KPMG IFC Presentation

Entertainment
Network India Limited
Presentation on Internal Financial Control (IFC)
March 2016
Contents
Approach and Methodology Overview
Current Status
IFC Evaluation Summary
Way Forward
2016 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Requirement as per Companies Act 2013

Sec
.
134
Sec.
177
As per Section 134(5)(e) requires, directors to make

an
assertion
in
Directors
Responsibility
Statement that they have laid down internal
financial controls to be followed and that such IFCs
are adequate and operating effectively
Sec.
143
Under Section 143(3)(i), Statutory Auditors are required to make

a statement in their Auditors Report, whether the company has
adequate IFC system in place and the operating effectiveness of
such controls
Under Section 177(4)(vii), the duties of the Audit Committee

include evaluation of internal financial controls & to make a report
to the board
Sch.
IV
The roles and functions codified in Schedule IV of The

Companies Act 2013 clearly state that independent directors
shall satisfy themselves on the integrity of financial information
and that financial controls and the systems of risk management
are robust and defensible
Implications for Non Compliance: <INR 25 Lacs on Company; <INR 5 Lacs on Officers; <3 years imprisonment
Companies Act 2013 casts responsibility to ensure existence and operating effectiveness of
Internal Financial Controls for various stakeholders
Ensure adequacy and
operating effectiveness of
IFC
Evaluation of internal
financial controls
Directors
To comment on adequacy
and operating
effectiveness of IFC
Auditors
Internal
Financial
Control
Audit Committee
Satisfy themselves on the
robustness of internal
financial controls
framework
Independent Directors
Requirement as per Companies Act 2013

Definition of Internal Financial Controls as per Companies Act, 2013
policies
policies and
and procedures
procedures adopted
adopted by
by the
the company
company for
for ensuring
ensuring the
the orderly
orderly and
and
efficient
efficient conduct
conduct of
of its
its business,
business, including
including adherence
adherence to
to companys
companys policies,
policies, the
the
safeguarding
safeguarding of
of its
its assets,
assets, the
the prevention
prevention and
and detection
detection of
of frauds
frauds and
and errors,
errors,
the
accuracy
and
completeness
of
the
accounting
records,
and
the
the accuracy and completeness of the accounting records, and the timely
timely
preparation
of
reliable
financial
information
preparation of reliable financial information
Building block (Component)
1
2
Policies and procedures
Assignment of responsibility, delegation of authority, segregation of duties and

establishment of related policies and procedures to provide a basis for
accountability and controls
Safeguarding of assets
Assets and ownership interests exist at a specific date

Assets are the rights of the entity at a specified date
3 Prevention and detection of frauds

and errors
4 Accuracy and completeness of the

accounting records
Key objectives of coverage
Timely preparation of reliable

financial information
Enable proactive anti-fraud controls and a fraud risk management framework to

mitigate fraud risks to the company
All transactions occurred during a specific period have been recorded
Assets, liability, revenue and expense components are recorded at appropriate
amounts
Financial items are properly described, sorted and classified
Financial information is provided as per the timelines defined by the relevant
stakeholders
IFC Approach & Methodology

Approach
1
1
Phase I
Plan and Scope
evaluation
2
2
Phase II
Document the IFC
framework
3
3
Phase III
Evaluate Design and
Controls
4
4
Phase IV
Identify and Correct
Deficiencies
Current Status
Activity
Identify the business
processes to be covered
during the IFC
documentation
Status
Activity
Document Process flows/
narratives for in-scope
processes for pilot
locations
Develop Risk Control
Matrices covering Entity Level Controls
Process Level Controls
Status
Status
Activity
Status
Activity
Report deficiencies and
provide suggestion on
remediation measures
Obtain confirmation from

the process owners on the
Risk Control Matrices and
process flow charts
Perform test of effectiveness

for the areas covered in
phase III
Perform test of design by

selecting one sample per
control for processes
covered as per IA plan
Remediation of gaps by
process owners
Perform test of design by

selecting one sample per
control for processes Not
covered as per IA plan
Legend
Completed
In progress
Planned
Current Status
Milestone
Status
Assess Process Level as well as Entity Level Controls
Completed
Document RCMs for Corporate and Station
Completed
Review existing SOPs provided
Completed
Roll out RCMs and SOP inputs to HODs / process owners
Completed
Process Level Controls - Test of Design (TOD)
Completed*
Process Level Controls - Test of Effectiveness (TOE)
Completed*
Entity Level Controls Test of Design
Completed
Management Reporting
Closure meeting with Management and Statutory Auditors
Initiated
To be initiated
*Complete and partial documents pending from 9 and 10 stations respectively.
TOE of stations will

be completed by 31 March 2016 subject to receipt of data from the process owners..
st
IFC Evaluation Summary

