Christine H Doxey
Internal Controls Toolkit
Christine H Doxey
Internal Controls Toolkit
- Gebundenes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
All companies, regardless of size, structure, nature, or industry, encounter risks at all levels within their organization. In their 2018 Report to the Nations, the Association of Certified Fraud Examiners (ACFE) reported that internal control weaknesses were responsible for nearly half of all frauds reported. Internal Controls Toolkit is an authoritative and comprehensive book that outlines the standards of internal controls that organizations (of all types and sizes) can use to mitigate risk. Designed as a practical resource, the book offers a guide for putting in place effective controls in…mehr
Andere Kunden interessierten sich auch für
![Internal Controls]( "Internal Controls")
Lynford GrahamInternal Controls134,99 €![It Auditing and Application Controls for Small and Mid-Sized Enterprises]( "It Auditing and Application Controls for Small and Mid-Sized Enterprises")
Jason WoodIt Auditing and Application Controls for Small and Mid-Sized Enterprises76,99 €![Financial Reporting Practices and Internal Controls in Churches]( "Financial Reporting Practices and Internal Controls in Churches")
Carlos RanglinFinancial Reporting Practices and Internal Controls in Churches29,99 €![Evaluating Internal Controls in Faith-based Organization]( "Evaluating Internal Controls in Faith-based Organization")
Hamdi AliEvaluating Internal Controls in Faith-based Organization44,99 €![Executive's Guide to Coso Internal Controls]( "Executive's Guide to Coso Internal Controls")
Robert R. MoellerExecutive's Guide to Coso Internal Controls107,99 €![The Global Property Investor's Toolkit]( "The Global Property Investor's Toolkit")
Colin BarrowThe Global Property Investor's Toolkit38,99 €![The Financial Controller and Cfo's Toolkit]( "The Financial Controller and Cfo's Toolkit")
David ParmenterThe Financial Controller and Cfo's Toolkit46,99 €-
-
-
All companies, regardless of size, structure, nature, or industry, encounter risks at all levels within their organization. In their 2018 Report to the Nations, the Association of Certified Fraud Examiners (ACFE) reported that internal control weaknesses were responsible for nearly half of all frauds reported. Internal Controls Toolkit is an authoritative and comprehensive book that outlines the standards of internal controls that organizations (of all types and sizes) can use to mitigate risk. Designed as a practical resource, the book offers a guide for putting in place effective controls in order to provide reliable, timely, and useful financial and managerial data that is critical for supporting operating, budgeting, and policy decisions. The author--a noted expert on the topic--takes a toolkit approach that includes detailed information on controls and risks outlined for key business processes. The book offers background information on the history of internal controls, recommendations for developing a series of risk-based controls, proven ideas for implementing internal controls, and includes the metrics to use when measuring results. The author explores how to establish the three most critical corporate controls: segregation of duties; systems access; and delegation of authority. Filled with best practices for each step in the internal control process, the book examines the COSO model at the heart of many internal controls systems and Sarbanes-Oxley efforts in the corporate environment. In addition, the book offers direction for being in compliance with SOX 404 initiatives, guidance for companies undergoing merger and acquisition projects, and suggestions for implementing Control Self-Assessment (CSA), Continuous Controls Monitoring (CCM), and other self-audit initiatives. Internal Controls Toolkit is the hands-on resource for any organization that wants to achieve operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations, and policies.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: Wiley
- Seitenzahl: 416
- Erscheinungstermin: 23. Juli 2019
- Englisch
- Abmessung: 235mm x 157mm x 27mm
- Gewicht: 752g
- ISBN-13: 9781119554394
- ISBN-10: 111955439X
- Artikelnr.: 55198096
- Verlag: Wiley
- Seitenzahl: 416
- Erscheinungstermin: 23. Juli 2019
- Englisch
- Abmessung: 235mm x 157mm x 27mm
- Gewicht: 752g
- ISBN-13: 9781119554394
- ISBN-10: 111955439X
- Artikelnr.: 55198096
CHRISTINE H. DOXEY, CAPP, CCSA, CICA, CPC, is president of Doxey, Inc. Prior to forming her company, she served in executive positions with Verizon Business (formerly MCI), Hewlett Packard, Compaq, and Digital Equipment. Doxy is on the Advisory Boards of The Exchange Summit and The Institute of Internal Controls. She has authored several books and speaks at conferences globally on financial process best practices.
Introduction to The Internal Controls Toolkit 9
Introduction 9
Internal Controls And Fraud Prevention 9
Internal Controls And Fraud Prevention: Additional Statistics 10
Who Will Benefit From This Toolkit 11
About The Standards of Internal Control 12
How Were The Standards Developed? 12
How Are The Standards Used? 12
What Is The Basic Premise of The Standards? 12
When Should The Standard Be Updated? 12
What Is A Best Practice For Implementing And Using The Standards? 12
General Standards of Internal Control 13
How This Toolkit Is Organized 14
1.0 Background On Internal Controls 15
The Goals And Challenges of Internal Controls 15
Risk Based Internal Controls 15
Application of Internal Controls 16
The Three Critical Corporate Controls 17
The Background And History of Internal Controls 19
Securities Act of 1933 19
Securities Exchange Act of 1934 19
Trust Indenture Act of 1939 19
Investment Company Act of 1940 19
Investment Advisors Act of 1940 19
Foreign Corrupt Practices Act (Fcpa) of 1977 19
Comprehensive Crime Control Act - 1984 20
Federal Sentencing Guidelines For Organizations - 1991 20
