Professional Documents
Culture Documents
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
1
Exhibit 3 focuses on the administration activity, depicting its sub-activities. These are:
Manage Finance (this activity is broken down further into Control, Treasury, Tax and
Audit; the Control unit is depicted in further detail in Exhibit 4)
Manage the Enterprise
Manage External Relations
Provide Administrative Services
Manage Information Technology
Manage Risks (of accident or other insurable loss)
Manage Legal Affairs
Plan
Exhibit 4 depicts the various administration controllership sub-activities:
Process Accounts Payable
Process Accounts Receivable
Process Funds
Process Fixed Assets
Analyze and Reconcile
Process Benefits and Retiree Information
Process Payroll
Process Tax Compliance
Process Product Costs
Provide Financial and Management Reporting
The generic business model serves two purposes. As noted, it provides a structure for the
Reference Manual. The activities, transactions and information flows depicted in the
model form the basis for the manual.
The generic business model can also be used as a starting point for an evaluator to
understand an entity’s activities and their relationships to one another and to outside
parties, and the information that is generated and used to help control those activities.
When used in this way, the generic business model should be tailored to fit the entity
being evaluated. It should be modified or augmented with additional information
particular to the entity, such as systems flowcharts, to better understand the entity’s
activities and information flows. This understanding can, in turn, facilitate an analysis of
the risks associated with each activity, and can help to identify points in the system where
control should be effected. Those risks, and the entity’s related control activities, can be
used to help management complete the “Risk Assessment and Control Activities
Worksheet.”
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
2
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
3
Exhibit 1 – Generic Business Model – Context Level
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
4
Exhibit 2 – Generic Business Model – Activity Level
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
5
Exhibit 3 – Generic Business Model – Administration Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
6
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
7
Reference Manual
Activity: INBOUND
Summarize material
requirements and submit
them to receiving
periodically
Maintain material
routing procedures for
received items
Provide inbound
activities with
nonroutine material
routing instructions
Monitor production
problems related to
unavailable materials
and parts (performance
indicator)
Consider implementing
Just-in-Time or a similar
inventory and
production management
philosophy
Information on materials Maintain procedures for
received is not entered promptly updating
into the information inventory records
system accurately or on
a timely basis Match dates on
receiving information
and inventory
informationand follow
up as appropriate
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
8
Periodically verify that
prenumbered receiving
documents have been
entered in the
information system
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
9
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
2. Ensure purchase O Purchase orders are lost Purchase orders are
orders not filled on a or not forwarded to prenumbered and
timely basis are inbound activities missing documents are
investigated investigated
Due date information is Maintain open purchase
not available order information in a
manner that facilitates
identification of
purchase orders
remaining unfilled past
the due date
3. Completely and O,F Lost receiving reports or Prenumber documents
accurately document lost shipping records and investigate missing
goods received and documents
goods returned
Receive
4. Accept only items O Purchase order Compare materials
that were properly information is not made received, including
ordered available to inbound verification of quantities
activities received, to properly
approved purchase
orders. Do not accept
materials not properly
ordered
Monitor instances of
invoices presented for
payment when materials
were accepted without a
valid purchase order
(performance indicator)
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
10
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Verify specifications
with purchasing or other
appropriate personnel
Monitor production
problems related to
substandard materials
(performance indicator)
Monitor production
problems related to
substandard materials
and parts (performance
indicator)
Periodically count
materials on hand and
reconcile with perpetual
records; investigate any
differences
(performance indicator)
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
11
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Periodically count
inventory and reconcile
with perpetual inventory
records; investigate
differences
(performanceindicator)
Periodically ensure
information is being
entered into the
information system on a
timely basis
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
12
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Periodically count
materials and reconcile
with perpetual records.
