Docstoc

FRA - SReis Consultoria

Document Sample
FRA - SReis Consultoria Powered By Docstoc
					Financial Scalability
FRS-Code                  XXX00000

Reporting Unit, Country   XXXXX, Brazil
Responsible               XXXXX, Sxxxx

Date of download          00/00/20XX

Filename                  XXX0000_220111
Profiling Questions                                                    Answer
Do you have 3rd party revenues?                                         YES
Do you have Intercompany revenues?                                      YES
Do you have other income?                                               YES

Do you have collections on Co-Licensing and Co-Marketing agreements?    YES
Do you have activities involved in forfeiting/factoring?                YES
Is your entity in North America?                                        YES
Is your entity a production site with own production?                   YES
Is your entity a production site with toll manufacturing activities?    YES
Does your entity stock or/and sell finished goods?                      YES
Do you have fixed assets?                                               YES
Do you have leases?                                                     YES
Do you have intangible assets?                                          YES
Summary of Scalability Grid
Reporting Unit, Country                                                                       FRS-code

XXXXX, Brazil                                                                                 XXX00000

Head of Finance name & signature                                                              Date:




Sub-Cycle                                                                 Applicable based on Applicable based on Comment on why sub-cycle is not applicable
                                                                           anwers to profiling   entity specific
                                                                             questions (X)     customization (XX)

ID              Description

FRA.01          Segregation of Duties/ Configuration                              X                   XX

FRA.02          Processing                                                        X                   XX

FRA.03          Reviewing                                                         X                   XX

FRA.04          Reporting                                                         X                   XX

FRA.05          Tax                                                               X                   XX

FRA.06          Cash Management                                                   X                   XX

FRA.07          Insurance & Risk Management Novartis Corporation                  X                   XX

PAY.01          Segregation of Duties/ Configuration                              X                   XX

PAY.02          Compensation & Benefits                                           X                   XX

PAY.03          Payroll Process                                                   X                   XX

PAY.04          Payroll Disbursement                                              X                   XX

PIN.01          Segregation of Duties/ Configuration                              X                   XX

PIN.02          Standard Cost Preparation                                         X                   XX

PIN.03          Materials Movement                                                X                   XX

PIN.04          Inventory Production                                              X                   XX

PIN.05          Control Inventory                                                 X                   XX

PIN.06          Manage and Schedule Operations                                    X                   XX

PIN.07          Lower of Cost or Market Value                                     X                   XX

PIN.08          Pre-approval Inventory                                            X                   XX

PIN.09          Compliance with Good Manufacturing Practices                      X                   XX

PIN.10          Product Recall                                                    X                   XX

PIN.11          Samples Inventory                                                 X                   XX

PIN.12          Toll Manufacturing/ In-house production                           X                   XX

PPE.01          Segregation of Duties/Access Rights                               X                   XX

PPE.02          Acquisition                                                       X                   XX

PPE.03          Accounting                                                        X                   XX

PPE.04          Safeguarding                                                      X                   XX

PPE.05          Disposal                                                          X                   XX

PPE.06          Leases                                                            0                    0

PPE.07          Intangibles                                                       X                   XX

PUR.01          Segregation of Duties/ Configuration/ Procedures                  X                   XX

PUR.02          Vendor Management                                                 X                   XX

PUR.03          Purchase Requisitions and Order Placement                         X                   XX

PUR.04          Receipt of Goods and Services                                     X                   XX

PUR.05          Invoice Receipt                                                   X                   XX

PUR.06          Goods Returns                                                     X                   XX

PUR.07          Cash Disbursements                                                X                   XX

PUR.08          Accounts Payable Management                                       X                   XX

PUR.09          Travel and Entertainment Expenses                                 X                   XX

REV.01          Segregation of Duties/ Configuration                              X                   XX

REV.02          Contract Management                                               X                   XX

REV.03          Credit & Price Control                                            X                   XX

REV.04          Sales Order Management                                            X                   XX

REV.05          Distribution, Delivery & Invoicing                                X                   XX

REV.06          Returns Management & Credit processing                            X                   XX

REV.07          Sales Deductions                                                  X                   XX

REV.08          Collections                                                       X                   XX

REV.09          Collections on Co-Licensing and co-Marketing Agreements           X                   XX

REV.10          Forfeiting/ Factoring                                             0                    0

REV.11          AR Management                                                     X                   XX

REV.12          US Specific Controls                                              0                    0
                                                                                                       Control Matrix                                                                                                                                                                                                                       FRA Cycle
                                                                                                                                                                                                                                                                                                                                          Assessment                                                                                                                Remediation                                                                                   Testing
                                                                                                                                                                                                                                                                  (Q1)          (Q2)          (Q3)             (Q4)             (Q5)              (Q6)                   (Q7)                (Q8)              (Q9)            (Q10)               (Q11)                  (Q12)              (Q13)         Testing Period Testing Period 1 Testing Period 1 Testing   Testing Period Testing Period 2 Testing Period 2 Testing Period
                                                                                                                                                                                                                                                            Is this control    If No,   Is this control     Additional       Frequency      Documentation      Evidence of Control (e.g. Control owner     Staff trained      Maturity     If Maturity is level 4      Responsible         Due Date              1           Likelihood         Impact      Period 1        2           Likelihood         Impact            2
               Cycle       Sub-Cycle                                                                    Control       Description of the Recommended                      Recommended                                   Recommended
Cycle ID                                  Sub-Cycle          Control Objective Description                                                                                                                                                                activity relevant   explain   performed? If      comments to       of control    (e.g. procedures,       report signed by      (Job title and     to control      level from 1            or 5,               person for        (dd/mm/yy)                      (High/Medium/L (High/Medium/L Tester's name                (High/Medium/L (High/Medium/L Tester's name
             Description      ID                                                                       Activity ID             Control Activity                           Validation steps                                Evidences
                                          Description                                                                                                                                                                                                      to your entity?     why.       yes, how ?      control activity                   flowcharts...)         management...)          Name)         activity? (Y/N)       to 5            define your          remediation plan   remediation plan     (Pass/Fail)        ow)               ow)                   (Pass/Fail)        ow)               ow)
                                                                                                                                                                                                                                                                                                            (free text)                                                                                                                      remediation plan.
FRA        Financial       FRA.01      Segregation of   Segregation of Duties/Access Rights           FRA-1          Segregation of Duties                      1. Check that mitigating controls are      1. Procedures and flow charts (e.g. User
           Reporting and               Duties/          Appropriate segregation of duties is in                      Segregation of Duties are properly         identified and described                   Authorization Management) approved by
           Accounting                  Configuration    place with corresponding system access                       defined and reflected in job               2. Validate adequacy of                    management
                                                        rights.                                                      descriptions or role profiles. In the      compensating controls                      2. Job descriptions and organisation chart
                                                                                                                     absence of proper segregation of           3. Review access rights report from        3. Access to system inline with job
                                                                                                                     duties, compensating controls are          ERP system                                 description
                                                                                                                     established.                                                                          4. User access rights report from ERP
                                                                                                                                                                                                           system
FRA        Financial       FRA.01      Segregation of   Segregation of Duties/Access Rights           FRA-1          Access Rights - Manage & Review            1. Review procedure on User                1. Procedures and flow charts (e.g. User
           Reporting and               Duties/          Appropriate segregation of duties is in                      The access rights in the system are        Authorization Management                   Authorization Management) approved by
           Accounting                  Configuration    place with corresponding system access                       managed and regularly reviewed by          2. Review job descriptions and             management
                                                        rights.                                                      management. The review is                  system access                              2. SoD matrix including mitigating controls
                                                                                                                     documented and any unauthorised            3. Review access rights report from        3. Signed access rights authorisation
                                                                                                                     access rights are corrected in the         ERP system                                 forms
                                                                                                                     system.                                                                               4. User access rights report from ERP
                                                                                                                                                                                                           system

FRA        Financial       FRA.01      Segregation of   Segregation of Duties/Access Rights           FRA-1          Access Rights - Authorise Payments         1. Review procedure on User                1. Procedures approved by management
           Reporting and               Duties/          Appropriate segregation of duties is in                      Access to authorise payments               Authorization Management                   2. Evidence of ERP system configuration
           Accounting                  Configuration    place with corresponding system access                       (including cheques) is restricted          2. Review ERP system configuration         3. User access rights report from ERP
                                                        rights.                                                      through password and authorisation         3. Review access rights report from        system
                                                                                                                     controls. The access rights in the         ERP system                                 4. Payment runs and audit logs reports
                                                                                                                     system are regularly reviewed and any      4. Review payment runs and audit
                                                                                                                     unauthorised access is promptly            logs
                                                                                                                     corrected.

FRA        Financial       FRA.01      Segregation of   System Configuration                       FRA-1             Chart of Accounts                          1. Review procedure covering charts        1. Procedures covering charts of accounts
           Reporting and               Duties/          Configuration of accounting master data is                                                              of accounts                                approved by management and aligned with
           Accounting                  Configuration    appropriate.                                                                                            2. Review ERP system configuration         Company guidelines
                                                                                                                                                                with regards to group chart of             2. Evidence of ERP system configuration
                                                                                                                                                                accounts                                   with regards to group chart of accounts
                                                                                                                                                                                                           3. Evidence of ERP Master Data Changes
                                                                                                                                                                                                           (additions and deletions) are reviewed and
                                                                                                                                                                                                           approved by management

FRA        Financial       FRA.01      Segregation of   System Configuration                       FRA-1             Profit and Cost centre                     1. Review procedures on profit centre      1. Procedures approved by management
           Reporting and               Duties/          Configuration of accounting master data is                   The configuration of Profit and Cost       reports to confirm that all postings       2. Documentation of changes to Profit and
           Accounting                  Configuration    appropriate.                                                 Centre master data meets the               are correct. Procedures should             Cost Centre master data reviewed and
                                                                                                                     information needs of management to         include treatment of errors, approval      approved
                                                                                                                     effectively monitor the business.          mechanism and any further
                                                                                                                                                                processing required
                                                                                                                                                                2. Ensure all changes to Profit and
                                                                                                                                                                Cost Centre master data are
                                                                                                                                                                documented, reviewed and approved

FRA        Financial       FRA.01      Segregation of   System Configuration                          FRA-1          Configuration Changes                      1. Review change control procedures        1. Change control procedures approved by
           Reporting and               Duties/          Changes in the configuration of master                       Procedures are established to control      approved by management                     management including a formal process
           Accounting                  Configuration    records are authorised by finance                            changes to system parameters,              2. Review adequacy of Segregation          for testing the modifications to reports and
                                                        management, e.g. CFO or his/her                              configurations, chart of accounts,         of Duties and compensating controls        changes to financial master data.
                                                        delegate.                                                    automatic postings, account mapping                                                   2. Where SoD is not possible,
                                                                                                                     to financial statements, exchange                                                     documentation of mitigating controls
                                                                                                                     rates, period opening/closing, etc. G/L                                               3. Review of exception reports pertaining to
                                                                                                                     accounts that are not needed anymore                                                  changes in master record configurations
                                                                                                                     are blocked to avoid processing of                                                    and record activity (i.e. inactive and open
                                                                                                                     inappropriate postings. Management                                                    accounts)
                                                                                                                     reviews and approves all changes
                                                                                                                     before they are actioned.
FRA        Financial       FRA.01      Segregation of   Document Retention                            FRA-1          Document Retention                         1. Review procedures defining the          1. Procedures and flow charts approved by
           Reporting and               Duties/          Financial documents are retained in                          A Document Retention and Archiving         conditions related to document             management aligned with Company
           Accounting                  Configuration    accordance with information security                         Policy is in place and followed, in        retention, check alignment with            policies and legal requirements
                                                        guidelines and statutory requirements.                       accordance with Company policy.            Company policies and legal
                                                                                                                     Documents are stored in suitable           requirements
                                                                                                                     storage facility.
FRA        Financial       FRA.02      Processing       Journal Entries/Postings                      FRA-2          Journal Entries / Postings Procedures      1. Review month end procedures             1. Month end procedures covering journal
           Reporting and                                Accurate and prompt recording of journal                     Procedures and approval for standard       covering journal entries approved by       entries approved by management
           Accounting                                   entries.                                                     and non-recurring journal entries have     management                                 2. Documented month-end procedures
                                                                                                                     been established. Recommended              2. If held documents are to be used,       including the review of the held document
                                                                                                                     procedures include: - detailed cut-off     ensure that the month-end                  list
                                                                                                                     and closing schedules for each             procedures include the review of the
                                                                                                                     individual journal entry - journal entry   held document list
                                                                                                                     preparation and required supporting
                                                                                                                     documentation - description of the
                                                                                                                     approval and review process to ensure
                                                                                                                     proper accounting treatment.
FRA        Financial       FRA.02      Processing       Journal Entries/Postings                      FRA-2          Management Review                          1. Review procedures ensuring              1. Procedures approved by management
           Reporting and                                Accurate and prompt recording of journal                     Management effectively reviews and         management is reviewing and                ensuring journal entries are reviewed and
           Accounting                                   entries.                                                     authorizes journals according to the       authorizing journal entries                authorized
                                                                                                                     established procedures. There is
                                                                                                                     evidence that this review has been
                                                                                                                     performed.
FRA        Financial       FRA.02      Processing       Journal Entries/Postings                      FRA-2          Review of Unposted Documents               1. Review month end procedures             1. Procedures approved by management
           Reporting and                                All documents that should be reflected in                    Management review ensures that 1) all      ensuring management uses                   on month end activities ensuring
           Accounting                                   the current period's financial results have                  documents are posted in a timely           evaluations (i.e., transaction listings)   management uses evaluations (i.e.,
                                                        been processed.                                              manner and in the correct period; 2)       to clear parked documents regularly        transaction listings) to clear parked
                                                                                                                     Accruals are made for non-posted           (at least every period)                    documents regularly (at least every period)
                                                                                                                     documents.                                 2. Review monthly accrual account          2. Monthly clearing account reconciliation
                                                                                                                                                                reconciliation                             reviewed and approved

FRA        Financial       FRA.02      Processing       Interface Reconciliation                      FRA-2          Data Interface Reconciliation              1. Review reconciliation procedures        1. Procedures approved by management
           Reporting and                                Interface reconciliations are prepared                       Appropriate system controls and            approved by management ensuring            ensuring all reports produced by different
           Accounting                                   periodically to ensure that data                             reconciliations are in place to ensure     all reports produced by different          applications are reconciled
                                                        transmissions are accurate.                                  the transmission of data is correctly      applications are reconciled                2. Evidence of the reconciliation of the
                                                                                                                     performed. Exceptions are reviewed in      2. Review the reconciliation of the        different systems used to ensure
                                                                                                                     a timely manner, tracked and resolved.     different systems used to ensure           completeness and accuracy of data
                                                                                                                                                                completeness and accuracy of data
                                                                                                                                                                in a timely manner
FRA        Financial       FRA.02      Processing       Intercompany Transactions                     FRA-2          Procedures                                 1. Review approved consolidation           1. Approved consolidation procedures by
           Reporting and                                Calculate and record allocations properly.                   Allocation procedures are in place to      procedures and alignment with chart        management and with chart of accounts
           Accounting                                                                                                allocate specific accounts / profit and    of accounts requirements                   requirements
                                                                                                                     cost centres to specific business          2. Ensure all subsidiary accounts are      2. Evidence of annually review of all
                                                                                                                     franchises / business units/legal          reviewed on an annual basis for            subsidiary accounts and follow up actions
                                                                                                                     entities/Division. The procedures detail   determining which accounts need to
                                                                                                                     the methodologies employees should         be allocated for financial reporting
                                                                                                                     follow when preparing consolidation        purposes within the reporting entity
                                                                                                                     entries. Allocation methodology is in
                                                                                                                     accordance with the chart of acconts
                                                                                                                     approved by management, properly
                                                                                                                     documented and reviewed on an
                                                                                                                     annual basis.

FRA        Financial       FRA.02      Processing       Intercompany Transactions                     FRA-2          Review of Accounts                         1. Review procedures ensuring all     1. Approved consolidation procedures
           Reporting and                                Calculate and record allocations properly.                   Accounts/ profit and cost centres          subsidiary accounts are reviewed on   aligned with chart of accounts
           Accounting                                                                                                which need to be allocated for             an annual basis and alignment with    requirements
                                                                                                                     reporting purposes to Business             chart of accounts requirements        2. Evidence of final trial balance for
                                                                                                                     Franchises, Business units and             2. Ensure that final ending trial     intercompany reporting balanced out
                                                                                                                     Divisions are periodically reviewed by     balance for intercompany reporting    3. Evidence of reviewed and approved
                                                                                                                     management.                                net to zero takes place               intercompany reconciliations
                                                                                                                                                                                                      4. Evidence of review of any clearing
                                                                                                                                                                                                      accounts that may be used and the timely
                                                                                                                                                                                                      clearing of such accounts
FRA        Financial       FRA.02      Processing       Intercompany Transactions                     FRA-2          Review of Transactions                    1. Review approved procedures on       1. Approved procedures on intercompany
           Reporting and                                Ensure complete and accurate recording                       FRA ensures that all intercompany         intercompany activities ensuring that: activities
           Accounting                                   of intercompany transactions.                                transactions are accurate and in          a) The pricing is correct; b)          2. Evidence of monitoring and follow-up
                                                                                                                     accordance with established               Amendments occur in the correct        actions in case of errors
                                                                                                                     agreements. FRA ensures that : 1)         financial period; c) The transfer      3. Evidence of review and approval of
                                                                                                                     The pricing is correct; 2) Amendments pricing policy is appropriately applied intercompany transactions and with
                                                                                                                     occur in the correct financial period; 3) d) All transactions are properly       supporting documentation
                                                                                                                     The transfer pricing policy is            accounted for, documented,
                                                                                                                     appropriately applied 4) All              approved and reconciled with the
                                                                                                                     transactions are properly accounted       counterparty e) Uncleared automated
                                                                                                                     for, documented, approved and             intercompany accounting documents
                                                                                                                     reconciled with the counterparty 5)       should be analysed and cleared on a
                                                                                                                     Uncleared automated intercompany          periodic basis, preferably daily,
                                                                                                                     accounting documents should be            minimum weekly. Explainable
                                                                                                                     analysed, cleared manually or             deviations should be manually
                                                                                                                     automatically reprocessed on a            cleared and the remaining uncleared
                                                                                                                     periodic basis. Upon clearance,           documents should be automatically
                                                                                                                     ensure that these items have been         reprocessed f) Report on blocked
                                                                                                                     cleared by reviewing corresponding        accounting documents should be
                                                                                                                     automated inter-company document          reviewed as part of the month end
                                                                                                                     control reports.                          process
                                                                                                                                                               2. Ensure reconciliation account of
                                                                                                                                                               Goods In Transit (GIT)
                                                                                                                                                               3. Ensure all deviations are
                                                                                                                                                               monitored and corrective actions
                                                                                                                                                               performed


FRA        Financial       FRA.02      Processing       Intercompany Transactions                FRA-2               Intercompany Loans and Cash                1. Review procedures approved by    1. Procedures approved by management
           Reporting and                                Record and approve intercompany loans or                     Advances                                   management                          2. Intercompany loans or cash advances
           Accounting                                   cash advances appropriately.                                 All intercompany loans or cash             2. Ensure all intercompany loans or documentation with management approval
                                                                                                                     advances are approved and                  cash advances are approved and
                                                                                                                     documented by the Corporate                properly documented by the Treasury
                                                                                                                     Treasury Department and properly           Department
                                                                                                                     supported by a contract which also
                                                                                                                     includes repayment and interest terms.
                                                                                                                                                                                                                                                                                                                                            Page 4/77                                                                                                                                                                                                                                                                         1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                 (Q1)          (Q2)          (Q3)             (Q4)             (Q5)             (Q6)
                                                                                                                                                                                                                                                                                                                                          FRA Cycle                    (Q7)                (Q8)              (Q9)            (Q10)               (Q11)                 (Q12)              (Q13)         Testing Period Testing Period 1 Testing Period 1 Testing   Testing Period Testing Period 2 Testing Period 2 Testing Period
                                                                                                                                                                                                                                                           Is this control    If No,   Is this control     Additional       Frequency     Documentation      Evidence of Control (e.g. Control owner     Staff trained      Maturity     If Maturity is level 4     Responsible         Due Date              1           Likelihood         Impact      Period 1        2           Likelihood         Impact            2
               Cycle       Sub-Cycle                                                                   Control       Description of the Recommended                        Recommended                                  Recommended
Cycle ID                                  Sub-Cycle          Control Objective Description                                                                                                                                                               activity relevant   explain   performed? If      comments to       of control   (e.g. procedures,       report signed by      (Job title and     to control      level from 1            or 5,              person for        (dd/mm/yy)                      (High/Medium/L (High/Medium/L Tester's name                (High/Medium/L (High/Medium/L Tester's name
             Description      ID                                                                      Activity ID             Control Activity                             Validation steps                               Evidences
                                          Description                                                                                                                                                                                                     to your entity?     why.       yes, how ?      control activity                  flowcharts...)         management...)          Name)         activity? (Y/N)       to 5            define your         remediation plan   remediation plan     (Pass/Fail)        ow)               ow)                   (Pass/Fail)        ow)               ow)
                                                                                                                                                                                                                                                                                                           (free text)                                                                                                                     remediation plan.
FRA        Financial       FRA.02      Processing       Period-end Closing/Proper Cut-off             FRA-2         Period-end Closing / Proper Cut-off          1. Review year end procedures which       1. Procedures approved by management
           Reporting and                                Ensure that an accounting period is closed                  Procedures                                   include running the year-end closing      2. Defined month-end closing calendar
           Accounting                                   as defined after period end and that the cut-               Procedures are established to ensure         program and the fiscal year change        reflected in the system
                                                        off is done properly.                                       that periods are closed for posting in a     program. These procedures should          3. Evidence of supporting documentation
                                                                                                                    controlled and timely manner and             also specify the circumstances in         for month end activities
                                                                                                                    critical jobs are run. It is recommended     which year-end closing may be
                                                                                                                    that these procedures clearly define:        reversed.
                                                                                                                    1) The month-end calendar; 2) The list       2. Ensure the month end closing
                                                                                                                    of month-end activities with the             calendar is defined and reflected in
                                                                                                                    required supporting documentation; 3)        the system
                                                                                                                    Key activities and corresponding             3. Review month end activities with
                                                                                                                    monitoring controls, management,             the required supporting
                                                                                                                    GR/IR account clearing, Goods in             documentation.
                                                                                                                    Transit review and other related inter-
                                                                                                                    company movements; 4) Roles and
                                                                                                                    responsibilities for each activity and for
                                                                                                                    monitoring controls on those activities.

FRA        Financial       FRA.02      Processing       Period-end Closing/Proper Cut-off             FRA-2         Account reconciliation GR/IR                 1. Review procedures on GR/IR             1. Procedures on GR/IR account
           Reporting and                                Ensure that an accounting period is closed                  Management executes a review and a           account reconciliations approved by       reconciliations approved by management
           Accounting                                   as defined after period end and that the cut-               validation process is in place to ensure     management                                2. Evidence of follow up actions in case of
                                                        off is done properly.                                       the accuracy and completeness of the         2. Ensure follow up of actions are        deviations or errors and outstanding items
                                                                                                                    Goods Receipt/Invoice Receipt                performed accordingly                     in excess of normally expected timeframes
                                                                                                                    (GR/IR) account. Management verifies
                                                                                                                    that there are no old outstanding items
                                                                                                                    and that the GR/IR balance reflects
                                                                                                                    timing differences only. The procedure
                                                                                                                    is clearly documented in a standard
                                                                                                                    operating procedure.

FRA        Financial       FRA.02      Processing       Period-end Closing/Proper Cut-off             FRA-2         Accruals and Provisions                      1. Review procedures covering             1. Procedures covering month end
           Reporting and                                Ensure that an accounting period is closed                  Ensure that relevant accruals or             month end activities                      activities approved by management
           Accounting                                   as defined after period end and that the cut-               reserves are posted, for example: 1)         2. Ensure month-end checks are            2. Evidence of month end check list and
                                                        off is done properly.                                       Bad debt provisions; 2) Coupon               performed, documented and                 documented accruals
                                                                                                                    accruals 3) Rebate accruals; 4) Sales        reviewed according to the procedure       3. Performed accrual account
                                                                                                                    deal accruals 5) Slow and no-movers                                                    reconciliations reviewed in a timely manner
                                                                                                                    provisions 6) Legal liabilities 7) etc                                                 and supported by adequate documentation

FRA        Financial       FRA.02      Processing       Period-end Closing/Proper Cut-off             FRA-2         Suspense Items                               1. Review month-end procedures            1. Approved month-end procedures
           Reporting and                                Ensure that an accounting period is closed                  Ensure that all suspense items are           including steps for addressing            ensuring steps for addressing suspense
           Accounting                                   as defined after period end and that the cut-               identified, reviewed by management           suspense items                            items are included
                                                        off is done properly.                                       and cleared on timely basis.                 2. Ensure management reviews,             2. Evidence of management review of
                                                                                                                                                                 monitors and the timely clearing of       suspense items
                                                                                                                                                                 the suspense items
FRA        Financial       FRA.02      Processing       Period-end Closing/Proper Cut-off             FRA-2         Monitoring controls                          1. Review month-end procedures            1. Month-end procedures approved by
           Reporting and                                Ensure that an accounting period is closed                  Ensure that monitoring controls of the       2. Review balance sheet and income        management
           Accounting                                   as defined after period end and that the cut-               closing process are defined in the           statements (P&L accounts) to ensure       2. Balance sheet and income statements
                                                        off is done properly.                                       period-end closing procedures and            that all accounts have been               (P&L accounts) appropriately assigned to
                                                                                                                    duly performed and documented.               appropriately assigned to financial       financial statement items
                                                                                                                                                                 statement items
                                                                                                                                                                 3. Ensure Balance Sheet reviews
                                                                                                                                                                 include the review of all high risk and
                                                                                                                                                                 inventory accounts. For inventory
                                                                                                                                                                 accounts, entities need to analyze
                                                                                                                                                                 inventory increases due to goods
                                                                                                                                                                 received from other sites to ensure
                                                                                                                                                                 accuracy of Group inventories
                                                                                                                                                                 4. Ensure accurate and timely
                                                                                                                                                                 booking of automated intercompany
                                                                                                                                                                 documents.


FRA        Financial       FRA.02      Processing       Period-end Closing/Proper Cut-off             FRA-2         Period Adjustments                           1. Review month-end procedure             1. Month-end procedures approved by
           Reporting and                                Ensure that an accounting period is closed                  Prior accounting period adjustments in       ensuring that postings are                management
           Accounting                                   as defined after period end and that the cut-               the financial system are not allowed. In     completed, ledgers closed, interfaces     2. Definition of the period and year end
                                                        off is done properly.                                       case a correction is necessary, it           ran at the appropriate time and in the    timetables
                                                                                                                    requires written management approval         appropriate order                         3. Evidence that postings are completed,
                                                                                                                    (e.g. the CFO or his/her delegate),          2. Ensure period and year end             ledgers closed, interfaces and reporting
                                                                                                                    documentation of the reason and              timetables are defined                    activities adequately performed and
                                                                                                                    postings, and prompt re-closing.             3. Ensure postings are completed,         documented
                                                                                                                                                                 ledgers closed, interfaces and            4. Evidence of appropriate management
                                                                                                                                                                 reporting activities adequately           approval for instances when an out of
                                                                                                                                                                 performed and documented                  period adjustment is allowed
FRA        Financial       FRA.02      Processing       Period-end Closing/Proper Cut-off           FRA-2           Translation and consolidation of             1. Review month-end procedures            1. Month-end procedures approved by
           Reporting and                                Accurate and prompt translation and                         financial reports                            2. Ensure brought-forward balances        management
           Accounting                                   consolidation of financial reports.                         Reconcile brought-forward balances           are reconciled with the carried-          2. Reconciliation of brought-forward
                                                                                                                    with the carried-forward balances from       forward balances                          balances with the carried-forward balances
                                                                                                                    the previous period or year.

FRA        Financial       FRA.03      Reviewing        Accuracy and Completeness of Financial      FRA-3           Reconciliation of G/L with sub-ledgers       1. Review closing procedures              1. Closing procedures approved by
           Reporting and                                Statements Information & Disclosure                         The reconciliation of general ledger         ensuring the review of balance sheet      management
           Accounting                                   Periodic substantiation and evaluation of                   balances with subsidiary ledger              and income statements (P&L                2. For day-end closing review, among
                                                        recorded balances in the general ledger.                    balances, including a review of the line     accounts) to assure that all accounts     others, outputs of standard reports
                                                                                                                    item activity and balances comprising        have been appropriately assigned to       reviewed by management
                                                                                                                    the sub-ledger totals is performed,          financial statement items. Reconcile      3. For month/period end closing, among
                                                                                                                    properly documented and periodically         financial statements back to the trial    others, output of reports as part of the
                                                                                                                    reviewed by management. it is                balance.                                  period end closing process to prove
                                                                                                                    recommended to include in the review         2. For day-end closing review, among      consistency and accuracy of the created
                                                                                                                    a check for old balances and                 others, ensure outputs of standard        structure and account assignment in the
                                                                                                                    differences prior to closing the period,     reports have been reviewed by             financial statement version, reviewed by
                                                                                                                    and to reconcile financial statements        management                                management
                                                                                                                    back to the trial balance.                   3. For month/period end closing,          4. For year-end closing, among others,
                                                                                                                                                                 among others, ensure output of            output of reports reviewed by management
                                                                                                                                                                 reports as part of the period end         5. Account reconciliations completed,
                                                                                                                                                                 closing process to prove consistency      reviewed and approved by management for
                                                                                                                                                                 and accuracy of the created structure     related sub-ledger accounts
                                                                                                                                                                 and account assignment in the
                                                                                                                                                                 financial statement version.
                                                                                                                                                                 4. For year-end closing, among
                                                                                                                                                                 others, ensure output of reports have
                                                                                                                                                                 been reviewed by management
FRA        Financial       FRA.03      Reviewing        Accuracy and Completeness of Financial      FRA-3           Reconciliation with custodians               1. Review procedures approved by          1. Procedures approved by management
           Reporting and                                Statements Information & Disclosure                         balances                                     management ensuring the recorded          ensuring the recorded balances are
           Accounting                                   Periodic substantiation and evaluation of                   Recorded balances and activities are         balances are reconciled with              reconciled with custodians balances
                                                        recorded balances in the general ledger.                    reconciled with balances and activities      custodians balances                       2. Documented and reviewed reconciliation
                                                                                                                    reported by custodians (e.g., cash           2. Ensure the reconciliation is           3. Account reconciliations completed,
                                                                                                                    disbursements with bank statements,          documented and reviewed                   reviewed and approved by management for
                                                                                                                    advances to employees, loan                                                            related custodian accounts
                                                                                                                    statements to liability balance). This
                                                                                                                    reconciliation is properly documented.


FRA        Financial       FRA.03      Reviewing        Accuracy and Completeness of Financial      FRA-3           Review of Accruals and Provisions      1. Ensure procedures used for                   1. Procedures and formulae used for
           Reporting and                                Statements Information & Disclosure                         Management periodically reviews        accruals, accounting-estimates used             accruals, accounting-estimates used for
           Accounting                                   Periodic substantiation and evaluation of                   basis for, assumptions and accounting- for provisions, write-offs, etc are             provisions, write-offs, etc periodically
                                                        recorded balances in the general ledger.                    estimates used for accruals,           periodically reviewed and are in                reviewed and in compliance with the
                                                                                                                    provisions, write-offs, etc. The       compliance with the Accounting                  Accounting Manual guidelines
                                                                                                                    methodology used complies with the     Manual guidelines                               2. Account reconciliations completed,
                                                                                                                    Accounting Manual guidelines.                                                          reviewed and approved by management for
                                                                                                                                                                                                           related accounts
FRA        Financial       FRA.03      Reviewing        Accuracy and Completeness of Financial      FRA-3           Review of Accruals and Provisions            1. Review approved procedures             1. Procedures ensuring timely input from
           Reporting and                                Statements Information & Disclosure                         Management periodically re-assesses          ensuring timely input from non-           non-finance functions (e.g. Corporate Tax,
           Accounting                                   Periodic substantiation and evaluation of                   the accuracy, the adequacy and the           finance functions (e.g. Corporate         HSE, Legal, Treasury, etc.) for defining
                                                        recorded balances in the general ledger.                    completeness of the data received            Tax, HSE, Legal, Treasury, etc.) for      provisions, valuations, contingencies, etc
                                                                                                                    from non-finance functions (e.g.             defining provisions, valuations,          approved by management
                                                                                                                    Corporate Tax, HSE, Legal, Treasury,         contingencies, etc                        2. Account reconciliations completed,
                                                                                                                    etc.) for accruals and provisions,                                                     reviewed and approved by management for
                                                                                                                    valuations, contingencies. Procedures                                                  related accounts
                                                                                                                    are established to ensure a prompt
                                                                                                                    and complete information flow from
                                                                                                                    non-finance functions to finance; they
                                                                                                                    include 1) the definition of roles and
                                                                                                                    responsibilities for each function; 2) a
                                                                                                                    clear description of all data to be
                                                                                                                    provided to the finance function and
                                                                                                                    the reporting format; 3) a calendar for
                                                                                                                    submission of this data to finance.
FRA        Financial       FRA.03      Reviewing        Accuracy and Completeness of Financial      FRA-3           Review of Dormant Accounts             1. Ensure approved procedures                   1. Procedures covering the periodic review
           Reporting and                                Statements Information & Disclosure                         G/L accounts are periodically reviewed covering the periodic review of G/L             of G/L accounts including the check of
           Accounting                                   Periodic substantiation and evaluation of                   for dormant accounts.                  accounts also includes the checking             dormant accounts, approved by
                                                        recorded balances in the general ledger.                                                           of dormant accounts                             management


FRA        Financial       FRA.03      Reviewing        Accuracy and Completeness of Financial FRA-3                Foreign Exchange Rate Revaluations           1. Review approved period/month           1. Period/month end procedures approved
           Reporting and                                Statements Information & Disclosure                         Management reviews all foreign               end procedures ensuring foreign           by management showing foreign exchange
           Accounting                                   Review the accuracy of postings related to                  exchange rates and gains/losses that         exchange rates are reviewed for           rate revaluations
                                                        exchange rate fluctuations.                                 are posted for compliance with the           reasonableness                            2. Signed and filed Forex rate check with
                                                                                                                    Accounting Manual. This review               2. Check signed and filed Forex rate      revaluation reviews
                                                                                                                    includes all manually posted foreign         check and revaluation reviews
                                                                                                                    exchange rate revaluations and
                                                                                                                    ensures that at period end the program
                                                                                                                    to revalue balances has been run.




                                                                                                                                                                                                                                                                                                                                          Page 5/77                                                                                                                                                                                                                                                                        1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                  (Q1)          (Q2)          (Q3)             (Q4)             (Q5)             (Q6)
                                                                                                                                                                                                                                                                                                                                           FRA Cycle                    (Q7)                (Q8)              (Q9)            (Q10)               (Q11)                 (Q12)              (Q13)         Testing Period Testing Period 1 Testing Period 1 Testing   Testing Period Testing Period 2 Testing Period 2 Testing Period
                                                                                                                                                                                                                                                            Is this control    If No,   Is this control     Additional       Frequency     Documentation      Evidence of Control (e.g. Control owner     Staff trained      Maturity     If Maturity is level 4     Responsible         Due Date              1           Likelihood         Impact      Period 1        2           Likelihood         Impact            2
               Cycle       Sub-Cycle                                                                    Control       Description of the Recommended                       Recommended                                   Recommended
Cycle ID                                  Sub-Cycle          Control Objective Description                                                                                                                                                                activity relevant   explain   performed? If      comments to       of control   (e.g. procedures,       report signed by      (Job title and     to control      level from 1            or 5,              person for        (dd/mm/yy)                      (High/Medium/L (High/Medium/L Tester's name                (High/Medium/L (High/Medium/L Tester's name
             Description      ID                                                                       Activity ID             Control Activity                            Validation steps                                Evidences
                                          Description                                                                                                                                                                                                      to your entity?     why.       yes, how ?      control activity                  flowcharts...)         management...)          Name)         activity? (Y/N)       to 5            define your         remediation plan   remediation plan     (Pass/Fail)        ow)               ow)                   (Pass/Fail)        ow)               ow)
                                                                                                                                                                                                                                                                                                            (free text)                                                                                                                     remediation plan.
FRA        Financial       FRA.03      Reviewing        Accuracy and Completeness of Financial        FRA-3          Account reconciliation                      1. Review approved period/month           1. Period/month end procedures approved
           Reporting and                                Statements Information & Disclosure                          Management reviews the detail of            end procedures                            by management
           Accounting                                   Accurate and prompt preparation of                           critical or significant general ledger      2. Ensure management reviews the          2. Management review of the balance
                                                        reports on a consistent basis. Ensure that                   accounts by identifying line items          balance sheet and income statement        sheet and income statement accounts for
                                                        reports fairly present the information they                  posted during the current accounting        accounts each period                      each period
                                                        purport to display.                                          period prior to the FRS closing date.       3. Review period/month end check          3. Period/month end check list
                                                                                                                     This should include plausibility checks     list                                      4. For period/month end closing, among
                                                                                                                     and reconciliations with internal           4. For period/month end closing,          others, output of reports reviewed by
                                                                                                                     management. A validation process is         among others, ensure output of            management
                                                                                                                     in place to ensure the accuracy and         reports have been reviewed by             5. Listing of critical accounts and evidence
                                                                                                                     completeness of the account                 management                                of timely completion and review via the
                                                                                                                     reconciliation process. Critical account                                              related reviewed and approved account
                                                                                                                     reviews are to be completed by the                                                    reconciliations
                                                                                                                     FRS closing date so that adjustments
                                                                                                                     can be included in the current closing
                                                                                                                     activities. Critical reviews deal with
                                                                                                                     high risk accounts which have a
                                                                                                                     material impact on the General Ledger
                                                                                                                     and consequently over Financial
                                                                                                                     Reporting. Management should keep a
                                                                                                                     list of all critical account reviews and
                                                                                                                     the assigned responsibilities. The
                                                                                                                     account review process should be
                                                                                                                     included in the month end closing
                                                                                                                     activities including the details of the
                                                                                                                     formulae, procedures used for
                                                                                                                     accruals, account reconciliation
                                                                                                                     reviews and accounting estimates
                                                                                                                     used for provisions and accruals, write-
                                                                                                                     offs etc.


FRA        Financial       FRA.03      Reviewing        Accuracy and Completeness of Financial        FRA-3          Balance Sheet Review                        1. Ensure balance sheet review            1. Procedures covering Balance Sheet
           Reporting and                                Statements Information & Disclosure                          Senior management executes a review         validation procedures are approved        reviews
           Accounting                                   Accurate and prompt preparation of                           and validation process to ensure the        by management                             2. Evidence that senior management
                                                        reports on a consistent basis. Ensure that                   accuracy and completeness of                2. Ensure senior management               reviews balance sheet and income
                                                        reports fairly present the information they                  financial information. This balance         reviews the balance sheet and             statement accounts in each period
                                                        purport to display.                                          sheet review is a post reporting review     income statement accounts in each         3. For period/month end closing, among
                                                                                                                     process.                                    period.                                   others, output of reports reviewed by
                                                                                                                                                                 3. For period/month end closing,          management
                                                                                                                                                                 among others, ensure output of
                                                                                                                                                                 reports have been reviewed by
                                                                                                                                                                 management
FRA        Financial       FRA.03      Reviewing        Accuracy of Intercompany Accounts             FRA-3          Procedures                                  1. Review procedures covering the         1. Procedures covering the review
           Reporting and                                Ensure all intercompany transactions are                     Procedures are established for              review collection and intercompany        collection and intercompany balances
           Accounting                                   recorded accurately and completely.                          reviewing 1) Intercompany debt and          balances                                  2. Evidence of regular reconciliations and
                                                                                                                     how it should be disclosed; 2) All          2. Ensure intercompany balances are       reviews of intercompany balances
                                                                                                                     intercompany sales                          reconciled and reviewed on a regular      3. For period/month end closing, among
                                                                                                                                                                 basis                                     others, reviewed output of reports
                                                                                                                                                                 3. For period/month end closing,
                                                                                                                                                                 among others, ensure output of
                                                                                                                                                                 reports have been reviewed by
                                                                                                                                                                 management

FRA        Financial       FRA.03      Reviewing        Accuracy of Intercompany Accounts             FRA-3          Accuracy of Intercompany Accounts           1. Procedures are established to          1. Review procedures covering
           Reporting and                                Ensure all intercompany transactions are                     Reconciliation                              review all intercompany sales             intercompany sales approved by
           Accounting                                   recorded accurately and completely.                          Ensure that intercompany balance            2. Ensure all intercompany accounts       management
                                                                                                                     sheet accounts are properly reconciled      are balanced considering the system       2. Intercompany accounts balanced
                                                                                                                     and that all intercompany activity (e.g.    requirements                              according to the system requirements
                                                                                                                     intercompany sales, transfers, etc.) is     3. Ensure all exceptions identified       3. Evidence that all exceptions identified
                                                                                                                     recorded in intercompany accounts as        were resolved in a timely manner and      were resolved in a timely manner and in
                                                                                                                     per ICR policy. Exceptions identified       in accordance with established            accordance with established policies
                                                                                                                     are resolved in a timely manner.            policies


FRA        Financial       FRA.04      Reporting        Reporting Package                             FRA-4          Reporting Package                           1. Review procedures covering the         1. Evidence that procedures covering the
           Reporting and                                The Reporting package is completed                           All required forms are duly and timely      reporting package                         reporting package have been reviewed
           Accounting                                   according to the Group and Divisional                        submitted, checked for completeness         2. Ensure that the monthly close sign-    2. Evidence that the monthly close sign-off
                                                        instructions                                                 and accuracy and authorised by the          off documentation is reviewed and         documentation is reviewed and complete
                                                                                                                     CFO and the Head of FRA.                    complete                                  (e.g. hard copies of all submitted forms
                                                                                                                                                                                                           kept and signed off by head of FRA)


FRA        Financial       FRA.04      Reporting        Reporting Package                             FRA-4          Differences between IFRS and US             1. Review procedures covering the         1. Procedures covering the handling of
           Reporting and                                The Reporting package is completed                           GAAP Reporting                              handling of differences between           differences between IFRS and US GAAP
           Accounting                                   according to the Group and Divisional                        If the entity has to comply with US         IFRS and US GAAP reporting                reporting requirements, approved by
                                                        instructions                                                 GAAP reporting requirements, any            requirements                              management
                                                                                                                     potential differences identified between    2. Ensure IFRS to GAAP                    2. Evidence of IFRS to GAAP
                                                                                                                     IFRS and US GAAP reporting                  reconciliation is performed, reviewed     reconciliation is completed, reviewed and
                                                                                                                     requirements are promptly                   and approved. Communication to            approved by management and
                                                                                                                     communicated to Finance Head.               Finance Head in a timely manner           communicated to Fiannce Head in a timely
                                                                                                                                                                                                           manner
FRA        Financial       FRA.04      Reporting        Consolidation                                 FRA-4          Pre-consolidated Subsidiaries               1. Ensure procedures covering the         1. Evidence that procedures covering the
           Reporting and                                Pre-consolidated subsidiaries are                            Management oversight and monitoring         reporting activities also include the     reporting activities also include the
           Accounting                                   accurately recorded in the entity                            is in place to ensure the completeness      completeness and accuracy of              completeness and accuracy of subsidiary
                                                        consolidated financial statements.                           and accuracy of subsidiary accounting       subsidiary accounting                     accounting approved by management
                                                                                                                     (e.g. all subsidiaries and/or business      2. Ensure consolidating schedules         2. Evidence of completed consolidating
                                                                                                                     units included in entity reporting).        are completed, reviewed and               schedules completed, reviewed and
                                                                                                                                                                 approved by management                    approved by management

FRA        Financial       FRA.04      Reporting        Regulatory Reporting                          FRA-4          Procedures                                  1. Review procedures to assess the        1. Procedures to assess the accuracy and
           Reporting and                                Ensure regulatory reporting requirements                     Procedures have been established to         accuracy and completeness of all          completeness of all reporting requirements
           Accounting                                   are met.                                                     ensure the fulfilment of statutory and      reporting requirements                    approved by management
                                                                                                                     tax reporting requirements.                 2. Ensure the reconciliation of equity    2. Evidence of the reconciliation of equity
                                                                                                                                                                 between statutory (annual), tax and       between statutory (annual), tax and IFRS
                                                                                                                                                                 IFRS reporting are performed              3. Evidence of the deferred tax, income tax
                                                                                                                                                                 3. Ensure deferred tax, income tax        and statutory tax calculations
                                                                                                                                                                 and statutory tax calculations are
                                                                                                                                                                 performed

FRA        Financial       FRA.04      Reporting        Regulatory Reporting                          FRA-4          Approval                                    1. Ensure statutory financial             1. Evidence of approval of statutory
           Reporting and                                The statutory financial statements are                       The statutory financial statements are      statements are approved by the            financial statements by the statutory
           Accounting                                   approved by the statutory auditors and by                    approved by the statutory auditors and      statutory auditors and by the Board       auditors and by the Board
                                                        the Board.                                                   by the Board
FRA        Financial       FRA.04      Reporting        Disclosure information                        FRA-4          Procedures                                  1. Ensure procedures covering             1. Procedures covering the gathering of
           Reporting and                                Required disclosure data is gathered                         Written procedures are in place for         gathering of disclosure data is           disclosure data with assigned
           Accounting                                   accurately, completely and promptly.                         gathering disclosure data and for           defined with assigned responsibilities    responsibilities, approved by management
                                                                                                                     clearly defining the assigned               2. Review month end checklist to          2. A review of the month end checklist
                                                                                                                     responsibility (e.g. interest payments,     ensure all items are included             showing all included items
                                                                                                                     lease information, tax provision, debt
                                                                                                                     agreement provisions, commitments
                                                                                                                     and contingencies). They include 1)
                                                                                                                     the definition of roles and
                                                                                                                     responsibilities ; 2) the clear
                                                                                                                     description of all data to be provided to
                                                                                                                     the finance function and the reporting
                                                                                                                     format; 3) a calendar for submission of
                                                                                                                     this data to finance.


FRA        Financial       FRA.04      Reporting        Disclosure information                        FRA-4          Supplemental Disclosure                     1. Ensure procedures covering             1. Procedures covering the gathering of
           Reporting and                                Required disclosure data is gathered                         Timely identification takes place of        gathering of disclosure data has          disclosure data with assigned
           Accounting                                   accurately, completely and promptly.                         each supplemental disclosure to be          assigned responsibilities                 responsibilities, approved by management
                                                                                                                     made by reference to financial              2. Review month end checklist to          2. Review of month end checklist showing
                                                                                                                     statements, minutes, regulatory             ensure all items are included             all included items
                                                                                                                     pronouncements and legal counsel.

FRA        Financial       FRA.04      Reporting        Disclosure information                        FRA-4          Review                                      1. Ensure procedures are in place for     1. Evidence that procedures are in place to
           Reporting and                                Accurate summary and reporting of                            Knowledgeable personnel undertake a         checking reported information of          check reported information on source
           Accounting                                   relevant disclosure data.                                    review of disclosure data and               source documentation and for              documentation and to verify clerical
                                                                                                                     supporting documentation. This review       verifying clerical accuracy by            accuracy by individuals who did not actively
                                                                                                                     ensures compliance with statutory           individuals who did not actively          participate in the gathering or in the
                                                                                                                     reporting requirements.                     participate in the gathering or the       summary of the underlying data
                                                                                                                                                                 summary of the underlying data            2. Reviewed disclosed data reviewed by
                                                                                                                                                                 2. Review undertaken of disclosure        knowledgeable personnel quarterly
                                                                                                                                                                 of data by knowledgeable personnel        3. Evidences that a disclosure committee
                                                                                                                                                                 quarterly. This review should ensure      is established to validate reporting for
                                                                                                                                                                 compliance with GAAP and statutory        ensuring on compliance of disclosure
                                                                                                                                                                 reporting requirements (annual).          controls and procedures
                                                                                                                                                                 Ensure the key financial statement
                                                                                                                                                                 assertions: completeness of rights
                                                                                                                                                                 and obligations
                                                                                                                                                                 3. Ensure a disclosure committee is
                                                                                                                                                                 established to validate reporting on
                                                                                                                                                                 compliance of disclosure controls
                                                                                                                                                                 and procedures
FRA        Financial       FRA.04      Reporting        Targets and Budgets                      FRA-4               Targets and Budgets                         1. Review procedures ensuring that        1. Procedures covering annual budget,
           Reporting and                                Targets and Budgets provide a measure to                     The annual Budget, the periodic             the planning and forecasting process      periodic spot landings or the Latest
           Accounting                                   enable management to monitor                                 Spotlandings or the Latest Estimates        is effective in estimating key            Estimates approved by management
                                                        performance.                                                 for each Division/Business Unit/Entity      externally reported metrics and in        2. Evidence of timely (prior to submission)
                                                                                                                     are prepared and approved by                providing management with useful          review and approval of budgets, spot
                                                                                                                     appropriate Senior Management prior         and timely information to manage the      landings, and latest estimates
                                                                                                                     to submission to the respective             business. Forecasting (Demand
                                                                                                                     headquarters.                               Planning) involves sales forecasts,
                                                                                                                                                                 marketing, operations, inventory
                                                                                                                                                                 levels, cost of goods, capital budgets,
                                                                                                                                                                 etc.
                                                                                                                                                                 2. Review annual operating plan for
                                                                                                                                                                 each business unit/Division/entity
                                                                                                                                                                                                                                                                                                                                           Page 6/77                                                                                                                                                                                                                                                                        1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                     (Q1)          (Q2)          (Q3)             (Q4)             (Q5)             (Q6)
                                                                                                                                                                                                                                                                                                                                              FRA Cycle                    (Q7)                (Q8)              (Q9)            (Q10)               (Q11)                 (Q12)              (Q13)         Testing Period Testing Period 1 Testing Period 1 Testing   Testing Period Testing Period 2 Testing Period 2 Testing Period
                                                                                                                                                                                                                                                               Is this control    If No,   Is this control     Additional       Frequency     Documentation      Evidence of Control (e.g. Control owner     Staff trained      Maturity     If Maturity is level 4     Responsible         Due Date              1           Likelihood         Impact      Period 1        2           Likelihood         Impact            2
               Cycle       Sub-Cycle                                                                      Control       Description of the Recommended                         Recommended                                 Recommended
Cycle ID                                     Sub-Cycle          Control Objective Description                                                                                                                                                                activity relevant   explain   performed? If      comments to       of control   (e.g. procedures,       report signed by      (Job title and     to control      level from 1            or 5,              person for        (dd/mm/yy)                      (High/Medium/L (High/Medium/L Tester's name                (High/Medium/L (High/Medium/L Tester's name
             Description      ID                                                                         Activity ID             Control Activity                              Validation steps                              Evidences
                                             Description                                                                                                                                                                                                      to your entity?     why.       yes, how ?      control activity                  flowcharts...)         management...)          Name)         activity? (Y/N)       to 5            define your         remediation plan   remediation plan     (Pass/Fail)        ow)               ow)                   (Pass/Fail)        ow)               ow)
                                                                                                                                                                                                                                                                                                               (free text)                                                                                                                     remediation plan.
FRA        Financial       FRA.04      Reporting           Management Result                            FRA-4          Management result                             1. Review procedures for calculating     1. Procedures for calculating Management
           Reporting and                                   Management result is properly calculated.                   Management result is calculated               Management result                        result
           Accounting                                                                                                  based on the Controller s Manual              2. Ensure management results are         2. Evidence that management result is
                                                                                                                       instructions and is properly                  appropriately documented, reviewed       reviewed and approved and contains
                                                                                                                       documented.                                   and approved                             appropriate supporting documentation
FRA        Financial       FRA.04      Reporting           Legal Dockets or Equivalent                  FRA-4          Legal Docket or Equivalent                    1. Review approved procedures            1. Procedures ensuring timely input from
           Reporting and                                   Ensure proper reporting and cost                            An organized listing of pending               ensuring timely input from non-          non-finance functions (e.g. Corporate Tax,
           Accounting                                      evaluation of pending lawsuits.                             lawsuits (e.g. legal docket) exists, is       finance functions (e.g. Corporate        HSE, Legal, Treasury, etc.) for defining
                                                                                                                       updated periodically, and approved by         Tax, HSE, Legal, Treasury, etc.) for     provisions, valuations, contingencies, etc.
                                                                                                                       Financial and Legal Management. The           defining provisions, valuations,         approved by management
                                                                                                                       legal docket or equivalent includes           contingencies, etc                       2. Details of the calculation of the Legal
                                                                                                                       estimates of total litigation and             2. Review calculation of the Legal       Contingency in the G/L
                                                                                                                       settlements costs, actual litigation and      Contingency in the G/L                   3. Evidence of the legal docket
                                                                                                                       settlement costs paid, and whether it         3. Ensure legal docket reconciliation    reconciliation with the G/L and appropriate
                                                                                                                       is probable or not. The probable              with the G/L and appropriate FCRS        FCRS schedules
                                                                                                                       lawsuits estimated costs less actual          schedules
                                                                                                                       costs paid (booked) should tie to the
                                                                                                                       Legal Contingency Provision in the
                                                                                                                       G/L.

