Details

<p><b>Introduction to The Internal Controls Toolkit 9</b></p> <p>Introduction 9</p> <p>Internal Controls And Fraud Prevention 9</p> <p>Internal Controls And Fraud Prevention: Additional Statistics 10</p> <p>Who Will Benefit From This Toolkit 11</p> <p>About The Standards of Internal Control 12</p> <p>How Were The Standards Developed? 12</p> <p>How Are The Standards Used? 12</p> <p>What Is The Basic Premise of The Standards? 12</p> <p>When Should The Standard Be Updated? 12</p> <p>What Is A Best Practice For Implementing And Using The Standards? 12</p> <p>General Standards of Internal Control 13</p> <p>How This Toolkit Is Organized 14</p> <p><b>1.0 Background On Internal Controls 15</b></p> <p>The Goals And Challenges of Internal Controls 15</p> <p>Risk Based Internal Controls 15</p> <p>Application of Internal Controls 16</p> <p>The Three Critical Corporate Controls 17</p> <p>The Background And History of Internal Controls 19</p> <p>Securities Act of 1933 19</p> <p>Securities Exchange Act of 1934 19</p> <p>Trust Indenture Act of 1939 19</p> <p>Investment Company Act of 1940 19</p> <p>Investment Advisors Act of 1940 19</p> <p>Foreign Corrupt Practices Act (Fcpa) of 1977 19</p> <p>Comprehensive Crime Control Act – 1984 20</p> <p>Federal Sentencing Guidelines For Organizations – 1991 20</p> <p>Internal Control – Integrated Framework – 1992 And 2013 20</p> <p>Coso’s Monitoring Guidance 21</p> <p>Cobit – 1996 23</p> <p>Systrust – 1999 23</p> <p>Corporate Frauds – 2001-2002 23</p> <p>U.S. Sarbanes Oxley Act of 2002 24</p> <p>Enterprise Risk Management (Erm) Integrated Framework – 2004 And 2013 25</p> <p>Example: Enterprise Risk Management (Erm) And The Application to The Procure to Pay (P2p) Cycle 26</p> <p>An Erm Checklist 27</p> <p>Internal Control Over Financial Reporting — Guidance For Smaller Public Companies - 2006 28</p> <p>Guidance On Monitoring Internal Control Systems – 2009 28</p> <p>Definition of Internal Controls 29</p> <p>Types of Internal Controls And Control Mechanisms 29</p> <p>Major Types of Internal Control 29</p> <p>Compensating Controls 30</p> <p>Other Controls 30</p> <p>Organization Controls 30</p> <p>Policy Controls 31</p> <p>Procedure Controls 31</p> <p>Supervisory Controls 31</p> <p>Review Controls 31</p> <p>Leveraging The Standards of Internal Control to Implement A Controls Self-Assessment (Csa) Program 32</p> <p>Ethics And “Tone At The Top” 34</p> <p>What Is ‘Tone At The Top’? 34</p> <p>What Are The Components of An Effective Ethics Policy? 34</p> <p>What Are The Components of A Well-Defined Code of Conduct? 34</p> <p>What Are Examples of Poor “Tone At The Top”? 35</p> <p>Code of Conduct Considerations 35</p> <p>Entity Level Controls 36</p> <p>Benefits For Entity Level Controls 36</p> <p>“Tone At The Top” 36</p> <p>Roles And Responsibilities For Internal Control 38</p> <p><b>2.0 The Order to Cash (O2c) Process 42</b></p> <p>2.1 Order Entry/Edit 45</p> <p>2.1 Order Entry/Edit (Continued) 46</p> <p>2.1 Order Entry/Edit (Continued) 47</p> <p>2.2 Export Controls 48</p> <p>2.2 Export Controls (Continued) 50</p> <p>2.2 Export Controls (Continued) 51</p> <p>2.3 Sales Contracts 53</p> <p>2.3 Sales Contracts (Continued) 54</p> <p>2.4 Credit 55</p> <p>2.4 Credit (Continued) 56</p> <p>2.5 Shipping 58</p> <p>2.5 Shipping (Continued) 59</p> <p>2.5 Shipping (Continued) 60</p> <p>2.6 Revenue Recognition/Billing 61</p> <p>2.6 Revenue Recognition/Billing (Continued) 62</p> <p>2.6 Revenue Recognition/Billing (Continued) 63</p> <p>2.6 Revenue