Date:September 23, 2008
Re:Internal Control Weaknesses Leave Alchemy Inc. Vulnerable to Errors, Fraud, and Abuse
Internal controls represent an organization’s processes and procedures used to meet its goals and objectives and serve as a defense in safeguarding assets and preventing and detecting errors, fraud, and abuse. Effective internal controls provide reasonable assurance that an organization’s objectives are achieved through (1) reliable financial reporting, (2) compliance with laws and regulations, and (3) effective and efficient operations. The passing of the Sarbanes-Oxley Act of 2002, as well as the numerous corporate frauds and bankruptcies over the past decade—including some from Fortune 500 companies such as Enron, WorldCom, and Tyco—reinforced the need for a strong system of internal controls, and significantly increased the awareness of management, investors, the Congress, and the public of the importance of a strong system of internal controls. Further, without effective internal controls, management, as well as investors, have little assurance that fraudulent, improper, and abusive actions are being prevented or, if occurring, are being promptly detected with appropriate corrective actions taken.
Assessing the internal control environment, as well as the design of the controls themselves, continues to be an integral step in our auditing process. Without taking the time to understand and assess a company’s controls, not only would the firm not be in compliance with generally accepted auditing standards and the Sarbanes-Oxley Act of 2002, but we would also be unable to provide the comprehensive and reliable audits that the firm’s clients have come to expect.
The purpose of this memo is to discuss the results of the audit team’s assessment of Alchemy Inc.’s internal controls—including identifying missing controls, control weaknesses, and opportunities for fraud—and to recommend improvements to address any weaknesses. In order to gain an understanding of Alchemy Inc.’s internal controls, our team obtained and reviewed corporate policies and guidance, as well as audits and reports conducted by the company’s internal audit department. We interviewed personnel across the organization regarding company policies, operations, and their specific job functions. These personnel included management, the internal audit department, and staff from the receiving, shipping, and operations departments. In addition, the team conducted a walk-through to observe the processes and controls in place across the company. During our analysis of Alchemy Inc., our audit team identified internal control weaknesses that leave Alchemy Inc. vulnerable to fraud, errors, and abuse. While the team found numerous control problems across the company, our memo describes only those control problems which the team believes to be the most significant. We organized these weaknesses into two separate categories: (1) executive management and internal audit department weaknesses, and (2) operations (control weaknesses found in the company’s receiving, processing, and shipping departments). Within these two categories, we classified the weaknesses by severity (material weaknesses, significant deficiencies, and control deficiencies) and provided what we believe to be cost effective recommendations for overcoming each of these weaknesses.
Executive Management and Internal Audit Department-
Current Control Environment, Oversight, and Monitoring Are Material Weaknesses
At the executive management and internal audit department levels, the team identified two internal control weaknesses, both of which represent material weaknesses. These two material weaknesses are (1) an ineffective control environment and (2) ineffective oversight and functioning of the internal audit department, including the department’s risk assessment and internal control monitoring responsibilities....