WEBVTT

00:00:00.240 --> 00:00:03.120
What's up audit fans. I'm back and today

00:00:03.120 --> 00:00:04.560
we're looking at designing

00:00:04.560 --> 00:00:06.640
internal controls. A big thank you to

00:00:06.640 --> 00:00:08.400
Charlene who wrote to me

00:00:08.400 --> 00:00:10.480
through facebook and said, "Oh look I'd

00:00:10.480 --> 00:00:11.599
really love something

00:00:11.599 --> 00:00:14.559
about how to design internal controls".

00:00:14.559 --> 00:00:16.000
This isn't something that the auditor

00:00:16.000 --> 00:00:16.960
would normally

00:00:16.960 --> 00:00:19.039
do because when we design internal

00:00:19.039 --> 00:00:20.640
controls for our client we

00:00:20.640 --> 00:00:23.119
actually create a self-review

00:00:23.119 --> 00:00:24.560
independence threat.

00:00:24.560 --> 00:00:26.720
But if you're an internal auditor or

00:00:26.720 --> 00:00:28.720
you're providing some recommendations

00:00:28.720 --> 00:00:30.240
or if you're studying and it's quite a

00:00:30.240 --> 00:00:32.320
common question to be asked

00:00:32.320 --> 00:00:34.719
what sort of internal controls should be

00:00:34.719 --> 00:00:35.600
used

00:00:35.600 --> 00:00:38.079
to minimize a particular risk, today I'm

00:00:38.079 --> 00:00:40.000
going to address it with a four-step

00:00:40.000 --> 00:00:40.800
process.

00:00:40.800 --> 00:00:45.840
Let's get into it.

00:00:46.220 --> 00:00:52.069
[Music]

00:00:54.480 --> 00:00:56.559
Hi and welcome to AmandaLovesToAudit.

00:00:56.559 --> 00:00:58.320
My name is Amanda, I do love

00:00:58.320 --> 00:01:01.520
audit, and I'm really excited to be

00:01:01.520 --> 00:01:04.159
here back again on my YouTube channel.

00:01:04.159 --> 00:01:05.199
We're just starting our

00:01:05.199 --> 00:01:07.119
university semester here in Australia so

00:01:07.119 --> 00:01:08.960
it's full steam ahead for me,

00:01:08.960 --> 00:01:10.720
really, really busy. But I wanted to give

00:01:10.720 --> 00:01:12.000
a shout out to

00:01:12.000 --> 00:01:15.200
all of my returning viewers from places

00:01:15.200 --> 00:01:15.759
like

00:01:15.759 --> 00:01:18.320
Canada, Indonesia, Namibia, Nigeria, South

00:01:18.320 --> 00:01:19.360
Africa, USA,

00:01:19.360 --> 00:01:22.479
Germany, Uganda, did I say Uganda twice?

00:01:22.479 --> 00:01:22.880
No.

00:01:22.880 --> 00:01:25.759
Ghana. It's really amazing. Somebody in

00:01:25.759 --> 00:01:28.000
the comments asked if I'm Malaysian

00:01:28.000 --> 00:01:30.560
and I'm not. So my parents are both from

00:01:30.560 --> 00:01:31.439
China

00:01:31.439 --> 00:01:34.560
in the Guangzhou region of China. I

00:01:34.560 --> 00:01:37.439
don't speak any Chinese. So my parents

00:01:37.439 --> 00:01:38.799
came here, my mom came here when she was

00:01:38.799 --> 00:01:39.680
five years old,

00:01:39.680 --> 00:01:43.119
my dad came in his teenage years.

00:01:43.119 --> 00:01:46.399
And when my mom was growing up, she

00:01:46.399 --> 00:01:48.560
went to kindergarten not knowing any

00:01:48.560 --> 00:01:49.520
English,

00:01:49.520 --> 00:01:51.759
so when she talked with an accent she

00:01:51.759 --> 00:01:54.000
received a lot of bullying,

00:01:54.000 --> 00:01:55.759
even then you know a lot of racism

00:01:55.759 --> 00:01:57.280
against Asians. So

00:01:57.280 --> 00:02:00.079
when she had kids, and we were the only

00:02:00.079 --> 00:02:01.840
Asian kids in our school,

00:02:01.840 --> 00:02:04.159
she said I want you to sound Aussie. I

00:02:04.159 --> 00:02:05.920
want you to be able to blend in so that

00:02:05.920 --> 00:02:08.560
if you can sound like everybody else,

00:02:08.560 --> 00:02:11.440
then hopefully you won't experience the

00:02:11.440 --> 00:02:12.080
same

00:02:12.080 --> 00:02:15.280
levels of racism and discrimination

00:02:15.280 --> 00:02:18.239
that she experienced as a child growing

00:02:18.239 --> 00:02:19.040
up.