Internal Control - Integrated Framework - 1992 And 2013 20
Coso's Monitoring Guidance 21
Cobit - 1996 23
Systrust - 1999 23
Corporate Frauds - 2001-2002 23
U.S. Sarbanes Oxley Act of 2002 24
Enterprise Risk Management (Erm) Integrated Framework - 2004 And 2013 25
Example: Enterprise Risk Management (Erm) And The Application to The
Procure to Pay (P2p) Cycle 26
An Erm Checklist 27
Internal Control Over Financial Reporting - Guidance For Smaller Public
Companies - 2006 28
Guidance On Monitoring Internal Control Systems - 2009 28
Definition of Internal Controls 29
Types of Internal Controls And Control Mechanisms 29
Major Types of Internal Control 29
Compensating Controls 30
Other Controls 30
Organization Controls 30
Policy Controls 31
Procedure Controls 31
Supervisory Controls 31
Review Controls 31
Leveraging The Standards of Internal Control to Implement A Controls
Self-Assessment (Csa) Program 32
Ethics And "Tone At The Top" 34
What Is 'Tone At The Top'? 34
What Are The Components of An Effective Ethics Policy? 34
What Are The Components of A Well-Defined Code of Conduct? 34
What Are Examples of Poor "Tone At The Top"? 35
Code of Conduct Considerations 35
Entity Level Controls 36
Benefits For Entity Level Controls 36
"Tone At The Top" 36
Roles And Responsibilities For Internal Control 38
2.0 The Order to Cash (O2c) Process 42
2.1 Order Entry/Edit 45
2.1 Order Entry/Edit (Continued) 46
2.1 Order Entry/Edit (Continued) 47
2.2 Export Controls 48
2.2 Export Controls (Continued) 50
2.2 Export Controls (Continued) 51
2.3 Sales Contracts 53
2.3 Sales Contracts (Continued) 54
2.4 Credit 55
2.4 Credit (Continued) 56
2.5 Shipping 58
2.5 Shipping (Continued) 59
2.5 Shipping (Continued) 60
2.6 Revenue Recognition/Billing 61
2.6 Revenue Recognition/Billing (Continued) 62
2.6 Revenue Recognition/Billing (Continued) 63
2.6 Revenue Recognition/Billing (Continued) 64
2.7 Accounts Receivable (Ar) 66
2.7 Accounts Receivable (Ar) (Continued) 67
2.8 Collection 69
2.9 Cash Receipts And Application 70
2.9 Cash Receipts And Application (Continued) 71
2.10 Price Establishment 72
2.10 Price Establishment (Continued) 73
2.11 Promotional Activities 74
2.11 Promotional Activities (Continued) 75
2.11 Promotional Activities (Continued) 76
3.0 Treasury Process 77
3.1 General Treasury Controls 80
3.1 General Treasury Controls (Continued) 81
3.1 General Treasury Controls (Continued) 82
3.2 Financing Operations 83
3.2 Financing Operations (Continued) 84
3.3 Investment of Available Funds 85
3.3 Investment of Available Funds (Continued) 86
3.4 Foreign Exchange 87
3.4 Foreign Exchange (Continued) 88
4.0 Procure to Pay (P2p) Process 89
4.2 Purchasing/Ordering 99
4.2 Purchasing/Ordering (Continued) 100
4.2 Purchasing/Ordering (Continued) 101
4.2 Purchasing/Ordering (Continued) 102
4.3 Import Controls 103
4.3 Import Controls (Continued) 104
4.4 Receiving 105
4.4 Receiving (Continued) 106
4.4 Receiving (Continued) 107
4.5 Accounts Payable 108
4.5 Accounts Payable (Continued) 109
4.5 Accounts Payable Continued) 110
4.6 The Payment Process - General 111
4.6 The Payment Process - General (Continued) 112
4.6 The Payment Process - General (Continued) 113
4.7 The Payment Process - Travel And Entertainment 114
4.7 The Payment Process - Travel And Entertainment 115
4.8 Research And Product Development 116
4.8 Research And Product Development (Continued) 117
4.8 Research And Product Development (Continued) 118
4.9 Procurment Cards (P-Cards) 119
4.9 Procurment Cards (P-Cards) (Continued) 120
4.9 Procurment Cards (P-Cards) (Continued) 121
5.0 Hire to Retire (H2r) Process 122
5.1 Payroll Preparation And Security 125
5.1 Payroll Preparation And Security (Continued) 126
5.2 Payroll Payment Controls 128
5.2 Payroll Payment Controls 129
5.3 Distribution of Payroll 130
5.4 Compensation And Benefits 131
5.4 Compensation And Benefits (Continued) 132
5.5 Hiring And Termination 133
5.5 Hiring And Termination (Continued) 134
5.6 Education, Training, And Development 135
5.7 Contingent Workforce 136
5.7 Contingent Workforce (Continued) 138
6.0 The Supply Chain Process 139
6.1 Planning & Control 142
6.1 Planning & Control (Continued) 143
6.2 Inventory Control 144
6.2 Inventory Control (Continued) 145
6.2 Inventory Control (Continued) 146
6.3 Inventory Verification 147
6.3 Inventory Verification (Continued) 148
6.4 Inventory Valuation 149
6.5 Product Cost Management 150
6.5 Product Cost Management (Continued) 151
6.5 Product Cost Management (Continued) 152
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners 153
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued)
154
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued)
155
6.8 Tranportation And Logistics 158
6.8 Tranportation And Logistics (Continued) 159
7.0 Record to Report (R2r) 161
7.1 International Transfer Pricing 166
7.2 Intercompany Transactions 167
7.2 Intercompany Transactions (Continued) 168
7.3 Accumulation of Financial Information 169
7.3 Accumulation of Financial Information (Continued) 170
7.4 Processing And Reporting of Financial Information (The Final Mile) 171
7.5 Fixed Assets 174
7.5 Fixed Assets (Continued) 175
7.5 Fixed Assets (Continued) 176
8.0 Government Contracts 177
8.1 United States Government Contracts - General 178
8.1 United States Government Contracts - General (Continued) 179
8.1 United States Government Contracts - General (Continued) 180
8.1 United States Government Contracts - General (Continued) 181
8.1 United States Government Contracts - General (Continued) 182
8.2 United States Government Contracts - Non-Commercial Products 183
8.2 United States Government Contracts - Non-Commercial Products
(Continued) 184
8.3 United States Government Contracts - Commercial Products 185
8.3 United States Government Contracts - Commercial Products (Continued)
186
8.3 United States Government Contracts - Commercial Products (Continued)
187
