Page 398 - Aida Hovsepian Onboarding
P. 398
R3, R20, R21, C45-System Control Corrective Correspondence between CSCS
BP 15 (A) Data Integrity Audits Administration R19-Inaccurate information and data R22, R23, Continuous Preventive P1 and suppliers, DCs, Brands, and
R24 C56-Data Audits Detective System admin.
C32-Segregation of duties
Procurement/
BP 15 (B) Price Index (Commodity pricing tracking and forecasting) Administration/ R19-Inaccurate information and data R21, R22, C20-All CSCS Associates have access to the price index Continuous Preventive P1 The index outputs are published to
R23, R24
Members and Brands.
Detective
Logistics
C43-Protection of confidential information
Analytics C32-Segregation of duties The report shared with the Audit
BP 15 (C) Modified PPI or Performance Tracking of the Co-ops Procurement/ R23-Relationship issues with Members R19, R21, C20-All CSCS Associates have access to the price index Periodic Preventive P1 and Finance Committee for each
Administration R22, R24 Detective
brand.
C43-Protection of confidential information
Procurement/ R21, R22, C32-Segregation of duties Preventive The tracking output is published to
BP 15 (D) Commodity Quintile Tracking R19-Inaccurate information and data Continuous P1
Administration R23, R24 C20-All CSCS Associates have access to the tracking sheet Detective the Oversight Committee
R17-Pricing discrepancy or disadvantage
Procurement/ C37-Conduct Price Variance Analysis to detect the incorrect pricing
BP 20 Price Variance Analysis R23 Continuous Preventive P1 Price Variance Analysis reports
Administration charged by distributors
R18-1-Unfavorable impacts on cost of goods sold
ADMINISTRATION: COMMUNICATION & MEMBERSHIP
Control Characteristics
Business Process BP ID Business Process Name CSCS Primary Risk(s) Secondary Control Activity(ies) Control Frequency Control Primary 1-Critical Control (P1) Evidence of Control
Category Business Unit Risk(s) (continuous, daily, Primary 2-Significant Control (P2)
monthly, periodic) Nature Secondary (S)
C42-Multi-tiered internal approval process. Approval by Directors and
CFO required prior to distribution of information. Preventive Email approvals from CFO and
BP 1 Member Communication Management Administration R19-Inaccurate information and data R22, R23 Periodic P2 Directors
C43-Protection of confidential information. Information deemed
Communication confidential and proprietary is only published on secured websites.
Management User name and password are
required to access the Associate
C43-Protection of confidential information. Information deemed and Member websites
BP 2 Website Management Administration R22-Leak of confidential information R19, R23 Periodic Preventive P1
confidential and proprietary is only published on secured websites.
Passwords are auto-generated by
the system
Membership Subscription
C41-Managing Members' data through Membership Subscription Agreement (physical copies &
Agreement.
Havi)
C32-Segregation of duties - Includes CFO signature on Membership Member Stock Certificate
Subscription Agreement, CEO and Concept Co-op Secretary (physical copies & Havi)
Member Data R9, R18-2, signatures on Stock Certificate, notification by Brand of store and
Management BP 3 Membership Management Administration R19-Inaccurate information and data R22, R23 franchisee ownership and status changes to Analyst, Controller, Continuous Preventive P1 Annual Financial Audit
which dictate onboarding/offboarding activities, including stock share
fee received and redeemed.
Brand communication regarding
store/franchisee changes
C45-System control - Franchise and store information provided via
data feed from Applebee's system of record (SDMS) and IHOP Weekly data quality control audits
system of record (FRED). for store information by Havi
ADMINISTRATION: BOARD GOVERNANCE
Control Characteristics
Business Process BP ID Business Process Name CSCS Primary Risk(s) Secondary Control Activity(ies) Control Frequency Control Primary 1-Critical Control (P1) Evidence of Control
Category Business Unit Risk(s) (continuous, daily, Nature Primary 2-Significant Control (P2)
monthly, periodic) Secondary (S)
BP 4 Annual Election Process Administration R14-2-Non-compliance with Bylaws R19, R23 C44-Legal review of completed proxies to ensure all votes are valid Periodic Preventive P2 Documentation of review of
completed proxies by third party
by third party legal counsel legal counsel
C26-Provide annual antitrust training; CSCS Antitrust Compliance
Certificates
Board BP 5 Director Compliance Administration R9-Damage to Brand and company reputation by R14-2, R22, Periodic Preventive P1 Completed compliance records
Governance unethical behavior or incompetence R23, R24 C27-CSCS Confidentiality Agreement are stored on-site
C29-CSCS Code of Conduct
Board approval of meeting
R9, R14-2, C27-CSCS Confidentiality Agreement
R11-Fraudulent activities which are subject of public minutes saved on Members'
BP 6 Board Meeting Management Administration R19, R22, Periodic Preventive P2
scrutiny and investigation website in Franchise Principal
R23 C44-Legal presence at all Board Meetings
section
BRAND MANAGEMENT
Control Characteristics
Business Process BP ID Business Process Name CSCS Primary Risk (s) Secondary CONTROL ACTIVITY (IES) Control Frequency Control Primary 1 (P1 - Critical Control), EVIDENCE OF CONTROL
Category Business Unit Risk (s) (continuous, daily, Nature Primary 2 (P2 - Significant Control),
monthly, periodic) Secondary (S)
See relevant risks below: test demand planning, test
Brand
BP 270 Test Implementation Overview execution & management, and test inventory See relevant controls below See relevant details below See evidence below
Management
management
Brand C12-Risk Assessment Form (Both Brands) Risk Assessment Form (Both
BP 280 Test Planning R3-Continuity of supply R18 Periodic Preventive P2
Management Brands)
Test Brief
C49-Test Brief
Brand
BP 290 Test Initiation R3-Continuity of supply Periodic Preventive P1
Management Food Show followed by Kick-off
C50-Food show (Both Brands)
meeting (Both Brands)
For Applebee's: Brand Forecast
Spreadsheet, Recipe/Yields (Star
Chef or Training Document
Applebee's), Location list
(impacted DCs/restaurants) from
Brand C7-CSCS engages brands in this process. CSCS does not move
BP 300 Test Forecasting Including Yields R19-Incorrect information and data Periodic Preventive P1 Strategy Implementation (Test
Management forward without forecast and yield.
Overview)
Testing
For IHOP: Forecast yields (from
Business Analytics) and Recipe
from Charter folder
