Embed Size (px)
Citation preview
Sales Office Audit Guide INTRODUCTION Page 5 - 8 1. Background 2. Objective 3. About the Guide 4. Key benefits of using the Guide 5. Internal Controls at [company] 6. The approach for evaluating internal controls 7. Internal Controls Assessment and Action Plans 8. Assessment levels 9. Materiality 10. Frequency I. CONTROL ENVIRONMENT Page 9 -11 I. Objectives II. Checklist 1. Structure 2. Control Consciousness 3. General Controls II. SYSTEM APPLICATION CONTROLS Page 12 - 13 I. Objectives II. Checklist 1. System Authorization and Access 2. System Data Integrity 3. Adequacy of System Requirements 4. Other System Controls III. MANAGEMENT REPORTING, MEASUREMENTS, PLANNING AND ANALYSIS Page 14 - 15 I. Objectives II. Checklist 1. Accumulation of Data 2. Processing and Reporting of Financial Data
3. Budget to Actual Analysis 4. System Application Controls IV. Revenue Page 16 - 20 I. Objectives II. Checklist 1. Pre-order and Sales Order Process 2. Billing and Recording of Sales 3. Revenue Recognition and Reserve Account Activities 4. Maintaining and Monitoring Accounts Receivable 5. Granting Customer Credit, Collection Procedures, Recording and Controlling Cash Receipts 6. Returned Product Authorization 7. Marketing and Sales Programs 8. Partner/Distributor Programs 9. System Application Controls V. Purchasing Page 21 - 26 I. Objectives II. Checklist 1. Vendor Selection 2. Purchasing 3. Receiving and Vendor Invoices 4. Accounts Payable 5. Cash Disbursements 6. Discounts 7. Accrued Liabilities 8. Cash Management 9. System Application Controls VI. INVENTORY, PRODUCTION AND CUSTOMS Page 27 - 29 I. Objectives II. Checklist 1. Production Planning and Control 2. Cost Accounting 3. Inventory Control
4. Logistics/Shipping/Customs 5. System Application Controls VII. EMPLOYMENT AND COMPENSATION Page 30 - 33 I. Objectives II. Checklist 1. Hiring, Classification and Compensation 2. Payroll 3. System Application Controls VIII. FIXED ASSETS Page 34 - 36 I. Objectives II. Checklist 1. Purchasing and Disposing of Assets 2. Depreciation of Assets 3. Asset Control and Safeguarding of Assets 4. System Application Controls IX. TREASURY Page 37 - 38 I. Objectives II. Checklist 1. General Treasury Accounting 2. Financing 3. Investment Process 4. Foreign Exchange 5. System Application Controls X. CONTRACTS AND COMMITMENTS Page 39 I. Objectives II. Checklist 1. Negotiation 2. Corporate Commitments 3. Obtainment of Intellectual Property Rights.
Introduction 1. Background In recent years there have been recurring themes on internal control weaknesses, including: non-compliance with [company]'s policies and procedures, inadequate segregation of duties, ineffective processes causing material impact, and insufficient due diligence over channel and vendor management. The existence of control weaknesses increase the risk of loss or under-utilization of resources. Sub-optimal decisions may be made because of inaccurate financial or operational data. The impact of inadequate controls overall, can be significant. 2. Objective The primary objective of the Sales Office Guide is to increase the focus and awareness on internal controls and to provide guidelines for initial assessment, continuous monitoring and improvement. This guide should help ensure the existence of basic and consistent internal controls throughout [company]. 3. About the Guide This guide covers [company]'s significant business cycles and the corresponding control environment. In management's selection of procedures and techniques of control, the degree of control implemented is a matter of reasonable business judgement. The common guideline that should be used in determining the degree of internal controls implementation is that the cost of a control should not exceed the benefits received. This guide should be considered as one of many inputs to the process, and it should not serve as a substitute for the professional judgement of the user. Other inputs to this process include Corporate Policies and Procedures and other professional experience.
The consideration points in this guide are not meant to be an all inclusive listing nor will all points be relevant. Due to the diversity in the nature of [company]'s operations and geographical business environments, the usage and applicability of this guide may vary. This guide should be used with discretion by field office controllers. 4. Key benefits of using this Guide are: 4 Consistent Internal Controls throughout [company] 4 Proactive assessment of the adequacy of the control environment 4 Prioritized identification of financial and operational risks 4 Assistance in preparing detail action plans to improve control environment 4 Assistance in facilitating changes 4 Promotion of accountability, ownership and empowerment 4 Facilitation of clear communication on the status of the control environment to all levels of management 4 Assistance in defining of roles and responsibilities 4 Tool for continuous improvement of control environment 5. Internal Controls at [company] Internal control is defined as a process effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 4 Effectiveness and efficiency of operations 4 Reliability of financial reporting and information 4 Compliance with applicable laws and regulations Control environment reflects the overall attitude, awareness and actions of management, as to the importance of control and the emphasis given to control in the company's policies, procedures, methods and organizational structure. The control environment encompasses management's attitude toward the development of accounting estimates and
its financial reporting philosophy, and is the context in which the accounting system and internal controls operate. [company]'s significant business cycles are: 4 Management reporting/Measurements/Planning & Analysis 4 Revenue 4 Purchasing 4 Inventory, Production and Customs 4 Employment and Compensation 4 Fixed Assets 4 Treasury 4 Contracts and Commitments 6. The approach for evaluating internal controls Is to consider six broad control objectives that affect the reliability of information in the business cycles mentioned above. 4 Segregation of Duties Procedures are in place to ensure that employees with the responsibility for recording or reporting transactions do not have custody to the assets on which they are reporting. 4 Authorization Controls are in place to ensure that transactions are executed in accordance with management's general or specific authorization. 4 Access to Assets
Controls are in place to ensure that access to assets is permitted only in accordance with management's authorization. 4 Asset Accountability Controls are in place to ensure that amounts recorded for assets are compared with the existing assets at reasonable intervals, and that appropriate action is taken regarding any differences. 4 Recording Controls are in place to ensure that all transactions are recorded and that all recorded transactions are real, properly valued, recorded on a timely basis, properly classified, and correctly summarized and posted. 4 System Application Controls System application controls are an integral part of the internal control structure over each business cycle. While assessing the internal controls over each cycle, full consideration should be given to the adequacy of the system/application controls. 7. Internal Controls Assessment and Action Plans This guide has been designed for each business cycle to provide internal control consideration points. The first step is to identify the areas of risk with a view of focusing attention on priority areas. Based on the risk analysis, each user should develop e Action Plans which should be tailored to the user's own specific organization. 8. Assessment levels
Based upon the results of the process, overall quality of internal controls may be classified as follows: Effective Controls exist when controls over the environment, business cycles, and informational systems are in place, and function as designed, so that the organization can achieve its financial goals, prevent loss of resources, and prepare timely reliable financial and operational data. Opportunities for Strengthening Controls exist when controls over the environment, business cycles, and informational systems are not always in place or not always strictly followed. The absence of mitigating controls could result in the organization not achieving its financial goals, preventing loss of resources or preparing timely reliable financial and operational data. Ineffective Controls exist when critical controls over the environment, business cycles, and informational systems are not in place or do not function as designed and would give rise to the risk of material exposure to the organization. 9. Materiality For the purpose of usage in this guide, materiality is defined as the lower of 1% of the organization's gross revenue or gross expense. Materiality is irrelevant for violation of laws, regulations and [company]'s code of business conduct. 10. Frequency Assessment should be conducted annually at minimum; however, the guide should be referenced and updated for tailored usage for continuous improvement.