FRA        Financial       FRA.04      Reporting           Significant Contracts                        FRA-4          Significant Contracts                         1. Review approved procedures            1. Procedures ensuring all significant
           Reporting and                                   Ensure proper reporting of significant                      An organized listing of significant           ensuring all significant contracts are   contracts are updated periodically and
           Accounting                                      contracts.                                                  contracts (threshold:>$10m) exists, is        updated periodically and approved by     approved by financial management
                                                                                                                       updated periodically, and approved by         financial management                     2. Month end checklist and formal contract
                                                                                                                       Financial Management. The                     2. Review month end checklist and        listing
                                                                                                                       accounting treatment for significant          formal contract listing                  3. Significant contract listing is reviewed
                                                                                                                       contracts is adequately described and         3. Ensure significant contract listing   and approved and contains sufficient detail
                                                                                                                       approved by Financial Management.             is reviewed and contains sufficient      and documentation support relating to
                                                                                                                       Management ensures that the                   supporting documentation related to      contract terms and appropriate accounting
                                                                                                                       accounting treatment is followed              contract terms and appropriate           treatment
                                                                                                                       correctly.                                    accounting treatment


FRA        Financial       FRA.04      Reporting           SOX section 302                              FRA-4          SOX section 302                               1. Review month/quarter-end              1. Month/Quarter-end procedure approved
           Reporting and                                   Ensure timely submission of section 302                     At quarter-end, the local SOX Section         procedure and check list                 by management
           Accounting                                      certification to Group.                                     302 is duly signed by the General             2. Ensure electronic SOX302              2. Evidence of electronic SOX302
                                                                                                                       Manager and Head of Finance and               submission in Group database is          submission in Group database
                                                                                                                       timely submitted to Group according to        performed
                                                                                                                       the established procedures and
                                                                                                                       calendar.
FRA        Financial       FRA.05      Tax                 All Taxes (except Deferred)                  FRA-5          Tax Payments                                  1. Review procedures ensuring that       1. Procedures ensuring that an individual
           Reporting and                                   All taxes are declared and paid timely and                  An individual who is not responsible          an individual not responsible for the    not responsible for the preparation of the
           Accounting                                      accurately (compliance).                                    for the preparation of the filing             preparation of the Tax file approves     Tax file approves the payment
                                                                                                                       approves payments in accordance with          the payment                              2. Payment File with approval and evidence
                                                                                                                       approved limits.                              2. Review of a sample of approved        of independent review
                                                                                                                                                                     invoices; check whether any late
                                                                                                                                                                     interest payments were due
FRA        Financial       FRA.05      Tax                 All Taxes (except Deferred)                  FRA-5          Documentation                                 1. Review approved tax filing            1. Tax filing procedures approved by
           Reporting and                                   Maintain complete and accurate                              Someone other than the preparer               procedures                               management
           Accounting                                      documentation and record retention to                       reviews the copy of the filing                2. Check whether second level            2. Letter/notes of second level reviewer and
                                                           support planning objectives and filings.                    documentation with regard to                  review occurred; check notes on          of significant tax positions
                                                                                                                       completeness, indexation, reference           significant tax positions                3. Significant tax positions are supported
                                                                                                                       and proper retention. Significant tax                                                  by appropriate documentation and
                                                                                                                       positions are sufficiently analysed and                                                reviewed in a timely manner
                                                                                                                       supported by adequate documentation.

FRA        Financial       FRA.05      Tax                 Deferred Tax                                 FRA-5          Reconciliation of GTDs from Statutory         1. Review reconciliation between         1. Procedures covering the reconciliation
           Reporting and                                   Deferred tax in assets, liabilities and                     to Tax                                        IFRS and statutory accounting is         between IFRS and statutory accounting
           Accounting                                      income statement are calculated and                         All differences between statutory and         performed                                approved by management
                                                           reported correctly at reporting date.                       taxable profit are identified and             2. Check whether appropriate             2. Evidence of the reconciliation schedule
                                                                                                                       justified item by item, including non         reconciliation schedules exist
                                                                                                                       deductible charges and tax losses
                                                                                                                       carried forward
FRA        Financial       FRA.05      Tax                 Deferred Tax                                 FRA-5          Reconciliation of Gross Temporary             1. Review reconciliation between         1. Procedures covering the reconciliation
           Reporting and                                   Deferred tax in assets, liabilities and                     Differences (GTDs) from IFRS to Tax           IFRS and statutory accounting is         between IFRS and statutory accounting
           Accounting                                      income statement are calculated and                         All balance sheet differences between         performed                                approved by management
                                                           reported correctly at reporting date.                       IFRS and Tax books due to different           2. Check whether appropriate             2. Evidence of the reconciliation schedule
                                                                                                                       accounting principles are identified          reconciliation schedules exist           3. Evidence of reconciliation completed,
                                                                                                                       and justified from period to period           3. Ensure reconciliation is completed,   reviewed and approved in a timely manner
                                                                                                                       through a reconciliation of equity and        reviewed and approved in a timely
                                                                                                                       profit.                                       manner

FRA        Financial       FRA.05      Tax                 Deferred Tax                                 FRA-5          Training                                      1. Review procedures on deferred         1. Procedures covering deferred taxes
           Reporting and                                   Deferred tax in assets, liabilities and                     One staff in FRA should be adequately         taxes                                    approved by management
           Accounting                                      income statement are calculated and                         trained on the deferred tax forms and a       2. Ensure one FRA staff is               2. Evidence that one of the FRA staff is
                                                           reported correctly at reporting date.                       review by the head of FRA/CFO is              adequately trained or ensure support     adequately trained or evidence of trained
                                                                                                                       necessary. When needed, support               can be provided from the                 resource by the Country/Region/Head
                                                                                                                       from county/region/head office should         Country/Region/Head Offices              Offices
                                                                                                                       be sought.                                    3. Test whether the review of the        3. Review of the Head of FRA/CFO
                                                                                                                                                                     Head of FRA/CFO occurred
FRA        Financial       FRA.05      Tax                 Deferred Tax                                 FRA-5          Reconciliation of GTD's from IFRS to          1.Check procedure covering the tax       1. Procedure covering the tax review
           Reporting and                                   Deferred tax in assets, liabilities and                     Tax                                           review calculation                       calculation approved by management
           Accounting                                      income statement are calculated and                         Cumulative GTD document and (if               2. Ensure that a review was              2. Evidence of reconciliation completed,
                                                           reported correctly at reporting date.                       applicable) Adjusting Journal Entries         performed and the approval was           reviewed and approved in a timely manner
                                                                                                                       ("AJEs") are reviewed and approved            given by tax professional                3. Document signed off by expert tax
                                                                                                                       by a tax professional other than the                                                   professional
                                                                                                                       preparer.
FRA        Financial       FRA.05      Tax                 Deferred Tax                                 FRA-5          Reconciliation of GTDs from IFRS to           1. Check procedure covering the tax      1. Procedure covering the tax review
           Reporting and                                   Deferred tax in assets, liabilities and                     Tax - GL Accounts                             review calculation                       calculation approved by management
           Accounting                                      income statement are calculated and                         General Ledger is reviewed for any            2. Validate whether a review was         2. Evidence of reconciliation completed,
                                                           reported correctly at reporting date.                       new or not previously identified              performed                                reviewed and approved in a timely manner
                                                                                                                       accounts to establish GTD's resulting                                                  3. Sign-off document by reviewer
                                                                                                                       in future tax relief or additional taxation
                                                                                                                       or not that have not already been
                                                                                                                       identified for fourth quarter.

FRA        Financial       FRA.05      Tax                 Current Income Tax                           FRA-5          Tax True up                                   1. Review procedure covering the         1. Procedure covering the reconciliation of
           Reporting and                                   Difference between prior year estimated                     Reconcile final tax returns to reported       reconciliation of the final tax return   the final tax return
           Accounting                                      tax charge and final tax returns (post-                     taxation estimated at year-end                2. Validate reconciliation and return-   2. Reconciliation of final tax return to
                                                           reporting) are adequately reflected in                      reporting and prepare "AJEs" for the          to-provision calculation of AJEs         reported taxation estimated; return-to-
                                                           current year s financial statements.                        true up of the prior year tax provision to                                             provision calculation of AJEs
                                                                                                                       the filed tax return.
FRA        Financial       FRA.05      Tax                 Current Income Tax                           FRA-5          Tax True up                                   1. Review work papers and                1. Work papers and approved documents
           Reporting and                                   Difference between prior year estimated                     Workpapers supporting the true-up             corresponding approval
           Accounting                                      tax charge and final tax returns (post-                     and AJEs are reviewed and approved
                                                           reporting) are adequately reflected in                      by a tax-competent person (e.g. CFO)
                                                           current year s financial statements.                        before being booked.

FRA        Financial       FRA.05      Tax                 Current Income Tax                           FRA-5          Quarterly calculations                        1. Review procedure covering the         1. Procedure covering the quarterly
           Reporting and                                   Current Income Tax calculation and                          Quarterly calculations of taxable profit      quarterly calculations                   calculations
           Accounting                                      reporting are accurate.                                     and current income tax are made,              2. Validate quarterly calculations       2. Evidence of GL review and approval of
                                                                                                                       based on year-to-date financial                                                        quarterly tax calculations
                                                                                                                       accounting records. Taxable profit
                                                                                                                       calculations adequately reflect all
                                                                                                                       transactions that need particular
                                                                                                                       consideration or treatment under tax
                                                                                                                       law (temporary or permanent
                                                                                                                       differences). To this purpose the
                                                                                                                       general ledger is reviewed to identify
                                                                                                                       such transactions.

FRA        Financial       FRA.05      Tax                 Current Income Tax                           FRA-5          Monthly Current Income Tax Accruals           1. Review procedure covering the         1. Procedure covering the monthly
           Reporting and                                   Current Income Tax calculation and                          Monthly current income tax accruals           monthly calculations                     calculations
           Accounting                                      reporting are accurate.                                     and corresponding charges are                 2. Ensure a review was performed         2. Document signed off by expert tax
                                                                                                                       booked monthly based at least on last         and the approval given by a tax          professional
                                                                                                                       quarter calculations and reported in          professional
                                                                                                                       the year-to-date financial accounting
                                                                                                                       records. Calculations and journal
                                                                                                                       entries are reviewed and approved by
                                                                                                                       a tax-knowledgeable officer.


FRA        Financial       FRA.05      Tax                 Current Income Tax                           FRA-5          Justification of Tax Balances                 1. Review procedure covering the         1. Procedure covering the quarterly
           Reporting and                                   Current Income Tax calculation and                          All current income tax liabilities in the     quarterly calculations                   calculations
           Accounting                                      reporting are accurate.                                     balance sheet are justified and               2. Check whether a review of the         2. Evidence of analysis on movements
                                                                                                                       reviewed on a quarterly basis, split          current income tax calculation was       from prior quarter balances to current
                                                                                                                       between current year accruals, pre-           performed                                quarter balances, reconciled to the current
                                                                                                                       payments and prior year outstanding                                                    income tax charge in the P&L
                                                                                                                       balances. Analysis shows movements                                                     3. Sign-off of current income tax
                                                                                                                       from prior quarter balances to current                                                 calculation
                                                                                                                       quarter balances, reconciled to the
                                                                                                                       current income tax charge in the P&L.

FRA        Financial       FRA.05      Tax                 Current Income Tax                           FRA-5          Annual Tax Returns                    1. Review procedures covering Tax                1. Procedures covering Tax return steps
           Reporting and                                   Current Income Taxes are declared and                       Tax professional other than the       return process                                   approved by management
           Accounting                                      paid timely and accurately (compliance).                    preparer, reviews and approves the tax2. Check whether a review was                    2. Document signed off by expert tax
                                                                                                                       return.                               performed and approval given by a                professional
                                                                                                                                                             tax professional
FRA        Financial       FRA.05      Tax                 Current Income Tax                           FRA-5          Expert Tax Review                     1. Review procedures covering the                1. Procedures covering the Tax review
           Reporting and                                   Current Income Taxes are declared and                       Tax professional other than the       Tax review                                       process approved by management
           Accounting                                      paid timely and accurately (compliance).                    preparer reviews and approves the     2. Check whether a review was                    2. Evidence of TAX review by an
                                                                                                                       Group reporting forms before they are performed and approval given by a                independent person tax professional
                                                                                                                       sent to Group Headquarters. A tax     tax professional                                 3. Certificates of Accuracy from each entity
                                                                                                                       professional other than the preparer                                                   tax manager
                                                                                                                       reviews and approves any locally                                                       4. Reconciliation of IBIT (Income before
                                                                                                                       required forms before local                                                            Income Tax) to FRS Schedule IS01 is
                                                                                                                       submission.                                                                            performed and supported
                                                                                                                                                                                                              5. Document signed off by expert tax
                                                                                                                                                                                                              professional
                                                                                                                                                                                                                                                                                                                                              Page 7/77                                                                                                                                                                                                                                                                        1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                         (Q1)          (Q2)          (Q3)             (Q4)             (Q5)             (Q6)
                                                                                                                                                                                                                                                                                                                                  FRA Cycle                    (Q7)                (Q8)              (Q9)            (Q10)               (Q11)                 (Q12)              (Q13)         Testing Period Testing Period 1 Testing Period 1 Testing   Testing Period Testing Period 2 Testing Period 2 Testing Period
                                                                                                                                                                                                                                                   Is this control    If No,   Is this control     Additional       Frequency     Documentation      Evidence of Control (e.g. Control owner     Staff trained      Maturity     If Maturity is level 4     Responsible         Due Date              1           Likelihood         Impact      Period 1        2           Likelihood         Impact            2
               Cycle       Sub-Cycle                                                                    Control       Description of the Recommended                      Recommended                             Recommended
Cycle ID                                     Sub-Cycle          Control Objective Description                                                                                                                                                    activity relevant   explain   performed? If      comments to       of control   (e.g. procedures,       report signed by      (Job title and     to control      level from 1            or 5,              person for        (dd/mm/yy)                      (High/Medium/L (High/Medium/L Tester's name                (High/Medium/L (High/Medium/L Tester's name
             Description      ID                                                                       Activity ID             Control Activity                           Validation steps                          Evidences
                                             Description                                                                                                                                                                                          to your entity?     why.       yes, how ?      control activity                  flowcharts...)         management...)          Name)         activity? (Y/N)       to 5            define your         remediation plan   remediation plan     (Pass/Fail)        ow)               ow)                   (Pass/Fail)        ow)               ow)
                                                                                                                                                                                                                                                                                                   (free text)                                                                                                                     remediation plan.
FRA        Financial       FRA.05      Tax                 Current Income Tax                         FRA-5          Expert Tax Review                           1. Review procedures covering Tax    1. Procedures covering Tax return steps
           Reporting and                                   Current Income Taxes are declared and                     An individual who is not responsible        return process                       approved by management
           Accounting                                      paid timely and accurately (compliance).                  for the preparation and filing of the tax   2. Check whether a review was        2. Document signed off by an independent
                                                                                                                     return reviews and approves the             performed and approval given by an   person
                                                                                                                     assessment.                                 independent person




                                                                                                                                                                                                                                                                                                                                  Page 8/77                                                                                                                                                                                                                                                                        1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                      (Q1)          (Q2)          (Q3)             (Q4)             (Q5)             (Q6)
                                                                                                                                                                                                                                                                                                                                               FRA Cycle                    (Q7)                (Q8)              (Q9)            (Q10)               (Q11)                 (Q12)              (Q13)         Testing Period Testing Period 1 Testing Period 1 Testing   Testing Period Testing Period 2 Testing Period 2 Testing Period
                                                                                                                                                                                                                                                                Is this control    If No,   Is this control     Additional       Frequency     Documentation      Evidence of Control (e.g. Control owner     Staff trained      Maturity     If Maturity is level 4     Responsible         Due Date              1           Likelihood         Impact      Period 1        2           Likelihood         Impact            2
               Cycle       Sub-Cycle                                                                      Control       Description of the Recommended                       Recommended                                  Recommended
Cycle ID                                     Sub-Cycle          Control Objective Description                                                                                                                                                                 activity relevant   explain   performed? If      comments to       of control   (e.g. procedures,       report signed by      (Job title and     to control      level from 1            or 5,              person for        (dd/mm/yy)                      (High/Medium/L (High/Medium/L Tester's name                (High/Medium/L (High/Medium/L Tester's name
             Description      ID                                                                         Activity ID             Control Activity                            Validation steps                               Evidences
                                             Description                                                                                                                                                                                                       to your entity?     why.       yes, how ?      control activity                  flowcharts...)         management...)          Name)         activity? (Y/N)       to 5            define your         remediation plan   remediation plan     (Pass/Fail)        ow)               ow)                   (Pass/Fail)        ow)               ow)
                                                                                                                                                                                                                                                                                                                (free text)                                                                                                                     remediation plan.
FRA        Financial       FRA.05      Tax                 Current Income Tax                           FRA-5          Tax Reserve                                 1. Review procedures covering Tax        1. Procedures covering Tax reserve
           Reporting and                                   The current income tax liabilities in                       Tax reserve analysis is prepared and        reserve                                  approved by management
           Accounting                                      financial statements are sufficiently                       reviewed for adequacy against all           2. Validate work papers of tax reserve   2. Work papers on tax reserve analysis
                                                           complete and prudent.                                       areas of exposure (all other sections       analysis                                 reviewed by an independent person
                                                                                                                       are reviewed when evaluating the tax                                                 3. Tax Reserve Reconciliation and
                                                                                                                       reserves).                                                                           Rollforward are completed, reviewed and
                                                                                                                                                                                                            supported by adequate documentation
                                                                                                                                                                                                            4. Update of current audit status and
                                                                                                                                                                                                            exposure items are performed and
                                                                                                                                                                                                            calculation of estimated exposure and
                                                                                                                                                                                                            related interest in reviewed and
                                                                                                                                                                                                            adjustments are made in accordance with
                                                                                                                                                                                                            policy

FRA        Financial       FRA.05      Tax                 Value Added or other sales and use tax     FRA-5            Systems Coding                              1. Review procedures covering            1. Work papers of review work
           Reporting and                                   (e.g. VAT, GST, other)                                      At least once a year, review whether        systems coding
           Accounting                                      Make complete, accurate and timely filings                  the systems coding matches the              2. Check if documents are regularly
                                                           for Value Added or other sales and use                      individual income categories with the       reviewed
                                                           tax.                                                        appropriate Value Added or other
                                                                                                                       sales and use tax rates.

FRA        Financial       FRA.05      Tax                 Value Added or other sales and use tax     FRA-5            Approval                                    1. Review procedures covering Tax        1. Procedures covering Tax return steps
           Reporting and                                   (e.g. VAT, GST, other)                                      Tax professional other than the             return process                           approved by management
           Accounting                                      Make complete, accurate and timely filings                  preparer reviews and approves the tax       2. Check if a review was performed       3. Document signed off by expert tax
                                                           for Value Added or other sales and use                      return.                                     and approval given by tax                professional
                                                           tax.                                                                                                    professional                             3. Evidence of reconciliation of VAT
                                                                                                                                                                                                            supporting documentation with related tax
                                                                                                                                                                                                            forms
FRA        Financial       FRA.05      Tax                 Value Added or other sales and use tax     FRA-5            Systems Coding                              1. Review procedure covering tax         1. Procedure covering tax system coding
           Reporting and                                   (e.g. VAT, GST, other)                                      Review whether the system's coding          system coding                            approved by management
           Accounting                                      Make complete, accurate and timely filings                  catches all the input tax deductions.       2. Ensure review of coding and tax       2. Evidence of review of coding and tax
                                                           for Value Added or other sales and use                                                                  master data defined in the ERP           master data defined in the ERP system
                                                           tax.                                                                                                    system are adequately performed          3. Evidence of review of master data
                                                                                                                                                                                                            changes and/or system generated
                                                                                                                                                                                                            exception reports

FRA        Financial       FRA.05      Tax                 Value Added or other sales and use tax     FRA-5            Reconciliation                           1. Review reconciliation and follow-up      1. Procedures covering Tax return steps
           Reporting and                                   (e.g. VAT, GST, other)                                      This includes a periodic (as per         of differences                              approved by management
           Accounting                                      Make complete, accurate and timely filings                  declarations made) reconciliation of tax                                             2. Evidence of review of Tax return by an
                                                           for Value Added or other sales and use                      forms with underlying accounting and                                                 independent person
                                                           tax.                                                        transaction data: - VAT/Sales tax with                                               3. Certificate of Accuracy completed by tax
                                                                                                                       Sales - VAT claims with Purchasing                                                   department professional

FRA        Financial       FRA.05      Tax                 Transfer Pricing                        FRA-5               Transfer Pricing                            1. Review procedures covering            1. Procedures covering Tax return steps
           Reporting and                                   Have a contemporaneous Transfer pricing                     Tax professional sign-off of review of      transfer pricing process                 approved by management
           Accounting                                      documentation.                                              contemporaneous transfer pricing            2. Check that transfer pricing           2. Sign-off document
                                                                                                                       documentation once a year.                  review/sign off has been performed

FRA        Financial       FRA.05      Tax                 Tax Audits                                FRA-5             Tax Audits                                  1. Review summary notes on current 1. Summary notes and evidence of follow-
           Reporting and                                   Manage examinations by tax and regulatory                   Coordinate tax audit progress and           tax audits                         up actions
           Accounting                                      authorities.                                                status tracking system with
                                                                                                                       appropriate management and/or
                                                                                                                       finance staff.
FRA        Financial       FRA.05      Tax                 Tax Research, Planning, and Policy           FRA-5          Tax Sign-off                                1. Review procedure covering Tax         1. Procedure covering Tax sign-off steps
           Reporting and                                   Assure timely and accurate consideration                    Tax sign-off is needed for all business     sign-off steps                           approved by management
           Accounting                                      of tax impact of planned transactions that                  proposals in excess of approved limits,     2. Check whether tax sign-off's are      2. Tax sign-off documents
                                                           can have significant tax consequences.                      which may impact operating income or        available
                                                                                                                       pre-tax income or the balance sheet or
                                                                                                                       the statement of cash flows.

FRA        Financial       FRA.05      Tax                 Tax Research, Planning, and Policy           FRA-5          New Law                                     1. Review adequacy of supporting        1. Procedures covering New Law
           Reporting and                                   Assure timely and accurate consideration                    Continually monitor new or proposed         documentation related to changes in monitoring
           Accounting                                      of tax impact of planned transactions that                  tax law, tax accounting rules, attend       Tax legislation and position as well as 2. Sign-offs of periodicals
                                                           can have significant tax consequences.                      tax conferences, discuss with               concurrence of Group Finance
                                                                                                                       colleagues and tax professionals, and       2. Validate sign-offs of circulated
                                                                                                                       relate the impact on the business           periodicals and newsletters
                                                                                                                       operations and organizational
                                                                                                                       structure.
FRA        Financial       FRA.05      Tax                 Withholding Tax                              FRA-5          Approval                                    1. Review procedures covering Tax        1. Procedures covering tax return process
           Reporting and                                   Maintain complete and accurate                              Someone other than the preparer             return process                           2. Document signed off by expert tax
           Accounting                                      documentation and record retention to                       reviews and approves the tax return.        2. Check whether review was              professional
                                                           support planning objectives and filings.                                                                performed and approval was given by
                                                                                                                                                                   tax professional
FRA        Financial       FRA.05      Tax                 Withholding Tax                              FRA-5          Claims review                               1. Ensure claim reviews for              1. Documented claim reviews of
           Reporting and                                   Make complete and accurate collection of                    Review of the claims for withholding        withholding tax refunds are              withholding tax refunds
           Accounting                                      the withholding tax refunds.                                tax refunds.                                performed

FRA        Financial       FRA.05      Tax                 Tax Reporting                                FRA-5          Tax Reporting Procedures                    1. Ensure procedures are in place for    1. Procedures are in place for developing,
           Reporting and                                   Accurate and prompt reporting of tax                        Management has implemented                  developing, summarizing and              summarizing and reporting required tax
           Accounting                                      information derived from all sources                        procedures for developing,                  reporting required tax information       information approved by management
                                                           including but not limited to payroll,                       summarising, and reporting required         2. Ensure chart of account coding        2. Chart of account coding scheme or
                                                           purchasing...                                               tax information. These procedures are       scheme or other criteria in place to     other criteria in place to facilitate automated
                                                                                                                       clearly documented. Chart of account        facilitate automated classification,     classification, summarization, and retrieval
                                                                                                                       coding scheme or other criteria in          summarization, and retrieval or          or required tax information
                                                                                                                       place to facilitate automated               required tax information
                                                                                                                       classification, summarisation, and
                                                                                                                       retrieval of required tax information.

FRA        Financial       FRA.05      Tax                 Tax Reporting                                FRA-5          Management review                         1. Ensure procedures are in place for      1. Procedures covering management
           Reporting and                                   Accurate and prompt reporting of tax                        Management reviews periodic analysis      management review process                  review
           Accounting                                      information derived from all sources                        of all tax liability accounts for timely  2. Ensure management reviews               2. Management sign-off documentation
                                                           including but not limited to payroll,                       and accurate accruals and                 periodic analysis of all tax liability
                                                           purchasing...                                               settlements.                              accounts for timely and accurate
                                                                                                                                                                 accruals and settlements
FRA        Financial       FRA.06      Cash Management Bank Account Management                          FRA-6          Banks Selection                           1. Ensure procedures are in place          1. Procedures are in place covering the
           Reporting and                               Criteria for selecting banks and financial                      The selection of banks and financial      covering the selection of banks and        selection of banks and financial
           Accounting                                  institutions are defined.                                       institutions are limited to the ones with financial institutions aligned with the    institutions, approved by management and
                                                                                                                       the credit rating defined by the          treasury policy                            aligned with the treasury policy
                                                                                                                       treasury policy. Exceptions have to be 2. Ensure all exceptions are properly         2. Documentation of all exceptions
                                                                                                                       properly approved.                        documented and approved                    approved by management

FRA        Financial       FRA.06      Cash Management Bank Account Management                          FRA-6          Bank Accounts Approval                      1. Ensure procedures are in place for    1. Procedures covering the opening and
           Reporting and                               Management of bank accounts (opening,                           Opening and closing of bank accounts        the opening and closing of bank          closing of bank accounts, approved by
           Accounting                                  changes and closing) is duly authorised.                        is supported by proper authorisation.       accounts                                 management
                                                                                                                       The approval and authorisation              2. Ensure that the procedure is in       2. Terms of References
                                                                                                                       process is compliant with the defined       compliance with the Terms of
                                                                                                                       financial competences (terms of             References
                                                                                                                       references, board resolutions, etc...)

FRA        Financial       FRA.06      Cash Management Bank Account Management                          FRA-5          Signatory power                             1. Review procedure covering             1. Procedure covering approval limits is
           Reporting and                               Management of bank accounts (opening,                           Signatory power is regularly reviewed       approval limits is documented and        documented, enforced and approved by
           Accounting                                  changes and closing) is duly authorised.                        and changes made to bank signatories        enforced                                 management
                                                                                                                       and to authorisation limits are regularly   2. Review Financial Authorization        2. Financial Authorization limits
                                                                                                                       reviewed and supported by proper            limits                                   3. Evidence that authorizations and
                                                                                                                       authorisation and are compliant with        3. Ensure that authorizations and        approval limits are regularly reviewed by
                                                                                                                       the defined financial competences,          approval limits are regularly reviewed   management
                                                                                                                       board resolutions etc...).Signature         by management and corrective action
                                                                                                                       specimens and individual authorisation      taken when non compliance with
                                                                                                                       limits conveyed to bank.                    policy is identified




FRA        Financial       FRA.06      Cash Management Bank Account Management                   FRA-6                 Restricted Number of Bank Accounts          1. Ensure procedure covering bank    1. Procedure covering bank account
           Reporting and                               The number of bank accounts is restricted                       The number of bank accounts is              account management also includes management approved by management
           Accounting                                  to the minimum.                                                 reviewed by management in order to          the periodic review of bank accounts
                                                                                                                       assess whether they can be further          for streamlining
                                                                                                                       streamlined.

FRA        Financial       FRA.06      Cash Management Bank Account Management                          FRA-6          Terms and fees                              1. Ensure management regularly           1. Evidence that management regularly
           Reporting and                               Bank terms and fees are periodically                            Management have to regularly review         reviews and negotiates bank terms        reviews and negotiates bank terms and
           Accounting                                  reviewed.                                                       and negotiate bank terms and fees.          and fees                                 fees

FRA        Financial       FRA.06      Cash Management Payments Authorization                           FRA-6          Payments Authorization                      1. Review procedures ensuring that       1. Procedures ensuring that discounts and
           Reporting and                               The "four eyes principle" is consistently                       Payments and money transfer orders          the discounts and foreign exchange       foreign exchange accounts are monthly
           Accounting                                  applied.                                                        are authorised by two persons, the          accounts are monthly reviewed for        reviewed and approved by management
                                                                                                                       second person not reporting to local        reasonableness                           2. Reviewed output of ERP report
                                                                                                                       treasury.                                   2. Ensure lost discount accounts are
                                                                                                                                                                   reviewed periodically by reviewing
                                                                                                                                                                   output of ERP report
FRA        Financial       FRA.06      Cash Management Bank Reconciliation                              FRA-6          Procedures                                  1. Review procedures covering the        1. Procedures covering the bank
           Reporting and                               Bank Reconciliation is accurately and                           Procedures for bank reconciliation          bank reconciliation requirements         reconciliation requirements and approved
           Accounting                                  timely performed and reviewed.                                  have been defined and approved by                                                    by management
                                                                                                                       Management.
FRA        Financial       FRA.06      Cash Management Bank Reconciliation                              FRA-6          Review                                      1. Review the process covering the       1. Process covering the parameters to be
           Reporting and                               Bank Reconciliation is accurately and                           Bank reconciliation is performed            parameters to be applied in the bank     applied in the bank statement process
           Accounting                                  timely performed and reviewed.                                  monthly and is duly documented by           statement process                        approved by management
                                                                                                                       the responsible personnel.                  2. Review output of ERP transaction      2. Reviewed output of ERP transaction
                                                                                                                       Management reviews monthly the bank         defining key parameters for bank         defining key parameters for bank statement
                                                                                                                       reconciliation statements and evidence      statement processing including           processing
                                                                                                                       of this review is kept.                     opening and closing balances,            3. Output of ERP report to trace individual
                                                                                                                                                                   posting date and further processing      statements and identify which users
                                                                                                                                                                   options                                  processed the relevant bank journals
                                                                                                                                                                   3. Where electronic bank statements      4. Reconciliations are prepared, reviewed
                                                                                                                                                                   are used from the statement posting      and approved timely. Supporting
                                                                                                                                                                   transaction, select the ERP overview     documentation is available and reconciling
                                                                                                                                                                   report to trace individual statements    items are being addressed and cleared in a
                                                                                                                                                                   and identify which users processed       timely manner
                                                                                                                                                                   the relevant bank journals
                                                                                                                                                                                                                                                                                                                                               Page 9/77                                                                                                                                                                                                                                                                        1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                              (Q1)          (Q2)          (Q3)             (Q4)             (Q5)             (Q6)
                                                                                                                                                                                                                                                                                                                                       FRA Cycle                    (Q7)                (Q8)              (Q9)            (Q10)               (Q11)                 (Q12)              (Q13)         Testing Period Testing Period 1 Testing Period 1 Testing   Testing Period Testing Period 2 Testing Period 2 Testing Period
                                                                                                                                                                                                                                                        Is this control    If No,   Is this control     Additional       Frequency     Documentation      Evidence of Control (e.g. Control owner     Staff trained      Maturity     If Maturity is level 4     Responsible         Due Date              1           Likelihood         Impact      Period 1        2           Likelihood         Impact            2
               Cycle       Sub-Cycle                                                                     Control       Description of the Recommended                     Recommended                               Recommended
Cycle ID                                  Sub-Cycle            Control Objective Description                                                                                                                                                          activity relevant   explain   performed? If      comments to       of control   (e.g. procedures,       report signed by      (Job title and     to control      level from 1            or 5,              person for        (dd/mm/yy)                      (High/Medium/L (High/Medium/L Tester's name                (High/Medium/L (High/Medium/L Tester's name
             Description      ID                                                                        Activity ID             Control Activity                          Validation steps                            Evidences
                                          Description                                                                                                                                                                                                  to your entity?     why.       yes, how ?      control activity                  flowcharts...)         management...)          Name)         activity? (Y/N)       to 5            define your         remediation plan   remediation plan     (Pass/Fail)        ow)               ow)                   (Pass/Fail)        ow)               ow)
                                                                                                                                                                                                                                                                                                        (free text)                                                                                                                     remediation plan.
FRA        Financial       FRA.06      Cash Management Bank Reconciliation                             FRA-6          Pending items                             1. Review procedure covering the     1. Procedure covering the bank
           Reporting and                               Bank Reconciliation is accurately and                          Pending bank reconciling items are        bank reconciliation                  reconciliation approved by management
           Accounting                                  timely performed and reviewed.                                 promptly followed-up and resolved.        2. Review period/month-end checklist 2. Period/month-end checklist
                                                                                                                      Reconciling items are aged in an                                               3. Reconciliations are prepared, reviewed
                                                                                                                      attachment to the bank reconciliation                                          and approved in a timely manner
                                                                                                                      statements. Responsibility and status
                                                                                                                      of action plans are documented and
                                                                                                                      duly reviewed by Management.

FRA        Financial       FRA.06      Cash Management Bank accounting                                 FRA-6          Interest income and charges -             1. Review procedure covering the       1. Procedure covering the accounting of
           Reporting and                               Ensure proper and timely accounting of                         Accounting                                accounting of interest income and      interest income and charges, approved by
           Accounting                                  cash related positions.                                        Interest income and charges are           charges                                management
                                                                                                                      accounted for and allocated to the
                                                                                                                      appropriate accounting period.
FRA        Financial       FRA.06      Cash Management Efficient Cash Management                       FRA-6          Forecasts                                 1. Review procedure covering cash      1. Procedure covering cash management
           Reporting and                               Ensure optimal cash management.                                Cash positions are managed and            management                             approved by management
           Accounting                                                                                                 anticipated with cash forecasts; the      2. Review report monitoring            2. Report monitoring performance of
                                                                                                                      performance of forecast against actual    performance of forecasts against       forecasts against actual cash, approved by
                                                                                                                      cash is monitored and reviewed by         actual cash                            management
                                                                                                                      management.



FRA        Financial       FRA.06      Cash Management Efficient Cash Management                       FRA-6          Cash Pooling                              1. Review procedure covering the       1. Procedure covering the coordination of
           Reporting and                               Ensure optimal cash management.                                The Cash Management process               coordination of cash pooling between   cash pooling between the Divisions,
           Accounting                                                                                                 between the Divisions, Business Units     the Divisions, Business Units or       Business Units or Country Organisation,
                                                                                                                      or Country Organisation in charge of      Country Organisation                   approved by management
                                                                                                                      cash pooling is coordinated
                                                                                                                      adequately.
FRA        Financial       FRA.06      Cash Management Efficient Cash Management                       FRA-6          Assessment of Investments Risks           1. Review procedures covering risks    1. Procedures, covering risks of
           Reporting and                               Ensure optimal cash management.                                Risks of investments are well             of investments are in accordance       investments aligned with Group Treasury
           Accounting                                                                                                 assessed and carried out in               with Group Treasury Policy             Policy and approved by management
                                                                                                                      accordance with Group Treasury
                                                                                                                      Policy
FRA        Financial       FRA.06      Cash Management Petty Cash                                      FRA-6          Procedures                                1. Review procedures covering the      1. Procedures, covering the proper
           Reporting and                               Reimbursements are duly authorised.                            Procedures are in place for the proper    proper handling and authorisation of   handling and authorisation of petty cash
           Accounting                                                                                                 handling and authorisation of petty       petty cash disbursements               disbursements, approved by management
                                                                                                                      cash disbursements. It is
                                                                                                                      recommended that these procedures
                                                                                                                      address 1) The review and
                                                                                                                      reconciliation of petty cash
                                                                                                                      disbursements; 2) The definition of a
                                                                                                                      limited amount for petty cash; 3) The
                                                                                                                      proper safeguarding of petty cash.

FRA        Financial       FRA.06      Cash Management Petty Cash                                      FRA-6          Reconciliation                         1. Ensure procedures cover the            1. Procedures, covering the reconciliation
           Reporting and                               Reimbursements are duly authorised.                            The Petty cash log and vouchers are    reconciliation of cash log and            of cash log and vouchers with the actual
           Accounting                                                                                                 reconciled to actual cash-on-hand.     vouchers with the actual cash-on-         cash-on-hand, approved by management
                                                                                                                      The reconciliation is reviewed and     hand                                      2. Reconciliation reviewed by management
                                                                                                                      approved by supervisor.                2. Ensure reconciliation is reviewed
                                                                                                                                                             by management
FRA        Financial       FRA.06      Cash Management Petty Cash                                      FRA-6          Safeguarding                           1. Review procedures covering petty       1. Review procedures covering petty cash
           Reporting and                               Ensure that Petty Cash is adequately                           Petty Cash is kept under lock and key cash                                       approved by management
           Accounting                                  safeguarded.                                                   by custodian. Petty cash is of limited
                                                                                                                      amount.
FRA        Financial       FRA.06      Cash Management Endorsable checks                               FRA-6          Tracking of endorsable checks          1. Review procedures covering the         1. Procedures covering the tracking of
           Reporting and                               Ensure endorsable checks can be                                A procedure is established to ensure tracking of endorsable checks               endorsable checks
           Accounting                                  identified, reconciled and tracked                             that all endorsable checks or similar  2. Ensure that endorsable checks, or      2. Evidence that endorsable checks, or
                                                       systematically.                                                instruments details (received from     similar documents, are registered         similar documents, are registered and
                                                                                                                      customers and those returned from      and entered in a tracking system for      entered in a tracking system for allowing
                                                                                                                      the bank as "bounced") are registered allowing custody of documents              custody of documents
                                                                                                                      and entered in a tracking system for
                                                                                                                      allowing custody of documents
                                                                                                                      (including entry and exit document
                                                                                                                      data).

FRA        Financial       FRA.06      Cash Management Endorsable checks                               FRA-6          Reconciliation of endorsable checks       1. Review procedures covering the      1. Procedures covering the reconciliation of
           Reporting and                               Ensure endorsable checks can be                                A procedure covering the reconciliation   reconciliation of endorsable checks    endorsable checks ensuring that data
           Accounting                                  identified, reconciled and tracked                             of valuable/instrument tracking system    ensuring that data input/output into   input/output into the system is accurate
                                                       systematically.                                                data with the physical                    the system is accurate and tracked     and tracked
                                                                                                                      valuables/instruments in custody is in
                                                                                                                      place, ensuring the accuracy of data
                                                                                                                      input/output to the system.


FRA        Financial       FRA.07      Insurance & Risk   Actuarial Parameters Review              FRA-7              Actuarial Parameters Review               1. Review list of assumptions and    1. Documentation of assumptions and sign
           Reporting and               Management         Ensure actuarial parameters are assessed                    Review of actuarial model, including      data set used in the calculation     off of review (email)
           Accounting                                     against company Situation.                                  basic assumptions, base data,             2. Evidence of review of consistency
                                                                                                                      methods and tools used. Actuarial         of the actuarial approach compared
                                                                                                                      parameters are assessed against           to that of preceding periods
                                                                                                                      Company situation, environment and
                                                                                                                      business objectives.

FRA        Financial       FRA.07      Insurance & Risk   Insurance Actuary Review                     FRA-7          Insurance Actuary Review              1. Review report to ensure that            1. Obtain report
           Reporting and               Management         Ensure alignment of provision to actuarial                                                        actuarial results are consistent with      2. Documentation of review of the report
           Accounting                                     assessment.                                                                                       observed movements in base data
                                                                                                                                                            and that the results are compared
                                                                                                                                                            with proceeding periods
FRA        Financial       FRA.07      Insurance & Risk   Lawsuit Information Review                   FRA-7          Lawsuit Information Review            1. Review claims submitted to              1. Selections made and support for all
           Reporting and               Management         Ensure completeness of lawsuit                              Verify that information received is   supporting documentation                   relevant claim data submitted
           Accounting                                     information.                                                complete and has been accurately      supporting; product, carrier
                                                                                                                      checked. Basic information about a    designation, entity identification,
                                                                                                                      loss or claim is checked and          claim category, date of loss and claim
                                                                                                                      compared with data record of involved made date
                                                                                                                      insurer and Risk Management
                                                                                                                      department.
FRA        Financial       FRA.07      Insurance & Risk   Insurance Coverage Check and Claims          FRA-7          Insurance Coverage Check and          1. Review claims submitted to              1. Selections made and support for all
           Reporting and               Management         Submission                                                  Claims Submission                     supporting documentation supporting        relevant coverage data submitted related to
           Accounting                                     Ensure completeness and accuracy of                         Verify insurance coverage has been    coverage issues (Material - insured        the claim
                                                          insurance coverage.                                         accurately assessed and review for    loss/injury, applicable coverage
                                                                                                                      accurate input.                       exclusions, serial/batch loss, etc;
                                                                                                                                                            Formal - applicable policy period,
                                                                                                                                                            retro-active date, notification
                                                                                                                                                            restrictions, etc) and claims
                                                                                                                                                            notification submission to insurer
                                                                                                                                                            details (includes all necessary
                                                                                                                                                            information under the details of the
                                                                                                                                                            policy conditions and notification was
                                                                                                                                                            performed within the prescribed
                                                                                                                                                            policy provisions)

FRA        Financial       FRA.07      Insurance & Risk   Database Validation                          FRA-7          Database Validation                       1. Review claim list and reconcile   1. Claim report
           Reporting and               Management         Ensure databases are complete and                           Analysis of legal docket and FRS          Loss/claim status accurate, double
           Accounting                                     accurate.                                                   including determination of subsequent     entries corrected, new losses/claims
                                                                                                                      events.                                   in the period captured, amounts
                                                                                                                                                                adjusted and correctly validated.
                                                                                                                                                                Reconciliation timely performed and
                                                                                                                                                                signed by Director
                                                                                                                                                                2. Review and reconcile self insured
                                                                                                                                                                retention accrued locally and
                                                                                                                                                                recoverable to related FRS schedule
                                                                                                                                                                and for reasonableness of insurance
                                                                                                                                                                assumptions

FRA        Financial       FRA.07      Insurance & Risk   Database Validation                          FRA-7          Database Validation                       1. Review updated legal letter and     1. Legal letter
           Reporting and               Management         Ensure databases are complete and                           Verify Database is appropriately          reconciliation of Legal Docket, FRS    2. Legal Docket
           Accounting                                     accurate.                                                   updated. Analysis of legal docket and     schedules and Product Liability        3. Update Product Liability Update Letter
                                                                                                                      FRS including determination of            Update Letter                          4. Reconciliation of legal docket to Legal
                                                                                                                      subsequent events.                        2. Reconcile legal docket to Legal     accrual report
                                                                                                                                                                accrual report                         5. Review and reconcile self insured
                                                                                                                                                                3. Review and reconcile self insured   retention accrued locally to related FRS
                                                                                                                                                                retention accrued locally to related   schedule and for reasonableness of
                                                                                                                                                                FRS schedule and insurance             insurance assumptions
                                                                                                                                                                provider database for
                                                                                                                                                                reasonableness of insurance
                                                                                                                                                                assumptions




                                                                                                                                                                                                                                                                                                                                       Page 10/77                                                                                                                                                                                                                                                                       1/5/2012 / 4:19 PM
                FRA Cycle




TRUE    TRUE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   TRUE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE   Page 11/77   1/5/2012 / 4:19 PM
                FRA Cycle




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    TRUE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




                Page 12/77   1/5/2012 / 4:19 PM
                FRA Cycle




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    TRUE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




                Page 13/77   1/5/2012 / 4:19 PM
TRUE    FALSE
                FRA Cycle




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   TRUE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE
                Page 14/77   1/5/2012 / 4:19 PM
                FRA Cycle




FALSE   FALSE




                Page 15/77   1/5/2012 / 4:19 PM
                FRA Cycle




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE



TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   TRUE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE



FALSE   FALSE




TRUE    FALSE



FALSE   FALSE




TRUE    FALSE
                Page 16/77   1/5/2012 / 4:19 PM
                FRA Cycle




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE



TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   TRUE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




FALSE   FALSE




TRUE    FALSE




                Page 17/77   1/5/2012 / 4:19 PM
                                                                                                                       REV Cycle

                                                                                                                     Control Matrix

               Cycle       Sub-Cycle                                                              Control                                                                                        Recommended
Cycle ID                                Sub-Cycle          Control Objective Description                         Description of the Recommended Control Activity
             Description      ID                                                                 Activity ID                                                                                     Validation steps
                                        Description

REV        Revenue and     REV.01      Segregation Segregation of Duties                        REV.01         Segregation of Duties                                         1. Review SoD with updated job descriptions and system
           Receivables                 of Duties/    Appropriate segregation of duties are in                  Segregation of Duties is properly defined and reflected in    access
                                       Configuration place for functional responsibilities.                    job descriptions and role profiles. The duties and            2. Check that mitigating controls are identified and
                                                                                                               responsibilities of employees should be segregated within     described
                                                                                                               the functional responsible persons, including:1)              3. Validate adequacy of compensating controls
                                                                                                               Maintenance of customer, credit and price master file data;   4. Review access rights report from ERP system
                                                                                                               2) Contract management; 3) Definition of customer credit
                                                                                                               limit; 4) Definition of customer pricing; 5) Sales order
                                                                                                               management (including order entry); 6) Record keeping
                                                                                                               (general ledger and sub ledger); 7) Delivery of products;
                                                                                                               8) Invoicing; 9) Customer claims; 10) Credit notes;11)
                                                                                                               Collections; 12) Deposit of Collections; 13) Processing of
                                                                                                               collections; 14) Processing Bad debt write-offs. In the
                                                                                                               absence of proper segregation of duties, compensating
                                                                                                               controls have to be in place and documented.


REV        Revenue and     REV.01      Segregation Segregation of Duties                        REV.01         System Access Rights                                          1. Review procedure on User Authorization Management
           Receivables                 of Duties/    Users have correct access rights to                       System access rights are properly designed to ensure          2. Review SoD matrix with updated job descriptions and
                                       Configuration financial information.                                    segregation of duties across functional responsibilities is   system access
                                                                                                               maintained. User profiles in the system are monitored and     3. Review access rights report from ERP system
                                                                                                               reviewed by management. The review is documented and
                                                                                                               any unauthorised system access rights are corrected in
                                                                                                               the system.




REV        Revenue and     REV.01      Segregation Segregation of Duties                        REV.01         Password Protection                                           1.Review password protection system. Check that there
           Receivables                 of Duties/    Users have correct access rights to                       The propriety of information and system access rights are     is no generic user ID with generic password.
                                       Configuration financial information.                                    protected through system passwords. The ability to access     2.In case if a legacy system used, describe the
                                                                                                               transactions is permitted only with the use of a              implemented compensating control to ensure periodical
                                                                                                               personalised individual password. Passwords should be         password changes
                                                                                                               changed on a regular basis.




REV        Revenue and     REV.01      Segregation System Configuration                        REV.01          Customer, Credit and Price Master File Data and Other       1.Review configuration of customer master data. Check
           Receivables                 of Duties/    The configuration of customer, credit and                 Systems                                                     compliance with group/divisional guidelines.
                                       Configuration price master file data is appropriate.                    The configuration of customer, credit and price master file
                                                                                                               data, as well as other ancillary systems such as cash
                                                                                                               collections, A/R subsidiary ledger and general ledger,
                                                                                                               meets the information needs of management to effectively
                                                                                                               monitor the business.



