The Regal Marine Case Study Example | Topics and Well Written Essays - 500 words

The Regal Marine - Case Study Example According to the research findings, it can, therefore, be said that the strengths of the firm are that it concentrates on innovation which can attract high-class customers. The concentration on quality service can keep customer loyalty and brand identity. The connection with a large number of a supplier is an advantage which can avail them of products at a cheaper price. This can also increase their profitability. All these factors make the strategy perfect for brand positioning. They can target a middle-class customer by making the cheaper boat and look out for the wide range of customers. They can also opt for materials which are cheaper and take less production and design time. The firm has chosen the differentiation strategy which provides unique service different from their competitors. They want to provide value for what the customer is paying for and the quality expected is the best. The firm is placed in Orlando, Florida which is the United States. The country has the high ma rket for the service provided by the company. The United States is the richest country has the high concentration of wealthy people. Also, the country is a tourist destination which gives many opportunities for the luxury boat service. The firm provides luxury boats to its customers. People always look for quality service and products when it comes to leisure and tourism. So it is a high priority among customer who looks for a luxurious experience.

Reading Log 8 Assignment Example | Topics and Well Written Essays - 250 words

Reading Log 8 - Assignment Example This made it difficult for labor unions to organize checks in these locations. Besides, quite a number of occupations were lost through technology changes. Employees in the meat packing industry understand that it is important to champion their rights. Thus, in order to unionize meat packing employees and win considerable gains in wages and benefits can only be achieved through mobilizing the force of workers tactically positioned in the supply chain that provides the frozen meat packs to retail outlets. This, therefore, means a fight back against the meatpacking and trucking bosses to once more make those businesses strongholds of union power. However, labor traitors heading unions are pursuing a plan which will substitute direct organization of workers into unions. The plan entails forming alliances with alternative labor organizations, and community groups that systematize workers outside the joint bargaining package for betterment of working conditions and better

Benefits and Challenges of Nurse Prescribing

Benefits and Challenges of Nurse Prescribing Specifically with Leg Ulcer Treatment the nurse prescribing practice help in delivering a complete episode of care, enables greater self-sufficiency and speeder access towards medication, time saving and expedient together with the early interference identifications, greater patient involvement (Courtenay, Berry 2007). Furthermore, it provides a means of formalising present prescribing activities and approaches, allow patients to receive better information from the nurses about the prescriptions and medications and thereby permitting a holistic practice (Courtenay 2007). Additionally, it enhances rapport with the leg ulcer patient, reduces length of stay owing to accurate prescribing management, improves knowledge and assessment skills in identifying the complications of leg ulcer along with co-morbid complexities and promotes the response time to addressing patient symptoms and withdrawal (dependency) effects (Gray, 2006). On the other hand, it was observed that the prescribed drug, Allevyn induced allergic reactions in the patient and this can be attributed to the potential implications of prescribing process. However, it cal also happen owing to increased work load and responsibilities upon the nurse, litigation fear, inter and intra professional conflicts, adherence towards medical model of care, lack of knowledge and accountability and absence of skills for prescribing process and dependency (Courtenay et al., 2007). REFERENCES Courtenay, M. 2007, Nurse Prescribing-the benefits and the pitfalls, Journal of Community Nursing, 21, 11. Courtenay, M., Berry, D. 2007, Comparing Nurses and Doctors views of Nurse Prescribing: A Questionnaire Survey, Nurse Prescribing, 5, 5. Gray, R. 2006, Nurse Prescribing: Raising Standards, Nurse Prescribing, 4, 8. Research study carried out by While and Biggs (2004) indicated that nurse prescribers cannot form a substitute for the general practitioners for the products within the limited formulary. Implementing a major role in the nurse prescribing practice requires assessment of numerous conditions including adequate education, preparation and training and designing formulary that convene patient and practitionerà ¢Ã¢â€š ¬Ã¢â€ž ¢s needs (While, Biggs 2004). Report on the evaluation of eight pilot sites revealed that nurse prescribing was completely accompanied by anxiety and heightened apprehensions of accountability (Luker et al., 1997). To date back, National training for Nurse Prescribing was started in England, by the year of 1998 during which around 20, 000 nurses have qualified for the new role. The study carried out by Humphreys and Green (2000) illustrated the potential importance of infrastructure in the focus groups (n=12) obtaining the preparation concerned to nurse prescription at one institution (Humphreys, Green 2000). The implementation of extension standards in to supplementary nursing practice acknowledged the deliberate need for understanding pharmacology as the basis for prescribing process and to identify the nurses who play a major role in selection criteria pertaining to prescriber training (Department of Health, 2002). Towards the other side, in examining the speculative basis for mental health nurse prescribing process, it is very important to discuss the implicit theoretical tensions together with the experiences of registered nurse prescriber. Making a Difference (1999) was the key policy document published upon the extending phenomenon of nurse prescribing with an aim of saving time for the General Practitioners (Department of Health, 1999). However, the implicit support was arrived through National Health Service and it stressed on various ways of working and distorting the demarcating lines between the specialized groups in NHS with an interest on improved access to quality of health care (Brooks, 2001). Thus, it must be understood that benefits and challenges of Nurse Prescribing within the context of mental health include the following (Department of Health, 1999): Add up the knowledge and allow complete use of experience. Allow service transition from hospital to community based. Nurses must reveal that they are diagnostically competent for the process of patient assessment and prescribing. The prescribing process may distract the attention from other aspects of nursing roles. May result in developing dangers (like allergic reactions developed for Allevyn in the present study) and these get added up to nurseà ¢Ã¢â€š ¬Ã¢â€ž ¢s role Conclusion Thus, to effective reduce the incidence of deleterious effects due to Nurse prescribing, a helpful action plan must be devised with the following objectives: To evaluate the prescribing approaches of nurses with relation to health visitors. To effectively understand the professional and contextual factors which enhance and inhibit the process of Nurse Prescribing To understand the views of practitioners and patients with relation to treatment offered by the nurses. Much research was performed with in this field of Nursing and still is needed in future to effectively explore the factors and to determine the steps for carrying out this process. Nevertheless, it is not a solitary effort and it demands the potential involvement of practitioners, patients, Nurses, local health organisations together with the government.