I. Control Environment I. Objectives Adequate controls exist in the organizational structure and methods of assigning authority and responsibility. 1. Structure 2. Management's Control Consciousness 3. General Controls II. Checklist 1. Structure The organizational structure provides the overall framework for planning, directing, and controlling operations. Within an effective organizational structure there are appropriate methods for assigning authority and responsibility to ensure a clear understanding of reporting relationships and the achievement of entity wide objectives. ¨ Organizational structure is appropriate for the size, operating activities, and locations of the entity. Duplication of responsibilities/tasks does not exist in the current organizational
structure. ¨ Staffing is appropriate, particularly with regard to knowledge and experience. ¨ Roles and responsibilities are clearly defined, documented and communicated. ¨ Local signature authority policy is established, current and is in compliance with Corporate policy. ¨ Appropriate segregation of incompatible activities exist. ¨ Appropriate policies and procedures around acceptable business practices, conflicts of interests, security practices and code of business conduct have been established and adequately communicated and reinforced. ¨ Ownership is assigned for each information system applications. Management review and timely modifications to the organizational structure in light
of changed conditions. ¨ Management review and update of information system plans and strategies in light of changing business requirements.
2. Control Consciousness Management's control consciousness and operating style have a significant influence on the control environment, particularly when management is dominated by one or a few individuals. In an effective control environment, management's control consciousness and operating style creates a positive atmosphere that is conducive to the effective operation of the accounting system and controls, thereby reducing the risk. Commitment to integrity and ethics is communicated effectively throughout the
organization, both in words and deeds. ¨ Sufficient due diligence has been performed and adequate consideration on the potential effects has been given prior to taking large or unusual business risks. ¨ Management is aware of how much pressure is put on personnel to achieve performance targets and to what extent compensation is based on achieving those performance targets. ¨ Business objectives are established, communicated and monitored. Management established a control environment that minimizes biases that may
affect accounting estimates and other judgements. ¨ The currently established control environment encourages rewarding those who met objectives, but prevents circumventing controls. ¨ Management takes appropriate disciplinary actions in response to departures from approved policies and procedures or violation of the code of business conduct. 3. General Controls There are numerous other influences on management that can have a significant impact on the effectiveness of the internal control environment. Management control methods affect management's direct control over the exercise of authority delegated to others and its ability to effectively supervise overall activities of the company. Effective personnel policies and practices have a positive influence on the company's ability to employ sufficiently competent personnel to accomplish its goals and objectives. An internal control structure should be self-monitoring and self-correcting. The company should have mechanisms to continually monitor and maintain the internal control structure and take corrective action in a timely fashion, when necessary.
¨ Management's financial and operating goals and objectives are defined and measurable. ¨ The accounting close practices followed at interim dates are substantially the same as those at year end, thus interim results are not misstated. ¨ Actual and planned performance variances are investigated and appropriate corrective actions are taken. Changing business conditions are reflected timely during the quarter through an
update or forecasting process. ¨ Management has established procedures to prevent unauthorized access to, or destruction of, hard or soft documents or records. ¨ Standard procedures exist for hiring, training, motivating, evaluating, developing, compensating, and terminating employees that are applicable to all functional areas. ¨ Written job descriptions and reference manuals exist. ¨ The policies and procedures are clear, communicated, updated and revised on a timely basis. ¨ Employees who have access to cash, securities, and other valuable assets are bonded. ¨ Cash, securities and other valuable assets are adequately maintained in a se cured location. ¨ Periodic job performance evaluation and review is performed for each employee. ¨ Procedures are in place to continually monitor and maintain the internal control structure. ¨ Policies and procedures are in place to assure that corrective action is taken on a timely basis, when necessary. ¨ Policies and procedures are in place to ensure local laws and regulations are identified and complied with. ¨ Current control architecture allow efficient management of custom and duty issues. ¨ Records are maintained in compliance with established and approved record retention policies. ¨ Company reports and records are labeled properly with regard to confidentiality and maintained in a secured location. ¨ Employees are instructed regarding sensitivity and confidentiality of company information and records. ¨ Rotation of duties for staff in sensitive positions are performed on a routine basis.
II. System Application Controls I. Objective Adequate controls exist in the following System Application controls functions: 1. System Authorization and Access 2. System Data Integrity 3. Adequacy of System Requirements 4. Other System Controls System application controls are an integral part of the internal control structure over each business cycle. While assessing the internal controls over each cycle, full consideration should be given to the adequacy of the system/application controls. II. Checklist 1. System Authorization and Access ¨ Application and data access is restricted to those individuals with business need. ¨ An audit trail of application and data access requests and management approvals is maintained. ¨ Application security allows users to be assigned the minimum set of access privileges necessary to execute job responsibilities. ¨ Application security provides audit trails of unauthorized access attempts and those audit trails are regularly reviewed by the system owner. ¨ Application owners periodically review listing of individuals with access and revoke access for users who have terminated, transferred, or no longer require access. ¨ Distribution of reports is restricted to those individuals with business need, and application owners periodically review and update report distribution lists.
