There is a joke which sums up some peoples’ attitudes to internal audit; it goes as follows:
“There is a pint glass, it contains half a pint of milk.
The optimistic manager says that the glass is half full.
The pessimistic manager says that the glass is half empty.
The internal auditor says that the milk is sour.”
Well I suppose, having run international internal audit departments in Philips and De Beers, I could be accused of being prejudiced. However, I firmly believe that a well run, independent and pro active internal audit department can add significant value to an organisation and its connected parties (such as shareholders).
I would point out that had the internal audit departments in both Enron and WorldCom operated in a professional and independent manner; then the gross mismanagement and corruption in these two companies would, in my opinion, not have occurred.
So how can an internal audit department add value? I will start with the basic, textbook, definition of the role of internal audit.
Internal audit provides independent objective assurance to the Board as to the adequacy of the business controls, and the effectiveness of the risk management and risk identification process.
In other words, the internal audit department should tell the Board when the company is being poorly managed, where risks are not being identified or mitigated and when the business objectives are not likely to be met.
In addition to this very wide ranging remit, a well run internal audit department adds value in the following ways:
It acts as a training ground for future line managers, by exposing fast track members of the department to a variety of situations, activities and functions within the organisation.
It provides a “one stop shop” for best practice advice.
It provides an independent, objective opinion as to the quality of the business controls.
It stimulates risk awareness throughout the organisation.
It is a source of qualified, experienced talent that can aid management in business improvement programmes.
It provides specialist professional independent opinions on a variety of situations; such as due diligence exercises.
It reports on fraudulent activity within the organisation, with a view to understanding how it happened and how to prevent it occurring again.
It ensures that the company wide initiatives, such as a code of conduct, are being adhered to.
I will expand on the subjects of business controls, risks (click here for risk article) and what constitutes a well run audit department (click here for the latter) in forthcoming articles.
Friday, December 20, 2002
Wednesday, December 18, 2002
Characteristics of a Well Managed Organisation
My experiences whilst working with KPMG, Philips and De Beers have given me a detailed understanding as to what constitutes a well managed organisation. I have put together my personal “top ten” list of the characteristics of a well managed organisation.
1. The organisation has a mission statement which is clearly communicated, and understood, by all members of the organisation. This will form the basis of the bsuiness plan.
2. The organisational structure is clearly defined, understood and appropriate for the activities carried out. Specifically, with regard to human reporting lines, there should be no dual/dotted reporting lines; these clutter up the clarity of the decision making process and cause conflict within the organisation. With regard to the actual organisational structure, this should be as “clean” and transparent as possible; complex off balance sheet arrangements at best confuse, and worst are deliberate attempts to obfuscate reality from interested parties (such as the Internal Revenue Service). In respect of the latter, I draw your attention to Enron.
3. The management of the organisation should clearly delegate responsibility for activities to those most appropriately qualified to perform them.
4. Targets and key performance indicators should be appropriate to the organisation’s mission, and be clearly communicated and understood. They should be stretching, but achievable; above all they should be measurable.
5. Management information must be timely, accurate, relevant and reliable. What gets measured gets done!
6. Management should take appropriate, timely, corrective actions in the event that targets are not being achieved.
7. There must be appropriate segregation of duties to ensure that one person’s ego does not take the organisation down the path to oblivion; specifically the roles of President, CEO and CFO must be separated.
8. There should be an independent supervisory board of appropriately qualified independent non executive directors. In my view, it is not merely enough for these non executives to posses titles and a string of directorships. They must be able to demonstrate that they deserve to hold office, and be proactive and “muscular” in their role; the non executives of, for example, Marconi and Cable and Wireless singularly failed in their roles.
9. There should be an independent, well qualified, proactive internal audit department which reports to an independent audit committee.
10. The organisation should have a code of conduct which is in the public arena and which is seen to be, and used as, a living document. See my article on Codes of Conduct (click here to read it) for more details.