TOD
TOE
Total Controls
Automated/Semi
Automated Controls
Pass
Fail
43
37
Capex
23
10
21
21
Admin
14
13
13
Scheduling
Royalty
Process
Entity Level Control

Corporate:
Digital
Pass
Fail
Not applicable
Secretarial
10
10
10
Accounts and Finance
98
45
98
98
Legal
12
12
10
Sponsorship
12
11
11
Human Resource
22
20
20
Marketing
18
11
11
IT General Control
18
13
13
Creative Services
Station*
HR & Payroll
Admin
Programming
Activation
Ad Sales
Total
Will be done in Quarter 4 with Internal Audit plan
15
15
15
13
12
12
12
346
RCM confirmation received now from process owners. verification

88
300
29
261
*Documents pending from station

Summary of key control improvement areas Design Level

Control
Process
no.
ELC 20
ELC
Control Improvement Area

Human resource policies are not renewed on
an annual basis.
Remediation
Post conduct of HR Internal Audit, it was agreed by
management that HR policies will be reviewed once in
every 2 years.
SC.05
SC.06
Scheduling As a process, audio files (Creatives) provided

by the client should be checked for length,
language and quality before inserting it in the
cart.
Cart range is a space created in RCS software
by audio ripping team for inserting audio files
to be aired.
Creatives provided by the client are not
checked for length, language and quality by
the sales team before releasing it for
scheduling.
Absence of maker and checker control for cart
created in the system for ripping of creative
Carts are created by the schedulers while creating deals

in AW, The audio ripping team runs an SQL query to pull
of data on the new crats created by the scheduler.
On knowing the new carts, they create the cart IDs in the
Head-site ( software used for ripping carts ) machine &
send the audio files to the desired locations.
Here the carts are created by the scheduling team in AW
while they are made in the Head-site machine by the
audio ripping team.
We have as over 200 carts made on a daily basis, to
check each cart wrt to the audio file sounds impractical.
Also sales team does not have access to the Head site
server.
HR.04
Human ENIL does not have a policy of employee

Resource background check by third party across all
levels with respect to criminal history, identity
check and background verification
HR.21
Human The company does not have a documented

Resource record retention policy
We will do a third party background check for Group

Managers & above (leadership roles), limiting the back
ground check to verification of education qualification
hired for and previous employment verification including
reference check from the previous Managers.
We dont have a record retention policy in HR or for that
matter ENIL. We will accept if there is one going to be
applied for the organization or will devise one for HR by
March 31st
MM.14
Marketing SAP should be configured to prevent booking

of vendor invoices against the merchandise
under QC check
Absence of prevention of booking of vendor/
supplier invoice in system against
merchandise under QC check.
Marketing As a process, invoice reversal should be duly
approved by authorised person..
User posting the vendor/ supplier invoice has
the rights to reverse the invoice. Absence of
approval for reversal of invoice.
MM.17
Timeli
nes
Sept
2016
Type
Operation
al
ELC
Operation
al
June
2016
Operation
al
Sept
2016
Operation
al
Operation
al
ICOFR
Summary of key control improvement areas Design exists but not adhered
Documentation Level
Contro
Process
l no.
FA.8
Fixed
Assets
Remediation
Time
lines
Type
As per policy, capitalization of Fixed