¨ Remote printers or report distribution sites are secured. 2. System Data Integrity ¨ Manually input transactions are properly authorized prior to processing. ¨ Inputs are subject to editing and validation, including duplicate and completeness checks. ¨ The authenticity of the transaction source is validated. ¨ Application controls ensure all transactions input are processed. ¨ Proper cutoff of transactions are observed between accounting periods. ¨ Rejected items require reentry on a timely basis subject to the same input controls as new transactions. Application systems provide audit trails of significant transaction activity.
3. Adequacy of System Requirements ¨ Processor and network resources are sufficient to enable adequate on-line response and timely processing. ¨ Approved service level agreements with information processing service providers are in place. ¨ Ongoing technical support is adequate to resolve processing problems quickly and effectively. ¨ Software and data are methodically backed up and stored on-site to allow timely recovery from a hardware or software component failure. ¨ A second copy of software and data is stored off-site at a reasonable distance from the processing location to allow timely recovery from a site disaster. ¨ Alternate processing arrangements are in place to allow hardware and network connection to be replaced in the event of a site disaster. 4. Other System Controls ¨ User procedures and documentation are adequately detailed and up to date.
¨ Changes in application software are controlled in a manner that ensures only tested and authorized changes are applied to production systems. III. Management Reporting/Measurements/Planning & Analysis I. Objectives Adequate controls exist in the following management reporting cycle functions; 1. Accumulation of Data 2. Processing and Reporting of Financial Information 3. Budget to Actual Analysis 4. System Application Controls The process and reporting structure is in place to review financial results on a timely basis, reporting is sufficient to provide management with timely information reflecting the state of the business and local financial plans and measurements are reviewed and approved by Corporate. II. Checklist 1. Accumulation of Data
¨ Accounting policies and procedures are established and in accordance with GAAP. ¨ Policies are established and followed with regard to standard and non-standard journal entries. ¨ A process is in place to prevent duplicate postings to the GL. ¨ Asset accounts are reviewed periodically to ensure accurate reflection of net realizable values. ¨ Procedures are in place to ensure that all known liabilities are properly recorded as an accrual/payable. ¨ Journal entries are input to GL in an accurate and timely manner. 2. Processing and Reporting of Financial Data ¨ Controls are established and followed to ensure all journal entries have been processed. ¨ Financial records and reports are properly safeguarded. ¨ Adherence to monthly, quarterly, and annual closing and reporting schedules are strict and consistent. ¨ Reporting is adequate to ensure effective and coordinated cross functional management. ¨ Consolidation, reclassification and other adjustments of GL balance into financial formats are explained and documented to support the financial statements and are appropriately approved. ¨ Procedures and responsibilities are established and followed to ensure timely and accurate preparation, review and approval of external financial reports including reports to regulatory bodies. Analysis on actual versus plan variance is routinely completed and all significant
variances are researched and explained and documented. ¨ All legal reporting requirements are strictly adhered to. ¨ All related party transactions are properly identified and recorded. The process is sufficient to provide management with timely financial information
in order to make prudent business decisions. ¨ The reporting packages contain sufficient measurements and analysis to support management decisions and the growth of the company. ¨ Financial goals are established and measured in a timely manner.
¨ Orders and backlog measurements and analysis are sufficient to support timely business decisions. ¨ Reconciliation of management books vs. US GAAP book and statutory/tax book is completed timely, accurately and reviewed by management. ¨ Assets are properly planned for and managed. ¨ Expenses/costs are maintained and managed within the budget. 3. Budget to Actual Analysis ¨ Budget to actual comparisons are routinely performed. ¨ Budget to actual variances are identified, investigated and a root cause analysis is performed and communicated to management. ¨ The process is established for developing quarterly and annual plans. 4. System Application Controls Please refer to Section II, Page 12-13. IV. Revenue I. Objectives Adequate controls exist in the following Revenue business cycle functions; 1. Pre-order and Sales Order Process 2. Billing and Recording Sales 3. Revenue Recognition and Reserve Account Activities 4. Maintaining and Monitoring Accounts Receivable
5. Granting Customer Credit, Collection Procedures, Recording and Controlling Cash Receipts 6. Returned Product Authorization 7. Marketing and Sales Programs 8. Partner/Distributor programs 9. System Application Controls II. Checklist 1. Pre-order and Sales Order process ¨ Ensure only valid and approved orders are entered into the order entry system. ¨ Quotes include date, product code/specification, prices, discounts, payment, taxes and other terms and conditions. ¨ Non-standard discounts and terms should be approved according to established policies. ¨ Approved policies should be reviewed and updated on a periodic basis. ¨ Prices should agree with local price book. ¨ Customer purchase orders should reflect the information contained in the quote. ¨ Margin analysis is performed for all non-standard discount deals and exceptions. ¨ Binding sales contract or valid customer PO is received and executed prior to booking order. ¨ Access to order entry system is limited to appropriate personnel (i.e. controls exist to restrict unauthorized access and ensures separation of duties). ¨ All valid sales orders are processed timely. ¨ Delinquent orders are researched and resolved in a timely manner. ¨ Rejected orders are isolated, reported, analyzed and corrected. ¨ Hold orders are expedited properly. ¨ Change order management is in place. ¨ Export control checklist should be completed and order should be reviewed for diversion risk and anti-boycott regulations, DPL and nuclear weapons regulations. ¨ Sales to passport customers have been properly identified and sales credits have been allocated to correct geographies. ¨ Passport sales agree with terms in price in global agreement/contract.
