Business risk, control systems and risk of fraud whitin bison hospitality ltd
BUSINESS RISK, CONTROL SYSTEMS
AND RISK OF FRAUD WHITIN BISON
SHEIK SHAMI ULLAH CHOWDHURY
KAZI NEHAL AHMED
MD. ISMAIL HOSSAIN
MR. KHWAJA ARAFAT ABDULLAH
CO-ORDINATOR AND FACULTY
SCHOOL OF BUSINESS, BAC
Components of Business Risk
An organizations board of directors implements
internal control System in order to assure :
o Reliability of Financial
o Effectiveness and
Efficiency of Operation.
o Compliance with Applicable
Laws & Regulations.
Not only that, an effective internal control system also
helps protect assets from misappropriation or
mishandling and it also minimize the potential for
waste & loss.
Risks & Limitations of Internal Controls
All internal controls have some limitations which
reduce their effectiveness.
(Carelessness, Inexperience or Error in Judgment)
(Failure to capture unusual activities within system)
(Senior management ignoring Policies)
(employees bypassing control by working with outsiders)
Identification & Assessment
In order to perform an audit, an auditor needs
to understand the organization’s internal
The auditor can then plan and define the
scope of the audit.
Based on preliminary evidence, the auditor
assesses the internal controls as being at
maximum risk, below the maximum and
effective, or below the maximum and
Finally the auditor determines how much and
what types of testing to plan for in the audit.
Standards for Auditors on Assessing Audit Risk
According to SAS (Statement of Auditing Standard)
Audit Risk has Three Components:
Inherent risk –
Means that there is susceptibility of an account balance or
class of transactions leading toward material misstatement.
Control risk –
Arises when misstatement in balances or classes, are not
being prevented, or detected and corrected by the
accounting and internal control systems.
Detection risk –
The possibility that the auditors’ substantive procedures are
not detecting a material misstatement in the records.
LEVEL OF RISK WHITIN BISON HOSPITALITY LTD.
In case of Bison Hospitality Ltd. Internal Control
Risk can be assessed as being Maximum. Because,
The risk of a material misstatement being present in
the financial reports are High.
The risk that the control will fail to operate as
designed are critical as well.
This means, no Tests of Controls are
needed since the internal control
procedures are ineffective.
However, we should plan to perform
a large amount of Substantive Tests to
see whether the financial statement’s
objectives are met or not.
The Control Systems Of Bison Hospitality Ltd.
Some more picture of Ideas Manzil – Bison
Bison Hospitality Ltd. through COSO
Vision is clearly set, written objectives missing, policies are
missing/not being implemented therefore expectations not met.
Operations have an ‘adhoc’ feel.
As the objectives are not clearly set, risk assessments are
based on managerial skills/initiative rather than system, no
written protocols at play
Active but not synced together.
(Details given in the internal control activities)
Internal communication is based on one to one meets,
Requisitions with implications on finance follows predefined
routes and requires authorization. Job responsibilities needs to
be drawn up which will assist in the disbursement of
information throughout the hierarchy.
Monitoring is usually one dimensional (downward),
interventions required to formalize the monitoring process,
Bison Hospitality Ltd. – Internal Control Activities
Segregation of duties
Job Responsibilities not in writing, jobs are verbally delegated,
overlapping of duties observed primarily amongst the front and mid level
Follows this route – requisition goes into accounts, passes to get
recommendation from General Manager, passes to get clearance from
Managing Director, comes back to be disbursed or explained why
withheld from the accounts. Lacking: Often funds are disbursed directly
by the managing director instead of following the route.
Documentation are properly done and in place. Vouchers and bills are
properly kept and monitored. Market assessed randomly for price
justifications. Even though unavailability of pre done formats of
requisitions, leave forms etc often creates excess work load for the
Access to information is strictly limited. Hard copies are kept in locked
cabinets and access of soft copies protected through passwords. Entry
of physical items are cleared in the entrance and cross checked with the
requisition whereas outgoing items require gate pass/es from the
Monitoring depends on the initiatives of the managers as proper
guidelines, objectives and therefore a proper framework is not in place.
Monitoring therefore is also ‘adhoc’.
Further tests are recommended
to be carried out to assess the
internal control procedures and
In criminal law, a fraud is an intentional
deception made for personal gain or to
damage another individual.