All assets to be capitalized basis Installation report.
ICOFR
asset should be done post approved
installation report
Installation report is not prepared and
signed off upon installation of an
Asset.
FA.22
Fixed COOs approval is obtained prior to
As per revised DoA, the RD approval is required for inviting the
ICOFR
Assets inviting quotes from the buyers for
quotes from buyers for disposal of assets.
disposal of assets.
Quotes for fixed asset procurement are
not invited for asset to be disposed off
and also approvals are obtained from
RD instead of COO.
AD.14
Admin As per ENILs travel policy, employee This is a matter of discipline & delays do happen. People claim in bulk
Operatio
doesn't submit within 7 days of his /
& often they claim after a couple of week of the travel being incurred.
nal
her travel duly filled travel expense
We can minimise the deviations by time barring the claims from
statement / claim form along with the being honoured within a specific period. So if travel claims are
supporting to the Branch / Location
submitted after say 2 months they wont be honoured. We could
Finance.
use a strong deterrent like the above to ensure faster claim
submission
SC.02 Schedulin Scheduling process involves booking of The scheduling team, post booking the deal , generates the Contract
Operatio
g
spots post approval of Traffic Order
Confirmation (CC) & checks them before sending it to the concerned
nal
(TO) .
station/s.This way there is 100% compliance since all the CCs are
Upon booking of spots, contract
checked & sent to the stations. Stations do revert in case if there is
confirmation generated by the
any error in the booking by the scheduler.
scheduler is not verified and confirmed Also, over 80% revenues are generated by the Top 8 markets , out of
by sales coordinator / sales.
which 6 markets have the Sales coordinator who check the CCs
along with the AMs & revert in case any anomaly is found in the CC.
The details are also checked by each branch finance head before the
invoices are processed, in fact confirmation of the B basis is a
mandatory requirement for processing of the invoices, which ensures
data correctness. MIS on revenue generated by AMs, A Basis , B basis
too are shared on a periodical basis ( some even on a daily basis )
which ensures correctness of the data , any differences are
immediately brought to the notice of the concerned scheduled &
corrected in the deals. Also, the amount of the credit notes issued on
9
2016 KPMG, an Indian Registered Partnership and a member firm a/c
of the KPMG
network of independent
member firms
affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
of incorrect
booking
is minuscule.
* Refer Abbreviations **ICOFR : Internal control over financial reporting
Summary of key control improvement areas Design exists but not

adhered Documentation Level
Control
no
Process
SC.03
Scheduling As a process, Cluster Head approval should

be obtained before manual insertion of
spots by Sales Executive (Account Manager)
and should be regularized in the system by
respective station within 24 hours
Absence of regularization of manual Traffic
Order in the SEAM software within 24 hours
SP.01
AC.01
Sponsorship Post P&L is a document capturing revenue

/ Activation and cost details post completion of an
activity / event. As per Mirchi Activation
policy, Post P&L needs to be approved
within defined timelines.
Delay in closure of Post P&L within the
specified timelines as defined in the policy
Marketing As a process, marketing budget duly
approved by board should be uploaded in
the SAP by National Marketing Head (NMH)
on an annual basis.
Approved budget is not uploaded in the SAP
by an authorized personnel.
MM.01
Remediation
All the TOs for Radio business are routed
thru SEAM (SM), post the TO gets
approved by station finance an email
gets triggered & goes to the scheduler
whose email id is mapped in SM. On
creating the contract ion Airwaves ,
scheduler updates the SM TO # in the
AW contract. In case the TO cannot be
generated in SM for some reason, a
manual TO is given to the scheduler for
booking ( with approvals),Such TOs are
later passed on to the scheduler who
tags the same in AW.MIS on the missing
TOs is circulated by the scheduling team
to all concerned that gives status of the
TOs which has not been booked into SM
Timeline
s
Type
Operation
al
Operation
al
Operation
al

10
Summary of key control improvement areas Design exists but not

adhered Documentation Level
Control
no.
MM.03
MM.13
Process
Marketing Contest is an activity initiated by marketing

department across all stations which
involves preparing of Contest form
mentioning all the details relating to the
contest and approved by National
Marketing Head (NMH)
Station Finance carries out a reconciliation
of physical stock with the book stock of
Mirchi Merchandise and other gifts
,discrepancies noted are documented and
informed to Station Head
Absence of National Marketing Head
(NMH) approval on Contest form.
Absence of post evaluation upon
completion of contest.
Absence of reconciliation of physical stock
with the book stock of merchandise.
Stock is not maintained in books.
MM.06
Marketing As a process, a report containing details of
the execution of all marketing activities
should be prepared by Marketing team and
reviewed by NMH.
Absence of evidence of monthly monitoring
of achievement of objectives and follow up
plans for ensuring planned activities are
aligned to marketing grid.
MM.08
Marketing To ensure actual expenditure is in line with
the approved budget, NMH prepares
monthly marketing report, after analyzing
budget to actual spends for each activity,
which is discussed with COO & signed off.
1. Monthly marketing report is not
prepared.
2. Absence
of evidence
for reporting
by
* Refer Abbreviations **ICOFR
: Internal
control over
financial reporting
SMH to NMH.
Remediation
Timeline
s
Type
Operation
al
Operation
al
Operation
al
11
Summary of key control improvement areas Absence of design

