Page 412 - Onboarding May 2017

P. 412

Procurement/ R21, R22, C32-Segregation of duties Preventive The tracking output is published
BP 15 (D) Commodity Quintile Tracking R19-Inaccurate information and data Continuous P1
Administration R23, R24 C20-All CSCS Associates have access to the tracking sheet Detective to the Oversight Committee
R17-Pricing discrepancy or disadvantage
Procurement/ C37-Conduct Price Variance Analysis to detect the incorrect pricing
BP 20 Price Variance Analysis R23 Continuous Preventive P1 Price Variance Analysis reports
Administration charged by distributors
R18-1-Unfavorable impacts on cost of goods sold
ADMINISTRATION: COMMUNICATION & MEMBERSHIP
Control Characteristics
Business Process BP ID Business Process Name CSCS Primary Risk(s) Secondary Control Activity(ies) Control Frequency Control Primary 1-Critical Control (P1) Evidence of Control
Category Business Unit Risk(s) (continuous, daily, Nature Primary 2-Significant Control (P2)
monthly, periodic) Secondary (S)
C42-Multi-tiered internal approval process. Approval by Directors
and CFO required prior to distribution of information. Preventive Email approvals from CFO and
BP 1 Member Communication Management Administration R19-Inaccurate information and data R22, R23 Periodic P2 Directors
C43-Protection of confidential information. Information deemed
Communication confidential and proprietary is only published on secured websites.
Management User name and password are
required to access the Associate
C43-Protection of confidential information. Information deemed and Member websites
BP 2 Website Management Administration R22-Leak of confidential information R19, R23 Periodic Preventive P1
confidential and proprietary is only published on secured websites.
Passwords are auto-generated by
the system
Membership Subscription
C41-Managing Members' data through Membership Subscription Agreement (physical copies &
Agreement.
Havi)
C32-Segregation of duties - Includes CFO signature on Member Stock Certificate
Membership Subscription Agreement, CEO and Concept Co-op (physical copies & Havi)
Member Data R9, R18-2, Secretary signatures on Stock Certificate, notification by Brand of
Management BP 3 Membership Management Administration R19-Inaccurate information and data R22, R23 store and franchisee ownership and status changes to Analyst, Continuous Preventive P1 Annual Financial Audit
Controller, which dictate onboarding/offboarding activities, including
stock share fee received and redeemed.
Brand communication regarding
store/franchisee changes
C45-System control - Franchise and store information provided via
data feed from Applebee's system of record (SDMS) and IHOP Weekly data quality control audits
system of record (FRED).
for store information by Havi
ADMINISTRATION: BOARD GOVERNANCE
Control Characteristics
Business Process BP ID Business Process Name CSCS Primary Risk(s) Secondary Control Activity(ies) Control Frequency Control Primary 1-Critical Control (P1) Evidence of Control
Category Business Unit Risk(s) (continuous, daily, Nature Primary 2-Significant Control (P2)
monthly, periodic) Secondary (S)
Documentation of review of
C44-Legal review of completed proxies to ensure all votes are valid
BP 4 Annual Election Process Administration R14-2-Non-compliance with Bylaws R19, R23 Periodic Preventive P2 completed proxies by third party
by third party legal counsel legal counsel
C26-Provide annual antitrust training; CSCS Antitrust Compliance
Certificates
Board BP 5 Director Compliance Administration R9-Damage to Brand and company reputation by R14-2, R22, Periodic Preventive P1 Completed compliance records
Governance unethical behavior or incompetence R23, R24 C27-CSCS Confidentiality Agreement are stored on-site
C29-CSCS Code of Conduct
R9, R14-2, C27-CSCS Confidentiality Agreement Board approval of meeting
R11-Fraudulent activities which are subject of public minutes saved on Members'
BP 6 Board Meeting Management Administration R19, R22, Periodic Preventive P2
scrutiny and investigation website in Franchise Principal
R23 C44-Legal presence at all Board Meetings
section
BRAND MANAGEMENT
Control Characteristics
Business Process BP ID Business Process Name CSCS Primary Risk (s) Secondary CONTROL ACTIVITY (IES) Control Frequency Control Primary 1 (P1 - Critical Control), EVIDENCE OF CONTROL
Category Business Unit Risk (s) (continuous, daily, Nature Primary 2 (P2 - Significant Control),
monthly, periodic) Secondary (S)
See relevant risks below: test demand planning, test
BP 270 Test Implementation Overview Brand execution & management, and test inventory See relevant controls below See relevant details below See evidence below
Management
management
Brand C12-Risk Assessment Form (Both Brands) Risk Assessment Form (Both
BP 280 Test Planning R3-Continuity of supply R18 Periodic Preventive P2
Management Brands)
C49-Test Brief Test Brief
Brand
BP 290 Test Initiation R3-Continuity of supply Periodic Preventive P1
Management Food Show followed by Kick-off
C50-Food show (Both Brands)
meeting (Both Brands)
For Applebee's: Brand Forecast
Spreadsheet, Recipe/Yields (Star
Chef or Training Document
Applebee's), Location list
(impacted DCs/restaurants) from
Brand C7-CSCS engages brands in this process. CSCS does not move
BP 300 Test Forecasting Including Yields R19-Incorrect information and data Periodic Preventive P1 Strategy Implementation (Test
Management forward without forecast and yield.
Overview)
Testing
For IHOP: Forecast yields (from
Business Analytics) and Recipe
from Charter folder
BP 310 Test Demand Planning Brand R3-Continuity of supply R6, R9 C34-Carefully construct and review Demand Plan Periodic Preventive P1 Demand Plan
Management
C18-CSCS initiates authorization for inventory purchase policy AIPs
Brand
BP 320 Test Execution & Management R3-Continuity of supply R6, R9 (AIP). In order to begin production, CSCS, brands, and Board Periodic Preventive P1 Emails of product orders from
Management
Chairs must agree to sign Culinary (Applebee's)
Brand R3-Continuity of supply R18, R23, C13-Monitoring key, high-risk, and high-value inventory through Detective
BP 330 Test Inventory Management Periodic P1 Inventory Scorecard/Workbook
Management R15-Obsolete Inventory R24 Inventory Scorecard/Workbook
Preventive
C18-Purchase per AIP. Additional expenses and product not
Test Obsolete Inventory and Incremental Expense Brand defined by AIP will be authorized by Brand. (IHOP)
BP 340 Resolution Management R18-1-Unfavorable impacts on cost of goods sold R23, R24 Periodic Corrective P1 AIPs
C7-Seeking approval from Brands through email authorization and Email and database for invoices
documentation of invoices
See relevant risks below: promotion demand
Brand
BP 350 Promotion Implementation Overview planning, promotion execution & management, and See relevant controls below See relevant details below See evidence below
Management promotion inventory management
Brand
BP 360 Promotion Planning R3-Continuity of supply R9 C12-Risk Assessment Form - (Applebee's and IHOP) Periodic Preventive P1 Risk Assessment Form
Management

407 408 409 410 411 412 413 414 415 416 417