Now, take a look at the organisation that you are dealing with/working for; does it posses all of the above? If not; then you should consider moving on, and dealing with/working for another better run organisation.
1. The organisation has a mission statement which is clearly communicated, and understood, by all members of the organisation. This will form the basis of the bsuiness plan.
2. The organisational structure is clearly defined, understood and appropriate for the activities carried out. Specifically, with regard to human reporting lines, there should be no dual/dotted reporting lines; these clutter up the clarity of the decision making process and cause conflict within the organisation. With regard to the actual organisational structure, this should be as “clean” and transparent as possible; complex off balance sheet arrangements at best confuse, and worst are deliberate attempts to obfuscate reality from interested parties (such as the Internal Revenue Service). In respect of the latter, I draw your attention to Enron.
3. The management of the organisation should clearly delegate responsibility for activities to those most appropriately qualified to perform them.
4. Targets and key performance indicators should be appropriate to the organisation’s mission, and be clearly communicated and understood. They should be stretching, but achievable; above all they should be measurable.
5. Management information must be timely, accurate, relevant and reliable. What gets measured gets done!
6. Management should take appropriate, timely, corrective actions in the event that targets are not being achieved.
7. There must be appropriate segregation of duties to ensure that one person’s ego does not take the organisation down the path to oblivion; specifically the roles of President, CEO and CFO must be separated.
8. There should be an independent supervisory board of appropriately qualified independent non executive directors. In my view, it is not merely enough for these non executives to posses titles and a string of directorships. They must be able to demonstrate that they deserve to hold office, and be proactive and “muscular” in their role; the non executives of, for example, Marconi and Cable and Wireless singularly failed in their roles.
9. There should be an independent, well qualified, proactive internal audit department which reports to an independent audit committee.
10. The organisation should have a code of conduct which is in the public arena and which is seen to be, and used as, a living document. See my article on Codes of Conduct (click here to read it) for more details.
Now, take a look at the organisation that you are dealing with/working for; does it posses all of the above? If not; then you should consider moving on, and dealing with/working for another better run organisation.
Tuesday, December 17, 2002
Ten Types of Fraud
In my roles as Head of Internal Audit and International Forensic Co-ordinator, in both Philips and De Beers, I have had many years of experience investigating frauds. Based on this experience I have put together my personal “top ten” list of common types of fraud. I recommend that you also read Ten Reasons Frauds Occur (click here to read it).
1. Falsification of expense claims – an old favourite with both senior and junior staff. Common “ruses” include; inflating mileage claims, entertaining friends and relatives at the company’s expense and claiming for expenses never incurred by stating that “the receipt must have been mislaid”.
2. Stealing money from the company bank account – the perpetrator having got away with this once, will usually try it again and again; until it is discovered. I personally reviewed a case where the perpetrator had been routinely helping himself to company cash for some twenty years.
3. Manipulating sales figures so as to reach target and achieve bonus – a simple version of this involves booking sales in one month (usually a quarter end) then crediting them back the next. Naturally unless the perpetrator keeps this “teeming and lading” up, the overstatement in one month will be shown as a shortfall in the next. Another, well worn, version of this involves booking orders as sales.
4. Falsifying supplier invoices – this is a little more daring, one case I have on record involved a senior manager who had some substantial renovation work carried out on his house. He then arranged for the invoices from the contractor to be sent to the company, posing as costs for work carried out on company premises.
5. Theft of stock – a time honoured way to make a “fast buck”. The perpetrator will over a period of time abscond with a number of items from the warehouse, and resell these to friends, family and members of the public. So long as the stock losses are within tolerance, then it is possible for this “scam” to remain undetected for a significant period of time.
6. Transactions that are not “arms length” – when a well run company asks for tenders for a service contract with a third party they usually obtain at least three closed quotes. The best value quote should then be selected. When the system does not run effectively, there is an opportunity for friends and relatives of the purchasing department to send in quotes that are accepted; bypassing the quotes from reputable suppliers. “Arms length” also applies to sales transactions where the purchaser bribes the salesman in return for a favourable contract.
