You see if one agent has tendencies to

You are part of an investigation team visiting an office branch to conduct surprise audit on the staffs and the processes running there.

Office branches helps the daily operation at different cities and consist of these activities:- Onboarding staffs: Recruiting new drivers- Driver Support Unit staffs: Handling driver’s complaints and updating existing driver’s data with new information – Inventory staffs: Managing inventory- Driver Exit Management staffs: Collecting penalties and outstanding installment of terminated driversa) What are the key areas that you would investigate during the audit and how would you do it?b) What are the basic internal controls that should be placed for each activity mentioned above?c) What are potential fraud scenarios committed by internal staffs there that you have in mind?a)Onboarding staffs1. To ensure that proper background check of new driver has been done by sample-checking on background checklist done by agent and has been acknowledged by supervisor2. To ensure that no discriminatory hiring process has been done by obtaining acknowledgement letter from supervisor that the agent has been informed not to do discriminatory hiring.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Checking the new drivers’ basic information and grouped by agent to see if one agent has tendencies to recruit based on one religion or race etc.3. To ensure the complete, accurate, and proper documentation of new driver’s record has been done. We will have to check if recruiting agent and management has approved the new driver’s record.

Sample checking on new driver’s record forms from document storage and matched it with database. Ensure that there is no duplication for drivers’ information. Check that the new driver’s information has been reflected in the next month of drivers’ list4.

To ensure that the hiring contract has been received and acknowledged by both company and driver by checking on physical hiring contract form that signed by driver and agent and acknowledged by management5. To ensure that the new driver’s record and installment amount has been properly and accurately stored in the database by sample checking on new driver’s record from database and matched it with document storage. Ensure that there is no duplication for drivers’ information6. To ensure confidentiality policies of drivers’ record in the database has been properly done by testing the IT security controls such as ensuring that periodic change password for every IT user has been done by checking on password history record, management approval requirement for any new user by checking on new database user approval form and see if it has already signed by management, ensuring segregation of duties for IT access by re-performance of accessing database using different type of user based on its access privileges, timely review if each user’s control access has been appropriate by checking on user accounts’ review form and signed by management7. Checking existence of new driver by calling or meeting the driverDriver Support Unit Staffs1.

To ensure that the updated driver’s record has been properly and accurately updated in the database. We will have to check if the driver’s update request form has supporting evidence of the new information (e.g copy of new drivers’ ID or vehicle’s license) attached and has been approved by recruiting agent and management. Sample checking on update request form from document storage and matched it with database. Sample checking on update request from database and matched it with actual request form. Ensure that there is no duplication for drivers’ information.

Check that the driver’s updated information has been reflected in the next month of drivers’ list2. To ensure the accuracy of new information of the driver by calling the driver using new phone number or sighting to the actual update driver information form to check if supporting evidence is sufficient as supporting document for new information3. To ensure that the driver’s installment record has been properly and accurately updated in the database by checking on installment and settlement record of a driver and recalculate to ensure its accuracy and completeness.

Check also whether the bank credit or deduction from GO-PAY account has been justified and accurate according to the installment or penalty settlement record by crosscheck to GO-PAY account or bank statement transfer list and signed by management. Check if the updates have been reflected to next month driver’s installment record from database4. To ensure confidentiality policies of drivers’ record in the database has been properly done (e.g using restricted access or segregated users control) by testing the IT security controls such as ensuring that periodic change password for every IT user has been done by checking on password history record, management approval requirement for any new user by checking on new database user approval form and see if it has already signed by management, ensuring segregation of duties for IT access by re-performance of accessing database using different type of user based on its access privileges, timely review if each user’s control access has been appropriate by checking on user accounts’ review form and signed by management5. To ensure that driver’s complaint has been properly handled and documented by agent and reviewed by operation manager and relevant department’s manager (ensuring segregation of duties) by checking on complaint form filled by agent and ensure that it has been reviewed and signed by management6. To ensure that the complaint has been properly followed up by relevant department and ensuring that such complaint has lesser frequency occurrence by checking on complaints’ statistics trend and inquire to management on the follow ups that has been implemented so far7. To ensure that proper complaint handling has been conducted in adherence with company policies, including keeping its confidentiality, by inquire with the agent and re-performance of complaint handling process to ensure if the company has keep its anonymityInventory staffs1.

