0:00:00.240,0:00:03.120
What's up audit fans. I'm back and today

0:00:03.120,0:00:04.560
we're looking at designing

0:00:04.560,0:00:06.640
internal controls. A big thank you to

0:00:06.640,0:00:08.400
Charlene who wrote to me

0:00:08.400,0:00:10.480
through facebook and said, "Oh look I'd

0:00:10.480,0:00:11.599
really love something

0:00:11.599,0:00:14.559
about how to design internal controls".

0:00:14.559,0:00:16.000
This isn't something that the auditor

0:00:16.000,0:00:16.960
would normally

0:00:16.960,0:00:19.039
do because when we design internal

0:00:19.039,0:00:20.640
controls for our client we

0:00:20.640,0:00:23.119
actually create a self-review

0:00:23.119,0:00:24.560
independence threat.

0:00:24.560,0:00:26.720
But if you're an internal auditor or

0:00:26.720,0:00:28.720
you're providing some recommendations

0:00:28.720,0:00:30.240
or if you're studying and it's quite a

0:00:30.240,0:00:32.320
common question to be asked

0:00:32.320,0:00:34.719
what sort of internal controls should be

0:00:34.719,0:00:35.600
used

0:00:35.600,0:00:38.079
to minimize a particular risk, today I'm

0:00:38.079,0:00:40.000
going to address it with a four-step

0:00:40.000,0:00:40.800
process.

0:00:40.800,0:00:45.840
Let's get into it.

0:00:46.220,0:00:52.069
[Music]

0:00:54.480,0:00:56.559
Hi and welcome to AmandaLovesToAudit.

0:00:56.559,0:00:58.320
My name is Amanda, I do love

0:00:58.320,0:01:01.520
audit, and I'm really excited to be

0:01:01.520,0:01:04.159
here back again on my YouTube channel.

0:01:04.159,0:01:05.199
We're just starting our

0:01:05.199,0:01:07.119
university semester here in Australia so

0:01:07.119,0:01:08.960
it's full steam ahead for me,

0:01:08.960,0:01:10.720
really, really busy. But I wanted to give

0:01:10.720,0:01:12.000
a shout out to

0:01:12.000,0:01:15.200
all of my returning viewers from places

0:01:15.200,0:01:15.759
like

0:01:15.759,0:01:18.320
Canada, Indonesia, Namibia, Nigeria, South

0:01:18.320,0:01:19.360
Africa, USA,

0:01:19.360,0:01:22.479
Germany, Uganda, did I say Uganda twice?

0:01:22.479,0:01:22.880
No.

0:01:22.880,0:01:25.759
Ghana. It's really amazing. Somebody in

0:01:25.759,0:01:28.000
the comments asked if I'm Malaysian

0:01:28.000,0:01:30.560
and I'm not. So my parents are both from

0:01:30.560,0:01:31.439
China

0:01:31.439,0:01:34.560
in the Guangzhou region of China. I

0:01:34.560,0:01:37.439
don't speak any Chinese. So my parents

0:01:37.439,0:01:38.799
came here, my mom came here when she was

0:01:38.799,0:01:39.680
five years old,

0:01:39.680,0:01:43.119
my dad came in his teenage years.

0:01:43.119,0:01:46.399
And when my mom was growing up, she

0:01:46.399,0:01:48.560
went to kindergarten not knowing any

0:01:48.560,0:01:49.520
English,

0:01:49.520,0:01:51.759
so when she talked with an accent she

0:01:51.759,0:01:54.000
received a lot of bullying,

0:01:54.000,0:01:55.759
even then you know a lot of racism

0:01:55.759,0:01:57.280
against Asians. So

0:01:57.280,0:02:00.079
when she had kids, and we were the only

0:02:00.079,0:02:01.840
Asian kids in our school,

0:02:01.840,0:02:04.159
she said I want you to sound Aussie. I

0:02:04.159,0:02:05.920
want you to be able to blend in so that

0:02:05.920,0:02:08.560
if you can sound like everybody else,

0:02:08.560,0:02:11.440
then hopefully you won't experience the

0:02:11.440,0:02:12.080
same

0:02:12.080,0:02:15.280
levels of racism and discrimination

0:02:15.280,0:02:18.239
that she experienced as a child growing

0:02:18.239,0:02:19.040
up.