8.4 Contracts With State And Local Governments And Educational Institutions
Within The United States 188
8.5 Contracts With Governments Outside The United States 190
8.5 Contracts With Governments Outside The United States (Continued) 191
9.0 Records And Information Management 192
9.2 Standards of Internal Record Keeping Requirements 197
9.2 Standards of Internal Record Keeping Requirements (Continued) 198
9.2 Standards of Internal Record Keeping Requirements (Continued) 198
10.0 Computer, Telecommunication And Systems Controls 201
10.1 Owners, Users, And Service Providers 206
10.1 Owners, Users, And Service Providers 207
10.1 Owners, Users, And Service Providers (Continued) 208
10.1 Owners, Users, And Service Providers (Continued) 209
10.3 Computer Access Control 214
10.4 Network Operations And Security Controls 224
10.4 Network Operations And Security Controls (Continued) 225
10.5 Systems Development Methodology 228
10.5 Systems Development Methodology (Continued) 229
10.5 Systems Development Methodology (Continued) 230
10.6 Change Management 231
10.6 Change Management (Continued) 232
10.7 Computer And Telecommunications Backup For Production Restart/Recovery
235
10.8 Disaster Recovery And Business Contingency Planning 237
10.8 Disaster Recovery And Business Contingency Planning (Continued) 241
10.8 Disaster Recovery And Business Contingency Planning (Continued) 242
10.9 Input Controls 243
10.10 Output Controls 245
10.11 Paperless Transactions, Electronic Commerce, And Edi 247
10.12 Non-Company Networks And Bulletin Boards 250
11.0 Protection of Assets: Human, Physical And Intellectual 256
11.1 Security Framework 258
11.1 Security Framework (Continued) 259
11.1 Security Framework (Continued) 260
11.2 Perimeter Security 261
11.2 Perimeter Security (Continued) 262
11.3 Interior Security 264
11.3 Interior Security 265
11.4 Protecting Intellectual Property 266
12.0 The Insurance Process 268
12.1 Protection Against Physical Damage And Other Accidents 269
12.2 Insurance (Property & Casualty Risks) 270
12.3 Business Continuity 272
13.0 Environmental, Health, And Safety (Eh&S) 273
13.1 General Controls 275
13.1 General Controls (Continued) 276
14.0 Customer Services 277
14.1 Policy 279
14.1 Policy (Continued) 280
14.1 Policy (Continued) 281
14.2 Call Center Management 282
14.2 Call Center Management (Continued) 283
14.3 Warranty 284
14.3 Warranty (Continued) 285
14.3 Warranty (Continued) 286
14.4 Support Sales 287
15.0 Professional Services (Ps) 288
15.1 General Controls 290
15.1 General Controls (Continued) 291
15.2 Opportunity-Bid Process 292
15.2 Opportunity-Bid Process (Continued) 293
15.2 Opportunity-Bid Process (Continued) 294
15.3 Program Management 295
15.3 Program Management (Continued) 296
15.3 Program Management (Continued) 297
15.3 Program Management (Continued) 298
15.3 Program Management (Continued) 299
15.4 Customer Order Management 300
15.4 Customer Order Management (Continued) 301
15.4 Customer Order Management (Continued) 302
16.0 Entity Level Controls 303
16.1 Compliance And Compliance Screening 305
16.1 Compliance And Compliance Screening (Continued) 306
16.2 Internal Controls Roles And Responsibilities 308
16.2 Internal Controls Roles And Responsibilities (Continued) 309
16.4 Audit Committee Controls 313
16.4 Audit Committee Controls (Continued) 314
16.4 Audit Committee Controls (Continued) 315
17.0 Glossary 318
18.0 Addendum - Additional Tools 327
18.1 Example Internal Controls Policy 327
18.2 Delegation of Authority (Doa) Policy 330
18.3 Segregation of Duties (Sod) Policy 338
18.4 System Access (Sa) Policy 352
18.5 Pricing Policy Example 355
18.6 Testing Internal Controls And Selecting Sample Sizes 357
References 361
Introduction 9
Internal Controls And Fraud Prevention 9
Internal Controls And Fraud Prevention: Additional Statistics 10
Who Will Benefit From This Toolkit 11
About The Standards of Internal Control 12
How Were The Standards Developed? 12
How Are The Standards Used? 12
What Is The Basic Premise of The Standards? 12
When Should The Standard Be Updated? 12
What Is A Best Practice For Implementing And Using The Standards? 12
General Standards of Internal Control 13
How This Toolkit Is Organized 14
1.0 Background On Internal Controls 15
The Goals And Challenges of Internal Controls 15
Risk Based Internal Controls 15
Application of Internal Controls 16
The Three Critical Corporate Controls 17
The Background And History of Internal Controls 19
Securities Act of 1933 19
Securities Exchange Act of 1934 19
Trust Indenture Act of 1939 19
Investment Company Act of 1940 19
Investment Advisors Act of 1940 19
Foreign Corrupt Practices Act (Fcpa) of 1977 19
Comprehensive Crime Control Act - 1984 20
Federal Sentencing Guidelines For Organizations - 1991 20
Internal Control - Integrated Framework - 1992 And 2013 20
Coso's Monitoring Guidance 21
Cobit - 1996 23
Systrust - 1999 23
Corporate Frauds - 2001-2002 23
U.S. Sarbanes Oxley Act of 2002 24
Enterprise Risk Management (Erm) Integrated Framework - 2004 And 2013 25
Example: Enterprise Risk Management (Erm) And The Application to The
Procure to Pay (P2p) Cycle 26
An Erm Checklist 27
Internal Control Over Financial Reporting - Guidance For Smaller Public
Companies - 2006 28
Guidance On Monitoring Internal Control Systems - 2009 28
Definition of Internal Controls 29
Types of Internal Controls And Control Mechanisms 29
Major Types of Internal Control 29
Compensating Controls 30
Other Controls 30
Organization Controls 30
Policy Controls 31
Procedure Controls 31
Supervisory Controls 31
Review Controls 31
Leveraging The Standards of Internal Control to Implement A Controls
Self-Assessment (Csa) Program 32
Ethics And "Tone At The Top" 34
What Is 'Tone At The Top'? 34
What Are The Components of An Effective Ethics Policy? 34
What Are The Components of A Well-Defined Code of Conduct? 34
What Are Examples of Poor "Tone At The Top"? 35
Code of Conduct Considerations 35
Entity Level Controls 36
