Page 393 - Onboarding May 2017
P. 393

Internal Control Plan



               Risk Assessment
               Risk assessment is the process of identifying risks that could negatively impact the Co-op’s
               performance. This section revolves around the department’s risk assessment process. This
               assessment is an on-going exercise to determine if business processes are being completed
               in the most efficient and effective manner while also abiding by state and federal laws and
               regulations. During the risk assessment process, CSCS performed the following tasks:

               •    Identified key responsibilities and functions as they relate to internal control.
               •    Identified transactions and systems that are vital to the accomplishment of the
                    department’s objectives.
               •    Identified obstacles and risks to each business process

               Annex D outlines control matrices for functional areas where all the risks are identified and
               prioritized.

               Control Activities

               Control activities include a variety of policies, procedures, practices or processes that are
               designed to ensure that necessary actions are taken to enforce the policies established by
               regulators or management. Examples of these types of activities are as follows:

                   •  Managing  relationship  and  contractual  obligations  with  DineEquity  and  Brand
                       through periodic review of Mutual Confidentiality Agreement / Rules of Engagement
                       (MCA/ROE):  The  Mutual  Confidentiality  Agreement  and  Rules  of  Engagement
                       (MCA/ROE) details the relationship with DineEquity, including confidentiality and
                       ownership of specifications/formulations. DineEquity requires this form be signed as
                       a condition of doing business with Applebee’s or IHOP. This is an evergreen document
                       that, once signed and executed, needs no further attention, unless otherwise noted.
                       CSCS is responsible for execution and management of this document.
                   •  Managing  relationship  and  contractual  obligations  with  suppliers  through  period
                       review of the Supplier Services Agreement (SSA) and SSA Addendum: The Supplier
                       Services Agreement (SSA) is required for suppliers with purchase agreements greater
                       than $500,000 or suppliers with multi-year purchase agreements to do business with
                       DineEquity via CSCS. It outlines the rules of engagement between the supplier and
                       CSCS.  This  is  an  evergreen  agreement  unless  CSCS  elects  at  some  future  point  to
                       execute a material change to the language. Services providers doing business directly
                       with  the  Co-op  are  excluded;  i.e.,  HAVI  Solutions,  Benefits  providers,  third  party
                       accounting, consultants, etc.
                   •  Segregation of duties: It provides for the division or segregation of duties among
                       different people to reduce the risk of undetected errors or inappropriate actions. Care
                       must  be  taken  to  avoid  improperly  delegating  responsibilities  to  one  individual
                       because this can create a situation whereby that one individual controls all aspects of
                       a transaction.
                   •  Effectively allocating human resources through Key Performance Index (especially
                       CPM target setting approved by Board): Key Performance Index (KPI) is designed for



               Centralized Supply Chain Services, LLC.                                                 Page 7
   388   389   390   391   392   393   394   395   396   397   398