Table of Contents

Introduction .................................................................................................................................... 1
About the Organization.................................................................................................................. 1
Method ........................................................................................................................................... 3
Findings ........................................................................................................................................... 1
Control Environment ................................................................................................................... 5
Risk Assessment .......................................................................................................................... 6
Monitoring................................................................................................................................... 6
Information and Communication ................................................................................................ 6
Control Activities ......................................................................................................................... 7
Establishment of Responsibility .............................................................................................. 7
Segregation of Duties .............................................................................................................. 7
Physical Control ....................................................................................................................... 7
Independent Internal Verification ........................................................................................... 8
Human Resource Control ........................................................................................................ 8
Cash Receipt Control ................................................................................................................... 8
Over-The-Counter Receipts ..................................................................................................... 8
Mail Receipts ........................................................................................................................... 9
Cash Disbursement Controls ................................................................................................. 10
Discussions.................................................................................................................................... 10
Suggestions................................................................................................................................ 11
Conclusion .................................................................................................................................... 12

Table of Figures
Figure 1: The structure of the Organization ................................................................................... 3

Introduction
Recent years have seen extraordinary frauds by employee and devastating impacts upon the
organizations (Bilski, 2015). For example, a study by the Association of Certified Fraud Examiners
(ACFE) in the USA revealed that over a ten-year period the cost associated with 2608 reported
fraud cases totaled US$15 billion (Owusu-Ansah, 2002). In more comprehensive surveys ACFE
reported that USA companies lost 6 percent of their revenues (amounting to approximately
US$660 billion) and 7 percent of their revenues (amounting to approximately US$994 billion) to
fraud in 2004 and 2008, respectively (ACFE, 2004, 2008). With respect to employee theft alone,
Walsh (2000) noted that billions of dollars are lost and stolen annually from businesses through
this means. These company failures with disastrous effects for shareholders, employees and
other stakeholders have brought into sharp focus the importance of internal controls. The
objective of this paper is to determine the adequacy of the internal controls in local supermarket
as they relate to the companys cash operations, and detection and prevention of fraud.
Information was obtained via a questionnaire which was completed by the companys manager
and personal interview with the same individual both taken simultaneously. The questionnaire
covered the key aspects of internal controls including the control environment, risk assessment,
monitoring, information and communication, and control activities. However, the Supermarket
should make a strong human resource control with a code of ethics, background check for the
employees. As the Supermarket is just in the 8th month of its operation, there is a broad scope to
introduce new strategies into its internal control.

About the Organization:

The Supermarket which is the subject of our case study is named AZMIRI BAZAR
(http://azmiribazar.com/). It was established in 16 March, 2016 in the same place where another
supermarket Carrefamily stopped operating. According to (Lester, 2003), the organization is
just in the first stage (Existence) of the five stages (existence, survival, maturity, renewal, decline).

In the website of the Supermarket, it is written that:

AZMIRI BAZAR (AB), a sole proprietorship concern established on December,2015
with a view to set up Retail Super Store on a rented 6,500 square feet shop at Probal
Tower, Probal Housing, Ring Road, Mohammadpur, Dhaka- 1207.
Its main activities are to operate retail super store and produce a variety of food items,
including organic product, prepared foods, frozen food, herbal products etc. and to
sell these through its Azmiri Bazar retail outlet.
The buying pattern of urbanites has changed radically in the last decade fueled by
growing urbanization, increasing number of working women, and rising per capital
income. And this was more so for the emergence of retail super chains in Bangladesh.
Urban people prefer chain-superstores over wet markets for ease of shopping. They
can browse through the aisles filled to the brim with everything from fresh tomatoes
to household supplies. The country has a huge potential to grow in superstore
business thanks to changes in peoples lifestyle, preferences and needs.

The subject of our study, Azmiri Bazar lies in close proximity with other competitors, like
Agora, Prince Bazar, Swapno etc. It is fairly weak comparing to the other competitors.
According to the manager, there is only an average of 620- 750 customers.
In Figure 1, the hierarchy of the organization with the specific number of the workforce at the
time of the interview is given. Azmiri bazar categorizes their products into 22 departments. They
are named in the database as:
1.
2.
3.
4.

Baby item
Bakery
Beverage
Chocolate
and
candy
5. Cleaning materials
6. Crockeries
7. Cosmetics

8.
9.
10.
11.

Dry food
Electronics
Food additives
Fresh item (fish,
meat etc.)
12. Garments item
13. Gift and greeting

14.
15.
16.
17.
18.
19.

