chain’s model (service levels) for determining bonuses — the weather. Failure to take weather into
               account in the model used to determine bonuses could have a negative impact on internal control.
               Employees, in order to receive their bonus, might overstate the number of orders filled. This, in turn,
               could cause revenue to be overstated.

               A performance measure management could introduce into the bonus model — and one that might
               improve internal control related to reliable financial reporting — comes from customer surveys. A
               customer survey might ask whether the customer’s bill was accurate with respect to its amount and
               type of food served. Employees could be paid a bonus based on the restaurant receiving an overall
               “yes” response to this question of 90% or more. This would provide some assurance that revenue
               was recorded correctly and that inventory category (e.g., meat or fish) amounts were reliable.

              Point of focus — Considers excessive pressures
               Management and the board of directors (those charged with governance) evaluate and adjust
               pressures associated with the achievement of objectives as they assign responsibilities, develop
               performance measures, and evaluate performance.
               One excessive pressure associated with this principle, for example, is unrealistic performance targets,
               particularly for short-term results. This point is stressed in generally accepted auditing standards
               (GAAS). AU-C section 240, Consideration of Fraud in a Financial Statement Audit (AICPA, Professional
               Standards), which notes that an excessive pressure is for management to attempt to meet earnings
               expectations of external parties that are unduly aggressive or unrealistic. For example, a for-profit
               entity might have pressure to misstate financial statements in order to meet certain ratio
               requirements contained in aggressive debt covenant agreements.

              Point of focus — Evaluates performance and rewards or disciplines individuals

               Management and the board of directors (those charged with governance) evaluate performance of
               internal control responsibilities (including adherence to standards of conduct and expected levels of
               competence) and provide rewards or exercise disciplinary action as appropriate.

               For example, the entity might have a zero-tolerance policy for personal use of entity resources. Some
               government agencies’ policies prohibit employees from sending personal emails over agency
               devices, such as agency-owned office computers or mobile devices. In this example, the IT
               department’s email filter software captures all email (including personal email) and reports violations
               of this policy to the employee’s supervisor for appropriate disciplinary action (warning, suspension, or
                          6
               dismissal).

















            6
              In this example, there are access restrictions prohibiting any usage of IT resources other than email. Internet
            access is not available to employees.


            © 2020 Association of International Certified Professional Accountants. All rights reserved.    3-14