00:02:19.040 --> 00:02:21.760
And so when I was, I think three or four

00:02:21.760 --> 00:02:22.080
years

00:02:22.080 --> 00:02:25.520
old, my mother said to my grandmother,

00:02:25.520 --> 00:02:27.280
who she looked after us a lot. She

00:02:27.280 --> 00:02:29.120
said look that's it, we're not speaking

00:02:29.120 --> 00:02:30.480
any Chinese anymore,

00:02:30.480 --> 00:02:33.519
English only. So I really only know

00:02:33.519 --> 00:02:34.640
enough

00:02:34.640 --> 00:02:37.599
Cantonese to get by at Yum Cha. I know

00:02:37.599 --> 00:02:38.560
that I want to eat

00:02:38.560 --> 00:02:42.319
ha gao, cha siu bao,

00:02:42.319 --> 00:02:45.519
pai gwat, dan tats. I know that I don't want

00:02:45.519 --> 00:02:47.360
to eat the fung jao which is

00:02:47.360 --> 00:02:50.239
the chicken foot, but really that's the

00:02:50.239 --> 00:02:51.360
extent of

00:02:51.360 --> 00:02:54.160
my Chinese language skills, so that's

00:02:54.160 --> 00:02:55.280
enough about me.

00:02:55.280 --> 00:02:59.280
I've been a tiny bit busy recently,

00:02:59.280 --> 00:03:02.239
I've just won the national teaching

00:03:02.239 --> 00:03:03.360
excellence award

00:03:03.360 --> 00:03:05.840
for the business, economics law and

00:03:05.840 --> 00:03:06.560
related

00:03:06.560 --> 00:03:09.120
category. I'll have a video more on that

00:03:09.120 --> 00:03:10.560
a little bit later because I'm doing a

00:03:10.560 --> 00:03:11.680
big speech,

00:03:11.680 --> 00:03:13.120
a whole lot of other things, so I was

00:03:13.120 --> 00:03:15.040
really excited to

00:03:15.040 --> 00:03:18.080
receive that. And all of you out there in

00:03:18.080 --> 00:03:19.920
YouTube land were a really big part of

00:03:19.920 --> 00:03:21.040
that as well, so

00:03:21.040 --> 00:03:23.040
I did a survey a little while ago asking

00:03:23.040 --> 00:03:24.560
about whether you thought the resources

00:03:24.560 --> 00:03:26.319
were high quality

00:03:26.319 --> 00:03:28.159
and some feedback and a lot of those

00:03:28.159 --> 00:03:29.920
quotes and a lot of those

00:03:29.920 --> 00:03:31.760
pieces of information made it into my

00:03:31.760 --> 00:03:33.599
application so thank you

00:03:33.599 --> 00:03:36.239
so much to everybody that's out there

00:03:36.239 --> 00:03:38.000
that filled in that survey.

00:03:38.000 --> 00:03:41.200
For everyone who's new, welcome! I love

00:03:41.200 --> 00:03:41.760
audit,

00:03:41.760 --> 00:03:43.920
and you'll hear that, you'll see that in

00:03:43.920 --> 00:03:45.840
everything that we do. So I'm just going

00:03:45.840 --> 00:03:48.640
to switch camera positions a little bit

00:03:48.640 --> 00:03:50.959
so that then I can have my writing

00:03:50.959 --> 00:03:53.519
coming up here so just hang on.

00:03:53.519 --> 00:03:55.680
So today we're getting into how do I

00:03:55.680 --> 00:03:57.599
design an internal control? It's a really

00:03:57.599 --> 00:03:58.720
common exam

00:03:58.720 --> 00:04:00.959
question just to see that you can do the

00:04:00.959 --> 00:04:02.159
other perspective.

00:04:02.159 --> 00:04:03.519
And if you're studying management

00:04:03.519 --> 00:04:05.920
accounting, how to design an internal

00:04:05.920 --> 00:04:07.519
control can be really important because

00:04:07.519 --> 00:04:09.200
management accounting is about,

00:04:09.200 --> 00:04:10.640
number one doing accounting from within

00:04:10.640 --> 00:04:12.400
the firm, but also

00:04:12.400 --> 00:04:14.959
designing the management systems that

00:04:14.959 --> 00:04:15.599
make sure that

00:04:15.599 --> 00:04:18.880
everyone in the organization is working

00:04:18.880 --> 00:04:22.880
together, moving in the same direction.