The Electoral College Should Be Revised Essay -- Argumentative Persuas

The Electoral College Should Be Revised As citizens of the United State of America, one of our most important rights is that of which to vote. By voting, the general population has a say in who its leaders are. Votes for local, state, and even federal representatives directly reflect who the constituents want in office. However, America’s highest office is not elected by a vote of the people. Instead we use a confusing and outdated system called the Electoral College. Our president is not elected by the people, but by 538 electors who can legally vote for whomever they choose. Several times in our nations history an elector has voted against the people’s will. Three presidents have been elected into office by the electoral college and not had the majority support of the nation. This phenomenon may very well happen again this year. This system needs to be changed. The highest office in our great nation needs to be elected by the people he/she is representing. The electoral college was developed by our founding fathers as a compromise between a president elected by Congress and one elected by the popular vote of the people. They feared that if the president was elected by Congress, he/she may feel some obligation to it. They also felt that the American people were not well enough informed and mature enough to elect their own leader. They finally decided on an Electoral College that today is made up of 538 electors from all 50 state and the District of Columbia. Each state is allotted a number of electors equal to its number of Representatives and Senators in Washington. The District of Columbia has a number of electors equal to that of the least populated state. As an example, California, our nation’s most populated state, h... ...t. This government is made of the people, for the people, and by the people. We need to have the ability to choose our own leader without the possibility of that decision getting manipulated. Sources Cited: Tom Curtis, "Making Sense of the Electoral College." [Internet, www], http://www.msnbc.com. [viewed Nov. 6, 2000] "Frequently Asked Questions on the Electoral College." Prepared by The Office of the Federal Register. [Internet, www], http://www.nara.gov. [viewed Nov. 6, 2000] "Electoral College." 2000 United Republican Network. [Internet, www], http://united.republican .com. [viewed Nov. 6, 2000] Eric Wikman, "The Electoral College: Then, Now, and Tomorrow." [Internet, www], http://www.wickman.com. [viewed Nov. 6, 2000] Judy Cresanta, "The Electoral College: Crisis Avoided." [Internet, www], http://www.npri.com. [viewed Nov. 6, 2000]

History Shows There Is No Such Thing as Absolute Power Essay

‘The undiminished ability to act in a particular way, or direct or influence the behaviour of others or the course of events’. Immediately one thinks of mighty Alexander, seizing every territory he set his eyes upon, or Joseph Stalin suppressing the entire population of the huge Soviet bloc with an iron fist. There are certainly individuals in history that would be regarded as absolutely powerful. Absolute power covers both being able to suppress and control opposition and support, and being able to achieve one’s aims, as both are interdependent. However, history as a study and analysis of the past through examining evidence, has shown that cultural relativism renders absolute power a much sought-after but unattainable possession; no person or organisation has been perfectly in control of their people since knowledge of other cultures has emerged, although some have attempted to claim to command it; even in the 21st Century, as seen by the North Korean rhetoric about the state’s absolute devotion to the Kim dynasty; for example, informing the population they should be willing to ‘become human bulwarks and human shields’ to defend their new leader Kim Jong-un. Since the Greeks first explored beyond their frontiers and came across cultures and religions which differed from their own, and since King Herodotus tried to pay the Greeks and Callatians to swap their respective burial practises (the Greeks burned their dead- the Callatians ate the corpse of their father) and was refused for any money, cultural relativism has existed as an obstacle to obtaining absolute power. Without cultural relativism, there are potential examples of absolute power being flouted. One that springs to mind is the ancient community who built Stonehenge. A supposedly ‘primitive’ people felt compelled to cut bluestones and transport them from south-west Wales either carrying them across hundreds of miles of mountainous and rugged terrain without technology, or by shipping them gradually over in handmade boats, before assembling them into the neat arrangement we can still see today. One prominent theory as to why this project was undertaken is that the stones are religious monuments designed to be worshipped or designed to intimidate worshippers into fearing their god. Either way, this points to a religious leader who had absolute power over his people, meaning he was able to persuade them to carry out this enormous logistical challenge. However, this essay will argue that cultural relativism has meant that apart from isolated communities such as that which built Stonehenge, no individual or organisation has possessed absolute power. On the other hand, some ancient historians would argue that the great Emperors of ancient times had absolute, autocratic power: the mighty King Darius and his vast Persian Empire, in which every provincial leader answered to him. Alexander the Great conquered almost the entire known world. Julius Caesar and his famous ‘veni, vidi, vici’ quotation, a demonstration of the ease with which he overpowered enemies. King Darius may have theoretically held absolute traditional authority over his Empire, being entitled by tradition to rule over every citizen, but it is clear that he didn’t hold absolute power. The wealthy Greek merchants in their colonies threw out Darius’s Persian provincial governors, and when Darius attempted to punish them by attacking their homeland, he was defeated. Even the fact that he had to resort to military force shows that he didn’t hold absolute power over the Greeks who were meant to answer to him as they were living in his Empire, but furthermore his military failed to preserve his power. This shows that he did not hold absolute power, and the Greek merchants rejected his leadership because they disliked it relative to the culture they were used to. Moreover, although Julius Caesar is and deserves to be recognised as an immensely powerful figure in world history, after emerging as the most successful of the Roman generals and doing the most to promote Roman interests in the further provinces, it is clear that he still didn’t hold absolute power. Absolute means universally valid and without dependence on anything else; Julius Caesar did not have the power to win over everyone, which would have prevented his murder. Evidently his power was dependent on the support of his Senate, which he failed to retain. There were over sixty conspirators involved in his murder, and he did not have the power to stop them- demonstrating that he didn’t hold absolute power over his people, as they found his leadership unacceptable relative to others. An anecdote which supports the claim that Alexander the Great did not hold absolute power is the story of his encounter with Diogenes. Alexander came across the philosopher sunbathing, and asked him if there was any favour which, as leader of the biggest Empire in the world, Alexander could fulfil for Diogenes. The philosopher simply requested that he stop obstructing the sun. After this experience, Alexander is said to have claimed that ‘if I were not Alexander, I should like to be Diogenes’, as he found the philosopher’s complete indifference to the offer of a favour from the world’s most powerful man to be such an incredible phenomenon. This shows that Alexander’s military and material wealth and power didn’t stop him from wishing he could instead be this anti-materialist philosopher. Diogenes had the power to make Alexander feel that he would prefer to be someone else, so that, even momentarily, he scored an emotional victory over him; if Alexander had had absolute power over his Empire, nobody should have been able to defeat him in any way. Throughout the Dark Ages, and the Middle Ages, it could be argued that the church had absolute power in parts of Europe, as the typical image of the ordinary European peasant is one of devout, God-fearing Christianity. However, an interesting and relevant point that Carr made in his book, What is History?, is that, with religious leaders and monks being the only literate people throughout this era, records of this time are written solely from their perspective, and therefore give the impression of a very devoutly religious period in Europe. However, this could be a falsified impression, as the enlightenment and other events such as the atheistic Communist revolution later on in Russia in 1917 demonstrate that the peasants and ordinary working classes of these countries were perhaps not as influenced and submitted to control by the church as first thought. Constantly through these times there were bitter disputes between the Pope and bishops, and the nobility and royalty that ruled over Europe, the most famous of which ended in Henry VIII abandoning the Vatican and establishing the Church of England. These power struggles display that neither the religious authorities nor the monarchies had anything that could be described as absolute power. Perhaps the monarchy were against the idea of Papal consultation, relative to the image they had of rulers before the Common Era who weren’t constrained by religious authorities- but obviously this would have been rejected by their religious subjects. This is another case of cultural relativism undermining absolute power. After the Enlightenment and Industrial Revolution, with the decline of religious authority and an autocratic hereditary hierarchy in Europe, the power balance alters. Although some areas are still governed by monarchy, for example Russia with the Tsars, other areas see the introduction of parliamentary systems and constitutional monarchy. One key theme of the enlightenment, debatably, was to eliminate even the idea of ‘absolute power’ and absolutist, arbitrary rule by promoting democracy and fair government. For example, in France, with the execution of Louis XVI, a Republic was established. However, the result was far from a fair society in which the government was held to account. Power in France moved between different dictatorial regimes until it was seized by Napoleon Bonaparte and the Consulate. Some would argue that Napoleon held absolute power; he conquered as he willed, and ruled over a large empire autocratically despite the fact that many in Europe now supported the idea of deliberative government. He even had the audacity to declare that he wouldn’t ‘give a fig for a million lives’ in the face of conquering new territories, something that surely only someone with absolute, unassailable power would be able to say without being removed from a position of responsibility. However, on the other hand, it is evident that he failed to retain absolute power. During his rule, there was unrest throughout his