Objective of the internal control

As per the profile of the company McDonald it is important that it should evaluate the workings at every location as it is engaged in serving fast food across innumerable locations. Hence, it is obvious that the company must have written policies in a clear cut manner and procedures must be present that will help in revenues, production, ethics and customer attraction. An internal control mechanism guided by the framework of COSO and COBIT is the need of the hour.

The internal control system is designed in a manner that will provide assurance on a reasonable basis regarding the financial reporting reliability and provide the best service to the customers (O’Brien & Marakas, 2009).  The COSO framework will help the business of McDonald to develop, evaluate and enhance the prospect of internal control. The utility of internal control for McDonald can be stated to be of utmost importance as it will lead to the better result that will be in tune with the customer services in terms of quality, service, as well as cleanliness (McDonald, 2016). The main aim of internal control for McDonald will be to provide the user with reasonable assurance and hence, the information can be depended upon to take decisions.  Further COBIT will provide business with an information technology that will help in the creation of value and tame the risk (Basta et. al, 2013).

• To enable the organization to project a commitment in respect of integrity, as well as ethical values. This will set the tone for the organization and will enable to adhere to a code of conduct. The deviation will be tracked in a timely manner and hence, can be resolved at the earliest thereby; disruption of services or problem to the customer can be negated.
• To enable the organization to spot any fraud and to assess the risk that is involved.  It will enable to assess the rationalization that will drive the business in an ethical manner. Moreover, the business can perform in a profitable manner (Hemmer & Labro, 2008).
• To select and develop control activities over technology so that a better control can be ascertained. It leads to security management and infrastructure control activities.
• Appropriate utilization of all resources and reduction of the IT risk (Deloitte, 2016).
• Maintaining control so that profitability can be ensured in an environment that is changing and the provides the appropriate insight to lay down a policy that is clear and ensure good practice (Jex & Britt, 2008).

Internal control can be defined as the main route towards effective compliance, as well as risk management. The updates of the COSO must be reviewed from time to time so that the control measures can be assessed. To establish or implement the COSO framework, the following must be done

Control environment – the control environment can be defined as the control that leads to proper addressing of the risk. It can be implemented by the board and the senior management that will establish the tone and will state the importance of the internal control. Moreover, the expected code of conduct that is essential will be prescribed. It will comprise of the ethical values and integrity, the parameters that need to be followed (Deloitte, 2016). The implementation can be done by authority assignment and the manner of attracting, as well as retaining individuals. This will have a strong influence on the overall process of internal control.

The following must be strictly observed in the organization for effective implementation:

• The department policies should be of high standard and manuals should be present that will address the activities that are significant in nature.
• The ethical issues must  be clearly laid down for effective implementation
• Appropriate policies will set the tone for a strong internal control framework
• The workers must be kept under proper scrutiny so that the flow can be traced and steps can be taken accordingly. A proper distinction must be done between the physical and virtual source of communication (Pinder, 2008).

Risk assessment – Risk can be stated as that event that impacts the attainment of goals. It contains a dynamic, as well as different process for the implementation. Internal control can be implemented by the assessment of the risk. Once the risk is ascertained and the SWOT analysis is done, it becomes easy to determine how the risk will be managed (Deloitte, 2016). This sets the tone for the implementation. Moreover, risk assessment leads to the implementation of objectives that rests on the various level of the entity. Once, the risk is evaluated then the implementation of internal control can be done. The following must be ascertained for effective implementation:

• What can go wrong
• What are the assets that are needed?
• How can disruptions happen?
• How the activities can be inter related
• On what information the reliance can be done

Implementation

Control activities – Policies and procedures determine the control activities and are one of the major factors when it comes to the implementation of internal control. This helps in risk mitigation and hence, the objectives remain unaffected. The stages of the process of the business are ascertained and accordingly a decision is taken. It is performed at every level of the entity that is the technology environment (Deloitte, 2016). In this scenario, the duties are segregated so that a better decision can be done and alternative mechanism can be developed.  The control activities should comprise of proper written documents for approval, necessary information for supporting the implementation, effective budgeting, indicators of performance, etc.

The process of internal control can lead to effective results both in terms of business, as well as the attraction of new customers. As McDonald belongs to the service industry, the maintenance of profitability is an important consideration that can be attained through the help of an internal control mechanism (Meyer, 2009). In the absence of a strong internal control mechanism, it would be difficult to gather sales. The value addition can be seen in terms of enhanced practice by the workforce as they will be kept under scrutiny. Moreover, a balance can be noted between the physical, as well as a virtual source of communication.