REV        Revenue and     REV.01      Segregation System Configuration                         REV.01         New Customer, Credit and Price Master File Data and           1. Check that a procedure for the creation of customer,
           Receivables                 of Duties/    Changes to the configuration of master                    Other Systems - Approval Process                              credit and price master file data exist, is in line with
                                       Configuration file data is authorised by finance                        Procedures are established and documented to control          Group/divisional guidelines, is updated and duly
                                                     management, e.g. CFO or his/her                           new customer, credit and price master file data. as well as   approved
                                                     delegate.                                                 other ancillary systems such as cash collections, A/R         2. Review standard form for master data creation
                                                                                                               subsidiary ledger and general ledger. A request for           requests. Check approval and consistency with contracts
                                                                                                               opening of a new customer account is submitted on a           3. Run a report of new customer/price data and check
                                                                                                               standard form. The sales manager/ authorised delegate of      compliance with standard forms and with contracts
                                                                                                               the CFO compares the data in the request for a new            4. Check that clerks identify possible duplicate customers
                                                                                                               customer account with the sales contract and approves or      before adding a new one
                                                                                                               rejects the request. The data for approved requests are
                                                                                                               input according to approved sales contract.




                                                                                                                        Page 18/77                                                                                                        1/5/2012 / 4:19 PM
                                                                                                                       REV Cycle



               Cycle       Sub-Cycle                                                              Control                                                                                       Recommended
Cycle ID                                Sub-Cycle           Control Objective Description                        Description of the Recommended Control Activity
             Description      ID                                                                 Activity ID                                                                                    Validation steps
                                        Description

REV        Revenue and     REV.01      Segregation System Configuration                       REV.01           Customer, Credit, Price Master File Data Changes and         1. Check that a procedure for changes to existing master
           Receivables                 of Duties/    Changes to the configuration of master                    Other Systems - Approval Process                             data (customer, credit and price master data) exist, is in
                                       Configuration file data is authorised by finance                        Procedures are established and documented to control         line with Group/divisional guidelines, is updated and duly
                                                     management, e.g. CFO or his/her                           changes to customer, credit and price master file data, as   approved
                                                     delegate.                                                 well as other ancillary systems such as cash collections,    2. Review master data change requests. Check approval
                                                                                                               A/R subsidiary ledger and general ledger. All changes to     and compliance with supporting documentation
                                                                                                               master file data as well as other systems are documented     (contracts amendments, updated price list, etc)
                                                                                                               and approved by management. Exception reports of             3. Run a report of master data changes and check
                                                                                                               changes to master files are produced and are reviewed by     compliance with change requests. Check customer
                                                                                                               management against the authorised change forms or            master changes reports are reviewed and approved
                                                                                                               relevant source documentation. Input of change               4. Check that inconsistencies are reviewed and
                                                                                                               information is confirmed for accuracy and completeness.      corrected regularly
                                                                                                               Procedures exist for adding and changing Condition
                                                                                                               Types, Records, Pricing Procedures, and Customer and
                                                                                                               Material Pricing Procedure Keys, including who is
                                                                                                               responsible, source documents, approval, and testing.



REV        Revenue and     REV.01      Segregation System Configuration                       REV.01           Customer, Credit, Price Master File Data Changes and         1.Review the procedure to ensure master data are
           Receivables                 of Duties/    Master file data reflects only current                    Other Systems - Keeping Current                              updated. Does management review customer list on an
                                       Configuration customers.                                                Procedures are established and documented to ensure          annual basis?
                                                                                                               that customer, credit, price master file data and other      2.Review sales statistics by customer over the last few
                                                                                                               systems are not populated with inactive or invalid           years to identify potential inactive or invalid customers
                                                                                                               customers. The master file and other systems are
                                                                                                               reviewed at least once per year by management.




REV        Revenue and     REV.02      Contract        Sales Contracts Procedures               REV.02         Policies and Procedures                                      1.Check that procedures exist, adhere to
           Receivables                 Management      Ensure policies and procedures regarding                Policies and procedures regarding Contract Management        Group/Divisional policies, are up-to-date and duly signed.
                                                       sales contract management are                           that governs the approval, execution, recording and          Check whether they include information about the
                                                       consistently applied.                                   monitoring of contracts/agreements (Standard and Non-        approval process of new contracts, the maintenance of
                                                                                                               Standard) including Sales Deals (with end customers, e.g.    contracts, contracts repository, contracts register
                                                                                                               pharmacies), Trade Deals (with wholesalers), License         2. Review the list of relevant employees and its approval,
                                                                                                               Agreements, Co-promotional Agreements, etc. are              check especially personnel changes
                                                                                                               documented and communicated to relevant employees.           3. Check that procedures are communicated to relevant
                                                                                                                                                                            employees (training, email, information meeting...).
                                                                                                                                                                            Check especially whether procedures updates are
                                                                                                                                                                            communicated as well. Ask employees whether they are
                                                                                                                                                                            aware of the procedures




REV        Revenue and     REV.02      Contract        Sales Contracts Procedures               REV.02         Policies and Procedures - Trade Deals                       1. Compare list of system access (system were trade
           Receivables                 Management      Ensure policies and procedures regarding                Management reviews system access monthly and ensures deals are input) with list of authorised employees. Check
                                                       sales contract management are                           the limits are in accordance with the authorisation policy. approval
                                                       consistently applied.                                                                                               2. Verify a sample of Trade deals for approval(s) and
                                                                                                                                                                           check if the approval was appropriate




                                                                                                                        Page 19/77                                                                                                       1/5/2012 / 4:19 PM
                                                                                                                        REV Cycle



               Cycle       Sub-Cycle                                                               Control                                                                                        Recommended
Cycle ID                                Sub-Cycle          Control Objective Description                          Description of the Recommended Control Activity
             Description      ID                                                                  Activity ID                                                                                     Validation steps
                                        Description

REV        Revenue and     REV.02      Contract       Contract Review and Approval               REV.02         Standard Contracts - Approval Process                          1. Check whether contracts are up-to-date, cover key
           Receivables                 Management     Standard sales contracts exist.                           Standard contract arrangements (principally Sales              commercial aspects and are duly approved by
                                                                                                                contracts) are utilised in most cases to reduce ambiguity in   Commercial and Legal personnel
                                                                                                                dealings with customers, covering aspects like                 2. Take samples of sales orders and check whether
                                                                                                                delivery/payment terms, pricing, rebates, structure, etc.      contracts exist, whether customer master data match
                                                                                                                Standard contracts are approved by Commercial and              with sales contract and sales order
                                                                                                                Legal personnel.                                               3. Analyse variances between master data and contracts
                                                                                                                                                                               and check whether they are approved and monitored by
                                                                                                                                                                               management




REV        Revenue and     REV.02      Contract       Contract Review and Approval               REV.02         Non-Standard Contracts - Approval Process                      1.Review non-standards contracts for approval by
           Receivables                 Management     Review the terms of non-standard                          Non-standard contract arrangements (particularly Trade         Commercial and Legal
                                                      contracts for legal and accounting                        Deals, Licensing Agreements, Co-Promotional                    2.Check that reasons for deviations from standards
                                                      implications on entering into an                          Agreements, etc.) are reviewed and approved by                 contracts are clearly documented and duly approved
                                                      agreement.                                                Commercial and Legal personnel. Deviations from
                                                                                                                standard contract arrangements are supported by a
                                                                                                                specific documented business purpose.
REV        Revenue and     REV.02      Contract       Contract Review and Approval               REV.02         Accounting Implications - Review Process                       1. Check whether contracts have been reviewed by
           Receivables                 Management     Review contract terms for accounting                      Standard and Non-standard contract arrangements,               Finance and accounting
                                                      implications on entering into agreement.                  documented business purposes and related transactions          2. Check whether possible changes recommended by
                                                                                                                are reviewed by Finance/accounting personnel for the           Finance have been considered in the contract
                                                                                                                appropriate accounting implications, e.g. Revenue
                                                                                                                recognition (deferred income), contingent obligations
                                                                                                                (provisions & accruals), etc.
REV        Revenue and     REV.02      Contract       Contract Review and Approval               REV.02         Final Contract - Approval Process                              1. Check whether Legal, Commercial and Accounting
           Receivables                 Management     Review and approve all changes to                         Legal, Commercial, and Accounting personnel agree on           approves the contract before final signature
                                                      contracts before being signed.                            final terms of Standard and Non-standard Contract              2. Check whether contract signed according to SOP
                                                                                                                arrangements. Contract arrangements are signed in
                                                                                                                accordance with standard operating procedures prior to
                                                                                                                being loaded into the system.
REV        Revenue and     REV.02      Contract       Contract Review and Approval               REV.02         Contract - Change Identification                               1. Compare changes input in the system with the source
           Receivables                 Management     Review and approve all changes to                         Management runs a report of all changes to contracts           contracts for a given period.
                                                      contracts before being signed.                            quarterly and validates the changes against source             2. Check whether changes have been duly approved by
                                                                                                                documents. Where an invalid entry is found appropriate         Commercial, Legal and Accounting
                                                                                                                corrective action is taken. Procedures exist to ensure
                                                                                                                review and approval of new contracts or amendments by
                                                                                                                commercial, accounting, and legal personnel.




                                                                                                                         Page 20/77                                                                                                     1/5/2012 / 4:19 PM
                                                                                                                       REV Cycle



               Cycle       Sub-Cycle                                                              Control                                                                                       Recommended
Cycle ID                                Sub-Cycle          Control Objective Description                         Description of the Recommended Control Activity
             Description      ID                                                                 Activity ID                                                                                    Validation steps
                                        Description

REV        Revenue and     REV.02      Contract       Safeguarding and Maintenance of         REV.02           Safeguarding the contracts                                   1. Check location where contracts are maintained and
           Receivables                 Management     Contracts                                                Physical contracts are maintained in a centralised           whether access to repository is controlled
                                                      Sales contracts and other related                        repository with restricted access to authorised personnel.   2. Check list of authorised personnel, and approval by
                                                      confidential items are stored and                                                                                     management
                                                      maintained securely.                                                                                                  3. Take samples of contracts and check whether they are
                                                                                                                                                                            secured in the central repository




REV        Revenue and     REV.02      Contract       Safeguarding and Maintenance of         REV.02           Contract maintenance                                      1.Check existence of contract register
           Receivables                 Management     Contracts                                                A centralised Contract Register is maintained and updated 2.Take samples of contracts to test completeness of
                                                      Sales contracts and other related                        to ensure completeness of contracts signed.               register
                                                      confidential items are stored and
                                                      maintained securely.




REV        Revenue and     REV.02      Contract       Safeguarding and Maintenance of         REV.02           Contract maintenance                                         1.Run report of all expiring contracts (contracts should
           Receivables                 Management     Contracts                                                Contract Register containing expiry dates is regularly       be highlighted prior to expiring to ensure timely action by
                                                      Sales contracts are renewed in a timely                  reviewed and monitored.                                      management)
                                                      manner to ensure adequate protection of                                                                               2.Check whether management regularly monitor
                                                      the Company; interest during an open                                                                                  contracts expiry date
                                                      window period.                                                                                                        3.Check whether sales order have been placed after
                                                                                                                                                                            contract expiry date
REV        Revenue and     REV.02      Contract       Safeguarding and Maintenance of         REV.02           Contract audits                                           1.Where applicable, check whether specific terms of
           Receivables                 Management     Contracts                                                In situations whereby the contract permits the company to agreement would require an audit
                                                      Customers comply with contract                           conduct audits or reviews to ensure compliance with the
                                                      provisions.                                              terms of the agreement, periodic contract audits are
                                                                                                               conducted.




REV        Revenue and     REV.02      Contract       Monitoring of Contract Expenditures       REV.02         Contract expenditures - Independent review                   1.List trade deals and customer promotions for a given
           Receivables                 Management     Ensure salesmen spend only the                           A separate, independent review is performed for all trade    period
                                                      authorised amount on a particular                        deals and customer promotions (e.g. expenditures by          2.Check whether independent review of trade deals and
                                                      deal/program or on a particular customer.                Company sales persons spent on                               customer promotions has been performed (date,
                                                                                                               deal/agreement/contract with a customer) by a regional or    scope...)
                                                                                                               other appropriate individual.




                                                                                                                        Page 21/77                                                                                                        1/5/2012 / 4:19 PM
                                                                                                                          REV Cycle



               Cycle       Sub-Cycle                                                                Control                                                                                            Recommended
Cycle ID                                Sub-Cycle           Control Objective Description                          Description of the Recommended Control Activity
             Description      ID                                                                   Activity ID                                                                                         Validation steps
                                        Description

REV        Revenue and     REV.02      Contract        Monitoring of Contract Expenditures       REV.02          Contract expenditures - Management review                         1.Check existence and completeness of event report,
           Receivables                 Management      Ensure management reviews and                             An event report is reviewed every month reflecting the            including monitoring indicators. Check management
                                                       approves the total budgeted spend                         amount committed, spent and the over/under expenditure.           involvement in the monitoring process
                                                       against actual spend of a particular                      Management compares this against company policy and               2.Review/recalculate the amounts mentioned in some of
                                                       deal/program or of a particular customer.                 ensure the variance is in accordance with company policy.         those reports
                                                                                                                                                                                   3.Identify which company/divisional policy apply to those
                                                                                                                                                                                   expenditures and check adherence to those policies




REV        Revenue and     REV.03      Credit & Price Credit Control Policy                       REV.03         Credit Control Policy                                             1. Check the existence of a credit policy and its
           Receivables                 Control        Ensure the existence of a credit policy.                   An approved credit policy (e.g. standard payment terms,           adherence to group/divisional policy
                                                                                                                 credit limit by category, etc.) is established and its            2. Check whether the policy is up-to-date and duly
                                                                                                                 compliance is regularly monitored by Finance                      approved
                                                                                                                 management.                                                       3. Check whether Finance regularly monitor compliance
                                                                                                                                                                                   with the credit control policy (exception reports reviewed,
                                                                                                                                                                                   corrective measures taken...)




REV        Revenue and     REV.03      Credit & Price Review of Customer Account Application REV.03              Credit Control Review                                             1. Check according to which process credit limits and
           Receivables                 Control        Ensure proactive credit management                         The credit manager is responsible to set and periodically         payments terms are fixed and revised, and whether this
                                                      procedures.                                                review the credit limits and payment terms after proper           process is compliant with group/divisional policies
                                                                                                                 checks (e.g. Dunn and Bradstreet; bank statements; other          2. Take samples of initial and updated credit limits and
                                                                                                                 credit agencies; payment history, sales history, inputs from      check the supporting documentation and the approval
                                                                                                                 sales department). Criteria for fixing individual credit limits   3. Check that only authorised users input and change
                                                                                                                 are to be outlined in the Credit Policy.                          credit limits in the system




REV        Revenue and     REV.03      Credit & Price Review of Customer Account Application REV.03              Credit Control Review                                             1. Check Finance approval on credit limit change forms,
           Receivables                 Control        Ensure proactive credit management                         Finance Management reviews the credit change report               including payment terms
                                                      procedures.                                                form and approves/ rejects the credit limit or changes            2. Check that Finance rejection has been respected by
                                                                                                                 before further processing.                                        credit manager. Take samples of rejected credit limit
                                                                                                                                                                                   changes and check the credit limit in the system




REV        Revenue and     REV.03      Credit & Price Price Control Policy                        REV.03         Price Control Policy                                              1. Check the existence of a pricing policy and its
           Receivables                 Control        Ensure the existence of a pricing policy.                  A pricing and discount policy is established and approved         adherence to group/divisional policy
                                                                                                                 and its compliance is regularly monitored by Finance              2. Check whether the policy is up-to-date and duly
                                                                                                                 management.                                                       approved
                                                                                                                                                                                   3. Check whether Finance regularly monitor compliance
                                                                                                                                                                                   with the pricing policy




                                                                                                                          Page 22/77                                                                                                             1/5/2012 / 4:19 PM
                                                                                                                            REV Cycle



               Cycle       Sub-Cycle                                                                  Control                                                                                            Recommended
Cycle ID                                Sub-Cycle          Control Objective Description                             Description of the Recommended Control Activity
             Description      ID                                                                     Activity ID                                                                                         Validation steps
                                        Description

REV        Revenue and     REV.03      Credit & Price Price Control Review                      REV.03             Price Control Review                                              1. Run exception reports listing price changes in the
           Receivables                 Control        Ensure the validity and accuracy of sales                    Management reviews the pricing change report and                  system, check prior existence of pricing change report
                                                      deals and promotions.                                        approves/rejects the price change before further                  approved by management
                                                                                                                   processing. Procedures are in place to ensure that                2. Review management approval/rejection of price
                                                                                                                   customer specific discounts and promotions are reviewed           changes, compare date of approval with date of price
                                                                                                                   for validity and accuracy. A formal authorised request, is        change input in the system
                                                                                                                   used.                                                             3. Take samples of price changes rejected by
                                                                                                                                                                                     management and check price in the system
                                                                                                                                                                                     4. Check existence of procedures for specific discounts,
                                                                                                                                                                                     review approval of promotion requests, take samples of
                                                                                                                                                                                     those requests and compare price invoiced to the
                                                                                                                                                                                     customer with price approved in the request
                                                                                                                                                                                     5. Check whether validity periods (with appropriate
                                                                                                                                                                                     starting and ending dates) are used as prices changes




REV        Revenue and     REV.03      Credit & Price Price Control Review                          REV.03         Price Control Review                                              1. Run management review of such reports
           Receivables                 Control        Review, approve and test additions and                       The ability to over-ride pricing should be strictly restricted.   2. Review list of employees with access to price change
                                                      changes to pricing data.                                     Procedures are established for management review of               functionality. Check management approval. Where
                                                                                                                   manual price over-rides.                                          necessary (same employee entering the order and able
                                                                                                                                                                                     to change prices), check that compensating control is in
                                                                                                                                                                                     place




REV        Revenue and     REV.04      Sales Order    Standardisation of Sales Order                REV.04         Sales Order Management Policy                                     1. Check that a sales order management policy exist,
           Receivables                 Management     Management                                                   A sales order management policy (governing order                  adhere to Group/Divisional policies, is up-to-date and
                                                      Only fulfill valid orders with complete and                  processing and training routines) is established and its          duly signed. Check whether the policy include
                                                      proper backing documentation                                 compliance with regards to all orders is regularly                information about high risk customers and transactions
                                                                                                                   monitored by Finance management. The policy should                2. Check that the policy is communicated to relevant
                                                                                                                   specifically include procedures for defining high risk            employees (training, email, information meeting...).
                                                                                                                   customers and transactions, including the way to deal with        Check especially whether policy updates are
                                                                                                                   the related orders. Management regularly review this              communicated as well. Ask employees whether they are
                                                                                                                   category of customers.                                            aware of the policy
                                                                                                                                                                                     3. Review Finance involvement in monitoring compliance
                                                                                                                                                                                     to the policy
                                                                                                                                                                                     4. Take samples of some orders, preferably high risk
                                                                                                                                                                                     transactions, and check whether their processing
                                                                                                                                                                                     complied with the policy


REV        Revenue and     REV.04      Sales Order    Standardisation of Sales Order                REV.04         Export Sales Orders                                               1.Review procedure for export sale order. Check delivery
           Receivables                 Management     Management                                                   Export sales orders should be configured with a delivery          block if export papers are missing
                                                      Only fulfill valid orders with complete and                  block reason code relating to Export Papers Missing to            2.Check managements review and approval
                                                      proper backing documentation                                 ensure that all documentation is prepared for such                3.Take samples of export sales orders and check their
                                                                                                                   shipments. Management reviews these shipments and                 processing. Check whether orders were released with
                                                                                                                   ensures that the appropriate paperwork is collected and           missing papers
                                                                                                                   filed before the export order is released.

REV        Revenue and     REV.04      Sales Order    Receipt and Collection of Sales Orders        REV.04         Customer Information Verification                             1.Check sales order documentation
           Receivables                 Management     Only fulfill valid orders with complete and                  Sales orders are documented (e.g. paper orders, faxes,        2.Check that incomplete orders are reviewed on a
                                                      proper backing documentation                                 EDI records, voice mail records) and adequately retained. regular basis
                                                                                                                   Key elements of the order (customer name, address,
                                                                                                                   credit limits, inventory availability, customer status, etc.)
                                                                                                                   are verified before an order is processed. Order Entry
                                                                                                                   personnel verifies the following: 1. Does a customer exist?
                                                                                                                   2. If the customer is already set up, does master data
                                                                                                                   contain required information: name, address, credit limit,
                                                                                                                   bank account? Is this customer blocked from order
                                                                                                                   processing? In an automated environment this may be set-
                                                                                                                   up through the system configuration.




                                                                                                                            Page 23/77                                                                                                          1/5/2012 / 4:19 PM
                                                                                                                            REV Cycle



               Cycle       Sub-Cycle                                                                   Control                                                                                        Recommended
Cycle ID                                Sub-Cycle           Control Objective Description                             Description of the Recommended Control Activity
             Description      ID                                                                      Activity ID                                                                                     Validation steps
                                        Description

REV        Revenue and     REV.04      Sales Order     Receipt and Collection of Sales Orders        REV.04         Customer Information Verification                      1. Check whether all sales orders were processed
           Receivables                 Management      Only fulfill valid orders with complete and                  Where systems allow, sales orders are pre-numbered and through the system. Close review of sales orders outside
                                                       proper backing documentation                                 sequential orders monitored.                           the system




REV        Revenue and     REV.04      Sales Order     Processing Orders                       REV.04               Blocked orders exceeding credit limits                        1. Review procedures for blocking and releasing orders
           Receivables                 Management      Process orders within approved customer                      Regularly check for sales documents that reach the            exceeding credit limits
                                                       credit limits and within payment terms.                      customers; credit limits. External Third Party Sales Orders   2. Run exception reports with all orders exceeding credit
                                                                                                                    exceeding credit limits are blocked. The blocked orders       limits. Check whether they are blocked. If not, check
                                                                                                                    are reviewed in accordance with the Sales Order               whether they were approved by management
                                                                                                                    Management Policy and timely released after appropriate
                                                                                                                    approval.
REV        Revenue and     REV.04      Sales Order     Processing Orders                       REV.04               Cash on delivery customers                                    1. Review list of cash on delivery customers and check
           Receivables                 Management      Process orders within approved customer                      Customers on cash on delivery terms do not have               their outstanding balances. If necessary, corrective
                                                       credit limits and within payment terms.                      outstanding balances. Systems should be configured to         measures are taken (change of payment terms, sales
                                                                                                                    enforce this policy. Management regularly monitors            orders block, etc...)
                                                                                                                    delivery and payment dates.



REV        Revenue and     REV.04      Sales Order     Processing Orders                             REV.04         Minimum Order Requirements                                    1.Run a report of orders below a minimum value. Review
           Receivables                 Management      Orders below minimum order value are                         Where applicable, a minimum order value is established.       managements approval
                                                       not processed.                                               Exceptions are pre-approved by management.

REV        Revenue and     REV.04      Sales Order     Order Execution / Fulfillment                 REV.04         Trade-loading                                                 1. Review sales trend, especially the indicators
           Receivables                 Management      Trade-loading orders are detected and                        A trade loading policy is established and its compliance is mentioned in the control activities comments
                                                       corrective measures are taken.                               monitored at each month-end by Finance management.            2. Check whether a trade loading policy exists
                                                                                                                    Trade loading is typically a result of promotional activities
                                                                                                                    or other instances where a customer is given price
                                                                                                                    incentives or favourable payment terms to purchase larger
                                                                                                                    quantities of inventories. Potential trade loading issues
                                                                                                                    can be detected via sales-trend analysis and in-trade
                                                                                                                    sales reports. In cases of trade loading, sales may need to
                                                                                                                    be recognised on a consignment basis.

REV        Revenue and     REV.04      Sales Order     Order Execution / Fulfillment                 REV.04         Backorders                                                    1.Run a report of all pending orders older than a given
           Receivables                 Management      Ensure orders are fulfilled on a timely                      Pending orders or backorders are closely monitored and        period. Check the report is reviewed by management
                                                       basis                                                        followed-up by Customer Service/ Sales Admin.                 and corrective action taken



REV        Revenue and     REV.04      Sales Order     Order Execution / Fulfillment                 REV.04         Backorders                                              1.Check that a KPI report about late deliveries,
           Receivables                 Management      Ensure orders are fulfilled on a timely                      Time taken between order date, expected delivery date   exceeding standard delivery terms exists. Review
                                                       basis                                                        and actual delivery date is measured as an order        reasons for delay
                                                                                                                    management customer service metric. The root causes for
                                                                                                                    delays are investigated.
REV        Revenue and     REV.04      Sales Order     Changes to Orders                       REV.04               Sales Order Cancellation                                      1. Review procedure for sales order cancellation
           Receivables                 Management      Cancellation of orders are handled                           Order cancelled after goods have been packed or               2.Take samples of cancelled orders and check
                                                       according to the sales order management                      delivered are properly documented and authorised by           managements authorisation, documentation and related
                                                       policy.                                                      management.                                                   stock movements




REV        Revenue and     REV.04      Sales Order     Changes to Orders                       REV.04               Sales Order Cancellation                                      1. Check that the numbers of cancelled orders and main
           Receivables                 Management      Cancellation of orders are handled                           Cancelled orders are captured as an order management          reason are mentioned as KPI in sales report
                                                       according to the sales order management                      metric.
                                                       policy.



REV        Revenue and     REV.05      Distribution,   Verification of Shipped Goods                 REV.05         Distribution and Delivery Policy                              1. Check that a distribution and delivery policy according
           Receivables                 Delivery &      Correct goods are shipped and                                A clear distribution and delivery policy is established for   to control activity exists, adheres to Group/Divisional
                                       Invoicing       accurately recorded.                                         ensuring that picking and delivering orders is based on       policies, is up-to-date and duly signed
                                                                                                                    sales or production orders, that only goods available for     2. Check that the policy is communicated to relevant
                                                                                                                    sales (e.g. Quality Control passed) are picked by the         employees (training, email, information meeting...).
                                                                                                                    system, that goods are picked on a FEFO (First Expired        Check especially whether policy updates are
                                                                                                                    First Out) basis. No goods can be shipped without an          communicated as well. Ask employees whether they are
                                                                                                                    adequate sales or production order and the shipment is        aware of the policy
                                                                                                                    adequately logged.




                                                                                                                             Page 24/77                                                                                                        1/5/2012 / 4:19 PM
                                                                                                                       REV Cycle



               Cycle       Sub-Cycle                                                              Control                                                                                          Recommended
Cycle ID                                Sub-Cycle           Control Objective Description                        Description of the Recommended Control Activity
             Description      ID                                                                 Activity ID                                                                                       Validation steps
                                        Description

REV        Revenue and     REV.05      Distribution,   Verification of Shipped Goods            REV.05         Undelivered Inventory                                           1. Run report of delivery blocks (incomplete deliveries,
           Receivables                 Delivery &      Correct goods are shipped and                           Management reviews the detailed list of Undelivered sales       sales orders blocked for delivery, delivery error logs).
                                       Invoicing       accurately recorded.                                    orders to ensure all goods are shipped. This activity is        Review reason for not delivering the goods
                                                                                                               particularly important for instances whereby a third-party is   2. Check whether management regularly monitor
                                                                                                               responsible for taking orders and distributing inventory.       undelivered sales orders
                                                                                                               For goods not shipped, management should review the             3. Check whether KPI for delivery are included in
                                                                                                               root cause and take the corrective actions.                     contracts with third-party, in case third-party is
                                                                                                                                                                               responsible for the distribution process. Check how
                                                                                                                                                                               management monitors third-party services
                                                                                                                                                                               4. Review discrepancies between target and actual
                                                                                                                                                                               delivery quantities, delivery notes for which no goods
                                                                                                                                                                               issue has taken place


REV        Revenue and     REV.05      Distribution,   Verification of Shipped Goods            REV.05         Proof of Delivery                                            1.Check local legislation. Review process for collecting
           Receivables                 Delivery &      Correct goods are shipped and                           Proof of deliveries to customers or carrier is available and and archiving proof of delivery
                                       Invoicing       accurately recorded.                                    retained according to local legislation.
REV        Revenue and     REV.05      Distribution,   Verification of Shipped Goods            REV.05         Free Goods                                                      1. Check that a free goods procedure exist, adhere to
           Receivables                 Delivery &      Free goods are properly approved and                    Procedure exists to ensure that free goods are authorised       Group/Divisional policies, is up-to-date and duly signed
                                       Invoicing       accounted for.                                          and accounting treatment is in compliance with the              2. Check that the policy is communicated to relevant
                                                                                                               Company Accounting Manual.                                      employees (training, email, information meeting...)

REV        Revenue and     REV.05      Distribution,   Verification of Shipped Goods            REV.05         Delivery Cut-off                                                1.Run exception report. Check for proper accounting
           Receivables                 Delivery &      Goods shipped are recorded in the                       Review the goods issued report at month end to ensure all       treatment, especially in case of delivery without invoices
                                       Invoicing       correct period.                                         items are accounted for in the correct period. This activity    in the same period, or with invoices without delivery
                                                                                                               is performed in conjunction with the sales cut-off testing.     2.Check that user posts the goods issue for all deliveries
                                                                                                               The accounting treatment is in accordance with the              which occur prior to the end of the period. The good
                                                                                                               Company Accounting Manual.                                      issue updates the material master and the inventory
                                                                                                                                                                               balance in the G/L

REV        Revenue and     REV.05      Distribution,   Standardisation of Invoicing             REV.05         Invoicing Policy                                                1. Check that an invoicing policy exists, adhere to
           Receivables                 Delivery &      Ensure the existence of an invoicing                    An invoicing policy is established defining the invoicing       Group/Divisional policies, is up-to-date and duly signed
                                       Invoicing       policy.                                                 process frequency. Controls are in place to ensure that         2. Check that the policy is communicated to relevant
                                                                                                               deliveries are invoiced according to the policy (e.g. data      employees (training, email, information meeting...)
                                                                                                               analysis between delivery and invoice dates).                   3. Check monitoring process: exception reports, reasons
                                                                                                                                                                               for delay in invoicing, management review




REV        Revenue and     REV.05      Distribution,   Invoice Verification                     REV.05         Invoice Details                                                 1.Check the invoice calculation process, especially
           Receivables                 Delivery &      Invoices are accurately calculated and                  Management regularly assess the adequacy of the invoice         regarding discount calculation
                                       Invoicing       with the proper contents.                               content (e.g. invoice price, quantity, discount, payment        2.Run ERP Reports and other exception reports to list
                                                                                                               terms, exchange rate) and the correctness of the                discount rates different from the customer master data.
                                                                                                               calculation.                                                    Review the reasons for potential differences and check
                                                                                                                                                                               management regular review and approval
                                                                                                                                                                               3.Review any documents blocked due to errors in
                                                                                                                                                                               accounting interface, pricing, foreign trade. Errors should
                                                                                                                                                                               be corrected
REV        Revenue and     REV.05      Distribution,   Invoice Verification                     REV.05         Valued Added Taxes/ Sales Taxes/ Excise and Export              1.Review invoice-format settings and tax calculation
           Receivables                 Delivery &      Invoices are accurately calculated and                  Taxes                                                           2.Take samples of specific invoices (export, promotion,
                                       Invoicing       with the proper contents.                               Applicable taxes are accurately calculated and invoiced.        ...) and check tax calculation and compliance with local
                                                                                                               Management periodically assess compliance with tax and          regulation
                                                                                                               legal requirements. Where applicable, system-calculated
                                                                                                               taxes are included in invoice-format settings


REV        Revenue and     REV.05      Distribution,   Invoice Verification                     REV.05         Invoices in Foreign Currency                                    1. Review invoice-format settings for foreign sales.
           Receivables                 Delivery &      Invoices are accurately calculated and                  Exchange rates are correctly applied for foreign sales.         Check update process for exchange rate (who defines
                                       Invoicing       with the proper contents.                               Management periodically assess exchange rates applied           the applicable exchange rate, at which frequency..)
                                                                                                               to foreign sales. Where applicable, invoice-format settings     2. Run report to ensure that foreign customers are
                                                                                                               include information for currency of sale.                       invoiced in the right currency. Compare currency in
                                                                                                                                                                               customer master data with invoiced currency
                                                                                                                                                                               3. Run report of foreign sales and check accuracy of
                                                                                                                                                                               currency and exchange rate applied




                                                                                                                        Page 25/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                          REV Cycle



               Cycle       Sub-Cycle                                                                 Control                                                                                          Recommended
Cycle ID                                Sub-Cycle           Control Objective Description                           Description of the Recommended Control Activity
             Description      ID                                                                    Activity ID                                                                                       Validation steps
                                        Description

REV        Revenue and     REV.05      Distribution,   Invoice Verification                        REV.05         Three-way Matching                                              1.Check the three-way matching process (manual
           Receivables                 Delivery &      Invoices are properly generated and                        The existence of a shipping document triggers the               process, system supported, exception reports...)
                                       Invoicing       accurately recorded.                                       generation of a sales invoice. A monthly reconciliation is in   2.Check examples of reconciliations, run ERP Report,
                                                                                                                  place to ensure that all goods ordered are shipped and          review reason when items do not match
                                                                                                                  invoiced (the three-way match). The three-way match             3.Check finance management signature
                                                                                                                  ensures that information such as order number, quantities,      4.Review corrective action taken and supporting
                                                                                                                  etc... are referenced on all documents. Finance                 documentation
                                                                                                                  management reviews this reconciliation. In instances
                                                                                                                  where the sales order, shipping documents and invoices
                                                                                                                  do not match, the root cause is identified and the errors
                                                                                                                  are corrected in a timely manner. Where applicable, the
                                                                                                                  System is configured to automatically generate invoices
                                                                                                                  only for shipped orders based on sales-order and shipping
                                                                                                                  details. Data transferred from the order entry system to the
                                                                                                                  invoicing subsystem is balanced. Exception reports are
                                                                                                                  generated and followed-up in a timely manner.


REV        Revenue and     REV.05      Distribution,   Completeness of Invoicing Process      REV.05              Completeness of Invoicing Process                               1.Check parameter settings for invoicing process
           Receivables                 Delivery &      Ensure completeness and correctness of                     Invoices are sequentially numbered. Gaps or duplicates          (including outsourced invoicing process). Check whether
                                       Invoicing       the invoicing process.                                     are investigated and follow-up.                                 the system allows invoice number gaps or duplicates

REV        Revenue and     REV.05      Distribution,   Invoice Posting                           REV.05           Uninvoiced Shipments                                            1. Check that the procedure for goods delivered but not
           Receivables                 Delivery &      Goods shipped but not invoiced, resulting                  Procedures exist for the review of revenue recognition for      invoiced exists, is in line with the Accounting Manual and
                                       Invoicing       in sales understatement and delayed                        goods delivered but not invoiced (e.g.. review of log of        duly signed by finance management
                                                       cash flows.                                                billing documents where errors have occurred). Accruals         2. Review the report of all goods delivered but not
                                                                                                                  are recorded for all deliveries that have not been posted to    invoiced, check accounting treatment and management
                                                                                                                  sales. Where applicable, system-generated reports of all        signature. Check confirmation of the warehouse of the
                                                                                                                  products shipped and delivered but not invoiced, are            goods delivered but not invoiced
                                                                                                                  reviewed at least weekly. Discrepancies are aged and            3. Review correctness of revenue adjustments and
                                                                                                                  investigated. Revenue calculations are manually adjusted.       check management approval

REV        Revenue and     REV.05      Distribution,   Invoice Posting                           REV.05           Invoiced, but not Shipped                                       1. Check that the procedure for goods invoiced but not
           Receivables                 Delivery &      Goods invoiced but not shipped, resulting                  Procedures exist for the review of revenue recognition for      shipped exists, is in line with the Accounting Manual and
                                       Invoicing       in sales over-statement.                                   goods invoiced but not shipped (e.g. sales cut-off              duly signed by finance management
                                                                                                                  procedures). Revenue is reduced for all invoices                2. Review the report of all goods invoiced but not
                                                                                                                  generated for which the goods have not yet been shipped         shipped, check accounting treatment and management
                                                                                                                  or delivered. Where applicable, system-generated reports        signature. Check confirmation from the warehouse of the
                                                                                                                  reviewed at least weekly of all products invoiced but not       goods invoiced but not yet shipped
                                                                                                                  yet shipped. Discrepancies are investigated and revenue         3. Review correctness of revenue adjustments and
                                                                                                                  calculations manually adjusted.                                 check management approval


REV        Revenue and     REV.05      Distribution,   Invoice Posting                             REV.05         Revenue Cut-off                                                 1. Check that a month-end revenue cut-off procedure
           Receivables                 Delivery &      Sales are recorded in the correct period.                  Month-end revenue cut-off procedures include:- - review         exists, is in line with the Accounting Manual and duly
                                       Invoicing                                                                  invoices issued before and after month-end to ensure            signed by finance management
                                                                                                                  sales are recorded in the correct period Deliveries are         2. Review ERP Report, check accounting treatment to
                                                                                                                  reconciled regularly to invoices. This reconciliation is        ensure recording in the correct period, check
                                                                                                                  inspected by management and all errors identified are           management signature, check reconciliation with
                                                                                                                  corrected. - a confirmation from the warehouse of the           warehouse data
                                                                                                                  goods invoiced but not yet shipped. Procedures relating to      3. Check potential revenue adjustments for proper
                                                                                                                  revenue recognition are in accordance with the                  accounting treatment
                                                                                                                  Accounting Manual.




                                                                                                                           Page 26/77                                                                                                          1/5/2012 / 4:19 PM
                                                                                                                        REV Cycle



               Cycle       Sub-Cycle                                                               Control                                                                                           Recommended
Cycle ID                                Sub-Cycle           Control Objective Description                         Description of the Recommended Control Activity
             Description      ID                                                                  Activity ID                                                                                        Validation steps
                                        Description

REV        Revenue and     REV.05      Distribution,   Changes to Invoices after Issuance        REV.05         Debit/Credit Memos                                              1. Check that a debit/credit memo procedure exists, is in
           Receivables                 Delivery &      Changes to invoices are made with                        A documented procedure is in place to define reasons for        line with the Accounting Manual and duly signed by
                                       Invoicing       proper approval.                                         invoice changes after being issued. All adjustments made        finance management. This procedure should include the
                                                                                                                to invoices are duly approved by management.                    approval process for invoice changes, an invoice change
                                                                                                                Management establishes authority limits for any changes         form with reason for change
                                                                                                                made and defines a list of staff authorised to perform such     2. If possible, run a report of all changes brought to
                                                                                                                changes. Additional control activities for credit memos are     invoices, or take samples of invoice adjustments for a
                                                                                                                addressed in the Credit Processing sub-cycle.                   given period. Check that the changes input in the system
                                                                                                                                                                                are the ones mentioned in the change form, check that
                                                                                                                                                                                all change forms include reason for change and are duly
                                                                                                                                                                                approved
                                                                                                                                                                                3. Check list of employees authorized to perform invoice
                                                                                                                                                                                changes. Check that the employees who performed the
                                                                                                                                                                                change in the system were authorized to
                                                                                                                                                                                4. Review the reason for invoice changes: customer
                                                                                                                                                                                master data not updated, issue with the delivery, price
                                                                                                                                                                                changes, invoice processing issues, etc. Check whether
                                                                                                                                                                                corrective action have been taken to reduce invoice
                                                                                                                                                                                adjustments to a minimum


REV        Revenue and     REV.06      Returns         Standardisation of Product Returns        REV.06         Product Return Policy                                           1. Check that a product return policy exists, adhere to
           Receivables                 Management      Returns are in accordance with the                       Returns are in accordance with the Company's product            Group/Divisional policies, is up-to-date and duly
                                       & Credit        Companys return policy.                                  return policy. Subsequent changes to the policy are             approved by legal, sales and marketing, and FRA
                                       processing                                                               reviewed and approved by legal, sales and marketing, and        2. Check that the policy is communicated to relevant
                                                                                                                financial reporting and accounting (FRA) personnel prior to     employees (training, email, information meeting...)
                                                                                                                issuance.

REV        Revenue and     REV.06      Returns         Standardisation of Product Returns        REV.06         Product Return Policy                                           1.Check that authorisation limits for product returns are
           Receivables                 Management      Returns are in accordance with the                       Authorisation limits for product returns are established and    established and reviewed
                                       & Credit        Companys return policy.                                  periodically reviewed. A check that product returns are         2.Review management check about compliance with
                                       processing                                                               consistently authorised according to the defined criteria is    authorisation limits
                                                                                                                regularly performed by management.                              3.Take samples of product returns and check whether
                                                                                                                                                                                the authorisation is in line with established limits




REV        Revenue and     REV.06      Returns         Receipt and Processing of Returned        REV.06         Product Return Approval                                         1.Check existence of a product return approval form or
           Receivables                 Management      Goods                                                    Inventory Control / Quality Assurance accept product            equivalent
                                       & Credit        Returns are approved by management.                      returns only if approved by management. Approval is             2.Take samples of product returns accepted by
                                       processing                                                               typically documented on a Returned Materials                    Inventory/QA and check whether they are duly approved
                                                                                                                authorisation form or equivalent.


REV        Revenue and     REV.06      Returns         Receipt and Processing of Returned        REV.06         Tracking Product Returns                                        1. Check procedure for logged returned goods. Review
           Receivables                 Management      Goods                                                    All returned goods are logged when received. The log            log details
                                       & Credit        Returns are properly tracked and                         details items such as customers, goods, defects,                2. Reconcile logged product return with product return
                                       processing      returned to inventory.                                   inspections and assessment by quality control. Inventory        approval forms. Check that all approved product returns
                                                                                                                control / quality assurance reconciles the inventory log with   are logged before further processing. Check that the
                                                                                                                the product return approval forms.                              logged returned goods were duly approved


REV        Revenue and     REV.06      Returns         Receipt and Processing of Returned        REV.06         Tracking Product Returns                                        1.Check review procedure for outstanding product return
           Receivables                 Management      Goods                                                    Outstanding product return approval forms are reviewed          approval forms
                                       & Credit        Returns are collected in a timely manner.                weekly by Inventory Control / Quality Assurance.                2.List outstanding product return forms, review reason
                                       processing                                                                                                                               for potential delay in logging the inventory




REV        Revenue and     REV.06      Returns         Receipt and Processing of Returned        REV.06         Third Party Service Providers                                   1. Review contracts signed with third party service
           Receivables                 Management      Goods                                                    Management establishes a clear set of control objectives        providers, check that responsibilities, control objectives
                                       & Credit        Returns handled by third parties are                     for its third party processes, such as the logging of all       and monitoring process are defined
                                       processing      conducted in a controlled environment                    products received, the inspection of all products in            2. Review management monitoring of third party
                                                       and meet the control objectives defined                  accordance with regulations (this includes any locally          processes. Check whether a regular process is defined
                                                       by management.                                           enforced regulations), the destruction procedures and           and how it is documented
                                                                                                                disbursement controls. Management reviews the third             3. Review the product return process performed by the
                                                                                                                party processes regularly to ensure the third party is in       third party
                                                                                                                compliance with the control objectives.




                                                                                                                         Page 27/77                                                                                                          1/5/2012 / 4:19 PM
                                                                                                                    REV Cycle



               Cycle       Sub-Cycle                                                           Control                                                                                    Recommended
Cycle ID                                Sub-Cycle          Control Objective Description                      Description of the Recommended Control Activity
             Description      ID                                                              Activity ID                                                                                 Validation steps
                                        Description

REV        Revenue and     REV.06      Returns        Receipt and Processing of Returned     REV.06         Goods Destroyed by Third Parties                         1. Check process flow for goods to be destroyed by third
           Receivables                 Management     Goods                                                 Goods to be destroyed by the customer or third parties   parties. Check approval process for such destruction.
                                       & Credit       Goods destroyed by Third Parties are                  and not returned to inventory are inspected by the       Check prior inspection of Company personnel
                                       processing     properly tracked.                                     Company personnel. An authorisation form is then         2. Check that credits to customer for goods destroyed by
                                                                                                            submitted to management for approval before crediting    third parties have been approved in an authorisation
                                                                                                            the customer.                                            form by management
                                                                                                                                                                     3. Check that a destruction certificate is provided by third
                                                                                                                                                                     parties and archived with the credit memo
                                                                                                                                                                     4. Check that third party is a licensed company for stock
                                                                                                                                                                     destruction




                                                                                                                    Page 28/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                                       REV Cycle



               Cycle       Sub-Cycle                                                              Control                                                                                           Recommended
Cycle ID                                Sub-Cycle          Control Objective Description                         Description of the Recommended Control Activity
             Description      ID                                                                 Activity ID                                                                                        Validation steps
                                        Description

REV        Revenue and     REV.06      Returns        Accounting for Product Returns            REV.06         Provision for Product Returns                                   1. Check that the accruals for revenue deductions on
           Receivables                 Management     A provision for returns is established.                  A provision for product returns, based on historical returns    sales due to sales returns and unsellable products are
                                       & Credit                                                                and market knowledge, is established at the time of sale        reported according to Accounting Manual
                                       processing                                                              according to the Accounting Manual. The provision is            2. Review the parameters for the calculation of the
                                                                                                               reviewed by management on a monthly basis.                      provision for product return, check that the provision
                                                                                                                                                                               exists and is accurate
REV        Revenue and     REV.06      Returns        Standardisation of Credit Processing      REV.06         Credit Issuance Policy                                          1. Check that a procedure for credit issuance exists,
           Receivables                 Management     Credit Notes are duly authorised in                      Credit notes are in accordance with the Company's credit        adheres to Group/Divisional guidelines, is up-to-date and
                                       & Credit       accordance with the Companys Credit                      issuance policy. Authorisation limits for credit approval are   duly approved. This procedure may be included in the
                                       processing     issuance policy.                                         established as part of the policy and periodically reviewed.    procedure for debit/credit memos.
                                                                                                               Subsequent changes to the policy are reviewed and               2. Review authorisation limits for credit approval, check
                                                                                                               approved by legal, sales and marketing, and finance             that the list and function of staff authorised to issue credit
                                                                                                               personnel. A check that credit notes are issued according       memos is up-to-date. Check frequency of managements
                                                                                                               to the defined policy is regularly performed by                 review of such authorisation limits
                                                                                                               management.                                                     3. Check how management review compliance to the
                                                                                                                                                                               credit issuance policy (random testing report of all credit
                                                                                                                                                                               memos issued during a given period and issued by
                                                                                                                                                                               whom, etc...)


REV        Revenue and     REV.06      Returns        Processing of Credits                     REV.06         Credit Issuance Approval                                        1. Run a report of all credit notes for a given period.
           Receivables                 Management     Credit notes are issued after the goods                  Credit notes are issued only upon approval according to         Check the supporting documents and approval forms
                                       & Credit       are received.                                            the policies and procedures (e.g. Receipt or acceptance of      2. Check whether credit memos have been defined in the
                                       processing                                                              product returns, destruction notifications, pricing errors,     system with an automatic block. Once approved, the
                                                                                                               etc.). The credit note is reviewed by the Credit personnel      blocked credit memos should be released by
                                                                                                               against the supporting documents (e.g. original invoice,        management
                                                                                                               product return authorisation form and product return log)
                                                                                                               for accuracy and approval before processing the credit
                                                                                                               note. Credit notes are raised in such a way that they refer
                                                                                                               to the original invoice, in order to ensure that the same
                                                                                                               pricing is used and all trade deals are reversed.


REV        Revenue and     REV.06      Returns        Processing of Credits                     REV.06         Timely Issuance of Credits                                      1.Review reconciliation between product return log and
           Receivables                 Management     Credit notes are issued in a timely                      A monthly reconciliation of products returned to credits        credits issued. Check reason for potential delay in
                                       & Credit       manner.                                                  issued is performed to ensure that all customers whose          issuing credit note. Check management approval on
                                       processing                                                              products were properly authorised for return are properly       reconciliation
                                                                                                               issued credit. Management reviews this monthly
                                                                                                               reconciliation.
REV        Revenue and     REV.06      Returns        Processing of Credits                     REV.06         Understanding Reasons for Credit Issuance                       1.Review report classifying credit notes by reason code.
           Receivables                 Management     Reasons to issue credit notes are                        Credit notes are classified by reason code. Management          Check management regularly analyse this report and
                                       & Credit       traceable.                                               periodically review and analyse the report of credit notes      take corrective action
                                       processing                                                              issued by reason code. Root causes are investigated and
                                                                                                               followed-up.
REV        Revenue and     REV.06      Returns        Accounting for Credits                    REV.06         Estimation of Credits other than Product Returns or Sales       1.Check that the accruals for revenue deductions are
           Receivables                 Management     Calculate and record credit notes and                    Deductions                                                      properly reported.
                                       & Credit       adjustments to accounts receivable,                      A process is established to estimate the value of other         2.Review the parameters for the calculation of the
                                       processing     accurately.                                              credits (excluding credits issued for product returns and       provision, check that the provision exists and is accurate
                                                                                                               sales deductions as accounted for in the provision for
                                                                                                               product returns and sales deduction provisions) such as
                                                                                                               pricing issues. A provision for other credits is based on
                                                                                                               historical credits defined by the reasons for credit issuance
                                                                                                               and established at the time of sales in accordance with the
                                                                                                               Accounting Manual. Finance management reviews the
                                                                                                               calculation on a monthly basis.


REV        Revenue and     REV.07      Sales          Standardisation of Sales Deductions       REV.07         Sales Deduction Policy                                          1. Check that a sales deduction policy exists, adheres to
           Receivables                 Deductions     Deductions in sales value are in                         Deductions in the sales value resulting from the change in      Accounting Manual and other Group/Divisional
                                                      accordance with the Accounting Manual.                   standard terms and conditions relating to the price of the      guidelines, is up-to-date and duly approved by legal,
                                                                                                               products are typically the result of incentive programs to      sales and marketing, and FRA. Subsequent changes to
                                                                                                               increase sales, such as rebates, cash discounts, coupon         this procedure follows the same approval process
                                                                                                               programs, etc. The accounting for sales deductions must
                                                                                                               be performed in accordance the Accounting Manual.
                                                                                                               Subsequent changes to this policy is reviewed and
                                                                                                               approved by legal, sales and marketing, and financial
                                                                                                               reporting and accounting (FRA) personnel prior to
                                                                                                               issuance.




