ABSTRACT

Title of Dissertation:

INTERNAL CONTROL AND FIRM PERFORMANCE

Houda Ramadan Graduation 2010

Dissertation Directed By: Professor/Doctor Department of Accounting University of Ajman

This dissertation investigates research question arising from the regulation of internal controls required by Sarbanes-Oxley Act of 2002 (SOX). The question asks whether better internal controls can enhance firm performance? To address this question, the relation between cost of sales and internal control is estimated by an investigation and documents studies in Best Paints & Chemical Industries Ajman, UAE. Firms with weak internal controls are identified as those that disclose material weaknesses in internal controls in periodic filings from August 2002 to June 2010, as required by SOX. The research and studies results based on companies with the disclosures of material weaknesses in internal control, shows that firms with weak internal controls have lower market-value.

INTERNAL CONTROL AND FIRM PERFORMANCE

By

Houda Ramadan

Dissertation submitted to the Faculty of the..

University of Ajman, in partial fulfillment of the requirements for the degree of Bachelor of Business Science, 2010

Dedication

Dedicated to my dearest Mom and Dad

Acknowledgments

This dissertation is a result of the guidance, support, and encouragement of my faculty, family, and friends. They provided much needed direction throughout this process. I am so grateful for their interest and inspiration in bringing this together. A special thanks to Professor/Doctor.. for his critical role as mentoring all my project. His knowledge and patience pushed me beyond my perceived abilities. Much of the dissertation research would have been impossible without their guidance, patience and encouragement. His honest critique and steady guidance have been essential ingredients in my completion of this dissertation. I hope that in my career I can connect with my students the way that Professor/Doctor does. Finance department of Ajman Holdings Group provided me constant support and essential information necessary to accomplish my dissertation. From our meeting since I entered the trainee program in month of July 2010 and straight on through, they have shown a sincere interest in my work and my graduation project. I would also like to thank my colleagues in the program for providing feedback on this dissertation and their incredible team spirit which made the process bearable. Thank you for your friendship and support. A special thanks to Mr. Ali Raza from Ajman Holdings Group (Best Paints & Chemical Industries) for his patient coaching. Special thanks to my mom, dad and sister whose love and support allow me to keep my eye on the prize and finish this race.

Declaration
I certify that except where due acknowledgement has been made, the work is done by the author alone; the work has not been submitted previously, in whole or in part, to qualify for the best information provided in this thesis by researcher; the content of the thesis is the result of work which has been carried out since the official commencement date of the approval of this topic selected for this work; and, any editorial work, paid or unpaid, carried out by the researcher itself.

Houda Ramadan 30 December, 2010

Table of Contents Page

Abstract Dedication Acknowledgement Declaration Table of Contents Chapter 1 1.1 Introduction & Definition 1.2 Motivation 1.3 Background 1.4 Objective and Significance of the Study 1.5 Research Problems and Questions 1.6 Scope and Limitations 1.7 Hypothesis of the Study Chapter 2 Literature Review Chapter 3 3.1 Hypothesis Development 3.2 Analysis and Interpretation of Data Chapter 4 4.1 Internal Controls and Procurement 4.2 Recommendations 1 3 4 5 6 7 7 9 10 15 16 17 18 19 19 24 24 26 29 29 35

Chapter 1
7

1.1- Introduction
In accounting and auditing, internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal control procedures reduce process variation, leading to more predictable outcomes. Internal control is a key element of the Foreign Corrupt Practices Act (FCPA) of 1977 and the SarbanesOxley Act of 2002, which required improvements in internal control in United States public corporations. Internal controls within business entities are also referred to as operational controls. Internal controls have existed from ancient times. In Hellenistic Egypt there was a dual administration, with one set of bureaucrats charged with collecting taxes and another with supervising them. In the Republic of China, the Control Yuan, one of the five branches of government, is an investigatory agency that monitors the other branches of government.

Definitions

There are many definitions of internal control, as it affects the various constituencies (stakeholders) of an organization in various ways and at different levels of aggregation. Under the COSO Internal Control-Integrated Framework, a widely-used framework in the United States, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations. COSO defines internal control as having five components:

1.

Control Environment - sets the tone for the organization, influencing

the control consciousness of its people. It is the foundation for all other components of internal control.

2.

Risk Assessment - the identification and analysis of relevant risks to

the achievement of objectives, forming a basis for how the risks should be managed

3.

Information and Communication - systems or processes that support

the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities

4. 5.

Control Activities - the policies and procedures that help ensure Monitoring - processes used to assess the quality of internal control

management directives are carried out. performance over time. The COSO definition relates to the aggregate control system of the organization, which is composed of many individual control procedures.

Discrete control procedures, or controls are defined by the SEC as: "...a specific set of policies, procedures, and activities designed to meet an objective. A control may exist within a designated function or activity in a process. A controls impact...may be entitywide or specific to an account balance, class of transactions or application. Controls have unique characteristics for example, they can be: automated or manual; reconciliations; segregation of duties; review and approval authorizations; safeguarding and accountability of assets; preventing or detecting error or fraud. Controls within a process may consist of financial reporting controls and operational controls (that is, those designed to achieve operational objectives)."