7. Tax evasion – fraud on the corporate level. Excessively complex organisational structures are created, designed to obfuscate the revenue streams; and so hide reality from third parties, such as the Internal Revenue Service. Enron, with its complex off balance sheet structure and transactions, is a textbook example of this.
8. Fictitious invoicing – where there are poor accounting controls and insufficient segregation of duties in the F&A department the fraudster, if suitably positioned, can arrange for invoices (for services never delivered) from connected parties to be passed for payment.
9. Acquisition of company property at less than market value – this requires the collusion of at least two people (usually quite senior). Company property, such as fixed assets, offered for sale is “sold” to one of the individuals at a bargain price approved by the other. The property is then resold at market value, and the profit split.
10. Theft of raw materials – manufacturers should measure the quantities and costs of the raw materials used in the manufacturing process. Some processes use expensive materials, such as gold. When the measurement system has been compromised, or management do not investigate adverse yield variances, the fraudster has the opportunity to steal the raw material and sell it to third parties.
As I have noted this is my personal top ten, believe me there are many other types of frauds that have been, and are being, perpetrated.
1. Falsification of expense claims – an old favourite with both senior and junior staff. Common “ruses” include; inflating mileage claims, entertaining friends and relatives at the company’s expense and claiming for expenses never incurred by stating that “the receipt must have been mislaid”.
2. Stealing money from the company bank account – the perpetrator having got away with this once, will usually try it again and again; until it is discovered. I personally reviewed a case where the perpetrator had been routinely helping himself to company cash for some twenty years.
3. Manipulating sales figures so as to reach target and achieve bonus – a simple version of this involves booking sales in one month (usually a quarter end) then crediting them back the next. Naturally unless the perpetrator keeps this “teeming and lading” up, the overstatement in one month will be shown as a shortfall in the next. Another, well worn, version of this involves booking orders as sales.
4. Falsifying supplier invoices – this is a little more daring, one case I have on record involved a senior manager who had some substantial renovation work carried out on his house. He then arranged for the invoices from the contractor to be sent to the company, posing as costs for work carried out on company premises.
5. Theft of stock – a time honoured way to make a “fast buck”. The perpetrator will over a period of time abscond with a number of items from the warehouse, and resell these to friends, family and members of the public. So long as the stock losses are within tolerance, then it is possible for this “scam” to remain undetected for a significant period of time.
6. Transactions that are not “arms length” – when a well run company asks for tenders for a service contract with a third party they usually obtain at least three closed quotes. The best value quote should then be selected. When the system does not run effectively, there is an opportunity for friends and relatives of the purchasing department to send in quotes that are accepted; bypassing the quotes from reputable suppliers. “Arms length” also applies to sales transactions where the purchaser bribes the salesman in return for a favourable contract.
7. Tax evasion – fraud on the corporate level. Excessively complex organisational structures are created, designed to obfuscate the revenue streams; and so hide reality from third parties, such as the Internal Revenue Service. Enron, with its complex off balance sheet structure and transactions, is a textbook example of this.
8. Fictitious invoicing – where there are poor accounting controls and insufficient segregation of duties in the F&A department the fraudster, if suitably positioned, can arrange for invoices (for services never delivered) from connected parties to be passed for payment.
9. Acquisition of company property at less than market value – this requires the collusion of at least two people (usually quite senior). Company property, such as fixed assets, offered for sale is “sold” to one of the individuals at a bargain price approved by the other. The property is then resold at market value, and the profit split.
10. Theft of raw materials – manufacturers should measure the quantities and costs of the raw materials used in the manufacturing process. Some processes use expensive materials, such as gold. When the measurement system has been compromised, or management do not investigate adverse yield variances, the fraudster has the opportunity to steal the raw material and sell it to third parties.