To ensure that proper storage control against theft has been implemented by observing and enquiring on the security system implemented in the storage. We need to see if the control on locks and CCTVs are implemented periodically by sighting to review records and also re-perform control on locks and CCTVs. We also need to check if all truck drivers’ movement list, delivery order and good delivery notes has been signed by security guard and inventory manager by sample check the documents and observe if they have already signed accordingly2. To ensure reliable and accurate inventory and accounting record with acknowledgement by inventory manager and finance manager by conducting periodic stock count and match its existence to database and vice versa. Othercontrols such as labeling and inventory placement to avoid any human error must also be done.3. To ensure inventory movements have been accurately and completely recorded in the inventory and accounting record (ensuring accurate transfer of ownership cut-off period) by checking on the first and last few batches of inventory in and out and match it with delivery order and goods receiving notes signed by inventory manager and relevant department manager. We need to check if the latest several batches in and out can be matched with actual inventory amount by performing inventory counts.

The timing of sending and receiving inventory must also be checked to ensure the cut-off transfer of ownership of inventory has been appropriately recorded4. To ensure that inventory officers have conducting inventory management properly in adherence to company and government law by reviewing periodic training conducted by the company ensuring full attendance and signed by the trainer5. To ensure that damaged or expired useful life inventory has been written off from database by sighting at database and trace it to inventory located at area assigned for damaged or expired useful life inventory6. To ensure that unauthorized personnel should not be granted access by reviewing visitors’ list that acknowledged by security guard and inventory manager and checking on permission slip as supporting evidence for sampled visitor to be granted access to the storage facility7. To ensure that inventory is sent or received in proper amount and condition by checking on delivery order signed by customer, deliveryman, and inventory manager and goods delivery notes signed by deliveryman, inventory manager, and customerDriver Exit Management Staffs1. To ensure that the penalty detail list and outstanding installment record have been properly and accurately documented in database and periodically reviewed by the driver agent’s supervisor and operation manager (ensuring segregation of duties) by inspecting if management has been aware and reviewed the records and inquire the management on the follow ups of the outstanding balance2. To ensure that terminated driver’s record has been completely removed from database since the next month of termination period and acknowledged by agent’s supervisor and operation manager (ensuring segregation of duties) by checking on management-approved termination form and trace it back to the database to ensure its removal3.

To ensure that the payment of outstanding installment and penalty has been checked and received by the agent with its amount has been acknowledged by operation manager and finance manager (ensuring segregation of duties) by checking whether bank credit, GO-PAY account deduction, or cash payment record has been justified and accurate according to the settlement record via cross-checking to GO-PAY account, bank statement transfer list, or cash payment record and signed by management. Check if the updates have been reflected to next month driver’s installment record from database. Inquire with management on how to follow up or dispose on any outstanding balance beyond termination date4. To ensure that terminated driver’s penalty and installment record has been completely removed from database if settled and acknowledged by agent’s supervisor and operation manager (ensuring segregation of duties) by tracing onto the database for the recordb)Onboarding staffs1. Background checklist form must been done by recruiting agent and acknowledged by recruiting supervisor2.

Checking the new drivers’ basic information and grouped by agent to see if one agent has tendencies to recruit based on one religion or race etc. 3. New Driver’s record form must been obtained by the recruiting agent and acknowledged by recruiting supervisor4.

Hiring contract (including installment contract) must have been received and acknowledged by the driver and recruiting supervisor5. New drivers’ information list in the database is reviewed periodically and its supporting evidences (new driver registration form) are attached and reviewed by recruiting supervisor and operation manager (enhancing segregation of duties) before stored into database6. Periodic audit of existence of new driver by calling or meeting the driver7. Drivers’ database has restricted access or segregated users control assigned by IT department. IT security controls such as periodically change password for every IT user, management approval requirement for any new user, change of user privilege, and terminated user, ensuring segregation of duties for IT access, timely review if each user’s control access has been appropriate, and conducting investigation if there is any inappropriate attempt to access the databaseDriver Support Unit Staffs1.

Update request driver’s record form with its supporting evidences for new information must be obtained by the recruiting agent and acknowledged by recruiting supervisor2. List of updated drivers’ information retrieved in database is audited periodically and its supporting evidences (update request driver form) are attached and audited by recruiting supervisor and operation manager (e.g calling the driver if it is new phone number or sighting to supporting evidence) before updated in the database3. Drivers’ installment information list is reviewed periodically and acknowledged by finance manager and operation manager (enhancing segregation of duties). Any updates on installment or penalty outstanding balance must be cross-checked and matched to the deposit in the bank statement or deduction from GO-PAY account by finance officer and acknowledged by finance manager and operation manager before updating the installment information in the database4. Drivers’ database has restricted access or segregated users control assigned by IT department. IT security controls such as periodically change password for every IT user, management approval requirement for any new user, change of user privilege, and terminated user, ensuring segregation of duties for IT access, timely review if each user’s control access has been appropriate, and conducting investigation if there is any inappropriate attempt to access the database5.