1.2- Motivation
9

The introduction of the Sarbanes-Oxley Act of 2002 (SOX), as a response to wellpublicized accounting scandals, requires all public companies to disclosed internal controls over financial reporting. Specifically, Section 404 of SOX requires management of public companies to issue an internal control report in which they take responsibility for maintaining adequate internal control, and make assertions concerning their effectiveness. The companys auditor must then issue a separate opinion on managements assertions and the adequacy of the internal controls. Moreover, Section 302 of SOX requires Chief Executive Officers (CEOs) and Chief Financial Officers (CFOs) to certify in the companys quarterly and annual reports that they have reviewed the report, that the internal control report contains no misrepresentations, that the financial information is fairly presented, that they have reported any internal control weaknesses (including fraud) to the audit committee, and, that they have reported any material changes in internal controls. SOXs regulation on internal control brings about many fundamental research questions, like the first one the disclosures of material weaknesses in internal controls as required by SOX provide the stock market with the information to identify firms having poor internal controls such as deficient revenue-recognition policies, lack of segregation of duties, deficiencies in the period-end reporting, and inappropriate account reconciliation (Ge and McVay, 2005). Therefore, by examining the impact of disclosures of weak internal controls on firm value, we are able to answer this fundamental question about the relation between internal controls and firm performance. Initially I reviewed the guidelines for Research and Analysis Project from different sources and university books; I choose these two topics (and decided to further select one out of them after further research) 1. The internal control activities within an organization and company performance. 2. The business and financial performance analysis of an organization over a three year period.

I listed down the main points regarding each of these topics, using my Graduation studies knowledge and textbooks. I also searched for knowledge using internet. Finally, I choose the first one i.e. The internal control activities and company performance considering the importance of internal control, SOX guidance & increasing regulatory requirement for internal control and my personal interest in the topic are some of the reasons to work on this topic.

1.3- Background
10

More generally, setting objectives, budgets, plans and other expectations establish criteria for control. Control itself exists to keep performance or a state of affairs within what is expected, allowed or accepted. Control built within a process is internal in nature. It takes place with a combination of interrelated components - such as social environment effecting behavior of employees, information necessary in control, and policies and procedures. Internal control structure is a plan determining how internal control consists of these elements. The concepts of corporate governance also heavily rely on the necessity of internal controls. Internal controls help ensure that processes operate as designed and that risk responses (risk treatments) in risk management are carried out. In addition, there needs to be in place circumstances ensuring that the aforementioned procedures will be performed as intended: right attitudes, integrity and competence, and monitoring by managers.

Roles and responsibilities in internal control

According to the COSO Framework, everyone in an organization has responsibility for internal control to some extent. Virtually all employees produce information used in the internal control system or take other actions needed to effect control. Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with the code of conduct, or other policy violations or illegal actions. Each major entity in corporate governance has a particular role to play: Management: The Chief Executive Officer (the top manager) of the organization has overall responsibility for designing and implementing effective internal control. More than any other individual, the chief executive sets the "tone at the top" that affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive fulfills this duty by providing leadership and direction to senior managers and reviewing the way they're controlling the business. Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and procedures to personnel responsible for the unit's functions. In a smaller entity, the influence of the chief executive, often an owner-manager, is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief executive of his or her sphere of responsibility. Of particular significance are financial officers and their staffs, whose control activities cut across, as well as up and down, the operating and other units of an enterprise. Board of Directors: Management is accountable to the board of directors, which provides governance, guidance and oversight. Effective board members are objective,

11

capable and inquisitive. They also have a knowledge of the entity's activities and environment, and commit the time necessary to fulfill their board responsibilities. Management may be in a position to override controls and ignore or stifle communications from subordinates, enabling a dishonest management which intentionally misrepresents results to cover its tracks. A strong, active board, particularly when coupled with effective upward communications channels and capable financial, legal and internal audit functions, is often best able to identify and correct such a problem.

Auditors: The internal auditors and external auditors of the organization also measure the effectiveness of internal control through their efforts. They assess whether the controls are properly designed, implemented and working effectively, and make recommendations on how to improve internal control. They may also review Information technology controls, which relate to the IT systems of the organization. There are laws and regulations on internal control related to financial reporting in a number of jurisdictions. In the U.S. these regulations are specifically established by Sections 404 and 302 of the Sarbanes-Oxley Act. Guidance on auditing these controls is specified in PCAOB Auditing Standard No. 5 and SEC guidance, further discussed in SOX 404 top-down risk assessment. To provide reasonable assurance that internal controls involved in the financial reporting process are effective, they are tested by the external auditor (the organization's public accountants), who are required to opine on the internal controls of the company and the reliability of its financial reporting.

Describing Internal Controls

Internal controls may be described in terms of: a) the objective they pertain to; and b) the nature of the control activity itself.

12

Objective categorization
Internal control activities are designed to provide reasonable assurance that particular objectives are achieved, or related progress understood. The specific target used to determine whether a control is operating effectively is called the control objective. Control objectives fall under several detailed categories; in financial auditing, they relate to particular financial statement assertions, but broader frameworks are helpful to also capture operational and compliance aspects:

1. 2. 3. 4. 5. 6.

