WEBVTT 00:00:00.240 --> 00:00:03.120 what's up audit fans i'm back and today 00:00:03.120 --> 00:00:04.560 we're looking at designing 00:00:04.560 --> 00:00:06.640 internal controls a big thank you to 00:00:06.640 --> 00:00:08.400 charlene who wrote to me 00:00:08.400 --> 00:00:10.480 uh through facebook and said oh look i'd 00:00:10.480 --> 00:00:11.599 really love something 00:00:11.599 --> 00:00:14.559 about how to design internal controls 00:00:14.559 --> 00:00:16.000 this isn't something that the auditor 00:00:16.000 --> 00:00:16.960 would normally 00:00:16.960 --> 00:00:19.039 do because when we design internal 00:00:19.039 --> 00:00:20.640 controls for our client we 00:00:20.640 --> 00:00:23.119 actually create a self-review 00:00:23.119 --> 00:00:24.560 independence threat 00:00:24.560 --> 00:00:26.720 but if you're an internal auditor or 00:00:26.720 --> 00:00:28.720 you're providing some recommendations 00:00:28.720 --> 00:00:30.240 or if you're studying and it's quite a 00:00:30.240 --> 00:00:32.320 common question to be asked 00:00:32.320 --> 00:00:34.719 what sort of internal controls should be 00:00:34.719 --> 00:00:35.600 used 00:00:35.600 --> 00:00:38.079 to minimize a particular risk today i'm 00:00:38.079 --> 00:00:40.000 going to address it with a four-step 00:00:40.000 --> 00:00:40.800 process 00:00:40.800 --> 00:00:45.840 let's get into it 00:00:46.220 --> 00:00:52.069 [Music] 00:00:54.480 --> 00:00:56.559 hi and welcome to amanda loves to audit 00:00:56.559 --> 00:00:58.320 my name is amanda i do love 00:00:58.320 --> 00:01:01.520 audit and i'm really excited to be 00:01:01.520 --> 00:01:04.159 here back again on my youtube channel 00:01:04.159 --> 00:01:05.199 we're just starting out 00:01:05.199 --> 00:01:07.119 university semester here in australia so 00:01:07.119 --> 00:01:08.960 it's full steam ahead for me 00:01:08.960 --> 00:01:10.720 really really busy but i wanted to give 00:01:10.720 --> 00:01:12.000 a shout out to 00:01:12.000 --> 00:01:15.200 all of my returning viewers from places 00:01:15.200 --> 00:01:15.759 like 00:01:15.759 --> 00:01:18.320 canada indonesia namibia nigeria south 00:01:18.320 --> 00:01:19.360 africa usa 00:01:19.360 --> 00:01:22.479 germany uganda did i say again it twice 00:01:22.479 --> 00:01:22.880 no 00:01:22.880 --> 00:01:25.759 ghana it's really amazing somebody in 00:01:25.759 --> 00:01:28.000 the comments asked if i'm malaysian 00:01:28.000 --> 00:01:30.560 and i'm not so my parents are both from 00:01:30.560 --> 00:01:31.439 china 00:01:31.439 --> 00:01:34.560 in the guangzhou region of china i 00:01:34.560 --> 00:01:37.439 don't speak any chinese so my parents 00:01:37.439 --> 00:01:38.799 came here my mom came here when she was 00:01:38.799 --> 00:01:39.680 five years old 00:01:39.680 --> 00:01:43.119 my dad came in his teenage years 00:01:43.119 --> 00:01:46.399 and when my mum was growing up she 00:01:46.399 --> 00:01:48.560 went to kindergarten not knowing any 00:01:48.560 --> 00:01:49.520 english 00:01:49.520 --> 00:01:51.759 so when she talked with an accent she 00:01:51.759 --> 00:01:54.000 received a lot of bullying 00:01:54.000 --> 00:01:55.759 even then you know a lot of racism 00:01:55.759 --> 00:01:57.280 against asians so 00:01:57.280 --> 00:02:00.079 when she had kids and we were the only 00:02:00.079 --> 00:02:01.840 asian kids in our school 00:02:01.840 --> 00:02:04.159 she said i want you to sound aussie i 00:02:04.159 --> 00:02:05.920 want you to be able to blend in so that 00:02:05.920 --> 00:02:08.560 if you can sound like everybody else 00:02:08.560 --> 00:02:11.440 then hopefully you won't experience the 00:02:11.440 --> 00:02:12.080 same 00:02:12.080 --> 00:02:15.280 levels of racism and discrimination 