1. Audit Committee CMA 6898 3-3 Micro Dynamics, a developer of database software packages, is a pblicly !eld company w!ose stock is traded over t!e conter" #!e company recently received an enforcement release proceeding t!rog! an $%C administrative law &dge t!at cited cited t!e company for for inade'ate inade'ate internal controls" controls" (n response, response, Micro Dynamics !as agreed to establis! an internal adit fnction and strengt!en its adit committee" A manager of t!e internal adit department !as been !ired as a reslt of t!e $%C enforcement action to establis! an internal adit fnction" (n addition, t!e composition of t!e adit committee !as been c!anged to inclde all otside directors" Micro Dynamics !as !eld its initial planning meeting to discss t!e roles of t!e varios participants in t!e internal control and )nancial reporting process" *articipants *articipants at t!e meeting inclded t!e company president, t!e c!ief )nancial o+cer, a member of t!e adit committee, a partner from Micro Dynamics eternal adit )rm, and t!e newly appointed manager of t!e internal adit department" Comments by t!e varios meeting participants are presented below"
President . /0e want to ensre t!at Micro Dynamics complies wit! t!e $%Cs enforcement release and t!at we dont )nd orselves in t!is position again" #!e internal adit department s!old !elp to strengt!en or internal control system by correcting t!e problems" ( wold like yor t!og!ts on t!e proper reporting relations!ip relations!ip for t!e manager of t!e internal internal adit department"1 CFO. /( t!ink t!e manager of t!e internal adit department s!old report to me since mc! of t!e departments work is related to )nancial isses" #!e adit committee s!old !ave oversig!t responsibilities"1 responsibilities"1 Audit committee member . /( believe we s!old t!ink t!rog! or roles more careflly" #!e #readway Commission !as recommended t!at t!e adit committee play a more important role in t!e )nancial reporting process2 t!e dties of todays adit committee !ave epanded beyond mere rbber-stamp approval" 0e need to !ave greater assrance t!at controls are in place and being followed"1 External audit frm partner . /0e need a close working relations!ip among all of or roles" #!e internal adit department can play a signi)cant role in monitoring t!e control systems on a contining basis and s!old !ave strong ties to yor eternal adit )rm"1 Internal audit department manager. /#!e internal adit department s!old be more involved in operational aditing, bt it also s!old play a signi)cant monitoring role in t!e )nancial reporting area"1 e'ired. a" Describe t!e role of eac! of t!e following in t!e establis!ment, maintenance, and evalation of Micro Dynamics system of internal control"
i" Management ii" Adit committee iii" %ternal aditor iv" (nternal adit department b" Describe t!e responsibilities t!at Micro Dynamics adit committee !as in t!e )nancial reporting process"
2. Role o Internal Auditor CMA 459 7-8 eig! (ndstries !as an internal adit department consisting of a director and for sta: aditors" #!e director of internal adit, Diane ;aer, reports to t!e corporate controller, w!o receives copies of all internal adit reports" (n addition, copies of all internal adit reports are sent to t!e adit committee of t!e board of directors and t!e individal responsible for t!e area of activity being adited" (n t!e past, t!e companys eternal aditors !ave relied on t!e work of t!e internal adit department to a sbstantial degree" ?ne of t!e internal aditors assisted in t!e preparation of policy statements on internal control" #!ese statements inclded sc! t!ings as policies regarding sensitive payments and t!e safegarding of assets" > econciling t!e bank statements of t!e corporation eac! mont! is a reglar assignment of one of t!e internal aditors" #!e corporate controller believes t!is strengt!ens t!e internal control fnction becase t!e internal aditor is not involved in eit!er t!e receipt or t!e disbrsement of cas!" > #!e internal aditors are asked to review t!e annal bdget eac! year for relevance and reasonableness before t!e bdget is approved" At t!e end of eac! mont!, t!e corporate controllers sta: analy@es t!e variances from bdget and prepares eplanations of t!ese variances" #!ese variances and eplanations are t!en reviewed by t!e internal adit sta:" > ?ne of t!e internal aditors !as been involved in t!e design, installation, and initial operation of a new compteri@ed inventory system" #!e aditor was primarily
concerned wit! t!e design and implementation of internal acconting controls and condcted t!e evalation of t!ese controls dring t!e test rns" > #!e internal aditors are sometimes asked to make t!e acconting entries for comple transactions as t!e employees in t!e acconting department are not ade'ately trained to !andle sc! transactions" #!e corporate controller believes t!is gives an added measre of assrance to t!e accrate recording of t!ese transactions" e'ired. a" De)ne ob&ectivity as it relates to t!e internal adit fnction" b" or eac! of t!e )ve nonadit activities presented, eplain w!et!er t!e ob&ectivity of eig! (ndstries internal adit department !as been materially impaired" Consider eac! sitation independently" c" #!e director of internal adit reports directly to t!e corporate controller" Does t!is reporting relations!ip a:ect t!e ob&ectivity of t!e internal adit departmentB %plain yor answer" d" 0old yor evalation of t!e )ve sitations in estion b c!ange if t!e director of internal adit reported to t!e adit committee of t!e board of directorsB %plain yor answer"