territory: from 1808, for example, the Spanish people began an ongoing and constant campaign of resistance against Napoleon’s men, which could not be suppressed despite his best efforts. Then, eventually, he was defeated, and then defeated again, and ended up alone in exile on the Island of St Helen. It is possible that if the people had not had knowledge from foreign sources of more benevolent and successful rulers, they would not have overthrown Napoleon; their ability to relate their experience to other cultures caused them to oppose Napoleon. This Napoleonic style, of attempting to seize absolute, autocratic power and ruling without the security of populism has been demonstrated in dozens of scenarios since Napoleon’s fall, with a myriad of totalitarian dictatorships in Europe and beyond which attempted to suppress and rule with absolute authority. However, each example can be knocked down. Hitler, it could be argued, took power on the merit of his charismatic personality and the appeal of his vision of a strong German people- whether by attracting enough popularity or simply making his thuggish SS a large and strong-willed enough organisation to secure his high position. From then on he suppressed opposition both at home and in German-occupied territory. The way in which he achieved this largely as an individual and then ruled so strongly whilst often ignoring suggestions from his advisors, could be described as holding absolute power over Germany and the territories conquered. Furthermore, some optimists might argue that the instigation of the Holocaust against the Jews and other ‘undesirables’ implies that he had absolute power over people, as ordinary human nature would produce repulsion at the very idea, and yet it was carried out. On the other hand, there is much evidence of resistance within Germany against Hitler’s regime- ranging from political opposition by Catholics and across general German society against the T4 programme (‘euthanasia’ mass murder of disabled people), to the ‘Red Orchestra’ Communists distributing propaganda leaflets, and of course the numerous assassination plots and attempts by Hitler’s own men. The ‘Red Orchestra’ example is very useful to my argument; they had not lived under a Communist system, but had read the teachings of Karl Marx and other Communist writers and therefore felt that relative to the Nazi system, Communism would be the best for Germany. While it is true that none of these were successful as such (except, to some extent, the opposition to T4), they certainly weren’t what Hitler desired and he had not the power to prevent them. Another major dictator of the 20th Century was Josef Stalin; although the Communist state was already in existence, he still needed his skill and slyness to seize power by using his role as party secretary to eliminate potential opponents, and especially by propelling himself ahead of Trotsky in terms of popularity through behaviour such as deceiving him into travelling to an eastern province so that he wasn’t present at Lenin’s funeral. He then purged Russia, the Communist Party and the army in order to ensure absolute control, and this made internal opposition to his regime virtually inexistent in terms of visible or united resistance. His Stalinist ideology also catapulted the USSR very quickly from a backward nation to a major world power, enabling them to withstand the German Operation Barbarossa (consequently, another failure of Hitler’s) and then even to push on until they formed a stand-off with the USA and Britain in Germany. With no opposition to him within his country (and so no possibility of assassination or being toppled), and these incredible achievements, some would infer that he must have had absolute power. Be that as it may, when we explore Stalin’s aims we can see that he was largely unsuccessful. His five-year-plans demanded unattainably high increases in output- such as 200% more iron produced and 335% more electricity. However, there is much evidence that factory owners and officials ‘cooked the books’ and exaggerated production when reporting back to the Party, in order to prevent being punished for failing to keep up. This would mean that Stalin could not achieve all that he wanted. Furthermore, one of his stated aims was to reverse Russia’s backwardness in order to avoid being ‘crushed’ by the developed capitalist powers. While he did generate huge industrialisation which propelled the USSR forwards so that in 1945 it emerged as one of two world superpowers, it was at the expense of over twenty million Russians dead in around two decades, due to famines caused by economic reforms or in the gulags and the purges; this huge cost is a death rate that resembles a backward nation far more than a developed one, and so some would argue that it shows that Stalin also failed in this aim. Finally, his struggle with the Western powers, for example through annexing eastern European countries into the Soviet bloc, although continued to some extent by his successors, was lost in the end. By 1990, the USSR had begun to unravel significantly as former members became independent countries and satellite states such as Ukraine and Estonia, and turned to democracy and the free market, after first breaking the propaganda limitations in order to learn of the other way of life, until Russia formally ended Communism in the year 1991. Stalin’s legacy failed to prevent cultural relativism from reaching into the population of the USSR. On the other hand, it could be argued that although he failed to prevent the future further expansion of the USSR his huge legacy in turning Russia around into the developed nation it is today shows his absolute power. Stalin and his ideology are still popular in modern Russia, as he is seen as a hero by many for seeing off the Nazi German invasion. This legacy, coupled with the extent to which he did manage to prevent notable opposition within his territory and beyond (for example, the assassination of Trotsky in Mexico), make him an individual who was close to achieving the coveted status of having absolute power in his ‘empire’, but still his failure to achieve what he wanted demonstrates that it would be untrue to describe him as such. And now approaching the present in terms of era, an example which was mentioned much earlier on in this essay, the Kim dynasty in North Korea; they make use of the personality cult, controls on education and media, and the secret police which were used to implement Stalin’s leadership in the USSR; however like him, they have been unable to carry out their aims. Kim Jong-Il aimed to make North Koreans the ‘most prosperous people on Earth’, but under his new economic reforms, millions died in a famine and all were affected by a famine which resulted in the army downgrading the height requirements for soldiers to sign up. They have also failed to prevent the black market from flourishing in North Korea and more importantly, they haven’t been able to stop Chinese smugglers from bringing in evidence of the prosperity experienced in South Korea and other countries. Therefore despite not being in particular danger of being overthrown by the people, due to their repressive regime, the Kim dynasty have not had the power to fulfil their plans. The same could be said of the solid Communist Party in China: although they are relatively secure in their position, with legal sovereignty guaranteed over the United Front as stated by the constitution, they have had to open up to imports and exports and allow free market economics, as their Communist planned economy failed. In modern times, nobody has succeeded in fully repressing their people, as defection and resistance has always been possible if not completely successful. Absolute power cannot be attributed to any modern day regimes, because knowledge of outside cultures always finds a way in, and the people learn of their relatively poor situation and rebel. One of the important phenomena to observe over the next few years is that of South Korean DVDs being smuggled into North Korea and allowing the people exposure to other cultures; this could potentially lead to an inability to further repress the people, to combine with the failure to achieve the Kim families’ aims. It is important to consider religion when looking at this question, as we have already conceded that religious authorities in some isolated communities could have held absolute power over their followers. One could argue that especially in the case of the Abrahamic religions, which are characterised by their belief in one single, omnipotent and omniscient God, absolute power is demonstrated by the infallibility of those who represent this one God- for example, the Pope, or the Iranian Ayatollah. In the most devout of communities and times, any religious disagreement could end in death- for example, the burning of Protestants or Catholics at the stake during the European battle between these two ideologies. This can be seen as religious authorities suppressing any opposition to the rule of God. Then, there are many examples of God’s representatives influencing people to act how he would will; for example, the Crusades saw hundreds of rich knights, under the influence of the Pope, leaving the luxury and relative safety of their castles and estates to recover Jerusalem, a city they had never visited. This can be seen as religion and its leaders having the absolute power to control the actions of others. However, for one thing the misuse of the aforementioned tradition of burning religious enemies, by which people would accuse those they disliked or coveted of belonging to the undesirable faith, shows that often people weren’t following the leadership of God but using this phenomenon to their selfish advantage. Another point against religious figures having absolute power is the decline in religious participation and the growth of atheism- this ongoing decline in terms of support of god as a leader demonstrates a decline in power. In times of strife, such as the suffering of the Russians under the Tsar, people lose their faith in religious hierarchies- and in this particular example the atheistic Soviet system was spawned. In addition to this decrease in willingness to submit to religious commands, there is a clear increase in actual opposition to religion- the growth of Humanism and the growing popularity of figures such as Richard Dawkins, who preaches anti-religion and anti-theism, show that God is being undermined as a leader and so can’t have absolute power over humanity as some religious leaders would intend. From exploring all these example of hugely powerful individuals and organisations, ranging from the autocratic emperors of Ancient civilisation, to the absolute monarchies of the middle ages, the Church and the modern totalitarian dictatorships and regimes such as Adolf Hitler’s Nazi Germany, or even the Communist Party in the People’s Republic of China, we can see that although their achievements are often incredible, and required huge amounts of power and ability, none of them have been able to perfectly fit both criteria- full suppression of opposition and the full ability to achieve what they wished. Inability to fulfil their political aims can often be put down to a failure to crush opposition, and the failure to crush opposition was caused by knowledge of other cultures which the people enjoyed the idea of more than they enjoyed their own; cultural relativism. When people get the idea into their heads that there are other systems which would benefit them and make their lives better, it is impossible to fully and permanently extinguish this and continue reigning on without reforming policy (failing to do what you want) or falling from power (failing to protect against the opposition). Therefore, the only time when history can show us absolute power is in isolated communities in which the people had no understanding or conception of an alternative way of life, such as the Ancient Britons who built Stonehenge. Bibliography A Little History of the World- E.H. Gombrich What Is History? – E.H. Carr Nazi Aggression- Planned or Improvised? (The Historian)- Hendrik K. Hogrefe Webography Who Built Stonehenge? Stuart Carter (First Science) http://www.livius.org/caa-can/caesar/caesar_t09.html http://www.e-classics.com/ALEXANDER.htm http://www.loc.gov/exhibits/archives/reps.html (Stalin) http://www.chinacyber.com/china_glance/politics.htm Polak