Drivers’ complaint form has been properly handled and documented by agent. The form must be reviewed by operation manager and relevant department’s manager (ensuring segregation of duties)6. Periodic review of drivers’ complaint list by operation manager and relevant department’s manager (ensuring segregation of duties) to enforce follow-ups7. Using anonymity on the complaint formInventory staffs1. Using proper locks, CCTVs and hire security guards to prevent any theft from external party. Periodic check on locks and CCTVs to ensure that everything is in working condition. For every movement of the inventory, security guard should check and sign delivery order form that acknowledged by inventory manager and relevant department manager before granting permission to access the storage.

Also truck driver should sign the truck driver movement list for every entry to and departure from storage facility and acknowledged by security guard and inventory manager2. Periodic stock count must be done by inventory officer and supervised by inventory manager, finance officer and sales officer. Proper labeling and location segregation based on inventory category must be done in order to avoid any human error when inventory counting. 3. Periodic stock movement count must be done by finance and sales officer and crosscheck to inventory database and relevant delivery order and invoice so that to ensure the movement has been reflected in the database4. Periodic training and testing of inventory handling management to inventory officers to ensure its adherence to government and company policy5. Any inventory that has already passed its useful life must be notified by finance officer to inventory manager with acknowledgement by finance manager to place the inventory in assigned location for every damaged or expired useful life items before dispose and update to database6.

Any inventory that is damaged and cannot be sold must be notified by inventory officer to finance officer with acknowledgement by inventory manager to dispose the inventory accordingly. After acknowledgement from financemanager has been obtained, the inventory is disposed in assigned location for every damaged or expired useful life items before dispose and update it to database7. Any visitor with permission by management should fill up visitors’ form and acknowledged by security guard and inventory manager.

Security guard needs to ask for management approval form shown by visitor before giving the access8. Any inventory sent to customer, deliveryman should obtain delivery order signed by customer, inventory manager, and deliveryman to ensure the inventory sent and received by customer as per delivery order. Any inventory sent from customer, inventory manager should obtain goods delivery note signed by inventory manager, and customers ‘deliveryman to ensure the inventory received by inventory officer as per delivery order. Driver Exit Management Staffs1. Drivers’ installment information and penalty list is reviewed periodically and acknowledged by at least two relevant departments (enhancing segregation of duties). Any updates on installment or penalty outstanding balance must be cross-checked and matched to the deposit in the bank statement, deduction from GO-PAY account or cash payment record by finance officer and acknowledged by finance manager and operation manager before updating the installment information in the database2. Driver’s termination form must be raised by agent and approved by at least two relevant departments (ensuring segregation of duties) before the removal of driver from database.

Periodic review of drivers’ list in the database must be done by at least two relevant departments to check if the termination of previous month has been reflected in the current month list.3. Periodic review of outstanding installment and penalty.

If the outstanding installment and penalty has not been settled until last day, the agent officer may raise transfer approval form and seek acknowledgement from agent’s supervisor and operation manager to deduct the outstanding revenue earned by driver in order to settle the outstanding balance. After deduction has been successful, the outstanding balance shall be removed from database and acknowledged by managementc)Onboarding staffs1. Registering fake new drivers to fulfill KPI (reach monthly minimum number of new driver)2. Registering one driver several time to fulfill KPI (reach monthly minimum number of new driver)3. Inappropriate access to driver’s database to edit outstanding or penalty amount4. Registering personal family using fake vehicle’s ID to fulfill KPI (reach monthly minimum number of new driver)5.

Registering blacklisted driver due to personal reasonDriver Support Unit Staffs1. Inappropriate access to driver’s database to edit outstanding or penalty amount or any essential details of the driver2. Ignoring or deleting complaints from driverInventory staffs1. Theft or damage done by internal staff for personal reason2. Theft done by deliveryman and/or inventory officer upon shipment from supplier to the storage for personal reason3.

Inappropriate training on inventory officer, causing accident at work, increasing human error on inventory counting, damaging the inventory due to inappropriate care of inventory handling, or increased case of security system bypassed by officer so their job can be finished fasterDriver Exit Management Staffs1. Driver exited without settling the outstanding penalty or installment due to GO-JEK2. Driver is still included in the database even though the driver has been terminated due to database internal staff did human error or deliberately not remove the driver for personal reason3. If penalty is collected by cash, it is easier for internal staff to steal the money without providing sufficient record