Grocery
Healthcare
Household item
Oil
Stationary
Ornaments and
toiletries

MD(1)

ED(1)
IT Manager(1)
Manager(1)

Operation
(63)

Floor
Manager(1)

Procurement
Manager(1)

Asst. Store
Manager(1)

Asst. Accounts
Manager(1)

Procurement
(6)

Accounts
(4)

Store
(7)

IT
(3)

Figure 1: The structure of the Organization

Method
Since the objective is to determine the adequacy of the internal control system at the
organization, a nonexperimental descriptive research design was used based on a written
questionnaire. In a non-experimental descriptive research design, the researcher is not required
to become involved or intervene in a business daily operations. The researcher primarily
observes and compares the entitys information to previous information or literature. This
approach simply describes what is at a particular point in time with respect to the variables or
conditions in a situation.

The investigation began with the identification of the elements necessary for the existence of an
adequate internal control system for cash, and detection and prevention of fraud. The elements
were extracted from textbook (Accounting Principles) and a questionnaire was adapted from
(Anthony Wood, 2013). The questionnaire contained thirty (30) questions and covered the five
components of internal control: control environment, risk assessment, monitoring, information
and communication, and control activities [COSO (1992)].
Data were collected through the use of the written questionnaire which was completed by the
Manager of the organization. A personal interview was also conducted with the same individual.
Most of the questions requested either a Yes or No response in addition to an example to support
each response. Yes responses indicated the presence of a strong control; however, No
responses indicated the absence of a strong control or the need for strengthening. The
questionnaire was chosen as the data collection instrument because of the ease with which it
can be administered.
However, questionnaires have a number of limitations. Even though they are relatively quick and
easy to interpret, their format makes it difficult for the complex issues and opinions to be
assessed, particularly with a questionnaire that consists of closed-ended questions.

Findings:
Some instances of fraud in the supermarket
i.

ii.

iii.

iv.

Customer theft is the most prevalent problem in the store. Specially an organized
circle of female thieves try to steal baby milk (specially Nestle products), because
they are easy to sell in the market.
An employee was directly stealing a shaving foam while leaving the store. While
checking, he got found with a shaving foam. He refused the allegation of theft but
with the barcode he was instantly found guilty.
The second instance was the employee was stealing a product by removing the
barcode, so it was no way to find details about the specific. The solution was that
the store made an inventory count of the product and found discrepancy by exact
count.
Another employee bought cashew nut 250g, but he changed the barcode from a
100gm product. Again, inventory count created suspension in the management,
and investigation found him guilty.

v.
vi.

vii.

Cleaners steal while doing their daily job, they specifically steal fresh item. They
are generally caught by direct observation.
False returns: a false return is included in the POS but no product is received from
the customer because there is no one to return any product. So, the person in
command keeps the cash in his/her pocket. So, the return is done through
supervisors, that is, there are two authorities engaged while return is made. There
are several documents while a return takes place. Learnt from India. This process
has substantially reduced such fraudulent activities.
Bonus points: while customers buy products, they are given bonus points. An
instance is like that a person who is in command in POS, may have multiple
accounts by his/her relatives names. How are such occurrences detected? A
thorough check from higher managerial levels gives a look at the bonus points
earned. If there is any unusual number of check-ins from any particular customer
(for example, 300 times in a month which is very unusual), a cross check with the
reporting individual can find the culprits.

Findings from questionnaire:

Control Environment:
This is the first component of the questionnaire and it comprises five questions. Written policies
and procedures have been established to govern cash receipts and cash disbursements. We will
further discuss about the cash handling procedures in later sections.
The organization does not have a code of ethical conduct, though the job description clearly
defines in writing what each individuals job entails and the roles and responsibility of everyone
is clearly communicated to them. The Supermarket also do not have any training program to act
against fraud. These programs would create consciousness among the employee. There is only
some information conveyed during their introduction program, for example, if an employee helps
to find any fraud inside the organization, he would get rewarded of 2000bdt.
The Supermarket has not implemented a whistle-blowing hotline but encourages whistleblowing attitude by arranging remuneration for the whistle-blowers.
All reported matters are investigated to assess the validity of the allegation and, if the claim is
true, the individual is dismissed immediately.