                                                                                                                        Page 29/77                                                                                                              1/5/2012 / 4:19 PM
                                                                                                                       REV Cycle



               Cycle       Sub-Cycle                                                              Control                                                                                         Recommended
Cycle ID                                Sub-Cycle          Control Objective Description                         Description of the Recommended Control Activity
             Description      ID                                                                 Activity ID                                                                                      Validation steps
                                        Description

REV        Revenue and     REV.07      Sales          Sales Deduction Approval                REV.07           Approval Process - Incentive Programs                          1. Check the actual approval process for deductions
           Receivables                 Deductions     Sales deductions are approved by                         Deductions in the sales value relating to incentive            related to incentive programs. Check compliance with
                                                      authorised employees.                                    programs can only be offered to customers if the               sales deduction policy
                                                                                                               deductions are approved by senior personnel.                   2. Take samples of sales deductions and review the
                                                                                                                                                                              supporting documents for approval by senior personnel



REV        Revenue and     REV.07      Sales          Sales Deductions Assessment             REV.07           Accurately Calculating Sales Deductions                        1. Check that sales deductions related to incentive
           Receivables                 Deductions     Deductions from sales are accurately                     Deductions from sales should be assessed at the time           programs exists and are reported in BS and IS.
                                                      calculated.                                              Company recognizes the sale of the product. The                2. Review the parameters for the calculation of sales
                                                                                                               deduction in sales value should be based on the                deductions related to incentive programs. Check that the
                                                                                                               underlying details of the existing program. Because the        calculation is accurate
                                                                                                               number of customers taking advantage of the program is         3. Check whether the calculation is reviewed on a
                                                                                                               not known in advance, the company may need to estimate         monthly basis
                                                                                                               the value of the sales deduction based on history of the
                                                                                                               current program or history of similar programs, if the
                                                                                                               program is new. Management should review the computed
                                                                                                               value monthly.
REV        Revenue and     REV.07      Sales          Sales Deductions Assessment             REV.07           Accurately Calculating Sales Deductions                        1.Check that actual past rate of sales deductions are
           Receivables                 Deductions     Deductions from sales are accurately                     Periodically compare the actual value of the sales             compared to current rate
                                                      calculated.                                              deductions (such as the rebates, chargebacks, etc.)            2.Check that difference are communicated to
                                                                                                               against the related value of past sales to assess the actual   management and followed up
                                                                                                               rate (or percentage) of sales deductions on sales This rate
                                                                                                               or percentage is compared against the current rate (or
                                                                                                               percentage) of sales deductions computed on current
                                                                                                               sales. Any difference is analysed and followed-up on a
                                                                                                               regular basis
REV        Revenue and     REV.07      Sales          Sales Deductions Assessment             REV.07           Accurately Calculating Sales Deductions                        1. Review the reconciliation between computed sales
           Receivables                 Deductions     Deductions from sales are accurately                     The computed Sales Deductions (including rate or               deduction with the planned ones
                                                      calculated.                                              percentages) used for financial reporting are reconciled to    2. Check management signature on reconciliation
                                                                                                               business plans and forecasts. Differences are identified       3. Review follow-up action
                                                                                                               and followed-up on a regular basis.


REV        Revenue and     REV.07      Sales          Sales Deductions Assessment             REV.07           Accurately Calculating Sales Deductions                        1.Review source documents warranting changes to sales
           Receivables                 Deductions     Deductions from sales are accurately                     Trends or other business factors warranting changes to         deduction rates, check for management approval and
                                                      calculated.                                              the Sales Deduction rates or percentages are reviewed          follow-up
                                                                                                               and approved by management.



REV        Revenue and     REV.07      Sales          Sales Deductions Assessment             REV.07           Cash Discounts - Late Payments                                 1.Run a report listing actual payment date, due date,
           Receivables                 Deductions     Discounts are not applied for late                       A policy is established for handling discounts in case of      discount
                                                      payments                                                 late payments. Management regularly review the                 2.Check management review of such a report and
                                                                                                               compliance with the policy.                                    potential follow-up action


REV        Revenue and     REV.08      Collections    Standard Collection Controls              REV.08         Collection Policy                                              1.Check that a collection policy exists, adheres to
           Receivables                                Ensure the existence of a cash collection                The Company has established a policy for collections (e.g.     Group/Divisional policies, is up-to-date and duly
                                                      policy.                                                  handling of cash or cheques, application of collections to     approved by management
                                                                                                               customer invoices, etc.). The policy specifically defines      2.Check that the policy is communicated to relevant
                                                                                                               tolerance limits, defining the level of authority for          employees (training, email, information meeting...)
                                                                                                               differences between cash due and cash received.                3.Check that the policy is regularly reviewed (latest
                                                                                                               Management reviews the policy on a regular basis and           update)
                                                                                                               adjusts the tolerance levels as seen fit.


REV        Revenue and     REV.08      Collections    Standard Collection Controls            REV.08           Reconciliation of Collections with Cash Deposited              1.Review reconciliation of collections with cash
           Receivables                                Collections are accurately recorded.                     The total daily cheque or cash collections per the cash        deposited. Check frequency of reconciliation, finance
                                                                                                               register are reconciled to the cheques or cash deposited       management signature
                                                                                                               in the bank and reviewed by Finance management.                2.In case of differences, review corrective action plan
                                                                                                               Differences are investigated and corrective action taken.      and actual completion dates




                                                                                                                        Page 30/77                                                                                                       1/5/2012 / 4:19 PM
                                                                                                                       REV Cycle



               Cycle       Sub-Cycle                                                              Control                                                                                          Recommended
Cycle ID                                Sub-Cycle          Control Objective Description                         Description of the Recommended Control Activity
             Description      ID                                                                 Activity ID                                                                                       Validation steps
                                        Description

REV        Revenue and     REV.08      Collections    Standard Collection Controls             REV.08          AR Balances in Foreign Currency                                1. If feasible, run a report listing the invoice amount a) in
           Receivables                                Collections are accurately recorded.                     Exchange differences are accurately calculated and             foreign currency b) in local currency at invoice date c) the
                                                                                                               posted to the appropriate general ledger account.              amount in local currency at period end or settlement date
                                                                                                                                                                              d) the exchange differences to be booked
                                                                                                                                                                              2. Alternatively, take samples of invoices for a given
                                                                                                                                                                              period and review the calculation of the exchange
                                                                                                                                                                              differences at period end or settlement date, the
                                                                                                                                                                              accuracy of the applied exchange rate and the posting
                                                                                                                                                                              according to Accounting Manual (IS accounts). Check
                                                                                                                                                                              that the exchange differences are posted as such and
                                                                                                                                                                              not as discounts or other deductions


REV        Revenue and     REV.08      Collections    Application of Standard Collection against REV.08        Reconciliation of Collections with Application - Procedure     1. Check that a procedure to apply collections exists, is
           Receivables                                AR                                                       A procedure exists to ensure cheque or cash receipts are       up-to-date and duly approved by management
                                                      Cash receipts are applied to the correct                 properly applied against individual customer-accounts.         2. Check that the policy is communicated to relevant
                                                      customer accounts in a timely fashion.                   Procedures should include: 1) Reconciliation of total          employees (training, email, information meeting...)
                                                                                                               cheques or cash received to decrease change in AR              3. Check how the procedure is monitored by
                                                                                                               subsidiary ledger; and 2) Random selection of cheques or       management: frequency, reports, statistics, etc...
                                                                                                               cash receipts to confirm the correct application against the   4. Review reconciliation of payments with AR. Check the
                                                                                                               customer account balance.                                      correct application to AR. Check one daily matching
                                                                                                                                                                              process: see if the appropriate bank payments are
                                                                                                                                                                              correctly matched to the relevant AR invoices and if the
                                                                                                                                                                              non matched bank payments are followed up by the
                                                                                                                                                                              responsible personnel




REV        Revenue and     REV.08      Collections    Application of Standard Collection against REV.08        Reconciliation of Collections with Application - Review        1.Review report of all unallocated payments. Compare
           Receivables                                AR                                                       Unallocated, unmatched or parked cheques or cash               date of payment receipt with report date. Review reason
                                                      Cash receipts are applied to the correct                 collections are reviewed weekly to ensure that all             for non application of older payment receipts
                                                      customer accounts in a timely fashion.                   documents are posted in a timely manner.
REV        Revenue and     REV.08      Collections    Application of Standard Collection against REV.08        Reconciliation of Collections with Application                 1.Check that major customers have confirmed their
           Receivables                                AR                                                       Annual statement of accounts is sent to customers.             customer balance at year end. Compare customer
                                                      Cash receipts are applied to the correct                 Discrepancies are noted and followed-up.                       balance according to customer to customer balance in
                                                      customer accounts in a timely fashion.                                                                                  entitys book
                                                                                                                                                                              2.Review discrepancies and follow up actions

REV        Revenue and     REV.08      Collections    Application of Standard Collection against REV.08        Monitoring the Timeliness of Application                      1.Run report comparing date of collection with date of
           Receivables                                AR                                                       Management monitors the time between the date the             application to AR
                                                      Cash receipts are applied to the correct                 collection is received and the date the collection is applied 2. Review reason for delay in applying collection to
                                                      customer accounts in a timely fashion.                   to the customer account. The results of the monitoring are customer account
                                                                                                               used to develop a more efficient process.


REV        Revenue and     REV.09      Collections   Application of Collection                 REV.09          Application of Collection                                      1. Review the reconciliation between payments received
           Receivables                 on Co-        Record cash receipts accurately.                          Payments received for co-licensing, co-promotional or co-      for co-licensing, co-promotional or co-marketing
                                       Licensing and                                                           marketing agreements are reconciled to the amounts             agreements and the payments due according to
                                       co-Marketing                                                            specified in the agreements and to the supporting              agreements. Check follow up actions in case of non-
                                       Agreements                                                              documentation to ensure that all cash is recorded only         payments or in case of payments received non applied to
                                                                                                               once.                                                          agreements
                                                                                                                                                                              2. Review the recording of such payments according to
                                                                                                                                                                              Accounting Manual and Divisional guidelines. Check
                                                                                                                                                                              approval from finance management

REV        Revenue and     REV.09      Collections   Application of Collection                 REV.09          Application of Collection                                      1. Review the communication procedure between
           Receivables                 on Co-        Record cash receipts accurately.                          A documented process for communicating payments                commercial and finance, including supporting
                                       Licensing and                                                           received for co-licensing, co-promotion or co-marketing        documents. Check that the procedures adhere to Group
                                       co-Marketing                                                            from commercial to the finance department exists.              and Divisional guidelines
                                       Agreements                                                                                                                             2. Take samples of payments and review the actual
                                                                                                                                                                              communication process to finance. Review the
                                                                                                                                                                              completeness of supporting documents, the
                                                                                                                                                                              communication flow. Compare to the procedure




                                                                                                                        Page 31/77                                                                                                            1/5/2012 / 4:19 PM
                                                                                                                       REV Cycle



               Cycle       Sub-Cycle                                                              Control                                                                                        Recommended
Cycle ID                                Sub-Cycle          Control Objective Description                         Description of the Recommended Control Activity
             Description      ID                                                                 Activity ID                                                                                     Validation steps
                                        Description

REV        Revenue and     REV.11      AR             Assessment of Aged Outstanding             REV.11        Review of Aged Open Account Balances                          1.Review aged open account report
           Receivables                 Management     Balances                                                 The aged open account report is reviewed monthly by           2.Review follow up actions and timeliness of action
                                                      Outstanding receivables are collected in a               management. Old items on the report are followed up and       completion
                                                      timely manner.                                           the actions including time-lines are defined for collecting   3.Review the dunning process. Take samples of aged
                                                                                                               the overdue amounts (e.g. dunning letters or legal dept       balances and check whether the dunning process was
                                                                                                               involvement). Adequate documentation of the dunning           correctly applied
                                                                                                               process is retained.                                          4.Review dunning statistics, dunning lists of customers
                                                                                                                                                                             and items dunned, blocked customers, log of changes to
                                                                                                                                                                             the dunning proposal




REV        Revenue and     REV.11      AR             Assessment of Aged Outstanding           REV.11          Review of Aged Open Account Balances                          1.Review the parameters for the calculation of the bad
           Receivables                 Management     Balances                                                 The bad debts provision supported by Aged Open                debts provision. Check compliance with Accounting
                                                      Estimates of future bad debts are                        Balances is at a minimum based on the policy established      Manual
                                                      accurately computed                                      within the Accounting Manual. Additional provisions are       2.Review accounting of the bad debts provision for
                                                                                                               established on a specific identification methodology. The     compliance with Acounting Manual
                                                                                                               reserve methodology is consistently applied for all bad
                                                                                                               debts.
REV        Revenue and     REV.11      AR             Assessment of Aged Outstanding           REV.11          Bad Debt Write-offs - Approval                                1.Review the procedure and authorisation level for write-
           Receivables                 Management     Balances                                                 Write-offs are effected only upon journal entry approval.     offs
                                                      Bad debt write-offs are approved by                      The form approving bad-debt write-offs is signed by           2.Check that all recorded write-offs are supported by a
                                                      authorised employees.                                    management depending on authorisation level. A                write-offs approval form. Review supporting
                                                                                                               procedure is established to define the approval level         documentation required for the write offs, check proper
                                                                                                               (CFO, Sales Manager, CEO), the frequency of the review        approval
                                                                                                               and the supporting documentation required for the write-      3.Review monthly report of all write-offs/adjustments.
                                                                                                               offs. Supporting documentation is retained. Management        Check management signature
                                                                                                               inspects a report of all write offs/adjustments monthly and   4.Check that the credit data update is run before period-
                                                                                                               takes action on all invalid entries.                          end



REV        Revenue and     REV.11      AR             Assessment of Aged Outstanding            REV.11         Bad Debt Write-offs - Review                                  1. Review the assessment of the allowance for doubtful
           Receivables                 Management     Balances                                                 Review annual write-offs in comparison to current year        accounts based on the calculation of the historical write-
                                                      Historical write-offs are reviewed to                    bad debt expense and the period ended allowance for           offs rate
                                                      assess accuracy of allowance for doubtful                doubtful accounts to measure the historical accuracy of
                                                      account methodology.                                     the methodology used for assessing the allowance for
                                                                                                               doubtful accounts.
REV        Revenue and     REV.11      AR             Managing Cash Flows                      REV.11          Working Capital Initiatives                                   1.Check whether working capital initiatives exist and how
           Receivables                 Management     Working capital management strategy is                   Initiatives to reduce the working capital are defined and     they are defined. Where applicable, check compliance
                                                      defined.                                                 monitored by management.                                      with Divisional initiatives, check implementation and
                                                                                                                                                                             results


REV        Revenue and     REV.11      AR             Managing Cash Flows                      REV.11          Working Capital Initiatives                                   1.Check whether a policy for charging interest to
           Receivables                 Management     Interest charges for late payments are                   A policy for charging interest to aged open account           customers for late payments exist. Review the monitoring
                                                      calculated and debited.                                  balances is established defining the criteria for charging    process
                                                                                                               customers for late payments. Management regularly             2.Take samples of late payments and check compliance
                                                                                                               monitors the compliance with the policy. The likelihood of    with the policy
                                                                                                               collection of the interest component should be assessed
                                                                                                               prior to recognition.




                                                                                                                        Page 32/77                                                                                                        1/5/2012 / 4:19 PM
                                                                                                                              REV Cycle

                                                                                                                                           Assessment
                                                (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                          Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
           Recommended
                                        activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
             Evidences
                                         to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Procedures and flow charts (e.g.
User Authorization Management)
approved by management
2. Job descriptions and organisation
chart
3. Access to system inline with job
description
4. User access rights report from ERP
system reviewed by management




1. Procedures and flow charts (e.g.
User Authorization Management)
approved by management
2. SoD matrix including mitigating
controls
3. Signed access rights authorisation
forms
4. User access rights report from ERP
system reviewed by management




1.Description of the password
protection system. Password must be
changed on a regular basis.




1.Configuration requirements approved
by management and where necessary,
by Division




1. Procedure reviewed regularly,
updated where necessary and duly
approved
2. Creation request forms duly
approved and documented
3. Results of the comparison between
master data creation and creation
request forms. Master data change
reports




                                                                                                                              Page 33/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                  REV Cycle

                                                    (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                              Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                            activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                             to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Procedure updated and duly
approved
2. Form for master data change
requests duly approved and
documented
3. Results of the comparison between
master data changes and master data
change requests
4. Master data changes reports




1.Procedure updated and approved
2.List of customers or prices not
updated for a given period approved by
management. As corrective measure,
master data change requests to update
or delete those master data
3.Sales statistics by customer reviewed
by management and if necessary,
deletion requests for invalid or inactive
customers


1. Approved and updated procedures
2. Approved list of relevant employees
3. Evidence that the procedures were
communicated: copy of email, training
programmes..., result of survey




1. Reconciliation between system
access and authorised employees
approved by management




                                                                                                                                  Page 34/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                  REV Cycle

                                                    (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                              Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                            activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                             to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Contracts duly completed and
approved by Commercial and Legal
2. List of deviations between customer
master data and contracts duly
approved and monitored
3. Cockpits report reviewed
4. Samples of sales orders matched
with sales contract and customer
master data




1.Contracts updated and duly approved
by Commercial and Legal
2.Documentation for justifying deviation
from standard contracts duly updated
and approved



1. Memo from Finance approving the
contract arrangements and defining the
proper accounting treatment, or memo
recommending changes to contract
terms reviewed and reflected into
contracts

1. Memos from Legal, Commercial and
Finance approving the final contract
arrangements
2. Final contract duly signed according
to SOP

1. Report listing changes to contracts
input in the system, duly approved by
management, and if appropriate, by
Legal and Accounting
2. Contracts amendments duly
approved in case systems changes
were valid, but contracts were not up-to-
date
3. List of the correction brought to
invalid system entries




                                                                                                                                  Page 35/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                 REV Cycle

                                                   (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                             Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
           Recommended
                                           activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
             Evidences
                                            to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Reviewers written observation about
the contracts repository, if available
memo of building administrator stating
that the access is restricted, etc...
2. List of authorised personnel duly
approved and up-to-date
3. Results of sample checks about the
location of some contracts. Reason
why contracts are not maintained at the
central repository




1.Contract register duly maintained and
updated
2.Test results regarding completeness
of register
3.Procedure/process flow describing
how to register new contracts and
contracts amendments




1.Report of all expiring contracts
reviewed by management
2.List of sales order placed after
contract expiry date and related
justification/approval by management



1.Audit report including reason for
conducting the audit
2. Corrective action/s taken by
management to ensure compliance to
specific terms and conditions signed
and agreed in the agreement




1.Report from the independent
reviewer highlighting any deviation from
the authorised spend




                                                                                                                                 Page 36/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                  REV Cycle

                                                    (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                              Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                            activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                             to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1.Event report duly approved, complete
and regularly monitored by
management
2. Reports or tests conducted to
monitor compliance with
company/divisional policies




1. Credit control policy up-to-date and
duly approved
2. Monitoring process defined by
Finance
3. Exception reports reviewed by
Finance, including follow up for
corrective measures




1. Process flow how credit limit are
actually fixed and revised
2. Credit control policy duly approved
and up-to-date
3. Credit limits with supporting
documentation (e.g. Dunn and
Bradstreet; bank statements; other
credit agencies; payment history, sales
history, inputs from sales department...)




1. Credit limit change forms with
Finance decision and signature
2. Test results of rejected credit limit
change forms compared to credit limit
in the system
3. Customer Master Changes report
with evidence of review




1. Pricing policy up-to-date and duly
approved
2. Monitoring process defined by
Finance
3. Exception reports reviewed by
Finance including follow up of
corrective measures




                                                                                                                                  Page 37/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                  REV Cycle

                                                    (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                              Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                            activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                             to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Pricing change reports duly reviewed
and signed by management
2. Test results for date of management
approval compared to date of price
change in the system
3. Test results for rejected price
changes compared to value in the
system
4. Promotion requests duly approved
by management and applied
5. Exception reports comparing
invoiced net price with sales order price
of customer master data price,
reviewed and approved by
management, including supporting
documentation (approved price change
report, approved promotion request ...)



1. Exception reports reviewed and
approved by management, with
supporting documentation (approved
price change report, approved
promotion request ...)
2. Approved list of employees with
access to price change functionality
3. Where applicable, SOD matrix with
compensating control and evidence
that compensating control is performed

1. Approved and updated policy
2. Evidence that the policy is
communicated: copy of email, training
programmes
3. Reports or tests conducted by
Finance to monitor compliance with
sales order policy
4. Results of check comparing actual
order processing with the one
described by the policy




1.Export orders with complete backing
documentation
2.List of orders pending due to missing
papers




1.Sales with supporting documents
2.List of incomplete orders duly
reviewed




                                                                                                                                  Page 38/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                  REV Cycle

                                                    (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                              Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                            activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                             to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Numbering system based
2. Sales orders outside the system with
proper approval and documentation




1. List of orders exceeding credit limits
(blocked or not blocked) reviewed and
approved by management




1. Report with balances of Cash on
delivery customers reviewed and
approved by management. Follow up of
corrective action taken




1.List of orders below a minimum value
approved by management
2.Policy defining (or not according to
context) minimum sales order value
1. Sales report including key trade-
loading indicators reviewed by sales
management and Finance
2. Trade loading policy duly approved




1.List of pending orders (incl. reason)
signed by management
2.Follow up action plan



1.Monthly KPI report of late deliveries
signed by management




1.Procedure for sales order
cancellation duly approved by
management (maybe included in sales
order processing policy)
2.List of cancelled orders with
supporting documentation and
authorisation
1.Cancelled orders as KPI mentioned in
sales report




1. Approved and updated procedures
2. Evidence that the procedures were
communicated: copy of email, training
programmes..., result of survey




                                                                                                                                  Page 39/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                  REV Cycle

                                                    (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                              Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                            activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                             to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Report of all undelivered sales
orders , including reason for not
delivering the goods, duly reviewed and
signed by management
2. Where applicable, contract with third-
party distributor including KPI. KPI
reviewed by management
3. Report comparing delivery notes with
goods issue, target delivery quantities
with actual




1.Proof of delivery linked to sales
orders and invoices

1. Approved and updated procedure
2. Evidence that the procedure was
communicated: copy of email, training
sessions

1.ERP reports reviewed by
management
2.Where necessary, printout of
corrective accounting treatment to
ensure compliance with Accounting
Manual.
3.Report comparing delivery dates with
goods issue dates
1. Approved and updated procedures
2. Evidence that the procedures were
communicated: copy of email, training
programmes...
3. Reports reviewed by management,
where necessary corrective action plan
4. Delays in invoicing reviewed and
approved by management



1.Invoice control process defined and
reviewed by management
2.Exception reports, including reason
for exception, signed and reviewed by
management
3.Report of invoices blocked for posting
with no errors


1.System parameters for invoice
calculation
2.Test results for compliance with local
regulation




1. System parameters for exchange
rate input and calculation
2. Exception report comparing currency
in customer master data with invoiced
currency signed by management. If
necessary, signed printout of corrective
postings
3. Report with applied exchange rate
reviewed and signed by management.
If necessary, signed printout of
corrective accounting treatment




                                                                                                                                  Page 40/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                 REV Cycle

                                                   (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                             Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                           activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                            to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1.Three-way matching, exception
reports, reconciliation duly approved by
finance management
2.Printouts, documents supporting
corrective actions




1.Description of parameter settings
ensuring that invoices are sequentially
numbered

1. Procedure for goods shipped but not
invoiced up-to-date and duly signed.
2. Report of all goods delivered but not
invoiced reviewed and signed by
finance management
3. List of revenue adjustments,
including their accounting treatment,
reviewed and signed by finance
management

1. Procedure for goods invoiced but not
shipped, up-to-date and duly signed
2. Report of all goods invoiced but not
shipped reviewed and signed by
finance management
3. List of revenue adjustments,
including their accounting treatment,
reviewed and signed by finance
management


1. Procedure for month-end revenue
cut-off , up-to-date and duly signed
2. Cockpits reports reviewed and
signed by finance management. List of
discrepancies with reason and
corrective transactions
3. List of revenue adjustments,
including their accounting treatment,
reviewed and signed by finance
management




                                                                                                                                 Page 41/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                   REV Cycle

                                                     (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                               Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                             activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                              to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Invoice changes procedure uptodate
and duly signed
2. Invoice change forms, including
reason for change, duly approved.
Evidence that the invoice changes
input in the system is the one
mentioned on the change form (e.g.
print out of invoice change, report of
invoices changes performed after the
change form approval date...)
3. List of employee authorized to
perform invoice changes in the system.
Report mentioning the userid of
employees having performed invoice
changes
4. Analysis of reasons for invoice
changes. Action plan for corrective
reason in case of recurring issues



1. Duly approved and updated
procedures
2. Evidence that the procedures were
communicated: copy of email, training
programmes



1.List of authorisation limits, list of
employees authorised to perform
product returns
2.Management checks duly signed
3.Results of test checking compliance
with authorisation limits. In case of non-
compliance, approval of management
and list of corrective measures


1.Product return approval form
2.Results of test checking proper
approval for accepted product returns
3.In case of non-compliance, approval
of management and list of corrective
measures

1. Process flow for logged product
return
2. Result of the reconciliation between
inventory log and product return
approval forms



1.List of outstanding product return
approval forms duly signed by
Inventory control/QA




1. Contracts signed with third party
service providers including control
objectives, control assessment,
responsibilities...
2. Documents supporting
managements review of third party
processes: minutes of meetings and
visits to third party, copy of control
assessment performed by the third
party for the processes under its
responsibility, etc...



                                                                                                                                   Page 42/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                               REV Cycle

                                                 (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                           Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
           Recommended
                                         activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
             Evidences
                                          to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Process flow or procedure for goods
destroyed by third parties duly
approved and signed by management
2. Inspection report of Company
personnel.
3. Authorisation form for destruction
signed by management
4. Credit memo with authorisation form
for destruction and copy of the
destruction certificate issued by a
licensed company




                                                                                                                               Page 43/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                    REV Cycle

                                                      (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                                Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                              activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                               to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Documents detailing the calculation
of the provision for product returns




1. Procedure for credit issuance up-to-
date and duly approved by legal, sales
and marketing, and finance
2. Updated list of authorisation limits for
credit approval, reviewed by
management
3. Management control process:
reports signed, test results, memo to
employees etc...




1. Credit notes with complete set of
supporting documents, including
management approval
2. System configuration for automatic
block of credit memos
3. List of person authorized to release
blocked credit memos (should be
different from employee creating the
credit memo)
4. List of blocked credit memos waiting
for release by authorised person


1.Reconciliation approved by
management
2.If necessary, action list for corrective
measures and follow-up


1.Report and analysis of report duly
signed by management
2.Remediation plan to root causes for
credit issuance

1.Documents detailing the calculation
of the provision for revenue deductions
2.Analysis of provision movements and
variation




1. Procedure for sales deduction policy,
including subsequent changes, up-to-
date and duly approved by legal, sales
and marketing, and finance




                                                                                                                                    Page 44/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                  REV Cycle

                                                    (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                              Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                            activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                             to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Sales deductions approval form
signed by senior personnel




1. Documents detailing the calculation
of the sales deduction related to
incentive programs at a monthly basis,
signed by management
2. Form IS and BS




1.Report analysing differences between
actual past rate and current rate of
sales deduction, signed by
management
2.Documents supporting the
differences or correction of the current
rate of sales deduction



1. Reconciliation duly approved by
management
2. Business plans/forecasts including
planned rate of sales deductions
3. Documents supporting the
differences

1.Documents mentioning trends or
business factors reviewed by
management
2.Follow up action plan approved by
management


1.Report signed by management
2.Evidence of follow up action: letter to
customer, suppression of discount
during a given period, etc....


1.Duly approved and updated
procedures
2.Evidence that the procedures were
communicated: copy of email, training
programmes




1.Reconciliation duly reviewed and
approved by finance management
2.Corrective action plan reviewed by
management




                                                                                                                                  Page 45/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                   REV Cycle

                                                     (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                               Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                             activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                              to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1. Report calculating exchange
differences reviewed by management
2. IS accounts reviewed by
management
3. Test results for selected invoices




1. Duly approved and updated
procedure
2. Evidence that the procedure was
communicated: copy of email, training
programmes...
3. Description of the monitoring process
by management. Copy of
documents/reports used by
management to monitor process
4. Reconciliation of payments with AR
reviewed by management. Results of
random selection of payment to check
correct booking
5. List of corrective measures in case of
incorrect application
1.Report of unallocated payments duly
approved by management
2.Follow up plan for older payment
receipts non applied to AR
1.List comparing customer balance
according to customer to balance
according to Company signed by
management
2.List of corrective measures reviewed
by management
1. Report comparing date of collection
with date of application to AR reviewed
by management
2. List of corrective measures if delay in
application


1. Reconciliation reviewed and signed
by commercial and finance
management
2. Follow up actions in case of
discrepancies in the reconciliation
3. Journal entries approved by finance
management



1. Procedure up-to-date and approved
by commercial and finance
management
2. Test results comparing actual
process to procedure reviewed by
commercial and finance management




                                                                                                                                   Page 46/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                 REV Cycle

                                                   (Q1)             (Q2)              (Q3)                   (Q4)                       (Q5)                     (Q6)                          (Q7)                  (Q8)                (Q9)
                                             Is this control   If No, explain   Is this control    Additional comments to        Frequency of control      Documentation (e.g.       Evidence of Control (e.g.   Control owner     Staff trained to
            Recommended
                                           activity relevant        why.        performed? If     control activity (free text)                          procedures, flowcharts...)       report signed by        (Job title and   control activity?
              Evidences
                                            to your entity?                       yes, how ?                                                                                              management...)            Name)               (Y/N)

1.Aged open account report signed by
finance management
2.Dunning letters to customers. Letters
from legal to customers
3.Corrective postings in case of
application of collections to wrong
customer accounts
4.Description of the dunning process
5.Results of test checking correct
application of dunning process
6.Dunning statistics


1.Detailed calculation of the bad debts
provision signed by finance
management




1.Procedure updated and duly
approved
2.Write-offs approval forms with
supporting documentation and
approval according to authorisation
level
3.Test results checking that recorded
write-offs are supported by required
documents
4.Monthly report of all write-
offs/adjustments reviewed by
management
5.Credit data update of the allowance
1.Annual assessment
for doubtful accounts based on
historical data




1.Working capital initiatives defined by
management
2.Report monitoring compliance with
those initiatives duly signed by
management

1.Policy updated and duly approved
2.Report used for monitoring
compliance signed by management
3.Results of checks verifying
compliance with policy




                                                                                                                                 Page 47/77                                                                                                           1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

                                          Remediation                                                                                                   Testing
    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 48/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 49/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 50/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 51/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 52/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 53/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 54/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 55/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 56/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 57/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 58/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 59/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 60/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 61/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                          REV Cycle

    (Q10)                     (Q11)                      (Q12)                (Q13)       Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 1 Testing Period 2 Testing Period 2 Testing Period 2 Testing Period 2
Maturity level     If Maturity is level 4 or 5,   Responsible person        Due Date                          Likelihood         Impact       Tester's name                       Likelihood         Impact       Tester's name
 from 1 to 5     define your remediation plan.    for remediation plan     (dd/mm/yy)       (Pass/Fail)    (High/Medium/L (High/Medium/L                        (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                         remediation plan                        ow)               ow)                                               ow)               ow)




                                                                                                          Page 62/77                                                                                                      1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                     PUR Cycle




                                                                                                  Control Matrix                                                                                                                                                                                                            Assessment                                                                                                                     Remediation                                                                                            Testing
                                                                                                                                                                                                                                                   (Q1)             (Q2)              (Q3)             (Q4)              (Q5)               (Q6)               (Q7)              (Q8)                (Q9)             (Q10)                 (Q11)                     (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                             Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation         Evidence of       Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1              1             1                2                  2              2             2
               Cycle                                      Control Objective          Control        Description of the Recommended                        Recommended                                    Recommended                       activity relevant        why.        performed? If      comments to          control     (e.g. procedures,   Control (e.g. report (Job title and   control activity?    from 1 to 5                5,               for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                     Sub-        Sub-Cycle
             Description                                    Description             Activity ID             Control Activity                              Validation steps                                 Evidences                        to your entity?                       yes, how ?      control activity                     flowcharts...)       signed by           Name)                (Y/N)                               define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                            Cycle ID     Description
                                                                                                                                                                                                                                                                                                    (free text)                                          management...)                                                               remediation plan.                                                                          ow)            ow)                                               ow)            ow)

PUR        Purchasing and   PUR.01     Segregation of   Segregation of Duties      PUR.01         Segregation of Duties                        1. Review procedures on User                 1. Procedures approved by management
           Payables                    Duties/          Appropriate                               Segregation of duties is properly            Authorization Management                     (e.g. User Authorization Management)
                                       Configuration/   segregation of duties                     defined and reflected in job                 2. Review SoD matrix with updated job        2. Job descriptions and organisational
                                       Procedures       are in place for                          descriptions and role profiles. The          descriptions and system access               chart
                                                        functional                                duties and responsibilities of               3. Review role profile report in ERP         3. SoD matrix including mitigating controls
                                                        responsibilities.                         employees are segregated within the          system
                                                                                                  functional responsibilities, including: 1)   4. Review adequacy of compensating
                                                                                                  Maintenance of Vendor Master File            controls
                                                                                                  data; 2) Purchasing requisition; 3)
                                                                                                  Purchasing ordering; 4) Goods and
                                                                                                  service receipt; 5) Processing the
                                                                                                  return of goods received; 6) Accounts
                                                                                                  payable adjustments; 7) Processing
                                                                                                  disbursements, encompassing e-
                                                                                                  banking payments and smart cards
                                                                                                  (country specific); 8) G/L accounting. In
                                                                                                  the absence of proper segregation of
                                                                                                  duties, compensating controls (e.g.
                                                                                                  monitoring of controls with certain
                                                                                                  reports, four eyes principle, minimum
PUR        Purchasing and   PUR.01     Segregation of   Segregation of Duties      PUR.01         System Access Rights                         1. Review procedure on User                  1. Procedures approved by management
           Payables                    Duties/          Users have correct                        System access rights are properly            Authorization Management                     (e.g. User Authorization Management)
                                       Configuration/   access rights to                          designed to ensure segregation of            2. Review SoD matrix with updated job        2. Job descriptions and organisational
                                       Procedures       financial information.                    duties across functional responsibilities    descriptions and system access               chart
                                                                                                  is maintained. User profiles in the          3. Review Access Rights Report from          3. SoD matrix including mitigating controls
                                                                                                  system are monitored and reviewed.           ERP system                                   4. Access change forms approved by
                                                                                                  The review is documented and any             4. Review ERP standard reports               authorized personnel
                                                                                                  unauthorised system access rights are
                                                                                                  corrected in the system.

PUR        Purchasing and   PUR.01     Segregation of   Segregation of Duties      PUR.01         Password Protection                          1. Review procedures on User           1. Procedures approved by management
           Payables                    Duties/          Access to system                          System access is protected through           Authorization Management               (e.g. User Authorization Management)
                                       Configuration/   transactions are                          system passwords. The ability to             2. Review system audit log             2. Reviewed system configuration
                                       Procedures       restricted through                        access transactions is permitted only        3. Review procedures that should cover 3. Reviewed Audit log report
                                                        individual passwords.                     with the use of a personalised individual    minimum standards with regards to
                                                                                                  password. Passwords should be                password management
                                                                                                  changed on a regular basis


PUR        Purchasing and   PUR.01     Segregation of   System Configuration PUR.01               Vendor Master File Data and Other            1. Review procedures on vendor master        1. Procedures approved by management
           Payables                    Duties/          The configuration of                      Systems                                      data management and other systems            2. Approved forms for
                                       Configuration/   vendor master file data                   The configuration of vendor master file      2. Review vendor master file and ensure      creating/changing/deleting master
                                       Procedures       and other systems is                      data, as well as other ancillary systems     data creation is aligned to procedures       data/configuration settings
                                                        appropriate.                              such as cash disbursements, accounts         3. Review ERP system configuration           3. Evidence of ERP configuration referring
                                                                                                  payables subsidiary ledger and general       referring to business rules (e.g. creation   to business rules (e.g. creation of account
                                                                                                  ledger, meets the information needs of       of account groups)                           groups)
                                                                                                  management to effectively monitor the        4. Review output of ERP standard
                                                                                                  business (e.g. definition of business        report
                                                                                                  rules with regard to mandatory fields of
                                                                                                  vendor master data etc.).

PUR        Purchasing and   PUR.01     Segregation of   System Configuration       PUR.01         System Processing                            1. Review procedures on system               1. Procedures approved by management
           Payables                    Duties/          System is configured                      Totalling, sequence checking,                configuration                                2. Evidence of the ERP configuration
                                       Configuration/   to execute periodic                       computer matching and/or one-for-one         2. Ensure configuration settings exists      related to the Electronic Data Interfaces
                                       Procedures       updates for batch                         checking are utilised to ensure system       for the linkage of:                          (EDI)
                                                        processing accurately                     synchronisation is completely and            - PR and order placement                     3. Evidence of the configuration of the
                                                        and completely.                           accurately accomplished in the               - Receipt of goods and services              system (e.g. Tolerance limits reflecting the
                                                                                                  following areas:1) Purchase                  - Invoice receipt                            defined business rules)
                                                                                                  requisitions and order placement;2)          - Cash disbursement
                                                                                                  Receipt of Goods and Services;3)             3. Review definition of the business
                                                                                                  Invoice Receipt; and 4) Cash                 rules (e.g. definition of tolerances) and
                                                                                                  Disbursements.                               ensure they are reflected in the system

PUR        Purchasing and   PUR.01     Segregation of   System Configuration       PUR.01         Posting to General Ledger Accounts        1. Review procedures covering general           1. Procedures approved by management
           Payables                    Duties/          System is configured                      The system is configured to post to the ledger accounts                                   2. Reviewed ERP configuration
                                       Configuration/   to properly post                          General Ledger account selected by        2. Ensure ERP configuration includes
                                       Procedures       transactions directly to                  the requisition.                          mapping of transaction types to G/L
                                                        the general ledger.                                                                 account groups
PUR        Purchasing and   PUR.01     Segregation of   Procurement                PUR.01         Procurement Procedures                    1. Review procedures covering                   1. Procedures approved by management
           Payables                    Duties/          Procedures                                Local procedures shall be established procurement process
                                       Configuration/   Local purchasing                          to define the procurement process.
                                       Procedures       procedures are                            These procedures shall include: 1) a
                                                        established and                           clear statement to define, of the total
                                                        communicated.                             third party expenditures, what is in-
                                                                                                  scope and out-of-scope of the
                                                                                                  procurement process (see examples of
                                                                                                  possible exemptions below) 2) for the
                                                                                                  in-scope expenditures (goods and
                                                                                                  services), a clear statement to define
                                                                                                  the criteria or thresholds that are to be
                                                                                                  applied to ensure that all expenditures
                                                                                                  of material value are subject to
                                                                                                  appropriate controls, including, for
                                                                                                  example, when procurement must be
                                                                                                  involved (where procurement exists as
                                                                                                  a separate function) and when
                                                                                                  competitive bidding is necessary.
                                                                                                  Specific exemptions may include:
                                                                                                  Litigation services; Inter-company
                                                                                                  purchases or cross charges; Employee
                                                                                                  insurance contributions; Taxes,
                                                                                                  Royalties and Patents; Licenses
                                                                                                  (except software licenses); Sponsoring,
                                                                                                  Grants and Honoraria; Subsidies and
                                                                                                  Donations; Fees for professional
                                                                                                  associations; Subscriptions for books
                                                                                                  and magazines; Entertainment and
                                                                                                  travel expenses (other than airlines,
                                                                                                  train, hotel and car hire); Course or
                                                                                                  seminar registration fees; Merger &
PUR        Purchasing and   PUR.02     Vendor           Vendor Selection           PUR.02         Formal Review procedures                  1. Review procedures covering new               1. Procedures approved by management
           Payables                    Management       Ensure only                               A processes should be established to vendor selection                                     2. Evidence of supplier form duly signed
                                                        appropriate vendors                       ensure that all new vendors are           2. Choose samples and review new                according to the authorization matrix
                                                        are selected.                             assessed and approved. Where              suppliers selected                              3. Reviewed new vendor list
                                                                                                  applicable, assessment and approval       3. Ensure vendors selected have been
                                                                                                  processes should include a review of      approved according to procedures
                                                                                                  the existing vendor and contracts
                                                                                                  (global, regional and local) to limit
                                                                                                  multiple vendors supplying the same
                                                                                                  goods or services and be flexible to
                                                                                                  reflect the criticality of the business
                                                                                                  relationship. Risk Assessment criteria,
                                                                                                  should depend on the business
                                                                                                  relationship, and should include: -
                                                                                                  Financial performance - Business
                                                                                                  continuity - Capability to meet quality
                                                                                                  requirements - Reliability - Adherence
                                                                                                  to laws / regulations

PUR        Purchasing and   PUR.02     Vendor           Vendor Selection           PUR.02         Vendor Performance                           1. Review procedures defining vendors        1. Procedures approved by management
           Payables                    Management       Ensure only                               Service standards are built into vendor      performance                                  2. Contracts or agreements with suppliers
                                                        appropriate vendors                       agreements for strategic suppliers.          2. Review list of strategic suppliers        3. Vendor KPI report
                                                        are selected.                             Regular vendor assessments are               3. Review contracts with strategic           4. Documented complaints and follow-up
                                                                                                  performed to measure and validate the        suppliers, ensuring KPIs are included        action
                                                                                                  vendors performance.                         4. Review vendors evaluation forms           5. Evidence of vendor evaluation forms

PUR        Purchasing and   PUR.02     Vendor           Changes to Vendor       PUR.02            New Vendors - Approval Process               1. Review procedures for ensuring that       1. Procedures approved by management
           Payables                    Management       Master File Data                          Procedures are established and               responsible personnel utilises "match        2. Approved new supplier forms
                                                        Changes to the                            documented to control new vendor             codes" to identify possible duplication      3. Reviewed report on master data
                                                        configuration of master                   master file data, as well as information     of master record and that naming             creation/change/deletion, reviewed output
                                                        file data is authorised                   added to other ancillary systems such        conventions are established to assure        of ERP standard report
                                                        by finance                                as cash disbursement, Account                that same vendor details have not been
                                                        management, e.g..                         Payables (A/P) subsidiary ledger and         created under different names (e.g.
                                                        CFO or his/her                            general ledger.                              PWC and P w C)
                                                        delegate.                                                                              2. Choose samples and review new
                                                                                                                                               approved suppliers
                                                                                                                                               3. Review list of suppliers and check if
                                                                                                                                               they have been approved according to
                                                                                                                                               procedures
                                                                                                                                               4. Review report on master data
                                                                                                                                               creation/change/deletion, review output
                                                                                                                                               of ERP standard report
PUR        Purchasing and   PUR.02     Vendor           Changes to Vendor       PUR.02            Vendor Master File Data Changes -            1. Review procedures on vendor master        1. Procedures approved by management
           Payables                    Management       Master File Data                          Approval Process                             file data changes                            2. Approved changes to supplier
                                                        Changes to the                            Procedures are established and               2. Choose samples and review changed         information form
                                                        configuration of master                   documented that ensure the four eyes         suppliers                                    3. Reviewed report on master data
                                                        file data is authorised                   principle is established for changes to      3. Ensure vendors data are                   creation/change/deletion, reviewed output
                                                        by finance                                vendor master file data, as well as other    changed/updated according to                 of ERP standard report
                                                        management, e.g..                         ancillary systems such as cash               procedures
                                                        CFO or his/her                            disbursement, Account Payable (A/P)          4. Check if vendor master record
                                                        delegate.                                 subsidiary ledger and general ledger.        comparison is performed to ensure that
                                                                                                  All changes to master file data,             records created in FI (Accounting) are
                                                                                                  including source lists, as well as other     also created MM (purchasing)
                                                                                                  systems are documented on vendor
                                                                                                  data change forms and approved.
                                                                                                  Exception reports of changes to master
                                                                                                  files are produced and are reviewed by
                                                                                                  management against the authorised
                                                                                                  change forms or relevant source
                                                                                                  documentation.
PUR        Purchasing and   PUR.02     Vendor           Changes to Vendor          PUR.02         Duplicate vendors                            1. Review procedures on vendor master 1. Procedures approved by management
           Payables                    Management       Master File Data                          Edit and validation checks exist in the      file data changes
                                                        Input changes to                          vendor master file and other ancillary
                                                        standing data                             systems to check for potential duplicate
                                                        completely and                            vendors upon initial set-up and verify
                                                        accurately.                               the accuracy of key vendor master data
                                                                                                  fields entered. In most cases, it is
                                                                                                  recommended to configure the
                                                                                                  systems to perform the edit and
                                                                                                  validation checks on-line. The system
                                                                                                  should be configured to check for
                                                                                                  duplicate names, addresses or other
                                                                                                  key data fields and flag the transaction
                                                                                                  for review before further processing. If
                                                                                                  a system does not support this
                                                                                                  function, an annual review should be
                                                                                                  carried out using alternative tools like
                                                                                                  excel or data downloads to screen
                                                                                                  names, addresses, postal codes, bank
                                                                                                  information, VAT number or federal tax
                                                                                                  number, DUNS etc.).




                                                                                                                                                                                                                                                                                                                                      Page 63/77                                                                                                                                                                                                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                 PUR Cycle




                                                                                                                                                                                                                                               (Q1)             (Q2)              (Q3)             (Q4)              (Q5)               (Q6)               (Q7)              (Q8)                (Q9)             (Q10)                 (Q11)                     (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                         Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation         Evidence of       Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1              1             1                2                  2              2             2
               Cycle                                     Control Objective       Control        Description of the Recommended                         Recommended                                    Recommended                      activity relevant        why.        performed? If      comments to          control     (e.g. procedures,   Control (e.g. report (Job title and   control activity?    from 1 to 5                5,               for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                     Sub-        Sub-Cycle
             Description                                   Description          Activity ID             Control Activity                               Validation steps                                 Evidences                       to your entity?                       yes, how ?      control activity                     flowcharts...)       signed by           Name)                (Y/N)                               define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                            Cycle ID     Description
                                                                                                                                                                                                                                                                                                (free text)                                          management...)                                                               remediation plan.                                                                          ow)            ow)                                               ow)            ow)

PUR        Purchasing and   PUR.02     Vendor          Keeping Data Current    PUR.02         Keeping Data Current                         1. Review procedures                          1. Procedures approved by management
           Payables                    Management      Master file data                       Purchasing department and Accounts           2. Review output of ERP standard              2. Reviewed output of ERP standard
                                                       reflects only current                  Payable reviews the Vendor Master List       reports                                       reports
                                                       vendors                                annually to either delete and-or             3. Check for suppliers in the master file     3. Evidence of follow-up actions where
                                                                                              deactivate inactive vendors.                 without transactions for more than a year     needed




PUR        Purchasing and   PUR.02     Vendor          Contract Items prices PUR.02           Contract Items prices                        1. Review procedures covering pricing         1. Procedures approved by management
           Payables                    Management      Ensure correct entry of                Prices and suppliers for contract items      2. Review vendor price report and             2. Evidence that prices from quotations,
                                                       price and supplier for                 are entered into the ERP or other            ensure alignment with established             agreements electronic catalogs or
                                                       contract items.                        system according to approved                 conditions defined in the contracts with      contracts with vendors are checked in the
                                                                                              contracts and amendments.                    key suppliers                                 ERP system
                                                                                                                                           3. Reviewed output from ERP standard
                                                                                                                                           reports(Conditions by Info Records -
                                                                                                                                           Vendor prices changes/info records -
                                                                                                                                           Vendor prices changes/Contracts -
                                                                                                                                           Vendor prices changes/Scheduling
                                                                                                                                           Agreements)
PUR        Purchasing and   PUR.03     Purchase        Purchase Requisition PUR.03            Purchase Requisition and Order               1. Review policies on purchase                1. Policies and flow charts approved by
           Payables                    Requisitions    and Order Placement                    Placement Procedures                         requisition and order placement               management
                                       and Order       Ensure request for                     Procedures are established to define         management                                    2. Authorisation policy is aligned with
                                       Placement       quotes, purchase                       the requirement for and the process of       2. Financial Authority Limits                 defined limits.
                                                       requisitions, and                      competitive bidding and supplier             3. Ensure policies are communicated           3. Evidences that policies were
                                                       purchase orders are                    selection. These procedures should           (e.g. intranet, emails etc)                   communicated (e.g. intranet, emails etc)
                                                       prepared in a standard                 set the framework for establishing self-     4. Ensure all relevant documentation is       4. Evidence that all relevant documentation
                                                       manner.                                explanatory, vendor neutral                  archived in accordance with local             is archived in accordance with local
                                                                                              specifications, identifying appropriate      requirement                                   requirement
                                                                                              vendors who will be invited to tender
                                                                                              and the definition of final selection
                                                                                              criteria. Management adequately
                                                                                              communicates the procedures to the
                                                                                              appropriate personnel to ensure that
                                                                                              goods and services are obtained only
                                                                                              from properly authorised suppliers. The
                                                                                              compliance to the policy is regularly
                                                                                              monitored by Finance. All relevant
                                                                                              documentation should be archived in
                                                                                              accordance with local requirements or
                                                                                              for Company purposes for at least the
                                                                                              current years plus two years beyond
                                                                                              contract terms.

PUR        Purchasing and   PUR.03     Purchase        Purchase Requisitions- PUR.03          Purchase Requisitions Accuracy               1. Review procedures covering                 1. Procedures approved by management
           Payables                    Requisitions    Accuracy and                           Edit and validation checks are               purchase requisition management               2. List of approved purchase requisitions
                                       and Order       Completeness                           performed in order to ensure that only       2. Review Purchase Requisition list and       supported by quotations
                                       Placement       Ensure correct entry of                accurate and valid purchase                  ensure correct details with regards to        3. Evidence of edit and validation checks
                                                       price, quantity,                       requisitions are created. Purchase           supplier information                          including support of any correction and/or
                                                       amounts, vendor, or                    requisitions are checked for correct                                                       follow up on items investigated
                                                       account numbers.                       entry of price, supplier, cost centre on a
                                                                                              timely basis. Financial competencies
                                                                                              are considered according to the local
                                                                                              Authorized Limits as defined in the
                                                                                              purchasing procedures.