As I have noted this is my personal top ten, believe me there are many other types of frauds that have been, and are being, perpetrated.
Monday, December 16, 2002
Ten Reasons Frauds Occur
In my roles as Head of Internal Audit and International Forensic Co-ordinator, in both Philips and De Beers, I have had many years of experience investigating frauds. Based on this experience I have put together my personal “top ten” list of reasons why frauds occur.
1. Greed - good old fashioned human nature intervenes when an individual, or group of individuals, sees a chance to make “a fast buck”. A good example being those cases where people “adjust” their expense claims upwards.
2. Lack of transparency - complex financial transactions that are difficult to understand are an ideal method to hide a fraud. The Barings fraud was perpetrated by use of an accounting “dump account” that no one understood.
3. Poor management information – where a company’s management information system does not produce results that are timely, accurate, sufficiently detailed and relevant; the warning signals of a fraud, such as ongoing theft from the bank account, can be obscured.
4. Excessively generous performance bonus payments – the more generous the bonus, when coupled to a demanding target; the more temptation there is to manipulate results, such as year end sales figures, to reach that target.
5. Non independent internal audit department – where an organisation’s internal audit department is not independent, eg the where it does not report to a truly independent audit committee but to the Finance Director, the more likely that when there are signals that a fraud is occurring the more likely they will be ignored. It is indeed interesting to note that Cynthia Cooper (Head of Internal Audit at WorldCom) had to bypass her boss (the CFO) and go directly to the audit committee to report the discovery of the capital expenditure fraud.
6. Lack of clear moral direction from senior management – leadership comes from the top. Where the senior management indulge themselves in “semi corrupt” behaviour, eg adjusting their expense claims upwards, others will follow adopting the well worn mantra “everyone’s at it”.
7. Excessively complex organisational structure - designed to obfuscate the revenue streams; and so hide reality from third parties, such as the Internal Revenue Service. Enron, with its complex off balance sheet structure and transactions, is a textbook example of this.
8. Poor accounting controls– where the accounting controls, such as a monthly reconciliation of the bank account, are lapse the signals that a fraud has occurred will be missed.
9. Arrogance – some people believe that they are better than “the system”, and that they can get away anything. The late Robert Maxwell (of the Mirror Group) plundered his company pension scheme, arrogantly assuming that since he was chairman of the company he could get away with it; he almost did!
10. Complacency – I have met many a manager who has an almost childlike faith, based in part on the “old boy” network, in the probity of their colleagues; believing that fraud “is not the sort of thing that could happen here”. Others will, and do, take advantage of that trust.
My simple advice is, if you think that a fraud may be happening then fear the worst; because it probably is.
1. Greed - good old fashioned human nature intervenes when an individual, or group of individuals, sees a chance to make “a fast buck”. A good example being those cases where people “adjust” their expense claims upwards.
2. Lack of transparency - complex financial transactions that are difficult to understand are an ideal method to hide a fraud. The Barings fraud was perpetrated by use of an accounting “dump account” that no one understood.
3. Poor management information – where a company’s management information system does not produce results that are timely, accurate, sufficiently detailed and relevant; the warning signals of a fraud, such as ongoing theft from the bank account, can be obscured.
4. Excessively generous performance bonus payments – the more generous the bonus, when coupled to a demanding target; the more temptation there is to manipulate results, such as year end sales figures, to reach that target.
5. Non independent internal audit department – where an organisation’s internal audit department is not independent, eg the where it does not report to a truly independent audit committee but to the Finance Director, the more likely that when there are signals that a fraud is occurring the more likely they will be ignored. It is indeed interesting to note that Cynthia Cooper (Head of Internal Audit at WorldCom) had to bypass her boss (the CFO) and go directly to the audit committee to report the discovery of the capital expenditure fraud.
6. Lack of clear moral direction from senior management – leadership comes from the top. Where the senior management indulge themselves in “semi corrupt” behaviour, eg adjusting their expense claims upwards, others will follow adopting the well worn mantra “everyone’s at it”.