00:04:22.880 --> 00:04:24.960
There are going to be four steps in our

00:04:24.960 --> 00:04:27.280
process. So step number one

00:04:27.280 --> 00:04:32.479
is going to be about identifying

00:04:32.479 --> 00:04:35.919
the potential misstatement.

00:04:37.360 --> 00:04:41.040
Now the reason that we need to do this

00:04:41.040 --> 00:04:47.199
is that remember a control is a response

00:04:47.440 --> 00:04:49.600
to a risk. So essentially we have to

00:04:49.600 --> 00:04:51.520
identify the risk. What is the potential

00:04:51.520 --> 00:04:52.639
misstatement,

00:04:52.639 --> 00:04:55.759
the potential error that could occur? So

00:04:55.759 --> 00:04:56.160
that's

00:04:56.160 --> 00:05:00.560
step number one. Then step number two,

00:05:00.560 --> 00:05:01.840
And I'm going to just move that up a

00:05:01.840 --> 00:05:03.680
little bit, is

00:05:03.680 --> 00:05:06.240
we have to ask ourselves the question, do

00:05:06.240 --> 00:05:07.199
we want to

00:05:07.199 --> 00:05:11.280
prevent the issue from happening or

00:05:11.280 --> 00:05:14.479
are we trying to detect an error

00:05:14.479 --> 00:05:17.600
afterwards? So in a lot of circumstances

00:05:17.600 --> 00:05:20.560
where it's a control around a process,

00:05:20.560 --> 00:05:22.080
I want to try and prevent, right?

00:05:22.080 --> 00:05:24.000
Prevention is always better than a cure.

00:05:24.000 --> 00:05:24.960
So you have to think am I going to

00:05:24.960 --> 00:05:25.919
prevent

00:05:25.919 --> 00:05:28.880
or do I want to detect. Now detecting is

00:05:28.880 --> 00:05:29.759
about

00:05:29.759 --> 00:05:31.199
picking up that there's a mistake

00:05:31.199 --> 00:05:34.320
perhaps after a process has happened.

00:05:34.320 --> 00:05:36.240
So you have a manufacturing process,

00:05:36.240 --> 00:05:39.039
you're making a good and then

00:05:39.039 --> 00:05:41.600
there is quality control. So you know you

00:05:41.600 --> 00:05:42.880
have everything in the process, the

00:05:42.880 --> 00:05:44.479
machines doing the right things, checking

00:05:44.479 --> 00:05:45.840
their parts.

00:05:45.840 --> 00:05:48.639
And the quality control at the end is to

00:05:48.639 --> 00:05:49.440
make sure

00:05:49.440 --> 00:05:51.919
that you detect any issues before they

00:05:51.919 --> 00:05:53.680
go out, you know the product goes out to

00:05:53.680 --> 00:05:55.360
the customer. So you have to think

00:05:55.360 --> 00:05:57.120
do I want to try and prevent or do I

00:05:57.120 --> 00:05:58.400
want to try and detect.

00:05:58.400 --> 00:06:00.080
Now I'm going to do this with a live

00:06:00.080 --> 00:06:01.759
example as well after, so I'm just going

00:06:01.759 --> 00:06:03.440
to go through the theory first.

00:06:03.440 --> 00:06:06.400
So part one, identify the potential

00:06:06.400 --> 00:06:08.639
misstatement, so what is the risk?

00:06:08.639 --> 00:06:12.160
Part two, am I thinking about preventing

00:06:12.160 --> 00:06:13.919
or detecting?

00:06:13.919 --> 00:06:19.520
Then, you actually need to design

00:06:19.600 --> 00:06:24.240
an effective

00:06:25.039 --> 00:06:28.080
and efficient

00:06:30.960 --> 00:06:33.840
internal control. Now what do I mean by

00:06:33.840 --> 00:06:34.479
effective?

00:06:34.479 --> 00:06:36.560
Effective, I mean, that it has to work. It

00:06:36.560 --> 00:06:38.160
has to prevent

00:06:38.160 --> 00:06:41.199
the error that you've got. And when I say

00:06:41.199 --> 00:06:42.240
efficient,

00:06:42.240 --> 00:06:44.800
I mean that efficient is it's not going

00:06:44.800 --> 00:06:46.479
to cost us too much resources

00:06:46.479 --> 00:06:48.560
because remember when it comes to

00:06:48.560 --> 00:06:50.080
internal controls

00:06:50.080 --> 00:06:52.720
you have to think about the cost versus

00:06:52.720 --> 00:06:54.319
the benefit.