Existence (Validity): Only valid or authorized transactions are Occurrence (Cutoff): Transactions occurred during the correct period Completeness: All transactions are processed that should be (i.e., no Valuation: Transactions are calculated using an appropriate Rights & Obligations: Assets represent the rights of the company, and Presentation & Disclosure (Classification): Components of financial

processed (i.e., no invalid transactions) or were processed timely. omissions) methodology or are computationally accurate. liabilities its obligations, as of a given date. statements (or other reporting) are properly classified (by type or account) and described.

7.

Reasonableness: Transactions or results appears reasonable relative

to other data or trends.

For example, a control observance received." This is a validity objective. A typical control procedure designed to achieve this objective is: "The accounts payable system compares the purchase order, receiving record, and vendor invoice prior to authorizing payment." Management is responsible for implementing appropriate controls that apply to transactions in their areas of responsibility. Internal auditors perform their audits to evaluate whether the controls are designed and implemented effectively to address the relevant objectives.

Activity categorization
Control activities may also be explained by the type or nature of activity. These include (but are not limited to):

13

Segregation of duties - separating authorization, custody, and record keeping Authorization of transactions - review of particular transactions by an Retention of records - maintaining documentation to substantiate Supervision or monitoring of operations - observation or review of ongoing Physical safeguards - usage of cameras, locks, physical barriers, etc. to Top-level reviews-analysis of actual results versus organizational goals or

roles of fraud or error by one person.

appropriate person.

transactions.

operational activity.

protect property, such as merchandise inventory.

plans, periodic and regular operational reviews, metrics, and other key performance indicators (KPIs).

IT Security - usage of passwords, access logs, etc. to ensure access Top level reviews-Management review of reports comparing actual Controls over information processing-A variety of control activities are used

restricted to authorized personnel.

performance versus plans, goals, and established objectives.

in information processing. Examples include edit checks of data entered, accounting for transactions in numerical sequences, comparing file totals with control accounts, and controlling access to data, files and programs.

Control precision
Control precision describes the alignment or correlation between a particular control procedure and a given control objective or risk. A control with direct impact on the achievement of an objective (or mitigation of a risk) is said to be more precise than

14

one with indirect impact on the objective or risk. Precision is distinct from sufficiency; that is, multiple controls with varying degrees of precision may be involved in achieving a control objective or mitigating a risk. Precision is an important factor in performing a SOX 404 top-down risk assessment. After identifying specific financial reporting material misstatement risks, management and the external auditors are required to identify and test controls that mitigate the risks. This involves making judgments regarding both precision and sufficiency of controls required to mitigate the risks. Risks and controls may be entity-level or assertion-level under the PCAOB guidance. Entity-level controls are identified to address entity-level risks. However, a combination of entity-level and assertion-level controls are typically identified to address assertionlevel risks. The PCAOB set forth a three-level hierarchy for considering the precision of entity-level controls. Later guidance by the PCAOB regarding small public firms provided several factors to consider in assessing precision.

Fraud and internal control

Internal control plays an important role in the prevention and detection of fraud. Under the Sarbanes-Oxley Act, companies are required to perform a fraud risk assessment and assess related controls. This typically involves identifying scenarios in which theft or loss could occur and determining if existing control procedures effectively manage the risk to an acceptable level. The risk that senior management might override important financial controls to manipulate financial reporting is also a key area of focus in fraud risk assessment. The AICPA, IIA, and ACFE also sponsored a guide published during 2008 that includes a framework for helping organizations manage their fraud risk.

Internal Controls and Improvement

15

If the internal control system is implemented only to prevent fraud and comply with laws and regulations, then an important opportunity is missed. The same internal controls can also be used to systematically improve businesses, particularly in regard to effectiveness and efficiency.

Continuous Controls Monitoring

Advances in technology and data analysis have led to the development of numerous tools which can automatically evaluate the effectiveness of internal controls. Used in conjunction with continuous auditing, continuous controls monitoring provides assurance on financial information flowing through the business processes.

1.4- Objective and Significance of the Study

The objective of the study to examine the over all control environment in Best Paints & Chemical Industries and particularly in purchase and inventory areas to assess the systems and related affects on the cost of sales and profits of the company to conclude my hypothesis. Following are few objectives:

Ascertain whether effective internal control improve purchasing and inventory management and help to reduce cost and improve profitability - To summarize the findings and recommendations to improve the existing system and contribute in the future learning and research - To study and identify the internal control system of purchases and inventory in Best Paints & Chemical Industries - To determine whether established purchasing policies and procedures exist - To determine whether adequate segregation of duties associated with the purchasing function exists - To determine whether the purchase of material and other goods is adequately controlled - To determine whether purchases are approved by responsible persons and the approvals are documented

16

The importance of this study arises from the gains that could be achieved by companies as a result of the evaluation of the internal control systems and the rate of its adequacy to the companies conditions and the possibility of their development to maintain their resources. Study highlighted the crucial role of internal control in company performance few are:

1. Effective Internal control leads to the realization of the companies goals 2. The presence of effective and independent internal audit system leads to the proper application of the internal control system regulation 3. Periodical audit of the policies and procedures of internal control leads to the tackling of negativities and support positive 4. The corporate governance leads to the precedence of economic performance and helps the continuity of companies

1.5- Research Problems and Questions

The research problem is represented in the fact that internal control is one of the main pillars of accounting control systems, in public and private sectors institutions. However, all objectives would be achieved by following the internal control system. The research aims to identify the extent of efficiency and effectiveness of internal control in the development of performance in the Administration of Best Paints and highlighting the role of internal control in improving performance in the administration and can improve the profitability. Most important research questions are: Is it true that internal control has a tangible role in the increase of productivity and realization of profitability? Can a good internal control system leads to perform business promptly and minimizes efforts? Can an effective internal control system leads to develop financial performance? Can an effective internal control system leads to control levying and expenditure?