. P!"sical #ecurit" Avatar inancials, (nc", located on Madison Avene, ew ork City, is a company t!at provides )nancial advice to individals and small to mid-si@ed bsinesses" (ts primary operations are in wealt! management and )nancial advice" %ac! client !as an accont w!ere basic personal information is stored on a server wit!in t!e main o+ce in ew ork City" #!e company also keeps t!e information abot t!e amont of investment of eac! client on a separate server at its data center in ;et!le!em, *ennsylvania" #!is information incldes t!e total vale of t!e portfolio, type of investments made, t!e income strctre of eac! client, and associated ta liabilities" (n t!e last few years, larger commercial banks !ave started providing sc! services and are competing for t!e same set of cstomers" Avatar, w!ic! prides itself in personal consmer relations, is now trying to set p additional services to keep its crrent cstomers" (t !as recently pgraded its 0eb site, w!ic! formerly only allowed clients to pdate t!eir personal information" ow clients can access information abot t!eir investments, income, and ta liabilities t!at is stored at t!e data center in *ennsylvania" As a reslt of previos dealings, Avatar !as been given free access to se t!e compter room of an older prodction plant" #!e company feels believes t!at t!is location is secre enog! and wold keep t!e data intact from p!ysical intrders" #!e servers are !osed in a room t!at t!e prodction plant sed to !ose its legacy
system" #!e room !as detectors for smoke and associated sprinklers" (t is enclosed, wit! no windows, and !as speciali@ed temperatre-controlled air dcts" Management !as recently started looking at ot!er alternatives to !ose t!e server as t!e plant is going to be s!t down" Management !as ma&or concerns abot t!e secrecy of t!e location and t!e associated measres" (t wants to incorporate newer met!ods of p!ysical data protection" #!e companys aditors !ave also epressed a concern t!at some of t!e measres at t!e crrent location are inade'ate and t!at newer alternatives s!old be fond" e'ired. 4" 0!y are t!e aditors of Avatar stressing t!e need to !ave a better p!ysical environment for t!e serverB (f Avatar !as proper software controls in place, wold t!at not be enog! to secre t!e informationB 5" ame t!e si essential control featres t!at contribte directly to t!e secrity of t!e compter server environment"
$. %isaster Reco&er" Plans #!e !ead'arters of
#!is past $atrday, t!e
'. Operation #"stem Controls (n 55, Mr" ollerball started Mig!ty Mose, (nc", a small, F=-employee )rm t!at prodces and sells wireless keyboards and ot!er devices to vendors t!rog! its manfactring plant in ittle ock, Arkansas" (n its )rst 5 years of bsiness, MM saw a sbstantial growt! in sales and at crrent capacity was nable to keep p wit! demand" #o compete, MM enlarged its manfactring facilities" #!e new facility increased to 5= employees" Dring t!is period of epansion, MM !as paid little attention to internal control procedres" Security ecently, systems problems and !ardware failres !ave cased t!e operating system to cras!" Mr" ollerball was etremely concerned to discover t!at con)dential company information !ad been printed ot a reslt of t!ese cras!es" Also, important digital docments were erased from storage media" Malicios programs sc! as virses, worms, and #ro&an !orses !ave plaged t!e company and cased signi)cant data corrption" MM !as devoted signi)cant fnds and time trying to ) t!e damage cased to its operating system" ?t of necessity to get t!e &ob done, as well as for p!ilosop!ical reasons, system administrators and programmers !ave provided sers relatively free access to t!e operating system" estricting access was fond to in!ibit bsiness and impede recovery from systems failres" rom t!e otset, an open approac! was regarded as an e+cient and e:ective way to ensre t!at everyone obtained t!e information t!ey needed to perform t!eir &obs" e'ired. a" 0!at internal control problems do yo )ndB b"
(. Internal Control and Fraud
$tep!anie ;askill, an nemployed acconting clerk, lives one block from Cleaver Manfactring Company" 0!ile walking !er dog last year, s!e noticed some %* manals in t!e dmpsters" Crios, s!e took t!e manals !ome wit! !er" $!e fond t!at t!e docmentation in t!e manal was dated 5 mont!s prior, so s!e t!og!t t!at t!e information mst be fairly crrent" ?ver t!e net mont!, $tep!anie contined to collect all types of manals from t!e dmpster dring !er dog-walking ecrsions" Cleaver Manfactring Company was apparently pdating all of its docmentation manals and placing t!em online" %ventally, $tep!anie fond manals abot critical inventory reorder formlas, t!e billing system, t!e sales order system, t!e payables system, and t!e operating system" $tep!anie went to t!e local library and read as mc! as s!e cold abot t!is particlar operating system" #o gain access to t!e organi@ation, s!e took a low-pro)le position as a cleaning woman, giving !er access to all areas in t!e bilding" 0!ile working, $tep!anie snooped t!rog! o+ces, watc!ed people w!o were working late type in t!eir passwords, and gessed passwords" $!e ltimately printed ot lists of ser (Ds and passwords sing a #ro&an !orse virs, t!s obtaining all t!e necessary passwords to set !erself p as a spplier, cstomer, systems operator, and systems librarian" As a cstomer, s!e ordered enog! goods to trigger t!e atomatic inventory procrement system to prc!ase more raw materials" #!en, as a spplier, $tep!anie wold deliver t!e goods at t!e speci)ed price" $!e t!en ad&sted t!e transaction logs once t!e bills were paid to cover !er tracks" $tep!anie was able to embe@@le, on average, E45=, a mont!" Abot 46 mont!s after s!e began working at Cleaver, t!e controller saw !er at a very epensive renc! restarant one evening, driving a Gagar"