00:06:54.319 --> 00:06:56.720
So, in a supermarket, to make sure that

00:06:56.720 --> 00:06:57.599
people don't

00:06:57.599 --> 00:07:00.560
steal from a supermarket, I could make

00:07:00.560 --> 00:07:02.400
every single person have to go through

00:07:02.400 --> 00:07:03.199
an airport

00:07:03.199 --> 00:07:05.280
x-ray screening type of thing when they

00:07:05.280 --> 00:07:06.639
leave the store.

00:07:06.639 --> 00:07:09.919
That would be very, very beneficial,

00:07:09.919 --> 00:07:13.199
however, it would cost a lot in terms of

00:07:13.199 --> 00:07:13.759
time

00:07:13.759 --> 00:07:18.240
for my customers, effort

00:07:18.240 --> 00:07:21.680
to get it done, and also

00:07:21.680 --> 00:07:24.960
it would be really expensive, okay?

00:07:24.960 --> 00:07:28.160
So I need to balance the benefit

00:07:28.160 --> 00:07:29.840
of preventing or detecting a

00:07:29.840 --> 00:07:31.840
misstatement with the cost.

00:07:31.840 --> 00:07:32.880
So you got to think about that in

00:07:32.880 --> 00:07:35.120
your design. Now

00:07:35.120 --> 00:07:36.960
also, when you're thinking about the

00:07:36.960 --> 00:07:39.759
design, you have to consider whether you

00:07:39.759 --> 00:07:40.800
want

00:07:40.800 --> 00:07:44.080
a manual control, so somebody physically

00:07:44.080 --> 00:07:47.759
doing something, versus some sort of

00:07:47.759 --> 00:07:50.800
automated or

00:07:50.800 --> 00:07:54.639
IT or systems

00:07:55.919 --> 00:07:58.400
based solution, okay? Because if you do

00:07:58.400 --> 00:07:59.199
have

00:07:59.199 --> 00:08:00.720
something that needs a manual control,

00:08:00.720 --> 00:08:02.800
remember humans can make mistakes.

00:08:02.800 --> 00:08:04.639
With an automated system you've got to

00:08:04.639 --> 00:08:06.319
be really careful because

00:08:06.319 --> 00:08:07.840
if you don't program the system

00:08:07.840 --> 00:08:09.840
correctly, it can still make a mistake so

00:08:09.840 --> 00:08:11.199
if you don't program it correctly it

00:08:11.199 --> 00:08:12.000
could still

00:08:12.000 --> 00:08:15.039
go wrong. So our

00:08:15.039 --> 00:08:18.240
fourth thing that we want to think about

00:08:18.240 --> 00:08:21.120
is monitoring,

00:08:22.080 --> 00:08:24.479
all right? Are we doing something to

00:08:24.479 --> 00:08:25.599
check the control?

00:08:25.599 --> 00:08:28.240
Essentially we need to make sure that we

00:08:28.240 --> 00:08:29.199
are

00:08:29.199 --> 00:08:32.240
checking the

00:08:32.240 --> 00:08:35.039
operation

00:08:36.479 --> 00:08:40.640
of the control.

00:08:40.640 --> 00:08:43.039
Okay, a really great example of that

00:08:43.039 --> 00:08:44.800
monitoring aspect

00:08:44.800 --> 00:08:48.080
is if we have a bank and you go with

00:08:48.080 --> 00:08:50.160
your card,

00:08:50.160 --> 00:08:54.160
and I have one in my pocket actually,

00:08:54.160 --> 00:08:57.680
so here's my card for my bank account.

00:08:57.680 --> 00:09:00.640
I go to the ATM, I put it in, I get the

00:09:00.640 --> 00:09:01.440
pin wrong.

00:09:01.440 --> 00:09:03.839
Oh okay, that's the wrong pin. I remember

00:09:03.839 --> 00:09:05.440
the right pin, I put it in.

00:09:05.440 --> 00:09:08.240
The bank at the end of the day, will get

00:09:08.240 --> 00:09:09.040
a report

00:09:09.040 --> 00:09:10.959
that says what are all the cards where

00:09:10.959 --> 00:09:12.640
an incorrect pin was entered

00:09:12.640 --> 00:09:15.519
or perhaps an incorrect pin was entered

00:09:15.519 --> 00:09:16.240
more than

00:09:16.240 --> 00:09:19.440
three times or we actually chewed up the

00:09:19.440 --> 00:09:20.240
card.