Documentation Level
Control
no.
LE.08
LE.12
Process
Remediation
Legal
User department / Station Finance retains the

executed agreement copies and ensures that
a scanned copy of the same is uploaded on
the central database on the timescape.
Absence of process of uploading scan copies
of the agreement on central data base.
Absence of agreement tracker for
agreements entered by ENIL across stations
and corporate.
Legal team is mandated to send

instructions vide emails to the interested
stakeholders wherein the procedure for
uploading the scanned copies of all
documents are explained in detail. Legal
team is further mandated to send periodic
reminders to the interested stakeholders.
Such emails have been regularly sent by
Kaizad. Hence, all mandates on the part
of legal team have been complied with.
Timeline
s
Type
Operational
Prior to disbursing any amount, finance

team always checks for the validity of the
agreement. If the agreement is not valid
and the parties intend to extend it, then
the legal team receives a requisition from
the user department to draft an extension
agreement. Upon receipt of such
requisition, legal team asks for the
original agreement and post discreet
perusal of the original agreement, legal
team drafts the extension agreement. The
extension agreement draft is then shared
with the user department and if they are
okay with the commercials (if any), they
get the extension agreement properly
executed. Basis such extension
agreement, any further transaction takes
place. However, if the auditor feels that
there should be an agreement tracker at
every station and a person shall be
designated for the same at each station,
then they can suggest improvisation in
the process which can be initiated at the
level of the respective authorities.
12
Summary of key control improvement areas Design Level - Information

technology(1/5)
Proces
s
ELC1.1 An IT strategic plan/ IT budget document does

ELC1.2 not exist.
Remediation
The IT plan for every year is at an operational level
and a broad strategic plan though exists, is not
formally concluded and documented. We will start
that process from this financial year
Timelines
Type
The IT roadmap and

strategic plan for FY 201617 will be floated by 31st
March 2016.
With the input from
stakeholders and
functional managers, the
finalisation of the plan
should be completed by
15th April 2016
Operat
ional
ELC
ELC1.5 1. A documented SOD matrix does not exist for 1. Will review the policy document and update the
Policy document review
SAP.
same accordingly during the first quarter of 2016-17 and updation by first
quarter 2016-17
2. Segregation of duties is not maintained
2. Access allowed to Aashish Mankad, Rajeshwari
Will be initiated by 31st
between IT support and functional access. It
Bhattacharyya for all functional transactions in order March 2016
was noted that IT team members have
to facilitated troubleshooting. However, we could
complete functional access.
have an audit trail of all transactions executed using
E.g. Aashish Mankad has following rights like
these ids requested for by Finance team / finance
Create Internal Order
controller on monthly / random audit to make sure
Purchase Manager Role 01
that there are no unauthorized transactions
Purchase Manager Role 04
happening through these ids
Primary Buyer Material / Service
Part of point 1 above
3. Finance Management Response:
3. It was noted that the some users have
a. A S Srinivasan is handling tax compliance &
conflicting roles assigned.E.g.
assessments for TIML & ABSL. Since ABSL does
a. A C Srinivasan has conflicting roles of
not have any employees separately doing
Collection Creator - Processor and Journal
accounting, he has been assigned these rights.
Creator - Approval for TIML and ABSL.
But, for payment, there is clear maker / checker
b. Anant Sawant has conflicting roles for
consent followed where any payment is
Collection Creator - Processor for ABSL and
approved by two independent approvers before
ENIL.
processing.
c. Arijit Ghosh has conflicting roles Journal
Creator - Approval for TIML and ABSL.
d. Ganapathy Iyer has conflicting roles of
Collection Creator
2016 KPMG,-anProcessor
Indian Registered Partnership
and Journal
and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Creator* -Refer
Approval
for TIML, ABSL
and :ENIL.
Abbreviations
**ICOFR
Internal control over financial reporting
Operat
ional
ELC
13

