An experienced auditor knows the procedures associated with assessing fraud or other inherent...


An experienced auditor knows the procedures associated with assessing fraud or other inherent risks. In today's scandal-ridden financial environment, an auditor's ability to spot the trappings of potential hidden problems in an audited entity's internal control system is essential.

Discuss and contrast the issues surrounding the implementation of a comprehensive internal control structure in a large corporation and in a small family-owned business with only six employees. Consider the limitations of systems in both a large company and a small company and the constraints of cost-benefit.

Internal Auditing:

Internal auditing is the process of reviewing internal practices, records, and accounting. Internal auditing is designed to identify fraud, mistakes, and possible ways to improve processes.

Answer and Explanation:

Internal control structures within large organizations must be much more robust than those governing smaller organizations. Larger organizations will be more prone to penetration by corporate spies and fraud. Therefore, significant investment to prevent fraud and other risks is a worth high investment to protect corporate secrets and profits. Without serious investment into internal control systems and audits, a large firm would be susceptible to fraud from the competition. Internal protections may include documentation of all internal emails and documents, backup and storage of information, and tracking or limitations on portable storage devices. An auditor will need to not only review trends in data for fraud but may need to look in-depth for serious schemes to cover up corporate theft.

The family organization with six employees does not need the same robust internal audit controls a large business needs. The firm should review financial records to ensure money is not accidentally or intentionally missing or stolen. However, internal audits to review emails and communications will not need to be the same as the larger organization will require. Basic review of ledgers on a certain periodicity should ensure the small business identifies any negative trends and catches any potential internal fraud. Implementing higher-level controls such as monitoring communications should not be necessary. Robust protection of computer systems should only be necessary if the small business is involved in the technology industry. However, audits and other internal controls would not be as necessary.

Learn more about this topic:

Financial Risk: Types, Examples & Management Methods

from Finance 305: Risk Management

Chapter 1 / Lesson 4

Related to this Question

Explore our homework questions and answers library