Page 408 - Onboarding May 2017
P. 408
ADMINISTRATION: FINANCE & ACCOUNTING
Control Characteristics
Business Process BP ID Business Process Name CSCS Primary Risk(s) Secondary Control Activity(ies) Control Frequency Control Primary 1-Critical Control (P1) Evidence of Control
Category Business Unit Risk(s) (continuous, daily, Nature Primary 2-Significant Control (P2)
monthly, periodic) Secondary (S)
C32 & C25-Segregation of duties and other control by third party Approved Invoice Report
(InfoSync)
R11-Fraudulent activities which are subject of public No one at CSCS has access to enter vendors into the vendor Annual audit by independent third
BP 50 New Vendor Setup & Maintenance Administration scrutiny and investigation R9 master file. CSCS Sr. Manager, Finance & Accounting, periodically Periodic Preventive P2 parties (risk document - see
reviews the vendor master for validity. New vendor set up and
R19-Inaccurate information and data maintenance is approved by CSCS through the invoice approval name / Annual audit report)
process.
Weekly approval process sent by InfoSync to CSCS
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Approved Invoice Report
(InfoSync)
scrutiny and investigation
BP 51 Invoice Entry Administration R9 Continuous Preventive P1 Annual audit by independent third
C38-Continuous review and control from CSCS
Accounts R19-Inaccurate information and data Monthly reporting process by InfoSync to CSCS parties
Payable C32 & C25-Segregation of duties and other control by third party
Controls / R11-Fraudulent activities which are subject of public (InfoSync) Approved check register
scrutiny and investigation
Processes BP 52 Invoice Payment Administration R9 Continuous Preventive P1 Annual audit by independent third
R19-Inaccurate information and data C38-Continuous review and control from CSCS parties
Monthly reporting process by InfoSync to CSCS
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Review and approval of original
(InfoSync)
scrutiny and investigation receipt
BP 53 Corporate Expense Card Payment Administration R9 Continuous Preventive P1
C38-Continuous review and control from CSCS
R19-Inaccurate information and data Approved check register
Monthly reporting process by InfoSync to CSCS
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Approved check register
(InfoSync)
scrutiny and investigation
BP 54 Expense Report Payment Administration R9 Continuous Preventive P1 Annual audit by independent third
C38-Continuous review and control from CSCS
R19-Inaccurate information and data Monthly reporting process by InfoSync to CSCS parties
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Biweekly Sourcing Fee Invoice
scrutiny and investigation
(InfoSync) Report
BP 55 (A) Sourcing Fee Invoices (for Dry Mix) Administration R9 Continuous Preventive P1
R19-Inaccurate information and data
C38-Continuous review and control from CSCS Annual audit by independent third
Monthly reporting process by InfoSync to CSCS parties
R18-2-Monetary loss
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party Vendor PO Reports and
scrutiny and investigation
(InfoSync) Reconciliation
BP 55 (B) Sourcing Fee Invoices (for Other Products) Administration R9 Continuous Preventive P1
R19-Inaccurate information and data
C38-Continuous review and control from CSCS Annual audit by independent third
Monthly reporting process by InfoSync to CSCS parities
R18-2-Monetary loss
R11-Fraudulent activities which are subject of public C32 & C25-Segregation of duties and other control by third party
(InfoSync)
scrutiny and investigation Periodic Price Variance Invoice
BP 56 Price Variance Analysis Invoices Administration R9 Continuous Preventive P1 Report
C38-Continuous review and control from CSCS
R19-Inaccurate information and data
Accounts Monthly reporting process by InfoSync to CSCS Quarterly Membership
C32 & C25-Segregation of duties and other control by third party
Receivable (InfoSync) Reconciliation
Controls /
Processes BP 57 Membership Fees Administration R19-Inaccurate information and data R9 C38-Continuous review and control from CSCS Continuous Preventive P1 Balance Sheet Details
Monthly reporting process by InfoSync to CSCS
Annual audit by independent third
C40-Annual audit by third party parties
C32 & C25-Segregation of duties and other control by third party
(InfoSync)
Patronage Spreadsheet
C24-Utilizing dual signoff on cash disbursements
BP 58 Patronage Calculations/ Disbursement Administration R19-Inaccurate information and data R9, R11, R18 Continuous Preventive P1 Annual audit by independent third
C38-Continuous review and control from CSCS parties
Monthly reporting process by InfoSync to CSCS
C40-Annual audit by third party
C32 & C25-Segregation of duties and other control by third party
(InfoSync)
BP 59 IHOP and Applebee’s Franchisee Conference Invoices Administration R22-Leak of confidential information R9, R11 Continuous Preventive P1 Reconciliation Spreadsheet
showing committed vs. received
C38-Continuous review and control from CSCS
Monthly reporting process by InfoSync to CSCS
BP 60 (A) Payroll R18-2-Monetary loss Personal Folders documenting
any change in compensation
401(k) Election spreadsheet by
Associate
401(k) deduction spreadsheet
every payroll from InfoSync
C32 & C25-Segregation of duties and other control by third party
Payroll and BP 60 (B) 401(k) Accounts (InfoSync) Contribution detail report from
Benefits Administration R9, R22 C38-Continuous review and control from CSCS Continuous Preventive P1 plan administrators
Controls / R11-Fraudulent activities which are subject of public Monthly reporting process by InfoSync to CSCS
Processes scrutiny and investigation Form 5500-SF [Annual 401(k)
audit done by Tax Favored
C40-Annual audit by third party Benefits]
Election spreadsheet by
Associate
BP 60 (C) Health Savings Accounts
Deduction spreadsheet from
InfoSync every payroll
Business Insurance
R10-Penalty for non-compliance with regulatory C32-Segregation of duties - tax returns are prepared by third party
Other requirements and signed by CAO. Third party insurance agent is notified if Independent third parties provide
Administration BP 65 Corporate Taxes Administration R18-2-Monetary loss R9 premiums are not paid and they would, in turn, notify CAO. Periodic Preventive P1 services and segregation of
Processes duties
R11-Fraudulent activities which are subject of public C40-Annual audit by third party
scrutiny and investigation
ADMINISTRATION: HUMAN RESOURCES