Coso Presentation

COSO REPORT SUMMARY CHAPTER 1: DEFINITION Internal Control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: – Effectiveness and efficiency of operations – Reliability or financial reporting – Compliance with applicable laws and regulations. Internal control is: – A process; Internal control is not one event or circumstance, but a series of actions that permeate an entity’s activities.These actions are pervasive, and are inherent in the way management runs the business. Business processes are managed through the basic management processes of planning, executing and monitoring. They should be â€Å"built in† rather than â€Å"built on†. â€Å"Building in† controls can directly affect an entity’s ability to reach its goals, and supports businesses’ quality initia tives. – People; Internal control is effected by a board of directors, management and other personnel in an entity.Internal control affects people’s actions. These realities affect, and are affected by, internal control. – Reasonable assurance; Internal control, not matter how well designed and operated, can provide only reasonable assurance to management and the board of directors regarding achievement of an entity’s objectives. The likelihood of achievement is affected by limitations inherent in all internal control systems, such as human judgment. Objectives; Every entity sets out on a mission, establishing objectives it wants to achieve and strategies for achieving them. Objectives fall into three categories: – Operations – relating to effective and efficient use of the entity’s resources – Financial reporting – relating to preparation of reliable published financial statements – Compliance – relating t o the entity’s compliance with applicable laws and regulations Components Internal control consists of five interrelated components: Control environment; The core of any business is people – their individual attributes, including integrity, ethical values and competence – and the environment in which they operate – Risk assessment; The entity must be aware of and deal with the risks it faces. It must set objectives, integrated with the sales, production, marketing, financial and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze and manage the related risks. Control activities; Control policies and procedures must be established and executed to help ensure that the actions identified by management as necessary to address risks to achievement of the entity’s objectives are effectively carried out. – Information and communication; Surrounding these activities are informatio n and communication systems. These enable the entity’s people to capture and exchange the information needed to conduct, manage and control its operations – Monitoring; The entire process must be monitored, and modifications made as necessary.In this way, the system can react dynamically, changing as conditions warrant. There is a direct relationship between objectives, which are what an entity strives to achieve, and components, which represent what is needed to achieve the objectives. Internal control is relevant to an entire enterprise, or to any of its unit or activities. Effectiveness Internal control can be judged effective in each of the three categories, respectively, if the board of directors and management have reasonable assurance that: – They understand the extent to which the entity’s operations objectives are being achieved. Published financial statements are being prepared reliably. – Applicable laws and regulations are being complie d with. While internal control is a process, its effectiveness is a state or condition of the process at a point in time. Although all five criteria must be satisfied, this does not mean that each component should function identically, or even at the same level, in different entities. The following chapters should be considered when determining whether an internal control system is effective.It should be recognized: – Because internal control is a part of the management process, the components are discussed in the context of what management does in running a business. – The principles discussed apply to all entities, regardless of size. – Each component chapter contains an â€Å"evaluation† section with factors one might consider in evaluating the component. CHAPTER 2: CONTROL ENVIRONMENT The control environment has a pervasive influence on the way business activities are structured, objectives established and risks assessed.It also influences control act ivities, information and communication systems, and monitoring activities. The control environment is influenced by the entity’s history and culture. It influences the control consciousness of its people => â€Å"tone at the top†. Integrity and ethical values An entity’s objectives and the way they are achieved are based on preferences, value judgments and management styles. Those preferences and value judgments, which are translated into standards of behavior, reflect management’s integrity and its commitment to ethical values.Because an entity’s good reputation is so valuable, the standard of behavior must go beyond mere compliance with law. Integrity and ethical values are essential elements of the control environment, affecting the design, administration and monitoring of other internal control components. Top management must balance the concerns of the enterprise, its employees, suppliers, customers, competitors and the public. Balancing these concerns can be a complex and frustrating effort because interests are often at odds.Managers of well-run enterprises have increasingly accepted the view that â€Å"ethics pays†- that ethical behavior is good business. Ethical behavior and management integrity are a product of the â€Å"corporate culture†. Corporate culture includes ethical and behavioral standards, how they are communicated and how they are reinforced in practice. Official policies specify what management wants to happen. Corporate culture determines what actually happens, and which rules are obeyed, bent or ignored. Top management – starting with the CEO – plays a key role in determining the corporate culture.Individuals may engage in dishonest, illegal or unethical acts simply because their organizations give them strong incentives or temptations to do so. Emphasis on â€Å"result,† particularly in the short term, fosters an environment in which the price of failure becomes ver y high. Incentives cited for engaging in fraudulent or questionable financial reporting practices and, by extension, other forms of unethical behavior are: – Pressure to meet unrealistic performance targets, particularly for short-term results – High performance-dependent rewards, and – Upper and lower cutoffs on bonus plansThe study also cites â€Å"temptations† for employees to engage in improper acts: – Nonexistent or ineffective controls, such as poor segregation of duties in sensitive areas, that offer temptations to steal or to conceal poor performance – High decentralization that leaves top management unaware of actions taken at lower organizational levels and thereby reduces the chances of getting caught. – A weak internal audit function that does not have the ability to detect and report improper behavior – An ineffective board of directors that does not provide objective oversight of top management. Penalties for impr oper behavior that are insignificant or unpublished and thus lose their value as deterrents. In addition to the incentives and temptations just discussed, the aforementioned study found a third cause of fraudulent and questionable financial reporting practices: ignorance. The study found that â€Å"in many of the companies that have suffered instances of deceptive financial reporting, the people involved either did not know what they were doing was wrong or erroneously believed they were acting in the organization’s best interest†.This ignorance is often caused by poor moral background or guidance, rather than by an intent to deceive. The most effective way of transmitting a message of ethical behavior throughout the organization is by example. A study some years ago noted that a formal code of conduct is â€Å"a widely used method of communicating to employees the company’s expectations about duty and integrity†. Of particular importance are resulting pe nalties to employees who violate such codes, mechanisms that exist to encourage employee reporting of suspected violations, and disciplinary actions against employees who fail to report violations.Commitment to competence Competence should reflect the knowledge and skills needed to accomplish tasks that define the individual’s job. Management needs to specify the competence levels for particular jobs and to translate those levels into requisite knowledge and skills. There often can be trade-off between the extent of supervision and the requisite competence level of individual. Board of directors or Audit Committee The control environment and â€Å"tone at the top† are influenced significantly by the entity’s board of directors and audit committee.Factors include the board or audit committee’s independence from management, experience and stature of its members, extent of its involvement and scrutiny of activities, and the appropriateness of its action. Ano ther factor is the degree to which difficult questions are raised and pursued with management regarding plans or performance. Interaction of the board or audit committee with internal and external auditors is another factor affecting the control environment.Because of its importance, an active and involved board of directors, board of trustees or comparable body – possessing an appropriate degree of management, technical and other expertise coupled with the necessary stature and mind set so that it can adequately perform the necessary governance, guidance and oversight responsibilities – is critical to effective internal control. It is necessary that the board contain outside directors. Management’s philosophy and operating style Management’s philosophy and operating style affect the way the enterprise is managed, including the kinds of business risks accepted.An informally managed company may control operations largely by face-to-face contract with key m anagers. A more formally managed one may rely more on written policies, performance indicators and exception