¨ Discounts/rebates or any other sales promotions are properly documented and approved prior to processing/issuance. ¨ For special sales promotions involving rebates, future discounts are used to reimburse the partners. Cash rebates are not used. ¨ Comprehensive checklist exists to determine the completeness of processing. 2. Billing and Recording Sales ¨ Access to invoice function and data records is restricted. ¨ Invoices are accurate and authorized as to terms and conditions. ¨ Invoices are matched with orders and shipping documents. Exceptions are investigated. ¨ Invoices are properly recorded in a timely manner. ¨ Appropriate credit approval is reviewed by Order Administrator. ¨ Appropriate cut-off procedures exist to ensure propriety of revenue recognition. ¨ Segregation of duties from shipping and accounts receivable functions exist. ¨ Controls are adequate to ensure all shipments are invoiced. 3. Revenue Recognition and Reserve Account Activities ¨ Revenue was recognized in the correct period. ¨ Product was shipped in the proper period and ownership has transferred from [company] to Customer. All significant acts of performance have been complete with no contingencies
(contractual obligations). ¨ If required, all export requirements have been met. ¨ No right of return exists. If partial shipment, ensure revenue recognition is in compliance with policy.
¨ Review the following considerations and ensure compliance to policy: System delays, early delivery, leases and special financing arrangements, freight forwarders, third party vendors, vendor drop ships, bundling of 3rd party goods, system integration, service contracts, royalties, training/consulting/time & materials,
billback/restocking/rescheduling/cancellation charges, prompt payment discounts, rights to return of exchange software, and keys/authorization code delivery. Reserve account balances are appropriate, supported and approved.
¨ The adequacy of reserve account balance is reviewed periodically. 4. Maintaining and Monitoring Accounts Receivable ¨ Segregation of duties from billing and cash receipts exist. ¨ Accounts are reconciled timely, reviewed by management and properly stated. ¨ Collection is reconciled to each transaction. ¨ Sales/Shipments are posted to customer accounts on a timely basis. ¨ Reserve accounts are established and maintained/adjusted in compliance with corporate policy and include a reserve for bad debt, returns and allowances and customer allowances. ¨ A/R aging reports are reviewed on a periodic basis and appropriate actions are taken. ¨ Cash is applied timely. ¨ Unapplied cash are monitored and cleared on a timely basis. ¨ A/R miscellaneous adjustments are reviewed and approved. ¨ A/R write-off amounts are properly reviewed and approved. 5. Granting Customer Credit, Collection Procedures and Recording and Controlling Cash Receipts ¨ Local credit policies and procedures are up to date and in compliance with [company]'s corporate guidelines. Credit limits established on an individual customer basis.
¨ Adequate process and resource are used for validating a customer's credit worthiness. ¨ Credit limits compared with actual credit granted prior to order acceptance or shipment. ¨ Credit limits and credit history are reviewed on a periodic basis and appropriately adjusted. ¨ Deviations to credit limits are properly approved.
¨ Separation of duties exist among Shipping, A/R, credit and collections and cash functions. ¨ Controls exist to detect and monitor transactions for the customers with delinquent receivables. ¨ DSO goals established and reviewed by management. ¨ Credit memos are properly approved, numbered sequentially and processed timely. ¨ Policies and Guidelines are established for LC (Letter of Credit) transactions and are in compliance. Finance has the sole authorization for establishing credit limits.
¨ Payroll is provided with timely reports of delinquent accounts, revenue adjustments and write-offs to adjust commissions calculation. ¨ Sales reps are involved and work with finance to collect outstanding invoices. ¨ Cash receipts are secured upon receipt and deposited in a bank as dictated by good business practice. ¨ Access to cash receipt processing and data records is restricted. ¨ All cash receipt data is processed accurately and timely. ¨ Cash receipts are properly applied to accounts receivable. ¨ Cash receipts data is completely and accurately accumulated for data records. ¨ Cash receipt logs are reconciled to the bank statements monthly. ¨ Written collection procedures exist and are in practice. ¨ Collection efforts are documented. 6. Returned Product Authorization Local guidelines exist and are in compliance with corporate policy for product
return process. ¨ Returned items are safeguarded, recorded and credit issued appropriately. ¨ A tracking number is given to customers to use/authorize the return of product. Returned items are stored in a separate/locked area away from good/new inventory.
¨ Local guidelines exist and are in compliance with corporate policy for disposition of returned product. ¨ Credit is issued only for authorized returns. ¨ Controls in place to ensure that commissions are reduced for returned products. 7. Marketing and Sales Programs
¨ All Marketing and Sales Programs have been approved and administered in accordance with corporate/local policies and guidelines. ¨ Localization of marketing programs is effective and periodically measured. IB compensation is in line with and accurately reflects the result of marketing
programs. (Ensure that controls exists to increase or decrease compensation based on product returns, etc). ¨ Process and controls in place to ensure MSP (Marketing Support Program) activities are in accordance with Corporate and Local policies and procedures. · MSP provider qualification process and policy is established. · Written pre-approval of the account/project exists. · A fixed fee for MSPs should be clearly stated in MSP contracts. · An exception policy is established and applied consistently across the board. · Approval of documentation and payment amount by finance director. · MSP service fee should always be paid to MSP provider's company name. 8. Partner/Distributor Programs ¨ Ensure properly reviewed and signed contracts are in place. ¨ Nondisclosure Agreements are in place for all partners and distributors. ¨ Recruiting procedures and guidelines exist. ¨ Training and certification process is established and maintained. ¨ Customer Support Process is established. ¨ MDF (Marketing Development Fund) activities are in compliance with corporate guidelines. ¨ Partner satisfaction measurement mechanism exists and are managed. ¨ Partner Inventory levels are monitored and managed as per agreement. ¨ Advertising efforts, direct marketing and marketing campaigns are properly approved, cost effective and measured. 9. System Application Controls Please refer to Section II, Page 12-13.
V. Purchasing I. Objectives Adequate controls exist in the following Purchasing business cycle functions; 1. Vendor Selection 2. Purchasing 3. Receiving and Vendor Invoices 4. Accounts Payable 5. Cash Disbursements 6. Discounts 7. Accrued Liabilities 8. Cash Management 9. System Application Controls II. Checklist 1. Vendor Selection ¨ Policies and procedures for handling Vendor Selection and Maintenance of the Approved Vendor List (AVL) are understood and followed. ¨ In compliance with MRO purchasing standards and guidelines. ¨ In compliance with FCPA guidelines. ¨ Competitive vendor selection process established and selection criteria specified and adhered to. ¨ Bids received for supply contracts and selections criteria are documented and maintained on file. ¨ Background checks ([company]Screen) are performed in accordance with [company] policy. ¨ Vendor set up is authorized in accordance with signature authority policy. ¨ Vendors are selected based on TOCO (total cost of ownership) criteria. ¨ Segregation of duties exist between Vendor selection responsibility and disbursement/accounting. ¨ Responsibility for vendor selection does not exclusively reside with the purchasing department. ¨ System is able to indicate who authorized vendor setup. ¨ AVL is periodically reviewed and updated. ¨ Vendor contracts document all agreed-upon terms, including dates, prices, payment terms, etc. ¨ Process exists for evaluation of terminated contracts.
