(COPIAR FORMATO CON PORTADA Y ESO) (PASAR TMB POR GOOGLE DOCS PARA ELIMINAR

ERORES)

INDIVIDUAL ASSIGMENT II
QUESTION 2
A)

In order to delve in the internal controls of the firm “MT S.A”, we are going to use the COSO
(Committee of Sponsoring Organizations of the Treadway Commission) framework as a
reference.

Starting with this approach, we could point out that it has as objetives operations, reporting
and compliance which we can consider as targeted by the entity and five components.

Firstly, dealing with control environment, we could state that within the firm there is a clear
lack of code of ethical values, code of conduct, management’s philosophy or other kind of
guidelines. Moreover, there is no information about how are decisions taken in the board of
directors and we do not know what would happen in case of disagreement between the two
founders who own a same stake of the company. Furthermore, there is no any plan or
reference about the targeted organizational structure nor the operating style.

Finally, we can add that neither data about the commitment of integrety in financial reporting
nor the standarts they are applying.

However, it is true that the company is managed by its founders who have a close relationship
and know well each other and probably they know what are their values and responsibilities
although it is not written formaly. Therefore, we could understand the specfic case of the
entity added to the fact that we are dealing with an start up that only has five employees. In
addition to that, the firm emphasizes a lot in the corporate culture which could be a kind of
corporate enviromental control but for auditors this is an intangible issue that cannot be easily
reviewed. The realibility of this to act as a control is lower than any written standard.

Nevertheless, we cannot ignore the lacks regarding this first component of the COSO
framework so the work of the auditor could be quite difficult in this case and should pay an
special attention to the situation of this component and its consequences.

Secondly, we find the risk assesment component. From the information given, we could
deduct that there is no a consistent system in the detection of risks. On one hand, like any
employee can issue invoices, make collections, order payments or manage the payroll and
although they send this information to the parters weekly, there is no evidence of all that
being checked on a regular basis. On the other hand, even the managers, could commit a
mistake of commit fraud and the detection might be unlikely.

However, in the case of revenue recognition, invoices are checked and updated on a quarterly
basis when each customer’s contact person in the project submit a performance report
informing on the degree of competion of the different tasks

In conclusion, we can summarize that there are some deficiencias in the risk assesment
component.
Thirdly, according to the control activities, we find that there are few reviews of operating
performance (at least there is no specific evaluation on each worker), there is a lack of
authorisations by the managers or segregation of duties. In this case, MT S.A. has the approach
of giving a lot of freedom to its employees and they are in charged of multiple tasks.
Therefore, there is no formal organizational structure and the employees are allowed to do
whatever they need to perform their job with no prior authorization by the management
team. There is neither a written company’s policies on foreign Exchange transaction althought
this is let to external financial advisors.

Fourthly, we have to analyse the component of information and communication. This is the
process of identifying, capturing and exchanging information. In this company it is done in
different ways. For instance, invoice is done on a monthly basis, the employees send a weekly
activity report to the partners about their work and on a quarterly basis it is submited a
performance report by customers of the degree of competion of each task.

The management of information is done through the ERP system that integrates most financial
information used by the employees in the same platform. The issue is that there are diferente
software applications used for elaboratiing complementary material requested by customers
which is not integrated on the ERP system.

Lastly, we have monitoring as the last component of internal control analysis. This deals with
the process of providing feedback on the effectiveness of the other four components. In the
case of our company, it has a box of suggestions in its intranet, where employees can propose
new ideas. Moreover, if employees want formal training activities or any kind of other
personal need such as asking for a loan, they can request it from the partners.

In this sense, it is shown that monitoring is quite weak in the company for oingoing activities
and there is a lack of any clear separate evaluation.

One way way of monitoring could be done by managers through the ERP system which gather
the information of the business.

To summarize, with the organisation and operating system of the firm, many issues mught
arise. For instance, as a part of their salary relies on the revenues of the company, employees
may be tempted to overstimate revenues in order to obtain higher economic compensations.
In addiition, we might not have a reasonable level of assurance of proper recording of financial
information as there is no data about the standards applied and the accounting knowledge of
managers or employees.

As a conclusion, I do not consider the internal controls of MT S.A. effective enough according
to the COSO framework. Despite that, it is imporant to highlight the fact that we have to
consider the situation and size of the firm and its small structure so it is more understandable
the deficiencies regarding internal controls. Nevertheless, managers have to develop at least
some guidelines on some key issues such as financial reporting as well as trying to keep all the
flexibility of its company.

B)

In order to improve this situation regarding the internal control effectiveness, we could
propose the implementation of a codeo f donduct distrubyted throughout the organization
and signed by the managers of the company. This code of conduct may include some ethical
values or prhylosoplhy of the company as well as the operating sytle so all the employees have
some guidelines.

Another proposal could be the setting of GAAP and some training activities for the employees
on this accounting standard.

Finally, the company might apply the implementation of some internal evaluations about the
proper recording of accounting information. This evaluations could be done by an employee
with knowledge on accounting and should be conducted periodically.

QUESTION 1
1)

In the case of GESTAMP AUTOMOCION S.A, I will select and explain the main information
provided to an user of the financial statements. The auditing report was done by EY, an
independent auditing company.

Starting with one of the most imporant parts, which is the opinión, we find a favourable one.

Within the basis for this opinión, EY assure that they have done the auditing work complying
with all the ethical standards and they have a reasonable assurance that the financial
information is accounted following the international accounting standards and regulations and
the spanish legal framework. They believe that they have enough evidence to have a proper
degree of assurance for issuing their opinión.

Next we find the key Audit matters. Among them, we have the measurement of PPE and
intangible assets. As the value of the cash generating units (CGU) are computed using the value
in use method, the main issues are the complexity of estimations of future cash flows and its
effect on the intangibles (such as goodwill) associated to these CGU. Moreover, the magnitude
of these quantities contributes this being a key Audit matter.

In order to be able to review all this matters, EY have carried out several actions such as
análisying the methodology of the management team for all the computantions and
understanding the reasonableness of the calculations of discount or growth rates.

Moreover, they had to verify that the firm financials figures with respect to the impairments
are consistent with the IAS 36.
Another key Audit matter is the recoveratbility of deferred tax assets. EY decided to consider
this a key Audit matter because of the same reasons as previously mentioned, complexity and
the significance of the amounts. Regarding this aspect, EY decided to understand the processes
carried out by managers to obtain the figures and the review of their tax specialits team.

The next key Audit matter is revenue recognition. In this case, Gestamp has some contracts
that involve a variable consideration depending on a price increase using the expected
probability method. Therefore, the auditing firm had to review the revenue recognitiion
policies, and the reassonableness of the assumnptions of the revenue generation of the
contracts. Regarding the latter is needed to take into account historical data and a eep
knowledge about the business and industry.

Subsequently, we find other information on consolidated management report which states

that the Audit opinión does not cover the management report.

Afterwards, it is specified the responsibilities of the Audit committe and the managers of the
parent company for the consolidated financial statements.

Finally we can find the auditor’s responsibiliteis for its Audit reporto n the consolidated
financial statements. In the last page we have the assertion of the consistency between the
additional report of the Audit committe and this Audit report and the terms of the
engagement between Gestampt and EY.