In this essay, I will review the main strengths and weaknesses of internal control.
Internal Control Strengths
There are five key strengths of internal control, which are described below.
Only Accepting Orders Through Website
Only accepting orders through a secure and trustworthy website, electronically, at the time of order placement addresses risks like details of customers getting hacked, sending items to customers who cannot pay. This is a preventative control which works through only accepting orders through safe means, Derby Advanced Pty Ltd (Derby) minimises cash handling and through having on-time payment they prevent inviting bad debts.
Preventive control being observed as approved customers are being recorded on credit card file, which also highlights those with poor credit—this is good customer accounting.
Crosscheck of Names on Credit Check Report and Sales Order
This an effective detective control, as it addresses the risk of goods being sent to customers who have not paid, or whose payments have been rejected. It does this through cross checking customers who have paid—highlighted in the credit card report file against goods which are being shipped.
Marking Completed Shipping Orders
This is a preventive control which addresses the risk of the order being accidentally shipped again through an accidental recirculation as well as the possibility of fraud through employees using the order again.
Scannable Picking Ticket
Having scannable codes on picking tickets to get the exact sales order of the customer eliminates risks of incorrect items being packed and shipped.
Internal Control Weaknesses
There are five key weaknesses of internal control, which are described below.
Unsafe Placement of Source Documents
Not safe or efficient to put picking tickets that are awaiting goods on a desk where they can easily be misplaced, tampered or taken. This should be addressed by using safes or lockboxes for important source documents.
Periodic Data Backup
Database is not being backed up on master data file. This should be controlled to prevent loss of data. Derby should back-up files periodically and keep at least two copies, of which one needs to be in different and secure location paired with the lacking logical physical access controls.
Regular Bank Reconciliations Not Being Conducted
The detective control of regular bank reconciliation it not in-place to identify incorrectly posted numbers in ledgers and in accounting transactions.
Manual Check of Each Item Against Original Sales Order
Manual check of items against order by the shipping officer is subject to human error. To reduce this risk Derby should adopt RFID or barcoding inventory management.
Carrier Picks Goods from Loading Dock and Delivers Them to Customer
Without proper controls in place this can expose Derby to risks such as leaving source documents and goods in an unsafe location unattended. Also, to not have confirmation on record which indicates whether the carrier has picked up the package and if the carrier has successfully delivered the package. Controls introduced can be securing the loading dock with biometric or card keypad and recording the courier’s access to the facility. The courier should also log the items they have picked up and get signatures of customers when items are delivered.