Further, strong internal control can lead to the better prospect that helps the business to prosper. The internal control will help in answering various questions that will act as a guard and accordingly steps can be taken to understand the logic of the customers. This will aid in bringing more business (Cohn et. al 2013). Further, any chances of fraud can be combated at the earliest. Thereby, the organization will be safeguarded from the clutches of the fraud.  The internal control mechanism is designed to ensure an ethical business that will ultimately provide profitability. Hence, the benefit can be spotted in the case of revenue and customers (Palmer et. al, 2008).

Therefore, once the system of enhanced and updated internal control system is implemented it will bring results in terms of revenue and customers. Any chances of fraud will be altogether eliminated and once a strong control is established it will provide better opportunities. This can helps the business to flourish. It is important that the matter bearing risks must be responded in a correct manner (Harrison, 2005).

 There are some challenges and limitations that can be observed when it comes to the process of an internal control. The issues for implementing internal control are as follows:

• The COSO and COBIT framework might be of complexity to the organization and hence it might involve problem for the management. On the other hand, the management might fail to get a clear view of the framework and might end up doing wrong (Hemmer & Labro, 2008).
• Separation of duties is another big problem when it comes to implementing the internal control system. A small organization can easily handle the critical function but when it comes to a larger organization such as McDonald there might be issues in the completion of the task as it becomes a critical process and segregation of duties leads to further issues (Cohn et. al 2013).
• There might be a weakness when it comes to the process of internal control in respect to the IT area. Thereby, the implementation may run into a wrong direction and hence, not able to evaluate the risk.
• The main aim of the compliance activities are not clear and are uncertain. It is one of the potent issues and exposes the business to the risk.
• There might be an uncertainty in terms of the establishment of the internal control whether correct scope and maturity are present in the activities of the company (Hitt et. al, 2008).
• A certain level of achievement is attained by the company in terms of internal control and now when an update or enhancement needs to be done there appears a bottleneck (Haes & Grembergen, 2015).
• Adequate processes are absent when it comes to the process of evaluation because actual performance needs to be known.
• For the proper conduct of the business and implementation of the internal control it is obvious that the HR can hire and fire employees, however, it might not go in the good books of the employee.

 References

Ashkenas,R 2011, Solving the Rubik’s Cube of Organisational Structure, viewed 15 July 2017 https://blogs.hbr.org/ashkenas

Basta, A., Basta, N. & Brown, M., 2013, Computer security and penetration testing, Cengage Learning.

Cohn, JM, Khurana R, & Reeves L 2005, ‘Growing talent as if your business depended on it’, Harvard Business Review, vol 83, no. 10, pp. 62–70.

Deloitte 2016, COSO – An Approach to Internal Control Framework, viewed 15 July 2017 https://www2.deloitte.com/ng/en/pages/audit/articles/financial-reporting/coso-an-approach-to-internal-control-framework.html

Haes, S.D & Grembergen, W.V 2015, COBIT as a Framework for Enterprise Governance of IT. Enterprise Governance of Information Technology: Achieving Alignment and Value, Featuring COBIT 5, Springer

Harrison, R 2005, Learning and Development, CIPD Publishing.

Hemmer, T & Labro, E 2008, ‘On the optimal relation between the properties of managerial and financial reporting systems’, Journal of Accounting Research, vol. 46, pp. 1209–1240.

Hitt, M., Ireland, R. D. & Hoskisson, R 2012, Strategic management cases: competitiveness and globalization, Cengage Learning

Jex., S.M. & Britt, T.W 2008, Organisational Psychology, Hoboken, New Jersey.

Meyer, A 2009, ‘Leading Innovation’, International Journal of Innovation Science, vol. 1, no. 2, pp. 103-109.

McDonald 2017, McDonald profile, viewed 15 July 2017, https://mcdonalds.com.au/

O’Brien, J & Marakas, G 2009, Management Information Systems, McGraw-Hill.

Palmer, I, Dunford, R. & Akin, G 2008,  Managing organizational change: A multiple perspectives approach, McGraw-Hill Higher Education

Pinder, C 2008, Work motivation in organisational behavior, New York: Psychology Press