00:02:15.280 --> 00:02:18.239 that she experienced as a child growing 00:02:18.239 --> 00:02:19.040 up 00:02:19.040 --> 00:02:21.760 and so when i was i think three or four 00:02:21.760 --> 00:02:22.080 years 00:02:22.080 --> 00:02:25.520 old my mother said to my grandmother 00:02:25.520 --> 00:02:27.280 uh who she looked after us a lot she 00:02:27.280 --> 00:02:29.120 said look that's it we're not speaking 00:02:29.120 --> 00:02:30.480 any chinese anymore 00:02:30.480 --> 00:02:33.519 english only so i really only know 00:02:33.519 --> 00:02:34.640 enough 00:02:34.640 --> 00:02:37.599 cantonese to get by at yamcha i know 00:02:37.599 --> 00:02:38.560 that i want to eat 00:02:38.560 --> 00:02:42.319 haa gao cha sil baos um 00:02:42.319 --> 00:02:45.519 paigwat dantats i know that i don't want 00:02:45.519 --> 00:02:47.360 to eat the fung jao which is 00:02:47.360 --> 00:02:50.239 the chicken foot but really that's the 00:02:50.239 --> 00:02:51.360 extent of 00:02:51.360 --> 00:02:54.160 my chinese language skills so that's 00:02:54.160 --> 00:02:55.280 enough about me 00:02:55.280 --> 00:02:59.280 i've been a tiny bit busy recently um 00:02:59.280 --> 00:03:02.239 i've just won the national teaching 00:03:02.239 --> 00:03:03.360 excellence award 00:03:03.360 --> 00:03:05.840 for the business economics law and 00:03:05.840 --> 00:03:06.560 related 00:03:06.560 --> 00:03:09.120 category i'll have a video more on that 00:03:09.120 --> 00:03:10.560 a little bit later because i'm doing a 00:03:10.560 --> 00:03:11.680 big speech 00:03:11.680 --> 00:03:13.120 a whole lot of other things so i was 00:03:13.120 --> 00:03:15.040 really excited to 00:03:15.040 --> 00:03:18.080 receive that and all of you out there in 00:03:18.080 --> 00:03:19.920 youtube land were a really big part of 00:03:19.920 --> 00:03:21.040 that as well so 00:03:21.040 --> 00:03:23.040 i did a survey a little while ago asking 00:03:23.040 --> 00:03:24.560 about whether you thought the resources 00:03:24.560 --> 00:03:26.319 were high quality 00:03:26.319 --> 00:03:28.159 and some feedback and a lot of those 00:03:28.159 --> 00:03:29.920 quotes and a lot of those 00:03:29.920 --> 00:03:31.760 pieces of information made it into my 00:03:31.760 --> 00:03:33.599 application so thank you 00:03:33.599 --> 00:03:36.239 so much to everybody that's out there 00:03:36.239 --> 00:03:38.000 that filled in that survey 00:03:38.000 --> 00:03:41.200 for everyone who's new welcome i love 00:03:41.200 --> 00:03:41.760 audit 00:03:41.760 --> 00:03:43.920 and you'll hear that you'll see that in 00:03:43.920 --> 00:03:45.840 everything that we do so i'm just going 00:03:45.840 --> 00:03:48.640 to switch camera positions a little bit 00:03:48.640 --> 00:03:50.959 so that then i can have my writing 00:03:50.959 --> 00:03:53.519 coming up here so just hang on 00:03:53.519 --> 00:03:55.680 so today we're getting into how do i 00:03:55.680 --> 00:03:57.599 design an internal control it's a really 00:03:57.599 --> 00:03:58.720 common exam 00:03:58.720 --> 00:04:00.959 question just to see that you can do the 00:04:00.959 --> 00:04:02.159 other perspective 00:04:02.159 --> 00:04:03.519 and if you're studying management 00:04:03.519 --> 00:04:05.920 accounting how to design an internal 00:04:05.920 --> 00:04:07.519 control can be really important because 00:04:07.519 --> 00:04:09.200 management accounting is about 00:04:09.200 --> 00:04:10.640 number one doing accounting from within 00:04:10.640 --> 00:04:12.400 the firm but also 00:04:12.400 --> 00:04:14.959 designing the management systems that 00:04:14.959 --> 00:04:15.599 make sure that 00:04:15.599 --> 00:04:18.880 everyone in the organization is working 00:04:18.880 --> 00:04:22.880 together moving in