Fraud occurring within an organisation is known as
Deliberate dishonesty to deceive the public, investors
or lending companies.
Usually resulting in financial gain to the criminals or
According to CNN
At least, 67% of firms that had at least one incident of
fraud in the past year laid the blame on insiders such
as junior employees, senior managers and agents of
Corporate Frauds can Include:
Intellectual property fraud
Long and short firm fraud
Mobile phone fraud
Business directory fraud
Charitable publication scams
Office supply scams
Cheque overpayment fraud
Domain name scams
Plastic card fraud
Exploiting assets and information
Fake invoice scams
Premium rate phone line scams
Fixed line fraud
Government agency scams
Types of Frauds
There are three types of fraud:
Misappropriation of corporate assets.
ii. Manipulation of accounting information.
iii. Deception of a specific party.
Fraudulent trading is where a company carries on a
business with the intention of defrauding creditors or for
any fraudulent purposes.
Fraudulent trading is normally done for:
The company has ceased trading.
The company is in the process of being wound up.
Share ramping (also known as 'pump and dump' and
'book ramping') is where criminals influence the share
price of a company and then take advantage of it.
Share ramping is normally done for:
It is commonly done by bringing a company to the
market with false expectations of its profitability.
Alternatively it can be done by buying shares in a
company when they are at a low price and then starting
a rumor that the company is being taken over. When
the share price rises, the shares are sold at a profit.
Asset stripping is taking company funds or assets of
value while leaving behind the debts.
Stripping of company assets is normally done for two
The fraudsters deliberately target a company or
companies to take ownership, move the assets and then
put the stripped entity into liquidation.
"Phoenixing" - directors move assets from one limited
company to another to 'secure' the benefits of their
business and avoid the liabilities. Most or all the
directors will usually be the same in both companies.
Publishing False Information
Publishing false information is a type of fraud
committed when a criminal creates, destroys, conceals,
or falsifies an account, record or report which is
deliberately misleading on the company's financial
This is usually done to mislead investors and creditors
and to keep a failing company trading.
Top 5 Most Expensive Corporate
Frauds of the 20th & 21st
Enron & Arthur Anderson
Enron’s collapse in 2001 from a company worth $63.4 billion, to one
seeking bankruptcy reorganization, came as a shock to the general
public. Considered to be a major accounting failure, it led to the
dissolution of Arthur Anderson, one of the world’s largest accounting
farms also. Over 15,000 employees of the corporate had most of their
savings in stock, which fell from $83.01 in early 2001 to $0.01 in
June 29, 2009, Bernie Madoff was sentenced to 150 years in
prison, the maximum sentence that could be given to anyone
convicted of corporate fraud. He ran an amazing ‘Ponzi”
scheme for his clients, showing falsified profits, and gains
with the money that they had given him for investment. SEC
authorities believe the actual net fraud will be between $ 14 &
Subprime Mortgage Crisis
This was not the crisis of a single corporate but it led to the
demise of many other corporate. The repercussions can still
be felt throughout the US and even Europe. It has had an
adverse effect on most of the banks and financial
institutions, and has led to large scale reform in the
financial sector rules and regulations.
India’s biggest corporate scam was disclosed when Ramalinga
Raju, the CEO of Satyam Computers declared that the company’s
profits had been overstated for many years. Inflated bank
figures, understated liabilities and over 10,000 non-existent
employees were among the many fraudulent practices being
indulged in to cross 7000 crone rupees.
July 21, 2002, when Worldcom filed for bankruptcy under
Chapter 11, it was USA’s largest corporate failure. The
accounting scandal covered $ 11 billion and it seems the
workings of the company were masked by painting a false
picture of growing profits and margins. In 2004, it emerged from
the bankruptcy proceedings with $5.7 billion in debt and $ 6
billion in cash.
Frauds of Bison Hospitality Ltd.
Maybe Bison Hospitality Ltd. does two types of
Misappropriation of corporate assets.
ii. Deception of a specific party.
Misappropriation of corporate assets
Take extra credit for buying service materials.
Fake invoice scams.
Deception of a specific party
They do it on their financial statements.
To show less profit to the tax practitioner.
So that they can pay small amount of tax.
Risk Management – Defining Inherent Risk vs. Residual
Risk. Retrieved on 12.12.12 From
II. Internal Control. Retrieved on 12.12.12 From
III. Assessing Fraud Risk. Retrieved on 12.12.12 From