0:02:19.040,0:02:21.760
And so when I was, I think three or four

0:02:21.760,0:02:22.080
years

0:02:22.080,0:02:25.520
old, my mother said to my grandmother,

0:02:25.520,0:02:27.280
who she looked after us a lot. She

0:02:27.280,0:02:29.120
said look that's it, we're not speaking

0:02:29.120,0:02:30.480
any Chinese anymore,

0:02:30.480,0:02:33.519
English only. So I really only know

0:02:33.519,0:02:34.640
enough

0:02:34.640,0:02:37.599
Cantonese to get by at Yum Cha. I know

0:02:37.599,0:02:38.560
that I want to eat

0:02:38.560,0:02:42.319
ha gao, cha siu bao,

0:02:42.319,0:02:45.519
pai gwat, dan tats. I know that I don't want

0:02:45.519,0:02:47.360
to eat the fung jao which is

0:02:47.360,0:02:50.239
the chicken foot, but really that's the

0:02:50.239,0:02:51.360
extent of

0:02:51.360,0:02:54.160
my Chinese language skills, so that's

0:02:54.160,0:02:55.280
enough about me.

0:02:55.280,0:02:59.280
I've been a tiny bit busy recently,

0:02:59.280,0:03:02.239
I've just won the national teaching

0:03:02.239,0:03:03.360
excellence award

0:03:03.360,0:03:05.840
for the business, economics law and

0:03:05.840,0:03:06.560
related

0:03:06.560,0:03:09.120
category. I'll have a video more on that

0:03:09.120,0:03:10.560
a little bit later because I'm doing a

0:03:10.560,0:03:11.680
big speech,

0:03:11.680,0:03:13.120
a whole lot of other things, so I was

0:03:13.120,0:03:15.040
really excited to

0:03:15.040,0:03:18.080
receive that. And all of you out there in

0:03:18.080,0:03:19.920
YouTube land were a really big part of

0:03:19.920,0:03:21.040
that as well, so

0:03:21.040,0:03:23.040
I did a survey a little while ago asking

0:03:23.040,0:03:24.560
about whether you thought the resources

0:03:24.560,0:03:26.319
were high quality

0:03:26.319,0:03:28.159
and some feedback and a lot of those

0:03:28.159,0:03:29.920
quotes and a lot of those

0:03:29.920,0:03:31.760
pieces of information made it into my

0:03:31.760,0:03:33.599
application so thank you

0:03:33.599,0:03:36.239
so much to everybody that's out there

0:03:36.239,0:03:38.000
that filled in that survey.

0:03:38.000,0:03:41.200
For everyone who's new, welcome! I love

0:03:41.200,0:03:41.760
audit,

0:03:41.760,0:03:43.920
and you'll hear that, you'll see that in

0:03:43.920,0:03:45.840
everything that we do. So I'm just going

0:03:45.840,0:03:48.640
to switch camera positions a little bit

0:03:48.640,0:03:50.959
so that then I can have my writing

0:03:50.959,0:03:53.519
coming up here so just hang on.

0:03:53.519,0:03:55.680
So today we're getting into how do I

0:03:55.680,0:03:57.599
design an internal control? It's a really

0:03:57.599,0:03:58.720
common exam

0:03:58.720,0:04:00.959
question just to see that you can do the

0:04:00.959,0:04:02.159
other perspective.

0:04:02.159,0:04:03.519
And if you're studying management

0:04:03.519,0:04:05.920
accounting, how to design an internal

0:04:05.920,0:04:07.519
control can be really important because

0:04:07.519,0:04:09.200
management accounting is about,

0:04:09.200,0:04:10.640
number one doing accounting from within

0:04:10.640,0:04:12.400
the firm, but also

0:04:12.400,0:04:14.959
designing the management systems that

0:04:14.959,0:04:15.599
make sure that

0:04:15.599,0:04:18.880
everyone in the organization is working

0:04:18.880,0:04:22.880
together, moving in the same direction.

