Professional Documents
Culture Documents
Medium Risk
High Risk
High Risk
Low Risk
Low Risk
High Risk
High Risk
Medium Risk
High Risk
Low Risk
High Risk
Medium Risk
High Risk
Medium Risk
Low Risk
Low Risk
CONTROLS
• Creation of defined procedures on authorization of vendors
• Through screening of vendors in relation to ability to deliver and relationship with existing clients
• Crafting of contracts with vendors defining the business requirements
• Creation of defined procedures for authorization of or changes in vendors
• Review of existing vendors
• Through screening or examination of vendors and their permits and other documents
• Regular review of vendor list and reassess vendors capabilities
• Ongoing monitoring of master vendor list
No required additonal controls
No required additonal controls
• The top management should monitor the purchasing department personally instead of depending solely
on the reports being made by the purchasing department.
• The top management should separate the duties into purchasing, receiving, and invoice instead of
having one department who purchases, receives, and reports to the top management.
• Reconciliation of reports, assign someone to double-check the reports if the money that was allotted
matches the money that was actually spent.
• Preventive
• Preventive
• Detective
• Preventive
• Preventive
• Corrective/Directive
• Preventive
• Directive
• Preventive
• Preventive
• Preventive
• Preventive
• Preventive and Detective
• Preventive
• Directive
• Preventive
• Preventive
• Preventive
• Preventive/Detective
N/A
• Preventive
• Directive
• Detective
• Preventive
• Preventive
• Preventive/Directive
• Preventive/Detective
• Detective
• Detective
• Preventive
• Corrective
• Preventive
• Directive
• Preventive
•• Preventive
Preventive Control
• Corrective
• Directive
• Preventive/Detective
• Preventive
• Detective
N/A
N/A