Benefits For Entity Level Controls 36
"Tone At The Top" 36
Roles And Responsibilities For Internal Control 38
2.0 The Order to Cash (O2c) Process 42
2.1 Order Entry/Edit 45
2.1 Order Entry/Edit (Continued) 46
2.1 Order Entry/Edit (Continued) 47
2.2 Export Controls 48
2.2 Export Controls (Continued) 50
2.2 Export Controls (Continued) 51
2.3 Sales Contracts 53
2.3 Sales Contracts (Continued) 54
2.4 Credit 55
2.4 Credit (Continued) 56
2.5 Shipping 58
2.5 Shipping (Continued) 59
2.5 Shipping (Continued) 60
2.6 Revenue Recognition/Billing 61
2.6 Revenue Recognition/Billing (Continued) 62
2.6 Revenue Recognition/Billing (Continued) 63
2.6 Revenue Recognition/Billing (Continued) 64
2.7 Accounts Receivable (Ar) 66
2.7 Accounts Receivable (Ar) (Continued) 67
2.8 Collection 69
2.9 Cash Receipts And Application 70
2.9 Cash Receipts And Application (Continued) 71
2.10 Price Establishment 72
2.10 Price Establishment (Continued) 73
2.11 Promotional Activities 74
2.11 Promotional Activities (Continued) 75
2.11 Promotional Activities (Continued) 76
3.0 Treasury Process 77
3.1 General Treasury Controls 80
3.1 General Treasury Controls (Continued) 81
3.1 General Treasury Controls (Continued) 82
3.2 Financing Operations 83
3.2 Financing Operations (Continued) 84
3.3 Investment of Available Funds 85
3.3 Investment of Available Funds (Continued) 86
3.4 Foreign Exchange 87
3.4 Foreign Exchange (Continued) 88
4.0 Procure to Pay (P2p) Process 89
4.2 Purchasing/Ordering 99
4.2 Purchasing/Ordering (Continued) 100
4.2 Purchasing/Ordering (Continued) 101
4.2 Purchasing/Ordering (Continued) 102
4.3 Import Controls 103
4.3 Import Controls (Continued) 104
4.4 Receiving 105
4.4 Receiving (Continued) 106
4.4 Receiving (Continued) 107
4.5 Accounts Payable 108
4.5 Accounts Payable (Continued) 109
4.5 Accounts Payable Continued) 110
4.6 The Payment Process - General 111
4.6 The Payment Process - General (Continued) 112
4.6 The Payment Process - General (Continued) 113
4.7 The Payment Process - Travel And Entertainment 114
4.7 The Payment Process - Travel And Entertainment 115
4.8 Research And Product Development 116
4.8 Research And Product Development (Continued) 117
4.8 Research And Product Development (Continued) 118
4.9 Procurment Cards (P-Cards) 119
4.9 Procurment Cards (P-Cards) (Continued) 120
4.9 Procurment Cards (P-Cards) (Continued) 121
5.0 Hire to Retire (H2r) Process 122
5.1 Payroll Preparation And Security 125
5.1 Payroll Preparation And Security (Continued) 126
5.2 Payroll Payment Controls 128
5.2 Payroll Payment Controls 129
5.3 Distribution of Payroll 130
5.4 Compensation And Benefits 131
5.4 Compensation And Benefits (Continued) 132
5.5 Hiring And Termination 133
5.5 Hiring And Termination (Continued) 134
5.6 Education, Training, And Development 135
5.7 Contingent Workforce 136
5.7 Contingent Workforce (Continued) 138
6.0 The Supply Chain Process 139
6.1 Planning & Control 142
6.1 Planning & Control (Continued) 143
6.2 Inventory Control 144
6.2 Inventory Control (Continued) 145
6.2 Inventory Control (Continued) 146
6.3 Inventory Verification 147
6.3 Inventory Verification (Continued) 148
6.4 Inventory Valuation 149
6.5 Product Cost Management 150
6.5 Product Cost Management (Continued) 151
6.5 Product Cost Management (Continued) 152
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners 153
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued)
154
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued)
155
6.8 Tranportation And Logistics 158
6.8 Tranportation And Logistics (Continued) 159
7.0 Record to Report (R2r) 161
7.1 International Transfer Pricing 166
7.2 Intercompany Transactions 167
7.2 Intercompany Transactions (Continued) 168
7.3 Accumulation of Financial Information 169
7.3 Accumulation of Financial Information (Continued) 170
7.4 Processing And Reporting of Financial Information (The Final Mile) 171
7.5 Fixed Assets 174
7.5 Fixed Assets (Continued) 175
7.5 Fixed Assets (Continued) 176
8.0 Government Contracts 177
8.1 United States Government Contracts - General 178
8.1 United States Government Contracts - General (Continued) 179
8.1 United States Government Contracts - General (Continued) 180
8.1 United States Government Contracts - General (Continued) 181
8.1 United States Government Contracts - General (Continued) 182
8.2 United States Government Contracts - Non-Commercial Products 183
8.2 United States Government Contracts - Non-Commercial Products
(Continued) 184
8.3 United States Government Contracts - Commercial Products 185
8.3 United States Government Contracts - Commercial Products (Continued)
186
8.3 United States Government Contracts - Commercial Products (Continued)
187
8.4 Contracts With State And Local Governments And Educational Institutions
Within The United States 188
8.5 Contracts With Governments Outside The United States 190
8.5 Contracts With Governments Outside The United States (Continued) 191
9.0 Records And Information Management 192
9.2 Standards of Internal Record Keeping Requirements 197
9.2 Standards of Internal Record Keeping Requirements (Continued) 198
9.2 Standards of Internal Record Keeping Requirements (Continued) 198
10.0 Computer, Telecommunication And Systems Controls 201
10.1 Owners, Users, And Service Providers 206
10.1 Owners, Users, And Service Providers 207
10.1 Owners, Users, And Service Providers (Continued) 208
10.1 Owners, Users, And Service Providers (Continued) 209
10.3 Computer Access Control 214
10.4 Network Operations And Security Controls 224
10.4 Network Operations And Security Controls (Continued) 225
10.5 Systems Development Methodology 228
10.5 Systems Development Methodology (Continued) 229
10.5 Systems Development Methodology (Continued) 230
10.6 Change Management 231
10.6 Change Management (Continued) 232
10.7 Computer And Telecommunications Backup For Production Restart/Recovery
235
10.8 Disaster Recovery And Business Contingency Planning 237