PUR        Purchasing and   PUR.03     Purchase        Purchase Requisitions- PUR.03          Purchase Requisition Approval                1. Review procedures covering                 1. Procedures approved by management
           Payables                    Requisitions    Accuracy and                           Procedures are in place for review and       purchase requisition management               2. Reviewed list of approved purchase
                                       and Order       Completeness                           approval of purchase requisitions. All       2. Obtain a listing of PRs and randomly       requisitions/purchase orders
                                       Placement       Ensure correct entry of                purchase requisitions are reviewed by        check PRs for approval to ensure
                                                       price, quantity,                       an authorised person with valid financial    authorizations are in line with the limits
                                                       amounts, vendor, or                    competencies and for any other local         stablished.
                                                       account numbers.                       requirements e.g. restricted
                                                                                              commodities.
PUR        Purchasing and   PUR.03     Purchase        Competitive Bids for    PUR.03         Long-term Contracts                          1. Review the local and global contract       1. Procedures approved by management
           Payables                    Requisitions    Purchasing                             Long-term supply contracts are               archive                                       2. Evidence that long-term contracts are
                                       and Order       Ensure purchases                       reviewed by Finance and Legal                2. Review the Contract Register or            current, ensuring no evergreen extensions
                                       Placement       competitive in terms of                management in accordance with local          equivalent, obtain any long-term supply       exist, and that they are approved by
                                                       price and quality.                     policies. Length of long-term contracts      contracts and ensure that there are no        Finance and Legal
                                                                                              should be rarely longer than 2 or 3          evergreen extensions (contract                3. List with detailed analysis/comments
                                                                                              years at most (no evergreen extension).      expiration date)                              reviewed at least once a year
                                                                                                                                           3. Review list with detailed
                                                                                                                                           analysis/comments
PUR        Purchasing and   PUR.03     Purchase        Purchase Orders -       PUR.03         New Purchase Orders                          1. Review procedures ensuring                 1. Procedures approved by management
           Payables                    Requisitions    Accuracy and                           New purchase orders are reviewed by          completeness, accuracy and validity of        2. Evidence that purchase orders
                                       and Order       Completeness                           the requisitioner for compliance to          new contracts prior to be converted into      conditions are in line with Company
                                       Placement       Ensure correct entry of                contract terms. New contracts, are           purchase orders                               standard terms and conditions
                                                       price, quantity,                       reviewed by legal, purchasing, and           2. Ensure purchase orders conditions          3. Where deviations exist, evidence that
                                                       amounts, vendor, or                    accounting personnel, or other               are in line with the contracts, where         terms and conditions are approved by
                                                       account numbers.                       personnel, in accordance with the local      deviations exist, and where applicable,       Legal, Accounting and Purchasing
                                                                                              policies to ensure the contracts are         ensure terms and conditions are
                                                                                              complete, accurate and valid. Detailed       approved by Legal, Accounting and
                                                                                              contract terms for new contracts             Purchasing
                                                                                              entered into new purchase orders are         3. If no contracts exist, ensure purchase
                                                                                              reviewed by the requisitioner by             orders conditions are in line with
                                                                                              comparing to the written contract.           Company standard terms and conditions
                                                                                              Differences are investigated and
                                                                                              resolved in a timely manner.
PUR        Purchasing and   PUR.03     Purchase        Purchase Orders -       PUR.03         Changes to Existing Purchase Orders          1. Review procedures ensuring changes         1. Procedures approved by management
           Payables                    Requisitions    Accuracy and                           All pricing changes related to               to existing contracts are complete,           2. Evidence that changes to conditions in
                                       and Order       Completeness                           agreements/contracts and purchase            accurate and validate prior to be             the PO are in line with Company standard
                                       Placement       Ensure correct entry of                orders which are not maintained by an        converted into purchase orders                terms and conditions
                                                       price, quantity,                       operational or strategic purchase            2. Ensure purchase orders conditions          3. Where deviations exist, evidence that
                                                       amounts, vendor, or                    function are reviewed regularly.             are in line with the contracts, where         terms and conditions are approved by
                                                       account numbers.                       Differences are investigated on a timely     deviations exist, and where applicable,       Legal, Accounting and Purchasing
                                                                                              basis.Significant changes to existing        ensure terms and conditions are               4. Reviewed output of ERP standard
                                                                                              contract terms are reviewed by legal,        approved by Legal, Accounting and             reports
                                                                                              purchasing and accounting or other           Purchasing
                                                                                              personnel in accordance with the local       3. If no contracts exist, ensure changes
                                                                                              policy to ensure the contracts are           to conditions in the purchase orders are
                                                                                              complete, accurate and valid (e.g.           in line with Company standard terms and
                                                                                              compliance checks, price changes,            conditions
                                                                                              quatity changes). Changes to existing        4. Review output of ERP standard
                                                                                              contract terms and information               reports and ensure all deviation are
                                                                                              amended on the purchase order are            justified
                                                                                              reviewed against the changes to any
                                                                                              written contract by the requisitioner.
                                                                                              Differences are investigated and are
                                                                                              resolved in a timely manner.
PUR        Purchasing and   PUR.03     Purchase        Purchase Orders -       PUR.03         Matching Against Purchase Requisition        1. Review procedures covering            1. Procedures approved by management
           Payables                    Requisitions    Accuracy and                           Purchase orders are matched with the         purchase order management                2. Reviewed cross referenced Purchase
                                       and Order       Completeness                           generated purchase requisition.              2. Review the Purchase Order report      Order to Purchase Requisition report (for
                                       Placement       Ensure correct entry of                Establish procedures to ensure               showing cross references to Purchase ERP systems transaction)
                                                       price, quantity,                       purchase orders created without              Requisitions
                                                       amounts, vendor, or                    reference to a purchase requisition are      3. Follow up on purchase orders that are
                                                       account numbers.                       reviewed regularly.                          issued without purchase requisitions

PUR        Purchasing and   PUR.03     Purchase        Purchase Orders -       PUR.03         Edit and Validation Check for Purchase       1. Review procedures covering                 1. Procedures approved by management
           Payables                    Requisitions    Accuracy and                           Orders                                       purchase order management                     2. Evidence of follow-up of non-compliant
                                       and Order       Completeness                           Edit and validation checks exist to verify   2. Ensure purchase orders conditions          transactions
                                       Placement       Ensure correct entry of                key data (principally the supplier used,     are in line with Company standard terms       3. Reviewed output of ERP standard
                                                       price, quantity,                       item categories, account assignments,        and conditions                                reports
                                                       amounts, vendor, or                    price, delivery date and spend limits)       3. Where deviations exist, ensure terms
                                                       account numbers.                       entered onto purchase orders agrees          and conditions are approved by Legal,
                                                                                              to properly approved vendors included        Accounting and Purchasing
                                                                                              in the vendor data master file and the       4. Review output of ERP transactional
                                                                                              terms of the contract. Differences in the    reports and review any deviation and
                                                                                              key data are investigated and resolved       justification
                                                                                              on a timely basis. It is recommended to
                                                                                              perform the edit and validation checks
                                                                                              on-line. The system should be
                                                                                              configured to check the names,
                                                                                              addresses or other key data fields and
                                                                                              flag the transaction for review before
                                                                                              further processing. If a system does
                                                                                              not support this function, an annual
                                                                                              review should be carried out using
                                                                                              alternative tools like excel or data
                                                                                              downloads to screen names,
                                                                                              addresses, postal codes, bank
PUR        Purchasing and   PUR.03     Purchase        Appropriate Approval    PUR.03         Purchase Order Approval                      1. Review procedures covering                 1. Procedures approved by management
           Payables                    Requisitions    of Purchase Orders                     Procedures are established to ensure         purchase order management                     2. Evidence of follow-up of non-compliant
                                       and Order       Validate and approve                   that purchase orders are reviewed and        2. Ensure purchase orders conditions          transactions
                                       Placement       purchase transactions                  authorised in a timely manner by an          are in line with Company standard terms       3. Reviewed output of standard ERP
                                                       appropriately.                         authorised person prior to release. In       and conditions                                reports
                                                                                              the absence of an electronic approval        3. Where deviations exist, ensure terms
                                                                                              flow for approving purchase                  and conditions are approved by Legal,
                                                                                              requisitions/purchase orders, the            Accounting and Purchasing
                                                                                              following are items to be reviewed by        4. Review output of standard ERP
                                                                                              management: 1) Ensure that the local         reports
                                                                                              procurement procedures have been
                                                                                              correctly implemented; 2) Review unit
                                                                                              price for each item or unit of service on
                                                                                              the purchase order to ensure they are
                                                                                              within the tolerance limits; 3) Review the
                                                                                              account assignment to ensure they are
                                                                                              valid 4) Approve the purchase order
                                                                                              prior to being sent to suppliers (may
                                                                                              require two signatures
                                                                                              manual/electronic approval to comply
                                                                                              with local rules).

PUR        Purchasing and   PUR.03     Purchase        Appropriate Approval    PUR.03         Purchase Order Approval Limits               1. Review procedures covering                 1. Procedures approved by management
           Payables                    Requisitions    of Purchase Orders                     Personal authorisation limits are            purchase order management                     2. Evidence that approval limits are
                                       and Order       Validate and approve                   established which allow authorised           2. Ensure purchase orders approval            reflected in the system according to the
                                       Placement       purchase transactions                  users to approve purchase orders or          limits are in line with SLA - Authorization   job descriptions and SLA - Authorization
                                                       appropriately.                         requisitions within their financial          Limits System                                 Limits System
                                                                                              authority. It is recommended that the        3. Where deviations exist, ensure
                                                                                              limits are configured in the system for      evidence of prompt follow-up action
                                                                                              on-line approval of the purchase
                                                                                              orders.
PUR        Purchasing and   PUR.03     Purchase        Appropriate Approval    PUR.03         Blanket Purchase Orders                      1. Review procedures covering  1. Procedures approved by management
           Payables                    Requisitions    of Purchase Orders                     Where applicable, an exception report        purchase order management      2. Reviewed output of ERP standard
                                       and Order       Validate and approve                   for "blanket" or "framework" purchase                                       report
                                                                                                                                           2. Review output of ERP standard
                                       Placement       purchase transactions                  orders with maximum or no value limits                                      3. Evidence that blanket Order or
                                                                                                                                           report and check for POs issued either
                                                       appropriately.                         is reviewed on a quarterly basis.                                           Framework Contracts are reviewed
                                                                                                                                           without prices and/or quantities
                                                                                              Discrepancies are identified and                                            regularly and reconciled to individual
                                                                                                                                           3. Ensure alignment of subsequent
                                                                                              followed up on a timely basis.                                              contracts
                                                                                                                                           Purchase Orders with Blanket Orders or
                                                                                                                                           Framework Contracts            4. Evidence that exceptions are promptly
                                                                                                                                                                          followed-up
PUR        Purchasing and   PUR.03     Purchase        Appropriate Approval PUR.03            Purchase Order Acknowledgements        1. Review procedures covering        1. Procedures approved by management
           Payables                    Requisitions    of Purchase Orders                     Depending on the established           purchase order management            2. Purchase order acknowledgements
                                       and Order       Wherever                               procedures acknowledgments could be 2. Review purchase order                tracked and compared against the
                                       Placement       acknowledgements are                   required. Purchase order               acknowledgement and ensure alignment purchase order
                                                       required, ensure they                  acknowledgements should then be        with PO
                                                       are controlled,                        tracked and compared against the
                                                       processed and                          purchase order. Eventual exceptions
                                                       matched with purchase                  should be investigated with the vendor
                                                       orders.                                and corrected as needed.




                                                                                                                                                                                                                                                                                                                                  Page 64/77                                                                                                                                                                                                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                              PUR Cycle




                                                                                                                                                                                                                                            (Q1)             (Q2)              (Q3)             (Q4)              (Q5)               (Q6)               (Q7)              (Q8)                (Q9)             (Q10)                 (Q11)                     (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                      Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation         Evidence of       Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1              1             1                2                  2              2             2
               Cycle                                     Control Objective      Control        Description of the Recommended                       Recommended                                   Recommended                       activity relevant        why.        performed? If      comments to          control     (e.g. procedures,   Control (e.g. report (Job title and   control activity?    from 1 to 5                5,               for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                     Sub-        Sub-Cycle
             Description                                   Description         Activity ID             Control Activity                             Validation steps                                Evidences                        to your entity?                       yes, how ?      control activity                     flowcharts...)       signed by           Name)                (Y/N)                               define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                            Cycle ID     Description
                                                                                                                                                                                                                                                                                             (free text)                                          management...)                                                               remediation plan.                                                                          ow)            ow)                                               ow)            ow)

PUR        Purchasing and   PUR.03     Purchase        Appropriate Approval PUR.03           Purchase Orders sent to the same            1. Review procedures covering               1. Procedures approved by management
           Payables                    Requisitions    of Purchase Orders                    supplier                                    purchase order management                   2. Reviewed output of ERP standard
                                       and Order       Avoid circumvention of                A process is established to avoid           2. Review output of ERP standard            reports
                                       Placement       approval flow by cost                 purchase orders sent to the same            reports and check if purchase orders        3. Evidence of follow-up of non-compliant
                                                       centre owner and                      supplier, same goods/service, same          are sent to the same vendors having the     transactions
                                                       misuse of auto-                       cost centre, within short time period and   same cost centre within one month
                                                       approval process.                     with a value of the purchase order
                                                                                             below the defined approval limit. A
                                                                                             detail list of such occurrences is
                                                                                             prepared and reviewed by
                                                                                             management on a regular basis.
                                                                                             Unusual activity is investigated and
                                                                                             followed-up on a timely basis.
                                                                                             Corrective action is taken for all non-
                                                                                             compliant events in the last 12 months.

PUR        Purchasing and   PUR.03     Purchase        Follow-up of Open and PUR.03          Overdue Purchase Orders                     1. Review procedures covering               1. Procedures approved by management
           Payables                    Requisitions    Overdue Purchase                      The detailed list of all "open" or          purchase order management                   2. Reviewed output of ERP reports
                                       and Order       Orders                                "overdue" purchase orders is reviewed       2. Review output of ERP reports             3. Evidence of follow-up of overdue
                                       Placement       Investigate and resolve               quarterly, investigated and resolved or     3. Confirm management is vigilant and       purchase orders
                                                       overdue purchase                      closed on a timely basis. Where             follows up on all open Purchase Orders
                                                       orders.                               appropriate, liabilities are corrected
                                                                                             accordingly.


PUR        Purchasing and   PUR.03     Purchase        Managing Orders        PUR.03         Re-order Limits and Re-stocking             1. Review procedures covering            1. Procedures approved by management
           Payables                    Requisitions    Effectively                           Levels Established and Approved             purchase order management                2. Reviewed stock levels
                                       and Order       An order placement                    For direct purchasing, re-stocking          2. Review of stock levels and evaluation 3. Reviewed output of ERP reports
                                       Placement       process is in place to                levels and re-order quantities are          of appropriateness of indirect
                                                       ensure that items are                 established and approved for each           expenditures
                                                       ordered when needed.                  item. The levels and quantities are         3. Where appropriate review actual
                                                                                             reviewed regularly to ensure they are       stock versus re-stocking levels for
                                                                                             reasonable. In a system based               reasonableness
                                                                                             environment, purchase orders are            4. Review output of ERP reports
                                                                                             generated automatically when re-order
                                                                                             or re-stocking trigger levels are
                                                                                             reached.
PUR        Purchasing and   PUR.03     Purchase        Purchase Price Control PUR.03         Purchase price control                      1. Review procedures covering               1. Procedures approved by management
           Payables                    Requisitions    Control purchase price                Compare purchase prices from a prior        purchase order management                   2. Reviewed output of ERP reports
                                       and Order       of the materials.                     period with a recent period. Check the      2. Review output of ERP reports             3. Evidence of follow-up of pricing
                                       Placement                                             data for suspect price variances.           3. Check if there are expenditure           changes within Purchase Orders on a
                                                                                                                                         analysis performed by management            monthly basis


PUR        Purchasing and   PUR.04     Receipt of      Goods and Services      PUR.04        Matching Procedures                         1. Review procedures ensuring open          1. Procedures approved by management
           Payables                    Goods and       are Properly Received                 Accounts Payable or Logistics               purchase orders are tracked and             2. Reviewed output of ERP reports
                                       Services        Ensure goods                          functions reconcile open purchase           adequately closed                           3. Evidence of GR/IR suspense account
                                                       received equal goods                  orders for ensuring that only ordered       2. Review output of ERP reports             review in conjunction with Open PO report
                                                       ordered and within the                goods and/or services were received.        3. Check if there are open Purchase
                                                       set tolerances, or that               Items that do not match are recorded to     Orders
                                                       the services have been                a suspense account and followed-up
                                                       performed.                            on a timely basis. Where applicable, it
                                                                                             is recommended that the system based
                                                                                             controls are configured to ensure that
                                                                                             goods physically received into the
                                                                                             system are automatically reconciled
                                                                                             with the open purchase order.
                                                                                             Exception reports are reviewed by
                                                                                             management and resolved on a timely
                                                                                             basis.
PUR        Purchasing and   PUR.04     Receipt of      Goods and Services      PUR.04        Clearing the Suspense Account               1. Review procedures determining the        1. Procedures approved by management
           Payables                    Goods and       are Properly Received                 The open items in the good received or      tolerance limits of deliveries, the         2. Reviewed output of ERP reports
                                       Services        Ensure goods                          service rendered suspense account           clearing of open GR-IR accounts and         3. Evidence of supporting documentation
                                                       received equal goods                  records are analysed and matched by         the monitoring of purchase orders           on clearance of transactions in GR/IR
                                                       ordered and within the                Accounts Payable or Logistics               without GR                                  suspense account
                                                       set tolerances, or that               functions to ensure only open items         2. Ensure debits and credits of open
                                                       the services have been                remain in the suspense account. The         GR-IR accounts equal zero after
                                                       performed.                            suspense account should be cleared          reconciliation
                                                                                             on a monthly basis.                         3. Review output of ERP reports
                                                                                                                                         4. Obtain a monthly GR/IR account
                                                                                                                                         reconciliation and validate against
                                                                                                                                         supporting documentation




PUR        Purchasing and   PUR.04     Receipt of      Goods and Services      PUR.04        Goods Received Meet Tolerance               1. Review procedures ensuring               1. Procedures approved by management
           Payables                    Goods and       are Properly Received                 Limits                                      appropriate tolerances in value and         2. Evidence of the configuration of the
                                       Services        Ensure goods                          Adequate tolerance limits have been         quantities of purchase orders and           system
                                                       received equal goods                  set and approved, limiting the value and    deliveries received                         3. Reviewed output of ERP reports
                                                       ordered and within the                percentage of differences between           2. Review configuration of the system       4. Tolerances policy document
                                                       set tolerances, or that               purchase order and goods received.          3. Review output of ERP reports             5. Evidence that tolerances are in line with
                                                       the services have been                Deliveries outside the appropriate          4. Check if there are any deviations with   management policy
                                                       performed.                            tolerances are blocked for                  regard to the goods receipts and
                                                                                             investigation. The discrepancies are        established tolerance limits
                                                                                             investigated by management and              5. Obtain a monthly GR/IR account
                                                                                             adjusted on a timely basis to ensure        reconciliation and validate against
                                                                                             appropriate vendor payments are             supporting documentation
                                                                                             made.
PUR        Purchasing and   PUR.04     Receipt of      Goods and Services    PUR.04          Goods Received Meet Tolerance               1. Review procedures covering goods         1. Procedures approved by management
           Payables                    Goods and       are Properly Received                 Limits                                      and services received                       2. Reviewed output of ERP reports
                                       Services        Investigate instances                 A detailed exception report of              2. Review output of ERP reports             3. Tolerances policy document
                                                       where tolerances have                 instances where over delivery               3. Check if there are any deviations with   4. Evidence that tolerances are in line with
                                                       been overwritten.                     tolerances have been overridden when        regard to the goods receipts and            management policy
                                                                                             raising purchase orders is reviewed.        established tolerance limits
                                                                                             Follow up discrepancies on a timely         4. Obtain a monthly GR/IR account
                                                                                             basis.                                      reconciliation and validate against
                                                                                                                                         supporting documentation

PUR        Purchasing and   PUR.04     Receipt of      Goods and Services      PUR.04        Changes of Goods Receipt Key Data           1. Review procedures covering goods         1. Procedures approved by management
           Payables                    Goods and       are Properly Received                 Standard reports for price and quantity     and services received                       2. Reviewed output of ERP reports
                                       Services        Ensure correct entry of               changes are reviewed regularly and          2. Review output of ERP reports             3. Tolerances policy document
                                                       price, quantity,                      differences outside of tolerance limits     3. Check if there are any deviations with   4. Evidence that tolerances are in line with
                                                       amounts, vendor, or                   are investigated on a timely basis by       regard to the goods receipts and            management policy
                                                       account numbers.                      management.                                 established tolerance limits
                                                                                                                                         4. Obtain a monthly GR/IR account
                                                                                                                                         reconciliation and validate against
                                                                                                                                         supporting documentation

PUR        Purchasing and   PUR.04     Receipt of      Goods and Services     PUR.04         Purchase Order Closure                   1. Review procedures covering goods            1. Procedures approved by management
           Payables                    Goods and       are Properly Received                 Purchase orders are closed when the      and services received                          2. Evidence that tolerances for purchase
                                       Services        Ensure open orders                    goods are fully received or the services 2. Review output of ERP reports                order closures are in line with
                                                       are closed correctly                  are fully performed.                     3. Check if all relevant open purchase         management policy and defined business
                                                       after goods receipt or                                                         orders are closed according to the             rules
                                                       service performance.                                                           GR/IR situation                                3. Configuration of the system or program
                                                                                                                                                                                     closing the purchase orders that are within
                                                                                                                                                                                     a defined tolerance
                                                                                                                                                                                     4. Reviewed output of ERP reports
PUR        Purchasing and   PUR.04     Receipt of      Goods and Services     PUR.04         Receipts without Invoices                   1. Review procedures covering goods         1. Procedures approved by management
           Payables                    Goods and       are Properly Received                 A monthly report is generated that lists    and services received                       2. Evidence that tolerance limits are
                                       Services        Ensure open orders                    receipts for which a supplier invoice       2. Review systems configuration with        reflected in the system
                                                       are closed correctly                  has not been received. All differences      regards to tolerance limits                 3. Evidence that tolerances for invoice
                                                       after goods receipt or                should be resolved in a timely manner.      3. Review output of ERP reports             receipts are in line with management
                                                       service performance.                                                              4. Check all open purchase orders           policy and defined business rules
                                                                                                                                         where invoices have not been received       4. Reviewed output of ERP reports
                                                                                                                                         5. Through discussions with Finance         5. Evidence of GR/IR account
                                                                                                                                         obtain a monthly GR/IR account              reconciliation with corresponding
                                                                                                                                         reconciliation and validate against         documentation
                                                                                                                                         supporting documentation
PUR        Purchasing and   PUR.04     Receipt of      Goods and Services      PUR.04        Outstanding Open Goods Receipt              1. Review procedures ensuring the           1. Procedures approved by management
           Payables                    Goods and       are Properly Received                 Follow up procedures are identified for     monitoring and review of cancelled          2. Reviewed output of cancelled and/or
                                       Services        Investigate and resolve               appropriately clearing goods receipts       and/or reversed material documents          reversed material documents and ERP
                                                       outstanding open                      exceptions. Review on a timely basis all    2. Review output of cancelled and/or        reports
                                                       goods receipt.                        goods received to ensure that material      reversed material documents and ERP         3. Evidence of follow-up of all open
                                                                                             does not sit un-receipted for an            reports                                     purchase orders that still have outstanding
                                                                                             extended period of time. Material           3. Check and follow-up all open             open goods receipts
                                                                                             documents are reversed-cancelled in         purchase orders that still have
                                                                                             the event of an erroneous goods             outstanding open goods receipts
                                                                                             receipts. These reversals always
                                                                                             reference the original entry.
                                                                                             Additionally, personnel review reports
                                                                                             of material document
                                                                                             reversals/cancellations to appropriately
                                                                                             monitor the activity.
PUR        Purchasing and   PUR.04     Receipt of      Goods Reversals after PUR.04          Goods Reversals after Invoice Receipt       1. Review procedures covering goods         1. Procedures approved by management
           Payables                    Goods and       Invoice Receipt                       A report is developed to identify all       and services received                       2. Reviewed output of ERP reports
                                       Services        Ensure goods                          goods reversals after invoice receipt.      2. Review output of ERP reports             3. Evidence of review of GR/IR suspense
                                                       reversed after invoice                This report is reviewed regularly and       3. GR/IR suspense account is reviewed       accounts
                                                       receipt are identified                exceptions resolved.                        in conjunction with ERP reports. Goods
                                                       and blocked for                                                                   receipt accruals are reversed upon
                                                       duplicate payment on a                                                            invoice receipt and any differences
                                                       timely basis.                                                                     between the two are investigated and
                                                                                                                                         cleared

PUR        Purchasing and   PUR.04     Receipt of      Receipts are            PUR.04        Receipts are Recorded in the Proper         1. Review procedures covering goods         1. Procedures approved by management
           Payables                    Goods and       Recorded in the                       Period - Cut-off Procedures                 and services received                       2. Reviewed output of ERP reports
                                       Services        Proper Period                         Procedures exist and are implemented        2. Review output of ERP reports             3. Evidence of review of GR/IR suspense
                                                       Ensure correct                        to ensure the receipt of goods and          3. GR/IR suspense account is reviewed       accounts
                                                       postings of the receipt               services are captured in the correct        by management
                                                       of goods and services                 period and recorded in the appropriate
                                                       on a timely basis.                    subsidiary and/or general ledger
                                                                                             accounts on the day the goods are
                                                                                             physically received or services
                                                                                             rendered at the premises. Purchasing
                                                                                             functions will ensure that all data are
                                                                                             kept current. Management ensures
                                                                                             regular reviews of compliance with the
                                                                                             procedures to ensure proper and timely
                                                                                             recognition of receipts. Independent
                                                                                             closing of financial and-or material
                                                                                             periods on the last day of every month
                                                                                             restricts cut-off issues; adjustments to
                                                                                             the closed periods are reviewed and
                                                                                             approved.

PUR        Purchasing and   PUR.04     Receipt of      Receipts are            PUR.04        Cut-off Procedures                          1. Review procedures covering goods      1. Procedures approved by management
           Payables                    Goods and       Recorded in the                       Review and/or reconcile goods               and services received                    2. Transactional ERP reports
                                       Services        Proper Period                         received just before, or just after the     2. Review output of ERP reports          3. Configuration of the ERP system
                                                       Ensure correct                        end of the accounting period to ensure      3. GR/IR suspense account is reviewed
                                                       postings of the receipt               complete and consistent recording in        by management. Any follow-up actions
                                                       of goods and services                 the appropriate period.                     prior to month-end to close, accrued for
                                                       on a timely basis.                                                                and delivery date extended are
                                                                                                                                         recorded




                                                                                                                                                                                                                                                                                                                               Page 65/77                                                                                                                                                                                                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                    PUR Cycle




                                                                                                                                                                                                                                                  (Q1)             (Q2)              (Q3)             (Q4)              (Q5)               (Q6)               (Q7)              (Q8)                (Q9)             (Q10)                 (Q11)                     (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                            Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation         Evidence of       Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1              1             1                2                  2              2             2
               Cycle                                      Control Objective       Control        Description of the Recommended                          Recommended                                    Recommended                       activity relevant        why.        performed? If      comments to          control     (e.g. procedures,   Control (e.g. report (Job title and   control activity?    from 1 to 5                5,               for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                     Sub-        Sub-Cycle
             Description                                    Description          Activity ID             Control Activity                                Validation steps                                 Evidences                        to your entity?                       yes, how ?      control activity                     flowcharts...)       signed by           Name)                (Y/N)                               define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                            Cycle ID     Description
                                                                                                                                                                                                                                                                                                   (free text)                                          management...)                                                               remediation plan.                                                                          ow)            ow)                                               ow)            ow)

PUR        Purchasing and   PUR.05     Invoice Receipt Invoice Accuracy         PUR.05         Invoice Accuracy - 3 Way Matching             1. Review procedures ensuring all        1. Procedures approved by management
           Payables                                    Vendor invoices                         Procedures                                    blocked invoices and credit notes are    2. Reviewed output of ERP reports
                                                       accurately represent                    Vendor invoices are matched to the            content wise timely reviewed and         3. Evidence of follow-up of matched
                                                       the goods or services                   corresponding goods receipt                   properly authorized for payment          invoices
                                                       received.                               documents or services rendered and            2. Review output of ERP reports
                                                                                               purchase order (i.e. "three-way               3. GR/IR suspense account is reviewed
                                                                                               matching"). This process                      by management. Any follow-up actions
                                                                                               encompasses: Ensuring vendor                  prior to month-end close are accrued for
                                                                                               information (such as name, address,           and delivery date extensions are
                                                                                               vendor code, etc.) agrees with the            recorded
                                                                                               purchase order; Ensuring price and
                                                                                               payment terms on the invoice (including
                                                                                               available discounts) are verified against
                                                                                               contract details and purchase order;
                                                                                               Ensuring purchase order references on
                                                                                               the invoice agree to the purchase
                                                                                               order; Ensuring the invoice is
                                                                                               mathematically accurate; Ensuring VAT
                                                                                               or Sales Tax on the invoice is checked
                                                                                               against applicable local regulations; An
                                                                                               unmatched invoice report is generated
                                                                                               and reviewed by personnel
                                                                                               independent from the Accounts
                                                                                               Payable function. Discrepancies
                                                                                               identified are investigated and followed
                                                                                               up by management, so that blocked or
                                                                                               parked documents are released for
                                                                                               payment on a timely basis. Where it has
                                                                                               been decided not to implement a 3-way
                                                                                               match or where 3-way matching is not
PUR        Purchasing and   PUR.05     Invoice Receipt Invoice Accuracy         PUR.05         Validation Check for Incomplete or            1. Review procedures on invoice receipt       1. Procedures approved by management
           Payables                                    Duplicate invoices are                  Duplicate Invoices                            management                                    2. Reviewed output of ERP reports
                                                       prevented.                              Edit and validation checks exist within       2. Review output of ERP reports               3. Evidence of managements review of
                                                                                               the accounts payable process to reject        3. GR/IR suspense account is reviewed         GR/IR suspense account for duplicate
                                                                                               invoices submitted for processing that        by management for duplicate invoices          invoices
                                                                                               have incorrect information, or do not
                                                                                               have all required information, or which
                                                                                               have duplicate invoice numbers with
                                                                                               invoices already processed.


PUR        Purchasing and   PUR.05     Invoice Receipt Invoice Accuracy         PUR.05         Invoices without Purchase Orders              1. Ensure policy surrounding the              1. Procedures approved by management
           Payables                                    Ensure that all invoices                Invoices without purchase orders              approval and processing of invoices           2. Evidence that GR/IR suspense account
                                                       without purchase order                  should be avoided whereever possible.         without purchase orders is established        was reviewed prior to payment runs
                                                       are appropriately                       A policy surrounding the approval and         in accordance with the local Terms of
                                                       authorised.                             processing of invoices without                Reference
                                                                                               purchase orders is established in             2. Prior to payment runs, GR/IR
                                                                                               accordance with the local Terms of            suspense account is reviewed by
                                                                                               Reference. All direct posted invoices or      management for invoices without
                                                                                               invoices without purchases (including         Purchase Orders
                                                                                               EDI) are approved prior to being
                                                                                               processed within the payment run.

PUR        Purchasing and   PUR.05     Invoice Receipt Invoice Accuracy         PUR.05         Invoices without Purchase Orders              1. Review procedures ensuring           1. Procedures approved by management
           Payables                                    Ensure that all invoices                Procedures have been established to           documents are parked and released for 2. Monthly list of invoices without purchase
                                                       without purchase order                  report on and follow up purchase              payment by authorized personnel         orders reviewed by management
                                                       are appropriately                       orders not raised before goods are            2. Ensure a monthly list of invoices
                                                       authorised.                             received. A detail list of invoices without   without purchase orders is prepared and
                                                                                               purchase orders is prepared, reviewed         reviewed by management
                                                                                               and investigated.
PUR        Purchasing and   PUR.05     Invoice Receipt Accuracy of Delivery     PUR.05         Validation of Delivery Costs                  1. Review procedures on invoice receipt 1. Procedures approved by management
           Payables                                    Costs                                   Check delivery conditions of the              management                              2. Transportation contracts
                                                       Delivery costs are                      purchase order and/or contracts.              2. Ensure delivery costs are paid in    3. Evidence of regular review of non order
                                                       accurate.                               Delivery costs, if paid separately from       accordance with conditions defined on   related transportation costs
                                                                                               the invoice, are agreed to delivery           the contracts
                                                                                               contracts and approved by personnel
                                                                                               familiar with the delivery activities. All
                                                                                               delivery costs are to be booked with the
                                                                                               corresponding purchase order number.

PUR        Purchasing and   PUR.05     Invoice Receipt Tolerance Limits         PUR.05         Tolerance Limit Approval                      1. Review procedures ensuring           1. Procedures approved by management
           Payables                                    Tolerance limits have                   Tolerance limits, limiting the value and      approved tolerance limits have been set 2. Tolerance limits adequately
                                                       been set for invoice                    percentage of differences between the         for all vendors, limiting the value and documented
                                                       receipts.                               invoice value and purchase order value        percentage of differences which can be 3. Evidence of Configuration of the system
                                                                                               are set for all vendors and are               processed by the system
                                                                                               approved.                                     2. Ensure tolerance limits are
                                                                                                                                             documented and reflected in the system
PUR        Purchasing and   PUR.05     Invoice Receipt Tolerance Limits         PUR.05         Tolerance Limit On-going Assessment           1. Review procedures on invoice and           1. Procedures approved by management
           Payables                                    Tolerance limits are                    A report listing tolerance differences        goods receipt management                      2. Reviewed output of ERP reports
                                                       accurately applied.                     between approved invoices and                 2. Review output of ERP reports               3. If no tolerance limits are configured in
                                                                                               purchase orders larger than the defined       3. If no tolerance limits are configured in   the system, evidence of review of GR/IR
                                                                                               tolerance limits is generated and             the system, GR/IR are checked                 according to the SLA
                                                                                               reviewed. Discrepancies are                   according to the SLA-Authorization
                                                                                               investigated and followed-up on a             Limits System
                                                                                               timely basis.

PUR        Purchasing and   PUR.05     Invoice Receipt Tolerance Limits         PUR.05         Tolerance Limit On-going Assessment           1. Review procedures on invoice and           1. Procedures approved by management
           Payables                                    Tolerance limits are                    A list of vendor tolerances is generated      goods receipt management                      2. Reviewed output of ERP exception
                                                       accurately applied.                     and reviewed to identify suppliers who        2. Review output of ERP exception             reports
                                                                                               may systematically abuse the tolerance        reports                                       3. Reviewed list of vendors that
                                                                                               limits. Actions regarding the vendors         3. Review list of vendors that                systematically abuse the tolerance limits
                                                                                               are decided and taken.                        systematically abuse the tolerance limits
                                                                                                                                             considering the conditions of the
                                                                                                                                             contracts or agreements

PUR        Purchasing and   PUR.05     Invoice Receipt Invoices are Recorded PUR.05            Invoices are recorded in the proper           1. Review procedures on invoice and           1. Procedures approved by management
           Payables                                    in the Proper Period                    period - Cut-off Procedures (MM/SD)           goods receipt management                      2. Reviewed output of ERP exception
                                                       Ensure unmatched                        Procedures exist and are implemented          2. Review output of ERP exception             reports
                                                       invoices (blocked                       to ensure that unmatched or blocked           reports                                       3. Reviewed list of regularly recurring non-
                                                       invoices) are recorded                  invoices are captured in the correct          3. List of regularly recurring non-           invoiced expenditures and accruals and
                                                       in the proper period.                   period and recorded in the appropriate        invoiced expenditures is maintained and       cut-off issue adjustments
                                                                                               subsidiary and/or general ledger              reviewed to ensure adequate liabilities
                                                                                               accounts on the day the goods are             are accrued in the correct period
                                                                                               physically received or services
                                                                                               rendered at the premises. Independent
                                                                                               closing of financial and or material
                                                                                               periods on the last day of every month
                                                                                               restricts cut-off issues; adjustments to
                                                                                               closed periods are reviewed and
                                                                                               approved by management.


PUR        Purchasing and   PUR.05     Invoice Receipt Invoices are Recorded PUR.05            Invoices and Cash Disbursements are           1. Review cut-off procedures ensuring   1. Procedures approved by management
           Payables                                    in the Proper Period                    recorded in the proper period - Cut-off       that missing invoices for goods already 2. Reviewed output of ERP reports
                                                       Ensure non-invoiced                     Procedures (FI/CO)                            received are timely identified and      3. Reviewed list of regularly recurring non-
                                                       expenditures are                        A procedure is in place to identify and       accrued                                 invoiced expenditures and accruals
                                                       recorded in the proper                  accrue for liabilities incurred for which     2. Review output of ERP reports
                                                       period.                                 invoices have not yet been received. A        3. List of regularly recurring non-
                                                                                               detailed list of regularly recurring non-     invoiced expenditures is maintained and
                                                                                               invoiced expenditures is maintained           reviewed to ensure adequate liabilities
                                                                                               and reviewed to ensure adequate               are accrued in the correct period
                                                                                               liabilities are accrued in the correct
                                                                                               period.
PUR        Purchasing and   PUR.05     Invoice Receipt Invoices are Recorded PUR.05            Invoices are recorded in the proper           1. Review procedures on invoice and           1. Procedures approved by management
           Payables                                    in the Proper Period                    period - Cut-off Procedures                   goods receipt management                      2. Reviewed output of ERP reports
                                                       Ensure invoices and                     A listing of outstanding purchase orders      2. Review output of ERP reports               3. Reviewed list of outstanding purchase
                                                       disbursements are                       for which ownership of goods is               3. Ensure list of outstanding purchase        orders for which ownership of goods is
                                                       input in the correct                    transferred prior to delivery is prepared     orders, for which ownership of goods is       transferred prior to delivery
                                                       amount and in the                       for accrual purposes; management              transferred prior to delivery is prepared     4. Evidence that the accruals have been
                                                       proper period.                          reviews the listing.                          for accrual purposes, and reviewed by         reviewed
                                                                                                                                             management

PUR        Purchasing and   PUR.05     Invoice Receipt Consignment Liabilities PUR.05          Consignment Liabilities                       1. Review procedures ensuring that            1. Procedures approved by management
           Payables                                    Ensure all                              Ensure procedures are in place to             accuracy of the consignment liabilities       2. Evidence of review, by Purchasing and
                                                       consignment liabilities                 review the accuracy of the consignment        ready for settlement are reviewed prior       Finance management, of the accuracy of
                                                       are accurately                          liabilities prior to being settled for        to being settled for payment. This            the consignment liabilities prior to being
                                                       recorded.                               payment. This review is evidenced.            process can be done by reviewing the          settled for payment
                                                                                                                                             material documents and movement
                                                                                                                                             types used for GI to expense or stock
                                                                                                                                             for consignment stock or via the
                                                                                                                                             consignment settlement program
                                                                                                                                             2. Review the accuracy of the
                                                                                                                                             consignment liabilities prior to being
                                                                                                                                             settled for payment

PUR        Purchasing and   PUR.06     Goods Returns    Procedures              PUR.06         Goods Returns Procedures and                  1. Review procedures on goods returns         1. Procedures approved by management
           Payables                                     Ensure goods returns                   authorisation                                 2. Ensure goods return are approved by        2. Reviewed list of goods return orders
                                                        are processed on a                     Procedures are established defining           management and return orders are              approved by management
                                                        timely basis.                          the process for goods return. Returned        created in the system                         3. Evidence of documentation covering
                                                                                               or rejected goods to suppliers are            3. Review list of goods return based on       each complaint to a supplier or goods
                                                                                               executed between the Purchasing               order types                                   returned
                                                                                               Department, suppliers and warehouse           4. Where relevant, ensure a complaint to
                                                                                               personnel to ensure that the material is      the supplier has been raised accordingly
                                                                                               correctly returned to the supplier and
                                                                                               goods are either replaced or credited at
                                                                                               correct value. A return authorisation is
                                                                                               created for return requests where
                                                                                               applicable. Supporting documentation
                                                                                               is maintained in case of supplier
                                                                                               dispute.

PUR        Purchasing and   PUR.06     Goods Returns    Accounts Payable        PUR.06         Recording Debit Notes                         1. Review procedures                          1. Procedures approved by management
           Payables                                     Adjustments                            All returned or rejected goods received       2. Review list of rejected/returned           2. Reviewed list of rejected/returned
                                                        Ensure the amount of                   are recorded as vendor debit notes to         goods received and ensure they are            goods received and evidence that they are
                                                        the adjustment to                      be received and can only be released          recorded as debit notes                       recorded as debit notes
                                                        accounts payable is                    upon: 1) reconciliation to hardcopy           3. Ensure debit notes are only                3. Evidence of debit notes being
                                                        correct.                               credit note provided by the vendor or 2)      reconciled with hardcopies of credit          reconciled with hardcopies of credit notes
                                                                                               receipt of new goods by the                   notes provided by the vendor or by the        provided by the vendor or by the receipt of
                                                                                               warehouse.                                    receipt of new goods by the warehouse         new goods by the warehouse


PUR        Purchasing and   PUR.06     Goods Returns    Accounts Payable        PUR.06         Completeness of Accounts Payable      1. Review procedures                                  1. Procedures approved by management
           Payables                                     Adjustments                            Adjustments                           2. Review list of accounts payable                    2. Evidence of follow-up of accounts
                                                        Ensure the amount of                   All accounts payable adjustments are  adjustments approved by management                    payable adjustments
                                                        the adjustment to                      sequentially numbered and reviewed by
                                                        accounts payable is                    management for discrepancies.
                                                        correct.




                                                                                                                                                                                                                                                                                                                                     Page 66/77                                                                                                                                                                                                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                               PUR Cycle




                                                                                                                                                                                                                                             (Q1)             (Q2)              (Q3)             (Q4)              (Q5)               (Q6)               (Q7)              (Q8)                (Q9)             (Q10)                 (Q11)                     (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                       Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation         Evidence of       Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1              1             1                2                  2              2             2
               Cycle                                     Control Objective        Control        Description of the Recommended                       Recommended                                   Recommended                      activity relevant        why.        performed? If      comments to          control     (e.g. procedures,   Control (e.g. report (Job title and   control activity?    from 1 to 5                5,               for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                     Sub-       Sub-Cycle
             Description                                   Description           Activity ID             Control Activity                             Validation steps                                Evidences                       to your entity?                       yes, how ?      control activity                     flowcharts...)       signed by           Name)                (Y/N)                               define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                            Cycle ID    Description
                                                                                                                                                                                                                                                                                              (free text)                                          management...)                                                               remediation plan.                                                                          ow)            ow)                                               ow)            ow)

PUR        Purchasing and   PUR.07     Cash            Security of Assets       PUR.07         Control of Cheques                        1. Review procedures comparing the            1. Procedures approved by management
           Payables                    Disbursements   The use of cheques                      Cheques and mechanical cheque             balance of the ERP cheque clearing            2. Access control of cheques and signing
                                                       for manual payments                     signing devices or signature plates are   account with the "End of Day Report"          devices
                                                       are adequately                          physically secure and only accessible     from the bank                                 3. Sign off on listing of cheques issued in
                                                       restricted, controlled                  to approved personnel only. The           2. Assess reasonableness of security          each month by Head of FRA/AP Manager
                                                       and recorded.                           cheque quantities and serial numbers      around cheques and cheque signing
                                                                                               are tracked and reviewed monthly for      devices. Ensure access is limited to
                                                                                               missing numbers.                          approved personnel only
                                                                                                                                         3. Review listing of cheques issued in
                                                                                                                                         each month and ensure cheque
                                                                                                                                         numbers are not missing
                                                                                                                                         4. Review control over cancelled
                                                                                                                                         cheques and ensure endorsement is not
                                                                                                                                         possible
PUR        Purchasing and   PUR.07     Cash            Accuracy and             PUR.07         Edit and Validation Check                 1. Review procedures covering the             1. Procedures approved by management
           Payables                    Disbursements   Completeness                            Information per the cash disbursement documentation of cheques and                      2. Evidence of accounting controls (3-way
                                                       Disbursements are                       (i.e. Cheques and Wire Transfers) are authorisation prior to each manual                match) and reviewed output of ERP
                                                       accurately made to                      agreed to purchase orders, receiving      cheque payment run                            reports
                                                       proper vendors.                         reports, original invoices, and vendor    2. Ensure accounting controls (3-way          3. Evidence of follow-up of discrepancies
                                                                                               information included in the vendor        match) are existing and review output of
                                                                                               master file which indicates the propriety ERP reports
                                                                                               of the expenditures. Differences          3. Ensure discrepancies are followed-up
                                                                                               identified are investigated and followed-
                                                                                               up on a timely basis. Where applicable,
                                                                                               supplier invoices are automatically
                                                                                               selected for payment by the system if
                                                                                               specific criteria are met, including 3-
                                                                                               way matching acceptance, no blocking
                                                                                               flags within the vendor master and no
                                                                                               blocking flags on the invoice. Only the
                                                                                               recorded liability amount is paid.


PUR        Purchasing and   PUR.07     Cash            Accuracy and             PUR.07         Cash Disbursement Approval                  1. Review procedures ensuring that all      1. Procedures approved by management
           Payables                    Disbursements   Completeness                            Cash disbursements (including general       payment runs are reviewed and               2. Dual signatures on payment listing sent
                                                       Disbursements are                       payments, cheques and wire transfers)       authorized                                  to the bank
                                                       accurately made to                      are subject to release approval.            2. Review letter sent to the bank           3. Reviewed list of authorized payments
                                                       proper vendors.                         Management with the appropriate level       informing them of authorized signatories
                                                                                               of authority ("bank signatory power")       3. Review the confirmation from the
                                                                                               reviews and approves the payments           bank of authorized signatories
                                                                                               prior to release.                           notification
                                                                                                                                           4. Ensure that the authorized signatories
                                                                                                                                           on the payment listing are per the
                                                                                                                                           confirmation
                                                                                                                                           5. Review authorized payments
PUR        Purchasing and   PUR.07     Cash            Accuracy and             PUR.07         Blank Cheques                               1. Review procedures over blank             1. Procedures approved by management
           Payables                    Disbursements   Completeness                            Documented policies and procedures          cheques/voided cheques                      2. Procedures on control over blank
                                                       Disbursements are                       exist that prohibit the signing of blank    2. Review blank cheques and ensure          cheques/bearer cheques
                                                       accurately made to                      cheques or cheques drawn payable to         that they have not been pre-signed          3. Procedure on control over voided
                                                       proper vendors.                         cash or bearer. Additional procedures       3. Ensure voided cheques are treated        cheques
                                                                                               exist for recording, explaining, voiding    according to procedures
                                                                                               and disposing of voided cheques.
                                                                                               Management reviews cheque runs for
                                                                                               any blank cheques or cheques drawn
                                                                                               payable to cash or bearer.
                                                                                               Inappropriate cheques are investigated,
                                                                                               voided, and properly recorded and
                                                                                               disposed.
PUR        Purchasing and   PUR.07     Cash            Accuracy and             PUR.07         Cash Disbursement Approval                  1. Review procedures                        1. Procedures approved by management
           Payables                    Disbursements   Completeness                            One-time and initial standing wire          2. Ensure wire transfer requests are        2. Reviewed supporting documentation of
                                                       Disbursements are                       transfer requests are accompanied by        accompanied with the appropriate            wire transfer requests
                                                       accurately made to                      appropriate supporting documentation        supporting documentation and
                                                       proper vendors.                         and payment are approved by                 management approval
                                                                                               management with the appropriate level
                                                                                               of authority ("bank signatory power").

PUR        Purchasing and   PUR.07     Cash            Prevention of            PUR.07         Cancellation of Vendor Invoices             1. Review procedures ensuring that          1. Procedures approved by management
           Payables                    Disbursements   Duplicate Cash                          Upon payment, the vendor invoices and       cheques issued by hand are entered          2. Reviewed output of ERP reports
                                                       Disbursements                           other supporting information are            into the ERP system and the payment         3. Evidence that invoices and supporting
                                                       Cash disbursements                      independently coded or marked to            document number is allocated to the         information are stamped Paid after
                                                       for the same vendor                     signify "Paid" to prevent resubmission      cheque number                               payment has been made
                                                       invoice is avoided.                     for duplicate payment. It is                2. Check if the system allows duplicate
                                                                                               recommended to configure the system         invoices from the same vendor
                                                                                               to prevent duplicate payments by            3. Review output of ERP reports
                                                                                               flagging the invoice at the payment run.    4. Select samples of paid invoice and
                                                                                                                                           ensure that they have been stamped
                                                                                                                                           Paid
PUR        Purchasing and   PUR.07     Cash            Posting Payments         PUR.07         Reconciling Cash Disbursements to           1. Review procedures ensuring batch         1. Procedures approved by management
           Payables                    Disbursements   Postings are made to                    General Ledger                              totals from check run are recorded and      2. Evidence of monthly reconciliation
                                                       the correct purchase                    Batch totals from cheque runs are           reconciled for accuracy                     between cheque runs and G/L cash and
                                                       ledger control account                  reconciled to the general ledger cash       2. Monthly reconciliation between           payables accounts
                                                       and correct cash                        and payables accounts to ensure the         cheque runs and G/L cash and payables
                                                       account in the general                  accuracy of the amounts recorded.           accounts
                                                       ledger.