Risk Assessment:
This is the second component of the questionnaire. The organization has concentrated into basic
risk assessment, but long term assessment is still not into action due to its short lifetime.
The Supermarket has established the short-term and long-term objectives of the business,
identified the risks, prioritized its risks and taken the necessary precautions to manage these risks.
The major risk for the organization is organized theft, in guise of customers.
The Supermarket updates its fraud and corruption risk assessment policies and procedures
accordingly if any weaknesses are identified with regards to the business operations, but it is
only in the very inception of its operation. The fraud and corruption risk assessment measures
yet to include consideration of internal and external risk factors.
Monitoring:
This is the third component of the questionnaire.
Cash control systems are routinely evaluated to ensure efficiency. Whenever there are doubts
pertaining to any aspect of the cash control system, reviews are conducted. Cash on hand can be
randomly compared to recorded amounts and investigations undertaken if discrepancies are
found.
Every year auditing is done by only internal auditors, and the business audit committee has
oversight of monitoring activities. The accountant also conducts monthly evaluations to conclude
whether cash transactions, records and reconciliations meet organizational expectations.
The Supermarket is managed by only an MD; there is no Board of Directors. So risk management
assessment from the top most authority lacks the required skills and education.
In addition, the members are able to commit the time necessary to responsibly fulfill their roles
within the organization, and they have an effective working partnership with management in
developing and reviewing corporate strategy.
Information and Communication:
Monthly bank reconciliations are conducted at the Supermarket; however, management also
performs bank reconciliations on a daily basis. But communication is the weakest part of the
organizations internal control system. Because there is no formal channel where the information
can get passed.

Control activities:
Now we will talk in light of the principles of internal control:
Establishment of Responsibility:
There are sufficient employees at the Supermarket to facilitate segregation of duties in each
department. There are at a time around 50 employees at a floor. Moreover, there are separate
cash, accounts, it department. Even to maintain separate inventories, floor and store supervisors
are kept separate. There are so many other cases in azmiri, where responsibility is established.
Segregation of Duties:
At Azmiri, POS is installed in the computer for cash receipt entry. There are two shifts, even in
cash. Person in POS changes with shift. They have different username and password. Software
balance and cash balance are checked daily by the accountant. If there is an override, it is
untouched. If the cash balance is short of software shown balance, the employee is directly
responsible to pay the amount from his own pocket.
The store and shop is separated. When the shopkeeper makes the call about the necessity of
product at the shop, then the storekeeper allows the product to be taken at the shop from the
store. Here signature of both shopkeeper and the store manager is needed. So if something
occurs with the amount of product, any of them can be called accountable.

Physical Control:
The person who sits at the cash counter makes the entry at the computer. So, there is no control in
the entry process. Theft is a vital problem in super shop. So, there are a lot of CCTV cameras
installed all over the place. And a CCTV camera is also installed at the cash counter. The control
of this cctv camera and the display is kept at the managers office. So, control is ensured in this
situation. And every day the super shop management make a online transaction to bank so safe,
vaults are not needed here. Moreover there are around 50 people in a shift to keep the products
safe from theft.
The employee can buy product from this store but only when they are not in duty and only with
the company of the supervisor. It reduces the chances of theft by the employees.
The person at POS doesnt know about the amount of sale so he/she cant steal from the customers
if there is a case of override.
7

Independent Internal Verification:

We have discussed internal verification for cash receipt in separate section. Here we are will talk
about inventories. Store is kept separate from floor. First the material is received in store.
According to demand of the floor, product is transferred to floor through software. Everything is
documented electronically. And the inventories are verified internally by supervisors, then the
manager.

Human Resource Control:

There is literally no background check executed here. They only ask for NID and parental address.
Most of the workers here are students and employee turnover rate is very high, almost 5 persons
per month; so background check is nearly impossible for them. As for rotating employees duties,
it is not routinely executed here. Mainly the employees here do whatever they do all day long.
Mostly there are two types of work- helping the customers and sitting at the cash counter. So,
the rotation of duty is not made in a regular basis.
Cash Receipt Control:
Cash receipt control can be discussed with respect to OVER-THE-COUNTER RECEIPTS and MAIL
RECEIPTS. We will talk about OVER-THE-COUNTER RECEIPTS mostly.

Over-The-Counter Receipts:

Establishment of Responsibility:
There are two shifts in the supermarket, which is the subject of our study. In each shift, there is
only one person in the Point of Sale(POS). Each person has own user name and password.
Segregation of Duties:
After the end of each shift, the software data is automatically transferred to the accounts
department. And the cash is sent to the head cashier. Later the accounts department send the
details to the head cashier, who then reconciles the cash and record. The next morning the cash
is deposited to the bank account. About 50% of the sales are paid through credit cards and such
other facilities. So, these are already done as bank transaction, thus requirement for cash
handling is substantially lessened.
8