17

1.6- Scope and Limitations

Internal control can provide reasonable, not absolute, assurance that the objectives of an organization will be met. The concept of reasonable assurance implies a high degree of assurance, constrained by the costs and benefits of establishing incremental control procedures. Effective internal control implies the organization generates reliable financial reporting and substantially complies with the laws and regulations that apply to it. However, whether an organization achieves operational and strategic objectives may depend on factors outside the enterprise, such as competition or technological innovation. These factors are outside the scope of internal control; therefore, effective internal control provides only timely information or feedback on progress towards the achievement of operational and strategic objectives, but cannot guarantee their achievement.

Scope of this study was limited because of non availability of information from companies and most of the research performed based on articles and internet search.

18

1.7- Hypothesis of the Study

After reviewing of different reports and search through different sources shows a disclosure of a material weakness in internal control as required by SOX for stock exchanges companies might reduce firm value. I worked with Best Paints & Chemical Industries an establishment not required to report anything regarding SOX or internal control, I performed most of my analysis and research on purchase and inventory areas in Best Paints therefore, I hypothesize the material weaknesses of internal controls will be negatively associated with the firm COST OF SALES causing financial losses.

Hypothesis: The material weaknesses of internal controls will be negatively associated with the firm financial profits.

19

Chapter 2 Literature Review

1. Introduction and Overview
When companies suddenly collapse, the often-resounding question is, what went wrong? A breakdown in the internal control system is the usual cause. Internal control is a process that guides an organization towards achieving its objectives. These objectives include operational efficiency and effectiveness, reliability of financial reporting, and compliance with relevant laws and regulations (COSO 1992). Absence of these variables often results in organizational failure. The findings of the Tread way Commission Report of 1987 in the United States (USA) confirmed absence of, or weak, internal controls as the primary cause of many cases of fraudulent company financial reporting. The widespread global corporate accounting scandals that assumes near epidemic proportions in recent years inform this study. Notable cases include Enron and WorldCom in the USA, Parma at in Europe, and ChuoAoyama in Asia. In South Africa, cases of accounting scandals have been recorded in JCI and Randgold and Exploration companies. In Nigeria, the Managing Director and Chief Financial Officer of Cadbury Nigeria plc were dismissed in 2006 for inflating the profits of the company for some years before the companys foreign partner acquired controlling interest. These scandals emphasize the need to evaluate, scrutinize, and formulate systems of checks and balances to guide corporate executives in decision-making. These executives are legally and morally obliged to produce honest, reliable, accurate and informative corporate financial reports periodically.

Conceptual Framework Most of the literature on internal control frameworks includes information and communication as one of the internal control components. Smooth flow of information and communication across and within the organization is influenced by the nature of the working relationship within the organization at all levels. The working relationship coordinates organizations activities to achieve goal congruence. When effective working relationship exists in an organization, delegation of responsibilities is achieved. Then internal control functions as intended. However, when a communication gap exists for any reason, sub-optimization results with adverse consequences.

20

Some internal control frameworks place unnecessary emphasis on detailed explanation of the different components of the system and methods for their design. They ignore details on how each of the components can be measured to assess their effectiveness. This causes a dilemma. For example, where two managers use different methods to measure the same subject and arrive at different conclusions. A challenge arises in ascertaining who is right or wrong. When a common benchmark for evaluation of measured results is missing, knowing the right approach becomes difficult. Other internal control frameworks ignore where one or more components are missing within a given structure, but are compensated for with other controls in other components. For example, in small companies segregation of duties is not possible, but is compensated by managements involvement in the day-to-day supervision, verification and review of records and processes, to ensure controls function effectively. Under the situation, all components of an effective internal control system may not be present but the system could still function effectively. The challenge is ascertainment of the effectiveness of the system. When such management styles extend to large organizations unscrupulous managers of these organizations can manipulate the organizations to meet their personal goals. After addressing the above limitations, internal control is a process of integrated sets of activities originated by top personnel of an organization and embedded within all the organizations activities to achieve goals. This comprises two sets of variables: dependent and independent. At the forefront of the independent variables is the influence of authority that ensures the independent variables function to generate the outcome of the dependent variable. Figure 1 shows the conceptual framework components of dependent and independent variables. The effectiveness of internal control is the dependent variable. This is achieved by the presence and proper functioning of all the predefined independent variables in relation to each category of the organizations objectives. Proper functioning of independent variables provides reasonable assurance of proper functioning of dependent variable. Then the organization realizes preset objectives of efficient and effective operations, generation of accurate, reliable and informative financial reports that comply with relevant legal and regulatory requirements. The objectives are overlapping. This means efficient and effective operations produces accurate, reliable and informative financial reports that comply with applicable laws and regulations.