the same direction 00:04:22.880 --> 00:04:24.960 there are going to be four steps in our 00:04:24.960 --> 00:04:27.280 process so step number one 00:04:27.280 --> 00:04:32.479 is going to be about identifying 00:04:32.479 --> 00:04:35.919 the potential misstatement 00:04:37.360 --> 00:04:41.040 now the reason that we need to do this 00:04:41.040 --> 00:04:47.199 is that remember a control is a response 00:04:47.440 --> 00:04:49.600 to a risk so essentially we have to 00:04:49.600 --> 00:04:51.520 identify the risk what is the potential 00:04:51.520 --> 00:04:52.639 misstatement 00:04:52.639 --> 00:04:55.759 the potential error that could occur so 00:04:55.759 --> 00:04:56.160 that's 00:04:56.160 --> 00:05:00.560 step number one then step number two 00:05:00.560 --> 00:05:01.840 and i'm going to just move that up a 00:05:01.840 --> 00:05:03.680 little bit is 00:05:03.680 --> 00:05:06.240 we have to ask ourselves the question do 00:05:06.240 --> 00:05:07.199 we want to 00:05:07.199 --> 00:05:11.280 prevent the issue from happening or 00:05:11.280 --> 00:05:14.479 are we trying to detect an error 00:05:14.479 --> 00:05:17.600 afterwards so in a lot of circumstances 00:05:17.600 --> 00:05:20.560 where it's a control around a process 00:05:20.560 --> 00:05:22.080 i want to try and prevent right 00:05:22.080 --> 00:05:24.000 prevention is always better than a cure 00:05:24.000 --> 00:05:24.960 so you have to think am i going to 00:05:24.960 --> 00:05:25.919 prevent 00:05:25.919 --> 00:05:28.880 or do i want to detect now detecting is 00:05:28.880 --> 00:05:29.759 about 00:05:29.759 --> 00:05:31.199 picking up that there's a mistake 00:05:31.199 --> 00:05:34.320 perhaps after a process has happened 00:05:34.320 --> 00:05:36.240 so you have a manufacturing process 00:05:36.240 --> 00:05:39.039 you're making a good and then 00:05:39.039 --> 00:05:41.600 there is quality control so you know you 00:05:41.600 --> 00:05:42.880 have everything in the process the 00:05:42.880 --> 00:05:44.479 machines doing the right things checking 00:05:44.479 --> 00:05:45.840 their parts 00:05:45.840 --> 00:05:48.639 and the quality control at the end is to 00:05:48.639 --> 00:05:49.440 make sure 00:05:49.440 --> 00:05:51.919 that you detect any issues before they 00:05:51.919 --> 00:05:53.680 go out you know the product goes out to 00:05:53.680 --> 00:05:55.360 the customer so you have to think 00:05:55.360 --> 00:05:57.120 do i want to try and prevent or do i 00:05:57.120 --> 00:05:58.400 want to try and detect 00:05:58.400 --> 00:06:00.080 now i'm going to do this with a live 00:06:00.080 --> 00:06:01.759 example as well after so i'm just going 00:06:01.759 --> 00:06:03.440 to go through the theory first 00:06:03.440 --> 00:06:06.400 so part one identify the potential 00:06:06.400 --> 00:06:08.639 misstatement so what is the risk 00:06:08.639 --> 00:06:12.160 part two am i thinking about preventing 00:06:12.160 --> 00:06:13.919 or detecting 00:06:13.919 --> 00:06:19.520 then you actually need to design 00:06:19.600 --> 00:06:24.240 and effective 00:06:25.039 --> 00:06:28.080 and efficient 00:06:30.960 --> 00:06:33.840 internal control now what do i mean by 00:06:33.840 --> 00:06:34.479 effective 00:06:34.479 --> 00:06:36.560 effective i mean that it has to work it 00:06:36.560 --> 00:06:38.160 has to prevent 00:06:38.160 --> 00:06:41.199 the error that you've got and when i say 00:06:41.199 --> 00:06:42.240 efficient 00:06:42.240 --> 00:06:44.800 i mean that efficient is it's not going 00:06:44.800 --> 00:06:46.479 to cost us too much resources 00:06:46.479 --> 00:06:48.560 because remember when it comes to 00:06:48.560 --> 00:06:50.080 internal controls 00:06:50.080 --> 00:06:52.720 you have to think about the cost