ABREMA)⁴²

Annexure

Questionnaire to assess the efficiency of the Internal Controls at Scan well Logistics (HK) Ltd.

1. What is the name of the company where you work?
2. Do you have knowledge about Internal Controls?
3. Are internal controls installed at Scanwell Logistics (HK) Ltd. ?
4. What is your designation and the name of department where in you work and the provide the details of controls established in that department?
5. Do you any idea about recent financial scams like Enron etc.and also Sarbanes Oxley Act enacted at US?
6. If you are in financial accounting department, name the internal controls that have been installed and provide details in respect of different aspects of such controls?
7. What is frequency of monitoring of established controls at Scanwell?
8. How important are controls from the point of view of information and communication?
9. What do you understand by the implications of control environments?
10. Describe the authority and the stages of verification of performances at Scanwell.
11. Are discrepancies found discussed in staff meetings; and if so what are the parameters those are set to reduce future discrepancies?
12. Does the report on effectiveness of internal control ever circulated to all members of staff who participate in functioning of the controls?
13. How often the board of directors considers the report on effectiveness of controls to ensure the correctness of certification about working of controls as required to be reported under different legislations.?
14. Provide in detail about the procedure adapted by top management to get the information about assessment of the working of controls.
15. Kindly submit the answers in a separate sheet giving the question no answered; and submit report to the Manager (Administration)

Bibliography

IFAC, Internal Controls- A review of Current Developments, 2006, Web.

Charles T. Gillet and Leaonard W.Sandridge, Management Responsibility for Financial Statements, 1994, Web.

Noordin Shiraz, Importance of Internal Control System, International Journal of Government Auditing, 1997.

Jeffery E. Michelman and Bobby E Waldrup, Improving Internal Control Over Financial Reporting, The CPA Journal, 2008.

Matthew Leitch, Reengineering Internal Controls for Efficiency, 1996, Web.

University of Danvar, What are Controls?, Institutional Compliance and Internal Audits, 2008, Web.

OBFS, University of Illinois, Audit/ Internal Controls, Web.

David Cram CPA, Implementing an Internal Control Framework, ECFA, Web.

Gerald D. Bloch, Sarbanes- Oxley’s Effects on Internal Controls for Revenue, The CPA Journal, 2003.

Robort M. Torok and Patric J. Gordon, Operational Profitability: Systematic Approaches for, page 24.

Chris Levush, Automate Operating Expense Controls for Profitability Improvements, 2007, Web.

AICA, Internal Controls- the Optimum way to profitability, 2008, Web.

IFAC, Internal Controls- A review of Current Developments, 2006, Web.

Tidrick Donald E. , A Conversation with COSO Chairman Larry Rittenberg, The CPA Journal, 2005. Web.

Gauthier, Stephen J, From Internal Control to Risk Management, 2005, Web.

Ernest & Young Belgium, Sarbanes- Oxley, 2008, Web.

K.H.Spencer Pickett, Internal Control: A Manager Journey, Top Ten Imperatives for Facilitators, Appendix C, page 341-342,

Kvale, quoted in Interview as a Method for Qualitative Research, Depzura Valenzuela, and Pallavi Shrivastva, Web.

COSO, Internal Control- Integrated Framework Executive Summary, 2008, Web.

Terry Carnahan, Risk assessment and Internal Control Evaluation, KPMG, 2008, Web.

Luminita Ionescu, INTOSAI, Internal Control Human Resource Management, and Risk Assessment, Web.

Alan G. Hevesi, Standards for Internal Control in New York State Government, 2005, Web.

COSO, Integrated Framework, Monitoring, Web.

Understanding internal controls, A Reference Guide for Managing University Business practices, Web.

Tone At the Top, Putting COSO’s Theory into Practice, November 2005, Issue 28, Published by The Institute of Internal Auditors.

Javad Heydary and Jindra Rajwans, Contractual validity: Online Trading in North America, Web.

Deshmukh, Digital Accounting: The effects of internet and ERP on, A Conceptual Framework for On Line Internal Controls, page 334

Mathew D. Ford, Identity Authentication and E- Commerce, Journal of Information, Law and Technology, 1998(3).

PWC, PWC Outlines Strategies for Internal Controls Framework, 2003, Web.

ICM Features and Benefits, Ensure Compliance for more Effective Business Results.

Ontario Securities Commission, The Costs and Benefits of Management Reporting and Auditor Attestation on Internal Controls over Financial Reporting, 2004, 31, Web.

Anthony S Chan, The Benefits of Early Control Assessments, The CPA Journal, November 2006Katie Quaranta, Survey raises awareness of internal controls, Ohio University, Web.

Ibid, paragraph 11.

Internal Control Awareness, organized by Price Waterhouse Coopers, Web.

BIS, Framework for the evaluation of internal control system, Web.

David W. White CPA, Internal Controls: Is Technology Really An Alternative, Web.

ICAEW, Internal Control Guidance for Directors on the Combined Code, September 1999, Web.

Fr. Vanstapel, Guidelines for Internal Control Standards for the Public Sector, page 12, Web.

Jeffery E. Michelman and Bobby E Waldrup, Understanding internal controls, A Reference Guide for Managing University Business practices, Web.

COSO, What is in the Framework and how do I get it?, Web.

ABREMA, Reliability of Evidence, Web.