0:04:22.880,0:04:24.960
There are going to be four steps in our

0:04:24.960,0:04:27.280
process. So step number one

0:04:27.280,0:04:32.479
is going to be about identifying

0:04:32.479,0:04:35.919
the potential misstatement.

0:04:37.360,0:04:41.040
Now the reason that we need to do this

0:04:41.040,0:04:47.199
is that remember a control is a response

0:04:47.440,0:04:49.600
to a risk. So essentially we have to

0:04:49.600,0:04:51.520
identify the risk. What is the potential

0:04:51.520,0:04:52.639
misstatement,

0:04:52.639,0:04:55.759
the potential error that could occur? So

0:04:55.759,0:04:56.160
that's

0:04:56.160,0:05:00.560
step number one. Then step number two,

0:05:00.560,0:05:01.840
And I'm going to just move that up a

0:05:01.840,0:05:03.680
little bit, is

0:05:03.680,0:05:06.240
we have to ask ourselves the question, do

0:05:06.240,0:05:07.199
we want to

0:05:07.199,0:05:11.280
prevent the issue from happening or

0:05:11.280,0:05:14.479
are we trying to detect an error

0:05:14.479,0:05:17.600
afterwards? So in a lot of circumstances

0:05:17.600,0:05:20.560
where it's a control around a process,

0:05:20.560,0:05:22.080
I want to try and prevent, right?

0:05:22.080,0:05:24.000
Prevention is always better than a cure.

0:05:24.000,0:05:24.960
So you have to think am I going to

0:05:24.960,0:05:25.919
prevent

0:05:25.919,0:05:28.880
or do I want to detect. Now detecting is

0:05:28.880,0:05:29.759
about

0:05:29.759,0:05:31.199
picking up that there's a mistake

0:05:31.199,0:05:34.320
perhaps after a process has happened.

0:05:34.320,0:05:36.240
So you have a manufacturing process,

0:05:36.240,0:05:39.039
you're making a good and then

0:05:39.039,0:05:41.600
there is quality control. So you know you

0:05:41.600,0:05:42.880
have everything in the process, the

0:05:42.880,0:05:44.479
machines doing the right things, checking

0:05:44.479,0:05:45.840
their parts.

0:05:45.840,0:05:48.639
And the quality control at the end is to

0:05:48.639,0:05:49.440
make sure

0:05:49.440,0:05:51.919
that you detect any issues before they

0:05:51.919,0:05:53.680
go out, you know the product goes out to

0:05:53.680,0:05:55.360
the customer. So you have to think

0:05:55.360,0:05:57.120
do I want to try and prevent or do I

0:05:57.120,0:05:58.400
want to try and detect.

0:05:58.400,0:06:00.080
Now I'm going to do this with a live

0:06:00.080,0:06:01.759
example as well after, so I'm just going

0:06:01.759,0:06:03.440
to go through the theory first.

0:06:03.440,0:06:06.400
So part one, identify the potential

0:06:06.400,0:06:08.639
misstatement, so what is the risk?

0:06:08.639,0:06:12.160
Part two, am I thinking about preventing

0:06:12.160,0:06:13.919
or detecting?

0:06:13.919,0:06:19.520
Then, you actually need to design

0:06:19.600,0:06:24.240
an effective

0:06:25.039,0:06:28.080
and efficient

0:06:30.960,0:06:33.840
internal control. Now what do I mean by

0:06:33.840,0:06:34.479
effective?

0:06:34.479,0:06:36.560
Effective, I mean, that it has to work. It

0:06:36.560,0:06:38.160
has to prevent

0:06:38.160,0:06:41.199
the error that you've got. And when I say

0:06:41.199,0:06:42.240
efficient,

0:06:42.240,0:06:44.800
I mean that efficient is it's not going

0:06:44.800,0:06:46.479
to cost us too much resources

0:06:46.479,0:06:48.560
because remember when it comes to

0:06:48.560,0:06:50.080
internal controls

0:06:50.080,0:06:52.720
you have to think about the cost versus

0:06:52.720,0:06:54.319
the benefit.