Investigate differences
performance indicator)
12. Properly transfer all O,F,C Requisitions may be lost Prenumber requisitions
materials requisitioned and investigate missing
documents
Follow up on reported
safety concerns
Maintain appropriate
procedures for handling
and storing hazardous
materials
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
13
Activity: OPERATIONS
Determine production
priorities based on
established criteria or
management judgment
Evaluate adequacy of
production capacity
Compare material
requirement forecasts
with production
schedule and product
bills of materials;
consider effect of lead
times
required to obtain
materials
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
14
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Consider the
costs/benefits of
establishing a Just-in-
Time system, or similar
production and
inventory management
philosophy
Monitor instances of
insufficient or excessive
raw materials inventory
(performance indicator)
Periodically evaluate
production equipment in
light of repairs and
maintenance cost,
capacity, breakdowns,
obsolescence and other
factors. Consider the
costs/benefits of
acquiring new
equipment
Monitor instances of
production downtime
due to equipment failure
(performance indicator)
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
15
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Consider methods to
simplify production,
such as implementation
of Just-in-Time
principles
Monitor safety
violations (performance
indicator)
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
16
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Assure Quality
5. Product is produced O Production processes do Integrate quality
in accordance with not include procedures assurance procedures
quality control standards designed to ensure into production
quality production processes
Standardize production
processes to the extent
practicable
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
17
Activity: OUTBOUND
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
18
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Create appropriate
maintenance procedures
and schedules for the
nature of the storage
facility
Periodic training
regarding legal and
regulatory requirements
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
19
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Monitor accidents or
problems due to
inappropriate handling
or storage policies or
procedures
(performance indicator)
Periodically count
product in storage and
reconcile to perpetual
records. Investigate
differences between
physical count and
accounting records
Ship Product
9. Obtain proper O Improper products or Compare products and
products and quantities improper quantities are quantities retrieved from
from storage retrieved from storage storage with the
customer order and/or
product requisition
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
20
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
21
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Independent verification
of shipping document
information before
shipment
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
22
Activity: MARKETING AND SALES
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Manage Marketing
Activities
1. Design marketing O,C Inadequate information Retain marketing
strategies giving regarding factors that personnel experienced
consideration to may influence the in the entity’s industry
competitive, regulatory, entity’s marketing
business environment or strategy Promote active
other factors that may membership in industry,
influence the entity’s trade or professional
marketing activities, and associations
potential changes in
those factors Monitor legal and
regulatory initiatives
that may affect the
entity
Conduct market
research, and monitor
and analyze economic,
customer and industry
trends
Evaluate the
effectiveness of
advertising and
promotion (performance
indicator)
Communication of
product capabilities,
enhancements or new
products from
technology development
personnel
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
23
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
distributors to ensure
timely delivery
Monitor distributors’
performance in the
context of the entity’s
overall marketing
strategy
Conduct market
research
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
24
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Manage Sales
Activities
5. Implement marketing O Sales personnel are Communicate marketing
strategies effectively unaware of marketing strategies to sales
strategies personnel
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
25
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
7. Forward all sales O Sales orders are lost Prenumber sales orders
orders to outbound and investigate missing
activities and service in documents
a timely manner
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
26
Activity: SERVICE
Customer service
representatives present
favorable image to
customers and are
knowledgeable about
products
Monitor customer
complaints regarding
product installation
(performance indicator)
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
27
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Prenumber installation
authorization documents
and investigates missing
documents
Provide Warranty
Service
4. Warranty policies are O Inaccurate market Make certain that
consistent with information market information
marketing and financial developed by marketing
strategies is considered when
establishing warranties
Provide Post-
Warranty Service
6. Customer service O Unavailable or Update pricing
representatives use up- inaccurate information information on order
to-date pricing and other processing systems on a
product information daily basis
Provide customer
representatives access to
order processing
systems
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
28
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
29
Activity: PROCUREMENT
Periodically update
vendor information
based on vendor
performance in meeting
terms and specifications
of contracts or
purchase orders (e.g.,
timely delivery of
acceptable items,
correction of errors or
problems, and service)
Appropriate review of
purchase orders
Monitor production
problems related to out-
of-stock materials and
to material
specifications
(performance indicator)
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
30
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Develop data on
alternative vendors and
periodically reevaluate
vendor selection
decisions
Consider ways to
simplify vendor
investigation procedures
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
31
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Communicate
production
specifications to
procurement personnel
Consider volume
purchases by
determining total usage
of similar materials;
combine orders to obtain
volume discount
Appropriate review of
purchase orders
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
32
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Appropriate review of
purchase orders
Use forecasts
Consider implementing
Just-in-Time or a similar
inventory and
production management
philosophy
Match receiving
information with
purchase order
information and
promptly follow through
on outstanding orders
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
33
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Monitor vendor
performance in terms of
timely delivery; follow
up in cases of poorly
performing vendors
Approve purchase
orders
Notify vendors of
company personnel
authorized to approve
purchase orders
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
34
Activity: TECHNOLOGY DEVELOPMENT
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Periodically summarize