Weakness:
The head cashier has the sole responsibility with both the cash and the record, thus he has the
opportunity to defraud. Head cashier, in allusion with the accounts department can also
perpetrate fraud. But IT Department and manager both separately check the computer records
and online bank statement, so such occurrences are not kept unnoticed for long.
Documentation Procedures:
Remittance advices, invoice, computer records, deposit slips- all are maintained in the
supermarket. But with the increasing usage of online payment and software records, hardcopies
are decreasing day by day. Still most of purchases are still done by invoices, those are mostly
maintained by the manager.
Physical Control:
Cash is stored to the nearby bank by the head cashier daily. Limited amount of cash is reserved
under the supervision of the accounts department. Only with the signatures of MD and ED, the
cash is disbursed.
Independent Internal Verification:
IT department checks the software records of cash from POS to accounts department and reports
to the manager. Manager has access to the online bank statement, so he matches the records
and accounts almost daily basis.
Human Resource Controls:
Mostly head cashier handles the biggest amount of cash; the accountant handles some when to
disburse. These two personnel are bonded. They are also very reliable persons based on their
previous actions. But because there are only two persons to conduct the departments, it is not
possible for the management to force them to take vacations or switch duties between persons.
Cash Over and Short Account:
In many instances, cash and accounts record do not match. If cash is surplus, cash over is
accounted but no action is taken. If otherwise happens, that is, cash is substantially shorter than
the record, the cashier at POS is held responsible and he/she needs to pay the difference.
Mail Receipts:
All the mails are received with the sign of the manager. In absence of the manager, supervisors
sign the documents. But later it is verified by the manager. At times the manager has to inform
his superiors of documents.

Weakness:
There are no two persons while signing the mail receipts, so this section is vulnerable to fraud.
But there is also a cost-benefit spectrum of internal control. It is not cost effective of the
organization, if it tries to ensure the duality rule for such receipts. Moreover, the organization
has excluded this section through risk assessment.
Cash Disbursement Controls:
Voucher system:
To control cash disbursement, voucher system is mostly used. If a sale order is to pass, first a
demand-paper is issued from the floor supervisor. Then the sales department makes necessary
requisition. Only after the manager verifies, ED puts his signature in the voucher. And accounts
department allows the cash to be disbursed. Mostly the organization tries to use EFT (electronic
funds transfer) rather than cash.
Petty Cash Fund:
The organization does not use any petty cash fund. Everything needs to be issued through the
supervisors authorization. We have seen the manager to use simple notes while issuing small
amounts.
Weakness:
Though the control resists fraud but it is very authoritarian, thus time consuming.

Discussion
The scope of the study was to show the adequacy of the internal control in the supermarket. We
found that the size and lifetime of the business shape the adequacy of the similar term. The key
aspects of internal control: control environment, risk assessment, monitoring, information and
communication, and control activities are studied. The organization we studied, is mostly weak
at information and communication. But due to the size of the organization, it is still not affecting
the control environment. Long term risk assessments are yet not possible to make. To continue
to survival, the business need to analyze the long term and external factors to risk analysis. With
increasing size of the business, the organization will need to recruit new people. They should be
careful regarding the background checks, ethical code of conducts and a culture to convey

10

information. The annual auditing has not yet been done in the organization, so it is not clear
about the amount of fraud taking place.

Suggestions:
1. There is no background check for the employees; at least there should be providence for
check while recruiting in accounts department, it department, cash department.
2. There should be enough employees in in cash and accounts department to ensure
rotation in responsibilities or force vacation.
3. The head cashier has both the software data and cash to deposit; segregation of duties is
violated. There should be another person to count cash before it reaches the head cashier
4. There should be a petty cash fund to be effective. The balance of the account gives insight
about such minor expenses.
5. Management needs two persons while signing for mails receipts.
6. The whole management process centers around the manager post. Almost all the internal
verification is done through this post. Segregation of duties is also violated in this position.
Though the person in this post is bonded, steps need to be taken to establish the key
principles of internal control.
7. The supermarket needs to build a code of conduct.
8. They also need to arrange a training program for the employees to teach about the
natures of fraud.
9. There is no strong culture created inside the organization. A culture would swipe an
attitude against fraud.
10. There is no external auditing, they should introduce external auditing to ensure clarity
and objectivity.
11. There is no board of directors; to ensure objectivity and risk assessment from the top
executives, a board of directors with sufficient skill and knowledge needs to be arranged.
12. No formal way of communicating the information about the anti-fraud attitudes.