21

Figure 1: Conceptual framework of internal control

Control Environment
Au th or ity

Risk assessment

Invigorates Independent Variables

Control Activities

Effectiveness of internal Control

1 2 3

Information & Communication

Dependent Variable

Objectives

Monitoring

I Technology

Independent Variables

Working Relationships

Objectives of the Organization are achieved When interferences on the Variables caused by working Relationships are taken into Consideration

22

Source: Researchers Design The objectives, depicting overlapping interrelationships are numbered 1, 2 and 3 in Figure 1 (1) include efficiency and effectiveness of operations (2) accuracy and reliability of informative financial reporting and (3) compliance with applicable laws, regulations, policies and procedures. The independent variables determine the effectiveness of an internal control system. The presence and proper functioning of all the components of the independent variables ensures effectiveness of internal control system. This achieves each category of objectives 1, 2 and 3 in Figure 1. The independent variables comprise major and minor components. Individual minor components jointly feed into and form a specific major independent variable. The measurement of minor independent variables locates any weaknesses existing in the major independent variables. The major independent variables include: Control environment Risk assessment Control activities Information and communication Monitoring Information Technology The minor independent variables include: Authorization and approval procedures Human resource policies and practices Assignment of authority and responsibility Ineligible expenditure Accountability obligations Segregation of duties Controls over access to resources Presence of internal auditors Verification Reconciliation Review of operating performance Supervision A direct relationship exists between the outcomes of the dependent and the independent variables. All the independent variables are relevant to each category of objectives. Internal control processes (minor independent variables) affects the effectiveness of internal control systems, which is subject to the organizations determined objectives. All the independent variables are interdependent but each has an impact on the effectiveness of internal control systems. Different approaches to the evaluation of effectiveness of internal controls are available. The study uses the model in Figure 1. In this regard, controls evaluation is a step toward achieving the studys objectives once the research questions are answered. The research questions are formulated to identify the existence or otherwise of each variable of internal control.

23

Research on internal controls is a relatively new but a rapidly growing area in the accounting literature. The majority of the studies involving internal controls are focused on investigating the characteristics of firms that disclose material weaknesses in internal control. For example, Ge and McVay (2005) found that companies with material weaknesses are more complex, smaller, and less profitable than firms that do not disclose material weaknesses. Doyle et al. (2007b) confirmed Ge and McVays results and also show that firms disclosing material weaknesses are younger, growing rapidly, or undergoing restructuring. Similarly, Ashbaugh et al. (2006) document that firms reporting internal control weaknesses have more complex operations, have experienced recent changes in organizational structure, are at increased exposure to accounting risks, and have fewer resources to invest in internal control. Furthermore, Doyle et al. (2005) indicated that firms with material weaknesses have a lower earnings quality than those that do not report material weaknesses.

Additionally, Hammersley et al. (2007) showed a negative market reaction to firms that had reported material weaknesses in internal control per the requirement of SOX Section 302. Using a sample of 102 firms that had reported internal control weaknesses without other material news spanning the event window, De Franco et al. (2005) investigated whether the market reaction to the internal control weaknesses varied by investor size. Their findings revealed a negative market reaction during the three-day window relative to the disclosure of material weaknesses. Beneish et al. (2006) investigated whether the effect of material weaknesses on the cost of capital and on stock prices is associated with audit quality. They found a negative return during a three-day window during which material weaknesses were disclosed and also discovered that, when audit quality was lower, the cost of capital and returns were more negative for firms with material weaknesses. However, Ashbough-Skaife et al. (2006) and Bryan and Lilien (2005) did
not find a negative market reaction to the disclosures of material weaknesses.

Instead of focusing on the market response as in the literature, this study investigates whether week internal controls results in increase of cost of sales and reduce profits.

Chapter 3
24

3.1- Hypothesis Development and Importance of Internal Control

Ohlson (1995) sets out a valuation model in which current market-value is related to current accounting numbers via investors use of these numbers to inform expectations of future accounting data, through an equation. A disclosure of a material weakness in internal control might reduce firm value due to any one or a combination of the three reasons. First, weak internal control might increase a firms cost of capital, While Ohlson (1995) uses a risk free discounting rate to exclude the impact of information uncertainty on a firms cost of capital, Easley and OHara (2004) have shown that increased information uncertainty can result in an increase in a firms cost of capital. Ashbaugh et al (2006) and Beneish et al (2005) have shown that weaknesses in internal control are related to higher information uncertainty and thus higher firms cost of equity capital. Higher cost of capital will increase the discount rate, decrease the present value of the expected future abnormal earnings, and accordingly decrease the market-value. Second, internal control deficiencies reduce a risk-averse stockholders expected value of future earnings. Third, internal control deficiencies may reduce the effectiveness and efficiency of business operation. Cushing (1974) mathematically shows that internal controls facilitate effective operation by enhancing the reliability of the system, which increases the firms profit. Demski (1969) analyzes the informational role of controls in providing managements operation decisions with feed forward and feedback information. Deficiencies in internal control reduce the effectiveness and efficiency of business operations, which may lower stockholders expectation of future earnings.