2. Purchasing ¨ Local Purchasing Policies and Procedures in compliance with Corporate policy are established and understood by employees. ¨ Appropriate approvals and authorizations are reflected in the local signature authority policy and are complied with. ¨ The control architecture is adequate to ensure proper review and approval of purchasing activities. ¨ Access to purchasing data files, programs and related records is restricted. ¨ POs are placed only with vendors on the AVL. ¨ Purchasing responsibilities are segregated from disbursements, receiving and accounting activities. ¨ Timely and reliable PO setup process and maintenance is established. ¨ Prenumbered POs are prepared which identify suppliers, quantities, prices and freight terms on all purchases. ¨ PO numbers are not re-used. ¨ System is able to indicate who set up/authorized POs. ¨ Rejected purchasing data is isolated, analyzed and corrected. ¨ Spares reorder process exists, if applicable. ¨ Receiving procedures ensures adequate substantiation of receipt of goods prior to payment. ¨ Local policy requires written quotes and bidding process for purchases over a certain threshold. ¨ Where the payment approval process is primarily carried out by a third party, there are adequate controls to ensure that all payments made on our behalf are valid and represent value for money. 3. Receiving and Vendor Invoices ¨ Vendor invoice log exists. ¨ All vendor invoices are received in a central location and logged. ¨ Voucher log exists. ¨ Vouchers are numbered sequentially. ¨ System indicates when an invoice has been received against a PO. ¨ Where invoices are sent to an outside service, a log is maintained and reconciled. ¨ Access to receiving functions and data records is restricted. Segregation of duties from purchasing, shipping and accounting function exist.
Quantities and quality of received goods are verified before a bill of lading is signed
and receiving reports are prepared. ¨ Receiving data is matched with purchase orders and differences are investigated timely and properly maintained. ¨ Data on all, and only goods received is entered for processing accurately, completely and only once. ¨ Rejected or unmatched receiving reports are isolated, analyzed and corrected in a timely manner. ¨ Procedures are established to prevent payment for: · Rejected goods · Over or short deliveries · Price differences · Returned goods ¨ Merchandise received is properly safeguarded. ¨ Adequate controls exist over returns to vendors: · The return process is properly documented and understood by employees. · All returns are completely processed and recorded. · Balances for returns which no credit note has been received, are regularly reviewed and followed up in a timely manner. · Credit notes for returns are properly approved and processed in a timely manner. 4. Accounts Payable ¨ Segregation of duties from purchasing and receiving exist. ¨ The procedures are documented and properly understood by A/P employees and the employee who authorizes the payment. ¨ Vendor invoice data for goods received is matched with purchasing and receiving data and the differences are investigated timely. ¨ Significant A/P balances are reconciled with supplier statements on a periodic basis and differences are investigated and resolved. ¨ A/P is recorded promptly upon verification of receipt of goods and services. A/P is relieved immediately upon payment of invoices.
¨ Proper classification of expenses. ¨ A/P balance per G/L is reconciled monthly to the A/P subsidiary ledger in a timely fashion. Reconciliations are reviewed, approved and unexplained differences are followed up. ¨ A/P aging is maintained and monitored for accuracy.
5. Cash Disbursements All disbursements are properly approved within signature authority guidelines.
¨ There is adequate segregation of duties between check signers, accounting, receiving and vendor validation. ¨ Requests for disbursements are always supported by the original invoice and valid POs and receipts prior to payment. Discrepancies are verified and sent for approval prior to payment. ¨ All disbursements are properly and accurately recorded in accounting. ¨ All vendor discounts should be taken if the invoice is paid within purchase order or invoice terms. ¨ Payments are made as close to the due date as possible. ¨ No checks are made to Cash or Bearer. ¨ Control is in place to prevent duplicate payments. ¨ A/P checks prices and arithmetic on vendor invoices. ¨ Check signing procedures, including check signing instruments, have adequate controls. ¨ Signed checks are mailed immediately without returning to requestors. ¨ Returned payments are adequately controlled and followed up to determine if the payment was legitimate. Checks are voided and the bank account balance appropriately adjusted. ¨ Checks are signed in compliance with the local signature authorization policy. ¨ The A/P system indicates when an invoice has been paid. ¨ The A/P system indicates who authorized payment. ¨ Invoices are marked as paid. ¨ Only authorized individuals can fax/isofax invoices to the ASC for payment. ¨ Checks and wire transfers are numbered sequentially. ¨ Checks and wire transfers are kept in a secured location, with only authorized access allowed. ¨ Stored checks are inventoried and reconciled each month. ¨ Check tampering prevention techniques such as high resolution microprinting, security inks, watermark backers, etc. are used. ¨ For disbursements that have no invoice, PO, or receipt, procedures are in place for appropriate review and sign-off prior to payment. ¨ FCPA compliance.