10.8 Disaster Recovery And Business Contingency Planning (Continued) 241
10.8 Disaster Recovery And Business Contingency Planning (Continued) 242
10.9 Input Controls 243
10.10 Output Controls 245
10.11 Paperless Transactions, Electronic Commerce, And Edi 247
10.12 Non-Company Networks And Bulletin Boards 250
11.0 Protection of Assets: Human, Physical And Intellectual 256
11.1 Security Framework 258
11.1 Security Framework (Continued) 259
11.1 Security Framework (Continued) 260
11.2 Perimeter Security 261
11.2 Perimeter Security (Continued) 262
11.3 Interior Security 264
11.3 Interior Security 265
11.4 Protecting Intellectual Property 266
12.0 The Insurance Process 268
12.1 Protection Against Physical Damage And Other Accidents 269
12.2 Insurance (Property & Casualty Risks) 270
12.3 Business Continuity 272
13.0 Environmental, Health, And Safety (Eh&S) 273
13.1 General Controls 275
13.1 General Controls (Continued) 276
14.0 Customer Services 277
14.1 Policy 279
14.1 Policy (Continued) 280
14.1 Policy (Continued) 281
14.2 Call Center Management 282
14.2 Call Center Management (Continued) 283
14.3 Warranty 284
14.3 Warranty (Continued) 285
14.3 Warranty (Continued) 286
14.4 Support Sales 287
15.0 Professional Services (Ps) 288
15.1 General Controls 290
15.1 General Controls (Continued) 291
15.2 Opportunity-Bid Process 292
15.2 Opportunity-Bid Process (Continued) 293
15.2 Opportunity-Bid Process (Continued) 294
15.3 Program Management 295
15.3 Program Management (Continued) 296
15.3 Program Management (Continued) 297
15.3 Program Management (Continued) 298
15.3 Program Management (Continued) 299
15.4 Customer Order Management 300
15.4 Customer Order Management (Continued) 301
15.4 Customer Order Management (Continued) 302
16.0 Entity Level Controls 303
16.1 Compliance And Compliance Screening 305
16.1 Compliance And Compliance Screening (Continued) 306
16.2 Internal Controls Roles And Responsibilities 308
16.2 Internal Controls Roles And Responsibilities (Continued) 309
16.4 Audit Committee Controls 313
16.4 Audit Committee Controls (Continued) 314
16.4 Audit Committee Controls (Continued) 315
17.0 Glossary 318
18.0 Addendum - Additional Tools 327
18.1 Example Internal Controls Policy 327
18.2 Delegation of Authority (Doa) Policy 330
18.3 Segregation of Duties (Sod) Policy 338
18.4 System Access (Sa) Policy 352
18.5 Pricing Policy Example 355
18.6 Testing Internal Controls And Selecting Sample Sizes 357
References 361
Introduction to The Internal Controls Toolkit 9
Introduction 9
Internal Controls And Fraud Prevention 9
Internal Controls And Fraud Prevention: Additional Statistics 10
Who Will Benefit From This Toolkit 11
About The Standards of Internal Control 12
How Were The Standards Developed? 12
How Are The Standards Used? 12
What Is The Basic Premise of The Standards? 12
When Should The Standard Be Updated? 12
What Is A Best Practice For Implementing And Using The Standards? 12
General Standards of Internal Control 13
How This Toolkit Is Organized 14
1.0 Background On Internal Controls 15
The Goals And Challenges of Internal Controls 15
Risk Based Internal Controls 15
Application of Internal Controls 16
The Three Critical Corporate Controls 17
The Background And History of Internal Controls 19
Securities Act of 1933 19
Securities Exchange Act of 1934 19
Trust Indenture Act of 1939 19
Investment Company Act of 1940 19
Investment Advisors Act of 1940 19
Foreign Corrupt Practices Act (Fcpa) of 1977 19
Comprehensive Crime Control Act - 1984 20
Federal Sentencing Guidelines For Organizations - 1991 20
Internal Control - Integrated Framework - 1992 And 2013 20
Coso's Monitoring Guidance 21
Cobit - 1996 23
Systrust - 1999 23
Corporate Frauds - 2001-2002 23
U.S. Sarbanes Oxley Act of 2002 24
Enterprise Risk Management (Erm) Integrated Framework - 2004 And 2013 25
Example: Enterprise Risk Management (Erm) And The Application to The
Procure to Pay (P2p) Cycle 26
An Erm Checklist 27
Internal Control Over Financial Reporting - Guidance For Smaller Public
Companies - 2006 28
Guidance On Monitoring Internal Control Systems - 2009 28
Definition of Internal Controls 29
Types of Internal Controls And Control Mechanisms 29
Major Types of Internal Control 29
Compensating Controls 30
Other Controls 30
Organization Controls 30
Policy Controls 31
Procedure Controls 31
Supervisory Controls 31
Review Controls 31
Leveraging The Standards of Internal Control to Implement A Controls
Self-Assessment (Csa) Program 32
Ethics And "Tone At The Top" 34
What Is 'Tone At The Top'? 34
What Are The Components of An Effective Ethics Policy? 34
What Are The Components of A Well-Defined Code of Conduct? 34
What Are Examples of Poor "Tone At The Top"? 35
Code of Conduct Considerations 35
Entity Level Controls 36
Benefits For Entity Level Controls 36
"Tone At The Top" 36
Roles And Responsibilities For Internal Control 38
2.0 The Order to Cash (O2c) Process 42
2.1 Order Entry/Edit 45
2.1 Order Entry/Edit (Continued) 46
2.1 Order Entry/Edit (Continued) 47
2.2 Export Controls 48
2.2 Export Controls (Continued) 50
2.2 Export Controls (Continued) 51
2.3 Sales Contracts 53
2.3 Sales Contracts (Continued) 54
2.4 Credit 55
2.4 Credit (Continued) 56
2.5 Shipping 58
2.5 Shipping (Continued) 59
2.5 Shipping (Continued) 60
2.6 Revenue Recognition/Billing 61
2.6 Revenue Recognition/Billing (Continued) 62
2.6 Revenue Recognition/Billing (Continued) 63
2.6 Revenue Recognition/Billing (Continued) 64
2.7 Accounts Receivable (Ar) 66
2.7 Accounts Receivable (Ar) (Continued) 67
2.8 Collection 69
2.9 Cash Receipts And Application 70
2.9 Cash Receipts And Application (Continued) 71
2.10 Price Establishment 72
2.10 Price Establishment (Continued) 73
2.11 Promotional Activities 74
2.11 Promotional Activities (Continued) 75
2.11 Promotional Activities (Continued) 76
3.0 Treasury Process 77
3.1 General Treasury Controls 80
3.1 General Treasury Controls (Continued) 81
3.1 General Treasury Controls (Continued) 82