Based on the above analysis, weak internal controls might reduce a firms marketvalue by increasing the firms cost of capital, decreasing the precision of accounting information, and impairing the effectiveness and efficiency of business operations. As such, disclosures of internal control weaknesses might cause investors to reevaluate their assessment of the quality of managements oversight over the financial reporting process, leading to revisions in expectations about the firms future profitability or to revisions in perceptions of firm risk (Hammerley et al., 2007). I, therefore, hypothesize the material weaknesses of internal controls will be negatively associated with the firm value, efficiency and ultimately profits. The broader objectives of internal controls are not limited to the reliability of financial reporting as required by SOX alone. A number of key internal control frameworks, such as COSOs Integrated Internal Control Framework (1992) and Turnbulls

25

Guidance on Internal Control (1999), have been developed prior to the high-profile accounting scandals at the turn of the century. COSO (1992) defined internal control as follows:

a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations. Reliability of financial reporting. Compliance with applicable laws and regulations. Turnbull (1999), notwithstanding viewing internal control as a system, defines internal control the same as COSO (1992) to achieve three objectives in operations, reporting, and compliance. COSO (1992) and Turnbull (1999) both took a broader approach to internal control than SOX, in terms of scope, objectives, and approach. They focused on all controls covering the companys entire range of activities and operations, not just those directly related to financial reporting, and adopted a risk-based approach to internal control (IFAC, 2006). Although SOXs focus on internal controls over financial reporting is under the consideration of a cost-effective solution of reinforcing compliance and accountability in response to accounting scandals, all enterprise-wide risks, not just the risks existing in reporting systems, affect the reliability of financial reporting (Lin and We, 2006). Therefore, to comply with SOXs requirement on internal control over financial reporting, companies will have to disclose weaknesses in internal controls covering the objectives of reporting, operations and compliance in COSO (1992) and Turnbull (1999)

26

3.2- Analysis and Interpretation

Best Paints & Chemical company located in new industrial area in Ajman, mainly based on fine paints products, like industrial paints, marine paints, thinners and they also have a variety primers paints products. Company stages of started its operations and in 2007 and going on a successive

research

development

along

with

product

innovation.

In order to protect assets, security, integrity, and improve the quality of accounting Information to ensure that the relevant laws and regulations and unit management principles and policies to implement to avoid or reduce risks, improve operational efficiency of management, operation and management to achieve unit objectives to develop and implemented a series of measures of internal controls and procedures. Internal controls help to reduce the possibility of errors and fraud, protect corporate assets safe; are conducive to reducing the occurrence of violations; help to reduce business failure, the probability of financial failure; will help improve the competitiveness of enterprises, encourage enterprises to obtain greater Economic benefits; a conducive business management activities of solid progress toward the established goals to ensure the enterprise development strategies and work plan is successfully completed.

I worked in accounting departments on two years data on purchases and inventory and I identified areas with effective controls and without effective controls. I compared two years data to measure my results and give a numerical figure to support or reject my hypothesis.

Due to confidentiality of information and reluctance of management to provide me all details was not possible, hence I tried my best to conclude my research I came up with following results,

27

Purchase systems managed very badly totally flawed Purchase system

Poorly managed as material purchased without setting any order, reorder and economic order level

Effective comparison of prices and quality for different suppliers was done but Ordering and purchasing material at suboptimal level leading to high product cost Lack of proper reporting regarding the best option to purchase material at optimum level Procurement staff is not working in line with target and values assigned to them or there is no such target. Expensive and suboptimal purchases reducing our profit margins Inventory kept at sub optimal level and no order level or optimal level sets No record maintain for slow moving items and obsolete items

No reporting requirement set for production cost, items produced and batch processing Purchases system running on ad hoc basis and no proper controls on requisitions, quotations and ordering These all above mentioned points and many more leads to financial losses like Purchases at sub optimal level leads to high cost Order can be placed with unapproved supplier will cause high cost, quality, delivery and support issues Insufficient record of stock and purchases results in obsolete stock and expired material used in production resulted bad quality, bad reputation and loss of future orders Lack of accountability in many areas leads to employees inefficiency and chances of mistakes and frauds Inappropriate reporting system leads to non availability of information regarding material prices, product cost and resulted in heavy losses as products sold at gross loss Lack of control environment and absence of effective controls resulted heavy losses in the factory as mentioned below. The company have some check and balance in the start of operations in 2007 and further in 2008 but in 2009 its cleared that controls weaken day by day resulted in losses

28

In 2008 just after two years of operations company generated a 12% Gross Profit but in 2009 company incurred a 10% GROSS LOSS. Gross loss because Many Products

not covering their cost

It is very clear from all my work and after examining all documents I concluded that in 2007 and 2008 company managed some good controls and accountability in purchase system that generated positive results but with passage of time these controls obsolete as higher management not aware with corporate governance and controls procedures. In 2008 the associated cost with purchases, production process and inventory management was less as compared to 2009 but it should be reversed as company streamlined its operations and purchase system with passage of time. But Best Paints & Chemical Industries failed to achieve its targets.

I concluded with my findings that the hypothesis is true that The material weaknesses of internal controls will be negatively associated with the firm financial profits

29

Chapter 4
4.1- Internal Controls and procurement Overview of the purchasing process
A purchase transaction usually begins with a purchase requisition being generated by a department or support function . the purchasing department prepares a purchase order for the purchase of good or service from a vendor. When the goods are received or the service have been rendered, the entity records a liability to the vendor . finally , the entity pays the vendor .

