Internal ControlInternal ControlsTori ParsonsACT450 – AuditingColorado State University – Global CampusProf. Brian Weaver1/14/18Internal ControlProper internal controls are essential to a successful business. Without these in order, the business can quickly crumble. By protecting a company with efficient internal controls, they would be safeguarding themselves from potential cases of fraud. Internal control is a series of controls designed by management to promote accurate financial reporting and continue the objectives of the business. It is also necessary that the internal controls adhere to the Generally Accepted Auditing Standards and management policies. The main goal of internal control is to prevent fraud and potential loss of assets. This system focuses on how an accounting system can be successful if they question which internal controls are working and which of those that aren’t. Current Problems in Norton CorpThe manager’s contention is wrong. According to the AICPA, the principle of segregation of duties is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department. Without this separation in key processes, fraud and error risks are far less manageable. (AICPA, 2018)In the current scenario presented by Norton Corporation, it seems that segregation of duties is a major issue. The current lack of controls allow for employees to take advantage of other department’s resources. Incorrectly managing inventory is an example of this. When Norton Corporation is not compliant to appropriate internal controls, it can give off a disorganized company look to consumers. Not complying to proper internal controls can also leave Norton Corp with a few fines. The concerning employee receives the requisitions for stores, disburses the stock, maintains the records, operates the computer, and authorizes adjustments to the total amounts of stock recorded by computer rises suspicion that the employee could be doing something. Given that an employee has control over many actions of the company, it would be suggested to limit this employee to one or two of those actions. When an individual is in charge of so many transactions it would cause some alarm to an auditor. Having multiple employees offers some sort of checks and balances for the company’s internal controls. In some respects, having proper controls can assist with decision making. In addition, having the resource numbers correct and not replaced with fraudulent values is helpful for managers. On another note, having multiple locations with multiple employees running it and not having a main location to keep the documents can cause some security issues in the future.5 Internal ControlsIn this scenario, the five following controls would be suggested:Access Controls – An access control is a process to determine who does what defined by a company. This generally controls who gets in and out and the resources consumed. There are two different types of access controls – logical and physical. Logical access has to do with gaining access through programs and applications. On the other hand, physical access regards physically preventing fraud from happening. Some physical controls would fall under the category of placing extra locks on computers and preventing other employees from using the microcomputers.Data Integrity Controls – Data integrity controls have to do with having correct values. Users are given keys or IDs to enforce the integrity. This control is primarily focused on providing accuracy and consistency of data over its lifetime. Sensitive data loss can be an issue at if this control is not in place. Some of the problems that can originate are from human error or transfer error. This can happen when values are being copied from one location to another. There is also the risk of bugs and viruses impacting compromised hardware. It is essential that the users devices are also secure to prevent any kind of security breach.Financial Controls – Financial controls would assist with managing the finances of Norton Corporation. Given that finance itself requires more safeguarding than other controls. As this is the future of the business, it is important to require an authorization to access finances.Organizational Controls – These type of controls would regulate business activities to meet company goals. These predetermined standards are decided by the company and monitored by the manager. Organizational controls in Norton Corporation would also assist management in defining the responsibilities that each role would have. This would limit the amount of access and control that an individual employee has in the company. It not only defines the roles of the employees, but the roles of certain departments in the organization. When there is proper distribution of responsibilities, the company will work more fluently.User Controls – These type of controls would set limits on who could access the documents. There are many types of user controls that can be implemented, and it is very important that Norton Corporation takes full advantage of limiting what certain employees can see. Some of these controls are boundary controls, input/output controls, and processing controls. Boundary controls have to do with the authentication of the user and the account. Input controls verify the accuracy of the value being examined. Finally processing controls relate to assisting in entering the data. ConclusionInternal controls are fundamental to have a successful business. By maintaining the functionality of the business internally, it is able to reach its full working capacity. These controls would be useless unless they are appropriately monitored. With the addition of access controls, data integrity controls, financial controls, organizational controls, and user controls, Norton Corporation will find their assets to be much more safeguarded.ReferencesSchaefer, C. (2017, May 26). Understanding the Difference Between Physical Access Control and Logical Access Control. Retrieved January 14, 2018, from http://mintcontrols.com/understanding-the-difference-between-physical-access-control-and-logical-access-control/Segregation of Duties. (n.d.). Retrieved January 14, 2018, from https://www.aicpa.org/interestareas/informationtechnology/resources/auditing/internalcontrol/value-strategy-through-segregation-of-duties.htmlWhittington, R, and Pany, K. (2014). Principles of Auditing & Other Assurance Services (19th Ed.). New York, NY: McGraw-Hill, Irwin.