reports. Organizational structure An entity’s organizational structure provides the framework within which its activities for achieving entity-wide objectives are planned, executed, controlled and monitored. Activities may relate to what is sometimes referred to as the value chain: inbound (receiving) activities, operations or production, outbound (shipping) marketing, sales and service.There may be support functions, relating to administration, human resources or technology development. Significant aspects of establishing a relevant organizational structure include defining key areas of authority and responsibility and establishing appropriate lines of reporting. An entity develops an organizational structures suited to its needs: centralized, decentralized, direct reporting lines, matrix, product line, geographical location, distribution or marketing network, governm ental, or not-for-profit structure. The appropriateness of an entity’s organizational structure depends, in part, on its size and the nature of its activities.A highly structured organization, including formal reporting lines and responsibilities, may be appropriate for a large entity with numerous operating divisions, including foreign operations. However, it could impede the necessary flow of information in a small entity. Whatever the structure, an entity’s activities will be organized to carry out the strategies designed to achieve particular objectives. Assignment of authority and responsibility This includes assignment of authority and responsibility for operating activities, and establishment of reporting relationships and authorization protocols.There is a growing tendency to push authority downward to bring decision-making closer to front-line personnel. Alignment of authority and accountability often is designed to encourage individual initiatives, within lim its. Delegation of authority, or â€Å"empowerment,† means surrendering central control of certain business decisions to lower echelons – to the individuals who are closest to everyday business transactions. A critical challenge is to delegate only to the extent required to achieve objectives. Another challenge is ensuring that all personnel understand the entity’s objectives.Increased delegation sometimes is accompanied by or the result of streamlining or â€Å"flattening† of an entity’s organizational structure, and is intentional. Purposeful structural change to encourage creativity, initiative and the capability to react quickly can enhance competitiveness and customer satisfaction. The control environment is greatly influenced by the extent to which individuals recognize that they will be held accountable. This holds true all the way to the chief executive, who has ultimate responsibility for all activities within an entity, including the inte rnal control system. Human resource policies and practicesHuman resource practices send messages to employees regarding expected levels of integrity, ethical behavior and competence. Such practices relate to hiring, orientation, training, evaluating, counseling, promoting, compensating and remedial actions. It is essential that personnel be equipped for new challenges as issues that enterprises face change and become more complex – driven in part by rapidly changing technologies and increasing competition. The impact of an ineffective control environment could be far reaching, possibly resulting in a financial loss, a tarnished public image or a business failure.While every entity should embrace the concepts, small and mid-size entities may implement the control environment factors differently than larger entities. Their own integrity and behavior, however, is critical and must be consistent with the oral message because of the first-hand contact that employees have with them . Usually the fewer the levels of management, the faster the message is carried through an organization of what conduct is acceptable. Evaluation should be based on these 7 aspects CHAPTER 7: LIMITATIONS OF INTERNAL CONTROLIn considering limitations of internal control, two distinct concepts must be recognized: – First, internal control – even effective internal control – operates at different levels with respect to different objectives. But it cannot provide even reasonable assurance that the objectives themselves will be achieved. – Second, internal control cannot provide absolute assurance with respect to any of the three objectives categories. The first set of limitations acknowledges that certain events or conditions are simply outside management’s control. The second has to do with the reality that no system will always do what it’s intended to do.The effectiveness of controls will be limited by the realities of human frailty in the ma king of business decisions. Some decisions based on human judgment may later, with the clairvoyance of hindsight, be found to produce less than desirable results, and may need to be changed. – Breakdowns; Personnel may misunderstand instructions. They may make judgment mistakes. Or they may commit errors due to carelessness, distraction, or fatigue. – Management override; An internal control system can only be as effective as the people who are responsible for its functioning.Even in effectively controlled entities – those with generally high levels of integrity and control consciousness – a manager might be able to override internal control. Management override means here, overruling prescribed policies or procedures for illegitimate purposes with the intent of personal gain or an enhanced presentation of an entity’s financial condition or compliance status. Management override should not be confused with management intervention. – Collusio n; The collusive activities of two or more individuals can result in control failures.Individuals acting collectively to perpetrate and conceal an action from detection often can alter financial data or other management information in a manner that cannot be identified by the control system. – Costs versus benefits; Resources always have constraints, and entities must consider the relative costs and benefits of establishing controls. Cost and benefit measurements for implementing controls are done with different levels of precision. The complexity of cost-benefit determinations is compounded by the interrelationship of controls with business operations.Cost-benefit determinations also vary considerably depending on the nature of the business. The challenge is to find the right balance. CHAPTER 8: ROLES AND RESPONSIBILITIES Internal and external parties contribute, each in his or her own way, to effective internal control. Parties external to the entity may also help the entit y achieve its objectives through actions that provide information useful to the entity in effecting control, or through actions that independently contribute to entity’s objective. Internal parties: Management Management is directly responsible for all activities of an entity, including its internal control system.Naturally, management at different levels in an entity will have different internal control responsibilities. More than any other, the chief executive sets the â€Å"tone at the top† that affects control environment factors and other components of internal control. The CEO has influence over the selection of the board of directors. The CEO generally fulfills this duty by: – Providing leadership and direction to senior managers. – Meeting periodically with senior managers responsible for the major functional areas – sales, marketing, production, procurement, finance, human resources, etc. to review their responsibilities, including how the y are controlling the business. Senior managers in charge or organizational units have responsibility for internal control related to their units’ objectives. They provide direction, more hands-on role. Often these managers are directly responsible for determining internal control procedures that address unit objectives. Financial offices. Of particular significance to monitoring are finance and controllership officers and their staffs, whose activities cut across, up and down the operating and other units of an enterprise. As a member of top management, the chief accounting officer helps set the tone of the organization’s ethical conduct; is responsible for the financial statements; generally has primary responsibility for designing, implementing and monitoring the company’s financial reporting system; and is in a unique position regarding identification of unusual situations caused by fraudulent financial reporting†. Internal parties: Board of directors Management is accountable to the board of directors or trustees, which provides governance, guidance and oversight. By selecting management, the oard ahs a major role in defining what it expects in integrity and ethical values, and can confirm its expectations through its oversight activities. Effective board members are objective, capable and inquisitive. Audit committee. Management is responsible for the reliability of the financial statements, but an effective audit committee plays an important role. The audit committee is in a unique position: it has the authority to question top management regarding how it is carrying out its financial reporting responsibilities, and it also has authority to ensure that corrective action is taken.The Treadway commission emphasized the value of audit committees and recommended that all public companies be required to established audit committees composed solely of independent directors. Other committees are: compensation committee, finance commi ttee, nominating committee, employee benefits committee and other committees. Internal parties: Internal auditors Internal auditors directly examine internal controls and recommend improvements. Internal auditors should: Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information – Review the systems established to ensure compliance with those policies, plans, procedures, laws and regulations which could have a significant impact on operations and reports and should determine whether it is in compliance – Review the means of safeguarding assets and verify the existence of these assets – Appraise the economy and efficiency with which resources are employed – Review operations to ascertain whether results are consistent with established objectives and goals and whether operations are being carried out as planned. Organizational position and authority involve such matters as reporting line to an individual who has sufficient authority to ensure appropriate audit coverage, consideration and response; selection and dismissal of the director of internal auditing only with board of directors’ or audit committee’s concurrence; internal auditor access to the board or audit committee; and internal auditor authority to follow up on findings and recommendations.Internal auditors are objective, avoid potential and actual conflicts of interest and bias, rotate and not assume operating responsibilities. Internal Parties: Other entity personal – First, virtually all employees play some role in effecting control – Second, all personnel should be responsible for communicating to a higher organizational level problems in operations, noncompliance with the code of conduct, or other violations of policy or illegal actions External Parties: External auditors They bring to management and the board a unique