PUR        Purchasing and   PUR.07     Cash            Vendor Discounts         PUR.07         Vendor discounts                            1. Review procedures                        1. Procedures approved by management
           Payables                    Disbursements   Ensure that vendors                     Where applicable, it is recommended         2. Review output of standard ERP            2. Reviewed output of standard ERP
                                                       discounts are                           that applicable discounts are               reports                                     report
                                                       appropriately taken.                    automatically calculated by the system.     3. Ensure reviews of vendor master data     3. Review of vendor master data
                                                                                               If the discount policy can be               conditions are performed                    conditions and follow up actions
                                                                                               overridden, monitoring procedures
                                                                                               exist for detection and resolution.
                                                                                               Vendor discounts are reviewed to
                                                                                               ensure they are appropriately taken.
PUR        Purchasing and   PUR.07     Cash            Cash Disbursement        PUR.07         Advance Payments - authorisation            1. Review procedures ensuring the           1. Procedures approved by management
           Payables                    Disbursements   Cut-off                                 Request for a cash advance made by          accounting entry is only made upon          2. Reviewed list of advance payments
                                                       Cash advances are                       an employee is authorised by a              receipt of an authorized requisition
                                                       properly authorised.                    manager with the appropriate level of       2. Review list of advance payments and
                                                                                               authority .                                 check management approval
                                                                                                                                           3. Ensure advance payment
                                                                                                                                           recoverability and follow up actions

PUR        Purchasing and   PUR.07     Cash            Cash Disbursement        PUR.07         Advance Payments - Accounting               1. Review procedures                    1. Procedures
           Payables                    Disbursements   Cut-off                                 Payments made in advance of the             2. Review list of advance payments with 2. List of advance payments with the
                                                       Cash advances are                       service or receipt of goods are             the evidence of correct accounting      evidence of correct accounting treatment
                                                       accounted for                           reviewed to ensure that they are            treatment
                                                       appropriately.                          accounted for correctly as a pre-paid
                                                                                               asset recorded in other current assets.
PUR        Purchasing and   PUR.08     Accounts        Completeness and         PUR.08         Goods and Services are Properly             1. Review procedures ensuring GR-IR         1. Procedures approved by management
           Payables                    Payable         Accuracy                                Recorded                                    clearing account is regularly reviewed,     2. Reviewed output of ERP reports
                                       Management      Ensure completeness                     All receipts of goods and services not      differences are investigated and            3. List of goods where GR has not yet
                                                       and accuracy of                         yet matched with an invoice are             corrected                                   been received with the evidence that they
                                                       accounts payables.                      accrued under Accounts Payable. All         2. Review output of ERP reports             have been excluded from AP
                                                                                               invoices received without a receipt of      3. Where goods receipt is not possible      4. Evidence that payments are accounted
                                                                                               goods or services are excluded from         ensure invoice are properly approved        for in accordance with the Accounting
                                                                                               Accounts Payable. If payment is made        4. Where goods are not yet received         Manual
                                                                                               prior to the receipt of goods or            exclude corresponding invoices from
                                                                                               services, the payment is accounted for      Accounts Payable
                                                                                               as a prepaid in accordance with the         5. Ensure payments are accounted for
                                                                                               Accounting Manual.                          in accordance with the Accounting
                                                                                                                                           Manual
PUR        Purchasing and   PUR.08     Accounts        Completeness and         PUR.08         Aged-open Balances                   1. Review procedures                               1. Procedures approved by management
           Payables                    Payable         Accuracy                                Aged open accounts payable balances 2. Review output list of aged-open                  2. Reviewed output list of aged-open
                                       Management      Ensure completeness                     are reviewed at least monthly for    balances                                           balances
                                                       and accuracy of                         overdue or blocked amounts.          3. Ensure balances aged more than 90               3. Evidence of investigation of balances
                                                       accounts payables.                      Discrepancies are identified and     days are investigated                              aged more than 90 days
                                                                                               followed-up. Line items with debit
                                                                                               balances within all accounts payable
                                                                                               subsidiary ledger accounts are
                                                                                               reviewed at least monthly. Balances
                                                                                               aged more than 90 days are
                                                                                               investigated and followed-up.

PUR        Purchasing and   PUR.08     Accounts        Completeness and         PUR.08         Reconciliation of Vendor Statements         1. Review procedures                        1. Procedures approved by management
           Payables                    Payable         Accuracy                                For countries receiving vendor              2. Ensure statements received from          2. Evidence that statements received from
                                       Management      Ensure completeness                     statements, statements received from        suppliers are reconciled to the suppliers   suppliers have been reconciled to the
                                                       and accuracy of                         suppliers are reconciled to the             account                                     suppliers account
                                                       accounts payables.                      suppliers; accounts in the aged             3. Ensure differences are investigated      3. Evidence of investigation of differences
                                                                                               accounts payable sub ledger regularly
                                                                                               and differences are investigated.


PUR        Purchasing and   PUR.08     Accounts        Reconciliation to the    PUR.08         Reconciliation to the general ledger        1. Review procedures                     1. Procedures approved by management
           Payables                    Payable         general ledger                          Accounts payable subsidiary ledger is       2. Review output list of cumulative open 2. Reviewed cumulative open item-
                                       Management      Accounts payable                        reconciled to the general ledger on a       item-balances                            balances from the subsidiary ledger and
                                                       subsidiary ledger                       monthly basis. Monthly reconciliations                                               hardcopies of the balances according to
                                                       agrees to the general                   are reviewed by management.                                                          general ledger
                                                       ledger.                                 Discrepancies are investigated and                                                   3. Evidence of controlling filed in a monthly
                                                                                               resolved.                                                                            closing folder with signatures


PUR        Purchasing and   PUR.09     Travel and      Travel and               PUR.09         Travel and Entertainment Expense        1. Periodical review of the procedures          1. Procedures aligned with company T&E
           Payables                    Entertainment   Entertainment                           Policy                                                                                  policies
                                       Expenses        Expenses - Approval                     A travel and entertainment expense                                                      2. Evidence of review and approval
                                                       Process                                 policy and procedures are in place. The
                                                       Adequate procedures                     policy and procedures are reviewed
                                                       should be developed                     and updated periodically.
                                                       to ensure Company
                                                       and regulatory
                                                       reporting requirements
                                                       are met.
PUR        Purchasing and   PUR.09     Travel and      Travel and               PUR.09         Supporting Detail                       1. Review if all required procedures            1. Expenses guidelines and follow up
           Payables                    Entertainment   Entertainment                           All expenses have to be supported by exist                                              actions where applicable
                                       Expenses        Expenses - Approval                     adequate documentation and comply                                                       2. Evidence of review and approval
                                                       Process                                 with regulatory and company
                                                       Adequate procedures                     requirements. All exceptions have to be
                                                       should be developed                     approved according to the policy.
                                                       to ensure Company
                                                       and regulatory
                                                       reporting requirements
                                                       are met.
PUR        Purchasing and   PUR.09     Travel and      Travel and               PUR.09         Approval Process                            1. Ensure all T&E expenses are              1. Procedures aligned with Company T&E
           Payables                    Entertainment   Entertainment                           An authorisation limit list exist for the   approved                                    policies
                                       Expenses        Expenses - Approval                     approval of travel and entertainment                                                    2. Evidence of review and approval
                                                       Process                                 expenses. CEO expenses are co-
                                                       Adequate procedures                     signed by CFO.
                                                       should be developed
                                                       to ensure Company
                                                       and regulatory
                                                       reporting requirements
                                                       are met.
PUR        Purchasing and   PUR.09     Travel and      Travel and               PUR.09         Random Reviews                         1. Ensure random reviews are                     1. Procedures aligned with Company T&E
           Payables                    Entertainment   Entertainment                           Regular tests and audits are performed performed                                        policies
                                       Expenses        Expenses - Approval                     to ensure compliance with the Travel                                                    2. Evidence of review and approval
                                                       Process                                 and Entertainment policy. Results are                                                   3. Evidence of audits performed and
                                                       Adequate procedures                     communicated to management and                                                          results of those audits being followed up
                                                       should be developed                     adequate follow-up is performed.                                                        and approved according to policy
                                                       to ensure Company                                                                                                               4. Management report and communication
                                                       and regulatory                                                                                                                  of audit tests and results
                                                       reporting requirements
                                                       are met.



                                                                                                                                                                                                                                                                                                                                Page 67/77                                                                                                                                                                                                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                PUR Cycle




                                                                                                                                                              (Q1)             (Q2)              (Q3)             (Q4)              (Q5)               (Q6)               (Q7)              (Q8)                (Q9)             (Q10)                 (Q11)                     (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                        Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation         Evidence of       Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1              1             1                2                  2              2             2
             Cycle                                Control Objective    Control      Description of the Recommended   Recommended        Recommended   activity relevant        why.        performed? If      comments to          control     (e.g. procedures,   Control (e.g. report (Job title and   control activity?    from 1 to 5                5,               for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                  Sub-      Sub-Cycle
           Description                              Description       Activity ID           Control Activity         Validation steps     Evidences    to your entity?                       yes, how ?      control activity                     flowcharts...)       signed by           Name)                (Y/N)                               define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                         Cycle ID   Description
                                                                                                                                                                                                               (free text)                                          management...)                                                               remediation plan.                                                                          ow)            ow)                                               ow)            ow)




                                                                                                                                                                                                                                                 Page 68/77                                                                                                                                                                                                                                                                                           1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                                              PIN Cycle




                                                                                                                   Control Matrix                                                                                                                                                                                                                                  Assessment                                                                                                                  Remediation                                                                                             Testing
                                                                                                                                                                                                                                                                                          (Q1)             (Q2)              (Q3)              (Q4)             (Q5)              (Q6)               (Q7)            (Q8)                (Q9)             (Q10)                  (Q11)                    (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                                                                    Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation        Evidence of     Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1             1              1                2                  2             2              2
               Cycle         Sub-       Sub-Cycle                                                    Control                                                                                    Recommended                                    Recommended                        activity relevant        why.        performed? If      comments to          control     (e.g. procedures,     Control (e.g.   (Job title and   control activity?    from 1 to 5                 5,              for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                                                   Control Objective Description                             Description of the Recommended Control Activity
             Description    Cycle ID    Description                                                 Activity ID                                                                                 Validation steps                                 Evidences                         to your entity?                       yes, how ?      control activity                    flowcharts...)     report signed       Name)               (Y/N)                                define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                                                                                                                                                                                                                                                                                           (free text)                                                by                                                                  remediation plan.                                                                         ow)            ow)                                               ow)            ow)
                                                                                                                                                                                                                                                                                                                                                                                               management...)
PIN        Production and   PIN.01     Segregation Segregation of Duties/Access Rights             PIN.01         Segregation of Duties                                              1. Review of User Authorization              1. User Authorization Management
           Inventory                   of Duties/    Appropriate segregation of duties is in                      A Segregation of Duties matrix is defined and reflected in job     Management procedures and ensure             procedures approved by management
                                       Configuration place with corresponding system access                       descriptions or role profiles. In the absence of proper            approval by management                       2. Job descriptions and organisation chart
                                                     rights.                                                      segregation of duties, compensating controls are established       2. Review SoD matrix with updated job        3. Access to system inline with job
                                                                                                                  (e.g. direct supervision, second signature, exception              descriptions and system access to            description
                                                                                                                  reports).                                                          ensure consistency with the role profile     4. Access right authorisation forms signed
                                                                                                                                                                                     assigned in ERP                              5. SoD matrix including mitigating controls
                                                                                                                                                                                     3. Review samples of approved access
                                                                                                                                                                                     rights authorisation forms
                                                                                                                                                                                     4. Where proper SoD is not possible,
                                                                                                                                                                                     check that mitigating controls are
                                                                                                                                                                                     identified and described
                                                                                                                                                                                     5. Validate the adequacy of mitigating
                                                                                                                                                                                     controls
                                                                                                                                                                                     6. Review standard reports from ERP
                                                                                                                                                                                     systems
PIN        Production and   PIN.01     Segregation Segregation of Duties/Access Rights             PIN.01         Access Rights - Manage & Review                                    1. Review procedures ensuring                1. Procedures approved by management
           Inventory                   of Duties/    Appropriate segregation of duties is in                      The access rights in the system are managed and regularly          management reviews access rights             2. User Authorization Management
                                       Configuration place with corresponding system access                       reviewed by management. The review is documented and               regularly                                    procedures approved by management
                                                     rights.                                                      any unauthorised access rights are corrected in the system.        2. Review SoD matrix with samples of         3. Job descriptions and organisation chart
                                                                                                                                                                                     updated job descriptions and system          4. Access to system inline with job
                                                                                                                                                                                     access to ensure consistency with the        description
                                                                                                                                                                                     role profile assigned in ERP                 5. SoD matrix including mitigating controls
                                                                                                                                                                                     3. Review of role profile report from        6. ERP standard reports
                                                                                                                                                                                     ERP systems
                                                                                                                                                                                     4. Review samples of access rights
                                                                                                                                                                                     reports signed by management
PIN        Production and   PIN.01     Segregation Material Master Records                         PIN.01         Material Master Records                                            1. Check procedures covering material 1. Procedures approved by management
           Inventory                   of Duties/    Accuracy of material master records is                       The following controls exist to ensure the integrity of material   master data and ensure that each of the 2. Approved new material master data
                                       Configuration ensured.                                                     master records: a) Passwords and usernames are required            material master views is maintained by forms
                                                                                                                  to access to the master data b) An approved material master        departments responsible and able to     3. Reviewed ERP standard report
                                                                                                                  creation and modification form is required prior to a material     judge the content of the various views
                                                                                                                  being added or amended c) Exception report detailing               of material master data. Naming
                                                                                                                  changes to the Material Master file is independently               convention and search terms should be
                                                                                                                  reviewed against supporting approvals.                             established.
                                                                                                                                                                                     2 Select samples of approved
                                                                                                                                                                                     creation/change/deletion material
                                                                                                                                                                                     master data forms and compare with
                                                                                                                                                                                     data defined in the system
                                                                                                                                                                                     3. Review output of ERP standard
                                                                                                                                                                                     report and check repetitive changes
                                                                                                                                                                                     during the month

PIN        Production and   PIN.01     Segregation Bill of Materials and Routings Master           PIN.01         Bill of Materials (BOMs) and Routings Master Records               1. Check procedures covering material        1. Procedures approved by management
           Inventory                   of Duties/    Records                                                      The following controls exist to ensure the integrity of BOMs       master data and ensure alignment with        aligned with Group and divisional
                                       Configuration Accuracy of Bill Of Material (BOMs) and                      and Routings master records: a) Passwords and usernames            Group/Divisional guidelines                  guidelines
                                                     routings master records is ensured.                          are required to access to the master data b) An approved           2. Select samples of approved                2. Approved bill of material master data
                                                                                                                  BOMs and Routings master creation and modification form is         creation/change/deletion bill of material    forms
                                                                                                                  required prior to a BOM and Routing being added or                 master data forms and compare with           3. ERP standard reports with evidence of
                                                                                                                  amended c) Exception report detailing changes to the BOMs          data defined in the system                   review
                                                                                                                  and Routings master file is independently reviewed against         3. Review output of ERP standard
                                                                                                                  supporting approvals.                                              reports

PIN        Production and   PIN.02     Standard       Standard Cost                                PIN.02         Standard Cost                                                      1. Check procedures ensuring that the        1. Procedures approved by management
           Inventory                   Cost           Ensure standard costs are calculated                        Costing sheet (summary of costs) is prepared for every new         parameters for cost variants are             2. Approved costing sheets
                                       Preparation    accurately to reflect approximate actual                    material or change to an existing material. These are              authorised and reviewed on a regular         3. Reviewed report on
                                                      costs at a given point in time, including                   reviewed and approved by Manufacturing, Purchasing and             basis, actual costing being driven by the    creation/change/deletion of material
                                                      overhead and indirect cost calculation.                     Accounting management and are in line with the Accounting          costing variant                              master data
                                                                                                                  Manual and/or the Global Tech Ops Manual (where                    2 Ensure costing sheets are approved
                                                                                                                  applicable).                                                       according to the procedures
                                                                                                                                                                                     3. Review monthly report on
                                                                                                                                                                                     creation/change/deletion of material
                                                                                                                                                                                     master data


PIN        Production and   PIN.02     Standard       Standard Cost                                PIN.02         Standard Cost Review                                            1. Review procedure ensuring cost         1. Procedures approved by management
           Inventory                   Cost           Ensure standard costs are calculated                        Standards costs exist for all products and are reflected in the estimates are created at the beginning    2. Reviewed costing run using ERP
                                       Preparation    accurately to reflect approximate actual                    relevant systems. They are reviewed and adjusted                of the fiscal year or planning period and transaction and status of cost estimates
                                                      costs at a given point in time, including                   accordingly the Accounting Manual to reflect current costs.     specifying that costing runs and
                                                      overhead and indirect cost calculation.                                                                                     schedule costing runs are executed in a
                                                                                                                                                                                  controlled way at the end of the period
                                                                                                                                                                                  (e.g. ensure that settlements are
                                                                                                                                                                                  processed in a test run and errors
                                                                                                                                                                                  resolved before the actual settlement is
                                                                                                                                                                                  run)
                                                                                                                                                                                  2. Review costing run using transaction
                                                                                                                                                                                  and status of cost estimates




PIN        Production and   PIN.02     Standard       Bill of Materials and Routings               PIN.02         Bill of Materials and Routings                                     1. Check procedures covering bill of         1. Procedures approved by management
           Inventory                   Cost           Establish and update bills of material and                  Bills of material and routings are reviewed by Production          materials and routings ensuring data is      2. Reviewed updated bill of materials and
                                       Preparation    routings to accurately reflect current                      management for accuracy and adjusted as needed. Ensure             accurate, complete and authorized            routings against supporting documentation
                                                      production processes, costs and material                    that the analysis of returns from production to warehouse is       2. Select sample of updated bill of          3. Review the accuracy of the analysis of
                                                      usage.                                                      performed.                                                         materials and routings and check             returns from production to warehouse
                                                                                                                                                                                     master data in the system                    4. Reviewed ERP standard reports
                                                                                                                                                                                     3. Ensure analysis of returns from
                                                                                                                                                                                     production to warehouse is performed
                                                                                                                                                                                     4. Review ERP standard reports
PIN        Production and   PIN.03     Materials      Goods Receipts                               PIN.03         Assignment of Lot Numbers                                          1. Ensure procedures covering                1. Procedures approved by management
           Inventory                   Movement       Assign a lot number to all goods receipts.                  Lot numbers are automatically assigned upon receipt and            assignment of lot numbers exist. ERP         and aligned with Group/divisional
                                                                                                                  upon production of goods. Lot numbers are systematically           Transaction is used to define batch          guidelines
                                                                                                                  and consecutively numbered and tracked for all goods               level in batch management. Batch level       2. For lot numbers and First Expiry First
                                                                                                                  movements. Goods are issued based on First Expiry First            can be unique at plant level, at material    Out, evidence of the configuration of the
                                                                                                                  Out basis.                                                         level, and at client level for a material.   system (e.g. implementation papers and
                                                                                                                                                                                     2. Review configuration of lot number        evidence of change management)
                                                                                                                                                                                     assignment and First Expiry First Out
                                                                                                                                                                                     strategy

PIN        Production and   PIN.03     Materials      Goods Receipts                               PIN.03         Match with delivery documents and purchase orders                  1. Review procedures                         1. Procedures approved by management
           Inventory                   Movement       Ensure correct receipt of goods ordered.                    Description and quantity of goods received are matched             2. Ensure all materials are given a          2. List of all materials having a defined
                                                                                                                  against delivery documents and purchase orders. Defective          defined status                               status
                                                                                                                  goods are logged and monitored to ensure that these goods          3. Review status list of defective goods     3. List of defective goods rejected by
                                                                                                                  are returned promptly and credits received in a timely             rejected by warehouse/QA and ensure          warehouse/QA with evidence of follow-up
                                                                                                                  manner.                                                            follow-up actions are performed              action
PIN        Production and   PIN.03     Materials      Raw Materials                              PIN.03           Allocation of Raw Materials                                        1. Review procedures                         1. Procedures approved by management
           Inventory                   Movement       Ensure correct allocation of raw materials                  Withdrawals for consumption are only able to be booked out         2. Ensure all raw materials are given a      2. List of all raw materials having a defined
                                                      to production.                                              of unrestricted-use stock. All such withdrawals reference a        defined status                               status
                                                                                                                  production order.                                                  3. Review the configuration in the           3. Evidence of the configuration in the
                                                                                                                                                                                     system allowing production orders to         system allowing production orders to book
                                                                                                                                                                                     book materials from unrestricted-use         materials from unrestricted-use stocks
                                                                                                                                                                                     stocks

PIN        Production and   PIN.03     Materials      Raw materials                                PIN.03         Movements Records                                                  1. Review procedures                         1. Procedures approved by management
           Inventory                   Movement       Inventory descriptions, quantities and                      Raw materials are transferred to production only with valid        2. Review output of ERP standard             2. ERP standard reports
                                                      locations are recorded throughout the                       production plans or orders and inventory details can be            reports                                      3. Approved raw material delivery slips
                                                      whole production process.                                   traced to the related production orders. Any returns from          3. Review raw material delivery slips        4. Approved returns from production to the
                                                                                                                  production to the warehouse are supported by                       against production plans                     warehouse with evidence of booking in the
                                                                                                                  documentation.                                                     4. Review returns from production to the     inventories
                                                                                                                                                                                     warehouse and ensure quantities are
                                                                                                                                                                                     booked in the inventories


PIN        Production and   PIN.03     Materials      Transfers                                    PIN.03         Transfers                                                          1. Review procedures ensuring                1. Procedures approved by management
           Inventory                   Movement       Transfers between plants or warehouses                      Inventory in transit between plants/warehouses is tracked,         transfers are monitored by material,         2. Reviewed output of ERP standard
                                                      are reflected in the perpetual inventory                    documented, and appropriately captured in the inventory            plant, vendor, movement type, posting        reports
                                                      system at cost.                                             system.                                                            date, user                                   3. Approved delivery slips with evidence of
                                                                                                                                                                                     2. Review output of ERP standard             booking in the inventories, respectively in
                                                                                                                                                                                     reports                                      stocks in transit
                                                                                                                                                                                     3. Review approved delivery slips and
                                                                                                                                                                                     ensure quantities are booked in stock in
                                                                                                                                                                                     transit
PIN        Production and   PIN.03     Materials      Recording                                    PIN.03         Recording                                                          1. Review procedures ensuring                1. Procedures approved by management
           Inventory                   Movement       Record goods issuances and receipts                         Ensure that issuance, transfers and receipts of goods are          issuance, transfers and receipts of          2. Evidence that all material movements
                                                      accurately and in a timely manner.                          recorded in a timely manner.                                       goods are timely recorded                    can be traced in the system at anytime in
                                                                                                                                                                                     2. Ensure all material movements can         the process
                                                                                                                                                                                     be traced at anytime in the process          3. Reviewed output of ERP standard
                                                                                                                                                                                     3. Review output of ERP standard             reports
                                                                                                                                                                                     reports and ensure that issuance,
                                                                                                                                                                                     transfers and receipts are performed
                                                                                                                                                                                     according to the procedures
PIN        Production and   PIN.03     Materials      Recording                                    PIN.03         Incorrect goods movements                                          1. Review procedures                         1. Procedures approved by management
           Inventory                   Movement       Incorrect goods movements are reversed                      Reversal documents, duly authorised, are used to reverse           2. Ensure all materials movements can        2. Evidence that all materials movements
                                                      correctly.                                                  incorrect goods movements.                                         be traced at anytime in the process          can be traced at anytime in the process
                                                                                                                                                                                     3. Review output of ERP standard             3. Reviewed output of ERP standard
                                                                                                                                                                                     reports and ensure that issuance,            reports
                                                                                                                                                                                     transfers and receipts are performed
                                                                                                                                                                                     according to the procedures
PIN        Production and   PIN.03     Materials      Goods in Quality Hold                        PIN.03         Goods in Quality Hold                                              1. Review procedures                         1. Procedures approved by management
           Inventory                   Movement       Ensure that goods in quality hold status                    Inventory in hold status is not available for shipment without     2. Review configuration of the system        2. Evidence of the configuration in the
                                                      cannot be shipped outside the Company                       special approval (system configuration control). All goods         with regards to material status              system allowing inventory of goods in
                                                                                                                  that require quality inspection are checked and approved by        3. Select samples of QA released forms       Quality hold status
                                                                                                                  the Quality department before they are released into               and check to corresponding materials         3. Approved QA release forms
                                                                                                                  production.                                                        released in the system

PIN        Production and   PIN.03     Materials      Blocked Stock                                PIN.03         Blocked Stock                                                      1. Review procedures                         1. Procedures approved by management
           Inventory                   Movement       Ensure goods receipts are not posted to                     Obsolete/damaged stocks are segregated and properly                2. Review list of blocked stocks against     2. List of blocked stocks
                                                      blocked stock.                                              reviewed to ensure usable stocks are not commingled.               supporting documentation to ensure           3. Dedicated area in the warehouse for
                                                                                                                                                                                     accurate material status                     storage of obsolete/damaged stocks
                                                                                                                                                                                     3. Visit the dedicated area in the
                                                                                                                                                                                     warehouse for storage of
                                                                                                                                                                                     obsolete/damaged stocks and ensure
                                                                                                                                                                                     proper segregation of goods

PIN        Production and   PIN.03     Materials      Blocked Stock                                PIN.03         Procedures                                                         1. Review procedures                         1. Procedures approved by management
           Inventory                   Movement       Ensure goods receipts are not posted to                     Procedures exist for recording goods receipts into blocked         2. Review list of blocked materials          2. Review list of blocked materials
                                                      blocked stock.                                              stock locations. Procedures exist to report and follow up on       3. Ensure staff has been adequately          3. Attendance sheet of conducted training
                                                                                                                  goods received into blocked stock locations. Staff is aware        trained
                                                                                                                  of procedures for the receipting of goods into blocked stock
                                                                                                                  locations.

PIN        Production and   PIN.04     Inventory      Production Costs Variances                   PIN.04         Production Costs Variances                                         1. Ensure procedures are defined to          1. Procedures approved by management
           Inventory                   Production     Ensure accuracy of Production Costs                         Compute costs of material, labour, and overhead put into           perform period-end processing by             2. Reviewed monthly report on production
                                                      variances                                                   production, and ensure the correct accounting distribution of      calculating the overhead, the work in        costs variances and follow-up actions if
                                                                                                                  such costs. Production costs variances like purchase price,        progress (WIP), the variances and the        any
                                                                                                                  production material, utilisation variances are reviewed by the     settlement. All cost centres and cost        3. Reviewed ERP standard reports
                                                                                                                  management. Action plans are developed to update                   elements used for production costing
                                                                                                                  standards or improve production efficiency.                        should be identified. Actual postings
                                                                                                                                                                                     made to cost centres/cost elements
                                                                                                                                                                                     used for product cost controlling should
                                                                                                                                                                                     be reconciled with the actual cost of
                                                                                                                                                                                     goods sold
                                                                                                                                                                                     2. Review monthly report on production
                                                                                                                                                                                     costs variances: review the production
                                                                                                                                                                                     utilisation variances at the end of a
                                                                                                                                                                                     period and post variances to the P&L.
                                                                                                                                                                                     Ensure that the labor costs are
                                                                                                                                                                                     reconciled with the payroll costs
                                                                                                                                                                                     3. Review output of ERP standard
                                                                                                                                                                                     reports and check deviations.




                                                                                                                                                                                                                                                                                                                                                              Page 69/77                                                                                                                                                                                                                                                                                                       1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                                           PIN Cycle




                                                                                                                                                                                                                                                                                       (Q1)             (Q2)              (Q3)              (Q4)             (Q5)              (Q6)               (Q7)            (Q8)                (Q9)             (Q10)                  (Q11)                    (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                                                                 Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation        Evidence of     Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1             1              1                2                  2             2              2
               Cycle         Sub-       Sub-Cycle                                                   Control                                                                                    Recommended                                   Recommended                       activity relevant        why.        performed? If      comments to          control     (e.g. procedures,     Control (e.g.   (Job title and   control activity?    from 1 to 5                 5,              for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                                                  Control Objective Description                             Description of the Recommended Control Activity
             Description    Cycle ID    Description                                                Activity ID                                                                                 Validation steps                                Evidences                        to your entity?                       yes, how ?      control activity                    flowcharts...)     report signed       Name)               (Y/N)                                define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                                                                                                                                                                                                                                                                                        (free text)                                                by                                                                  remediation plan.                                                                         ow)            ow)                                               ow)            ow)
                                                                                                                                                                                                                                                                                                                                                                                            management...)
PIN        Production and   PIN.04     Inventory      Production Orders                           PIN.04         Production Orders                                             1. Ensure procedures include the                 1. Procedures approved by management
           Inventory                   Production     Production confirmations (material issues                  Production management monitors production order reports in    review and the validation of order               2. Reviewed output of ERP standard
                                                      and activity confirmations) are promptly                   a timely manner and identifies production orders that are     confirmations. Implement the business            reports
                                                      input to the system.                                       missing production confirmations. The missing confirmations   rule to set the status of the production         3. Month end checklist monitoring
                                                                                                                 are investigated and adjusted.                                version to Locked when the production            production confirmations
                                                                                                                                                                               version no longer has to be used. This
                                                                                                                                                                               ensures that the information is not lost
                                                                                                                                                                               from the system but cannot be used
                                                                                                                                                                               until it is unlocked.
                                                                                                                                                                               2. Check output of ERP standard
                                                                                                                                                                               reports
                                                                                                                                                                               3. Review month end checklist ensuring
                                                                                                                                                                               that all missing production orders are
                                                                                                                                                                               monitored on a timely basis
PIN        Production and   PIN.04     Inventory      Production Reports                          PIN.04         Production Reports                                            1. Review procedures ensuring                    1. Procedures approved by management
           Inventory                   Production     Completed production is reported                           Management reviews open production orders periodically to changes to production orders are                     2. Reviewed output of ERP standard
                                                      accurately and promptly.                                   investigate and ultimately close old open orders.             authorised and communicated. Orders              reports
                                                                                                                                                                               should have a defined status. Ensure             3. Month end checklist monitoring closure
                                                                                                                                                                               management reviews open production               of old open production orders
                                                                                                                                                                               orders periodically and closes old open
                                                                                                                                                                               orders
                                                                                                                                                                               2. Check output of ERP standard
                                                                                                                                                                               reports and review production order
                                                                                                                                                                               status, date change and person who
                                                                                                                                                                               made a change
                                                                                                                                                                               3. Review month end checklist ensuring
                                                                                                                                                                               that all open production orders are
                                                                                                                                                                               closed on a timely basis
PIN        Production and   PIN.04     Inventory      Production Performance Ensure review        PIN.04         Production Performance                                        1. Review procedures                             1. Procedures approved by management
           Inventory                   Production     and measurement of production                              Periodic review of production s (including toll manufacturer) 2. Review contracts with strategic               2. Contracts with strategic suppliers,
                                                      performance.                                               performance / Key Performance Indicators is performed and suppliers, ensuring KPIs and QPIs                    including KPIs and QPIs (Quality
                                                                                                                 documented, areas of improvements identified and followed- (Quality Performance Indicators) are                Performance Indicators)
                                                                                                                 up.                                                           included, and check that they are up-to-         3. Vendor and production KPIs and QPIs
                                                                                                                                                                               date                                             reports including complaints and follow-up
                                                                                                                                                                               3. Review vendors and own production             actions
                                                                                                                                                                               performance and check if the KPIs and            4. Minutes of meeting with agreed actions
                                                                                                                                                                               QPIs are according to the defined                with suppliers
                                                                                                                                                                               conditions (e.g. vendors evaluation
                                                                                                                                                                               forms)
                                                                                                                                                                               4. Analyse eventual deviation and check
                                                                                                                                                                               if monitoring is performed by
                                                                                                                                                                               management
PIN        Production and   PIN.05     Control        Material Price                              PIN.05         Material Price                                                    1. Review procedures                    1. Procedures approved by management
           Inventory                   Inventory      Ensure price of materials are correctly                    Review price of material for zero-value, wrongly priced and       2. Review output of ERP reports         2. Reviewed output of ERP reports
                                                      reflected in the company records.                          negative valued items.                                            3. Analyse eventual deviation and check 3. Evidence of eventual deviation and
                                                                                                                                                                                   if they are monitored by management     check if they are monitored by
                                                                                                                                                                                                                           management


PIN        Production and   PIN.05     Control        Inventory Reconciliations                   PIN.05         Inventory Reconciliations                                    1. Review procedures ensure the                   1. Procedures approved by management
           Inventory                   Inventory      Regularly reconcile inventory systems                      Regular reconciliations between the inventory sub-system,    routine reconciliation of warehouse               2. Evidence that all goods issues/receipts
                                                      and general ledger systems.                                toll manufacturers reports and general ledger are performed. management to inventory management.               are adequately recorded prior to the end of
                                                                                                                 Discrepancies are investigated and resolved.                 Procedures include the reconciliation of          the period (e.g. inventory balance in the
                                                                                                                                                                              goods movements including transfers,              G/L)
                                                                                                                                                                              goods receipts and goods issues.                  3. Month end checklist
                                                                                                                                                                              Management has developed
                                                                                                                                                                              procedures to analyze inventory
                                                                                                                                                                              account balances for reasonableness.
                                                                                                                                                                              Unusual balances are investigated
                                                                                                                                                                              2. Check that all goods issues/receipts
                                                                                                                                                                              are adequately recorded prior to the
                                                                                                                                                                              end of the period (e.g. inventory
                                                                                                                                                                              balance in the G/L).
                                                                                                                                                                              3. Review month end checklist


PIN        Production and   PIN.05     Control        Physical Inventory                       PIN.05            Physical Inventory                                                1. Review procedures ensuring annual         1. Procedures approved by management
           Inventory                   Inventory      Physical inventory procedures ensure                       Ensure the procedures (e.g. blind count) detail the inventory     inventory counts are performed and           2. Where applicable, contract with third-
                                                      that all inventories are counted on an                     count process. It is recommended to ensure that inventory         expiry dates monitored                       party distributor including KPI; KPI
                                                      appropriate (completeness and existence)                   movements are frozen during the count, if not frozen, then        2. Check whether KPI (Key                    reviewed by management.
                                                      basis during the year.                                     movements during inventory count have to be tracked (roll         Performance Indicator) covering the          3. Differences between the physical count
                                                                                                                 forwards/backwards). Compare physical count with system           inventory are included in contracts with     and system count
                                                                                                                 count and investigate differences. Differences are reviewed       third-parties, in case third-parties are     4. Documentation related to inventory
                                                                                                                 and signed off by management. Make sure adjustments are           responsible for the inventory                adjustments
                                                                                                                 recorded properly. Ensure that all items are counted at least     management. Review monitoring of
                                                                                                                 once during a year.                                               these KPIs
                                                                                                                                                                                   3. Review differences between the
                                                                                                                                                                                   physical count and system count
                                                                                                                                                                                   4. Review documentation related to
                                                                                                                                                                                   inventory adjustments
PIN        Production and   PIN.05     Control        Physical Inventory                          PIN.05         Physical Inventory                                                1. Review procedures                         1. Procedures approved by management
           Inventory                   Inventory      Ensure all inventory transactions are                      Cycle count and physical inventory count results are              2. Check whether (Key Performance            2. Where applicable, contract with third-
                                                      recorded to perpetual inventory listing.                   compared to perpetual records and reviewed by                     Indicator) covering the inventory are        party distributor including KPI; KPI
                                                                                                                 management for deviating trends or unusual items.                 included in contracts with third-party, in   reviewed by management
                                                                                                                 Adjustments are recorded in a timely manner in the                case a third-party is responsible for the    3. Differences between the physical count
                                                                                                                 accounting records.                                               inventory management. Review                 and system count
                                                                                                                                                                                   monitoring of these KPIs                     4. Documentation related to inventory
                                                                                                                                                                                   3. Review differences between the            adjustments
                                                                                                                                                                                   physical count and system count
                                                                                                                                                                                   4. Review documentation related to
                                                                                                                                                                                   inventory adjustments
                                                                                                                                                                                   5. Review month end checklist
PIN        Production and   PIN.05     Control        Inventory Adjustments                       PIN.05         Inventory Adjustments                                             1. Review procedures                         1. Procedures approved by management
           Inventory                   Inventory      Ensure all major perpetual inventory                       Management reviews all major inventory adjustments for            2. Check whether KPI (Key                    2. Where applicable, contract with third-
                                                      adjustments, shortages and rejects are                     trends or unusual items and appropriate authorisation. All        Performance Indicator) covering the          party distributor including KPI. KPI being
                                                      reviewed by production management.                         inventory adjustment documents should be pre-printed with,        inventory are included in contracts with     reviewed by management
                                                                                                                 or have system generated, sequentially ordered serial             third-party, in case a third-party is        3. Differences between the physical count
                                                                                                                 numbers.                                                          responsible for the inventory                and system count
                                                                                                                                                                                   management. Review monitoring of             4. Documentation related to inventory
                                                                                                                                                                                   these KPIs                                   adjustments and related trend analysis
                                                                                                                                                                                   3. Review differences between the
                                                                                                                                                                                   physical count and system count
                                                                                                                                                                                   4. Review documentation on inventory
                                                                                                                                                                                   adjustments and related trend analysis

PIN        Production and   PIN.05     Control        Scrapped/Reworked items                     PIN.05         Scrapped/ Reworked items                                          1. Review procedures for reworked            1. Procedures approved by management
           Inventory                   Inventory      Ensure all major perpetual inventory                       Management reviews records of scrapped and reworked               material ensuring they are appropriately     2. Where applicable, contract with third-
                                                      adjustments, shortages and rejects are                     items and checks whether such items have been correctly           authorised and that the quality of the       party distributor including KPI. KPI being
                                                      reviewed by production management.                         identified and properly recorded in the appropriate               product is sufficient for use. The impact    reviewed by management
                                                                                                                 accounting period.                                                of reworked items on cost and                3. Differences between the physical count
                                                                                                                                                                                   production time should also be               and system count
                                                                                                                                                                                   considered                                   4. Documentation related to inventory
                                                                                                                                                                                   2. Check whether KPI (Key                    adjustments on scrapped and reworked
                                                                                                                                                                                   Performance Indicator) covering the          items
                                                                                                                                                                                   inventory are included in contracts with     5. Review month end checklist
                                                                                                                                                                                   third-party, in case a third-party is
                                                                                                                                                                                   responsible for the inventory
                                                                                                                                                                                   management. Review monitoring of
                                                                                                                                                                                   these KPIs
                                                                                                                                                                                   3. Review differences between the
                                                                                                                                                                                   physical count and system count
                                                                                                                                                                                   4. Review documentation on inventory
                                                                                                                                                                                   adjustments on scrapped and reworked
                                                                                                                                                                                   items
                                                                                                                                                                                   5. Review month end checklist
PIN        Production and   PIN.05     Control        Inventory Turnover                          PIN.05         Inventory Turnover                                                1. Review procedures                         1. Procedures approved by management
           Inventory                   Inventory      Inventory recoverability is monitored and                  Management monitors discrepancies of actual inventory             2. Review monitoring of discrepancies        2. Monitoring of discrepancies of actual
                                                      obsolete inventory is identified.                          turnover/months cover levels with budgeted amounts.               of actual inventory turnover/months and      inventory turnover/months and covered
                                                                                                                                                                                   covered levels with budgeted amounts         levels with budgeted amounts
                                                                                                                                                                                   3. Review month end checklist                3. Month end checklist

PIN        Production and   PIN.05     Control        Slow and no movers                          PIN.05         Slow and no movers                                                1. Review procedures aligned with            1. Procedures approved by management
           Inventory                   Inventory      Inventory recoverability is monitored and                  Obsolete items, slow and no movers and damaged                    Group/divisional guidelines                  aligned with Group/divisional guidelines
                                                      obsolete inventory is identified.                          inventories are regularly identified and segregated from          2. Ensure obsolete items, slow and no        2. Evidence that obsolete items, slow and
                                                                                                                 other finished goods inventories. Accounting treatment of all     movers and damaged inventories are           no movers and damaged inventories are
                                                                                                                 inventory categories follows the company policies and is          regularly identified and segregated from     regularly identified and segregated from
                                                                                                                 approved by management.                                           other finished goods inventories             other finished goods inventories
                                                                                                                                                                                   3. Ensure provisions and value               3. Provisions and value adjustments are
                                                                                                                                                                                   adjustments are performed according to       performed according to the procedures
                                                                                                                                                                                   the procedures

PIN        Production and   PIN.05     Control        Inventory Destruction                       PIN.05         Inventory Destruction                                             1. Review procedures aligned with local      1. Procedures approved by management
           Inventory                   Inventory      Inventory recoverability is monitored and                  Inventories are destroyed in compliance with local laws and       laws and Group/divisional guidelines         aligned with local laws and
                                                      obsolete inventory is identified.                          regulations and applicable internal policies. Inventory           2. Ensure inventories for destruction are    Group/divisional guidelines
                                                                                                                 records are only updated to record destruction after the          regularly identified and documented          2. Inventories for destruction are regularly
                                                                                                                 occurrence of the event. Production management approves           3. Ensure destruction is performed           identified and documented
                                                                                                                 these activities. Certificates of Destructions are retained and   according to defined processes and is        3. Evidence that the destruction is
                                                                                                                 reviewed by Quality Assurance.                                    traceable                                    performed according to defined processes
                                                                                                                                                                                   4. Check management approvals for            4. Management approvals for destruction
                                                                                                                                                                                   destruction and that the certificates of     and Certificates of destructions retained by
                                                                                                                                                                                   destructions are retained by QA              QA


PIN        Production and   PIN.05     Control        Access to Inventory                         PIN.05         Access to Inventory                                               1. Review procedures ensuring access         1. Procedures approved by management
           Inventory                   Inventory      Inventory is adequately safeguarded.                       Access to inventory is only granted with approval. All goods      to inventory is only granted with            2. Communicated procedures and trained
                                                                                                                 are delivered to designated, physically secure locations          approval. All goods are delivered to         personnel
                                                                                                                 within a storage location and accepted by authorised              designated, physically secure locations      3. Evidence inventory access is limited to
                                                                                                                 personnel. Goods leaving the premises are accompanied by          within a storage location and accepted       authorized personnel
                                                                                                                 duly completed documentation.                                     by authorized personnel. Goods leaving       4. Evidence that all goods leaving the
                                                                                                                                                                                   the premises are accompanied by duly         premises are accompanied with complete
                                                                                                                                                                                   completed documentation                      documentation
                                                                                                                                                                                   2. Ensure procedures are
                                                                                                                                                                                   communicated and concerned
                                                                                                                                                                                   personnel are trained
                                                                                                                                                                                   3. Ensure inventory access is limited to
                                                                                                                                                                                   authorized personnel
                                                                                                                                                                                   4. Ensure all goods leaving the
                                                                                                                                                                                   premises are accompanied with
                                                                                                                                                                                   complete documentation

PIN        Production and   PIN.05     Control        Returns Provision                           PIN.05         Returns Provision                                                 1. Review procedures ensuring return         1. Procedures approved by management
           Inventory                   Inventory      Ensure adequate provision for returns.                     Returns reserve adjustments and calculations are reviewed         reserve adjustments are reviewed and         2. Approved reserve adjustments and
                                                                                                                 and approved by Production management                             approved                                     calculations
                                                                                                                                                                                   2. Review approved reserve                   3. Month end checklist
                                                                                                                                                                                   adjustments and calculations
                                                                                                                                                                                   3. Review month end checklist

PIN        Production and   PIN.05     Control        Work in Progress                            PIN.05         Work in Progress                                                  1. Ensure procedures are established         1. Procedures approved by management
           Inventory                   Inventory      Ensure that work-in-progress and                           Open manufacturing orders and packaging orders are                for ensuring proper cut-off timing and       2. List of open manufacturing and
                                                      intermediates are valued in accordance                     reviewed during month-end closing to ensure that                  accurate data in the system                  packaging orders as well as orders to be
                                                      with their manufacturing stage.                            WIP/intermediates are correctly valued.                           2. Review open manufacturing and             reworked
                                                                                                                                                                                   packaging orders as well as orders to        3. Correct valuation of WIP and
                                                                                                                                                                                   be reworked                                  intermediates
                                                                                                                                                                                   3. Check that WIP and intermediates          4. Review month end checklist
                                                                                                                                                                                   are correctly valued
                                                                                                                                                                                   4. Review month end checklist




                                                                                                                                                                                                                                                                                                                                                           Page 70/77                                                                                                                                                                                                                                                                                                       1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                                           PIN Cycle




                                                                                                                                                                                                                                                                                       (Q1)             (Q2)              (Q3)              (Q4)             (Q5)              (Q6)               (Q7)            (Q8)                (Q9)             (Q10)                  (Q11)                    (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                                                                 Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation        Evidence of     Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1             1              1                2                  2             2              2
               Cycle         Sub-       Sub-Cycle                                                    Control                                                                                  Recommended                                    Recommended                       activity relevant        why.        performed? If      comments to          control     (e.g. procedures,     Control (e.g.   (Job title and   control activity?    from 1 to 5                 5,              for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                                                   Control Objective Description                             Description of the Recommended Control Activity
             Description    Cycle ID    Description                                                 Activity ID                                                                               Validation steps                                 Evidences                        to your entity?                       yes, how ?      control activity                    flowcharts...)     report signed       Name)               (Y/N)                                define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                                                                                                                                                                                                                                                                                        (free text)                                                by                                                                  remediation plan.                                                                         ow)            ow)                                               ow)            ow)
                                                                                                                                                                                                                                                                                                                                                                                            management...)
PIN        Production and   PIN.05     Control        Stock on Consignment                     PIN.05             Stock on Consignment                                            1. Review procedures ensuring periodic        1. Procedures approved by management
           Inventory                   Inventory      Stock on consignment and located out-of-                    Periodic reconciliations are made with relevant third party     reconciliations are made with vendors.        2. Where applicable, contract with third-
                                                      house is monitored appropriately.                           custodians. When necessary, physical inventory counts are       Differences are investigated, approved        party distributor including KPI and QPI. KPI
                                                                                                                  performed. Differences are investigated, approved by            by management and recorded                    and QPI reviewed by management
                                                                                                                  management and recorded.                                        2. Check whether KPI and QPI covering         3. Differences between the physical count
                                                                                                                                                                                  the inventory are included in contracts       and system count
                                                                                                                                                                                  with third-party, in case a third-party is    4. Documentation related to inventory
                                                                                                                                                                                  responsible for the inventory                 adjustments and related trend analysis
                                                                                                                                                                                  management. Review monitoring of
                                                                                                                                                                                  these KPIs and QPIs
                                                                                                                                                                                  3. Review differences between the
                                                                                                                                                                                  physical count and system count
                                                                                                                                                                                  4. Review documentation on inventory
                                                                                                                                                                                  adjustments and related trend analysis


PIN        Production and   PIN.05     Control        FIFO (First In First Out)/ FEFO (First       PIN.05         Management review                                               1. Review procedures ensuring                 1. Procedures approved by management
           Inventory                   Inventory      Expired First Out)                                          Management reviews commodity and production costs               management reviews and approves the           2. Analysis of commodity and production
                                                      Ensure reasonableness of change in                          against expectations.                                           FIFO/FEFO inventory valuation                 costs against expectations
                                                      FIFO/FEFO reserve.                                                                                                          2. Review analysis of commodity and
                                                                                                                                                                                  production costs against expectations

PIN        Production and   PIN.05     Control        FIFO (First In First Out)/ FEFO (First       PIN.05         Management review                                               1. Review procedures ensuring                 1. Procedures approved by management
           Inventory                   Inventory      Expired First Out)                                          Management reviews the FIFO/FEFO reserve and related            management reviews and approves the           2. Analysis of FIFO/FEFO reserve and
                                                      Ensure reasonableness of change in                          P&L impact against changes in inventory quantities.             FIFO/FEFO inventory valuation                 related P&L impact against changes in
                                                      FIFO/FEFO reserve.                                                                                                          2. Review analysis of FIFO/FEFO               inventory quantities
                                                                                                                                                                                  reserve and related P&L impact against
                                                                                                                                                                                  changes in inventory quantities

PIN        Production and   PIN.05     Control        FIFO (First In First Out)/ FEFO (First  PIN.05              Approval of FIFO/FEFO Adjustments                               1. Review procedures ensuring                 1. Procedures approved by management
           Inventory                   Inventory      Expired First Out)                                          Policies and procedures are in place regarding the              management reviews and approves the           2. Approval of FIFO/FEFO inventory
                                                      Ensure proper approval of all FIFO/FEFO                     obtainment of necessary approval before making any              FIFO/FEFO inventory valuation                 adjustments
                                                      reserve adjustments.                                        FIFO/FEFO inventory adjustments.                                2. Review the approval of FIFO/FEFO
                                                                                                                                                                                  inventory adjustments

PIN        Production and   PIN.06     Manage and     Sales Forecast                               PIN.06         Sales Forecast                                               1. Review procedures                     1. Procedures approved by management
           Inventory                   Schedule       Ensure approval of detailed sales                           Procedures exists for the preparation and approval of        2. Review approved sales forecast on a 2. Reviewed and analysed monthly sales
                                       Operations     forecasts by management.                                    detailed sales forecast and their utilization as a basis for monthly basis and ensure followed up, if forecast indicating follow up actions
                                                                                                                  production planning, inventory planning, production          any, are being performed
                                                                                                                  schedules, inventory budgets and detailed material and labor
                                                                                                                  requirements.

PIN        Production and   PIN.06     Manage and     Forecast vs. Actual Production               PIN.06         Forecast vs. Actual Production                                  1. Review procedures                          1. Procedures approved by management
           Inventory                   Schedule       Ensure actual production is in line with                    Forecast/budgets vs. actual production is monitored by          2. Review sales forecast vs. actual           2. Reviewed and analysed monthly sales
                                       Operations     company forecast.                                           management.                                                     production on a monthly basis and             forecast vs. actual production indicating
                                                                                                                                                                                  ensure followed up, if any, are being         follow up actions
                                                                                                                                                                                  performed

PIN        Production and   PIN.07     Lower of       Lower of Cost or Market                      PIN.07         Lower of Cost or Market Value                                   1. Review procedures                          1. Procedures approved by management
           Inventory                   Cost or        Periodically review Lower of Cost or                        Management reviews a summary of inventory per unit costs        2. Review the summary inventory listing       2. Reviewed inventory listing of unit costs
                                       Market Value   Market LOCOM for potential exposures.                       as compared with sales prices for at risk products or groups    per unit costs vs. sales prices for at risk   vs. sales prices for at risk groups of
                                                                                                                  of products.                                                    products                                      products indicating follow up actions
                                                                                                                                                                                  3. Ensure follow up action for at risk
                                                                                                                                                                                  products is performed

PIN        Production and   PIN.07     Lower of       Lower of Cost or Market                      PIN.07         Lower of Cost or Market Value                                   1. Review procedures                          1. Procedures approved by management
           Inventory                   Cost or        Periodically review Lower of Cost or                        Management reviews changes in raw material prices if their      2. Review comparison list of raw              2. Reviewed comparison list of raw
                                       Market Value   Market LOCOM for potential exposures.                       conversion into a finished product produces a cost that is      material/bulk prices vs finished goods        material/bulk prices vs finished goods and
                                                                                                                  higher than market value.                                       and sales prices                              sales prices, and follow up actions
                                                                                                                                                                                  3. Ensure follow up actions are
                                                                                                                                                                                  performed
PIN        Production and   PIN.07     Lower of       Lower of Cost or Market                      PIN.07         Lower of Cost or Market Value                              1. Review procedures                               1. Procedures approved by management
           Inventory                   Cost or        Periodically review Lower of Cost or                        Lower of Cost or Market (LOCOM) inventory adjustments      2. Review lower of Cost or Market                  2. Reviewed lower of Cost or Market
                                       Market Value   Market LOCOM for potential exposures.                       developed by Financial Production Supply (Cost Accounting) (LOCOM) adjustments                                (LOCOM) adjustments approved by
                                                                                                                  are reviewed and approved by Financial Production Supply 3. Select samples to recompute the                   Financial Production Supply Management
                                                                                                                  Management and FRA Management before Journal Entries adjustments                                              and FRA Management
                                                                                                                  are posted by FRA Accounting.

