Internal control is “a process, effected by an entity 's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.” (COSO). A component of internal control is control activities. The purpose of this paper is to analyze the control activities involved in the sales and collection cycle of an Amazon Prime membership. A flowchart will be provided to help illustrate the activities that occur at Amazon when selling a Prime Membership. The paper will further describe specific risks, controls, and audit procedures that are associated with key processes as well as provide controls that will help mitigate the risks …show more content…
If they choose to discontinue their subscription, they will need to follow the procedure provided by Amazon on their website. If they decide to renew their Prime Membership, they will need to provide another payment from an authorized credit card transaction.
Risk Evaluation and Matrix
We have identified three possible risks for sales and collection of Amazon Prime: Abuse of student membership, Multiple users using a single membership, and Abuse of the free trial by using multiple emails. These are the risks that will have the greatest adverse effect on achievement of sales collection. A generic scale of high/medium/low was used to rank which risk would cause the most financial impact and to rank each risk 's probability/likelihood.
Abuse of student membership subscription was ranked as a high financial impact. While existing prime members pay $99.00 annually, Amazon student members only pay $49.00. This was also given a high likelihood because all that is needed to be considered an Amazon student is a valid “.edu” …show more content…
Amazon could control the number of people using one Prime account by deploying Information Technology (IT) controls and application controls which include computerized steps within a software and related manual procedures to control the processing of various types of transactions.
One of the IT controls to control this risk is to have application controls that put into effect one-address policy that allows only one shipping address for each account, and if the holder of the account moves and needs to update the shipping address, proof of the new address must be provided, audit procedure is to monitor and assure that IT controls are functioning.
One problem with sharing a Prime account with friends and extended family members is that they all have access to each other’s credit cards and they all can use each other’s credit cards for purchases. To control this, transaction-level controls can be used such as authorization. For each credit card on the account, the credit card holder may register his/her significant other and authorize that person to use the credit card, only the credit card holder and his/her significant other can use the credit card for purchases, audit procedure is to verify that only persons registered on the account are using