0:06:54.319,0:06:56.720
So, in a supermarket, to make sure that

0:06:56.720,0:06:57.599
people don't

0:06:57.599,0:07:00.560
steal from a supermarket, I could make

0:07:00.560,0:07:02.400
every single person have to go through

0:07:02.400,0:07:03.199
an airport

0:07:03.199,0:07:05.280
x-ray screening type of thing when they

0:07:05.280,0:07:06.639
leave the store.

0:07:06.639,0:07:09.919
That would be very, very beneficial,

0:07:09.919,0:07:13.199
however, it would cost a lot in terms of

0:07:13.199,0:07:13.759
time

0:07:13.759,0:07:18.240
for my customers, effort

0:07:18.240,0:07:21.680
to get it done, and also

0:07:21.680,0:07:24.960
it would be really expensive, okay?

0:07:24.960,0:07:28.160
So I need to balance the benefit

0:07:28.160,0:07:29.840
of preventing or detecting a

0:07:29.840,0:07:31.840
misstatement with the cost.

0:07:31.840,0:07:32.880
So you got to think about that in

0:07:32.880,0:07:35.120
your design. Now

0:07:35.120,0:07:36.960
also, when you're thinking about the

0:07:36.960,0:07:39.759
design, you have to consider whether you

0:07:39.759,0:07:40.800
want

0:07:40.800,0:07:44.080
a manual control, so somebody physically

0:07:44.080,0:07:47.759
doing something, versus some sort of

0:07:47.759,0:07:50.800
automated or

0:07:50.800,0:07:54.639
IT or systems

0:07:55.919,0:07:58.400
based solution, okay? Because if you do

0:07:58.400,0:07:59.199
have

0:07:59.199,0:08:00.720
something that needs a manual control,

0:08:00.720,0:08:02.800
remember humans can make mistakes.

0:08:02.800,0:08:04.639
With an automated system you've got to

0:08:04.639,0:08:06.319
be really careful because

0:08:06.319,0:08:07.840
if you don't program the system

0:08:07.840,0:08:09.840
correctly, it can still make a mistake so

0:08:09.840,0:08:11.199
if you don't program it correctly it

0:08:11.199,0:08:12.000
could still

0:08:12.000,0:08:15.039
go wrong. So our

0:08:15.039,0:08:18.240
fourth thing that we want to think about

0:08:18.240,0:08:21.120
is monitoring,

0:08:22.080,0:08:24.479
all right? Are we doing something to

0:08:24.479,0:08:25.599
check the control?

0:08:25.599,0:08:28.240
Essentially we need to make sure that we

0:08:28.240,0:08:29.199
are

0:08:29.199,0:08:32.240
checking the

0:08:32.240,0:08:35.039
operation

0:08:36.479,0:08:40.640
of the control.

0:08:40.640,0:08:43.039
Okay, a really great example of that

0:08:43.039,0:08:44.800
monitoring aspect

0:08:44.800,0:08:48.080
is if we have a bank and you go with

0:08:48.080,0:08:50.160
your card,

0:08:50.160,0:08:54.160
and I have one in my pocket actually,

0:08:54.160,0:08:57.680
so here's my card for my bank account.

0:08:57.680,0:09:00.640
I go to the ATM, I put it in, I get the

0:09:00.640,0:09:01.440
pin wrong.

0:09:01.440,0:09:03.839
Oh okay, that's the wrong pin. I remember

0:09:03.839,0:09:05.440
the right pin, I put it in.

0:09:05.440,0:09:08.240
The bank at the end of the day, will get

0:09:08.240,0:09:09.040
a report

0:09:09.040,0:09:10.959
that says what are all the cards where

0:09:10.959,0:09:12.640
an incorrect pin was entered

0:09:12.640,0:09:15.519
or perhaps an incorrect pin was entered

0:09:15.519,0:09:16.240
more than

0:09:16.240,0:09:19.440
three times or we actually chewed up the

0:09:19.440,0:09:20.240
card.