11

Conclusion:
Fraud is prevalent in the supermarket sector and can be committed by anyone. Undesirable
behavior of customers, staff or management in an environment where internal controls can be
overridden or easily ignored will significantly increase the incidence of fraud in any company
operating in the supermarket sector. Thus, given the potential for fraud to undermine the
profitability and survivability of businesses it is vitally important that the system of internal
controls is comprehensive, respected by all company personnel and scrupulously applied to
ensure maximum effectiveness. We have to keep in mind that internal control is not beyond the
limitations. There should be a cost effectivity perspective, which will resist the company to take
certain actions necessary for internal control.

12

References
ACFE. (2004, 2008). Report to the Nation on Occupational Fraud and Abuse. Austin, TX.
Anthony Wood, N. B. (2013). Internal Controls in the Retail Sector: A Case Study of a Leading.
International Journal of Arts and Commerce, 2.
Bilski, J. (2015, May 06). You wont believe these cases of employee fraud. Retrieved from
hrmorning:

http://www.hrmorning.com/you-wont-believe-these-cases-of-employee-

fraud/
Jerry J. Weygandt, P. D. (2015). Accounting Principles (12 ed.). New York: John Wiley & Sons.
Lester, D. P. (2003). Organizational life cycle: A five-stage empirical scale. International Journal of
Organizational Analysis, 339-354.
Owusu-Ansah, S. M. (2002). An Empirical Analysis of the Likelihood of Fraud Detection in New
Zealand. Managerial Auditing Journal,, 17, 192-204.
Walsh,

J.

(2000).

Employee

Theft.

Retrieved

from

http://ifpo.org/articlebank/employee_theft.html

13

Appendices
Questionnaire: Study on Internal Controls
Control Environment
1) Have written policies and procedures been developed and put in place governing cash receipts
and cash disbursements? Yes ___ No ____
2) Does the organization have a code of ethics that is known by all employees? Yes ___ No ___
3) Are there any training programs implemented to teach employees about the nature of fraud?
Yes__No ____
4) Is there a confidential reporting mechanism such as a whistle-blower hotline or helpline
implemented within the business that allows all employees to report fraud if they believe it is
taking place? Yes____ No ____
5) Is there a system for responding meaningfully when control deficiencies are pointed out and
allegations of fraud are raised? Yes ___ No ____
Risk Assessment
1) Have the risks related to cash management been identified? Yes ___ No____
2) Have the risks been prioritized? Yes ____ No _____
3) Have strategies for managing important risks related to cash been established and
implemented? Yes___ No ____
4) Do you update your fraud and corruption risk assessment at least annually?
Yes ___ No ____
5) Does your fraud and corruption risk assessment include consideration of internal and external
risk factors (including pressures or incentives, rationalizations or attitudes, and opportunities)?
Monitoring
1) Does the audit committee have oversight of monitoring activities? Yes ___No ____
2) Is the internal audit group adequate for the size, complexity and risk profile of the company?
14

3) Who is on the board of directors? Do these individuals on the companys board of directors
have the right background for the company? What is the percentage of outside and independent
directors on the companys board of directors?
4) Do you routinely evaluate the effectiveness of the business cash control systems?
5) Has adequate attention been paid to employing the detection strategies available?
Information and Communication
1) Are monthly bank reconciliations conducted? Yes ____ No ____
2) Is there a way for employees to communicate suspected improprieties up stream through
someone other than a direct superior? Yes ___ No ____
3) Does each department get the information it needs from internal and external sources in a
form and timeframe that is useful? Yes ____ No ____
4) Does each department receive relevant information that measures its performance
(information that tells the department whether it is achieving its operations, financial reporting,
and compliance objectives)? Yes___No ______
Control Activities
1) Is staffing sufficient in each department to promote segregation of duties?
2) Are bank reconciliations independently verified by a financial officer or his designee?
3) Are sequentially pre-numbered or computer generated receipt forms used to establish
accountability for each cash collection transaction regardless of its source?
4) What systems are in place to prevent employee embezzlement?
5) Does the business reward the ethical integrity of its employees? Yes ___No ____
6) How does the business ensure that employees comply with organizational decisions and
managerial actions, and that these decisions are deemed just and fair to all?
7) Is cash on hand held in a secured area until deposit? Yes ____ No _____
8) Is there a policy requiring mandatory vacations during which another staff member performs
the duties of the staff member on vacation? Yes ____No _____
15

9) What systems are in place to prevent customers from leaving the supermarket without paying
for their items, paying too little or getting too much from the organization through deception?
10) What controls are in place to ensure that management does not manipulate the financial
statements to make the business look better than it is? Yes ___No _____
11) What controls are in place in the business to ensure that its suppliers do not overbill or
provide lower quality or fewer goods than agreed upon?

16