technological
developments and
distribute to appropriate
personnel
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
35
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
36
Activity: HUMAN RESOURCES
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Manage Human
Resource Programs
1. Comply with C Management or Require supervisory and
applicable laws, supervisory personnel management personnel
regulations and are unaware of legal and to attend training
company policies regulatory requirements on labor laws and
and company policies regulations and
company personnel
policies
Management or Periodic review of
supervisory personnel policies and procedures
ignore legal and by legal counsel for
regulatory compliance with
requirements or applicable legal and
company policies regulatory requirements
Encourage personnel to
report suspected
violations of laws,
regulations or company
policies
Take appropriate
disciplinary actions for
violations of legal or
regulatory requirements
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
37
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Access to human
resource records is
restricted to authorized
personnel
Monitor personnel
accessing human
resource records
Restrict access to
confidential information
to those persons who
need such information to
discharge their
responsibilities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
38
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Compare compensation
and benefits with those
offered by other
companies within the
industry and within the
local geographical area
Institute compensation
programs that reflect
past performance and
capacity for future
development
Plan and Acquire
Personnel
5. Acquire sufficient O Over- or under qualified Maintain appropriate
number of appropriately candidates may be hired candidate identification,
qualified personnel screening and
hiring practices
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
39
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Identify viable
alternative sources of
labor in the event of a
labor dispute
Monitor performance or
other problems that may
indicate training
deficiencies
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
40
Activity: MANAGE THE ENTERPRISE
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Communicate
information regarding
competitors, products,
customers, and legal and
regulatory changes to all
relevant activities
Establish
communication, down,
up and across the
organization, to
allow prompt
identification and
resolution of problems
that impede
achievement of strategic
objectives
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
41
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Conduct to clearly
communicate the
message that violations
will
not be tolerated
Employees found
violating laws are
subject to appropriate
disciplinary action and
are reported to the
authorities for
prosecution
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
42
Activity: MANAGE EXTERNAL RELATIONS
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Monitor and
communicate regulatory
and other government
information
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
43
Activity: PROVIDE ADMINISTRATIVE SERVICES
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
44
Activity: MANAGE INFORMATION TECHNOLOGY
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Use an IT steering
committee
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
45
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Require written
approval, including user
involvement where
appropriate, for
departures from
authorized set-up and
execution procedures
Establish adequate
procedures for
identifying, reporting
and approving operator
actions, such as:
• Initial loading
of system and
application
software
• System failures
• Restart and
recovery
• Emergency
situation
• Any other
unusual
situations
Establish a security
Data files are subjected
policy stating senior
to unauthorized access
management’s
commitment on
information security;
demonstrate such
commitment through
appropriate actions
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
46
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Establish standards,
procedures and
guidelines that translate
the security policy into
rules and compliance
criteria; these standards
and procedures normally
address such matters as:
• The
information
classification
scheme for
information
stored on
• computers and
outside of data
processing,
including
security
• categories (e.g.,
research,
accounting,
marketing) and
security
• levels (e.g., top
secret,
confidential,
internal use
only,
unclassified)
• The data in
each
information
class and the
individuals or
• functions
authorized to
use the data
and the control
and protection
requirements
• The types of
classes of
sensitive assets
and for each:
• Potential
threats
• Protection
requirements
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
47
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
• The
responsibilities
of
management,
security
administration
resource (data,
programs or assets)
owners, computer
operations,
system users
and internal auditors,
with respect to:
• Ownership of
resources
• Procedures for
granting access
• Procedures for
establishing
users’ and
access
privileges
• Required
authorizations
• Security
monitoring
• The
consequences
of
noncompliance
with policy,
standards and
• procedures
• The security
implementation
plan, if
applicable
Consider the
Programs are subjected
development of an
to unauthorized
information security risk
modification
assessment
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
48
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
libraries
Maintain proper
physical security over
computer hardware and
software and
information stored
outside of data
processing
Establish alternative
processing arrangements
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
49
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
50
Activity: MANAGE RISKS (of accident or other insurable loss)
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Monitor workers’
compensation or related
insurance claims and
compare with industry
averages (performance
indicator)
Identify causes of
accidents and implement
appropriate, cost-
effective safeguards
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
51
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Evaluate insurance
coverages and consider
opportunities to limit
costs through self-
insurance, captive or
off-shore insurance
companies, or other
techniques
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
52
Activity: MANAGE LEGAL AFFAIRS
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Legal counsel
periodically
communicates with
management about
legal and regulatory
requirements
Review of subsidiary,
division or unit annual
business plans by
legal counsel
Encourage regular
communication between
legal counsel and the
internal and independent
auditors, and with the
board of directors and
its various committees
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
53
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
2. Ensure contracts and O Legal counsel does not Review and approval of
agreements are clear, review contracts or all significant contracts
fair to the entity and agreements and agreements by legal
legally enforceable counsel
Limit personnel
authorized to execute
contracts or agreements
to responsible officials
at an appropriate
management level
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
54
Activity: PLAN
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Communicate entity-
wide objectives to
appropriate personnel
involved in the planning
process
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
55