independent and objective vi ew, and contribute to an entity’s achievement of its financial reporting objectives, as well as other objectives.The auditor expresses an opinion on the fairness of the financial statements in conformity with generally accepted accounting principles, and thus contributes to the entity’s financial reporting objectives. Auditors conducting a financial statement audit do provide information useful to management in carrying out their internal control-related responsibilities: – by communicating audit findings, analytical information and recommendations for use in taking actions necessary to achieve established objectives – by communicating findings regarding deficiencies in internal control that come to their attention, and recommendations for improvement External Parties: Legislators and regulatorsLegislators and regulators affect the internal control systems of many entities, either through requirements to establish internal controls or through examinations of particular entities. They affect entities’ internal control system in two ways. They establish rules that provide the impetus for management to ensure that internal control systems meet the minimum statutory and regulatory requirements. And, pursuant to examination of a particular entity, they provide information used by the entity’s internal control system, and provide recommendations and sometimes directives to management regarding needed internal control system improvements. External Parties: parties interacting with the entity (customer, supplier, vendor) These parties provide information that can be extremely important for objectives.External Parties: Financial Analysts, Bond Rating Agencies and the News Media CHAPTER 3: RISK ASSESSMENT Objective setting is a precondition to risk assessment. There must first be objectives before management can identify risks to their achievement and take necessary actions to manage the risks. Objective setting, then, is a key part of the management process. At the entity level, objectives often are represented by the entity’s mission and value statements. Along with assessments of the entity’s strengths and weaknesses, and of opportunities and threats, they lead to an overall strategy. These subobjectives or activity-level objectives, include establishing goals and may deal with product line, market, financing and profit objectives.By setting objectives at the entity and activity levels, an entity can identify critical success factors. These are key things that must go right if goals are to be attained. Critical success factors exist for the entity, a business unit, a function, a department or an individual. Categories of objectives: Operations objectives: Operations objectives relate to achievement of an entity’s basic mission – the fundamental reason for its existence. Operations objectives need to reflect the particular business, industry and economic environments in which the entity functions. Management must see to it that objectives are based on the reality and demands of the marketplace and are expressed in terms that allow meaningful performance measurements.A clear set of operations objectives and strategies, linked to subobjectives, is fundamental to success. They provide a focal point toward which the entity will commit substantial resources. Financial Reporting objectives: Financial reporting objectives address the preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements. Entities need to achieve financial reporting objectives to meet external obligations. Investors, creditors, customers and suppliers often rely on financial statements to assess management’s performance and to compare it with peers and alternative investments. Fair representation is efined as: – The accounting principles selected and applied have general acceptance – The accounting principles are appropriate in the circumstances – The financial statements are informative of matters that may affect their use, understanding and interpretation – The information presented is classified and summarized in a reasonable manner, that is, it is neither too detailed nor too condensed – The financial statements reflect the underlying transactions and events in a manner that presents the financial position, results of operations and cash flows stated within a range of acceptable limits, that is, limits that are reasonable and practical to attain in financial statements Compliance objectives: Entities must conduct their activities, and often take specific actions, in accordance with applicable laws and regulations.These laws and regulations establish minimum standards of behavior, which the entity integrates into its compliance objectives. An entity’s compliance record with laws and regulations can significantly – either positively or negatively – affect its reputation in the community. An objective in one category may overlap or support an objective in another. Another set of objectives relates to â€Å"safeguarding of resources†. Although these are primarily operations objectives, certain aspects of safeguarding can fall under the other categories. The category in which an objective falls can sometimes depend on circumstances. Objectives should be complementary and linked.Not only must entity-wide objectives be consistent with the entity’s capabilities and prospects, they also must be consistent with the objectives of its business units and functions. Entity-wide objectives must be broken down into subobjectives, consistent with the overall strategy, and linked to activities throughout the organization. Where, however, objectives depart form an entity’s past practices, management must address the linkages or run increased risks. Activity objectives also need to be clear, that is, readily understood by the people taking the actions toward their achievement. They must also be measurable. It is useful to relate an activity’s overall set of objectives to resources available.A way to relieve further resource constraint is to question activity objectives that do not support entity-wide objectives and the entity’s business processes. Another means of balancing objectives and resources is to identify activity objectives that are very important or critical to achieving entity-wide objectives. Objectives provide the measurable targets which the entity moves in conducting its activities. The goal of internal control in this area focuses primarily on: developing consistency of objectives and goals throughout the organization, identifying key success factors and timely reporting to management of performance and expectations.Although success cannot be ensured, management should have reasonable assurance of being alerted when objec tives are in danger of not being achieved. Risks The process of identifying and analyzing risk is an ongoing iterative process and is a critical component of an effective internal control system. Management must focus carefully on risks at all levels of the entity and take the necessary actions to manage them. Risk identification An entity’s performance can be at risk due to internal or external factors. Regardless of whether an objective is stated or implied, an entity’s risk-assessment process should consider risks that may occur. Risk identification is an iterative process and often is integrated with the planning process.Entity level: risks at the entity-wide level can arise from external or internal factors. External factors examples: – Technological developments can affect the nature and timing of research and development, or lead to changes in procurement – Changing customer needs or expectations can affect product development, production process, customer service, pricing or warranties. – Competition can alter marketing or service activities – New legislation and regulation can force changes in operating policies and strategies – Natural catastrophes can lead to changes in operations or information systems and highlight the need for contingency planning. Economic changes can have an impact on decisions related to financing, capital expenditures and expansion. Internal factors examples: – A disruption in information systems processing can adversely affect the entity’s operations. – The quality of personnel hired and methods of training and motivation can influence the level of control consciousness within the entity. – A change in management responsibilities can affect the way certain controls are effected. – The nature of the entity’s activities, and employee accessibility to assets, can contribute to misappropriation of resources. – An unassertive or inef fective board or audit committee can provide opportunities for indiscretions.Risk may be identified in connection with short- and long-range forecasting and strategic planning. What is important is that management considers carefully the factors that may contribute to or increase risk. Some factors to consider include: past experiences of failure to meet objectives; quality of personnel; changes affecting the entity such as competition, regulations, personnel, and the like; existence of geographically distributed, particularly foreign, activities; significance of an activity to the entity; and the complexity of an activity. Once the major contributing factors have been identified, management can then consider their significance and, where possible, link risk factors to business activities. Activity-level.In addition to identifying risk at the entity level, risks should be identified at the activity level. Dealing with risk at this level helps focus risk assessment on major business units or functions such as sales, production, marketing, technology development, and research and development. Potential causes of failing to achieve an objective range from the obvious to the obscure, and form the significant to the insignificant in potential effect. Risk analysis After the entity has identified entity-wide and activity risks, a risk analysis needs to be performed. The process – which may be more or less formal – usually includes: – Estimating the significance of the risk Assessing the likelihood (or frequency) of the risk occurring – Considering how the risk should be managed – that is, an assessment of what actions need to be taken. There are numerous methods for estimating the cost of a loss from an identified risk. Management should be aware of them and apply them as appropriate. However, many risks are indeterminate in size. At best they can be described as large, moderate or small. Once the significance and likelihood of ris k have been assessed, management needs to consider how the risk should be managed. This involves judgment based on assumptions about the risk, and reasonable analysis of costs associated with reducing the level of risk.Sometimes actions can virtually eliminate the risk, or offset its effect if it does occur. Note that there is a distinction between risk assessment, which is part of internal control and the resulting plans, programs or other actions deemed necessary by management to address the risks. A key part of the larger management process, but not an element of the internal control system. Along with actions for managing risk is the establishment of procedures to enable management to track the implementation and effectiveness of the action. Before installing additional procedures, management should consider carefully whether existing ones may be suitable for