00:09:20.240 --> 00:09:22.000
So we want to check that the control is

00:09:22.000 --> 00:09:23.839
operating effectively. We want to check

00:09:23.839 --> 00:09:25.360
that the operation of the control is

00:09:25.360 --> 00:09:27.120
working because remember,

00:09:27.120 --> 00:09:31.839
we know that when the control

00:09:31.839 --> 00:09:34.800
stops working,

00:09:34.880 --> 00:09:38.320
what happens? My regular viewers will

00:09:38.320 --> 00:09:40.800
know this. When the control stops working

00:09:40.800 --> 00:09:44.240
then we have an increased risk

00:09:44.240 --> 00:09:51.839
of errors and misstatements,

00:09:52.080 --> 00:09:53.440
all right? And we definitely don't want

00:09:53.440 --> 00:09:55.279
that. We don't want to have misstatements

00:09:55.279 --> 00:09:55.680
going

00:09:55.680 --> 00:09:59.040
into the financial records and

00:09:59.040 --> 00:09:59.360
the

00:09:59.360 --> 00:10:02.160
accounting of the firm. So to recap,

00:10:02.160 --> 00:10:04.480
I'm going to scroll quickly back up.

00:10:04.480 --> 00:10:06.880
Number one, identify the potential

00:10:06.880 --> 00:10:08.079
misstatements.

00:10:08.079 --> 00:10:10.000
Number two, decide whether you want to

00:10:10.000 --> 00:10:11.680
prevent or detect.

00:10:11.680 --> 00:10:15.600
Number three, design an effective

00:10:15.600 --> 00:10:17.519
and efficient internal control, thinking

00:10:17.519 --> 00:10:19.680
about the cost versus the benefit.

00:10:19.680 --> 00:10:22.000
That cost could be the time it takes, the

00:10:22.000 --> 00:10:22.880
dollars

00:10:22.880 --> 00:10:25.040
to actually implement it, the effort it

00:10:25.040 --> 00:10:26.160
might take.

00:10:26.160 --> 00:10:28.079
Think about whether you want manual or

00:10:28.079 --> 00:10:30.720
automated systems.

00:10:30.720 --> 00:10:33.040
And then consider the monitoring. What

00:10:33.040 --> 00:10:35.760
are we doing to monitor this control

00:10:35.760 --> 00:10:37.519
to make sure that it's always working? Is

00:10:37.519 --> 00:10:39.040
it if something goes wrong a system

00:10:39.040 --> 00:10:40.560
flags with us.

00:10:40.560 --> 00:10:44.240
So now let's look at a practical example.

00:10:44.240 --> 00:10:46.320
So in my practical example, I'm going to

00:10:46.320 --> 00:10:48.000
think about

00:10:48.000 --> 00:10:51.120
a retail operation. And I'm using a

00:10:51.120 --> 00:10:52.320
retail operation

00:10:52.320 --> 00:10:55.040
because it's something that we can

00:10:55.040 --> 00:10:56.800
imagine in our minds, we've all been

00:10:56.800 --> 00:10:59.440
shopping to a store. Now I need to find

00:10:59.440 --> 00:11:00.640
something, oh let's just, I have a

00:11:00.640 --> 00:11:01.920
notebook here.

00:11:01.920 --> 00:11:05.440
So a big thank you to Microsoft for

00:11:05.440 --> 00:11:05.760


00:11:05.760 --> 00:11:07.040
they sent me a notebook the other day.

00:11:07.040 --> 00:11:08.959
I'm an MIE expert which is a Microsoft

00:11:08.959 --> 00:11:09.920
Innovative

00:11:09.920 --> 00:11:12.320
Educator expert and I got a little

00:11:12.320 --> 00:11:13.920
goodie bag from them and it includes a notebook.

00:11:13.920 --> 00:11:14.880
So say we're

00:11:14.880 --> 00:11:17.920
a retail operation and we're selling

00:11:17.920 --> 00:11:19.600
fancy notebooks. So let's say this is

00:11:19.600 --> 00:11:21.200
like, you know, it's leather and it's

00:11:21.200 --> 00:11:22.079
really fancy.

00:11:22.079 --> 00:11:24.720
So what is the risk? So let's start with

00:11:24.720 --> 00:11:26.399
step one.

00:11:26.399 --> 00:11:30.079
The risk is going to be

00:11:30.079 --> 00:11:33.200
theft of inventory,

00:11:34.079 --> 00:11:35.519
all right? If people steal the inventory

00:11:35.519 --> 00:11:36.800
they're not buying it and we're not

00:11:36.800 --> 00:11:39.040
making revenue, so we've got our risk

00:11:39.040 --> 00:11:42.560
of misstatement, is a theft of inventory.