versus 00:06:52.720 --> 00:06:54.319 the benefit 00:06:54.319 --> 00:06:56.720 so in a supermarket to make sure that 00:06:56.720 --> 00:06:57.599 people don't 00:06:57.599 --> 00:07:00.560 steal from a supermarket i could make 00:07:00.560 --> 00:07:02.400 every single person have to go through 00:07:02.400 --> 00:07:03.199 an airport 00:07:03.199 --> 00:07:05.280 x-ray screening type of thing when they 00:07:05.280 --> 00:07:06.639 leave the store 00:07:06.639 --> 00:07:09.919 that would be very very beneficial 00:07:09.919 --> 00:07:13.199 however it would cost a lot in terms of 00:07:13.199 --> 00:07:13.759 time 00:07:13.759 --> 00:07:18.240 for my customers effort 00:07:18.240 --> 00:07:21.680 to get it done and also 00:07:21.680 --> 00:07:24.960 it would be really expensive okay 00:07:24.960 --> 00:07:28.160 so i need to balance the benefit 00:07:28.160 --> 00:07:29.840 of preventing or detecting a 00:07:29.840 --> 00:07:31.840 misstatement with the cost 00:07:31.840 --> 00:07:32.880 so you're going to think about that in 00:07:32.880 --> 00:07:35.120 your design now 00:07:35.120 --> 00:07:36.960 also when you're thinking about the 00:07:36.960 --> 00:07:39.759 design you have to consider whether you 00:07:39.759 --> 00:07:40.800 want 00:07:40.800 --> 00:07:44.080 a manual control so somebody physically 00:07:44.080 --> 00:07:47.759 doing something versus some sort of 00:07:47.759 --> 00:07:50.800 automated or 00:07:50.800 --> 00:07:54.639 i t or systems 00:07:55.919 --> 00:07:58.400 based solution okay because if you do 00:07:58.400 --> 00:07:59.199 have 00:07:59.199 --> 00:08:00.720 something that needs a manual control 00:08:00.720 --> 00:08:02.800 remember humans can make mistakes 00:08:02.800 --> 00:08:04.639 with an automated system you've got to 00:08:04.639 --> 00:08:06.319 be really careful because 00:08:06.319 --> 00:08:07.840 if you don't program the system 00:08:07.840 --> 00:08:09.840 correctly it can still make a mistake so 00:08:09.840 --> 00:08:11.199 if you don't program it correctly it 00:08:11.199 --> 00:08:12.000 could still 00:08:12.000 --> 00:08:15.039 go wrong so our 00:08:15.039 --> 00:08:18.240 fourth thing that we want to think about 00:08:18.240 --> 00:08:21.120 is monitoring 00:08:22.080 --> 00:08:24.479 all right are we doing something to 00:08:24.479 --> 00:08:25.599 check the control 00:08:25.599 --> 00:08:28.240 essentially we need to make sure that we 00:08:28.240 --> 00:08:29.199 are 00:08:29.199 --> 00:08:32.240 checking the 00:08:32.240 --> 00:08:35.039 operation 00:08:36.479 --> 00:08:40.640 of the control 00:08:40.640 --> 00:08:43.039 okay a really great example of that 00:08:43.039 --> 00:08:44.800 monitoring aspect 00:08:44.800 --> 00:08:48.080 is if we have a bank and you go with 00:08:48.080 --> 00:08:50.160 your card 00:08:50.160 --> 00:08:54.160 and uh i have one in my pocket actually 00:08:54.160 --> 00:08:57.680 so here's my card um for my bank account 00:08:57.680 --> 00:09:00.640 i go to the atm i put it in i get the 00:09:00.640 --> 00:09:01.440 pin wrong 00:09:01.440 --> 00:09:03.839 oh okay that's the wrong pin remember 00:09:03.839 --> 00:09:05.440 the right pin i put it in 00:09:05.440 --> 00:09:08.240 the bank at the end of the day we'll get 00:09:08.240 --> 00:09:09.040 a report 00:09:09.040 --> 00:09:10.959 that says what are all the cards where 00:09:10.959 --> 00:09:12.640 an incorrect pin was entered 00:09:12.640 --> 00:09:15.519 or perhaps an incorrect pin was entered 00:09:15.519 --> 00:09:16.240 more than 00:09:16.240 --> 00:09:19.440 three times or we actually chewed up the 00:09:19.440 --> 00:09:20.240 card 00:09:20.240 --> 00:09:22.000 so we want to check that the control is 00:09:22.000 --> 00:09:23.839 operating