0:09:20.240,0:09:22.000
So we want to check that the control is

0:09:22.000,0:09:23.839
operating effectively. We want to check

0:09:23.839,0:09:25.360
that the operation of the control is

0:09:25.360,0:09:27.120
working because remember,

0:09:27.120,0:09:31.839
we know that when the control

0:09:31.839,0:09:34.800
stops working,

0:09:34.880,0:09:38.320
what happens? My regular viewers will

0:09:38.320,0:09:40.800
know this. When the control stops working

0:09:40.800,0:09:44.240
then we have an increased risk

0:09:44.240,0:09:51.839
of errors and misstatements,

0:09:52.080,0:09:53.440
all right? And we definitely don't want

0:09:53.440,0:09:55.279
that. We don't want to have misstatements

0:09:55.279,0:09:55.680
going

0:09:55.680,0:09:59.040
into the financial records and

0:09:59.040,0:09:59.360
the

0:09:59.360,0:10:02.160
accounting of the firm. So to recap,

0:10:02.160,0:10:04.480
I'm going to scroll quickly back up.

0:10:04.480,0:10:06.880
Number one, identify the potential

0:10:06.880,0:10:08.079
misstatements.

0:10:08.079,0:10:10.000
Number two, decide whether you want to

0:10:10.000,0:10:11.680
prevent or detect.

0:10:11.680,0:10:15.600
Number three, design an effective

0:10:15.600,0:10:17.519
and efficient internal control, thinking

0:10:17.519,0:10:19.680
about the cost versus the benefit.

0:10:19.680,0:10:22.000
That cost could be the time it takes, the

0:10:22.000,0:10:22.880
dollars

0:10:22.880,0:10:25.040
to actually implement it, the effort it

0:10:25.040,0:10:26.160
might take.

0:10:26.160,0:10:28.079
Think about whether you want manual or

0:10:28.079,0:10:30.720
automated systems.

0:10:30.720,0:10:33.040
And then consider the monitoring. What

0:10:33.040,0:10:35.760
are we doing to monitor this control

0:10:35.760,0:10:37.519
to make sure that it's always working? Is

0:10:37.519,0:10:39.040
it if something goes wrong a system

0:10:39.040,0:10:40.560
flags with us.

0:10:40.560,0:10:44.240
So now let's look at a practical example.

0:10:44.240,0:10:46.320
So in my practical example, I'm going to

0:10:46.320,0:10:48.000
think about

0:10:48.000,0:10:51.120
a retail operation. And I'm using a

0:10:51.120,0:10:52.320
retail operation

0:10:52.320,0:10:55.040
because it's something that we can

0:10:55.040,0:10:56.800
imagine in our minds, we've all been

0:10:56.800,0:10:59.440
shopping to a store. Now I need to find

0:10:59.440,0:11:00.640
something, oh let's just, I have a

0:11:00.640,0:11:01.920
notebook here.

0:11:01.920,0:11:05.440
So a big thank you to Microsoft for

0:11:05.440,0:11:05.760


0:11:05.760,0:11:07.040
they sent me a notebook the other day.

0:11:07.040,0:11:08.959
I'm an MIE expert which is a Microsoft

0:11:08.959,0:11:09.920
Innovative

0:11:09.920,0:11:12.320
Educator expert and I got a little

0:11:12.320,0:11:13.920
goodie bag from them and it includes a notebook.

0:11:13.920,0:11:14.880
So say we're

0:11:14.880,0:11:17.920
a retail operation and we're selling

0:11:17.920,0:11:19.600
fancy notebooks. So let's say this is

0:11:19.600,0:11:21.200
like, you know, it's leather and it's

0:11:21.200,0:11:22.079
really fancy.

0:11:22.079,0:11:24.720
So what is the risk? So let's start with

0:11:24.720,0:11:26.399
step one.

0:11:26.399,0:11:30.079
The risk is going to be

0:11:30.079,0:11:33.200
theft of inventory,

0:11:34.079,0:11:35.519
all right? If people steal the inventory

0:11:35.519,0:11:36.800
they're not buying it and we're not

0:11:36.800,0:11:39.040
making revenue, so we've got our risk

0:11:39.040,0:11:42.560
of misstatement, is a theft of inventory.