7. Excessively complex organisational structure - designed to obfuscate the revenue streams; and so hide reality from third parties, such as the Internal Revenue Service. Enron, with its complex off balance sheet structure and transactions, is a textbook example of this.
8. Poor accounting controls– where the accounting controls, such as a monthly reconciliation of the bank account, are lapse the signals that a fraud has occurred will be missed.
9. Arrogance – some people believe that they are better than “the system”, and that they can get away anything. The late Robert Maxwell (of the Mirror Group) plundered his company pension scheme, arrogantly assuming that since he was chairman of the company he could get away with it; he almost did!
10. Complacency – I have met many a manager who has an almost childlike faith, based in part on the “old boy” network, in the probity of their colleagues; believing that fraud “is not the sort of thing that could happen here”. Others will, and do, take advantage of that trust.
My simple advice is, if you think that a fraud may be happening then fear the worst; because it probably is.
Sunday, December 15, 2002
An Open Letter to the Non Executive Directors of Cable and Wireless
Lady and Gentlemen,
You will, I believe, soon be searching for alternative employment; as it is my belief that you will shortly be dismissed for having stood by as £22bn of your company’s cash was wasted on worthless investments.
May I suggest that, before placing your names forward for other prestigious positions, you do yourselves and others a favour; by reading, learning and inwardly digesting my article In Place of Strife (click here to read it).
There is one saving grace in this sorry saga, by presiding over the destruction in value of C&W from £36bn to £1bn you have provided a textbook example of how Non Executive Directors should not “direct”.
I trust and assume that Derek Higgs will take this into account when he presents his review on corporate governance.
Kind regards,
Ken Frost
Lady and Gentlemen,
You will, I believe, soon be searching for alternative employment; as it is my belief that you will shortly be dismissed for having stood by as £22bn of your company’s cash was wasted on worthless investments.
May I suggest that, before placing your names forward for other prestigious positions, you do yourselves and others a favour; by reading, learning and inwardly digesting my article In Place of Strife (click here to read it).
There is one saving grace in this sorry saga, by presiding over the destruction in value of C&W from £36bn to £1bn you have provided a textbook example of how Non Executive Directors should not “direct”.
I trust and assume that Derek Higgs will take this into account when he presents his review on corporate governance.
Kind regards,
Ken Frost
Wednesday, December 04, 2002
An Idiot's Guide To Assessing Organisational Performance
The lamentable failures with the world of commerce over the past few years, eg Enron, Marconi and WorldCom, lead me to conclude that effective corporate governance is merely a phrase to be trotted out to the media; rather than, as it should be, a way of life in some organisations. Additionally, the fundamentals of what constitutes good corporate governance and effective management appear to have been overlooked by individuals (such as investors and analysts) and organisations (such auditors); when they are reviewing an organisation’s performance.
Therefore, based on many years of practical experience around the world, in the spirit of sharing best practice (teaching my grandmother to suck eggs maybe?); I have put together a basic checklist of questions that one should ask, and receive a satisfactory response to, when making a judgement as to the effectiveness of an organisation’s management. This is not designed to be a fully comprehensive, “covers all situations”, questionnaire.
However, the list should cover the key areas relevant to most organisations; be they companies, charities, political/military/scientific/educational bodies. The checklist should be tailored to fit the specific circumstances; naturally, depending on the answers received, more probing questions can/should be asked.
In my opinion, this checklist would be of benefit to a variety of individuals and organisations including, but not limited to:
Individual investors
Analysts
Internal/external audit
Non Governmental Organisations
Politicians
Audit Committees
Employees
In fact any stakeholder or interested party.
I have divided it into a number of sections, for ease of use.
Finger on the Pulse
1 What are the objectives of the organisation?
2 Are these objectives translated into realistic, achievable plans with timeframes and measurable milestones?
3 Are the objectives and plans communicated and understood by all?
4 What are the risks and opportunities that will affect the business objectives?
5 What is Management doing to address both the risks and opportunities?
6 Are there/have there been any major EDP changes planned? If so what are they, and what is the expected cost, benefit, timeframe for installation and payback period?