effectively we want to check 00:09:23.839 --> 00:09:25.360 that the operation of the control is 00:09:25.360 --> 00:09:27.120 working because remember 00:09:27.120 --> 00:09:31.839 we know that when the control 00:09:31.839 --> 00:09:34.800 stops working 00:09:34.880 --> 00:09:38.320 what happens my regular viewers will 00:09:38.320 --> 00:09:40.800 know this when the control stops working 00:09:40.800 --> 00:09:44.240 then we have an increased risk 00:09:44.240 --> 00:09:51.839 of errors and misstatements 00:09:52.080 --> 00:09:53.440 all right and we definitely don't want 00:09:53.440 --> 00:09:55.279 that we don't want to have misstatements 00:09:55.279 --> 00:09:55.680 going 00:09:55.680 --> 00:09:59.040 into the financial um record records and 00:09:59.040 --> 00:09:59.360 the 00:09:59.360 --> 00:10:02.160 the accounting of the firm so to recap 00:10:02.160 --> 00:10:04.480 i'm going to scroll quickly back up 00:10:04.480 --> 00:10:06.880 number one identify the potential 00:10:06.880 --> 00:10:08.079 misstatements 00:10:08.079 --> 00:10:10.000 number two decide whether you want to 00:10:10.000 --> 00:10:11.680 prevent or detect 00:10:11.680 --> 00:10:15.600 number three design an effective 00:10:15.600 --> 00:10:17.519 and efficient internal control thinking 00:10:17.519 --> 00:10:19.680 about the cost versus the benefit 00:10:19.680 --> 00:10:22.000 that cost could be the time it takes the 00:10:22.000 --> 00:10:22.880 dollars 00:10:22.880 --> 00:10:25.040 to actually implement it the effort it 00:10:25.040 --> 00:10:26.160 might take 00:10:26.160 --> 00:10:28.079 think about whether you want manual or 00:10:28.079 --> 00:10:30.720 automated systems 00:10:30.720 --> 00:10:33.040 and then consider the monitoring what 00:10:33.040 --> 00:10:35.760 are we doing to monitor this control 00:10:35.760 --> 00:10:37.519 to make sure that it's always working is 00:10:37.519 --> 00:10:39.040 it if something goes wrong a system 00:10:39.040 --> 00:10:40.560 flags with us 00:10:40.560 --> 00:10:44.240 so now let's look at a practical example 00:10:44.240 --> 00:10:46.320 so in my practical example i'm going to 00:10:46.320 --> 00:10:48.000 think about 00:10:48.000 --> 00:10:51.120 a retail operation and i'm using a 00:10:51.120 --> 00:10:52.320 retail operation 00:10:52.320 --> 00:10:55.040 because it's something that we can 00:10:55.040 --> 00:10:56.800 imagine in our minds we've all been 00:10:56.800 --> 00:10:59.440 shopping to a store now i need to find 00:10:59.440 --> 00:11:00.640 something oh let's just i have a 00:11:00.640 --> 00:11:01.920 notebook here 00:11:01.920 --> 00:11:05.440 so a big thank you to uh microsoft for 00:11:05.440 --> 00:11:05.760 uh 00:11:05.760 --> 00:11:07.040 they sent me a notebook the other day 00:11:07.040 --> 00:11:08.959 i'm an mie expert which is a microsoft 00:11:08.959 --> 00:11:09.920 innovative 00:11:09.920 --> 00:11:12.320 um educator expert and i got a little 00:11:12.320 --> 00:11:13.920 goodie bag from them includes a notebook 00:11:13.920 --> 00:11:14.880 so say we're 00:11:14.880 --> 00:11:17.920 a retail operation and we're selling 00:11:17.920 --> 00:11:19.600 fancy notebooks so let's say this is 00:11:19.600 --> 00:11:21.200 like you know it's leather and it's 00:11:21.200 --> 00:11:22.079 really fancy 00:11:22.079 --> 00:11:24.720 so what is the risk so let's start with 00:11:24.720 --> 00:11:26.399 step one 00:11:26.399 --> 00:11:30.079 the risk is going to be 00:11:30.079 --> 00:11:33.200 theft of inventory 00:11:34.079 --> 00:11:35.519 all right if people steal the inventory 00:11:35.519 --> 00:11:36.800 they're not buying it and we're not 00:11:36.800 --> 00:11:39.040 making revenue so we've got our risk 00:11:39.040 --> 00:11:42.560 of misstatement