Page 409 - Onboarding May 2017
P. 409

ADMINISTRATION: FINANCE & ACCOUNTING
                           Control Characteristics
 Business Process   BP ID  Business Process Name  CSCS   Primary Risk(s)  Secondary   Control Activity(ies)  Control Frequency   Control   Primary 1-Critical Control (P1)                      Evidence of Control
 Category  Business Unit  Risk(s)  (continuous, daily,   Nature  Primary 2-Significant Control (P2)
                    monthly, periodic)  Secondary (S)
 C32 & C25-Segregation of duties and other control by third party   Approved Invoice Report
 (InfoSync)
 R11-Fraudulent activities which are subject of public   No one at CSCS has access to enter vendors into the vendor   Annual audit by independent third
 BP 50  New Vendor Setup & Maintenance  Administration  scrutiny and investigation  R9  master file.  CSCS Sr. Manager, Finance & Accounting, periodically   Periodic  Preventive  P2  parties (risk document - see
 reviews the vendor master for validity.  New vendor set up and
 R19-Inaccurate information and data  maintenance is approved by CSCS through the invoice approval   name / Annual audit report)
 process.
 Weekly approval process sent by InfoSync to CSCS
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Approved Invoice Report
 (InfoSync)
 scrutiny and investigation
 BP 51  Invoice Entry  Administration  R9  Continuous  Preventive  P1  Annual audit by independent third
 C38-Continuous review and control from CSCS
 Accounts   R19-Inaccurate information and data  Monthly reporting process by InfoSync to CSCS  parties
 Payable   C32 & C25-Segregation of duties and other control by third party
 Controls /   R11-Fraudulent activities which are subject of public   (InfoSync)  Approved check register
 scrutiny and investigation
 Processes  BP 52  Invoice Payment  Administration  R9  Continuous  Preventive  P1  Annual audit by independent third
 R19-Inaccurate information and data  C38-Continuous review and control from CSCS  parties
 Monthly reporting process by InfoSync to CSCS
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Review and approval of original
 (InfoSync)
 scrutiny and investigation               receipt
 BP 53  Corporate Expense Card Payment  Administration  R9  Continuous  Preventive  P1
 C38-Continuous review and control from CSCS
 R19-Inaccurate information and data      Approved check register
 Monthly reporting process by InfoSync to CSCS
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Approved check register
 (InfoSync)
 scrutiny and investigation
 BP 54  Expense Report Payment  Administration  R9  Continuous  Preventive  P1  Annual audit by independent third
 C38-Continuous review and control from CSCS
 R19-Inaccurate information and data  Monthly reporting process by InfoSync to CSCS  parties
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Biweekly Sourcing Fee Invoice
 scrutiny and investigation
 (InfoSync)                               Report
 BP 55 (A) Sourcing Fee Invoices (for Dry Mix)  Administration  R9  Continuous  Preventive  P1
 R19-Inaccurate information and data
 C38-Continuous review and control from CSCS  Annual audit by independent third
 Monthly reporting process by InfoSync to CSCS  parties
 R18-2-Monetary loss
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party   Vendor PO Reports and
 scrutiny and investigation
 (InfoSync)                               Reconciliation
 BP 55 (B) Sourcing Fee Invoices (for Other Products)  Administration  R9  Continuous  Preventive  P1
 R19-Inaccurate information and data
 C38-Continuous review and control from CSCS  Annual audit by independent third
 Monthly reporting process by InfoSync to CSCS  parities
 R18-2-Monetary loss
 R11-Fraudulent activities which are subject of public   C32 & C25-Segregation of duties and other control by third party
 (InfoSync)
 scrutiny and investigation               Periodic Price Variance Invoice
 BP 56  Price Variance Analysis Invoices    Administration  R9  Continuous  Preventive  P1  Report
 C38-Continuous review and control from CSCS
 R19-Inaccurate information and data
 Accounts   Monthly reporting process by InfoSync to CSCS  Quarterly Membership
 C32 & C25-Segregation of duties and other control by third party
 Receivable   (InfoSync)                  Reconciliation
 Controls /
 Processes  BP 57  Membership Fees  Administration  R19-Inaccurate information and data  R9  C38-Continuous review and control from CSCS  Continuous  Preventive  P1  Balance Sheet Details
 Monthly reporting process by InfoSync to CSCS
                                          Annual audit by independent third
 C40-Annual audit by third party          parties
 C32 & C25-Segregation of duties and other control by third party
 (InfoSync)
                                          Patronage Spreadsheet
 C24-Utilizing dual signoff on cash disbursements
 BP 58  Patronage Calculations/ Disbursement  Administration  R19-Inaccurate information and data  R9, R11, R18  Continuous  Preventive  P1  Annual audit by independent third
 C38-Continuous review and control from CSCS  parties
 Monthly reporting process by InfoSync to CSCS
 C40-Annual audit by third party
 C32 & C25-Segregation of duties and other control by third party
 (InfoSync)
 BP 59  IHOP and Applebee’s Franchisee Conference Invoices   Administration  R22-Leak of confidential information  R9, R11  Continuous  Preventive  P1  Reconciliation Spreadsheet
                                          showing committed vs. received
 C38-Continuous review and control from CSCS
 Monthly reporting process by InfoSync to CSCS
 BP 60 (A) Payroll  R18-2-Monetary loss   Personal Folders documenting
                                          any change in compensation
                                          401(k) Election spreadsheet by
                                          Associate
                                          401(k) deduction spreadsheet
                                          every payroll from InfoSync
 C32 & C25-Segregation of duties and other control by third party
 Payroll and   BP 60 (B) 401(k) Accounts  (InfoSync)  Contribution detail report from
 Benefits   Administration  R9, R22  C38-Continuous review and control from CSCS  Continuous  Preventive  P1  plan administrators
 Controls /   R11-Fraudulent activities which are subject of public   Monthly reporting process by InfoSync to CSCS
 Processes  scrutiny and investigation    Form 5500-SF [Annual 401(k)
                                          audit done by Tax Favored
 C40-Annual audit by third party          Benefits]
                                          Election spreadsheet by
                                          Associate
 BP 60 (C) Health Savings Accounts
                                          Deduction spreadsheet from
                                          InfoSync every payroll
 Business Insurance
 R10-Penalty for non-compliance with regulatory   C32-Segregation of duties - tax returns are prepared by third party
 Other   requirements  and signed by CAO. Third party insurance agent is notified if   Independent third parties provide
 Administration   BP 65  Corporate Taxes  Administration  R18-2-Monetary loss  R9  premiums are not paid and they would, in turn, notify CAO.  Periodic  Preventive  P1  services and segregation of
 Processes                                duties
 R11-Fraudulent activities which are subject of public   C40-Annual audit by third party
 scrutiny and investigation
 ADMINISTRATION: HUMAN RESOURCES
   404   405   406   407   408   409   410   411   412   413   414