Internal Control and Risk Evaluation

Internal Control and Risk Evaluation

ACC 542

December 19, 2011

Kudler Fine Foods has decided to go forward with the recommended course of action

from Learning Team C, which was to buy an out of the box Accounting Information System

(AIS). As with any implementation, consideration is given to existing internal and external

controls. At the same time, external and internal risks should be evaluated and measures taken

to reduce these risks. Internal controls can be created using the data diagrams provided by

Learning Team C based on the new system. The review of the application of the internal

controls is an integral part of this process. Lastly, other control issues, both inside and outside

of the new system should be addressed.

"An organization's financial resources must be protected from such activities as loss, waste,

or theft. Protecting such assets requires an organization to develop and implement an internal

control system with its AIS, as well as within other parts of the organizational system"

((Bagranoff, Simkin, & Strand, 2008). This is a key concept for a company going

through a new software implementation. At Kudler Fine Foods, creating policy and procedure

for the new system will be vital to its success. Currently, there are no written policies for the

accounting department or the embedded security system. Without the documentation of

policies, there is a lack of control of the business. How can one know if the proper procedure

for entering accounts payable is being done, when there is no reference? How can an audit of

the accounting department be done with no documentation of the policies and procedures?

There is no way to provide control of accounting information, both internal and external,

without proper records.

The biggest risk to Kudler Fine Foods is that there is no documentation for its policies and

procedures. There are several different risks because of the lack of these records. For example,

since there is no record of how to pay a vendor, how can an audit be done of the payment?

This poses an internal risk of fraud and theft. An employee could set himself or herself up as a

vendor and then process a payment. The lack of documentation provides an opportunity for an

external risk as well. An outside source can enter into the system and upload credit card

information on file for the customers. Since there is no documentation of the current security

system, tracking outside threats to the system would be difficult.

Kudler Fine Foods has the opportunity to put into place new internal and external controls

during the implementation period. Kudler Fine Foods has already been provided with a tool to

aid them through this process, the data flow diagrams done by Learning Team C. A review of

each diagram can be done to determine internal and external risks and then identifying what

controls

...