3.2 Financing Operations 83
3.2 Financing Operations (Continued) 84
3.3 Investment of Available Funds 85
3.3 Investment of Available Funds (Continued) 86
3.4 Foreign Exchange 87
3.4 Foreign Exchange (Continued) 88
4.0 Procure to Pay (P2p) Process 89
4.2 Purchasing/Ordering 99
4.2 Purchasing/Ordering (Continued) 100
4.2 Purchasing/Ordering (Continued) 101
4.2 Purchasing/Ordering (Continued) 102
4.3 Import Controls 103
4.3 Import Controls (Continued) 104
4.4 Receiving 105
4.4 Receiving (Continued) 106
4.4 Receiving (Continued) 107
4.5 Accounts Payable 108
4.5 Accounts Payable (Continued) 109
4.5 Accounts Payable Continued) 110
4.6 The Payment Process - General 111
4.6 The Payment Process - General (Continued) 112
4.6 The Payment Process - General (Continued) 113
4.7 The Payment Process - Travel And Entertainment 114
4.7 The Payment Process - Travel And Entertainment 115
4.8 Research And Product Development 116
4.8 Research And Product Development (Continued) 117
4.8 Research And Product Development (Continued) 118
4.9 Procurment Cards (P-Cards) 119
4.9 Procurment Cards (P-Cards) (Continued) 120
4.9 Procurment Cards (P-Cards) (Continued) 121
5.0 Hire to Retire (H2r) Process 122
5.1 Payroll Preparation And Security 125
5.1 Payroll Preparation And Security (Continued) 126
5.2 Payroll Payment Controls 128
5.2 Payroll Payment Controls 129
5.3 Distribution of Payroll 130
5.4 Compensation And Benefits 131
5.4 Compensation And Benefits (Continued) 132
5.5 Hiring And Termination 133
5.5 Hiring And Termination (Continued) 134
5.6 Education, Training, And Development 135
5.7 Contingent Workforce 136
5.7 Contingent Workforce (Continued) 138
6.0 The Supply Chain Process 139
6.1 Planning & Control 142
6.1 Planning & Control (Continued) 143
6.2 Inventory Control 144
6.2 Inventory Control (Continued) 145
6.2 Inventory Control (Continued) 146
6.3 Inventory Verification 147
6.3 Inventory Verification (Continued) 148
6.4 Inventory Valuation 149
6.5 Product Cost Management 150
6.5 Product Cost Management (Continued) 151
6.5 Product Cost Management (Continued) 152
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners 153
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued)
154
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued)
155
6.8 Tranportation And Logistics 158
6.8 Tranportation And Logistics (Continued) 159
7.0 Record to Report (R2r) 161
7.1 International Transfer Pricing 166
7.2 Intercompany Transactions 167
7.2 Intercompany Transactions (Continued) 168
7.3 Accumulation of Financial Information 169
7.3 Accumulation of Financial Information (Continued) 170
7.4 Processing And Reporting of Financial Information (The Final Mile) 171
7.5 Fixed Assets 174
7.5 Fixed Assets (Continued) 175
7.5 Fixed Assets (Continued) 176
8.0 Government Contracts 177
8.1 United States Government Contracts - General 178
8.1 United States Government Contracts - General (Continued) 179
8.1 United States Government Contracts - General (Continued) 180
8.1 United States Government Contracts - General (Continued) 181
8.1 United States Government Contracts - General (Continued) 182
8.2 United States Government Contracts - Non-Commercial Products 183
8.2 United States Government Contracts - Non-Commercial Products
(Continued) 184
8.3 United States Government Contracts - Commercial Products 185
8.3 United States Government Contracts - Commercial Products (Continued)
186
8.3 United States Government Contracts - Commercial Products (Continued)
187
8.4 Contracts With State And Local Governments And Educational Institutions
Within The United States 188
8.5 Contracts With Governments Outside The United States 190
8.5 Contracts With Governments Outside The United States (Continued) 191
9.0 Records And Information Management 192
9.2 Standards of Internal Record Keeping Requirements 197
9.2 Standards of Internal Record Keeping Requirements (Continued) 198
9.2 Standards of Internal Record Keeping Requirements (Continued) 198
10.0 Computer, Telecommunication And Systems Controls 201
10.1 Owners, Users, And Service Providers 206
10.1 Owners, Users, And Service Providers 207
10.1 Owners, Users, And Service Providers (Continued) 208
10.1 Owners, Users, And Service Providers (Continued) 209
10.3 Computer Access Control 214
10.4 Network Operations And Security Controls 224
10.4 Network Operations And Security Controls (Continued) 225
10.5 Systems Development Methodology 228
10.5 Systems Development Methodology (Continued) 229
10.5 Systems Development Methodology (Continued) 230
10.6 Change Management 231
10.6 Change Management (Continued) 232
10.7 Computer And Telecommunications Backup For Production Restart/Recovery
235
10.8 Disaster Recovery And Business Contingency Planning 237
10.8 Disaster Recovery And Business Contingency Planning (Continued) 241
10.8 Disaster Recovery And Business Contingency Planning (Continued) 242
10.9 Input Controls 243
10.10 Output Controls 245
10.11 Paperless Transactions, Electronic Commerce, And Edi 247
10.12 Non-Company Networks And Bulletin Boards 250
11.0 Protection of Assets: Human, Physical And Intellectual 256
11.1 Security Framework 258
11.1 Security Framework (Continued) 259
11.1 Security Framework (Continued) 260
11.2 Perimeter Security 261
11.2 Perimeter Security (Continued) 262
11.3 Interior Security 264
11.3 Interior Security 265
11.4 Protecting Intellectual Property 266
12.0 The Insurance Process 268
12.1 Protection Against Physical Damage And Other Accidents 269
12.2 Insurance (Property & Casualty Risks) 270
12.3 Business Continuity 272
13.0 Environmental, Health, And Safety (Eh&S) 273
13.1 General Controls 275
13.1 General Controls (Continued) 276
14.0 Customer Services 277
14.1 Policy 279
14.1 Policy (Continued) 280
14.1 Policy (Continued) 281
14.2 Call Center Management 282
14.2 Call Center Management (Continued) 283
14.3 Warranty 284
14.3 Warranty (Continued) 285
14.3 Warranty (Continued) 286
14.4 Support Sales 287