Recognition/Billing (Continued) 64</p> <p>2.7 Accounts Receivable (Ar) 66</p> <p>2.7 Accounts Receivable (Ar) (Continued) 67</p> <p>2.8 Collection 69</p> <p>2.9 Cash Receipts And Application 70</p> <p>2.9 Cash Receipts And Application (Continued) 71</p> <p>2.10 Price Establishment 72</p> <p>2.10 Price Establishment (Continued) 73</p> <p>2.11 Promotional Activities 74</p> <p>2.11 Promotional Activities (Continued) 75</p> <p>2.11 Promotional Activities (Continued) 76</p> <p><b>3.0 Treasury Process 77</b></p> <p>3.1 General Treasury Controls 80</p> <p>3.1 General Treasury Controls (Continued) 81</p> <p>3.1 General Treasury Controls (Continued) 82</p> <p>3.2 Financing Operations 83</p> <p>3.2 Financing Operations (Continued) 84</p> <p>3.3 Investment of Available Funds 85</p> <p>3.3 Investment of Available Funds (Continued) 86</p> <p>3.4 Foreign Exchange 87</p> <p>3.4 Foreign Exchange (Continued) 88</p> <p><b>4.0 Procure to Pay (P2p) Process 89</b></p> <p>4.2 Purchasing/Ordering 99</p> <p>4.2 Purchasing/Ordering (Continued) 100</p> <p>4.2 Purchasing/Ordering (Continued) 101</p> <p>4.2 Purchasing/Ordering (Continued) 102</p> <p>4.3 Import Controls 103</p> <p>4.3 Import Controls (Continued) 104</p> <p>4.4 Receiving 105</p> <p>4.4 Receiving (Continued) 106</p> <p>4.4 Receiving (Continued) 107</p> <p>4.5 Accounts Payable 108</p> <p>4.5 Accounts Payable (Continued) 109</p> <p>4.5 Accounts Payable Continued) 110</p> <p>4.6 The Payment Process - General 111</p> <p>4.6 The Payment Process – General (Continued) 112</p> <p>4.6 The Payment Process – General (Continued) 113</p> <p>4.7 The Payment Process - Travel And Entertainment 114</p> <p>4.7 The Payment Process - Travel And Entertainment 115</p> <p>4.8 Research And Product Development 116</p> <p>4.8 Research And Product Development (Continued) 117</p> <p>4.8 Research And Product Development (Continued) 118</p> <p>4.9 Procurment Cards (P-Cards) 119</p> <p>4.9 Procurment Cards (P-Cards) (Continued) 120</p> <p>4.9 Procurment Cards (P-Cards) (Continued) 121</p> <p><b>5.0 Hire to Retire (H2r) Process 122</b></p> <p>5.1 Payroll Preparation And Security 125</p> <p>5.1 Payroll Preparation And Security (Continued) 126</p> <p>5.2 Payroll Payment Controls 128</p> <p>5.2 Payroll Payment Controls 129</p> <p>5.3 Distribution of Payroll 130</p> <p>5.4 Compensation And Benefits 131</p> <p>5.4 Compensation And Benefits (Continued) 132</p> <p>5.5 Hiring And Termination 133</p> <p>5.5 Hiring And Termination (Continued) 134</p> <p>5.6 Education, Training, And Development 135</p> <p>5.7 Contingent Workforce 136</p> <p>5.7 Contingent Workforce (Continued) 138</p> <p><b>6.0 The Supply Chain Process 139</b></p> <p>6.1 Planning & Control 142</p> <p>6.1 Planning & Control (Continued) 143</p> <p>6.2 Inventory Control 144</p> <p>6.2 Inventory Control (Continued) 145</p> <p>6.2 Inventory Control (Continued) 146</p> <p>6.3 Inventory Verification 147</p> <p>6.3 Inventory Verification (Continued) 148</p> <p>6.4 Inventory Valuation 149</p> <p>6.5 Product Cost Management 150</p> <p>6.5 Product Cost Management (Continued) 151</p> <p>6.5 Product Cost Management (Continued) 152</p> <p>6.6 Original Equipment Manufacturers (Oems) / Alliance Partners 153</p> <p>6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued) 154</p> <p>6.6 Original Equipment Manufacturers (Oems) / Alliance Partners (Continued) 155</p> <p>6.8 Tranportation And Logistics 158</p> <p>6.8 Tranportation And Logistics (Continued) 159</p> <p><b>7.0 Record to Report (R2r) 161</b></p> <p>7.1 