0:11:42.560,0:11:44.959
And we might also have the, so let's talk

0:11:44.959,0:11:47.279
about the theft of inventory risk.

0:11:47.279,0:11:51.680
So then I have to think prevent

0:11:51.680,0:11:55.120
or detect so that's P or D. In this one, I

0:11:55.120,0:11:56.000
definitely want

0:11:56.000,0:11:59.040
to try and prevent theft, okay? I don't

0:11:59.040,0:12:00.320
want to detect the theft

0:12:00.320,0:12:01.760
after it's happened, I want to try and

0:12:01.760,0:12:04.160
prevent people from stealing

0:12:04.160,0:12:07.600
my item from my store, so prevent or

0:12:07.600,0:12:08.399
detect.

0:12:08.399,0:12:11.839
Now number three comes the actual part

0:12:11.839,0:12:12.320
of

0:12:12.320,0:12:15.200
designing the internal control. Well I

0:12:15.200,0:12:16.079
want something

0:12:16.079,0:12:18.399
that will stop people from stealing my

0:12:18.399,0:12:20.000
product. I got a couple of different

0:12:20.000,0:12:21.200
options

0:12:21.200,0:12:24.079
here. And it might be that I might need

0:12:24.079,0:12:26.639
to have multiple things in place.

0:12:26.639,0:12:30.800
I could have security cameras,

0:12:30.800,0:12:32.720
all right? But if i have security cameras

0:12:32.720,0:12:34.160
someone's going to need to be watching

0:12:34.160,0:12:36.560
them, so if i have security cameras

0:12:36.560,0:12:40.560
that could be a deterrent potentially.

0:12:40.560,0:12:46.079
I could also have RFID

0:12:46.079,0:12:48.720
stickers

0:12:49.360,0:12:53.519
on the inventory,

0:12:53.519,0:12:55.920
all right? So an RFID sticker or one of

0:12:55.920,0:12:57.760
those security tags, so

0:12:57.760,0:12:59.440
often it could be like a little sticker

0:12:59.440,0:13:01.040
that's placed on an individual item or

0:13:01.040,0:13:03.040
it could be a big removable tag. So if

0:13:03.040,0:13:04.399
you bought clothing

0:13:04.399,0:13:06.079
from a department store often those will

0:13:06.079,0:13:07.839
have like a big tag on it

0:13:07.839,0:13:10.000
that the sales checkout person will have

0:13:10.000,0:13:11.040
to remove. So

0:13:11.040,0:13:14.240
an RFID sticker or some sort of security

0:13:14.240,0:13:15.519
tag,

0:13:15.519,0:13:19.040
or security tag.

0:13:19.040,0:13:22.480
Now given that this is a book, like

0:13:22.480,0:13:24.079
a hole, I don't want to punch a hole in

0:13:24.079,0:13:25.839
my notebook for the tag,

0:13:25.839,0:13:27.920
so a little RFID sticker might be a good

0:13:27.920,0:13:30.079
idea and that's why a lot of stuff comes

0:13:30.079,0:13:33.920
shrink wrapped in plastic. That is

0:13:33.920,0:13:35.279
just so

0:13:35.279,0:13:37.040
that they can then stick the RFID

0:13:37.040,0:13:38.800
sticker on there and it's come a long

0:13:38.800,0:13:39.680
way.

0:13:39.680,0:13:41.360
The old days RFID stickers were really

0:13:41.360,0:13:43.440
expensive, now I'm seeing supermarkets

0:13:43.440,0:13:44.000
even,

0:13:44.000,0:13:45.920
use them on things like expensive meat

0:13:45.920,0:13:47.199
products. So

0:13:47.199,0:13:49.839
I've got my security cameras. I've got my

0:13:49.839,0:13:52.639
RFID stickers.

0:13:52.639,0:13:55.040
I'm going to have, with the RFID

0:13:55.040,0:13:55.839
sticker,

0:13:55.839,0:14:00.839
needed with that is going to be the RFID

0:14:00.839,0:14:03.839
detectors

0:14:04.240,0:14:07.600
at the store, woops

0:14:07.600,0:14:11.519
can't spell store, entry exit.