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
4. Develop plans that are O Incorrect information Review and test the
realistic and assumptions validity of assumptions
Appropriate staff is
involved in developing
plans
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
56
Activity: PROCESS ACCOUNTS PAYABLE
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Follow up on unmatched
open purchase orders,
receiving reports
and invoices and resolve
missing, duplicate or
unmatched items,
by individuals
independent of
purchasing and
receiving functions
Maintain accounts
payable ledger by
discount date
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
57
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Follow up on unmatched
shipping orders for
returned goods and
related receiving reports
and invoices and resolve
missing,
duplicate or unmatched
items, by individuals
independent of
accounts payable
function
Review vendor
correspondence
authorizing returns and
allowances
Restrict access to
mechanical check
signers and signature
plates
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
58
Activity: PROCESS ACCOUNTS RECEIVABLE
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Verify shipping or
contract terms before
invoice processing
Reconcile goods
shipped to goods billed
Mail customer
statements periodically
and investigate and
resolve
disputes or inquiries, by
individuals independent
of the
invoicing function
Monitor number of
customer complaints
regarding improper
invoices
or statements
(performance indicator)
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
59
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Resolve differences
between the accounts
receivable subsidiary
ledger and the accounts
receivable control
account
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
60
Activity: PROCESS FUNDS
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Information systems
identify all cash
requirements and dates
cash is needed (such
requirements include
accounts payable, loan
payments, payrolls,
dividends or other cash
requirements)
Compare information
used to prepare cash
forecasts with
supporting records or
underlying documents to
verify information is
internally consistent
Identify professional
advisors who can assist
in locating
alternative sources of
financing and consult
those advisors as
appropriate
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
61
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Use professional
investment advisors
Monitor accounts
receivable for overdue
balances; implement
collection procedures on
a timely basis
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
62
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Contact payor to
determine reasons for
payment, or payment
different than amounts
invoiced
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
63
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
64
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Modify information
systems as necessary to
provide payment
information
Reconcile bank
statements to cash
accounts and investigate
long-outstanding checks
by individuals
independent of accounts
payable and cash
disbursement functions
11. Safeguard cash and O,F Inadequate physical Segregate custodial and
the related accounting security over cash and record-keeping
records documents that can be functions
used to transfer cash
Reconcile bank accounts
by individuals without
responsibility for
cash receipts,
disbursements or
custody
Restrictively endorse
checks on receipt
Restrict access to
accounts receivable files
and files used in
processing cash receipts
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
65
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Mail checks by
individuals independent
of recording accounts
payable
Authorized check
signers are independent
of cash receipts
functions
Physically protect
mechanical check
signers and signature
plates
Restrict access to
accounts payable files
and files used in
processing cash
disbursements
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
66
Activity: PROCESS FIXED ASSETS
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Establish clear
definitions for asset
categories
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
67
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Review depreciation
detail for accuracy and
compliance with
policies and procedures
Affix an identification
plate and number to
office furniture and
fixtures, equipment and
other portable fixed
assets
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
68
Activity: ANALYZE AND RECONCILE
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Design information
systems to communicate
necessary information
to appropriate people on
a timely basis
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
69
Activity: PROCESS BENEFITS AND RETIREE INFORMATION
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Limit access to
employee database
Approval by an
authorized official of all
additions to
participant data base
Amend plan as
necessary to clarify
benefit computations
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
70
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Review benefit
calculations
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
71
Activity: PROCESS PAYROLL
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
2. Calculate and record O,F Pay rates or deductions Review and approve
payroll (including are not properly initial pay and any
payroll deductions) authorized or are subsequent additions or
accurately and inaccurate changes
completely for all
services actually Periodically verify
performed and payroll data base
approved, and only for information
such services
Review and approve
initial deductions/benefit
elections
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
72
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Security procedures
relating to additions and
deletions of employees
to or from the data base
Prohibit payment of
wages in cash, except in
prescribed
circumstances
Maintain back-up
records of employees’
time in case source
documents are lost
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
73
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
74
Activity: PROCESS TAX COMPLIANCE
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
75
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
76
Activity: PROCESS PRODUCT COSTS
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Establish systems to
routinely identify stage
of completion;
periodically verify
system is functioning
properly
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
77
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Reconcile records of
labor and overhead
charges to payrolls and
overhead cost incurred;
investigate differences
Maintain perpetual
inventory records
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
78
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Verify variance
accuracy by
recomputation or other
appropriate
methods
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
79
Activity: PROVIDE FINANCIAL AND MANAGEMENT REPORTING
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Communicate
management report due
dates and priorities to
report preparers and
users
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
80
Objectives O,F,C Risks Points of Focus for
Actions Control
Activities
Retain competent
personnel who are
knowledgeable of, and
have experience with,
applicable laws,
regulations or rules
affecting the entity’s
external financial
reporting
Review of significant
contractual agreements
by management or
supervisory personnel
responsible for
preparation of external
financial reports
Copyright © 1992, 1994 by the Committee of Sponsoring Organizations of the Treadway Commission
81