PIN        Production and   PIN.08     Pre-approval   Physical Access                              PIN.08         Physical Access                                                 1. Review procedures ensuring access          1. Procedures approved by management
           Inventory                   Inventory      Ensure that inventory that is subject to                    Physical access for inventory that is not released by Quality   to inventory is subject to approval           2. Evidence of the configuration of the
                                                      approval is clearly identified.                             Control should be restricted.                                   2. Review configuration of the system         system indicating that inventory under
                                                                                                                                                                                  with regards to material status               Quality control is shown as "blocked
                                                                                                                                                                                  3. Ensure that physical access to goods       material"
                                                                                                                                                                                  that are under Quality control is             3. Evidence that physical access to goods
                                                                                                                                                                                  restricted                                    that are under Quality control is restricted
                                                                                                                                                                                  4. Review periodic list of persons            4. Periodic list of persons having had
                                                                                                                                                                                  having had access to the inventories          access to the inventories

PIN        Production and   PIN.08     Pre-approval   Physical Access                              PIN.08         Records                                                         1. Ensure discussions with the                1. Procedures approved by management
           Inventory                   Inventory      Ensure that inventory that is subject to                    Records of discussions with the regulatory authorities are      regulatory authorities are properly           2. Minutes of discussions with the
                                                      approval is clearly identified.                             properly maintained.                                            documented and maintained                     regulatory authorities



PIN        Production and   PIN.08     Pre-approval   Physical Access                              PIN.08         Records                                                         1. Review procedures ensuring not             1. Procedures approved by management
           Inventory                   Inventory      Ensure that inventory that is subject to                    Inventory that is not yet approved should be clearly identified approved inventory is identified in the       2. Evidence of the configuration of the
                                                      approval is clearly identified.                             as such in the inventory system.                                system                                        system indicating that inventory under
                                                                                                                                                                                  2. Review configuration of the system         Quality control is shown as "blocked
                                                                                                                                                                                  with regards to material status               material"

PIN        Production and   PIN.08     Pre-approval   Valuation                                    PIN.08         Valuation                                                       1. Review procedures                          1. Procedures approved by management
           Inventory                   Inventory      Value inventory at Net Realizable Value                     Periodic meetings with R&D, Medical Affairs, Legal, and         2. Ensure minutes of periodic meetings        2. Minutes of periodic meetings
                                                      based on assessment of approval                             Financial personnel are held to discuss status of pre-          are maintained
                                                      process.                                                    approval inventory. ( Pre-approval inventory are products
                                                                                                                  which have not yet received regulatory approval ).

PIN        Production and   PIN.08     Pre-approval   Valuation                                    PIN.08         Adjustments                                                     1. Review procedures                          1. Procedures approved by management
           Inventory                   Inventory      Value inventory at Net Realizable Value                     Pre-Approval inventory adjustments developed by Financial       2. Review pre-approved inventory              2. Reviewed pre-approved inventory
                                                      based on assessment of approval                             Production Supply (Cost Accounting) are reviewed and            adjustments                                   adjustments approved by Financial
                                                      process.                                                    approved by Financial Production Supply Management and          3. Ensure adjustments are performed           Production Supply Management and FRA
                                                                                                                  FRA Management before Journal Entries are posted by FRA         considering regulatory requirements (if       Management
                                                                                                                  Accounting.                                                     applicable)                                   3. Evidence that adjustments are
                                                                                                                                                                                                                                performed considering regulatory
                                                                                                                                                                                                                                requirements (if applicable)

PIN        Production and   PIN.09     Compliance     Compliance                               PIN.09             Compliance                                                      1. Check that procedures exist, adhere        1. Procedures approved by management
           Inventory                   with Good      Ensure the company is in compliance with                    Management performs reviews of key processes to ensure          to Group/Divisional policies and are up-      2. Output of reviews performed by
                                       Manufacturin   GMP (Good Manufacturing Practices).                         compliance with validation requirements. QA performs            to-date and duly signed.                      management and QA to be in compliance
                                       g Practices                                                                regular audits to ensure compliance.                            2. Check that management and QA               with GxP requirements and follow-up
                                                                                                                                                                                  functions regularly perform compliance        actions
                                                                                                                                                                                  reviews of key processes
                                                                                                                                                                                  3. Review output of the reviews and
                                                                                                                                                                                  check follow-up actions

PIN        Production and   PIN.10     Product        Recall Reserve                            PIN.10            Recall Reserve                                                  1. Review procedures                          1. Procedures approved by management
           Inventory                   Recall         Recall reserve captures costs to complete                   Recall reserve estimates are reviewed by cross-functional       2. Ensure traceability of products along      2. Traceability of products along the
                                                      recall action in line with legal                            team to ensure all costs (such as cost to destroy inventory)    the supply chain                              supply chain
                                                      requirements.                                               are captured and approved by management.                        3. Check reasonableness of                    3. Recall reserves estimates approved by
                                                                                                                                                                                  assumptions used for recall reserves          management
                                                                                                                                                                                  estimates calculations                        4. Evidence that recall reserves are
                                                                                                                                                                                  4. Ensure recall reserves are reviewed        reviewed by cross-functional teams
                                                                                                                                                                                  by cross-functional teams and approved
                                                                                                                                                                                  by management

PIN        Production and   PIN.11     Samples        Recording                                    PIN.11         Recording                                                       1. Review procedures                          1. Procedures approved by management
           Inventory                   Inventory      Ensure issuances and conversion from                        Record and report issuances of samples in a timely manner.      2. Ensure traceability of samples along       2. Traceability of samples along the supply
                                                      saleable goods to samples are recorded                                                                                      the supply chain                              chain
                                                      in a timely manner.                                                                                                         3. Ensure the conversion of saleable          3. Evidence that the conversion of
                                                                                                                                                                                  goods to sample is traceable                  saleable goods to sample is traceable
                                                                                                                                                                                  4. Ensure issuance of samples are in          4. Log of sample issuance duly authorised
                                                                                                                                                                                  compliance with regulatory authorities
                                                                                                                                                                                  regulations
PIN        Production and   PIN.11     Samples        Access                                       PIN.11         Access                                                          1. Review procedures                          1. Procedures approved by management
           Inventory                   Inventory      Access to samples inventory is restricted                   Ensure samples are maintained/issued in compliance with         2. Review configuration of the system         2. Evidence of the configuration of the
                                                      to employees who have been educated                         regulatory authorities regulations. Standard Operating          with regards to material status               system indicating a different status for
                                                      on regulatory requirements.                                 Procedures exist related to documentation of issuance of        3. Ensure that physical access to             samples
                                                                                                                  sample inventory.                                               samples is restricted to authorized           3. Evidence that physical access to
                                                                                                                                                                                  personnel                                     samples is restricted to authorised
                                                                                                                                                                                  4. Review periodic list of persons            personnel
                                                                                                                                                                                  having had access to the inventories          4. Periodic list of persons having had
                                                                                                                                                                                                                                access to the inventories
PIN        Production and   PIN.11     Samples        Compliance Review                            PIN.11         Compliance Review                                               1. Review procedures                          1. Procedures approved by management
           Inventory                   Inventory      Ensure samples are maintained/issued in                     Periodic compliance reviews are conducted.                      2. Ensure expiry date of samples is           2. Evidence that expiry date of samples is
                                                      compliance with regulatory authorities                                                                                      monitored                                     monitored
                                                      regulations.                                                                                                                3. Review compliance reports                  3. Reviewed compliance reports

PIN        Production and   PIN.12     Toll           Records of Assets                            PIN.12         Records of Assets                                               1. Review procedures aligned with             1. Procedures approved by management
           Inventory                   Manufacturin   Equipment, raw materials and other                          Records for equipment , raw materials and other assets          Group/divisional guidelines                   and aligned with Group/divisional
                                       g/ In-house    assets owned by the unit but in the                         owned by the unit but in the custody of the toll manufacturer   2. Review asset inventory list in the         guidelines
                                       production     custody of the toll manufacturer is                         are maintained and updated for movements.                       custody of the toll manufacturers             2. Maintained and approved list of assets
                                                      adequately safeguarded and accounted                                                                                        3. Ensure assets are recorded in the          in the custody of the toll manufacturers
                                                      for.                                                                                                                        system                                        3. Evidence that assets are recorded in
                                                                                                                                                                                                                                the system

PIN        Production and   PIN.12     Toll           Records of Assets                            PIN.12         Assets Counts                                                   1. Review procedures aligned with             1. Procedures approved by management
           Inventory                   Manufacturin   Equipment, raw materials and other                          Periodic asset counts are performed for the units assets that   Group/divisional guidelines                   and aligned with Group/divisional
                                       g/ In-house    assets owned by the unit but in the                         are in the custody of the toll manufacturer, reconciled         2. Review asset inventory list                guidelines
                                       production     custody of the toll manufacturer is                         against the fixed assets register and inventory register for    3. Review physical asset count list and       2. Reviewed asset inventory list from the
                                                      adequately safeguarded and accounted                        capitalised assets and other records for non-capitalised        adequacy of storage conditions for            system
                                                      for.                                                        assets. Any discrepancies with records should be resolved.      materials                                     3. Reviewed physical asset count list

PIN        Production and   PIN.12     Toll           Records of Assets                            PIN.12         Assets write-offs                                               1. Review procedures aligned with             1. Procedures approved by management
           Inventory                   Manufacturin   Equipment, raw materials and other                          Asset write-offs are approved by appropriate management         Group/divisional guidelines                   and aligned with Group/divisional
                                       g/ In-house    assets owned by the unit but in the                         staff.                                                          2. Review asset write-off list                guidelines
                                       production     custody of the toll manufacturer is                                                                                                                                       2. Reviewed approved list of asset write-
                                                      adequately safeguarded and accounted                                                                                                                                      offs
                                                      for.
PIN        Production and   PIN.12     Toll           Records of Assets                            PIN.12         Insurance                                                       1. Review procedures aligned with             1. Procedures approved by management
           Inventory                   Manufacturin   Equipment, raw materials and other                          Equipment and assets are sufficiently insured, where            Group/divisional guidelines                   and aligned with Group/divisional
                                       g/ In-house    assets owned by the unit but in the                         appropriate.                                                    2. Review contract with toll                  guidelines
                                       production     custody of the toll manufacturer is                                                                                         manufacturer and ensure the adequacy          2. Contract with toll manufacturer
                                                      adequately safeguarded and accounted                                                                                        of insurance coverage
                                                      for.
PIN        Production and   PIN.12     Toll           Contingency Plans                            PIN.12         Contingency Plans                                         1. Check that procedures exist, adhere              1. Procedures approved by management
           Inventory                   Manufacturin   Prepare and properly communicate                            Disaster Recovery Plans for the warehouses and production to Group/Divisional policies, are up to             2. For Company own manufacturing
                                       g/ In-house    contingency plans for dealing with                          sites have been documented and tested.                    date and duly signed                                facilities, output of the testing of the
                                       production     emergencies (e.g. fire, floods, electrical                                                                            2. Check that the contingency plans are             contingency plans and follow-up actions
                                                      failure, supply interruption etc).                                                                                    tested communicated to the relevant                 3. For toll manufacturers, contracts
                                                                                                                                                                            employees                                           including Disaster Recovery Plans
                                                                                                                                                                            3. For toll manufacturers, review the               conditions
                                                                                                                                                                            contracts and ensure adequacy of the
                                                                                                                                                                            Disaster Recovery Plans conditions

PIN        Production and   PIN.12     Toll           Procedures                                   PIN.12         Procedures                                                      1. Check that procedures exist, adhere        1. Procedures approved by management
           Inventory                   Manufacturin   Establish and implement standard                            Key processes should be documented in standard operating        to Group/Divisional policies, are up to       2. Evidence that procedures are
                                       g/ In-house    operating procedures.                                       procedures ("SOP"). These procedures are tested for             date and duly signed                          communicated to the relevant personnel
                                       production                                                                 compliance to these SOP.                                        2. Check that the policy is                   3. Reports or tests conducted by Finance
                                                                                                                                                                                  communicated to the relevant                  and/or Production to monitor compliance
                                                                                                                                                                                  employees (e.g. evidence of training,         activities
                                                                                                                                                                                  email etc)
                                                                                                                                                                                  3. Review Finance and Production
                                                                                                                                                                                  involvement in the monitoring of the
                                                                                                                                                                                  compliance activities




                                                                                                                                                                                                                                                                                                                                                           Page 71/77                                                                                                                                                                                                                                                                                                       1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                                              PPE Cycle




                                                                                                                            Control Matrix                                                                                                                                                                                                                                          Assessment                                                                                                                   Remediation                                                                                             Testing
                                                                                                                                                                                                                                                                                                            (Q1)             (Q2)              (Q3)              (Q4)             (Q5)              (Q6)               (Q7)            (Q8)                (Q9)             (Q10)                  (Q11)                    (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                                                                                      Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation        Evidence of     Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1             1              1                2                  2             2              2
               Cycle         Sub-       Sub-Cycle                                                    Control                                                                                        Recommended                                              Recommended                            activity relevant        why.        performed? If      comments to          control     (e.g. procedures,     Control (e.g.   (Job title and   control activity?    from 1 to 5                 5,              for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                                                   Control Objective Description                             Description of the Recommended Control Activity
             Description    Cycle ID    Description                                                 Activity ID                                                                                     Validation steps                                           Evidences                             to your entity?                       yes, how ?      control activity                    flowcharts...)     report signed       Name)               (Y/N)                                define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                                                                                                                                                                                                                                                                                                             (free text)                                                by                                                                  remediation plan.                                                                         ow)            ow)                                               ow)            ow)
                                                                                                                                                                                                                                                                                                                                                                                                                 management...)
PPE        Property, plant & PPE.01    Segregation of Segregation of Duties/Access Rights          PPE.01         Segregation of Duties - User Access Rights                        1. Review SoD matrix with updated job                  1. Procedures and flow charts (e.g. User
           equipment and               Duties/Access Appropriate segregation of duties is in                      Adequate segregation of duties exist between the physical         descriptions and system access. Check that             Authorization Management) approved by
           Intangibles                 Rights         place with corresponding system access                      custody of property, plant & equipment, acquisition               functional responsibilities are not being              management
                                                      rights.                                                     authorisation, and accounting duties. A Segregation of            compromised by improper reporting lines                2. Job descriptions and organisation chart
                                                                                                                  Duties matrix is defined and reflected in job descriptions or     2. Check that mitigating controls are identified       3. Access to system inline with job description
                                                                                                                  role profiles. In the absence of proper segregation of duties,    and described                                          4. SoD matrix including mitigating controls
                                                                                                                  compensating controls are established (e.g. direct                3. Validate adequacy of compensating controls          5. User access rights report from ERP system
                                                                                                                  supervision, second signature, exception reports).                4. Review access rights report from ERP system         reviewed by management
                                                                                                                                                                                    5. Review transactions that are outside of the role
                                                                                                                                                                                    profile of the user


PPE        Property, plant & PPE.01    Segregation of Segregation of Duties/Access Rights          PPE.01         Access Rights - Manage & Review                                   1. Review procedure on User Authorization              1. Procedures and flow charts (e.g. User
           equipment and               Duties/Access Appropriate segregation of duties is in                      The access rights in the system are managed and regularly         Management                                             Authorization Management) approved by
           Intangibles                 Rights         place with corresponding system access                      reviewed by management. The review is documented and              2. Review SoD matrix with updated job                  management
                                                      rights.                                                     any unauthorised access rights are corrected in the system.       descriptions and system access                         2. SoD matrix including mitigating controls
                                                                                                                                                                                    3. Review access rights report from ERP system         3. Signed access rights authorisation forms

PPE        Property, plant & PPE.02    Acquisition     Capital Appropriation Requests           PPE.02            Approval                                                          1. Review the Terms of Reference and                   1. Capital Appropriation Requests (CAR) completed
           equipment and                               Acquisition requests follow Capital                        Capital Appropriation Requests (CAR) are completed and            authorisation limits of the signatories                and approved by the appropriate persons,
           Intangibles                                 Appropriation Request guidelines and are                   compliant with the Terms of Reference. Both purchases and         2. Review CAR for completeness (including              accordingly to the SLA
                                                       duly approved and documented.                              accounting treatment (e.g. capitalising or expensing              accounting treatment) and proper approval.             2. If finance lease: proof of the review performed by
                                                                                                                  expenditures) are approved by management. Finance leases          Review the supporting documents                        Group Treasury
                                                                                                                  are reviewed by Group Treasury and operating leases by            3. Review the acquisition process for approved         3. If operating lease: proof of the review performed
                                                                                                                  Divisional FRA. Asset requisitions follow indirect-purchasing     vendors and quotes                                     by Divisional FRA
                                                                                                                  guidelines, with approved vendors and competitive quotes.                                                                4. Quotes and list of approved vendors

PPE        Property, plant & PPE.02    Acquisition     Capital Appropriation Requests              PPE.02         Interest calculations                                             1. Review Accounting Manual. Check the method 1. Approval (signature) of capitalized interest
           equipment and                               Ensure proper approval for capitalised                     Capitalised interest calculations are approved by                 and basis for the interest calculation        calculations by the Head of FRA / CFO
           Intangibles                                 interest calculation where projects are                    management in accordance with corporate guidelines as a
                                                       financed through debt.                                     part of the capital request.
PPE        Property, plant & PPE.02    Acquisition     Cost Control                                PPE.02         Monitoring                                                        1. Review the monitoring process: definition of    1. Comparison of actual CAR expenditures against
           equipment and                               Ensure property, plant & equipment                         Capital Appropriation Requests are compared to actual             milestones or control parameters based on          budget approved by the Head of FRA / CFO
           Intangibles                                 capital costs are monitored by                             expenditures and significant variances are investigated by        qualitative and quantitative assumptions, variance 2. Minutes of the local investment review committee
                                                       management.                                                management. It s recommended that 1) Management                   analysis and local investment committee. Ensure including CAR review
                                                                                                                  reviews accumulations of property, plant & equipment              CAR reports showing budget versus actuals are
                                                                                                                  transactions monthly in order to ensure the validity of these     sent to management each month for their review
                                                                                                                  totals; 2) where applicable, the CAR review is minuted at the     2. Check that accumulation of PPE transactions
                                                                                                                  local investment review committee.                                are reviewed monthly by management
                                                                                                                                                                                    3. Where applicable, check that CAR is regularly
                                                                                                                                                                                    reviewed and monitored by the local investment
                                                                                                                                                                                    committee


PPE        Property, plant & PPE.02    Acquisition     Capital work in progress (CIP) (including   PPE.02         Cost Control                                                1. Review and reconcile the actual project costs             1. Cost reconciliation at least on a quarterly basis,
           equipment and                               assets under construction)                                 Cost and commitment control is ensured at all phases of an plus commitments against approved project                     duly approved by the CFO, Head of FRA or project
           Intangibles                                 Construction projects are duly approved,                   investment. Actual project costs are compared against       budget. Review tolerance limits and check proper             Manager
                                                       monitored and accounted for.                               approved project budget at least on a quarterly basis. At   approval for overspend                                       2. If overspend is beyond tolerance limit, approval of
                                                                                                                  completion, under and overspend are reported separately for                                                              overspend data based on Financial Authority Level
                                                                                                                  each project.

PPE        Property, plant & PPE.02    Acquisition     Capital work in progress (CIP) (including   PPE.02         Work In Progress                                                  1. Review open PO listing to ensure that all WIP       1.Open PO listing for project-related expense
           equipment and                               assets under construction)                                 All project transactions are promptly recorded in the project     related transactions are accurately recorded in        2.Spot check of a sample of accruals
           Intangibles                                 Construction projects are duly approved,                   accounts and reported in the correct accounting period as         the correct period. Make sure that all services
                                                       monitored and accounted for.                               work in progress.                                                 and materials received but not yet paid are
                                                                                                                                                                                    accrued at month end
                                                                                                                                                                                    2. Select material items in WIP account and trace
                                                                                                                                                                                    back to invoices
PPE        Property, plant & PPE.02    Acquisition     Capital work in progress (CIP) (including   PPE.02         Retention payments                                                1. Select some releases of retention payment and 1. Release form for retention payment duly
           equipment and                               assets under construction)                                 For large projects, retention payments are held until             check whether these releases were compliant      approved by management (according to SLA) and
           Intangibles                                 Construction projects are duly approved,                   completion and formal delivery tests are carried out.             with the contracts rules applied to retention    duly documented
                                                       monitored and accounted for.                               Retention payments are released only based on proper              payments. Review supporting documentation for
                                                                                                                  management approval in accordance with the Terms of               selected retention payment releases
                                                                                                                  References.                                                       2. Review the Terms of References and required
                                                                                                                                                                                    approvals for the retention payments release
                                                                                                                                                                                    3. Test approval of contract closure and
                                                                                                                                                                                    monitoring of related retention monies and
                                                                                                                                                                                    penalty clauses (indemnities for delays). Check
                                                                                                                                                                                    for legal involvement where relevant


PPE        Property, plant & PPE.02    Acquisition     Capital work in progress (CIP) (including   PPE.02         Completion                                                        1. Check the accounting method applied for the         1. Transfer from capital work in progress to fixed
           equipment and                               assets under construction)                                 Transfer from capital work in progress to fixed assets is         transfer from capital work in progress to fixed        asset duly approved by CFO/Head of FRA/Project
           Intangibles                                 Construction projects are duly approved,                   properly accounted for in accordance with Accounting              assets. Select samples of projects and review          Manager
                                                       monitored and accounted for.                               Manual                                                            accounting treatment. Ensure that costs
                                                                                                                                                                                    transferred from CIP to Fixed assets have an
                                                                                                                                                                                    approved and completed CAR form
                                                                                                                                                                                    2. Check whether pending projects exist which
                                                                                                                                                                                    could have been closed some time ago and
                                                                                                                                                                                    whether completed projects are reported and
                                                                                                                                                                                    capitalized immediately
PPE        Property, plant & PPE.03    Accounting      Recording                                   PPE.03         Asset Description                                                 1. Fixed Assets reconciliation completed monthly. 1. Sign off on FA GL reconciliation
           equipment and                               Ensure accurate accounting records of                      Maintain detailed accounting records for property, plant &        This should be reconciled periodically with       2. Depreciation reconciliation
           Intangibles                                 property, plant & equipment are                            equipment which include asset description, location,              postings to GL accounts for asset accounting and 3. Change requests duly approved by management
                                                       maintained.                                                accurate determination of cost, useful life of assets, residual   all discrepancies followed up promptly.
                                                                                                                  value, depreciation charges, and appropriate tax data. A          2. GL postings should be checked against the list
                                                                                                                  reconciliation between detailed asset records and the             of assets retired in the year to ensure that no
                                                                                                                  General Ledger is performed on a regular basis.                   transactions have been posted to the asset after
                                                                                                                  Discrepancies are followed up.                                    retirement.
                                                                                                                                                                                    3. Run ERP standard report to search for
                                                                                                                                                                                    incomplete asset records.
                                                                                                                                                                                    4. Check that asset ownership is up-to-date with
                                                                                                                                                                                    report listing assets by cost centre. Check
                                                                                                                                                                                    procedure to detect changes made to cost centre
                                                                                                                                                                                    assignment in the asset master. Check
                                                                                                                                                                                    management approval
                                                                                                                                                                                    5. Check that change requests exist, including
                                                                                                                                                                                    documented justification for asset records to be
                                                                                                                                                                                    created, changed, amended or deleted. Pro-
                                                                                                                                                                                    forma requests should be subject to appropriate
                                                                                                                                                                                    management approval
                                                                                                                                                                                    6. Check that the IM system structure within ERP
                                                                                                                                                                                    is in line with the approved CAR and that any
                                                                                                                                                                                    change in system components (capital investment
                                                                                                                                                                                    program, investment budget) is done based on
                                                                                                                                                                                    formal requests

PPE        Property, plant & PPE.03    Accounting      Recording                                   PPE.03         Asset Identification                                              1. Check whether the system allows the              1. System configuration showing that only one
           equipment and                               Ensure accurate accounting records of                      The property, plant & equipment system is set up to allow         assignment of one number per asset. If not, look number can be assigned by asset
           Intangibles                                 property, plant & equipment are                            only one property, plant & equipment number to be assigned        for duplicates. By example, ask the FA Supervisor 2. List of asset numbers with no duplicate numbers
                                                       maintained.                                                for each item of property, plant & equipment. If this cannot be   to add a new asset with an already existing FA
                                                                                                                  set up, monitoring reports are created to show duplicate          number. The FA subledger application should
                                                                                                                  property, plant & equipment records. It is important that         give a warning message that the asset already
                                                                                                                  property, plant & equipment numbers are not duplicated in         exists and the user can not add the new asset
                                                                                                                  order to facilitate asset identification. Items have to be        2. Select a sample of items from the fixed asset
                                                                                                                  tagged in accordance with NAM Policy section 5.1.                 register and verify both existence of the asset and
                                                                                                                                                                                    tagging is in place. Also, this check should be
                                                                                                                                                                                    performed vice-versa, from physical asset to the
                                                                                                                                                                                    register. Test for missing numbers and
                                                                                                                                                                                    investigate
                                                                                                                                                                                    3. Review whether the fixed assets register is
                                                                                                                                                                                    adequately structured by the nature of assets
                                                                                                                                                                                    (land, buildings, machinery, furniture, IT hardware
                                                                                                                                                                                    etc.). Are assets (whenever possible and
                                                                                                                                                                                    reasonable) recorded individually and not in
                                                                                                                                                                                    groups

PPE        Property, plant & PPE.03    Accounting      Recording                                   PPE.03         Physical inventory                                               1. Review the procedure for physical inventory of       1. Physical inventory reports and if applicable,
           equipment and                               Ensure accurate accounting records of                      Physical inventory of property, plant & equipment is             PPE. Check compliance with the Accounting               related inventory adjustments duly approved by
           Intangibles                                 property, plant & equipment are                            performed in accordance with Accounting Manual. Property,        Manual                                                  management
                                                       maintained.                                                plant and equipment assets with an acquisition cost greater      2. Check that the inventory took place according        2. Approved disposal form for write off based on net
                                                                                                                  than or equal to 10,000 USD are to be verified at least every    to the frequency mentioned in the Accounting            book value
                                                                                                                  two years, those with an acquisition cost less than 10,000       Manual
                                                                                                                  USD are to be verified at least every four years. Ensure         3. Check that assets no longer in use are
                                                                                                                  procedures exist so that any property, plant & equipment no      disposed. For control activities related to
                                                                                                                  longer in use are appropriately disposed of and removed          disposal,
                                                                                                                  from the financial statements. Management reviews all            4. Check managements review for significant
                                                                                                                  significant fixed assets for impairment on an annual basis.      fixed assets impairment with underlying
                                                                                                                  For each significant asset, management documents this            documentation. Check accounting treatment of
                                                                                                                  review.                                                          impairment
                                                                                                                                                                                   5. Confirm that, wherever feasible, physical
                                                                                                                                                                                   verification of fixed assets is performed by staff
                                                                                                                                                                                   independent from maintaining the fixed asset
                                                                                                                                                                                   register
                                                                                                                                                                                   6. Consider segregation of duties issues when
                                                                                                                                                                                   cost center heads are asked to confirm the assets
                                                                                                                                                                                   existence
                                                                                                                                                                                   7. Review how fully depreciated or written off
                                                                                                                                                                                   assets are being controlled (within fixed assets
                                                                                                                                                                                   register or separate control)
                                                                                                                                                                                   8. Review the leavers process for returning
                                                                                                                                                                                   assets from employees, both office and non office-
                                                                                                                                                                                   based, (e.g. field force). Perform a sample test,
                                                                                                                                                                                   e.g. computers and other IT equipment. Note: it
PPE        Property, plant & PPE.03    Accounting      Recording                                   PPE.03         Fixed Assets Review                                              is quite likely that the equipment held by leavers
                                                                                                                                                                                   1. Review procedures for transferring assets            1. Procedure for asset transfer up-to-date and duly
           equipment and                               Ensure accurate accounting records of                      Asset-related transactions (acquisitions, disposal...) affecting including identification of sender/receiver,            approved by management
           Intangibles                                 property, plant & equipment are                            the property, plant & equipment register, and/or master file     definition of appropriate transaction and               2. Reports reviewed by Fixed Asset manager.
                                                       maintained.                                                are edited and validated for completeness; identified errors     transaction type, transfer of "ownership",              Transactions to correct errors duly approved by
                                                                                                                  are corrected promptly. Any transaction is evidenced by duly treatment of intercompany profit/loss and VAT               management and documented
                                                                                                                  approved documents.                                              treatment of any retirement/acquisition
                                                                                                                                                                                   transactions used for this purpose.
                                                                                                                                                                                   2. The following ERP reports should be used to
                                                                                                                                                                                   monitor asset master records: Asset Acquisitions;
                                                                                                                                                                                   Asset Transactions; Asset Retirements;
                                                                                                                                                                                   Intracompany Asset Transfers; Asset History;
                                                                                                                                                                                   Changes to Asset Master
                                                                                                                                                                                   3. Review ERP report directory of unposted
                                                                                                                                                                                   assets.
                                                                                                                                                                                   4. Check whether master records are locked and
                                                                                                                                                                                   why
                                                                                                                                                                                   5. Perform a reconciliation of Fixed Asset
                                                                                                                                                                                   General Accounts versus Fixed Asset Register
                                                                                                                                                                                   6. Check that the IM system structure within ERP
                                                                                                                                                                                   is in line with the approved CAR and that any
                                                                                                                                                                                   change in system components (capital investment
                                                                                                                                                                                   program, investment budget) is done based on
                                                                                                                                                                                   formal requests
                                                                                                                                                                                   7. Check that, where external systems are used,
                                                                                                                                                                                   reconciliation between data from the external
                                                                                                                                                                                   systems and ERP are performed on a regular
PPE        Property, plant & PPE.03    Accounting      Recording                                   PPE.03         Acquisitions - Recording                                         1. Check that CAR Form with complete                    1. Sign off of CAR Form and monthly reports by FA
           equipment and                               Ensure all property, plant & equipment                     All property, plant & equipment acquisitions are supported by supporting documents are approved by the                   Manager and Finance
           Intangibles                                 acquisitions are recorded in the                           duly approved documents (CAR, vendor invoices....) and           Financial Asset (FA) manager and submitted to
                                                       appropriate period.                                        recorded in the appropriate period according to the principle Finance
                                                                                                                  of the 3-way match (e.g. matching CAR, Invoices and fixed        2. Take samples of recorded transactions and
                                                                                                                  asset register). Special attention is given to asset-related     check that invoice data in the system match with
                                                                                                                  transactions that occur right before or right after the end of   approved supporting documents (good receipt,
                                                                                                                  an accounting period. If the 3-way match is not feasible due CAR)
                                                                                                                  to system constraints, a 2-way match should at least be          3. For selected projects, test whether the
                                                                                                                  performed (e.g. matching proof of receipt with payment)          capitalization / start of depreciation takes place as
                                                                                                                                                                                   soon as the investment is operational




                                                                                                                                                                                                                                                                                                                                                               Page 72/77                                                                                                                                                                                                                                                                                                             1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                                               PPE Cycle




                                                                                                                                                                                                                                                                                                             (Q1)             (Q2)              (Q3)              (Q4)             (Q5)              (Q6)               (Q7)            (Q8)                (Q9)             (Q10)                  (Q11)                    (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                                                                                                                                                                                                                       Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation        Evidence of     Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1             1              1                2                  2             2              2
               Cycle         Sub-       Sub-Cycle                                                     Control                                                                                          Recommended                                             Recommended                           activity relevant        why.        performed? If      comments to          control     (e.g. procedures,     Control (e.g.   (Job title and   control activity?    from 1 to 5                 5,              for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                                                   Control Objective Description                              Description of the Recommended Control Activity
             Description    Cycle ID    Description                                                  Activity ID                                                                                       Validation steps                                          Evidences                            to your entity?                       yes, how ?      control activity                    flowcharts...)     report signed       Name)               (Y/N)                                define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                                                                                                                                                                                                                                                                                                              (free text)                                                by                                                                  remediation plan.                                                                         ow)            ow)                                               ow)            ow)
                                                                                                                                                                                                                                                                                                                                                                                                                  management...)
PPE        Property, plant & PPE.03    Accounting     Recording                                     PPE.03         Statutory and Group Reporting Accounts                         1. Check that the annual reconciliation of Fixed           1. Reconciliation reviewed and approved
           equipment and                              Ensure all property, plant & equipment                       In case the company uses different                             Assets for statutory accounts and Group
           Intangibles                                acquisitions are recorded in the                             capitalisation/depreciation thresholds for statutory and group accounts is performed. Differences are solved on
                                                      appropriate period.                                          reporting accounts, fixed asset register and depreciation      a timely basis
                                                                                                                   charges for statutory and group reporting are reconciled and
                                                                                                                   reconciling items justified.

PPE        Property, plant & PPE.03    Accounting     Recording                                     PPE.03         Asset Classification                                               1. Check that the review of asset class is             1. Sign off by FA Manager on asset class review
           equipment and                              Ensure all assets are accurately                             Management reviews the classification of property, plant &         performed by FA Manager (could be performed
           Intangibles                                classified.                                                  equipment items by asset class. Identified errors are              during CAR Form review)
                                                                                                                   investigated and documented.


PPE        Property, plant & PPE.03    Accounting     Depreciation and impairment                   PPE.03         Depreciation Rates                                                 1. Check that the depreciation rates are approved 1. Print out asset register approved by FRA
           equipment and                              Ensure depreciation charges are valid.                       Depreciation rates and methods of calculation are reviewed         at acquisition by FRA                             2. Depreciation methods are reviewed and
           Intangibles                                                                                             periodically by management to ensure that they are                 2. Check that changes in the useful life and      approved annually by the accounting manager
                                                                                                                   reasonable and in accordance with generally accepted               depreciation code is reported to FRA, reviewed    3. Annual report of all assets and related
                                                                                                                   accounting principles and the Accounting Manual. Any               for accuracy and approved                         depreciation rates signed by FRA
                                                                                                                   deviation from the Accounting Manual is investigated and           3. Check that FRA review all depreciation rates
                                                                                                                   approved by management.                                            on an annual basis

PPE        Property, plant & PPE.03    Accounting     Depreciation and impairment                   PPE.03         Posting                                                            1. Check procedures for running the depreciation       1. System generated journal entries reviewed by
           equipment and                              Ensure property, plant & equipment                           All depreciation expenses are posted at least monthly to the       program, including timetable for planned posting       FRA
           Intangibles                                depreciation amounts are accurately                          General Ledger to ensure records are up to date for the            runs; use of test runs to check postings;              2. Balance sheet and income statement showing the
                                                      accounted for.                                               monthly close.                                                     monitoring of batch jobs in progress; periodic         depreciation amounts signed off by the CFO
                                                                                                                                                                                      review of postings made; listing of assets posted;
                                                                                                                                                                                      listing of manual depreciation processed;
                                                                                                                                                                                      conditions for using repeat runs or unplanned
                                                                                                                                                                                      runs; error handling and resubmission
                                                                                                                                                                                      2.The balance sheet and income statement
                                                                                                                                                                                      showing the depreciation amounts should be
                                                                                                                                                                                      reviewed and signed off by CFO on a quarterly
                                                                                                                                                                                      basis
PPE        Property, plant & PPE.03    Accounting     Depreciation and impairment                   PPE.03         Reconciliation                                               1. Review reconciliation between depreciation                1. Sign off of reconciliation by FA Manager monthly
           equipment and                              Ensure property, plant & equipment                           Accumulated depreciation and depreciation expense is         charges from sub-ledger to G/L. Check that                   and by Head FRA or Head Reporting quarterly
           Intangibles                                depreciation amounts are accurately                          reconciled from the sub ledger to the general ledger.        differences are investigated and solved
                                                      accounted for.                                               Differences are identified and investigated. Addition to
                                                                                                                   accumulated depreciation is reconciled with the depreciation
                                                                                                                   charge in the P&L.
PPE        Property, plant & PPE.03    Accounting     Depreciation and impairment                   PPE.03         Review                                                             1. Check that review is performed by financial      1. Reports reviewed and signed by financial liaisons
           equipment and                              Ensure property, plant & equipment                           The property, plant & equipment depreciation amounts are           liaisons (FRA) on a monthly basis. Critical reports and/or FRA
           Intangibles                                depreciation amounts are accurately                          reviewed by appropriate management. Actual depreciation            include: Total Depreciation; Ordinary               2.Differences solved
                                                      accounted for.                                               for a period is compared to budget or a prior period and           Depreciation; Special Depreciation: Unplanned
                                                                                                                   significant differences are investigated, explained and            Depreciation; Depreciation Comparison; Manual
                                                                                                                   resolved                                                           Depreciation
                                                                                                                                                                                      2. Check that differences are followed-up



PPE        Property, plant & PPE.03    Accounting     Depreciation and impairment                   PPE.03         Capital work in progress (CIP)                                     1. Check that CIP aging report is sent monthly to      1. Sign off by financial liaisons on CIP aging report
           equipment and                              Ensure property, plant & equipment                           Construction in progress is closely monitored to initiate          the financial liaisons
           Intangibles                                depreciation amounts are accurately                          depreciation in the correct period. Aging of construction in
                                                      accounted for.                                               progress projects is reviewed annually by management.


PPE        Property, plant & PPE.04    Safeguarding   Security                                      PPE.04         Restricted Physical Access                                         1. Observe whether fixed asset locations are           1. Restricted access procedure
           equipment and                              Ensure property, plant & equipment is                        Property, plant & equipment is located in an appropriately         secured area                                           2. Sign off by security personnel checking that
           Intangibles                                adequately safeguarded.                                      secured area, where access is restricted to authorised             2. Check that complete documentation                   required documentation accompany outgoing goods
                                                                                                                   personnel. Whenever possible, it s recommended that                accompany goods leaving the premises
                                                                                                                   security personnel monitor all incoming and outgoing               3. Assess awareness and application of Group
                                                                                                                   vehicles and ensure all goods leaving the premises are             Safety and Security Guidelines.
                                                                                                                   accompanied by duly completed documentation (e.g.,
                                                                                                                   delivery note or goods returned note).

PPE        Property, plant & PPE.04    Safeguarding   Insurance                                     PPE.04         Reporting of acquisition                                           1. Check that insurance department is informed     1. Report issued by insurance department listing all
           equipment and                              Assets are adequately insured against                        Asset acquisitions and disposals are timely reported to            about asset acquisitions or disposal. Check delay insured assets
           Intangibles                                loss.                                                        insurance department/company.                                      between acquisition/disposal and registration with
                                                                                                                                                                                      insurance


PPE        Property, plant & PPE.04    Safeguarding   Insurance                                     PPE.04         Monitoring                                                         1. Check how insurance coverage is monitored.   1. Insurance acknowledgement of receipt of
           equipment and                              Assets are adequately insured against                        Insurance coverage is monitored against carrying or market         Check that impairment review is communicated to impairment review and follow-up action list
           Intangibles                                loss.                                                        value of assets, based on the result of impairment review.         insurance department
                                                                                                                                                                                      2. Test how the market value of assets is
                                                                                                                                                                                      determined for insurance reporting purposes


PPE        Property, plant & PPE.05    Disposal       Disposal Approval                             PPE.05         Approval                                                           1. Check whether a clear asset disposal policy         1. Disposal form signed by appropriate Department
           equipment and                              Ensure all disposals are authorised by                       Changes to the status of property, plant & equipment require       exists, is up-to-date and duly approved                Head and FA Manager
           Intangibles                                appropriate personnel.                                       a form, the notice of disposal, to be signed by the                2. Check all disposals are documented with a           2. Email forwarding the disposal form to accounting
                                                                                                                   appropriate department head prior to taking action. The            duly approved notice of disposal. Check that the       3. Asset disposal policy
                                                                                                                   notice of disposal is promptly forwarded to the property,          person approving the disposal has the
                                                                                                                   plant & equipment accounting group to ensure the disposal          corresponding financial authority level
                                                                                                                   is properly accounted for and reflected in the fixed asset         3. Check that accounting received promptly the
                                                                                                                   register.                                                          disposal information (compare disposal notice
                                                                                                                                                                                      date with email date forwarding the notice to
                                                                                                                                                                                      accounting)
                                                                                                                                                                                      4. Check who sets the disposal price and selects
                                                                                                                                                                                      the buyer (e.g. employee or third party)
                                                                                                                                                                                      5. Check whether segregation of duties is
                                                                                                                                                                                      respected and whether there is any potential
                                                                                                                                                                                      conflict of interest between the disposing and
                                                                                                                                                                                      receiving parties
                                                                                                                                                                                      6. Check whether proceeds are controlled
                                                                                                                                                                                      adequately (e.g. cash)
PPE        Property, plant & PPE.05    Disposal       Disposal Approval                             PPE.05         Approval                                                           1. Check whether asset disposal requires in       1. Where relevant, additional HSE or IT signature
           equipment and                              Ensure appropriate safety/IT                                 Management ensures that assets that relate to Engineering,         addition to the signature of the Function Head,   on disposal form
           Intangibles                                authorisations are in place for disposal of                  Safety Security, or Information Technology are not                 the approval from HSE, or IT, or other department
                                                      potentially hazardous assets or assets                       jeopardized by the asset disposal.
                                                      containing confidential information.

PPE        Property, plant & PPE.05    Disposal       Recording                                     PPE.05         Calculation of Profit and Loss                                     1. Re-perform the profit or loss calculation for       1. Profit and loss calculation signed by the
           equipment and                              Ensure all property, plant & equipment                       Profit or loss upon disposal of an asset is accurately             samples of disposed assets. Check that the             employee performing the calculation and a peer (or
           Intangibles                                disposals are accurately recorded and                        calculated. Gross value and accumulated depreciation of all        amounts are correct, that the calculations are         Head FRA)
                                                      reported.                                                    fixed asset disposal entries in the G/L are captured, the profit   reviewed by a peer                                     2. Accounting Manual and Reporting duly completed
                                                                                                                   or loss upon disposal of an asset is independently reviewed,       2. Check that the profit or loss is accurately         and approved
                                                                                                                   and transactions adequately reported according to the              recorded in the G/L
                                                                                                                   Accounting Manual

PPE        Property, plant & PPE.07    Intangibles    Acquisition                                   PPE.07         Intangibles Acquisition                                            1. Check that intangibles acquisition is approved      1. Contracts duly reviewed and approved by legal
           equipment and                              Ensure proper documentation and                              Acquisitions of intangibles are made in line with the Terms of     according to Terms of Reference and group              and Division
           Intangibles                                approval/reporting procedures are in                         References and established Group Policies. Prior to                policies. Check that legal approved the contract       2. Justification of asset's existence
                                                      place relating to the acquisition of an                      acquisition, the existence and ownership of the intangible         or goodwill recognition. Check the value limit         3. Asset valuation report duly signed
                                                      intangible.                                                  asset is properly justified and documented and the valuation       2. Check that the asset exists and that its            4. Payment confirmation
                                                                                                                   methodology and outcome validated. All intangible                  valuation is validated
                                                                                                                   acquisitions are documented in contracts reviewed and              3. Check that payment is made only after full
                                                                                                                   approved by legal and Division. Payments can be made only          completion of the acquisition
                                                                                                                   after full completion of the acquisition process.
PPE        Property, plant & PPE.07    Intangibles    Recording                                     PPE.07         Asset Description                                                  1. Check that the reconciliation between         1. Reconciliation signed by finance management
           equipment and                              Ensure accurate accounting records of                        Maintain detailed accounting records for intangibles which         intangible records in sub-ledger and G/L is
           Intangibles                                intangibles are maintained.                                  include asset description, accurate determination of cost,         performed regularly, e.g. monthly, and reviewed
                                                                                                                   useful life of assets, amortisation (where relevant) and           by finance management. Differences are followed-
                                                                                                                   appropriate tax data. A reconciliation between detailed asset      up
                                                                                                                   records and General Ledger is performed on a regular basis.        2. Check that the G/L accounts and movements
                                                                                                                   Discrepancies are followed up.                                     are correctly reflected in FCRS and approved
PPE        Property, plant & PPE.07    Intangibles    Recording                                     PPE.07         Asset Classification                                         1. Check that asset class, as per Accounting                 1. Report of intangibles listing asset class reviewed
           equipment and                              Ensure all intangibles are accurately                        Management reviews the classification of intangible asset    Manual, is determined and approved before data               and signed by FRA manager
           Intangibles                                classified.                                                  class. Identified errors are investigated and documented.    entry into the system
                                                                                                                                                                                2. Check that report listing all intangibles assets
                                                                                                                                                                                with related asset class is reviewed regularly and
                                                                                                                                                                                agreed or adjustments made where differences
                                                                                                                                                                                occur
PPE        Property, plant & PPE.07    Intangibles    Accounting                                    PPE.07         Accounting                                                   1. Review and check that the accounting and                  1. Journal entries for impairment and disposal are
           equipment and                              Ensure accurate accounting of                                Ensure intangibles recognition, amortisation and disposal    reporting of intangible assets (e.g. product                 reviewed, agreed to supporting documentation and
           Intangibles                                intangibles.                                                 are properly accounted for in accordance with Accounting     dossiers, R&D compound libraries, licenses and               signed by Head FRA or other senior Finance
                                                                                                                   Manual                                                       goodwill) are in compliance with Accounting                  management
                                                                                                                                                                                Manual
                                                                                                                                                                                2. Check that treatment is agreed with Senior
                                                                                                                                                                                Finance management
PPE        Property, plant & PPE.07    Intangibles    Impairment Triggering Event                PPE.07            "Triggering" events                                          1.Check that a procedure is in place to identify             1. Procedure about "triggering" events signed off by
           equipment and                              Procedures are in place to ensure that                       Periodic meetings take place between operational, legal and and report potential "triggering" events                      BU/Divisional FRA
           Intangibles                                any event that could trigger an impairment                   finance personnel to identify potential "triggering" events. 2.Review minutes of meetings and check whether               2. Minutes of meetings
                                                      of an intangible is detected in a timely                     Procedures are in place to report "triggering" events to     the events are reported to finance according to              3. Finance acknowledgment of receipt of potential
                                                      manner.                                                      finance personnel and to evaluate such events.               the process defined in the procedure                         "triggering" events report
                                                                                                                   Divisional/BU FRA is involved for significant amounts.       3.Check whether Divisional/BU FRA has been                   4. For significant amount, signature of Divisional/BU
                                                                                                                                                                                involved where required to                                   FRA on potential "triggering" events report

PPE        Property, plant & PPE.07    Intangibles    Impairment Tests                         PPE.07              Impairment Tests                                                   1. Check that all intangibles noted in the financial   1. Copies of the pertinent pages from the file
           equipment and                              Impairment tests are carried out by                          Impairment tests are reviewed (assumptions, methodology,           reports are included in the impairment review          documentation to evidence all intangible assets on
           Intangibles                                appropriate and qualified personnel and                      etc.) and approved by senior finance personnel. Impairment         2. Check the documentation supporting the              the financial statements were reviewed for
                                                      are approved and properly accounted for.                     tests conclusions are reconciled to operating plans, budgets       conclusions of the impairment reviews includes         impairment
                                                                                                                   or historical results.                                             calculations with analysis, models, forecast,          2. Relevant documentation to support conclusions
                                                                                                                                                                                      projections etc.                                       of impairment reviews
                                                                                                                                                                                      3. Check that review and approvals of the              3.Sign off of the Head FRA on impairment reviews
                                                                                                                                                                                      documentation, including any required journal
                                                                                                                                                                                      entries by senior financial management (Head
                                                                                                                                                                                      FRA) is evidenced




                                                                                                                                                                                                                                                                                                                                                                Page 73/77                                                                                                                                                                                                                                                                                                             1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                                    PAY Cycle




                                                                                                                         Control Matrix                                                                                                                                                                                                                                  Assessment                                                                                                                   Remediation                                                                                             Testing
                                                                                                                                                                                                                                                                                                 (Q1)             (Q2)              (Q3)              (Q4)             (Q5)              (Q6)               (Q7)            (Q8)                (Q9)             (Q10)                  (Q11)                    (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                              Control                                                                                                                                                                                      Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation        Evidence of     Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1             1              1                2                  2             2              2
               Cycle        Sub-       Sub-Cycle                                                                                                                                         Recommended                                             Recommended                             activity relevant        why.        performed? If      comments to          control     (e.g. procedures,     Control (e.g.   (Job title and   control activity?    from 1 to 5                 5,              for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                                                   Control Objective Description      Activity      Description of the Recommended Control Activity
             Description   Cycle ID    Description                                                                                                                                       Validation steps                                          Evidences                              to your entity?                       yes, how ?      control activity                    flowcharts...)     report signed       Name)               (Y/N)                                define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                                                ID
                                                                                                                                                                                                                                                                                                                                                  (free text)                                                by                                                                  remediation plan.                                                                         ow)            ow)                                               ow)            ow)
                                                                                                                                                                                                                                                                                                                                                                                                      management...)
PAY        Payroll         PAY.01     Segregation Segregation of Duties/Access Rights         PAY.01     Segregation of Duties                                            1. Review SoD matrix with updated job              1. Procedures (e.g. User Authorization Management)
                                      of Duties/    Appropriate segregation of duties is in              Segregation of Duties are properly defined between the           descriptions and system access                     approved by management
                                      Configuration place with corresponding system access               functions responsible for e.g.: 1) Maintaining payroll master    2. Check that mitigating controls are identified   2. Job descriptions
                                                    rights.                                              files/personnel records; 2) authorisation of payroll changes;    and described                                      3. Organisation chart
                                                                                                         3) processing the payroll; 4) disbursing payroll; 5) recording   3. Validate adequacy of compensating controls      4. Access to system inline with job description
                                                                                                         payroll disbursement; 6) posting onto general ledger; 7)                                                            5. SoD matrix including mitigating controls
                                                                                                         performing reconciliations. In the absence of proper                                                                6. User Access Rights Report approved by management
                                                                                                         segregation of duties, compensating controls are established
                                                                                                         and documented.
PAY        Payroll         PAY.01     Segregation Segregation of Duties/Access Rights         PAY.01     Access Rights - Manage & Review                                  1. Review user access rights (ERP Reports)         1. Procedures (e.g. User Authorization Management)
                                      of Duties/    Appropriate segregation of duties is in              The access rights in the system are managed and regularly        and alignment with job profiles                    approved by management
                                      Configuration place with corresponding system access               reviewed by management. The review is documented and             2. Review procedure on User Authorization          2. SoD matrix including mitigating controls
                                                    rights.                                              any unauthorised access rights are corrected in the system.      Management                                         3. Access right authorisation forms signed
                                                                                                                                                                          3. Review SoD matrix with updated job              4. Regularly reviewed user profile report
                                                                                                                                                                          descriptions and system access                     5. User Access Rights Report approved by management
                                                                                                                                                                          4. Review of role profile report from ERP
                                                                                                                                                                          systems

PAY        Payroll         PAY.01     Segregation Segregation of Duties/Access Rights         PAY.01     Access Rights - Authorise Payments including Cheques             1. Review procedure on User Authorization          1. Procedures approved by management
                                      of Duties/    Appropriate segregation of duties is in              Access to authorise payment (including cheques) is               Management                                         2. Evidence of ERP system configuration
                                      Configuration place with corresponding system access               restricted through password and authorization controls. The      2. Review ERP system configuration                 3. User Access Rights Reports for authorising payments,
                                                    rights.                                              access rights in the system are regularly reviewed and any                                                          approved by management
                                                                                                         unauthorised access is promptly corrected.

