Each case is structured like real exam scenarios with multi-layered analysis + professional answers.
Case study on Internal Control Governence Risk Assessment/Gmsisuccess
🔷 CASE STUDY 1: ENTERPRISE CONTROL FAILURE & FRAUD RISK
📘 Case:
Omega Electronics Ltd. is a fast-growing consumer electronics company. Due to aggressive expansion, management focused heavily on revenue growth and market share. Over time, the following issues emerged:
- Sales teams are incentivized purely on revenue targets
- Revenue is recorded once orders are confirmed, even before dispatch
- The same employee approves credit, records sales, and follows up collections
- Internal audit reports highlighting these issues were ignored by senior management
- Significant increase in sales returns and customer disputes
- Accounts receivable days increased from 45 to 120 days
- No formal fraud risk assessment has been conducted in the last 3 years
❓ Questions & Answers
Q1. Identify and explain FIVE internal control weaknesses
✅ Answer:
- Improper revenue recognition – Recording revenue before dispatch violates control principles and increases risk of misstatement
- Lack of segregation of duties – One employee handling authorization, recording, and follow-up increases fraud risk
- Weak monitoring – Internal audit findings ignored by management
- Inadequate credit control – No independent credit approval increases bad debt risk
- Poor performance incentives – Revenue-based incentives encourage manipulation
Q2. Which COSO components are failing? (Explain any four)
✅ Answer:
- Control Environment – Management prioritizing growth over control
- Risk Assessment – No fraud risk assessment conducted
- Control Activities – Lack of proper procedures (segregation, authorization)
- Monitoring – Ignoring internal audit findings
Q3. Perform a risk analysis (identify 4 risks with impact)
✅ Answer:
| Risk | Impact |
|---|---|
| Revenue overstatement | Misleading financial statements |
| Bad debts increase | Liquidity issues |
| Fraudulent sales entries | Financial loss |
| Customer dissatisfaction | Reputation damage |
Q4. Identify fraud risk factors (red flags)
✅ Answer:
- High pressure to meet sales targets
- Lack of segregation of duties
- Weak oversight by management
- Increased sales returns and disputes
- Rising receivables
Q5. Suggest FIVE improvements (fraud risk management focus)
✅ Answer:
- Implement proper revenue recognition policies
- Segregate duties across sales, credit, and collections
- Introduce fraud risk assessment framework
- Link incentives to collections, not just sales
- Strengthen internal audit independence
🔷 CASE STUDY 2: CORPORATE GOVERNANCE BREAKDOWN
📘 Case:
Zenith Infrastructure Ltd. is a listed company involved in large infrastructure projects. The governance structure reveals:
- CEO also acts as Chairman of the Board
- Audit committee includes executive directors
- Internal audit reports directly to CFO instead of audit committee
- Whistleblower complaints were ignored in past
- External auditors reported lack of transparency in financial disclosures
- Related party transactions are not disclosed properly
- Board meetings are irregular and poorly documented
❓ Questions & Answers
Q1. Identify FIVE corporate governance weaknesses
✅ Answer:
- CEO dual role (lack of independence)
- Non-independent audit committee
- Internal audit lacks independence (reports to CFO)
- Weak whistleblower mechanism
- Poor disclosure of related party transactions
Q2. Explain impact of weak governance on internal control
✅ Answer: Weak governance leads to:
- Ineffective oversight of controls
- Increased fraud risk
- Poor financial reporting reliability
- Lack of accountability
- Weak ethical culture
Q3. Which fraud risks are likely?
✅ Answer:
- Financial statement fraud
- Related party fraud
- Management override of controls
- Corruption in project contracts
Q4. Identify risk categories involved
✅ Answer:
- Strategic risk (poor governance decisions)
- Compliance risk (regulatory violations)
- Reputational risk
- Financial reporting risk
Q5. Recommend FIVE governance improvements
✅ Answer:
- Separate roles of CEO and Chairman
- Establish independent audit committee
- Strengthen whistleblower protection
- Ensure full disclosure of related party transactions
- Improve board oversight and documentation
🔷 CASE STUDY 3: RISK MANAGEMENT FAILURE & OPERATIONAL LOSS
📘 Case:
Delta Pharma Ltd. expanded operations internationally without adequate planning:
- No formal risk management framework
- Currency fluctuations caused heavy losses
- Regulatory requirements in foreign markets were ignored
- Supply chain disruptions halted production
- No contingency or backup suppliers
- Risk assessment is done informally without documentation
❓ Questions & Answers
Q1. Identify FOUR key risks
✅ Answer:
- Financial risk (foreign exchange loss)
- Compliance risk (regulatory violations)
- Operational risk (supply chain disruption)
- Strategic risk (poor expansion decisions)
Q2. What are the failures in risk management process?
✅ Answer:
- No formal risk identification
- No risk assessment or prioritization
- No risk mitigation strategies
- No monitoring or review
Q3. Classify risks as inherent vs residual
✅ Answer:
- Inherent risk → Currency fluctuation, regulatory risk
- Residual risk → Losses after weak/ineffective controls
Q4. Suggest risk mitigation strategies
✅ Answer:
- Use hedging instruments
- Conduct detailed market research
- Diversify suppliers
- Develop contingency plans
Q5. Link case with COSO ERM principles
✅ Answer:
- Failure in risk identification
- Lack of risk response strategy
- Weak monitoring
- No integration with strategy
🔷 CASE STUDY 4: FRAUD RISK MANAGEMENT & PAYROLL MANIPULATION
📘 Case:
Sigma Services Ltd. employs 1,200 staff. A fraud investigation revealed:
- Payroll processed by one individual
- HR records not updated regularly
- Employees without valid identification found in records
- Payments made to duplicate bank accounts
- No reconciliation between payroll and HR
- Internal audit is understaffed and reviews only annually
❓ Questions & Answers
Q1. Identify type of fraud
✅ Answer: Payroll fraud (ghost employees)
Q2. Identify FIVE control failures
✅ Answer:
- Lack of segregation of duties
- Poor employee verification
- No reconciliation between HR and payroll
- Weak audit function
- Lack of monitoring
Q3. Identify fraud risk indicators
✅ Answer:
- Duplicate bank accounts
- Missing employee records
- Unusual payroll increases
- Lack of supporting documentation
Q4. Suggest preventive and detective controls
✅ Preventive:
- Segregation of duties
- Proper employee verification
- Authorization controls
✅ Detective:
- Payroll audits
- Reconciliation between HR and payroll
- Data analytics (duplicate account detection)
Q5. Role of internal audit in fraud prevention
✅ Answer:
- Evaluate control effectiveness
- Detect anomalies using data analytics
- Recommend improvements
- Ensure compliance
🔥 HOW TO APPROACH CIA / US CMA CASE STUDIES
When solving in exam, follow this structure:
✔ Step 1: Identify
- Control weaknesses
- Governance issues
- Risk types
✔ Step 2: Link to framework
✔ Step 3: Analyze
- Impact
- Fraud risk indicators
✔ Step 4: Recommend
- Practical controls
- Governance improvements