¨ Bank statements are reconciled monthly to the cash account. Reconciliations are reviewed, approved and unexplained differences are followed up. ¨ Bank statements are mailed directly to the person responsible for reconciling the cash accounts. ¨ Cash account reconciliations are performed monthly by someone who does not have access to adjust cash or A/P accounts. ¨ Cash account reconciliations are reviewed and approved, and all unusual/old reconciling items are promptly followed up. 6. Discounts ¨ Adequate control exists to ensure all vendor discounts are taken. · Regular reports are produced showing total discounts available and actual discounts taken. · Management reviews discounts taken on a regular basis. 7. Accrued Liabilities ¨ Thresholds are established that are within the local regulations and GAAP standards for the accruing of goods and services received but not billed prior to period end. ¨ Standard amounts or amounts calculated according to previously established formulas are accrued at period end when expenses incurred have not been billed. ¨ An analytical review is performed to ensure that all accruals are picked up at period end. ¨ Accruals are reversed in subsequent periods. ¨ The following are accrued at each reporting period: · A/P · Payroll · Redeployment reserves · Product upgrade reserves · Product performance liability reserves · Product warranty reserves · Reserves for Sales and Marketing activities
8. Cash Management ¨ Local cash management policies and processes are optimal in terms of security, liquidity and return. ¨ Local funds are adequate to meet the operating needs of the business. ¨ The number of local bank accounts and their purpose optimizes operating control and efficiencies. ¨ Ensure that separate bank accounts are maintained for payroll, disbursements, and lock box deposits. ¨ Funds awaiting repatriation to the US are invested in highly liquid interest-bearing investments having a maturity of 30 days or less. Investments have the unqualified backing of a [company]-approved bank, and are
held in a [company]-approved bank. ¨ Funds are repatriated to the US in a timely fashion. ¨ Controls over fund transfers (including wire transfers to third parties, and transfers between company bank accounts) minimize the risk of unauthorized transactions. ¨ FX(Foreign Exchange) hedging activities are not done locally. ¨ Local policies and procedures for paying vendor invoices are reasonable and in line with local business practices. ¨ All employees responsible for cash transactions are adequately bonded. ¨ Adequate control and procedures exist for Customer's payments for purchases by mailing checks directly to the sales office, remitting payments to lockbox account or where sales reps or delivery personnel collect cash from customers. ¨ Deposits into the lockbox account are immediately made available to the company by zero-balancing into the disbursements account. ¨ Miscellaneous cash receipts (local cash sales of inventory, miscellaneous sales such as obsolete equipment, company store, cafeteria and vending machine receipts, employee reimbursements, etc.) are adequately controlled and recorded, physically secured and deposited daily into the disbursement account. ¨ System access is adequately segregated and restricted. Local policy exist on petty cash including maximum transaction $ limits, and the
types of transactions that are allowable (check cashing, small purchases, employee advances, etc.). ¨ Petty cash is kept at a physically secure place. 9. System Application Controls
Please refer to Section II, Page 12-13. VI. Inventory, Production and Customs I. Objectives Adequate controls exist in the following Inventory, Production and Customs business cycle functions: 1. Production Planning and Control 2. Cost Accounting 3. Inventory Control 4. Logistics/Shipping/Customs 5. System Application Controls II. Checklist 1. Production Planning and Control ¨ Adequate sales forecasts are prepared and approved by management. ¨ Production schedules, inventory budgets and labor and material requirements planning are based upon the sales forecasts. ¨ Product manufacturing is authorized in accordance with the production plan prior to manufacturing being undertaken. ¨ Capacity planning has been performed. ¨ Bills of materials are established and updated based upon current manufacturing usage. 2. Cost Accounting ¨ Inventory standards are established and revised regularly through joint efforts of Manufacturing, Purchasing and Accounting.
¨ The cost accounting system provides adequate manufacturing cost, standard costs and other information needed to properly value inventory and cost of goods sold. ¨ The cost accounting system provides an accurate classification of costs between fixed and variable costs, in particular costs related to materials, labor and overhead. ¨ Product costs are properly recorded in a timely manner. ¨ OCOGS(Operating Cost Of Goods Sold) are properly identified, accounted for and explained. ¨ Variance analysis of standard costs to actual manufacturing costs is performed and discrepancies are investigated and resolved timely. ¨ Overhead cost allocations are based on a sound methodology and are periodically reviewed. ¨ Adjustments to standard costs are properly approved. ¨ Inventory reserves are established, applied consistently and reviewed periodically for reasonableness. 3. Inventory Control ¨ Segregation of responsibilities between those individuals who own the inventory and those responsible for performing test counts exist. ¨ Procedures are established to control the receipt and transfer of inventory into, within, and out of the facility. ¨ Inventory in transit or at vendor sites are properly identified, accounted for and physically inspected. Monthly cut-off procedures are established to ensure all receipts and disbursements
of inventory are properly recorded. ¨ Inventory is safeguarded against loss and high value parts are segregated. ¨ Policy, procedures and written instructions exist and are updated as to physical inventory counts. ¨ Individuals performing the counts are qualified and properly supervised. ¨ Damaged, obsolete, scrap and consigned inventory is identified and segregated to facilitate appropriate inventory recognition. ¨ The Returned Merchandise Authorization(RMA) process is in place and functioning effectively to allow proper tracking and controls over inventory returns from customers. ¨ Controls are effective over the remanufacturing and scrap processes to allow accurate tracking of inventory movements and sales.
¨ Reconciliation of the physical inventory counts to the perpetual inventory records are performed. Significant variances are investigated and reported to operational financial management. ¨ Inventory losses are properly investigated and the reason for shrinkage is properly documented and authorized before entries are processed in the inventory system or general ledger. ¨ Inventory is protected against physical deterioration and is insured against loss. ¨ Inventory is valued at "lower of cost or market" with cost determined on a FIFO(First In First Out) basis. ¨ Inventory adjustments are approved by the appropriate level of authority. ¨ Inventory reserves for shrinkage, excess/obsolete and pricing have been recorded and reviewed quarterly. ¨ On-site Inventory is physically secured, and inventory on consignment or located off-site is adequately controlled (i.e., ISV and [company]PS inventory). ¨ Accurate detailed inventory subsidiary records are maintained and reconciled monthly to the G/L. ¨ FIFO calculation is accurate and inventory reserve is reasonably stated. 4. Logistics/Shipping/Customs ¨ Import/Export procedures are in compliance with US and Local export regulations. Local procedures for controlling sales to "ineligible individuals", "controlled trade
countries" and "embargoed countries" exist. The most up-to-date list of denied entities is maintained locally.
¨ The local office has procedures for determining whether there is any connection between the customer and the denied entity. The evaluation may be based on personal knowledge of the customer, customer annual report, commercial business evaluation report, and/or customer inquiries, etc., as deemed appropriate. ¨ Segregation duties of shipping from sales, billings, cash receipts and accounting function exist. ¨ Shipping area is physically secure, access is restricted and shipping documents are controlled. ¨ Shipment of inventory are based upon properly approved sales orders and quantities are verified. ¨ Shipping documents are controlled (prenumbered and filed in accounting). ¨ Rejected shipments are isolated, reported, analyzed and corrected timely.