00:11:42.560 --> 00:11:44.959
And we might also have the, so let's talk

00:11:44.959 --> 00:11:47.279
about the theft of inventory risk.

00:11:47.279 --> 00:11:51.680
So then I have to think prevent

00:11:51.680 --> 00:11:55.120
or detect so that's P or D. In this one, I

00:11:55.120 --> 00:11:56.000
definitely want

00:11:56.000 --> 00:11:59.040
to try and prevent theft, okay? I don't

00:11:59.040 --> 00:12:00.320
want to detect the theft

00:12:00.320 --> 00:12:01.760
after it's happened, I want to try and

00:12:01.760 --> 00:12:04.160
prevent people from stealing

00:12:04.160 --> 00:12:07.600
my item from my store, so prevent or

00:12:07.600 --> 00:12:08.399
detect.

00:12:08.399 --> 00:12:11.839
Now number three comes the actual part

00:12:11.839 --> 00:12:12.320
of

00:12:12.320 --> 00:12:15.200
designing the internal control. Well I

00:12:15.200 --> 00:12:16.079
want something

00:12:16.079 --> 00:12:18.399
that will stop people from stealing my

00:12:18.399 --> 00:12:20.000
product. I got a couple of different

00:12:20.000 --> 00:12:21.200
options

00:12:21.200 --> 00:12:24.079
here. And it might be that I might need

00:12:24.079 --> 00:12:26.639
to have multiple things in place.

00:12:26.639 --> 00:12:30.800
I could have security cameras,

00:12:30.800 --> 00:12:32.720
all right? But if i have security cameras

00:12:32.720 --> 00:12:34.160
someone's going to need to be watching

00:12:34.160 --> 00:12:36.560
them, so if i have security cameras

00:12:36.560 --> 00:12:40.560
that could be a deterrent potentially.

00:12:40.560 --> 00:12:46.079
I could also have RFID

00:12:46.079 --> 00:12:48.720
stickers

00:12:49.360 --> 00:12:53.519
on the inventory,

00:12:53.519 --> 00:12:55.920
all right? So an RFID sticker or one of

00:12:55.920 --> 00:12:57.760
those security tags, so

00:12:57.760 --> 00:12:59.440
often it could be like a little sticker

00:12:59.440 --> 00:13:01.040
that's placed on an individual item or

00:13:01.040 --> 00:13:03.040
it could be a big removable tag. So if

00:13:03.040 --> 00:13:04.399
you bought clothing

00:13:04.399 --> 00:13:06.079
from a department store often those will

00:13:06.079 --> 00:13:07.839
have like a big tag on it

00:13:07.839 --> 00:13:10.000
that the sales checkout person will have

00:13:10.000 --> 00:13:11.040
to remove. So

00:13:11.040 --> 00:13:14.240
an RFID sticker or some sort of security

00:13:14.240 --> 00:13:15.519
tag,

00:13:15.519 --> 00:13:19.040
or security tag.

00:13:19.040 --> 00:13:22.480
Now given that this is a book, like

00:13:22.480 --> 00:13:24.079
a hole, I don't want to punch a hole in

00:13:24.079 --> 00:13:25.839
my notebook for the tag,

00:13:25.839 --> 00:13:27.920
so a little RFID sticker might be a good

00:13:27.920 --> 00:13:30.079
idea and that's why a lot of stuff comes

00:13:30.079 --> 00:13:33.920
shrink wrapped in plastic. That is

00:13:33.920 --> 00:13:35.279
just so

00:13:35.279 --> 00:13:37.040
that they can then stick the RFID

00:13:37.040 --> 00:13:38.800
sticker on there and it's come a long

00:13:38.800 --> 00:13:39.680
way.

00:13:39.680 --> 00:13:41.360
The old days RFID stickers were really

00:13:41.360 --> 00:13:43.440
expensive, now I'm seeing supermarkets

00:13:43.440 --> 00:13:44.000
even,

00:13:44.000 --> 00:13:45.920
use them on things like expensive meat

00:13:45.920 --> 00:13:47.199
products. So

NOTE Paragraph

00:13:47.199 --> 00:13:49.839
I've got my security cameras. I've got my

00:13:49.839 --> 00:13:52.639
RFID stickers.

00:13:52.639 --> 00:13:55.040
I'm going to have, with the RFID

00:13:55.040 --> 00:13:55.839
sticker,

00:13:55.839 --> 00:14:00.839
needed with that is going to be the RFID

00:14:00.839 --> 00:14:03.839
detectors

00:14:04.240 --> 00:14:07.600
at the store, woops

00:14:07.600 --> 00:14:11.519
can't spell store, entry exit.