0:14:11.519,0:14:13.279
That is also why a lot of stores will

0:14:13.279,0:14:15.760
only have one entry exit point

0:14:15.760,0:14:18.320
so that they can put those big gates up

0:14:18.320,0:14:20.160
and often you will see those gates will

0:14:20.160,0:14:22.079
be covered in advertising and things so

0:14:22.079,0:14:23.600
you don't notice that it's there. So

0:14:23.600,0:14:24.240
you've got

0:14:24.240,0:14:27.360
your RFID, your stickers, etc.

0:14:27.360,0:14:32.560
The last thing that we might do is also

0:14:32.639,0:14:35.760
a store bag check,

0:14:36.720,0:14:38.320
all right? So that when you leave the

0:14:38.320,0:14:39.839
store they say look,

0:14:39.839,0:14:42.560
can you open your bag, you know bags

0:14:42.560,0:14:44.000
of a bigger size

0:14:44.000,0:14:47.120
to make sure that that's happening. So

0:14:47.120,0:14:50.639
that's an example here for the fact that

0:14:50.639,0:14:53.839
we've got our theft. Let's do another

0:14:53.839,0:14:56.240
example. My next example is still going

0:14:56.240,0:14:58.079
to go back to my notebooks,

0:14:58.079,0:15:01.920
but my risk is going to be

0:15:01.920,0:15:07.600
the risk of charging the customer

0:15:07.760,0:15:11.120
the wrong price, right? And that

0:15:11.120,0:15:13.839
is going to result, for us, in inaccurate

0:15:13.839,0:15:15.680
sales. So that's affecting our accuracy

0:15:15.680,0:15:16.959
assertion.

0:15:16.959,0:15:20.160
Now of course, in terms of prevention or

0:15:20.160,0:15:22.560
detection, I want to try and

0:15:22.560,0:15:26.160
prevent, okay? Then coming

0:15:26.160,0:15:29.360
into the control.

0:15:29.360,0:15:31.279
One thing that I could do and I can

0:15:31.279,0:15:33.120
remember the days where when you went to

0:15:33.120,0:15:34.320
the supermarket,

0:15:34.320,0:15:36.160
you didn't actually have barcodes. There

0:15:36.160,0:15:37.519
was a little sticker that somebody

0:15:37.519,0:15:39.279
manually added to the product and then

0:15:39.279,0:15:40.880
you typed it in

0:15:40.880,0:15:43.519
into the cash register. So we could use

0:15:43.519,0:15:46.399
barcode scanning,

0:15:46.399,0:15:50.160
barcodes on good

0:15:50.160,0:15:53.360
and scan

0:15:53.360,0:15:56.480
at the register,

0:15:56.480,0:15:59.360
okay? So that's going to be my control.

0:15:59.360,0:16:00.000
Now,

0:16:00.000,0:16:02.160
in terms of the control it's very cheap,

0:16:02.160,0:16:03.440
it's efficient, you have to have,

0:16:03.440,0:16:05.519
obviously, a cash register system,

0:16:05.519,0:16:07.600
but the one thing that we want to do

0:16:07.600,0:16:11.680
here in terms of the monitoring,

0:16:13.279,0:16:15.680
all right? Is that we might want to do

0:16:15.680,0:16:17.440
something like

0:16:17.440,0:16:22.800
check price overrides,

0:16:22.800,0:16:24.320
all right? So if somebody tries to

0:16:24.320,0:16:26.000
override the price,

0:16:26.000,0:16:27.839
there's a couple of different options,

0:16:27.839,0:16:29.360
you could have you need

0:16:29.360,0:16:31.600
manager, whoops that's meant to be an r,

0:16:31.600,0:16:33.279
manager

0:16:33.279,0:16:36.800
to approve any price overrides

0:16:36.800,0:16:39.279
or at the end of the day, you could have

0:16:39.279,0:16:42.720
a daily report

0:16:42.880,0:16:44.800
about those overrides. And that's really

0:16:44.800,0:16:46.079
common in retail stores where they'll

0:16:46.079,0:16:46.800
say okay,

0:16:46.800,0:16:48.959
give me the end of day report, oh

0:16:48.959,0:16:50.240
yeah this was overwritten because this

0:16:50.240,0:16:51.440
was damaged,

0:16:51.440,0:16:53.360
this person had an extra discount, this

0:16:53.360,0:16:55.279
was the manager's discretion,

0:16:55.279,0:16:57.040
so you want to monitor how many prices

0:16:57.040,0:16:58.720
were incorrect.

