Page 395 - Aida Hovsepian Onboarding
P. 395

ADMINISTRATION: FINANCE & ACCOUNTING
                            Control Characteristics
 Business Process   BP ID  Business Process Name  CSCS   Primary Risk(s)  Secondary   Control Activity(ies)  Control Frequency   Control   Primary 1-Critical Control (P1)                      Evidence of Control
 Category  Business Unit  Risk(s)  (continuous, daily,   Nature  Primary 2-Significant Control (P2)
                     monthly, periodic)  Secondary (S)
 C32 & C25-Segregation of duties and other control by third party   Approved Invoice Report
 (InfoSync)
 R11-Fraudulent activities which are subject of public   No one at CSCS has access to enter vendors into the vendor master   Annual audit by independent third
 scrutiny and investigation
 BP 50  New Vendor Setup & Maintenance  Administration  R9  file.  CSCS Sr. Manager, Finance & Accounting, periodically reviews   Periodic  Preventive  P2  parties (risk document - see name
 the vendor master for validity.  New vendor set up and maintenance   / Annual audit report)
 R19-Inaccurate information and data  is approved by CSCS through the invoice approval process.
 Weekly approval process sent by InfoSync to CSCS
 C32 & C25-Segregation of duties and other control by third party
 R11-Fraudulent activities which are subject of public   (InfoSync)  Approved Invoice Report
 scrutiny and investigation
 BP 51  Invoice Entry  Administration  R9  Continuous  Preventive  P1  Annual audit by independent third
 Monthly reporting process by InfoSync to CSCS
 Accounts   R19-Inaccurate information and data  C38-Continuous review and control from CSCS  parties
 Payable Controls   R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Approved check register
 (InfoSync)
 / Processes  BP 52  Invoice Payment  Administration  scrutiny and investigation  R9  Continuous  Preventive  P1  Annual audit by independent third
 R19-Inaccurate information and data  C38-Continuous review and control from CSCS  parties
 Monthly reporting process by InfoSync to CSCS
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Review and approval of original
 (InfoSync)
 BP 53  Corporate Expense Card Payment  Administration  scrutiny and investigation  R9  Continuous  Preventive  P1  receipt
 C38-Continuous review and control from CSCS
 R19-Inaccurate information and data        Approved check register
 Monthly reporting process by InfoSync to CSCS
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Approved check register
 scrutiny and investigation  (InfoSync)
 BP 54  Expense Report Payment  Administration  R9  Continuous  Preventive  P1  Annual audit by independent third
 C38-Continuous review and control from CSCS
 R19-Inaccurate information and data        parties
 Monthly reporting process by InfoSync to CSCS
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Biweekly Sourcing Fee Invoice
 scrutiny and investigation
 (InfoSync)                                 Report
 BP 55 (A) Sourcing Fee Invoices (for Dry Mix)  Administration  R9  Continuous  Preventive  P1
 R19-Inaccurate information and data
 C38-Continuous review and control from CSCS  Annual audit by independent third
 Monthly reporting process by InfoSync to CSCS  parties
 R18-2-Monetary loss
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Vendor PO Reports and
 scrutiny and investigation
 (InfoSync)                                 Reconciliation
 BP 55 (B) Sourcing Fee Invoices (for Other Products)  Administration  R9  Continuous  Preventive  P1
 R19-Inaccurate information and data
 C38-Continuous review and control from CSCS  Annual audit by independent third
 R18-2-Monetary loss  Monthly reporting process by InfoSync to CSCS  parities
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party
 (InfoSync)
 scrutiny and investigation                 Periodic Price Variance Invoice
 BP 56  Price Variance Analysis Invoices    Administration  R9  Continuous  Preventive  P1  Report
 R19-Inaccurate information and data  C38-Continuous review and control from CSCS
 Accounts   Monthly reporting process by InfoSync to CSCS  Quarterly Membership
 C32 & C25-Segregation of duties and other control by third party
 Receivable   (InfoSync)                    Reconciliation
 Controls /
 Processes  BP 57  Membership Fees  Administration  R19-Inaccurate information and data  R9  C38-Continuous review and control from CSCS  Continuous  Preventive  P1  Balance Sheet Details
 Monthly reporting process by InfoSync to CSCS
                                            Annual audit by independent third
 C40-Annual audit by third party            parties
 C32 & C25-Segregation of duties and other control by third party
 (InfoSync)
 C24-Utilizing dual signoff on cash disbursements  Patronage Spreadsheet
 BP 58  Patronage Calculations/ Disbursement  Administration  R19-Inaccurate information and data  R9, R11, R18  Continuous  Preventive  P1  Annual audit by independent third
 C38-Continuous review and control from CSCS  parties
 Monthly reporting process by InfoSync to CSCS
 C40-Annual audit by third party
 C32 & C25-Segregation of duties and other control by third party
 (InfoSync)
 BP 59  IHOP and Applebee’s Franchisee Conference Invoices   Administration  R22-Leak of confidential information  R9, R11  Continuous  Preventive  P1  Reconciliation Spreadsheet
                                            showing committed vs. received
 C38-Continuous review and control from CSCS
 Monthly reporting process by InfoSync to CSCS
 BP 60 (A) Payroll  R18-2-Monetary loss     Personal Folders documenting
                                            any change in compensation
                                            401(k) Election spreadsheet by
                                            Associate
                                            401(k) deduction spreadsheet
                                            every payroll from InfoSync
 C32 & C25-Segregation of duties and other control by third party
 Payroll and   (InfoSync)                   Contribution detail report from plan
 Benefits   BP 60 (B) 401(k) Accounts       administrators
 Controls /   Administration  R11-Fraudulent activities which are subject of public   R9, R22  C38-Continuous review and control from CSCS  Continuous  Preventive  P1  Form 5500-SF [Annual 401(k)
 Monthly reporting process by InfoSync to CSCS
 Processes  scrutiny and investigation      audit done by Tax Favored
 C40-Annual audit by third party            Benefits]
                                            Election spreadsheet by Associate
 BP 60 (C) Health Savings Accounts          Deduction spreadsheet from
                                            InfoSync every payroll
 Business Insurance
 R10-Penalty for non-compliance with regulatory   C32-Segregation of duties - tax returns are prepared by third party
 Other   requirements  and signed by CAO. Third party insurance agent is notified if
 Administration   BP 65  Administration  R9  premiums are not paid and they would, in turn, notify CAO.  Periodic  Preventive  P1  Independent third parties provide
 Processes  R18-2-Monetary loss             services and segregation of duties
 R11-Fraudulent activities which are subject of public   C40-Annual audit by third party
 scrutiny and investigation
   390   391   392   393   394   395   396   397   398   399   400