00:14:11.519 --> 00:14:13.279
That is also why a lot of stores will

00:14:13.279 --> 00:14:15.760
only have one entry exit point

00:14:15.760 --> 00:14:18.320
so that they can put those big gates up

00:14:18.320 --> 00:14:20.160
and often you will see those gates will

00:14:20.160 --> 00:14:22.079
be covered in advertising and things so

00:14:22.079 --> 00:14:23.600
you don't notice that it's there. So

00:14:23.600 --> 00:14:24.240
you've got

00:14:24.240 --> 00:14:27.360
your RFID, your stickers, etc.

00:14:27.360 --> 00:14:32.560
The last thing that we might do is also

00:14:32.639 --> 00:14:35.760
a store bag check,

00:14:36.720 --> 00:14:38.320
all right? So that when you leave the

00:14:38.320 --> 00:14:39.839
store they say look,

00:14:39.839 --> 00:14:42.560
can you open your bag, you know bags

00:14:42.560 --> 00:14:44.000
of a bigger size

00:14:44.000 --> 00:14:47.120
to make sure that that's happening. So

00:14:47.120 --> 00:14:50.639
that's an example here for the fact that

00:14:50.639 --> 00:14:53.839
we've got our theft. Let's do another

00:14:53.839 --> 00:14:56.240
example. My next example is still going

00:14:56.240 --> 00:14:58.079
to go back to my notebooks,

00:14:58.079 --> 00:15:01.920
but my risk is going to be

00:15:01.920 --> 00:15:07.600
the risk of charging the customer

00:15:07.760 --> 00:15:11.120
the wrong price, right? And that

00:15:11.120 --> 00:15:13.839
is going to result, for us, in inaccurate

00:15:13.839 --> 00:15:15.680
sales. So that's affecting our accuracy

00:15:15.680 --> 00:15:16.959
assertion.

00:15:16.959 --> 00:15:20.160
Now of course, in terms of prevention or

00:15:20.160 --> 00:15:22.560
detection, I want to try and

00:15:22.560 --> 00:15:26.160
prevent, okay? Then coming

00:15:26.160 --> 00:15:29.360
into the control.

00:15:29.360 --> 00:15:31.279
One thing that I could do and I can

00:15:31.279 --> 00:15:33.120
remember the days where when you went to

00:15:33.120 --> 00:15:34.320
the supermarket,

00:15:34.320 --> 00:15:36.160
you didn't actually have barcodes. There

00:15:36.160 --> 00:15:37.519
was a little sticker that somebody

00:15:37.519 --> 00:15:39.279
manually added to the product and then

00:15:39.279 --> 00:15:40.880
you typed it in

00:15:40.880 --> 00:15:43.519
into the cash register. So we could use

00:15:43.519 --> 00:15:46.399
barcode scanning,

00:15:46.399 --> 00:15:50.160
barcodes on good

00:15:50.160 --> 00:15:53.360
and scan

00:15:53.360 --> 00:15:56.480
at the register,

00:15:56.480 --> 00:15:59.360
okay? So that's going to be my control.

00:15:59.360 --> 00:16:00.000
Now,

00:16:00.000 --> 00:16:02.160
in terms of the control it's very cheap,

00:16:02.160 --> 00:16:03.440
it's efficient, you have to have,

00:16:03.440 --> 00:16:05.519
obviously, a cash register system,

00:16:05.519 --> 00:16:07.600
but the one thing that we want to do

00:16:07.600 --> 00:16:11.680
here in terms of the monitoring,

00:16:13.279 --> 00:16:15.680
all right? Is that we might want to do

00:16:15.680 --> 00:16:17.440
something like

00:16:17.440 --> 00:16:22.800
check price overrides,

00:16:22.800 --> 00:16:24.320
all right? So if somebody tries to

00:16:24.320 --> 00:16:26.000
override the price,

00:16:26.000 --> 00:16:27.839
there's a couple of different options,

00:16:27.839 --> 00:16:29.360
you could have you need

00:16:29.360 --> 00:16:31.600
manager, whoops that's meant to be an r,

00:16:31.600 --> 00:16:33.279
manager

00:16:33.279 --> 00:16:36.800
to approve any price overrides

00:16:36.800 --> 00:16:39.279
or at the end of the day, you could have

00:16:39.279 --> 00:16:42.720
a daily report

00:16:42.880 --> 00:16:44.800
about those overrides. And that's really

00:16:44.800 --> 00:16:46.079
common in retail stores where they'll

00:16:46.079 --> 00:16:46.800
say okay,

00:16:46.800 --> 00:16:48.959
give me the end of day report, oh

00:16:48.959 --> 00:16:50.240
yeah this was overwritten because this

00:16:50.240 --> 00:16:51.440
was damaged,

00:16:51.440 --> 00:16:53.360
this person had an extra discount, this

00:16:53.360 --> 00:16:55.279
was the manager's discretion,

00:16:55.279 --> 00:16:57.040
so you want to monitor how many prices

00:16:57.040 --> 00:16:58.720
were incorrect.