0:16:58.720,0:17:00.480
Often there's also a thing that says

0:17:00.480,0:17:01.839
oh look if the shelf says

0:17:01.839,0:17:04.640
five dollars, but your thing says ten

0:17:04.640,0:17:06.400
dollars you get whatever the shelf

0:17:06.400,0:17:08.400
price is, so that could be one of your

0:17:08.400,0:17:10.160
override codes.

0:17:10.160,0:17:12.720
Now I realized back here when I was

0:17:12.720,0:17:14.160
designing the controls for

0:17:14.160,0:17:17.520
the risk of theft. Then,

0:17:17.520,0:17:20.959
the store bag check

0:17:20.959,0:17:22.559
could be one of those monitoring

0:17:22.559,0:17:24.319
controls, so I realized I forgot there that I

0:17:24.319,0:17:26.000
forgot to talk about the monitoring,

0:17:26.000,0:17:30.480
but the store bag check could also

0:17:31.280,0:17:35.120
be part of that monitoring process.

0:17:35.120,0:17:38.400
I hope that that clarifies to everybody

0:17:38.400,0:17:42.559
how you can design an internal control

0:17:42.559,0:17:44.880
and remember to take it step by step.

0:17:44.880,0:17:46.480
Think about the risk,

0:17:46.480,0:17:48.799
do I want to prevent or detect, what are

0:17:48.799,0:17:50.799
the control activities that I could do,

0:17:50.799,0:17:53.440
automated or manual or with our systems

0:17:53.440,0:17:55.440
or a combination of both,

0:17:55.440,0:17:56.880
and then what am I going to put in place

0:17:56.880,0:17:59.520
to monitor to make sure that control

0:17:59.520,0:18:01.760
works properly. So I want to thank you

0:18:01.760,0:18:03.440
for watching this video. Of course, if you

0:18:03.440,0:18:05.679
haven't already considered subscribing.

0:18:05.679,0:18:07.919
For all of those internal auditors out

0:18:07.919,0:18:09.600
there, you might want to check out

0:18:09.600,0:18:11.360
auditopia. It's a new

0:18:11.360,0:18:13.440
internal audit community that I'm

0:18:13.440,0:18:14.640
involved with.

0:18:14.640,0:18:17.200
It has free resources that people are

0:18:17.200,0:18:17.840
sharing,

0:18:17.840,0:18:20.360
internal audit checklists, and

0:18:20.360,0:18:22.240
documentation.

0:18:22.240,0:18:24.880
And we've also got regular webinars to

0:18:24.880,0:18:25.919
help you become

0:18:25.919,0:18:28.080
a better internal auditor. I'm really

0:18:28.080,0:18:30.720
excited to be part of the auditopia team.

0:18:30.720,0:18:32.960
I'll be working with them to create some

0:18:32.960,0:18:34.640
content for some courses

0:18:34.640,0:18:36.880
that they're going to have. Big thank you,

0:18:36.880,0:18:38.799
I want everybody to stay safe,

0:18:38.799,0:18:40.960
stay well, I've checked myself on the

0:18:40.960,0:18:43.200
vaccination schedule, I'm hopefully

0:18:43.200,0:18:45.440
going to be vaccinated in September or

0:18:45.440,0:18:46.720
October of this year,

0:18:46.720,0:18:48.880
so I'm really excited about that. But,

0:18:48.880,0:18:51.360
stay safe, stay well wherever you are

0:18:51.360,0:18:57.840
and I'll see you next time.

0:18:57.930,0:19:12.060
[Music]

0:19:12.400,0:19:14.480