technology(2/5)
Process

e. Janardhan Hatle has conflicting
roles of Collection Creator Processor for ABSL, TIML, MML
and ENIL and Journal Creator Approval for TIML.
Remediation
b. Anant Sawant is given selective right of creator
for ABSL & ENIL due to requirement of AR / AP ,
advances processing / refund from creditors etc.
For payment, there is clear maker / checker
consent followed where any payment is approved
by two independent approvers before processing.
c. Since ABSL and TIML does not have any
employees separately doing accounting, Arijit has
been assigned these rights to do the accounting.
But, for payment, there is clear maker / checker
consent followed where any payment is approved
by two independent approvers before processing.
d. Ganapathy is part of financial accounting &
reporting team & hence carries rights to create &
post collection entries and JV. This is required
mainly in case any rectification entries needs to
be posted which is identified at the time of
financial review. Ganapathy reports to Financial
controller who in turns reviews all the workings &
JVs. Further, there is period JV analysis which is
done on periodic basis. Same is also shared with
IT team.
e. Janardan was part of CPU team before moving to
station finance role. This should have been
deactivated at the time of movement. We have
already asked to make necessary changes in his
role to IT team.
Timelines
Type
Part of
point 1
above
* Refer Abbreviations
14

technology(3/5)
Process
Remediation
ELC1.6
Network Security Policy document shared with

KPMG does not mention following points:
1. Description of Network architecture.
2. Maintenance and approval of Network Diagram.
3. Access Management, Change Management and
Incident Management policies related to network.
4. Internal / external network security review
process
BCP policy / framework document shared with
KPMG does not mention following points:
1. Location of the DR sites.
2. Architecture at DR site and it resemblance with
the production.
3. Risk assessment and business impact analysis
including identifying possible threats/ disasters
that can occur and corresponding DR processes to
be implemented
4. Detailed steps for Invoking DR .
5. Recovery Time Objective(RTO) and Recovery
Point Objective(RPO).
Absence of Service Level Agreement (SLA) defined
in policy document for incident management.
Will review the policy document

and update the same
accordingly during the first
quarter of 2016-17

and updation by first
quarter 2016-17
Operatio
nal
Will review the policy document

and update the same
accordingly during the first
quarter of 2016-17

and updation by first
quarter 2016-17
Operatio
nal
ELC1.7
CO1.6
Timelines
Appropriate documenting of the SLA exists for SAP,

SLA process will be done for
Airwaves and RCS.
SAP, Airwaves and RCS
Documentation of the
same will be done by first
quarter of 2016-17
Type
Operatio
nal
15

technology(4/5)
Process
APD1.2
APD1.4
APD1.5
Remediation
1. For SAP user access revoke the HR runs the 1.

automated separation process once the
employee quits the organization. However it
was noted that in SAP the automated access
deprovisioning process does not exist for
temporary staff. E.g. Consultant - Nitesh
Jadhav: User ID was not deleted post last
working date. Also account lockout on SAP
has been configured as higher than 15 days
as against the policy requirement of 15
days.
This is a case of a temporary staff who

has accessed the system on 12th April,
2013. There has been no intimation for
deactivation of the id. Since the id had
not been accessed for more than 30
days as per the policy it has been
automatically deactivated on 15th May
2013. It is a potential risk if the ID had
been accessed from outside by the said
temporary staff. Hence we need better
controls around the same.
2. For SAP user creation, a request is send to IT 2.

team with the SAP ID and is approved by the
process owner. However it noted that users
include their passwords in emails sent to IT
Team for SAP access.E.g.. SAP ID 15201725
and 15203118.
We have made payslip access available

to employees through the timescape id
which we believe would be a major
deterrent in sharing the passwords. We
will send out a general emailer to
sensitise people about not sharing their
passwords. Additionally, the IT team will
write back to people sharing the
password about the consequence of the
same and requesting them to change
the password immediately
Timelines
Type
Operational
3. For SAP user access revoke the HR runs the

automated separation process once the
employee quits the organization. However,
it was noted that the timescape user ID
Karthikc2307 was deactivated 19 days (on 3.
25 Jun 2015) after the last working day (6
4. The access to RCS was provided after
Jun 2015.)
approvals but not through emails (the
4. According to user access management
requests were through whatsapp
policy (namely User Access Policy) for RCS
messages). However, the process wef
the user creation and deletion should be
1st march 2016 will be only through
carried out on formal approval of the
appropriate emails. Ajay Munjal from
process owner. However, it was noted that
Programming team will follow the same
formal process was not followed and
evidences were not available for access
grant and revoke for RCS.
16

