Internal Control and Risk Evaluation

Internal Control and Risk Evaluation

Internal controls and risk assessment are considered to be integral parts of a company that contribute to the success of the organization. Risks can simply be defined as the chance of an unfavorable outcome while internal controls are the policies and procedures put into place to reduce their associated risks. Although risks cannot be eliminated entirely, they can be reduced by properly using established internal controls. This brief will discuss the risks of Kudler Fine Foods current information systems and the internal controls designed to mitigate those risks. Also included, is an evaluation of internal controls for the information systems and a discussion of necessary controls outside the information system.

Risks and Internal Controls to Mitigate Risk

When analyzing the current information systems of Kudler Fine Foods, there are three main concerns in regard to potential risks. The three types of risk are those of business, security, and continuity.

Business Risk

The primary risk for Kudler is that of business risk. Business risk, as defined by Hunton, Bryant, and Bagranoff (2004), “is the likelihood that an organization will not achieve its business goals and objectives” (p. 48). The business goals and objectives of an organization are affected by internal risks on the organizational level, such as the potential for employee fraud. Internal controls can be put into place to reduce this type of risk. One way to reduce employee fraud is to maintain a proper separation of duties. When examining the information systems of Kudler, it is determined that specific controls for the separation of duties are needed for each of the four systems: payroll, accounts receivable, accounts payable, and inventory. The attached flow charts explain the separation of duties for each system.

An additional control is to have an effective audit trail in place that “enables managers and auditors to follow the path of the data...