Mostof the challenges that organizations face in the modern world can beattributed to the lack of internal controls. Inadequate controlssubject the organization to the risks of fraud and business failure(Dickins, O’Hara & Reisch, 2010). The blame for the internalcontrol deficiencies should be passed on to several stakeholders,including the management and internal auditors. The two parties, themanagement and the internal auditor, should use credible frameworks(such as the COSO model) to develop and assess the effectiveness ofinternal controls for their organizations. In this paper, internalcontrol deficiencies at QSGI Incorporation and the key proceduresthat should have been followed to prevent those deficiencies will bediscussed.
QSGIIncorporation is a U.S. based company that offers informationtechnology solutions to government agencies and private companies.The aim of providing these IT solutions is to help QSGI clientsreduce asset maintenance costs, manage their assets better, establishthe best practices for their data security, and regulatory compliance(Bloomberg, 2016). Ironically, it was discovered in 2014 that QSGIhad failed to comply with the disclosure regulations provided by theSarbanes-Oxley Act. The company’s CEO, Marc Sherman, and its formerCFO, Edward Cummings, certified that the company had established therequired internal controls, but that was not the case.
AlthoughQSGI’s internal control deficiencies were discovered in 2014, it isevident that actual deficiencies started affecting the company in2008. The two officials, the CEO and the CFO, indicated in thefinancial statements that adequate inventory controls had been put inplace in the company’s Minnesota operations. The CEO and CFO signedForm 10-K and Form 10-K/A, where both of the forms contained themanagement reports. The signing of the two forms certified that theofficials were satisfied with the level of internal controlsestablished to regulate all operations of the company. In addition,the CEO and the CFO signed certifications that are stipulated inSection 302 of Sarbanes-Oxley Act (U.S. Securities and ExchangeCommission, 2014). By signing these certifications, Sherman andCummings, declared that they had read all financial reports and madethe necessary disclosures to the external auditor.
Detectionof QSGI internal control deficiencies
QSGIIncorporation had been operating with significant internal controldeficiencies between 2008 and 2014, when they were discovered.However, the company’s decision to file for bankruptcy in the year2009 raised suspicion regarding the strength of its internal controls(SEC, 2014). The persistent poor financial performance provoked theU.S. Securities and Exchange Commission (SEC) to evaluate the QSGI’sfinancial and management reports starting from 2014 back to 2008.This evaluation resulted in several discoveries regarding the statusof internal controls. First, the Enforcement Division of SEC reportedthat Sherman, the company’s CEO, had not assumed an active role inthe process of assessing the strength of internal controls asindicated in the financial reports (SEC, 2014).
Secondly,SEC discovered that Sherman and Cummings had not made an accuratedisclosure of the existence and the strength of the internal controlsto the external auditor. On the contrary, the CEO and the CFO misledthe external auditor by withholding information about the inadequacyof inventory control in the Minnesota’s operations (SEC, 2014). Thecompany had failed to put in place adequate internal controls thatcould take account of the control environment that existed inMinnesota operations. For example, SEC observed that the experiencesand the qualification of employees in the inventory department wereinadequate. The warehouse and sales employees failed to record theremoval of different items from inventory. The SEC also observed thatthe accounting employees failed to process the paperwork done byinventory personnel and adjust the company’s financial recordsaccordingly (SEC, 2014).
Mostimportantly, the management of QSGI engaged in activities thatreduced the strength of existing internal controls. For example,Cummings took part in a series of maneuvers that resulted in theacceleration of recognition of some accounts receivable and inventory(SEC, 2014). This was done under the direction of the CEO, whointended to give a false reflection of the QSGI’s financialstatements in order to attract financiers. The maneuvering processesallowed the management to bypassed internal controls that werealready weak.
Proceduresthat could have prevented internal control deficiencies
TheSEC reports indicated that QSGI Incorporation experienceddeficiencies in its inventory controls, which subjected the companyto the risk of bankruptcy. These deficiencies could have beenaddressed using procedures provided by the Committee of SponsoringOrganizations (COSO) framework. Based on COSO framework, themanagement of QSGI would have prevented internal control deficienciesby following four procedures. The first procedure is theestablishment of a control environment. COSO framework is based onthe notion that internal controls can only work when the governingbody is committed to integrity and assumes responsibility for theeffectiveness of the internal control system (Dickins, O’Hara &Reisch, 2010). This implies that the CEO, CFO, and other topexecutives should have spearheaded the process of establishinginventory controls for the Minnesota’s operations. This is becausethe top management has the capacity to enlist the support of thejunior employees and provide guidance in the process of developingand implementing new internal controls.
Thesecond procedure is risk assessment, which involves theidentification of potential perils that the organizations could beexposed to as a result of weaknesses or the lack of internal controls(Beasley, 2007). This procedure would have allowed the management todiscover that the lack of inventory controls subjected the company tothe risk of losing a lot of stock, which was the major cause of thebankruptcy reported in 2009.
Thethird procedure is the establishment of control activities that canbe used to address risks identified during the risk assessmentprocess (Beasley, 2007). This procedure would have helped Shermanand Cummings determine whether the risks associated with the lack ofinventory controls should be reduced, avoided, shared, or accepted.For example, a decision to accept the risk would have resulted in theclosure of operations in Minnesota. A decision to respond to theserisks would have resulted in the development of internal controlfunctions in Minnesota operations. This would have helped themanagement ensure that all inventories are recorded and financialstatements adjusted accordingly.
Thefourth procedure is monitoring, which involve periodic assessment ofthe functionality of the internal controls (Dickins, O’Hara &Reisch, 2010). This would have helped Sherman and Cummings keep onupdating the company’s inventory control system in order to addressemerging risks. The success of the four procedures would have beenfacilitated by effective communication and the flow of information.
Internalcontrol deficiencies subjected QSGI Incorporation to the risks offraud and bankruptcy. The occurrence of these deficiencies can beattributed to the lack of commitment on the part of the CEO and CFOto develop suitable inventory controls in company’s operationslocated in Minnesota. The management was aware of these deficiencies,but failed to disclose them in the financial reports. These inventorycontrol deficiencies should have been prevented by following severalprocedures, including the establishment of a control environment,effective risk assessment, control activities, and monitoring.
Beasley,S. (2007). Internalcontrols in a COSO environment seminar.Raleigh: Office of State Controller.
Bloomberg(2016). Company overview of QSGI Incorporation. Bloomberg.Retrieved June 3, 2016, fromhttps://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542561150
Dickins,D., O’Hara, M. & Reisch, J. (2010). Frameworks for establishingand evaluating internal controls: A primer and case study. Journalof Case Research in Business and Economics,1, 1-16.
U.S.Securities and Exchange Commission (2014). SEC charges company CEOand former CFO wit hiding internal controls deficiencies andviolating Sarbanes-Oxley requirements. SEC.Retrieved June 3, 2016, fromhttps://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542561150