Finding Text
#2022-003 ? Significant Deficiency ? Authorization and Approval Criteria Authorization and approval are control activities that mitigate the risk of inappropriate transactions. They serve as fraud deterrents and enforce segregation of duties. Thus, the authorizer and the approver should generally be two separate people. Condition During the course of the audit, no approval was noted on two entries selected. Cause This cause is human error which occurred during a change in personnel. Effect There is always the potential for errors or irregularities that would not be detected by employees in the normal course of performing their assigned functions. Questioned Costs None Perspective Information While testing journal entries, no approval was noted on two entries selected. These entries were made during the leadership of the interim CEO and before CAAP transitioned their systems fully online. All journal entries selected for testing that occurred after the new CEO started were properly approved and documented. H&M determined that as of December 31, 2021 this internal control issue had been corrected. Identification as a repeat finding There was no similar finding in the prior year. Recommendation Non-cash journal entries make it easy for organizations to overstate their revenue or understate their expenses with unsubstantiated accruals/deferrals. We recommend that all journal entries be authorized and approved by the CEO prior to entry. View of Responsible Official As noted, this is no longer an issue with internal controls having been corrected as of December 31, 2021. All non-recurring journal entries will be approved by the CEO.