7 Have there been any frauds?
8 Details of any litigation being taken out either by or against the organisation?
9 Obtain the latest organisation chart, both senior personnel and organisational. Are there clear reporting lines?
10 Have there been any major investments/disinvestments previously or planned?
11 Ensure that there is an audit committee, and that it is independent of the Board.
12 Does the internal audit function report to the audit committee? If not, why not?
13 Review third party and (where applicable) internal audit reports.
Management Information
1 Review the latest results and compare to budget. Ensure that management receive regular (at least monthly) summaries of results (what gets measured gets done!).
2 Are the relevant key performance indicators on target eg RONA, Debtor days (DSO), cash flow?
4 Can management explain clearly, any material deviance from budget?
5 Are there adequate corrective actions in place to arrest negative deviations from budget?
6 Discuss the results with the appropriate Manager.
Have regard to, for example :
- Products with low sales against budget.
- Negative margins
Ensure that explanations for any of the above are adequate and that there are suitable corrective action plans in place to address these issues. Where the explanation seems confusing, be on your guard; either the manager doesn’t understand it or it is deliberate obfuscation.
7 Are there any areas where costs are significantly above budget? Why?
8 What are the corrective action plans to address these?
9 Review the debtor and creditor days figures. If these are high, what is Management doing to improve the situation?
10 Review the levels of stocks and enquire into reasons for levels that are higher than budget.
11 Obtain the latest forecast for the year and enquire into any significant variances between that and the budget. Also review the adequacy of the corrective actions.
Risk Management
1 Have management performed a risk assessment? If not why not?
2 Did the risk assessment highlight control gaps? If so, is there a corrective action plan?
3 Where there is a log of corrective actions :
- Do the corrective actions have a deadline and person responsible for completing the action?
- Are the deadlines being met? If not why not?
5 Is there a team responsible for monitoring progress of the action plan? If not why not? Is the process alive?
Financial Controls
1 Review the balance sheet for unusual dump accounts and other unusual items.
2 Select a sample of accounts eg accruals, provisions etc and ensure that they are adequately supported by documentary evidence/working papers.
3 Ensure that main sub ledgers are reconciled to the General Ledger.
4 Check a sample of debtors to ensure that credit limits are not exceeded.
5 Review adequacy/necessity for any provisions held.
6 Is there adequate data relating to currency exposure? How does the unit manage its exposure?
7 Are the main accounting functions/duties adequately segregated?
8 Does the CFO regularly monitor/review the controls and General Ledger? Is this evidenced, eg by use of a checklist?
9 Does the General Ledger agree to the monthly information submitted to the head office for consolidation?
11 Ensure that there are written procedures with regard to expense claims. Select a sample of expense claims and ensure that they follow the rules, are properly authorised and supported by documentary evidence, eg invoices. Ensure that there is no self authorisation of either expense claims or travel requisitions.
Code of Conduct
1 Does the organisation have a code of conduct? If so, has it been distributed to all members of staff?
2 Do all new employment contracts contain a reference to compliance?
3 Have there been any occasions of non compliance? Details please.
4 Have the non compliance occasions been reported to a Compliance Officer? What action has been taken?
Therefore, based on many years of practical experience around the world, in the spirit of sharing best practice (teaching my grandmother to suck eggs maybe?); I have put together a basic checklist of questions that one should ask, and receive a satisfactory response to, when making a judgement as to the effectiveness of an organisation’s management. This is not designed to be a fully comprehensive, “covers all situations”, questionnaire.
However, the list should cover the key areas relevant to most organisations; be they companies, charities, political/military/scientific/educational bodies. The checklist should be tailored to fit the specific circumstances; naturally, depending on the answers received, more probing questions can/should be asked.