addressing identified risks.Management also should recognize that it is likely some level of residual risk will always ex ist, not only because resources are always limited, but also because o other limitations inherent in every internal control system. It is often critical to the entity’s success. Managing change Every entity needs to have a process, formal or informal, to identify conditions that can significantly affect its ability to achieve its objectives. A key part of that process involves information systems that capture, process and report information about events, activities and conditions that indicate changes to which the entity needs to react. With the requisite information systems in place, the process to identify and respond to changing conditions can be established. Circumstances demanding special attention: Changed operating environment – A changed regulatory or economic environment can result in increased competitive pressures and significantly different risks – New personnel – high turnover of personnel, in the absence of effective training and supervision , can result in breakdowns – New or revamped information systems – Normally effective controls can break down when new systems are developed, particularly when done under unusually tight time constraints – Rapid growth – When operations expand significantly and quickly, existing systems may be strained to the point where controls can break down – New technology – when new technology is being incorporated, a high likelihood exists that internal controls need to be modified. – New lines, products, activities – unfamiliar situations, controls may be inadequate – Corporate restructurings – may be accompanied by staff reductions and inadequate supervision and segregation of duties. – Foreign operations – the expansion or acquisition of foreign operations carries new and often unique risks that management should address. To the extent practicable, mechanisms should be forward-looking, so an entity can anti cipate and plan for significant changes.Early warning systems should be in place to identify data signaling new risks. However, as with other control mechanisms, the related costs cannot be ignored. No entity has sufficient resources to obtain and analyze completely the information about all the myriad evolving conditions that can affect it. It is often difficult to know whether seemingly significant information is the beginning of an important trend, ore merely an aberration. The risk-assessment process is likely to be less formal and less structured in smaller entities than in larger ones, but the basic concepts of this internal control component should be present in every entity, regardless of size.Risk assessment in smaller entity can be particularly effective because the in-depth involvement of the CEO and other key managers often means that risks are assessed by people with both access to the appropriate information and a good understanding of its implications. Action plans ca n be devised and implemented quickly with limited number of people. They can then follow up as needed to ensure that the necessary actions are being taken. CHAPTER 4: CONTROL ACTIVITIES Control activities are policies and procedures, which are the actions of people to implement the policies, to help ensure that management directives identified as necessary to address risks are carried out.Many different descriptions of types of control activities have been put forth, including preventive controls, detective controls, manual controls, computer controls and management controls. Following are certain control activities commonly performed by personnel at various levels in organizations. – Top level reviews – Reviews are made of actual performance versus budgets, forecasts, prior periods and competitors – Direct functional or activity management – managers running functions or activities review performance reports – Information processing – A var iety of controls are performed to check accuracy, completeness and authorization of transactions. Data entered are subject to edit checks or matching to approved control files. Physical controls – Equipment, inventories, securities, cash and other assets are secured, physically, and periodically counted and compared with amounts shown on control records. – Performance indicators – Relating different sets of data – operating or financial – to one another, together with analyses of the relationships and investigate and corrective actions, serve as control activities. – Segregation of Duties – duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. Control activities usually involve two elements: a policy establishing what should be done and, serving as a basis for the second element, procedures to effect the policy. But regardless of whether a policy is written, it must be implemen ted thoughtfully, conscientiously and consistently.A procedure will not be useful if performed mechanically without a sharp continuing focus on conditions to which the policy is directed. It is essential that conditions identified as a result of the procedures be investigated and appropriate corrective actions taken. Along with assessing risks, management should identify and put into effect actions needed to address the risks. The actions identified as addressing a risk also serve to focus attention on control activities to be put in place to help ensure that the actions are carried out properly and in a timely manner. Control activities are very much a part of the process by which an enterprise strives to achieve its business objectives. Control activities serve as mechanisms for managing the achievement of that objective.Such activities might include tracking the progress of the development of the customer buying histories against established timetables, and steps to ensure accura cy fo the reported data. Controls over information systems Two broad groupings of information systems control activities can be used. The first is general controls – which apply to many if not all application systems and help ensure their continued, proper operation. The second category is application controls, which include computerized steps within the application software and related manual procedures to control the processing of various types of transactions. Together, these controls serve to ensure completeness, accuracy and validity of the financial and other information in the system.General controls commonly include controls over data center operations, system software acquisition and maintenance, access security, and application system development and maintenance. These controls apply to all systems – mainframe, minicomputer and end-user computing environments. Application controls are designed to control application processing, helping to ensure the completen ess and accuracy of transaction processing, authorization and validity. Particular attention should be paid to an application’s interfaces, since they are often linked to other systems that in turn need control to ensure that all inputs are received for processing and all outputs are distributed appropriately.Controls over system development requiring thorough reviews and testing of applications ensure that the logic of the report program is sound, and that it has been tested to ascertain that all exceptions are reported. To provide control after implementation of the application, controls over access and maintenance ensure that applications are not accessed or changed without authorization and that required, authorized changes are made. The data center operations controls and systems software controls ensure that the right files are used and updated appropriately. The relationship between the application controls and the general controls is such that general controls are nee ded to support the functioning of application controls, and both are needed to ensure complete and accurate information processing.The concepts underlying control activities in smaller organizations are not likely to differ significantly form those in larger entities, but the formality with which they operate will vary. Further, smaller entities may find that certain types of control activities are not always relevant because of highly effective controls applied by management of the small or mid-size entity. An appropriate segregation of duties often appears to present difficulties in smaller organizations, at least on the surface. Even companies that have only a few employees, however, can usually parcel out their responsibilities to achieve the necessary checks and balances.Controls over information systems, particularly general computer controls and more specifically access security controls, may present problems to small and mid-size entities. This is because of the informal way in which control activities are often implemented. CHAPTER 5: INFORMATION AND COMMUNICATION Every enterprise must capture pertinent information – financial and non-financial, relating to external as well as internal events and activities. The information must be identified by management as relevant to managing the business. It must be delivered to people who need it in a form and timeframe that enables them to carry out their control and other responsibilities.Information is needed at all levels of an organization to run the business, and move toward achievement of the entity’s objectives in all categories – operations, financial reporting and compliance. Information is identified, captured, processed and reported by information systems. The term â€Å"information systems† frequently is used in the context of processing internally generated data relating to transactions, such as purchases and sales, and internal operating activities, such as production p rocesses. Information systems sometimes operate in a monitoring mode, routinely capturing specific data. In other cases, special actions are taken to obtain needed information.Keeping information consistent with needs becomes particularly important when an entity operates in the face of fundamental industry changes, highly innovative and quick-moving competitors or significant customer demand shifts. Systems support strategic initiatives. The strategic use of information systems has meant success to many organizations. Using technology to help respond to a better understood marketplace is a growing trend, as systems are used to support proactive rater than reactive business strategies. Integration with operations. The strategic use of systems demonstrates the shift that has occurred from purely financial systems to systems integrated into an entity’s operations.These systems help control the business process, tracking and recording transactions on a real-time basis, often inc luding many of the organization’s operations in an integrated, complex systems environment. The effect of integrated operations systems is dramatic, as can been seen in the just-in-time (JIT) inventory system. The systems themselves order and schedule arrival of new materials automatically, frequently through the use of EDI (electronic data interchange). Many of the newer production systems are highly integrated with other organizational systems and may include the organization’s financial systems. Acquisition of technology is an important aspect of corporate strategy, and choices regarding technology can be critical factors in achieving growth objectives. Decisions about