¨ Due diligence is performed on outsourced functions. Formal scorecarding take place and clear responsibility exists over outsourced vendor management. ¨ Freight and duty costs are compared with units shipped. ¨ Carrier signs for all inventory transported. ¨ Procedures are established to prevent and detect duplicate and partial shipments. ¨ All products shipped are invoiced. 5. System Application Controls Please refer to Section II, Page 12-13. VII. Employment and Compensation I. Objectives Adequate controls exist in the following Employment and Compensation business cycle functions: 1. Hiring, Classification and Compensation 2. Payroll Process 3. System Application Controls II. Checklist 1. Hiring, Classification and Compensation ¨ Local policies and guidelines as to hiring, promotions, transfers, and terminations are established and are in compliance with local regulations and corporate policies. ¨ Hiring practices, working hours and conditions meet all legal requirements. ¨ HR responsibilities are segregated from payroll distribution and accounting. ¨ Proper approvals are obtained over all hiring, promotions, transfers and employee terminations. ¨ Compensation to employees(permanent and temporary) are at authorized rates and in the proper job classification. ¨ Changes to compensation and spot bonuses are properly approved.
¨ Employee benefits are in compliance with local regulations and corporate guidelines. It is approved and administered by an appropriate Human Resource employee. ¨ All compensation and benefit documentation is maintained in HR and is periodically updated. ¨ Performance evaluations are conducted by the employee's immediate supervisor. ¨ HR policies apply to all employees and are approved by management. HR conducts exit interviews with terminated employees and communicates the
feedback to management. ¨ HR periodically reviews salary ranges and benefits to ensure it is competitive in the industry and in the local market. ¨ HR provides a counseling service for disgruntled employees. ¨ HR and Managers understand the process for Hiring and Firing employees. ¨ Job descriptions are established for all employees. ¨ Goals are established for all employees. ¨ Increases & Bonuses are in compliance with corporate/local guidelines and support [company]'s goals. ¨ Reviews are conducted on employee turnover rate and causes. The result is assessed for reasonableness and compared against market trends. ¨ Employee training and development programs are in place. They are effective and in line with corporate/local goals. ¨ Local government requirements for handling employees are understood and adhered to. ¨ Consultants or temporary workers on site are treated appropriately and in compliance with corporate directives and/or local laws. ¨ For all employees including temporary employees or consultants, [company]screen or its equivalent alternative has been completed and/or a process has been established that is in compliance with local laws. ¨ Evaluations have been completed timely and reviewed/approved according to corporate requirements. ¨ [company]'s Standards of Business Conduct guidelines have been required to be reviewed and signed by all employees . A process to renew on a periodic basis is established. ¨ Non-disclosure agreements during employment at [company] signed by all employees including consultants and temporary employees. II. Payroll
¨ Access to compensation and benefit data records is restricted. ¨ Records of hours worked or other periodic data used as basis for calculation of compensation are reviewed and approved. ¨ Rejected compensation and benefit data is isolated, analyzed and corrected timely. ¨ Actual salary expenditures are compared to budgets and material variances are investigated. ¨ Payroll is prepared from the payroll database and approved reporting records. ¨ Payroll earnings records are reconciled to the payroll register and GL. ¨ Duplicate or unauthorized payroll source data is not processed. ¨ Check signing instrument and signature plates are secured and custody is segregated. In addition, its usage is logged and monitored. ¨ Persons responsible for the distribution of payroll checks have no other personnel or payroll responsibilities. ¨ Payroll records are periodically reconciled to personnel records. ¨ Records of employee's vacation is maintained. ¨ ESC(Employee Status Change) forms are used and HR approves all salary adjustments, hourly rate changes, new hires and terminations before Payroll processes them through the payroll system. ¨ Controls ensure that payroll clerks cannot make unauthorized entries into the payroll system. Payroll clerks cannot destroy hard copy printouts of payroll changes. ¨ Preparation and approvals of time summaries, maintaining personnel files, paycheck printing and distribution and payroll notice approvals are all separate and independent functions. Recruiting and hiring functions are performed independently of the payroll function.
¨ Payroll reports (i.e. hard copy, CD ROM) are adequately secured from unauthorized access. ¨ Payroll database and HR database are reconciled and approved on a monthly basis. Payroll check printing and mailing functions are adequately secure from
unauthorized access. ¨ Stored payroll checks (computer and manual) are inventoried and reconciled each month. Checks are kept in a secured location, with only authorized access allowed. Payroll identifies and follows-up on unclaimed payroll checks. These checks are
returned to a department other than payroll for voiding. ¨ All individuals authorized to wire funds are independent of the payroll processing function. ¨ An independent individual reconciles the payroll bank account.
¨ Sales commissions are accurately calculated and paid. Controls ensure that only qualifying individuals are paid commissions. Method of calculation and approved commission plan agrees. ¨ For employees who are paid in both local currency and US$, payroll records should reflect the full amount of salary, bonus, stock options and any other forms of compensation, and meet the local tax withholding obligations. ¨ Password is known only to the authorized system application operator and is adequately protected and periodically changed. ¨ For exiting employees, vacation payout, severance and final hours worked are handled appropriately and accurately. ¨ Paid time off is appropriately authorized and does not exceed the balance available for the individual. ¨ Adjustments are properly authorized and processed in a timely manner for the proper payroll period. 3. System Application Controls Please refer to Section II, Page 12-13.
VIII. Fixed Assets I. Objectives Adequate controls exist in the following Fixed Asset business cycle functions: 1. Purchasing and Disposing of Assets 2. Depreciation of Assets 3. Asset Control and Safeguarding of Assets 4. System Application Controls II. Checklist 1. Purchasing and Disposing of Assets ¨ Appropriate evaluation of investments performed and relevant approvals obtained. ¨ Written purchase and disposal policies and procedures exist and are adhered to. ¨ Proper review of the calculations of gain on sales of fixed assets exist to ensure proper GAAP and local accounting treatment.