is a theft of inventory 00:11:42.560 --> 00:11:44.959 and we might also have the so let's talk 00:11:44.959 --> 00:11:47.279 about the theft of inventory risk 00:11:47.279 --> 00:11:51.680 so then i have to think prevent 00:11:51.680 --> 00:11:55.120 or detect so that's p or d in this one i 00:11:55.120 --> 00:11:56.000 definitely want 00:11:56.000 --> 00:11:59.040 to try and prevent theft okay i don't 00:11:59.040 --> 00:12:00.320 want to detect the theft 00:12:00.320 --> 00:12:01.760 after it's happened i want to try and 00:12:01.760 --> 00:12:04.160 prevent people from stealing 00:12:04.160 --> 00:12:07.600 my item from my storm so prevent or 00:12:07.600 --> 00:12:08.399 detect 00:12:08.399 --> 00:12:11.839 now number three comes the actual part 00:12:11.839 --> 00:12:12.320 of 00:12:12.320 --> 00:12:15.200 designing the internal control well i 00:12:15.200 --> 00:12:16.079 want something 00:12:16.079 --> 00:12:18.399 that will stop people from stealing my 00:12:18.399 --> 00:12:20.000 product i got a couple of different 00:12:20.000 --> 00:12:21.200 options 00:12:21.200 --> 00:12:24.079 here and it might be that i might need 00:12:24.079 --> 00:12:26.639 to have multiple things in place 00:12:26.639 --> 00:12:30.800 i could have security cameras 00:12:30.800 --> 00:12:32.720 all right but if i have security cameras 00:12:32.720 --> 00:12:34.160 someone's going to need to be watching 00:12:34.160 --> 00:12:36.560 them so if i have security cameras 00:12:36.560 --> 00:12:40.560 that could be a deterrent potentially 00:12:40.560 --> 00:12:46.079 i could also have rfid 00:12:46.079 --> 00:12:48.720 stickers 00:12:49.360 --> 00:12:53.519 on the inventory 00:12:53.519 --> 00:12:55.920 all right so an rfid sticker or one of 00:12:55.920 --> 00:12:57.760 those security tags so 00:12:57.760 --> 00:12:59.440 often it could be like a little sticker 00:12:59.440 --> 00:13:01.040 that's placed on an individual item or 00:13:01.040 --> 00:13:03.040 it could be a big removable tag so if 00:13:03.040 --> 00:13:04.399 you bought clothing 00:13:04.399 --> 00:13:06.079 from a department store often those will 00:13:06.079 --> 00:13:07.839 have like a big tag on it 00:13:07.839 --> 00:13:10.000 that the sales checkout person will have 00:13:10.000 --> 00:13:11.040 to remove so 00:13:11.040 --> 00:13:14.240 an rfid sticker or some sort of security 00:13:14.240 --> 00:13:15.519 tag 00:13:15.519 --> 00:13:19.040 or security tag 00:13:19.040 --> 00:13:22.480 now given that this is a book like 00:13:22.480 --> 00:13:24.079 a hole i don't want to punch a hole in 00:13:24.079 --> 00:13:25.839 my notebook for the tag 00:13:25.839 --> 00:13:27.920 so a little rfid sticker might be a good 00:13:27.920 --> 00:13:30.079 idea and that's why a lot of stuff comes 00:13:30.079 --> 00:13:33.920 shrink wrapped in plastic that is um 00:13:33.920 --> 00:13:35.279 just so 00:13:35.279 --> 00:13:37.040 that they can then stick the rfid 00:13:37.040 --> 00:13:38.800 sticker on there and it's come a long 00:13:38.800 --> 00:13:39.680 way 00:13:39.680 --> 00:13:41.360 the old days rfid stickers were really 00:13:41.360 --> 00:13:43.440 expensive now i'm seeing supermarkets 00:13:43.440 --> 00:13:44.000 even 00:13:44.000 --> 00:13:45.920 use them on things like expensive meat 00:13:45.920 --> 00:13:47.199 products so 00:13:47.199 --> 00:13:49.839 i've got my security cameras i've got my 00:13:49.839 --> 00:13:52.639 rfid stickers 00:13:52.639 --> 00:13:55.040 um i'm going to have with the rfid 00:13:55.040 --> 00:13:55.839 sticker 00:13:55.839 --> 00:14:00.839 needed with that is going to be the rfid 00:14:00.839 --> 00:14:03.839 detectors 00:14:04.240 --> 00:14:07.600 at the store oops 00:14:07.600 --> 00:14:11.519 can't spell