Purchasing Objectives
1. Procure the necessary quality and quantity of goods and/or services in an efficient, timely and cost effective manner, while maintaining the controls necessary for a corporation. 2. Encourage an open competitive bidding process practicable for the acquisition of goods and/or services and equitable treatment of all vendors. 3. Ensure the maximum value of an acquisition is obtained by determining the total cost of performing the intended function over the lifetime of the task. This may include, but not be limited to, acquisition cost, installation, disposal value, disposal cost, training cost, maintenance cost, quality of performance and environmental impact. 4. Procure goods and/or services with due regard to the preservation of the natural environment and to encourage the use of environmentally friendly products and services.

Types of transaction and financial statement accounts affected

Three type of transaction are processed through the purchase process:

Purchase of good and service for cash or credit Payment of the liabilities arising from such purchases Return of good to suppliers for cash or credit

Type of documents and records Purchase requisition

This documents requests goods or services for an authorized individual or department within the entity. Examples of such requests include and order force supplies from an office supervisor and an order for newspaper advertising space from a marketing manager.

30

Purchase order
This document include the description quality and quantity of, and other information on, the goods and services being purchased. The purchase order also indicate who approved the acquisition and represents the authorization to purchase the goods and services . the purchase order may be mailed , faxed , sent via PC\Internet , or placed pay telephone with the supplier or vendor .

Receiving report
This documents record the receipt of goods. Normally, the receiving report is a copy of the purchase order with the quantities omitted. this control activity encourages receiving department personnel to make an adequate , independent count of the goods received . Receiving department personnel record the date , description, quantity, and other information on this document . in some instances , the quality of the goods is determined by receiving department personnel . in other cases , an inspection department determine wither the goods meet the required specification s . the receiving reports is important because receiving goods is generally the event that leads to recognition of the liability by the entity .

Vendor invoice
This document is the bill from the vendor . the vendor invoice include the description and quantity of the goods shipped or service provided, the price including freight , the terms of trade including cash discounts, and the date billed. Increasingly, vendor invoices are transferred electronically between by Email or as part of an EDT system , highly integrated EDI systems between buyer and supplier may be' invoiceless ' .

Voucher
This document is frequently used by entities to control program for acquired goods and service . this document serves as the basis for recording a vendor's invoice in the voucher register or purchase journal.

Voucher register\purchase journal

A voucher register is used to record the vouchers for good and service . the voucher register contains numerous columns for recording the account classification for the goods or services, including a column for recording credits to accounts payable, and columns for recording debits to asset account s such as inventory and expenses account such as repairs and maintenance . the voucher register also contains columns for miscellaneous debit and credits . some entities used purchase journal instead of a voucher register . with a purchase journal , either voucher or vendor's invoices may be used to record the liability. The major difference between a voucher register and a purchase journal is in the way individual vouchers or vendor invoices are summarized.

Account payable subsidiary ledger

When a purchase journal is utilized , this subsidiary ledger records the transactions with , and the balance owned to, a vendors. When a voucher register system is used, the subsidiary ledger is a listing of the unpaid vouchers. The total in the subsidiary ledger should equal the balance in the general ledger accounts payable accounts.

31

Vendor statement
This statement is sent monthly by the vendors to indicate the beginning balance , current period purchase and payments and the ending balance . the vendor's statement represents the purchase activity recorded in the vendor's records . it may differ from the client's records because of errors or more often, timing differences due to delays in shipping goods or recording cash receipts. The client verifies the accuracy of its record by comparing vendor statements with the accounts payable records.

Bank Giros and Cheques

Goods and service are increasingly paid for through electronic transfer of funds . a remittance advice received from the vendor such as bank giro with the necessary identify data for the transaction may be used to initiate the electronic transfer. Under electronic transaction between the client and their bank , the client's bank prepares the transaction on the vendor's advice and the transaction is executed at the consent of the client . cheques signed by an authorized individual are also being used to pay for goods or services, and cheques are still popular for paying vendors in some countries.

Cash disbursements journal

This journal records disbursement , either made electronically or by cheque. The cash disbursements journal contains columns for recording credits to cash and debits to accounts payable and cash discounts. Columns may also record miscellaneous debits and credits. Payment record disbursements journal are also recorded in the voucher register or in the accounts payable subsidiary ledger, depending on which system is used by the entity.

The major functions of purchasing process

The principle objectives of the purchasing process are acquiring good and services at the lowest cost consistent with quality and service requirement and effectively using cash resources to pay for those goods and services .

Requisitioning Purchasing Receiving Invoice processing Disbursements Account payable General ledger

32

Segregation of Duties
Segregation of duties in purchasing is an internal control, either facilitated by the finance system or through a risk managed process, to ensure that no one officer has so much control over a procurement activity that mistakes could go undetected or that the officer could be placed in a situation where they could be tempted by an inappropriate activity. The emphasis is the segregation of functional responsibilities and to create a system of checks and balances, so that a duty performed by one officer would be checked by another officer in the ordinary course of work.

