Page 394 - Aida Hovsepian Onboarding
P. 394
ADMINISTRATION: FINANCE & ACCOUNTING
Control Characteristics
Business Process BP ID Business Process Name CSCS Primary Risk(s) Secondary Control Activity(ies) Control Frequency Control Primary 1-Critical Control (P1) Evidence of Control
Category Business Unit Risk(s) (continuous, daily, Nature Primary 2-Significant Control (P2)
monthly, periodic) Secondary (S)
C32 & C25-Segregation of duties and other control by third party Approved Invoice Report
(InfoSync)
R11-Fraudulent activities which are subject of public No one at CSCS has access to enter vendors into the vendor master Annual audit by independent third
scrutiny and investigation
BP 50 New Vendor Setup & Maintenance Administration R9 file. CSCS Sr. Manager, Finance & Accounting, periodically reviews Periodic Preventive P2 parties (risk document - see name
the vendor master for validity. New vendor set up and maintenance / Annual audit report)
R19-Inaccurate information and data is approved by CSCS through the invoice approval process.
Weekly approval process sent by InfoSync to CSCS
C32 & C25-Segregation of duties and other control by third party
R11-Fraudulent activities which are subject of public (InfoSync) Approved Invoice Report
scrutiny and investigation
BP 51 Invoice Entry Administration R9 Continuous Preventive P1 Annual audit by independent third
Monthly reporting process by InfoSync to CSCS
Accounts R19-Inaccurate information and data C38-Continuous review and control from CSCS parties
Payable Controls R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Approved check register
(InfoSync)
/ Processes BP 52 Invoice Payment Administration scrutiny and investigation R9 Continuous Preventive P1 Annual audit by independent third
R19-Inaccurate information and data C38-Continuous review and control from CSCS parties
Monthly reporting process by InfoSync to CSCS
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Review and approval of original
(InfoSync)
BP 53 Corporate Expense Card Payment Administration scrutiny and investigation R9 Continuous Preventive P1 receipt
C38-Continuous review and control from CSCS
R19-Inaccurate information and data Approved check register
Monthly reporting process by InfoSync to CSCS
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Approved check register
scrutiny and investigation (InfoSync)
BP 54 Expense Report Payment Administration R9 Continuous Preventive P1 Annual audit by independent third
C38-Continuous review and control from CSCS
R19-Inaccurate information and data parties
Monthly reporting process by InfoSync to CSCS
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Biweekly Sourcing Fee Invoice
scrutiny and investigation
(InfoSync) Report
BP 55 (A) Sourcing Fee Invoices (for Dry Mix) Administration R9 Continuous Preventive P1
R19-Inaccurate information and data
C38-Continuous review and control from CSCS Annual audit by independent third
Monthly reporting process by InfoSync to CSCS parties
R18-2-Monetary loss
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Vendor PO Reports and
scrutiny and investigation
(InfoSync) Reconciliation
BP 55 (B) Sourcing Fee Invoices (for Other Products) Administration R9 Continuous Preventive P1
R19-Inaccurate information and data
C38-Continuous review and control from CSCS Annual audit by independent third
R18-2-Monetary loss Monthly reporting process by InfoSync to CSCS parities
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party
(InfoSync)
scrutiny and investigation Periodic Price Variance Invoice
BP 56 Price Variance Analysis Invoices Administration R9 Continuous Preventive P1 Report
R19-Inaccurate information and data C38-Continuous review and control from CSCS
Accounts Monthly reporting process by InfoSync to CSCS Quarterly Membership
C32 & C25-Segregation of duties and other control by third party
Receivable (InfoSync) Reconciliation
Controls /
Processes BP 57 Membership Fees Administration R19-Inaccurate information and data R9 C38-Continuous review and control from CSCS Continuous Preventive P1 Balance Sheet Details
Monthly reporting process by InfoSync to CSCS
Annual audit by independent third
C40-Annual audit by third party parties
C32 & C25-Segregation of duties and other control by third party
(InfoSync)
C24-Utilizing dual signoff on cash disbursements Patronage Spreadsheet
BP 58 Patronage Calculations/ Disbursement Administration R19-Inaccurate information and data R9, R11, R18 Continuous Preventive P1 Annual audit by independent third
C38-Continuous review and control from CSCS parties
Monthly reporting process by InfoSync to CSCS
C40-Annual audit by third party
C32 & C25-Segregation of duties and other control by third party
(InfoSync)
BP 59 IHOP and Applebee’s Franchisee Conference Invoices Administration R22-Leak of confidential information R9, R11 Continuous Preventive P1 Reconciliation Spreadsheet
showing committed vs. received
C38-Continuous review and control from CSCS
Monthly reporting process by InfoSync to CSCS
BP 60 (A) Payroll R18-2-Monetary loss Personal Folders documenting
any change in compensation
401(k) Election spreadsheet by
Associate
401(k) deduction spreadsheet
every payroll from InfoSync
C32 & C25-Segregation of duties and other control by third party
Payroll and (InfoSync) Contribution detail report from plan
Benefits BP 60 (B) 401(k) Accounts administrators
Controls / Administration R11-Fraudulent activities which are subject of public R9, R22 C38-Continuous review and control from CSCS Continuous Preventive P1 Form 5500-SF [Annual 401(k)
Monthly reporting process by InfoSync to CSCS
Processes scrutiny and investigation audit done by Tax Favored
C40-Annual audit by third party Benefits]
Election spreadsheet by Associate
BP 60 (C) Health Savings Accounts Deduction spreadsheet from
InfoSync every payroll
Business Insurance
R10-Penalty for non-compliance with regulatory C32-Segregation of duties - tax returns are prepared by third party
Other requirements and signed by CAO. Third party insurance agent is notified if
Administration BP 65 Administration R9 premiums are not paid and they would, in turn, notify CAO. Periodic Preventive P1 Independent third parties provide
Processes R18-2-Monetary loss services and segregation of duties
R11-Fraudulent activities which are subject of public C40-Annual audit by third party
scrutiny and investigation