15.0 Professional Services (Ps) 288
15.1 General Controls 290
15.1 General Controls (Continued) 291
15.2 Opportunity-Bid Process 292
15.2 Opportunity-Bid Process (Continued) 293
15.2 Opportunity-Bid Process (Continued) 294
15.3 Program Management 295
15.3 Program Management (Continued) 296
15.3 Program Management (Continued) 297
15.3 Program Management (Continued) 298
15.3 Program Management (Continued) 299
15.4 Customer Order Management 300
15.4 Customer Order Management (Continued) 301
15.4 Customer Order Management (Continued) 302
16.0 Entity Level Controls 303
16.1 Compliance And Compliance Screening 305
16.1 Compliance And Compliance Screening (Continued) 306
16.2 Internal Controls Roles And Responsibilities 308
16.2 Internal Controls Roles And Responsibilities (Continued) 309
16.4 Audit Committee Controls 313
16.4 Audit Committee Controls (Continued) 314
16.4 Audit Committee Controls (Continued) 315
17.0 Glossary 318
18.0 Addendum - Additional Tools 327
18.1 Example Internal Controls Policy 327
18.2 Delegation of Authority (Doa) Policy 330
18.3 Segregation of Duties (Sod) Policy 338
18.4 System Access (Sa) Policy 352
18.5 Pricing Policy Example 355
18.6 Testing Internal Controls And Selecting Sample Sizes 357
References 361
Introduction 9
Internal Controls And Fraud Prevention 9
Internal Controls And Fraud Prevention: Additional Statistics 10
Who Will Benefit From This Toolkit 11
About The Standards of Internal Control 12
How Were The Standards Developed? 12
How Are The Standards Used? 12
What Is The Basic Premise of The Standards? 12
When Should The Standard Be Updated? 12
What Is A Best Practice For Implementing And Using The Standards? 12
General Standards of Internal Control 13
How This Toolkit Is Organized 14
1.0 Background On Internal Controls 15
The Goals And Challenges of Internal Controls 15
Risk Based Internal Controls 15
Application of Internal Controls 16
The Three Critical Corporate Controls 17
The Background And History of Internal Controls 19
Securities Act of 1933 19
Securities Exchange Act of 1934 19
Trust Indenture Act of 1939 19
Investment Company Act of 1940 19
Investment Advisors Act of 1940 19
Foreign Corrupt Practices Act (Fcpa) of 1977 19
Comprehensive Crime Control Act - 1984 20
Federal Sentencing Guidelines For Organizations - 1991 20
Internal Control - Integrated Framework - 1992 And 2013 20
Coso's Monitoring Guidance 21
Cobit - 1996 23
Systrust - 1999 23
Corporate Frauds - 2001-2002 23
U.S. Sarbanes Oxley Act of 2002 24
Enterprise Risk Management (Erm) Integrated Framework - 2004 And 2013 25
Example: Enterprise Risk Management (Erm) And The Application to The
Procure to Pay (P2p) Cycle 26
An Erm Checklist 27
Internal Control Over Financial Reporting - Guidance For Smaller Public
Companies - 2006 28
Guidance On Monitoring Internal Control Systems - 2009 28
Definition of Internal Controls 29
Types of Internal Controls And Control Mechanisms 29
Major Types of Internal Control 29
Compensating Controls 30
Other Controls 30
Organization Controls 30
Policy Controls 31
Procedure Controls 31
Supervisory Controls 31
Review Controls 31
Leveraging The Standards of Internal Control to Implement A Controls
Self-Assessment (Csa) Program 32
Ethics And "Tone At The Top" 34
What Is 'Tone At The Top'? 34
What Are The Components of An Effective Ethics Policy? 34
What Are The Components of A Well-Defined Code of Conduct? 34
What Are Examples of Poor "Tone At The Top"? 35
Code of Conduct Considerations 35
Entity Level Controls 36
Benefits For Entity Level Controls 36
"Tone At The Top" 36
Roles And Responsibilities For Internal Control 38
2.0 The Order to Cash (O2c) Process 42
2.1 Order Entry/Edit 45
2.1 Order Entry/Edit (Continued) 46
2.1 Order Entry/Edit (Continued) 47
2.2 Export Controls 48
2.2 Export Controls (Continued) 50
2.2 Export Controls (Continued) 51
2.3 Sales Contracts 53
2.3 Sales Contracts (Continued) 54
2.4 Credit 55
2.4 Credit (Continued) 56
2.5 Shipping 58
2.5 Shipping (Continued) 59
2.5 Shipping (Continued) 60
2.6 Revenue Recognition/Billing 61
2.6 Revenue Recognition/Billing (Continued) 62
2.6 Revenue Recognition/Billing (Continued) 63
2.6 Revenue Recognition/Billing (Continued) 64
2.7 Accounts Receivable (Ar) 66
2.7 Accounts Receivable (Ar) (Continued) 67
2.8 Collection 69
2.9 Cash Receipts And Application 70
2.9 Cash Receipts And Application (Continued) 71
2.10 Price Establishment 72
2.10 Price Establishment (Continued) 73
2.11 Promotional Activities 74
2.11 Promotional Activities (Continued) 75
2.11 Promotional Activities (Continued) 76
3.0 Treasury Process 77
3.1 General Treasury Controls 80
3.1 General Treasury Controls (Continued) 81
3.1 General Treasury Controls (Continued) 82
3.2 Financing Operations 83
3.2 Financing Operations (Continued) 84
3.3 Investment of Available Funds 85
3.3 Investment of Available Funds (Continued) 86
3.4 Foreign Exchange 87
3.4 Foreign Exchange (Continued) 88
4.0 Procure to Pay (P2p) Process 89
4.2 Purchasing/Ordering 99
4.2 Purchasing/Ordering (Continued) 100
4.2 Purchasing/Ordering (Continued) 101
4.2 Purchasing/Ordering (Continued) 102
4.3 Import Controls 103
4.3 Import Controls (Continued) 104
4.4 Receiving 105
4.4 Receiving (Continued) 106
4.4 Receiving (Continued) 107
4.5 Accounts Payable 108
4.5 Accounts Payable (Continued) 109
4.5 Accounts Payable Continued) 110
4.6 The Payment Process - General 111
4.6 The Payment Process - General (Continued) 112
4.6 The Payment Process - General (Continued) 113
4.7 The Payment Process - Travel And Entertainment 114
4.7 The Payment Process - Travel And Entertainment 115
4.8 Research And Product Development 116
4.8 Research And Product Development (Continued) 117
4.8 Research And Product Development (Continued) 118
4.9 Procurment Cards (P-Cards) 119
4.9 Procurment Cards (P-Cards) (Continued) 120
4.9 Procurment Cards (P-Cards) (Continued) 121
5.0 Hire to Retire (H2r) Process 122
5.1 Payroll Preparation And Security 125