store entry exit 00:14:11.519 --> 00:14:13.279 that is also why a lot of stores will 00:14:13.279 --> 00:14:15.760 only have one entry exit point 00:14:15.760 --> 00:14:18.320 so that they can put those big gates up 00:14:18.320 --> 00:14:20.160 and often you will see those gates will 00:14:20.160 --> 00:14:22.079 be covered in advertising and things so 00:14:22.079 --> 00:14:23.600 you don't notice that it's there so 00:14:23.600 --> 00:14:24.240 you've got 00:14:24.240 --> 00:14:27.360 your rfid your stickers etc 00:14:27.360 --> 00:14:32.560 the last thing that we might do is also 00:14:32.639 --> 00:14:35.760 a store bag check 00:14:36.720 --> 00:14:38.320 all right so that when you leave the 00:14:38.320 --> 00:14:39.839 store they say look 00:14:39.839 --> 00:14:42.560 uh can you open your bag you know bags 00:14:42.560 --> 00:14:44.000 of a bigger size 00:14:44.000 --> 00:14:47.120 to make sure that that's happening so 00:14:47.120 --> 00:14:50.639 that's an example here for the fact that 00:14:50.639 --> 00:14:53.839 we've got our theft let's do another 00:14:53.839 --> 00:14:56.240 example my next example is still going 00:14:56.240 --> 00:14:58.079 to go back to my notebooks 00:14:58.079 --> 00:15:01.920 but my risk is going to be 00:15:01.920 --> 00:15:07.600 the risk of charging the customer 00:15:07.760 --> 00:15:11.120 the wrong price right and that 00:15:11.120 --> 00:15:13.839 is going to result for us in inaccurate 00:15:13.839 --> 00:15:15.680 sales so that's affecting our accuracy 00:15:15.680 --> 00:15:16.959 assertion 00:15:16.959 --> 00:15:20.160 now of course in terms of prevention or 00:15:20.160 --> 00:15:22.560 detection i want to try and 00:15:22.560 --> 00:15:26.160 prevent okay then coming 00:15:26.160 --> 00:15:29.360 into the control 00:15:29.360 --> 00:15:31.279 one thing that i could do and i can 00:15:31.279 --> 00:15:33.120 remember the days where when you went to 00:15:33.120 --> 00:15:34.320 the supermarket 00:15:34.320 --> 00:15:36.160 you didn't actually have barcodes there 00:15:36.160 --> 00:15:37.519 was a little sticker that somebody 00:15:37.519 --> 00:15:39.279 manually added to the product and then 00:15:39.279 --> 00:15:40.880 you typed it in 00:15:40.880 --> 00:15:43.519 into the cash register so we could use 00:15:43.519 --> 00:15:46.399 barcode scanning 00:15:46.399 --> 00:15:50.160 barcodes on goods 00:15:50.160 --> 00:15:53.360 and scan 00:15:53.360 --> 00:15:56.480 at the register 00:15:56.480 --> 00:15:59.360 okay so that's going to be my control 00:15:59.360 --> 00:16:00.000 now 00:16:00.000 --> 00:16:02.160 in terms of the control it's very cheap 00:16:02.160 --> 00:16:03.440 it's efficient you have to have 00:16:03.440 --> 00:16:05.519 obviously a cash register system 00:16:05.519 --> 00:16:07.600 but the one thing that we want to do 00:16:07.600 --> 00:16:11.680 here in terms of the monitoring 00:16:13.279 --> 00:16:15.680 all right is that we might want to do 00:16:15.680 --> 00:16:17.440 something like 00:16:17.440 --> 00:16:22.800 check price overrides 00:16:22.800 --> 00:16:24.320 all right so if somebody tries to 00:16:24.320 --> 00:16:26.000 override the price 00:16:26.000 --> 00:16:27.839 there's a couple of different options 00:16:27.839 --> 00:16:29.360 you could have you need 00:16:29.360 --> 00:16:31.600 manager whoops that's meant to be an r 00:16:31.600 --> 00:16:33.279 manager 00:16:33.279 --> 00:16:36.800 to approve any price overrides 00:16:36.800 --> 00:16:39.279 or at the end of the day you could have 00:16:39.279 --> 00:16:42.720 a daily report 00:16:42.880 --> 00:16:44.800 about those overrides and that's really 00:16:44.800 --> 00:16:46.079 common in retail stores where they'll 00:16:46.079 --> 00:16:46.800 say