In my opinion, this checklist would be of benefit to a variety of individuals and organisations including, but not limited to:
Individual investors
Analysts
Internal/external audit
Non Governmental Organisations
Politicians
Audit Committees
Employees
In fact any stakeholder or interested party.
I have divided it into a number of sections, for ease of use.
Finger on the Pulse
1 What are the objectives of the organisation?
2 Are these objectives translated into realistic, achievable plans with timeframes and measurable milestones?
3 Are the objectives and plans communicated and understood by all?
4 What are the risks and opportunities that will affect the business objectives?
5 What is Management doing to address both the risks and opportunities?
6 Are there/have there been any major EDP changes planned? If so what are they, and what is the expected cost, benefit, timeframe for installation and payback period?
7 Have there been any frauds?
8 Details of any litigation being taken out either by or against the organisation?
9 Obtain the latest organisation chart, both senior personnel and organisational. Are there clear reporting lines?
10 Have there been any major investments/disinvestments previously or planned?
11 Ensure that there is an audit committee, and that it is independent of the Board.
12 Does the internal audit function report to the audit committee? If not, why not?
13 Review third party and (where applicable) internal audit reports.
Management Information
1 Review the latest results and compare to budget. Ensure that management receive regular (at least monthly) summaries of results (what gets measured gets done!).
2 Are the relevant key performance indicators on target eg RONA, Debtor days (DSO), cash flow?
4 Can management explain clearly, any material deviance from budget?
5 Are there adequate corrective actions in place to arrest negative deviations from budget?
6 Discuss the results with the appropriate Manager.
Have regard to, for example :
- Products with low sales against budget.
- Negative margins
Ensure that explanations for any of the above are adequate and that there are suitable corrective action plans in place to address these issues. Where the explanation seems confusing, be on your guard; either the manager doesn’t understand it or it is deliberate obfuscation.
7 Are there any areas where costs are significantly above budget? Why?
8 What are the corrective action plans to address these?
9 Review the debtor and creditor days figures. If these are high, what is Management doing to improve the situation?
10 Review the levels of stocks and enquire into reasons for levels that are higher than budget.
11 Obtain the latest forecast for the year and enquire into any significant variances between that and the budget. Also review the adequacy of the corrective actions.
Risk Management
1 Have management performed a risk assessment? If not why not?
2 Did the risk assessment highlight control gaps? If so, is there a corrective action plan?
3 Where there is a log of corrective actions :
- Do the corrective actions have a deadline and person responsible for completing the action?
- Are the deadlines being met? If not why not?
5 Is there a team responsible for monitoring progress of the action plan? If not why not? Is the process alive?
Financial Controls
1 Review the balance sheet for unusual dump accounts and other unusual items.
2 Select a sample of accounts eg accruals, provisions etc and ensure that they are adequately supported by documentary evidence/working papers.
3 Ensure that main sub ledgers are reconciled to the General Ledger.
4 Check a sample of debtors to ensure that credit limits are not exceeded.
5 Review adequacy/necessity for any provisions held.
6 Is there adequate data relating to currency exposure? How does the unit manage its exposure?
7 Are the main accounting functions/duties adequately segregated?
8 Does the CFO regularly monitor/review the controls and General Ledger? Is this evidenced, eg by use of a checklist?
9 Does the General Ledger agree to the monthly information submitted to the head office for consolidation?
11 Ensure that there are written procedures with regard to expense claims. Select a sample of expense claims and ensure that they follow the rules, are properly authorised and supported by documentary evidence, eg invoices. Ensure that there is no self authorisation of either expense claims or travel requisitions.
Code of Conduct
1 Does the organisation have a code of conduct? If so, has it been distributed to all members of staff?
2 Do all new employment contracts contain a reference to compliance?
3 Have there been any occasions of non compliance? Details please.
4 Have the non compliance occasions been reported to a Compliance Officer? What action has been taken?
Subscribe to:
Posts (Atom)