Key Segregation of Duties in the Purchasing Process i) Purchasing function should be segregated from requisition and receiving functions
Possible error: fictitious or unauthorized purchases may be made resulting in theft of goods and payment for unauthorized purchases

ii) Invoice Processing should be segregated from the AP function

Possible error: Purchase transactions can be processed at the wrong price/term or payments made for items not received- so overpayment of goods and theft of cash

iii) Disbursement function should be segregated from the AP function

Possible error: unauthorized cheques supported by fictitious documents may be issued and unauthorized transactions recorded

iv) AP function should be segregated from the GL function

Possible error: concealment of defalcation which would be detected during the reconciliation of the subsidiary ledger to the GL control account.

Storing goods received for stock

On delivery of the goods to stores or another requisitioning department , receiving clerks should obtain a signed receipt on the copy of the goods received note retained by the receiving department .

Checking and approving the supplier's invoice

For good and services supplied on credit, the supplier is usually instructed by the purchase order to send the invoice directly to the entity's accounting department . prior to being recorded , suppliers' invoices are checked and approved .

33

Unpaid suppliers' invoices and supporting documentation are held in a file in the accounts department pending their subsequent payment . Properly approved supplier's invoices provide the basis for recording purchase transaction .

Recording the liability

In manual systems, the approved suppliers invoices are initially entered in the purchase journal, the monthly totals of which are posted to the purchase ledger control account in the general ledger . the approved supplier's invoices are sent daily to the account department for recording in the purchase ledger . an accounting supervisor should perform an independent check of the engagement of the total of the invoices recorded by accounting personnel with the daily prelist . In addition , monthly statement received from supplier should be reconciled with the recorded supplier balance .

Materiality of controls
The auditor need to understand the client's monitoring process over the purchasing process . it also involves understanding how supervisory within the process review the personnel who perform the controls and evaluation the performance of the entity's IT system . The auditor can document the purchasing process using procedure manuals , narrative description , internal control questionnaire and flowcharts .

Inherent and control risks

In assessing inherent risk of purchasing ASSERTION . the auditor should consider pervasive factors that motivate management to misstate expenditure . the might include : Pressure to understate expenses in order to report, falsely, the achievement of announced profitability target or industry norms. Pressure to understate creditors in order to report a higher level of working capital in the face of liquidity problem or going-concern doubts.

These factor may affect the completeness assertion and reduce acceptable detection risk , other factors that might contribute to misstatements include : The high volume of transaction; Temptations of employee to make unauthorized purchase relating to the existence or occurrence assertions ; Contentious accounting issues the treatment of repairs and maintenance cost or the classification of a lease an operation or finance lease .

In most well established entities, management's own risk assessment procedures will have led it to adopt control procedure to reduce risk of misstatement occurring in the processing and recording of transaction . however , the existence and effectiveness of controls pertaining to different transaction class assertion for purchases .moreover the auditor must remain mindful of the inherent limitation of internal control ,and failure to adapt the control structure for changed circumstances .

34

Major steps in setting control risk for the purchasing process :

Control Objectives
Purchase orders are placed only with authorized suppliers Purchase orders are properly approved Purchase orders are sent to a centralized location so that they can be obtained on the best possible terms Goods received are checked against the relevant purchase order and inspected for quality before they are accepted Purchase invoices and credit notes are marked in some manner to indicate that they have been previously recorded by the accounting system All approved records are updated All payments for credit purchases and cash purchases are properly controlled No unauthorized debit entries to the accounts payable account Amounts due to the suppliers are accurately determined, promptly recorded and classified Payments are made by the appropriate personnel for authorized liabilities and expenses which in turn should be promptly & accurately recorded Segregation of duties between:

o o o o o

Initiating purchase orders Recording receipt of invoices and credit notes Receiving goods Inventory accounts Accounts payable

35

o Cash payments o Banking duties

Management supervision and review exists at all stages comparing budgets and actual

4.2- Recommendations
Further to summary and conclusion of my research I am able to recommend following to improve internal control system which can help to improve the overall control environment and achieve company objectives. Controls must be strengthened and policy should be tighten

Assign purchase staff clear target and values. If any deviation is unavoidable, prior approval should be sought from higher management Ask Purchase staff to arrange presentations and briefings on timely basis to update about these issues. Make reporting requirements for purchase staff more strict Request for immediate review in line with overall group policies and updated market trends. Investigate on urgent basis, introduce change management, competent staff and new controls Attach relevant staff benefits to achievement of their targets. Investigate past irregularities Effective performance evaluation against targets required to achieve maximum efficiency

Nominate officers only responsible for procurement of material Set out officers duty in authorized delegation lists Financial Regulations should be in place requiring competitive quotations There should be an authorized signatory list in place Procedures notes regarding all areas of the process disseminate to all staff

Used contract suppliers wherever possible and also vetted for potential suppliers Automate the purchasing process by implementing a software allowed to keep comprehensive record of quotations, orders, suppliers and inventory level

Requisitions/order sets should be secured and control their use. Order sets only issued to nominated managers Maintain a database with incentives schemes offered by wholesalers/agencies TO save company money Access to ordering and receiving functions should be restricted and put more tighter controls on ordering and receiving functions separated from invoice processing and General Ledger functions

36

37