okay 00:16:46.800 --> 00:16:48.959 give me the day end of day report oh 00:16:48.959 --> 00:16:50.240 yeah this was overwritten because this 00:16:50.240 --> 00:16:51.440 was damaged 00:16:51.440 --> 00:16:53.360 this person had an extra discount this 00:16:53.360 --> 00:16:55.279 was the manager's discretion 00:16:55.279 --> 00:16:57.040 so you want to monitor how many prices 00:16:57.040 --> 00:16:58.720 were incorrect 00:16:58.720 --> 00:17:00.480 um often there's also a thing that says 00:17:00.480 --> 00:17:01.839 oh look if the shelf says 00:17:01.839 --> 00:17:04.640 five dollars but your thing says ten 00:17:04.640 --> 00:17:06.400 dollars you get whatever the shelf 00:17:06.400 --> 00:17:08.400 price is so that could be one of your 00:17:08.400 --> 00:17:10.160 override codes 00:17:10.160 --> 00:17:12.720 now i realized back here when i was 00:17:12.720 --> 00:17:14.160 designing the controls for 00:17:14.160 --> 00:17:17.520 the risk of theft then um 00:17:17.520 --> 00:17:20.959 the mo the store bag check um 00:17:20.959 --> 00:17:22.559 could be one of those monitoring 00:17:22.559 --> 00:17:24.319 controls so i realized i forgot that i 00:17:24.319 --> 00:17:26.000 forgot to talk about the monitoring 00:17:26.000 --> 00:17:30.480 but the store bag check could also 00:17:31.280 --> 00:17:35.120 be part of that monitoring process 00:17:35.120 --> 00:17:38.400 i hope that that clarifies to everybody 00:17:38.400 --> 00:17:42.559 how you can design an internal control 00:17:42.559 --> 00:17:44.880 and remember to take it step by step 00:17:44.880 --> 00:17:46.480 think about the risk 00:17:46.480 --> 00:17:48.799 do i want to prevent or detect what are 00:17:48.799 --> 00:17:50.799 the control activities that i could do 00:17:50.799 --> 00:17:53.440 automated or manual or with our systems 00:17:53.440 --> 00:17:55.440 or a combination of both 00:17:55.440 --> 00:17:56.880 and then what am i going to put in place 00:17:56.880 --> 00:17:59.520 to monitor to make sure that control 00:17:59.520 --> 00:18:01.760 works properly so i want to thank you 00:18:01.760 --> 00:18:03.440 for watching this video of course if you 00:18:03.440 --> 00:18:05.679 haven't already consider subscribing 00:18:05.679 --> 00:18:07.919 for all of those internal auditors out 00:18:07.919 --> 00:18:09.600 there you might want to check out 00:18:09.600 --> 00:18:11.360 autotopia it's a new 00:18:11.360 --> 00:18:13.440 internal audit community that i'm 00:18:13.440 --> 00:18:14.640 involved with 00:18:14.640 --> 00:18:17.200 it has free resources that people are 00:18:17.200 --> 00:18:17.840 sharing 00:18:17.840 --> 00:18:20.360 internal con audit checklists and 00:18:20.360 --> 00:18:22.240 documentation 00:18:22.240 --> 00:18:24.880 and we've also got regular webinars to 00:18:24.880 --> 00:18:25.919 help you become 00:18:25.919 --> 00:18:28.080 a better internal auditor i'm really 00:18:28.080 --> 00:18:30.720 excited to be part of the autotopia team 00:18:30.720 --> 00:18:32.960 i'll be working with them to create some 00:18:32.960 --> 00:18:34.640 content for some courses 00:18:34.640 --> 00:18:36.880 that they're going to have big thank you 00:18:36.880 --> 00:18:38.799 i want everybody to stay safe 00:18:38.799 --> 00:18:40.960 stay well i've checked myself on the 00:18:40.960 --> 00:18:43.200 vaccination schedule i'm hopefully 00:18:43.200 --> 00:18:45.440 going to be vaccinated in september or 00:18:45.440 --> 00:18:46.720 october of this year 00:18:46.720 --> 00:18:48.880 so i'm really excited about that but 00:18:48.880 --> 00:18:51.360 stay safe stay well wherever you are 00:18:51.360 --> 00:18:57.840 and i'll see you next time 00:19:03.720 --> 00:19:09.570 [Music] 00:19:12.400 --> 00:19:14.480 you