PAY        Payroll         PAY.01     Segregation Payroll Master Data                         PAY.01     Payroll Master Data                                           1. Review procedure covering payroll master           1. Procedures approved by management and aligned with
                                      of Duties/    Changes related to Compensation and                  A procedure is established to ensure that all changes related data management                                       Group/divisional policies
                                      Configuration Benefits activities are updated in the               to the Compensation & Benefits policy and activities (e.g.    2. Ensure Payroll Master Data file configuration      2. Approved changes to Payroll Master Data files and
                                                    payroll system parameters in a timely                new hires & terminating employees, salary changes etc.) are is reflected in the system                              configuration settings
                                                    manner.                                              promptly identified and implemented in the systems.                                                                 3. Payroll Systems Update Checklist is approved
                                                                                                         Responsibilities and approval flow are identified.

PAY        Payroll         PAY.01     Segregation Payroll Master Data                         PAY.01     Review and Approval of Changes                                   1. Review change management procedures             1. Procedures approved by management and aligned with
                                      of Duties/    Integrity of master file data and                    All changes (including overrides) to master files are            defining the Payroll Master Data file and check    Group/divisional policies
                                      Configuration configuration parameters are ensured,                documented and approved by management. Exceptions                alignment with Group/divisional policies           2. Approved forms for creating/changing/deleting Payroll
                                                    authorizations are required for all                  reports of changes (including overrides) to master files are     2. Review the Payroll Master Data file             Master Data file configuration settings
                                                    changes.                                             automatically produced and are reviewed by management            configuration and ensure it is reflected in the    3. Evidence of follow-up of errors of key data fields
                                                                                                         against the authorised change forms.                             system                                             4. Approved exception report of changes
                                                                                                                                                                          3. Review monthly report on key data fields and
                                                                                                                                                                          check accuracy

PAY        Payroll         PAY.01     Segregation Payroll Master Data                         PAY.01     Blocked Status after Termination                           1. Review procedures ensuring that, after                1. Procedures ensuring that, after termination, employee
                                      of Duties/    Employees in the payroll system are in               After termination, any unblocked employee accounts must be termination, employee accounts are blocked in            accounts are blocked in the systems
                                      Configuration block status after termination.                      evidenced and authorised.                                  the systems                                              2. Authorization procedures for allowing employee
                                                                                                                                                                    2. Review authorization procedures for allowing          accounts to be unblocked in the systems after termination
                                                                                                                                                                    employee accounts to be unblocked in the
                                                                                                                                                                    systems after termination

PAY        Payroll         PAY.01     Segregation Payroll Master Data                        PAY.01      Reconciliation of Salary Database with Payroll System            1. Review procedures approved by                   1. Procedures approved by management
                                      of Duties/    Ensure complete and accurate transfer of             Where applicable, a reconciliation between the salary            management                                         2. General configuration of the system documentation and
                                      Configuration payroll information through interfaces.              database and the payroll system is regularly performed to        2. Review configuration settings to ensure         comparison between the configuration of the system and
                                                                                                         verify the accuracy of data input to the system. Management      correct data input into the system                 established procedures
                                                                                                         reviews and approves the reconciliation. Discrepancies are       3. Review monthly report and reconciliation of     3. The reporting results are available in the third-party
                                                                                                         investigated and corrected on a timely manner.                   key data fields and check accuracy                 system and reviewed by management
                                                                                                                                                                                                                             4. Approved reconciliation with appropriate actioning of
                                                                                                                                                                                                                             open issues
PAY        Payroll         PAY.01     Segregation Employees Master Data                       PAY.01     Employees Master Data - Review of Current Employees         1. Review procedures approved by                        1. Procedures approved by management
                                      of Duties/    Ensure completeness and accuracy of                  Departmental managers regularly review listings of current  management                                              2. Monthly list of changes to Employee Master Data key
                                      Configuration employees master data.                               employees within their departments and inform the personnel 2. Review monthly list of current employees and         fields reviewed by management
                                                                                                         department of necessary changes.                            check all key data fields                               3. Follow-up actions in case corrections are needed
                                                                                                                                                                     3. Review the correction of key data fields             4. Monthly approved list of current employees


PAY        Payroll         PAY.01     Segregation Employees Master Data                       PAY.01     Non-Salary Data                                                  1. Review procedures approved by                   1. Procedures approved by management
                                      of Duties/    Changes to non-salary data are duly                  Changes to non-salary data are supported by authorised           management                                         2. Documented changes to non-salary data
                                      Configuration authorised.                                          documentation. A report with all changes to non-salary data      2. Ensure that the correctness of all non-salary   3. Change report and associated reconciliation
                                                                                                         is produced and independently reconciled for each payroll        data are under the responsibility of the
                                                                                                         run. The reconciliation is adequately retained.                  employee

PAY        Payroll         PAY.01     Segregation Employees Master Data                       PAY.01     Salary data                                                      1. Review procedures approved by                   1. Procedures approved by management
                                      of Duties/    Changes to salary data are duly                      Changes to salary data are supported by authorised               management                                         2. Documentation on changes to salary data reviewed and
                                      Configuration authorised.                                          documentation. A report with all changes to salary data is       2. Ensure all changes to salary data are           approved
                                                                                                         produced and independently reconciled for each payroll run.      documented, reviewed and approved                  3. Evidence of quality checks before payroll runs
                                                                                                         The reconciliation is adequately retained.                       3. Ensure data quality checks are performed        4. Change report and associated reconciliation
                                                                                                                                                                          before each payroll run
PAY        Payroll         PAY.01     Segregation Document Retention                          PAY.01     Document Retention                                               1. Review procedures defining the conditions       1. Procedures approved by management aligned with
                                      of Duties/    Retention policy is in place.                        An established Document Retention and Archiving Policy is        related to document retention, check alignment     Group/divisional policies and legal requirements
                                      Configuration                                                      in place for payroll documentation having regard to local        with Group/divisional policies and legal           2. Documented document retention of active and inactive
                                                                                                         statutory and Group requirements. There are effective            requirements                                       associates in accordance with Group/divisional policies
                                                                                                         physical controls around documents, e.g. suitable storage                                                           and legal requirements
                                                                                                         facility.

PAY        Payroll         PAY.01     Segregation Document Retention                          PAY.01     Data Retention                                                   1. Review procedures defining the conditions       1. Procedures approved by management aligned with
                                      of Duties/    Retention policy is in place.                        A Data Retention and Archiving Policy is in place for payroll    related to document retention, check alignment     Group/divisional policies and legal requirements
                                      Configuration                                                      related data, including related data in Personnel systems.       with Group/divisional policies and legal           2. Documented document retention of active and inactive
                                                                                                                                                                          requirements                                       associates in accordance with Group/divisional policies
                                                                                                                                                                                                                             and legal requirements

PAY        Payroll         PAY.01     Segregation Protection Sensitive Information            PAY.01     Protection Sensitive Data                                        1. Review procedures defining the conditions       1. Procedures approved by management aligned with
                                      of Duties/    Protection of sensitive information is               A policy is in place according to which sensitive data is        related to document retention, check alignment     Group/divisional policies and legal requirements
                                      Configuration ensured.                                             classified and properly protected (incl. physical security).     with Group/divisional policies and legal
                                                                                                                                                                          requirements

PAY        Payroll         PAY.01     Segregation Protection Sensitive Information            PAY.01     Compliance with Privacy Laws                                 1. Review procedures defining the conditions           1. Procedures approved by management aligned with
                                      of Duties/    Protection of sensitive information is               Employee personal information is protected in collection,    related to document retention, check alignment         Group/divisional policies and legal requirements
                                      Configuration ensured.                                             storage and dissemination in full compliance with pertinent  with Group/divisional policies and legal               2. Documented attendance of privacy training
                                                                                                         privacy laws. Those handling this information are adequately requirements                                           3. Documented management monitoring
                                                                                                         trained in these requirements and their compliance regularly
                                                                                                         monitored by management.

PAY        Payroll         PAY.02     Compensatio Compensation & Benefits Policies            PAY.02     Policies                                                         1. Review procedures related to Compensation       1. Procedures approved by management and aligned with
                                      n & Benefits Local Compensation & Benefits policies                Policies related to hiring, promotion, vacation, insurance,      and Benefits and check alignment with              Group/divisional policies
                                                   are defined by Human Resource                         fringe benefits, transfer, termination, etc. of employees are    Group/Divisional policies
                                                   department in accordance with local                   established. Human Resource management is responsible
                                                   Terms of Reference and with global                    for defining criteria and procedures in order to implement
                                                   policies.                                             these policies and to ensure compliance with them and with
                                                                                                         the local Terms of Reference. Finance department is
                                                                                                         involved to ensure proper fiscal/tax accounting treatment.

PAY        Payroll         PAY.02     Compensatio Compensation & Benefit Policies             PAY.02     Compensation Elements Authorisation                              1. Review procedures related to Compensation       1. Procedures approved by management and aligned with
                                      n & Benefits Compensation elements are authorised                  All compensation elements (including fringe benefits) are        and Benefits and check alignment with              Group/divisional policies (Compensation Guide on HR
                                                   and in line with compensation policy.                 authorised and in line with compensation policy and with         Group/Divisional policies                          manual and C&B matrix)
                                                                                                         local Terms of Reference. Management periodically reviews        2. Ensure compensation proposals not in line       2. Reviewed reports on Compensation and Benefits and
                                                                                                         compliance.                                                      with the procedures are authorized by              follow up actions
                                                                                                                                                                          management according to the Policies and SLA
                                                                                                                                                                          3. Ensure Compensation and Benefits reports
                                                                                                                                                                          are being performed and reviewed on a regular
                                                                                                                                                                          basis


PAY        Payroll         PAY.02     Compensatio Tax and Legislative Requirements            PAY.02     Tax and Legislative Requirements                                 1. Ensure procedures are in place to identify      1. Procedures approved by management and aligned with
                                      n & Benefits Tax and Legislative Requirements                      Procedures are in place to identify changes in legislation to    changes in the legislation                         Tax and Legislative requirements
                                                   changes are implemented.                              ensure that the company compensation policy (and related                                                            2. Evidence that the company compensation policy is
                                                                                                         calculation of individual gross and net pay) is updated                                                             updated in case of changes in tax and legislation
                                                                                                         accordingly.

PAY        Payroll         PAY.02     Compensatio Medium-Long Term Employee Benefits          PAY.02     Policies                                                    1. Review procedures related to the medium-             1. Procedures approved by management and aligned with
                                      n & Benefits Medium-long term employee benefits are                Policies related to the medium-long term employee benefits  long term employee benefits and check                   Group/divisional policies
                                                   managed by the Human Resource                         (e.g. stock appreciation rights, stock options, pension     alignment with Group/divisional policies
                                                   Department in accordance with global                  schemes, medical plans, etc.) are established and approved,
                                                   policies.                                             in accordance with global policies. Human Resource
                                                                                                         management is responsible for defining criteria and
                                                                                                         procedures in order to implement the policies and to ensure
                                                                                                         compliance with them. Finance department is constantly
                                                                                                         involved to ensure proper fiscal/tax accounting treatment.


PAY        Payroll         PAY.02     Compensatio Medium-long term employee benefits          PAY.02     Authorisation                                                    1. Review procedures approving medium-long      1. Procedures approved by management and aligned with
                                      n & Benefits Medium-long term individual benefits are              All medium-long term individual benefits are authorised          term individual benefits and check alignment    Group/divisional policies
                                                   authorised according to the local Terms               according to the local SAL. Management periodically reviews      with Group/divisional policies                  2. Reviewed list of beneficiaries with evidence of
                                                   of Reference and approved corporate                   the list of beneficiaries to ensure correctness and              2. Review list of beneficiaries and check       correctness and alignment with Group/divisional policies
                                                   policies.                                             compliance with the global and local policies.                   correctness and alignment with Group/divisional
                                                                                                                                                                          policies

PAY        Payroll         PAY.02     Compensatio Executive Compensation                 PAY.02          Executive Compensation                                           1. Review procedures check alignment with          Payments in this ammount are not made in Brazil.
                                      n & Benefits Compensations for Corporate Executive                 The remuneration for members of the Group Executive              Group/divisional policies
                                                   Group (CEG) and non-CEG members are                   Committee, global and other key executives of the Company        2. Ensure procedures are aligned with
                                                   in line with corporate guidelines.                    with a yearly compensation in excess of USD 1 million is         Group/divisional policies
                                                                                                         approved by the Compensation Committee. Compensation
                                                                                                         for non-CEG employees is in line with Corporate
                                                                                                         Compensation Guideline. Management periodically reviews
                                                                                                         compliance.

PAY        Payroll         PAY.02     Compensatio Loans and Advances                          PAY.02     Policies                                                     1. Review procedures covering advances and             1. Procedures covering advances and loans conditions
                                      n & Benefits Conditions of loans and advances are in               Advances and loans conditions (e.g. granting criteria,       loans conditions                                       approved by management
                                                   place.                                                interest rates, installments, authorization level, etc.) are 2. Ensure deviations to the policy are identified,     2. List of deviations and follow up actions
                                                                                                         defined in an approved policy. Compliance is regularly       approved and aligned with legal requirements
                                                                                                         monitored by management. Deviations are formally approved
                                                                                                         and in line with policies. Disclosure of loans is made in
                                                                                                         accordance with local legal requirements.
PAY        Payroll         PAY.02     Compensatio Loans and Advances                          PAY.02     Authorisation                                                    1. Review procedures ensuring loans and            1. Procedures covering loans and advances approved by
                                      n & Benefits Loans and advances are authorised in                  Loans and advances are properly authorised before                advances are properly authorised before            management
                                                   accordance with local SLA                             payment.                                                         payments                                           2. Approved loans and advances



PAY        Payroll         PAY.02     Compensatio Loans and Advances                          PAY.02     Accounting                                                       1. Review procedures on loans and advances         1. Procedures covering loans and advances approved by
                                      n & Benefits Loans and advances are properly                       Loans and advances are registered in a separate general          2. Review configuration of the system for          management
                                                   accounted for.                                        ledger account and controlled by a separate detailed sub-        advances                                           2. Configuration of the system for advances
                                                                                                         ledger.                                                          3. Review list of all new loans and ensure it is   3. List of all new loans with deviations and follow up
                                                                                                                                                                          accurate. Check that all loans are simulated in    actions
                                                                                                                                                                          the system prior to the payroll run and ensure
                                                                                                                                                                          deviations are tracked

PAY        Payroll         PAY.02     Compensatio Fringe Benefits                             PAY.02     Fringe Benefits                                                  1. Review procedures defining conditions           1. Procedures covering conditions related to fringe
                                      n & Benefits Fringe benefits are duly accounted for.               Fringe benefits are regularly assessed together with tax         related to fringe benefits                         benefits approved by management
                                                                                                         expert to ensure proper fiscal/tax and accounting treatment.     2. Ensure payroll checks are performed to          2. List of payroll checks and follow up actions
                                                                                                                                                                          assure that fiscal or tax elements are timely      3. Tax expert approval of accounting treatment or SOP
                                                                                                                                                                          identified for separate treatment                  including accounting treatment

PAY        Payroll         PAY.02     Compensatio Share-Based Compensation                    PAY.02     Granting                                                         1. Review procedure covering share-based           1. Procedures approved by management and aligned with
                                      n & Benefits Share-based compensation is properly                  Management ensures that share-based compensations are            compensation and ensure it is aligned with         Company policies
                                                   authorised and documented.                            only granted in accordance with Company policies. All            Companypolicies
                                                                                                         relevant information should be kept in a masterfile which is
                                                                                                         only updated once proper approval and documentation from
                                                                                                         HR and General Management is available.
PAY        Payroll         PAY.02     Compensatio Share-Based Compensation                    PAY.02     Masterfile                                                       1. Review procedure covering share-based           1. Procedures approved by management and aligned with
                                      n & Benefits Share-based compensation is properly                  Management reviews the master file quarterly to ensure           compensation and ensure it is aligned with         Company policies
                                                   authorised and documented.                            correctness and accuracy of data in masterfile for proper        Company policies
                                                                                                         financial reporting.


PAY        Payroll         PAY.02     Compensatio Share-Based Compensation                    PAY.02     Accuracy                                                     1. Review procedure covering share-based               1. Procedures approved by management and aligned with
                                      n & Benefits Financial reporting for share-based                   Management ensures correctness and accuracy of share         compensation and ensure it is aligned with             Company policies
                                                   compensation is complete and accurate.                based compensation by reflecting latest information, e.g.    Company policies
                                                                                                         proposal list, approved proposal or grant. Received invoices
                                                                                                         are compared with masterfile. Deviations are followed up.
                                                                                                         (Usually ensured by regular communication between HR and
                                                                                                         Finance).




                                                                                                                                                                                                                                                                                                                                                     Page 74/77                                                                                                                                                                                                                                                                                                             1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                                          PAY Cycle




                                                                                                                                                                                                                                                                                                       (Q1)             (Q2)              (Q3)              (Q4)             (Q5)              (Q6)               (Q7)            (Q8)                (Q9)             (Q10)                  (Q11)                    (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                                Control                                                                                                                                                                                          Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation        Evidence of     Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1             1              1                2                  2             2              2
               Cycle        Sub-       Sub-Cycle                                                                                                                                            Recommended                                              Recommended                               activity relevant        why.        performed? If      comments to          control     (e.g. procedures,     Control (e.g.   (Job title and   control activity?    from 1 to 5                 5,              for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                                                  Control Objective Description         Activity      Description of the Recommended Control Activity
             Description   Cycle ID    Description                                                                                                                                          Validation steps                                           Evidences                                to your entity?                       yes, how ?      control activity                    flowcharts...)     report signed       Name)               (Y/N)                                define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                                                  ID
                                                                                                                                                                                                                                                                                                                                                        (free text)                                                by                                                                  remediation plan.                                                                         ow)            ow)                                               ow)            ow)
                                                                                                                                                                                                                                                                                                                                                                                                            management...)
PAY        Payroll         PAY.02     Compensatio Share-Based Compensation                     PAY.02      Reporting                                                     1. Review procedure covering share-based               1. Procedures approved by management and aligned with
                                      n & Benefits Financial reporting for share-based                     Management ensures that share-based compensation from compensation and ensure it is aligned with                     Company policies
                                                   compensation is complete and accurate.                  grant to exercise is properly reported in the financial       Comapany policies
                                                                                                           statements, in line with the Accounting Manual, in the income
                                                                                                           statement, balance sheet and cash-flow statements.


PAY        Payroll         PAY.02     Compensatio Share-Based Compensation                     PAY.02      Compliance                                                       1. Review procedure covering share-based            1. Procedures approved by management and aligned with
                                      n & Benefits Financial reporting for share-based                     The payroll process relating to Share-based compensation         compensation and ensure it is aligned with          Company policies and legal requirements
                                                   compensation is complete and accurate.                  ensures that all local laws and regulations, including those     Company policies and legal requirements
                                                                                                           relating to deferred taxes, social security, pensions, transfers
                                                                                                           etc. are fully complied with. Management reviews the
                                                                                                           process periodically
PAY        Payroll         PAY.02     Compensatio Pensions & Defined Benefits                  PAY.02      Benefits pension liability                                        1. Review procedures and check alignment with 1. Procedures approved by management and aligned with
                                      n & Benefits Pensions and benefits are reasonable.                   Ensure Defined Benefits pension liability and expenses are        Group/Divisional Pension Fund policies        Group/Divisional Pension Fund policies
                                                                                                           reasonable.                                                       2. Ensure account reconciliation is performed 2. Approved account reconciliation
                                                                                                                                                                                                                           3. Reconciliation to third party actuarial determination

PAY        Payroll         PAY.02     Compensatio Pensions & Defined Benefits                  PAY.02      Controls of pension liability                                     1. Review procedures and check alignment with 1. Procedures approved by management and aligned with
                                      n & Benefits Pensions and benefits are reasonable.                   There are controls in place to ensure that employee and           Group/Divisional Pension Fund policies           Group/Divisional Pension Fund policies
                                                                                                           retiree census data maintained by third parties are correct.      2. Ensure reconciliation of employee and retiree 2. Approved reconciliation of employee and retiree census
                                                                                                                                                                             census data maintained by third parties is       data maintained by third parties
                                                                                                                                                                             performed

PAY        Payroll         PAY.02     Compensatio Pensions & Defined Benefits                  PAY.02      Retirement liabilities                                        1. Review procedures and check alignment with 1. Procedures approved by management and aligned with
                                      n & Benefits Pensions and benefits are reasonable.                   Ensure defined contribution retirement liability and expenses Group/Divisional Pension Fund policies        Group/Divisional Pension Fund policies
                                                                                                           are reasonable.                                               2. Review reconciliation of external provider 2. Approved reconciliation of external provider data
                                                                                                                                                                         data against internal payroll records         against internal payroll records

PAY        Payroll         PAY.02     Compensatio Pensions & Defined Benefits                  PAY.02      Controls of retirement liabilities                                1. Review procedures and check alignment with 1. Procedures approved by management and aligned with
                                      n & Benefits Pensions and benefits are reasonable.                   There are controls in place to ensure that employee and           Group/Divisional Pension Fund policies        Group/Divisional Pension Fund policies
                                                                                                           retiree census data maintained by third parties are correct.      2. Review reconciliation of external provider 2. Approved reconciliation of external provider data
                                                                                                                                                                             data against internal payroll records         against internal payroll records

PAY        Payroll         PAY.02     Compensatio Stock Options                                PAY.02      Stock Options liabilities                                         1. Review procedures and check alignment with 1. Procedures approved by management and aligned with
                                      n & Benefits Stock Options are approved and                          Ensure stock option (options & restricted stock) liability and    Group/Divisional Pension Fund policies            Group/Divisional Pension Fund policies
                                                   reasonable.                                             expenses are approved and reasonable.                             2. Review reconciliation of either third party or 2. Approved reconciliation of either third party or shared
                                                                                                                                                                             shared service provider data with internal        service provider with internal records
                                                                                                                                                                             records

PAY        Payroll         PAY.02     Compensatio Stock Options                                PAY.02      Stock Options controls                                            1. Review procedures and check alignment with 1. Procedures approved by management and aligned with
                                      n & Benefits Stock Options are approved and                          There are controls in place to ensure that the employee           Group/Divisional Pension Fund policies           Group/Divisional Pension Fund policies
                                                   reasonable.                                             stock option (options & restricted stock) information             2. Review reconciliation of third party provider 2. Approved reconciliation of third party provider data with
                                                                                                           maintained by third parties is correct.                           data with internal records                       internal records


PAY        Payroll         PAY.02     Compensatio Deferred Compensation                   PAY.02           Deferred Compensation                                             1. Review procedures and check alignment with 1. Procedures approved by management and aligned with
                                      n & Benefits Deferred Compensations are reasonable.                  Ensure Deferred Compensation liability and expenses are           Group/Divisional Pension Fund policies           Group/Divisional Pension Fund policies
                                                                                                           reasonable.                                                       2. Review reconciliation of third party provider 2. Approved reconciliation of third party provider data with
                                                                                                                                                                             data with internal records                       internal records

PAY        Payroll         PAY.02     Compensatio Deferred Compensation                   PAY.02           Deferred Compensation controls                                    1. Review procedures and check alignment with      1. Procedures approved by management and aligned with
                                      n & Benefits Deferred Compensations are reasonable.                  There are controls in place to ensure that the employee           Group/Divisional Pension Fund policies             Group/Divisional Pension Fund policies
                                                                                                           Deferred Compensation plan maintained by third parties is         2. Review reconciliation of third party provider   2. Approved reconciliation of third party provider data with
                                                                                                           correct.                                                          data with internal records                         internal records

PAY        Payroll         PAY.03     Payroll        Time and Attendance Data                  PAY.03      Input                                                      1. Review procedures approved by                          1. Procedures approved by management
                                      Process        Ensure time and attendance data                       Where applicable time recording methodology is designed to management                                                2. Configuration of the system
                                                     recorded reflects actual time worked.                 ensure that staff employees may only input time and        2. Review the configuration of the system
                                                                                                           attendance information for themselves.                     ensuring that the input of attendance
                                                                                                                                                                      information can only be performed by the
                                                                                                                                                                      employees themselves

PAY        Payroll         PAY.03     Payroll        Time and Attendance Data                  PAY.03      Approval                                                          1. Review procedures approved by                   1. Procedures approved by management
                                      Process        Time and attendance data are approved.                Time recording information including overtime and paid            management                                         2. Evidence of regularly reviews by management of time
                                                                                                           absences (sickness, holidays and business travel) is              2. Check whether management regularly              recording information and follow up actions
                                                                                                           approved by line management.                                      reviews and approves the time recording
                                                                                                                                                                             information

PAY        Payroll         PAY.03     Payroll        Time and Attendance Data                   PAY.03     Processing                                                    1. Review procedures approved by                       1. Procedures approved by management
                                      Process        Only authorised time recording entries are            Only the entries authorised by the line manager are           management                                             2. Evidence of regularly reviews by management of time
                                                     processed.                                            transferred from timekeeping to payroll system. Where this is 2. Check whether management regularly                  recording information and follow up actions
                                                                                                           not applicable compensating controls have to be in place.     reviews and approves the time recording
                                                                                                                                                                         information


PAY        Payroll         PAY.03     Payroll        Variable Salary Components                PAY.03      Approval                                                          1. Review procedures approved by                   1. Procedures approved by management aligned with
                                      Process        Variable salary components are properly               An independent manager reviews proper approval of                 management aligned with Group/Divisional           Group/Divisional policies
                                                     approved.                                             variable salary components, e.g. hourly salaries, overtime,       policies                                           2. List of management approval of variable salary
                                                                                                           bonuses and incentives, commissions and allowances,               2. Review list of management approval of           components and follow up actions in case of errors
                                                                                                           before release for processing. Compensation manager               variable salary components and alignment with
                                                                                                           regularly reconciles variable salary components with the          current internal policies
                                                                                                           approved forms.                                                   3. Check if errors exist and review follow up
                                                                                                                                                                             actions
PAY        Payroll         PAY.03     Payroll        Payroll Calculation                       PAY.03      Management Review                                                 1. Review procedures approved by                   1. Procedures approved by management aligned with
                                      Process        Ensure payroll items are correctly                    Management reviews the payroll process to ensure                  management aligned with Group/Divisional           Group/Divisional policies
                                                     calculated.                                           employee rates of pay, benefits, bonuses, overtime, leave         policies                                           2. List of management approval of variable salary
                                                                                                           and tax deductions, Medicare, unemployment insurance,             2. Review list of management approval of           components and follow up actions in case of errors
                                                                                                           social security and other deductions are accurately and           variable salary components and alignment with
                                                                                                           completely captured.                                              current internal policies
                                                                                                                                                                             3. Check if errors exist and review follow up
                                                                                                                                                                             actions

PAY        Payroll         PAY.03     Payroll        Payroll Calculation                       PAY.03      Payroll Reconciliation                                            1. Review procedures including business rules      1. Procedures approved by management
                                      Process        Ensure payroll items are correctly                    An independent manager performs reconciliation at each            for review (e.g. periodicity, deviation            2. Supporting documentation of the management
                                                     calculated.                                           payroll run, e.g. 1) a reconciliation of number of employees      percentage) approved by management                 approved payroll reconciliation and evidence of follow-up
                                                                                                           with master data, 2) Fixed gross salary totals are reconciled     2. Review monthly report and reconciliation of     of deviations
                                                                                                           to previous run. Management reviews and approves the              key data fields and review follow up actions
                                                                                                           reconciliation and the amendments from previous run.
                                                                                                           Evidence of this review is retained.

PAY        Payroll         PAY.03     Payroll        Payroll Accounting                        PAY.03      Reconciliation G/L with sub-ledger                                1. Review procedures approved by                   1. Procedures approved by management
                                      Process        Payroll data is properly recorded in                  A monthly reconciliation between the general ledger and the       management                                         2. Supporting documentation of the management
                                                     General Ledger.                                       payroll sub-ledgers is performed. Management reviews and          2. Check that the journal entries parked in the    approved payroll reconciliation and evidence of follow-up
                                                                                                           approves the reconciliation.                                      system are reviewed and approved                   of deviations
                                                                                                                                                                             3. Ensure reconciliations are performed
                                                                                                                                                                             between the general ledger and payroll sub-
                                                                                                                                                                             ledgers and deviations documented

PAY        Payroll         PAY.03     Payroll        Payroll Accounting                        PAY.03      Accruals                                                          1. Review procedures approved by                   1. Procedures approved by management
                                      Process        Payroll data is properly recorded in                  Period-end accruals are regularly made based on payroll           management                                         2. Supporting documentation of management approved
                                                     General Ledger.                                       information (holiday pay, overtime, social security, medium-      2. Ensure period-end accruals are regularly        period-end accruals and evidence of follow-up of
                                                                                                           long term benefits, retirement and taxes). The accruals are       made based on payroll information and check        deviations
                                                                                                           reviewed and approved by the payroll management and sent          for accuracy
                                                                                                           to Finance for posting.

PAY        Payroll         PAY.03     Payroll        Payroll Processing by Third party           PAY.03    Contract                                                          1. Review contracts with external suppliers,       1. Procedures approved by management
                                      Process        Contract is in place for payroll processing           Contract should include confidentiality and Key Performance       ensuring KPIs are included, and check that they    2. Contracts or agreements with external suppliers
                                                     by a third party in accordance with legal             Indicators, including the right to audit. There are controls in   are up-to-date (including right to audit)          including KPIs
                                                     policies/SLA.                                         place to ensure that the third party human resource and           2. Review vendors performance and check if         3. Vendor KPIs report
                                                                                                           benefits service providers have the necessary internal            the KPIs are according to the defined conditions   4. KPI deviation list, documented complaints and follow-up
                                                                                                           controls in place.                                                (e.g. vendors evaluation forms)                    action
                                                                                                                                                                             3. Analyse eventual deviation and check if they    5. Vendor evaluation forms
                                                                                                                                                                             are monitored by management

PAY        Payroll         PAY.03     Payroll        Payroll Processing by Third party         PAY.03      Review                                                            1. Review contracts with external suppliers,       1. Procedures approved by management
                                      Process        Ensure payroll items are correctly                    Management reviews the payroll process performed by third         ensuring KPIs are included, and check that they    2. Contracts or agreements with external suppliers
                                                     calculated.                                           party to ensure employee rates of pay, benefits, bonuses,         are up-to-date (including right to audit)          including KPIs
                                                                                                           overtime, leave and tax deductions, Medicare,                     2. Review vendors performance and check if         3. Vendor KPIs report
                                                                                                           unemployment insurance, social security and other                 the KPIs are according to the defined conditions   4. KPI deviation list, documented complaints and follow-up
                                                                                                           deductions are accurately and completely captured.                (e.g. vendors evaluation forms)                    action
                                                                                                                                                                             3. Analyse eventual deviation and check if they    5. Vendor evaluation forms
                                                                                                                                                                             are monitored by management

PAY        Payroll         PAY.03     Payroll        Payroll Processing by Third party           PAY.03    Data transfer                                                     1. Check that a procedure covering the             1. Procedures approved by management and aligned with
                                      Process        Data integrity is ensured for data transfer           IT and business process control procedures exist to ensure        completeness of data transfer exist and ensure     Group/divisional guidelines
                                                     with outside providers in accordance with             integrity (completeness, correctness, accuracy) of data           procedure is aligned with Group/divisional         2. Results of the comparison between the information
                                                     local data protection laws.                           transfer with the outside payroll providers.                      guidelines                                         defined in the system and the information that was sent to
                                                                                                                                                                             2 Review data transfer and check alignment         the outside payroll providers
                                                                                                                                                                             with the supporting documentation

PAY        Payroll         PAY.03     Payroll        Monitoring of Salary Costs                PAY.03      Monitoring of Salary Costs                                        1. Review procedures approved by                   1. Procedures approved by management
                                      Process        Management regularly monitor salary                   Cost centre owners analyze monthly reports on fixed and           management                                         2. Analysis of the reasonableness of the fix and variable
                                                     costs.                                                variable salary costs to assess reasonableness.                   2. Ensure reasonableness of the fix and            salary costs elements
                                                                                                                                                                             variable salary costs elements                     3. Month end check list
                                                                                                                                                                             3. Review month end check list

PAY        Payroll         PAY.03     Payroll        Reporting of Payroll Information          PAY.03      Reporting of Payroll Information                                  1. Review procedures approved by                   1. Procedures approved by management
                                      Process        Ensure complete and accurate reporting                Statutory reports for payroll related items are reconciled to     management                                         2. Month end check list
                                                     for payroll and related tax/fiscal                    supporting documentation and are prepared in accordance           2. Review month end check list
                                                     information.                                          with statutory due dates.


PAY        Payroll         PAY.04     Payroll     Authorisation of Payroll Disbursement        PAY.04      Authorisation of Payroll Disbursement                             1. Review procedures approved by                   1. Procedures approved by management and aligned with
                                      Disbursemen The payroll disbursement is authorised.                  The payroll disbursement is properly authorised in                management and check alignment with                Group/divisional guidelines
                                      t                                                                    accordance with Group Guidelines and local SLA.                   Group/divisional guidelines                        2. Evidence of SLA
                                                                                                                                                                             2. Review SLA                                      3. Month end check list
                                                                                                                                                                             3. Check that payroll disbursement orders are
                                                                                                                                                                             authorized in accordance to the SLA by two
                                                                                                                                                                             persons to ensure that the four-eye principle is
                                                                                                                                                                             in place

PAY        Payroll         PAY.04     Payroll     Funding of payroll disbursement              PAY.04      Funding of payroll disbursement                                   1. Review procedures approved by                   1. Procedures approved by management and aligned with
                                      Disbursemen Risk on payroll bank account is limited.                 Bank accounts used only for payroll have no credit line set.      management check alignment with                    Group/divisional guidelines
                                      t                                                                    Management regularly reviews the bank account conditions.         Group/divisional guidelines                        2. Details of payroll bank accounts with no credit line
                                                                                                                                                                             2. Ensure that bank accounts for payroll have      defined
                                                                                                                                                                             no credit line set

PAY        Payroll         PAY.04     Payroll     Alignment with Payroll Process               PAY.04      Employee Bank Accounts                                            1. Review list of payment to external bank      1. List of payment to external bank accounts
                                      Disbursemen Ensure that payments made are in line                    Payroll slips are sent to employees directly by payroll. On a     accounts and reconcile with authorized payment 2. Reconciliation of master data files and transfers made
                                      t           with the payroll process.                                regular basis, bank transfers are checked with master data        orders defined by the employees                 to the correct employee bank account
                                                                                                           for employee bank accounts.                                       2. Ensure bank transfer files are reconciled to
                                                                                                                                                                             master data files to verify that transfers are
                                                                                                                                                                             made to the correct employee bank account

PAY        Payroll         PAY.04     Payroll     Alignment with Payroll Process           PAY.04          Reconciliation                                                1. Ensure bank transfer files are reconciled to        1. Management approved reconciliation of master data
                                      Disbursemen Ensure disbursements are correctly                       A monthly reconciliation between the payroll proposal to the master data files to verify that transfers are          files and transfers made to the correct employee bank
                                      t           calculated and completely and accurately                 actual payment run (e.g. electronic transfers, cheques, cash) made to the correct employee bank account              account
                                                  input to the system.                                     is made. Management reviews and approves the
                                                                                                           reconciliation.

PAY        Payroll         PAY.04     Payroll     Payment Due Dates                            PAY.04      Payment Due Dates                                                 1. Review procedures approved by                   1. Procedures approved by management
                                      Disbursemen Salaries and payroll deductions are paid                 Management regularly checks that net salaries, payroll            management                                         2. Calculation and supporting documentation of all the
                                      t           in accordance to local laws.                             taxes, social security, pension funds and other payroll           2. Review configuration and master data of the     elements of the salary including the documentation on the
                                                                                                           deductions are paid within the respective due dates and           system                                             payment due dates
                                                                                                           supported by adequate documentation.                              3. Review the supporting documentation of all
                                                                                                                                                                             the elements of the salary including the
                                                                                                                                                                             documentation on the payment due dates

PAY        Payroll         PAY.04     Payroll     Disbursement Allocation                      PAY.04      Disbursement Allocation - Errors                             1. Review procedures approved by                        1. Procedures approved by management
                                      Disbursemen Ensure disbursements are correctly                       A transaction exception report from the bank is reviewed and management                                              2. Output of the transaction exception report on
                                      t           allocated to employees bank accounts.                    errors (e.g. failed transfers) are investigated.             2. Check that the transaction exception report          disbursement allocation errors reviewed by management
                                                                                                                                                                        on disbursement allocation errors is reviewed           3. Evidence of follow-up action, where applicable
                                                                                                                                                                        by management
                                                                                                                                                                        3. Check that all corrective actions have taken
                                                                                                                                                                        place




                                                                                                                                                                                                                                                                                                                                                           Page 75/77                                                                                                                                                                                                                                                                                                             1/5/2012 / 4:19 PM
                                                                                                                                                                                                                                                                                                                                                 PAY Cycle




                                                                                                                                                                                                                                                                                              (Q1)             (Q2)              (Q3)              (Q4)             (Q5)              (Q6)               (Q7)            (Q8)                (Q9)             (Q10)                  (Q11)                    (Q12)                (Q13)         Testing Period    Testing Period Testing Period Testing Period   Testing Period    Testing Period Testing Period Testing Period
                                                                                         Control                                                                                                                                                                                        Is this control   If No, explain   Is this control     Additional       Frequency of    Documentation        Evidence of     Control owner     Staff trained to   Maturity level   If Maturity is level 4 or   Responsible person        Due Date              1                  1             1              1                2                  2             2              2
               Cycle        Sub-       Sub-Cycle                                                                                                                                      Recommended                                            Recommended                              activity relevant        why.        performed? If      comments to          control     (e.g. procedures,     Control (e.g.   (Job title and   control activity?    from 1 to 5                 5,              for remediation plan     (dd/mm/yy)                           Likelihood      Impact      Tester's name                        Likelihood      Impact      Tester's name
Cycle ID                                                 Control Objective Description   Activity      Description of the Recommended Control Activity
             Description   Cycle ID    Description                                                                                                                                    Validation steps                                         Evidences                               to your entity?                       yes, how ?      control activity                    flowcharts...)     report signed       Name)               (Y/N)                                define your                                  remediation plan     (Pass/Fail)    (High/Medium/L (High/Medium/L                     (Pass/Fail)    (High/Medium/L (High/Medium/L
                                                                                           ID
                                                                                                                                                                                                                                                                                                                                               (free text)                                                by                                                                  remediation plan.                                                                         ow)            ow)                                               ow)            ow)
                                                                                                                                                                                                                                                                                                                                                                                                   management...)
PAY        Payroll         PAY.04     Payroll     Disbursement Allocation                PAY.04     Unclaimed wages                                                    1. Review procedures approved by                  1. Procedures approved by management
                                      Disbursemen Ensure disbursements are correctly                Unclaimed wages (including cheques) are followed-up.               management                                        2. Reports of unclaimed wages with the evidence of the
                                      t           allocated to employees.                           Management is regularly informed.                                  2. Ensure unclaimed wages are turned over to      follow-up by management
                                                                                                                                                                       Accounts Payable (AP) for reviews and             3. Approved Payroll Bank reconciliation indicating
                                                                                                                                                                       escheatment, with the support of the payroll      commentary/status/action items of outstanding payroll
                                                                                                                                                                       services                                          checks
                                                                                                                                                                       3. Check that all corrective actions have taken
                                                                                                                                                                       place

PAY        Payroll         PAY.04     Payroll     Disbursement by Cheque                 PAY.04     Restricted Access                                                  1. Review procedures approved by                  1. Procedures approved by management
                                      Disbursemen Cheque management is restricted to                Access to print cheques is restricted through password and         management                                        2. Access right authorisation form signed
                                      t           authorised persons.                               authorisation controls. The access rights in the system are        2. Review access right authorisation form         3. User profile report duly reviewed and approved
                                                                                                    regularly reviewed and any unauthorised access is                  signed
                                                                                                    corrected.                                                         3. Review user access rights reports and check
                                                                                                                                                                       alignment with job profiles

PAY        Payroll         PAY.04     Payroll     Disbursement by Cheque                 PAY.04     Authorisation                                                      1. Review procedures approved by                  1. Procedures approved by management
                                      Disbursemen Cheques are duly authorised.                      Cheques are signed by a person with proper bank signatory          management                                        2. List of bank signatory power
                                      t                                                             power in accordance with local SLA.                                2. Take a sampling of signed cheques and          3. SLA
                                                                                                                                                                       review alignment with the bank signatory power
                                                                                                                                                                       and SLA
                                                                                                                                                                       3. Review list of bank signatory power
                                                                                                                                                                       4. Review SLA
PAY        Payroll         PAY.04     Payroll     Disbursement by Cheque                 PAY.04     Signing process                                                    1. Review procedures approved by                  1. Procedures approved by management
                                      Disbursemen Cheques are duly authorised.                      A procedure is established to ensure that the signing of           management
                                      t                                                             cheques is prohibited before they are fully made out.

PAY        Payroll         PAY.04     Payroll     Disbursement by Cheque                 PAY.04     Correct Employee Names                                             1. Review procedures approved by                  1. Procedures approved by management
                                      Disbursemen Payment by cheque is correct.                     The name of the employees are made out on the cheques.             management                                        2. List of issued cheques
                                      t                                                             Cheques are not transferable.                                      2. Take a sampling of signed cheques and
                                                                                                                                                                       reviews name of the employees

PAY        Payroll         PAY.04     Payroll     Disbursement by Cheque                 PAY.04     Cancelled Cheques                                           1. Review procedures approved by                         1. Procedures approved by management
                                      Disbursemen Payment by cheque is correct.                     A procedure is established to ensure that cancelled cheques management                                               2. Access right authorisation form signed
                                      t                                                             are reviewed and approved by management.                    2. Review list of cancelled cheques and ensure           3. User profile report duly reviewed and approved
                                                                                                                                                                it has been approved by management

PAY        Payroll         PAY.04     Payroll     Disbursement by Cheque                 PAY.04     Reconciliation                                                     1. Review procedures approved by                  1. Procedures approved by management
                                      Disbursemen Payment by cheque is correct.                     A monthly reconciliation between the cheque register and           management                                        2. Monthly report and reconciliation between the cheques
                                      t                                                             the net salaries is performed.                                     2. Review monthly report and reconciliation       register and net salaries
                                                                                                                                                                       between the cheques register and net salaries

PAY        Payroll         PAY.04     Payroll     Disbursement by Cash                   PAY.04     Correct Amount                                                     1. Review procedures approved by                  1. Procedures approved by management
                                      Disbursemen Payment in cash is correct.                       Cash is withdrawn according to the net salary payment.             management                                        2. Monthly report on payments by cash according to the
                                      t                                                                                                                                2. Review monthly report on payments by cash      net salary payments
                                                                                                                                                                       according to the net salary payments


PAY        Payroll         PAY.04     Payroll     Disbursement by Cash                   PAY.04     Payment Receipt                                                    1. Review procedures approved by                  1. Procedures approved by management
                                      Disbursemen Payment in cash is correct.                       A proof of receipt (e.g. signature in a register...) is obtained   management                                        2. List of payment receipts
                                      t                                                             by the employer after payment.                                     2. Review list of payment receipts

PAY        Payroll         PAY.04     Payroll     Disbursement by Cash                   PAY.04     Reconciliation                                                     1. Review procedures approved by                  1. Procedures approved by management
                                      Disbursemen Payment in cash is correct.                       A monthly reconciliation between the receipts obtained from        management                                        2. Monthly report on approved reconciliation of the
                                      t                                                             the employees and the net salaries is performed. Differences       2. Review monthly report and reconciliation of    receipts obtained from the employees with the net salaries
                                                                                                    are promptly followed-up. Management reviews and                   the receipts obtained from the employees with
                                                                                                    approves the reconciliation.                                       the net salaries




                                                                                                                                                                                                                                                                                                                                                  Page 76/77                                                                                                                                                                                                                                                                                                             1/5/2012 / 4:19 PM
FRA Cycle     Control activity   Control activity Description                                                  Total   Frequency                Sample size   Sample size
              Number                                                                                                                              Tier 1        Tier 2
              FRA.01.10.01       Configuration changes                                                                 Monthly                       3             2
              FRA.02.01.01       Journal Entries / Postings - Procedures                                               Daily                        45            10
              FRA.02.30.01       Period-end Closing / Proper Cut-off - Procedures                                      Monthly                       3             2
              FRA.02.30.06       Period adjustments                                                                    Annually                      1             1
              FRA.03.01.03       Review of Accruals and Provisions                                                     Monthly                       3             2
              FRA.03.10.01       Account reconciliation                                                                Monthly                       3             2
              FRA.03.10.02       Balance sheet review                                                                  Monthly                       3             2
              FRA.03.15.02       Accuracy of Intercompany Accounts reconciliation                                      Monthly                       3             2
              FRA.04.01.01       Reporting Package                                                                     Monthly                       3             2
              FRA.04.40.01       Legal Docket or Equivalent                                                            Monthly                       3             2
              FRA.04.45.01       Significant Contracts                                                                 Quarterly                     2             1
              FRA.05.25.03       Justification of Tax Balances                                                         Quarterly                     2             1
              FRA.05.70.01       Tax Reporting - Procedures                                                     13     Annually                      1             1
REV Cycle                                                                                                      Total                               75            30
              REV.02.15.01       Accounting Implications - Review Process                                              Monthly                       3             2
              REV.03.05.01       Credit Control Review                                                                 Quarterly                     2             1
              REV.03.20.01       Price Control Review                                                                  Annually                      1             1
              REV.04.20.01       Trade-Loading                                                                         Monthly                       3             2
              REV.05.10.01       Delivery Cut-off                                                                      Monthly                       3             2
              REV.05.45.01       Revenue Cut-off                                                                       Monthly                       3             2
              REV.06.40.01       Credit Issuance Approval                                                              Monthly                       3             2
              REV.07.01.01       Sales Deduction Policy                                                                Annually                      1             1
              REV.11.01.01       Review of Aged Open AR Account Balances                                               Monthly                       3             2
              REV.11.10.01       AR Bad Debt Write-offs - Approval                                              10     Monthly                       3             2
PUR Cycle                                                                                                      Total                               25            17
              PUR.02.05.02       Vendor Master File Data Changes - Approval Process                                    Quarterly                     2             1
              PUR.03.30.01       Purchase Order Approval                                                               Daily                        45            4
                                                                                                                       (weekly: Tier 2 units)
              PUR.04.30.01       Receipts are Recorded in the Proper Period - Cut-off Procedures                       Monthly                      3             2
              PUR.05.01.01       Invoice Accuracy - 3 Way Matching Procedures                                          Daily                        45            10
              PUR.05.30.01       Invoices are recorded in the Proper Period - Cut-off Procedures (MM/SD)               Monthly                       3             2
              PUR.05.35.01       Invoices and Cash disbursements are recorded in the Proper Period - Cut-off           Monthly                       3             2
                                 Procedures (FI/CO)
              PUR.06.01.01       Goods Returns Procedures and Authorisation                                     7      Monthly                       3             2
PIN Cycle                                                                                                      Total                               104            23
              PIN.01.05.01       Material Master Records                                                               Monthly                       3             2
              PIN.02.01.01       Standard Cost Review                                                                  Quarterly                     2             1
              PIN.04.01.01       Production Costs Variances                                                            Monthly                       3             2
              PIN.05.10.01       Physical Inventory Count, Reconciliation and Approval                                 Quarterly                     2             1
              PIN.05.20.01       Inventory Adjustments                                                                 Monthly                       3             2
              PIN.05.35.01       Slow and No Movers                                                             6      Monthly                       3             2
PPE Cycle                                                                                                      Total                                16            10
              PPE.03.05.01       Acquisitions - Recording                                                              Monthly                       3             2
              PPE.03.15.01       Depreciation Rates                                                                    Annually                      1             1
              PPE.07.25.01       Impairment Tests                                                               3      Annually                      1             1
PAY Cycle                                                                                                      Total                                 5             4
              PAY.03.20.02       Payroll Calculation, Reconciliation and Disbursement Approval                         Monthly                       3             2
              PAY.03.40.01       Payroll and Benefits Data Transfer                                              2     Monthly                       3             2
Grand Total                                                                                                     41                                   6             4
                                                                                                                       TOTAL # of Samples          231            88




        D:\Docstoc\Working\pdf\6b8d482d-9c1c-4aad-85de-7d4121cd8be7.xls1/5/2012

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:9
posted:1/6/2012
language:
pages:77