its selection and implementation depend on many factors.These include organizational goals, market-place needs, competitive requirements and, importantly, how the new systems will help effect control, and in turn be subject to the necessary controls, to promote achievement of the entity’s objec tives. It is critical that reports contain enough appropriate data to support effective control. The quality of information includes ascertaining whether: – Content is appropriate – Is the needed information there? – Information is timely – Is it there when required? – Information is current – Is it the latest available? – Information is accurate – Are the data correct? – Information is accessible – Can it be obtained easily by appropriate parties?All of these questions must be addressed by the system design. If not, it is not probable that the system will not provide the information required. Communication is inherent in information systems. Internal In addition to receiving relevant data for managing their activities, all personnel, particularly those with important operating or financial management responsibilities, need to receive a clear message from top management that internal control responsibilities must be taken seriously. Both the clarity of the message and the effectiveness with which it is communicated are important. In addition, specific duties must be made clear. Without this understanding, problems are likely to arise.In performing their duties, personnel should know that whenever the unexpected occurs, attention is to be given not only to the event itself, but also to its cause. In this way, a potential weakness in the system can be identified and action taken to prevent recurrence. People also need to know how their activities relate to the work of others. People need to know what behavior is expected, or acceptable, and what is unacceptable. Personnel also need to have a means of communicating significant information upstream in an organization. Front-line employees who deal with critical operating issues every day are often in the best position to recognize problems as they arise.For such information to be reported upstream, there must be both open channels of communicati on and clear-cut willingness to listen. People must believe their superiors truly want to know about problems and will deal with them effectively. In most cases, the normal reporting lines in an organization are the appropriate communications channel. In some circumstances, however, separate lines of communication are needed to serve as a fail-safe mechanism in case normal channels are inoperative. Communication between management and the board of directors and committees are critical. Management must keep the board up to date on performance, developments, risks, major initiatives, and any other relevant events or occurrences.The better the communications to the board, the more effective it can be in carrying out its oversight responsibilities, and acting as a sounding board on critical issues and providing advice and counsel. By the same token, the board should communicate to management what information it needs, and provide direction and feedback. External There needs to be approp riate communication not only within the entity, but outside. With open communications channels, customers and suppliers can provide highly significant input on the design or quality of products or services, enabling a company to address evolving customer demands or preferences. Communications from external parties often provide important information on the functioning of the internal control system.Communications to shareholders, regulators, financial analysts and other external parties should provide information relevant to their needs, so they can readily understand the circumstances and risks the entity faces. Communication takes such forms as policy manuals, memoranda, bulletin board notices and videotaped messages, or transmitted orally. Another powerful communications medium is the action taken by management in dealing with subordinates. Managers should remind themselves, â€Å"actions speak louder than words†. Information systems in smaller organizations are likely to be less formal than in large organizations, but their role is just as significant. CHAPTER 6: MONITORINGCircumstances for which the internal control system originally was designed also may change, causing it to be less able to warn of the risks brought by new conditions. Accordingly, management needs to determine whether the internal control system continues to operate effectively. Monitoring can be done in two ways: through ongoing activities or separate evaluations. Internal control systems usually will be structured to monitor themselves on an ongoing basis to some degree. The greater the degree and effectiveness of ongoing monitoring, the less need for separate evaluations. Usually, some combinations of ongoing monitoring and separate evaluations will ensure that the internal control system maintains its effectiveness over time. It should e recognized that ongoing monitoring procedures are built in to the normal, recurring operating activities of an entity. Because they are perf ormed on a real-time basis, reacting dynamically to changing conditions, and are ingrained in the entity, they are more effective than procedures performed in connection with separate evaluations. Since separate evaluations take place after the fact, problems will often be identified more quickly by the ongoing monitoring routines. An entity that perceives a need for frequent separate evaluations should focus on ways to enhance its ongoing monitoring activities and, thereby; to emphasize â€Å"building in† versus â€Å"adding on† controls. Ongoing monitoring activitiesExamples of ongoing monitoring activities include the following: – Extent to which personnel, in carrying out their regular activities, obtain evidence as to whether the system of internal control continues to function. – Extent to which communications from external parties corroborate internally generated information, or indicate problems. – Periodic comparison of amounts recorded by the accounting system with physical assets. – Responsiveness to internal and external auditor recommendations on means to strengthen internal controls. – Extent to which training seminars, planning sessions and other meetings provide feedback to management on whether controls operate effectively. Whether personnel are asked periodically to state whether they understand and comply with the entity’s code of conduct and regularly perform critical control activities. – Effectiveness of internal audit activities. Separate evaluations While ongoing monitoring procedures usually provide important feedback on the effectiveness of other control components, it may be useful to take a fresh look from time to time, focusing directly on the system’s effectiveness. Scope and frequency. Evaluations of internal control vary in scope and frequency, depending on the significance of risks being controlled and importance of the controls in reducing the risks.Evaluati on of an entire internal control system – which will generally be needed less frequently than the assessment of specific controls – may be prompted by a number of reasons: major strategy or management change, major acquisitions or dispositions, or significant changes in operations or methods of processing financial information. The evaluation scope will also depend on which of the three objectives categories – operations, financial reporting and compliance – are to be addressed. Who evaluates. Often evaluations take the form of self-assessments, where persons responsible for a particular unit or function will determine the effectiveness of controls for their activities. Then, all results would be subject to the chief executive’s review.Internal auditors normally perform internal control evaluations as part of their regular duties, or upon special requests of the board of directors, senior management or subsidiary or divisional executives. Similarly , management may use the work of external auditors in considering the effectiveness of internal control. The evaluation process. The evaluator must understand each of the entity activities and each of the components of the internal control system being addressed. It may be useful to focus first on how the system purportedly functions, sometimes referred to as the systems design. The evaluator must determine how the system actually works. The evaluator must analyze the internal control system design and the results of tests performed.The analysis should be conducted against the backdrop of the established criteria, with the ultimate goal of determining whether the system provides reasonable assurance with respect to the stated objectives. Methodology can be qualitative/quantitative (benchmarking) Documentation. The extent of documentation of an entity’s internal control system varies with the entity’s size, complexity and similar factors. Many controls are informal and undocumented, yet are regularly performed and highly effective. An appropriate level of documentation makes the evaluation more efficient, it facilitates employees’ understanding of how the system works and their particular roles, and easier to modify.Reporting deficiencies Deficiencies in an entity’s internal control system surface from many sources, including the entity’s ongoing monitoring procedures, separate evaluations of the internal control system and external parties. A deficiency may represent a perceived, potential or real shortcoming, or an opportunity to strengthen the internal control system to provide a greater likelihood that the entity’s objectives will be achieved. One of the best sources of information on control deficiencies is the internal system itself. A number of external parties frequently provide important information on the functioning of an entity’s internal control system.In considering what needs to be communicated, it is necessary to look at the implication of findings. A seemingly simple problem with an apparent solution might have far-reaching control implications. Findings of internal control deficiencies usually should be reported to the individual responsible for the function or activity involved, who is in the position to take corrective action, but also to at the lest one level of management above the directly responsible person. This process enables that individual to provide needed support or oversight for taking corrective action, and to communicate with others in the organization whose activities may be affected.Where findings cut across organizational boundaries, the reporting should cross over as well and be directed to a sufficiently high level to ensure appropriate action. Providing needed information on internal control deficiencies to the right party is critical to the continued effectiveness of an internal control system. Protocols can be established to identify what informatio n is needed at a particular level for decision-making. Reportable conditions ( significant deficiencies in the design or operation of the internal control structure, which could adversely affect the organization’s ability to record, process, summarize and report financial data consistent with the assertions of management in the financial statements. SME ( more ongoing monitoring, less like to do separate (few people, notice quicker)