Timeliness and reliability of purchase and disposition data recorded to the subledger and GL is ensured. ¨ Subledger and GL reconciliations are performed and material differences are investigated and corrected. ¨ Purchase activity is compared to capital budget amounts. ¨ Appropriate supporting documentation such as description, location, tag #, cost and accumulated depreciation is maintained. ¨ All commitments for capital expenditures are made under the authority of an approved Capital Appropriation Request (CAR) for purchases of assets that are to be fulfilled externally. ¨ Capital Asset Management System tool (CAM) are used for purchases which are to be fulfilled by the internal supply depot. ¨ Single purchases of like or related items which cost less than $3K, but which when used together to implement a single project exceed $3K, are to be capitalized. ¨ Accurate records are kept of all FA(Fixed Asset) acquisitions, transfers and dispositions. ¨ Competitive bids are obtained in accordance with local policy. ¨ FA disposals are properly controlled and proceeds accounted for. ¨ Multiple bids are received for sales of FA. ¨ Supporting documentation exists for those transactions authorized through CAR or CAM. ¨ Evidence of competitive bidding during the purchase of the assets exists. ¨ FA additions are included in the capital budget. ¨ Dispositions are approved according to the signature authority policy. ¨ Justifications for the dispositions are valid. ¨ Sales prices are reasonable . ¨ Dispositions are properly accounted for. ¨ Purchasers are identifiable. ¨ FA additions are being promptly recorded in the G/L. ¨ The value of the assets is supported by purchase documents such as invoices, and is traceable into the FA subledger. ¨ FA classification is appropriate and in compliance with policy. 2. Depreciation of Assets ¨ Depreciation policies and procedures exist and are adhered to.
¨ Guidelines exist and are followed to differentiate between capitalization and expensing of repairs, maintenance and improvements. ¨ Damaged or idle equipment is identified and appropriate expense recognition is taken. ¨ Standardized equipment classifications are maintained and are effectively utilized. ¨ Reasonable useful lives and scrap values are identified and recorded. ¨ Timeliness and reliability of depreciation recording is ensured. ¨ All FA greater than $3K are capitalized. ¨ Like items which are purchased in bulk, but whose per unit price does not exceed $3K shall be expensed. ¨ Purchases of software, tooling and upgrades are also subject to the $3K limit. ¨ Depreciation calculation is accurate and is in compliance with [company]'s Corporate depreciation policy. 3. Asset Control and Safeguarding of Assets ¨ Physical security over FA is adequate to minimize the risk of loss and damage. ¨ All fixed assets removed from site are accompanied by written authorizations, including employee's home usage. ¨ Assets are tagged with control numbers upon receipt, physically available for inspection and a log of tags is maintained. ¨ Periodic verification of fixed assets are performed and compared to detailed records. Adjustments are made as appropriate. ¨ Local practice is in accordance with Corporate policy. ¨ Regular reporting is available for department managers for all assets in use by their department. ¨ Subsidiary office FA records are accurate and current. ¨ Idle FA are promptly reported and reserved. ¨ Demo/loaner FA are adequately tracked and controlled. ¨ Year over year FA balance review is performed. ¨ Spare parts are physically secured and quantity is reasonable based on usage. III. System Application Controls Please refer to Section II, Page 12-13.
IX. Treasury I. Objectives Adequate controls exist in the following Treasury business cycle functions: 1. General Treasury Accounting 2. Financing 3. Investments 4. Foreign Exchange 5. System Application Controls II. Checklist
1. General Treasury Accounting ¨ Segregation of duties exist over investment decisions, actual investment activity, accounting and custodial responsibilities. ¨ Access to treasury records, cash and investment securities is restricted. ¨ All bank accounts and investments are in the name of [company] or its legal subsidiaries and approved by appropriate executive management. ¨ All checks (or its equivalents) requires two approved signatures. ¨ A check signatory list exists and is reviewed on a regular basis. ¨ Appropriate limits are in place for each check signatory. ¨ All recorded balances are periodically reconciled to third party supporting detail and are performed by individuals not involved in cash or custodial activities. ¨ Procedures exist to ensure financing, investment, foreign exchange and capital transactions are promptly recorded and properly classified. 2. Financing ¨ Corporate guidelines exist and is followed. All financing transactions are in compliance with the signature authority policy.
¨ Loan and other credit facility documentation is maintained on file. ¨ All financing data records are well secured and access is restricted. ¨ Transaction processing is timely and reliable. All financing agreements, debt financing agreements, guarantees and financing
leases are reviewed by legal council. ¨ Financing agreements are monitored for compliance with loan covenants. ¨ Financing agreements are entered into using sound business judgement. Cash position and flow is considered. ¨ Working capital management performed routinely and based upon sound methodology. ¨ The tax impact of treasury decisions are considered prior to entering into the transaction. Confidentiality of stockholder information is maintained.
3. Investment Process ¨ All investment decisions have the appropriate approvals and authorizations. ¨ All investment documents are properly safeguarded with a third party custodian or in a fire proof safe. ¨ Corporate guidance exists and is adhered to. ¨ Cash balances are pooled and centrally managed when possible and realistic. ¨ Considerations to forecasts are made in investment decisions. ¨ Debt holdings are considered when making investment decisions. ¨ Transaction recordation is timely and reliable. ¨ Valuation guidance exists and is followed. 4. Foreign Exchange ¨ Formal foreign exchange hedging policies and procedures exist and are followed. ¨ Foreign exchange gains and losses are reported to management on a regular basis, reconciled to the GL and significant transactions are investigated and explained. ¨ Appropriate supporting documentation exists and proper record retention is maintained. 5. System Application Controls Please refer to Section II, Page 12-13. X. Contracts and Commitments I. Objectives
Adequate controls exist in the following Contracts and Commitments business cycle functions: 1. Negotiation 2. Corporate Commitments 3. Obtainment of intellectual property rights II. Checklist ¨ Effective controls are in place over the negotiation, corporate commitments process and intellectual property rights process. · In compliance with [company] Corporate policies. · Contracts are signed in accordance with signature authority policy. · Appropriate supporting documentation is obtained and properly filed. · All standard agreements comply with [company] Corporate legal guidelines. · All non-standard contracts and commitments are reviewed by the legal and finance. · All commitments are timely and accurately recorded in the accounting systems. · Controls are in place and effective over the tender process. · The contract review process has been communicated to relevant employees.