5.1 Payroll Preparation And Security (Continued) 126
5.2 Payroll Payment Controls 128
5.2 Payroll Payment Controls 129
5.3 Distribution of Payroll 130
5.4 Compensation And Benefits 131
5.4 Compensation And Benefits (Continued) 132
5.5 Hiring And Termination 133
5.5 Hiring And Termination (Continued) 134
5.6 Education, Training, And Development 135
5.7 Contingent Workforce 136
5.7 Contingent Workforce (Continued) 138
6.0 The Supply Chain Process 139
6.1 Planning & Control 142
6.1 Planning & Control (Continued) 143
6.2 Inventory Control 144
6.2 Inventory Control (Continued) 145
6.2 Inventory Control (Continued) 146
6.3 Inventory Verification 147
6.3 Inventory Verification (Continued) 148
6.4 Inventory Valuation 149
6.5 Product Cost Management 150
6.5 Product Cost Management (Continued) 151
6.5 Product Cost Management (Continued) 152
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners 153
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued)
154
6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued)
155
6.8 Tranportation And Logistics 158
6.8 Tranportation And Logistics (Continued) 159
7.0 Record to Report (R2r) 161
7.1 International Transfer Pricing 166
7.2 Intercompany Transactions 167
7.2 Intercompany Transactions (Continued) 168
7.3 Accumulation of Financial Information 169
7.3 Accumulation of Financial Information (Continued) 170
7.4 Processing And Reporting of Financial Information (The Final Mile) 171
7.5 Fixed Assets 174
7.5 Fixed Assets (Continued) 175
7.5 Fixed Assets (Continued) 176
8.0 Government Contracts 177
8.1 United States Government Contracts - General 178
8.1 United States Government Contracts - General (Continued) 179
8.1 United States Government Contracts - General (Continued) 180
8.1 United States Government Contracts - General (Continued) 181
8.1 United States Government Contracts - General (Continued) 182
8.2 United States Government Contracts - Non-Commercial Products 183
8.2 United States Government Contracts - Non-Commercial Products
(Continued) 184
8.3 United States Government Contracts - Commercial Products 185
8.3 United States Government Contracts - Commercial Products (Continued)
186
8.3 United States Government Contracts - Commercial Products (Continued)
187
8.4 Contracts With State And Local Governments And Educational Institutions
Within The United States 188
8.5 Contracts With Governments Outside The United States 190
8.5 Contracts With Governments Outside The United States (Continued) 191
9.0 Records And Information Management 192
9.2 Standards of Internal Record Keeping Requirements 197
9.2 Standards of Internal Record Keeping Requirements (Continued) 198
9.2 Standards of Internal Record Keeping Requirements (Continued) 198
10.0 Computer, Telecommunication And Systems Controls 201
10.1 Owners, Users, And Service Providers 206
10.1 Owners, Users, And Service Providers 207
10.1 Owners, Users, And Service Providers (Continued) 208
10.1 Owners, Users, And Service Providers (Continued) 209
10.3 Computer Access Control 214
10.4 Network Operations And Security Controls 224
10.4 Network Operations And Security Controls (Continued) 225
10.5 Systems Development Methodology 228
10.5 Systems Development Methodology (Continued) 229
10.5 Systems Development Methodology (Continued) 230
10.6 Change Management 231
10.6 Change Management (Continued) 232
10.7 Computer And Telecommunications Backup For Production Restart/Recovery
235
10.8 Disaster Recovery And Business Contingency Planning 237
10.8 Disaster Recovery And Business Contingency Planning (Continued) 241
10.8 Disaster Recovery And Business Contingency Planning (Continued) 242
10.9 Input Controls 243
10.10 Output Controls 245
10.11 Paperless Transactions, Electronic Commerce, And Edi 247
10.12 Non-Company Networks And Bulletin Boards 250
11.0 Protection of Assets: Human, Physical And Intellectual 256
11.1 Security Framework 258
11.1 Security Framework (Continued) 259
11.1 Security Framework (Continued) 260
11.2 Perimeter Security 261
11.2 Perimeter Security (Continued) 262
11.3 Interior Security 264
11.3 Interior Security 265
11.4 Protecting Intellectual Property 266
12.0 The Insurance Process 268
12.1 Protection Against Physical Damage And Other Accidents 269
12.2 Insurance (Property & Casualty Risks) 270
12.3 Business Continuity 272
13.0 Environmental, Health, And Safety (Eh&S) 273
13.1 General Controls 275
13.1 General Controls (Continued) 276
14.0 Customer Services 277
14.1 Policy 279
14.1 Policy (Continued) 280
14.1 Policy (Continued) 281
14.2 Call Center Management 282
14.2 Call Center Management (Continued) 283
14.3 Warranty 284
14.3 Warranty (Continued) 285
14.3 Warranty (Continued) 286
14.4 Support Sales 287
15.0 Professional Services (Ps) 288
15.1 General Controls 290
15.1 General Controls (Continued) 291
15.2 Opportunity-Bid Process 292
15.2 Opportunity-Bid Process (Continued) 293
15.2 Opportunity-Bid Process (Continued) 294
15.3 Program Management 295
15.3 Program Management (Continued) 296
15.3 Program Management (Continued) 297
15.3 Program Management (Continued) 298
15.3 Program Management (Continued) 299
15.4 Customer Order Management 300
15.4 Customer Order Management (Continued) 301
15.4 Customer Order Management (Continued) 302
16.0 Entity Level Controls 303
16.1 Compliance And Compliance Screening 305
16.1 Compliance And Compliance Screening (Continued) 306
16.2 Internal Controls Roles And Responsibilities 308
16.2 Internal Controls Roles And Responsibilities (Continued) 309
16.4 Audit Committee Controls 313
16.4 Audit Committee Controls (Continued) 314
16.4 Audit Committee Controls (Continued) 315
17.0 Glossary 318
18.0 Addendum - Additional Tools 327
18.1 Example Internal Controls Policy 327
18.2 Delegation of Authority (Doa) Policy 330
18.3 Segregation of Duties (Sod) Policy 338
18.4 System Access (Sa) Policy 352
18.5 Pricing Policy Example 355
18.6 Testing Internal Controls And Selecting Sample Sizes 357
References 361