technology(5/5)
Process
APD1.3
Remediation
5. It was noted that system does not have the 5. Yes this is a known limitation and we are
functionality to log the activities of the users
aware of it. The next version has that in
accessing the RCS application.
its design. The point has already been
discussed with software developers.
There is a debug log being written but
6. For SAP user creation, the access should
thats computer specific and more
granted only after the process owner has
meant for technical troubleshooting.
approved it. However it was noted that
access to SAP ID:15203262 and Consultant - 6. The policy requires process owner's
Jayesh Dicholkar was given before the
approval for role assignment. In this
approval.
case, since royalty payment process
would have been hindered, the IT team
took a practical view and went ahead
with the immediate reporting boss of
the Employee for role assignment.
However there was a follow-up for the
approval of the process owner in the
interim 3 days
According to user access management policy
The RCS access is limited to only the RCS
(namely User Access Policy) for RCS the
studio network at each market. Considering
minimum password standards are:
that this is limited to the studio network
1. At least eight characters.
and the users are limited with limited
2. Contain a mix of alpha and numeric.
functionality to RJs, this is not a big risk. As
However, it was noted that there are no
regards, implementing the password policy
password parameters such as minimum length, on RCS, the software does not mandate the
alphanumeric in place.
password requirement and hence we are
unable to ensure the recommended
password strength.
Timelines
Type
Operational
17
Abbreviations
ELC - Entity Level Control

HR - Human Resource
MM - Marketing
SC -Scheduling
FA Capital Expenditure
AD Administration
SP Sponsorship
LE Legal
AC Activation
RD Regional Director
COO Chief Operating Officer
CFO Chief Financial Officer
BCCL - Bennett, Coleman and Company Limited
TO Traffic Order
NMH National Marketing Head
QC Quality Control
P&L Profit and loss
DT Direct Tax
APD Access to Program and Data
CO Computer Operation
RTO Recovery Time Objective
RPO Recovery Point Objective
18

KPMG IFC Presentation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KPMG IFC Presentation

Uploaded by

Copyright:

Available Formats

Entertainment

Network India Limited

Presentation on Internal Financial Control (IFC)

Approach and Methodology Overview

IFC Evaluation Summary

Requirement as per Companies Act 2013

As per Section 134(5)(e) requires, directors to make

Under Section 143(3)(i), Statutory Auditors are required to make

Under Section 177(4)(vii), the duties of the Audit Committee

The roles and functions codified in Schedule IV of The

Requirement as per Companies Act 2013

Policies and procedures

Assignment of responsibility, delegation of authority, segregation of duties and

Assets and ownership interests exist at a specific date

3 Prevention and detection of frauds

4 Accuracy and completeness of the

Key objectives of coverage

Timely preparation of reliable

Enable proactive anti-fraud controls and a fraud risk management framework to

IFC Approach & Methodology

Obtain confirmation from

Perform test of effectiveness

Perform test of design by

Perform test of design by

Assess Process Level as well as Entity Level Controls

Document RCMs for Corporate and Station

Review existing SOPs provided

Roll out RCMs and SOP inputs to HODs / process owners

Process Level Controls - Test of Design (TOD)

Process Level Controls - Test of Effectiveness (TOE)

Entity Level Controls Test of Design

*Complete and partial documents pending from 9 and 10 stations respectively.

TOE of stations will

IFC Evaluation Summary

Entity Level Control

Accounts and Finance

Will be done in Quarter 4 with Internal Audit plan

RCM confirmation received now from process owners. verification

*Documents pending from station

Summary of key control improvement areas Design Level

Control Improvement Area

Scheduling As a process, audio files (Creatives) provided

Carts are created by the schedulers while creating deals

Human ENIL does not have a policy of employee

Human The company does not have a documented

We will do a third party background check for Group

Marketing SAP should be configured to prevent booking

Control Improvement Area

As per policy, capitalization of Fixed

Summary of key control improvement areas Design exists but not

Control Improvement Area

Scheduling As a process, Cluster Head approval should

Sponsorship Post P&L is a document capturing revenue

* Refer Abbreviations **ICOFR : Internal control over financial reporting

Summary of key control improvement areas Design exists but not

Control Improvement Area

Marketing Contest is an activity initiated by marketing

Summary of key control improvement areas Absence of design

Control Improvement Area

User department / Station Finance retains the

Legal team is mandated to send

Prior to disbursing any amount, finance

Summary of key control improvement areas Design Level - Information

Control Improvement Area