00:16:58.720 --> 00:17:00.480
Often there's also a thing that says

00:17:00.480 --> 00:17:01.839
oh look if the shelf says

00:17:01.839 --> 00:17:04.640
five dollars, but your thing says ten

00:17:04.640 --> 00:17:06.400
dollars you get whatever the shelf

00:17:06.400 --> 00:17:08.400
price is, so that could be one of your

00:17:08.400 --> 00:17:10.160
override codes.

00:17:10.160 --> 00:17:12.720
Now I realized back here when I was

00:17:12.720 --> 00:17:14.160
designing the controls for

00:17:14.160 --> 00:17:17.520
the risk of theft. Then,

00:17:17.520 --> 00:17:20.959
the store bag check

00:17:20.959 --> 00:17:22.559
could be one of those monitoring

00:17:22.559 --> 00:17:24.319
controls, so I realized I forgot there that I

00:17:24.319 --> 00:17:26.000
forgot to talk about the monitoring,

00:17:26.000 --> 00:17:30.480
but the store bag check could also

00:17:31.280 --> 00:17:35.120
be part of that monitoring process.

00:17:35.120 --> 00:17:38.400
I hope that that clarifies to everybody

00:17:38.400 --> 00:17:42.559
how you can design an internal control

00:17:42.559 --> 00:17:44.880
and remember to take it step by step.

00:17:44.880 --> 00:17:46.480
Think about the risk,

00:17:46.480 --> 00:17:48.799
do I want to prevent or detect, what are

00:17:48.799 --> 00:17:50.799
the control activities that I could do,

00:17:50.799 --> 00:17:53.440
automated or manual or with our systems

00:17:53.440 --> 00:17:55.440
or a combination of both,

00:17:55.440 --> 00:17:56.880
and then what am I going to put in place

00:17:56.880 --> 00:17:59.520
to monitor to make sure that control

00:17:59.520 --> 00:18:01.760
works properly. So I want to thank you

00:18:01.760 --> 00:18:03.440
for watching this video. Of course, if you

00:18:03.440 --> 00:18:05.679
haven't already considered subscribing.

00:18:05.679 --> 00:18:07.919
For all of those internal auditors out

00:18:07.919 --> 00:18:09.600
there, you might want to check out

00:18:09.600 --> 00:18:11.360
auditopia. It's a new

00:18:11.360 --> 00:18:13.440
internal audit community that I'm

00:18:13.440 --> 00:18:14.640
involved with.

00:18:14.640 --> 00:18:17.200
It has free resources that people are

00:18:17.200 --> 00:18:17.840
sharing,

00:18:17.840 --> 00:18:20.360
internal audit checklists, and

00:18:20.360 --> 00:18:22.240
documentation.

00:18:22.240 --> 00:18:24.880
And we've also got regular webinars to

00:18:24.880 --> 00:18:25.919
help you become

00:18:25.919 --> 00:18:28.080
a better internal auditor. I'm really

00:18:28.080 --> 00:18:30.720
excited to be part of the auditopia team.

00:18:30.720 --> 00:18:32.960
I'll be working with them to create some

00:18:32.960 --> 00:18:34.640
content for some courses

00:18:34.640 --> 00:18:36.880
that they're going to have. Big thank you,

00:18:36.880 --> 00:18:38.799
I want everybody to stay safe,

00:18:38.799 --> 00:18:40.960
stay well, I've checked myself on the

00:18:40.960 --> 00:18:43.200
vaccination schedule, I'm hopefully

00:18:43.200 --> 00:18:45.440
going to be vaccinated in September or

00:18:45.440 --> 00:18:46.720
October of this year,

00:18:46.720 --> 00:18:48.880
so I'm really excited about that. But,

00:18:48.880 --> 00:18:51.360
stay safe, stay well wherever you are

00:18:51.360 --> 00:18:57.840
and I'll see you next time.

00:18:57.930 --> 00:19:12.060
[Music]

00:19:12.400 --> 00:19:14.480