International Transfer Pricing 166</p> <p>7.2 Intercompany Transactions 167</p> <p>7.2 Intercompany Transactions (Continued) 168</p> <p>7.3 Accumulation of Financial Information 169</p> <p>7.3 Accumulation of Financial Information (Continued) 170</p> <p>7.4 Processing And Reporting of Financial Information (The Final Mile) 171</p> <p>7.5 Fixed Assets 174</p> <p>7.5 Fixed Assets (Continued) 175</p> <p>7.5 Fixed Assets (Continued) 176</p> <p><b>8.0 Government Contracts 177</b></p> <p>8.1 United States Government Contracts - General 178</p> <p>8.1 United States Government Contracts – General (Continued) 179</p> <p>8.1 United States Government Contracts – General (Continued) 180</p> <p>8.1 United States Government Contracts – General (Continued) 181</p> <p>8.1 United States Government Contracts – General (Continued) 182</p> <p>8.2 United States Government Contracts - Non-Commercial Products 183</p> <p>8.2 United States Government Contracts - Non-Commercial Products (Continued) 184</p> <p>8.3 United States Government Contracts - Commercial Products 185</p> <p>8.3 United States Government Contracts - Commercial Products (Continued) 186</p> <p>8.3 United States Government Contracts - Commercial Products (Continued) 187</p> <p>8.4 Contracts With State And Local Governments And Educational Institutions Within The United States 188</p> <p>8.5 Contracts With Governments Outside The United States 190</p> <p>8.5 Contracts With Governments Outside The United States (Continued) 191</p> <p><b>9.0 Records And Information Management 192</b></p> <p>9.2 Standards of Internal Record Keeping Requirements 197</p> <p>9.2 Standards of Internal Record Keeping Requirements (Continued) 198</p> <p>9.2 Standards of Internal Record Keeping Requirements (Continued) 198</p> <p><b>10.0 Computer, Telecommunication And Systems Controls 201</b></p> <p>10.1 Owners, Users, And Service Providers 206</p> <p>10.1 Owners, Users, And Service Providers 207</p> <p>10.1 Owners, Users, And Service Providers (Continued) 208</p> <p>10.1 Owners, Users, And Service Providers (Continued) 209</p> <p>10.3 Computer Access Control 214</p> <p>10.4 Network Operations And Security Controls 224</p> <p>10.4 Network Operations And Security Controls (Continued) 225</p> <p>10.5 Systems Development Methodology 228</p> <p>10.5 Systems Development Methodology (Continued) 229</p> <p>10.5 Systems Development Methodology (Continued) 230</p> <p>10.6 Change Management 231</p> <p>10.6 Change Management (Continued) 232</p> <p>10.7 Computer And Telecommunications Backup For Production Restart/Recovery 235</p> <p>10.8 Disaster Recovery And Business Contingency Planning 237</p> <p>10.8 Disaster Recovery And Business Contingency Planning (Continued) 241</p> <p>10.8 Disaster Recovery And Business Contingency Planning (Continued) 242</p> <p>10.9 Input Controls 243</p> <p>10.10 Output Controls 245</p> <p>10.11 Paperless Transactions, Electronic Commerce, And Edi 247</p> <p>10.12 Non-Company Networks And Bulletin Boards 250</p> <p><b>11.0 Protection of Assets: Human, Physical And Intellectual 256</b></p> <p>11.1 Security Framework 258</p> <p>11.1 Security Framework (Continued) 259</p> <p>11.1 Security Framework (Continued) 260</p> <p>11.2 Perimeter Security 261</p> <p>11.2 Perimeter Security (Continued) 262</p> <p>11.3 Interior Security 264</p> <p>11.3 Interior Security 265</p> <p>11.4 Protecting Intellectual Property 266</p> <p><b>12.0 The Insurance Process 268</b></p> <p>12.1 Protection Against Physical Damage And Other Accidents 269</p> <p>12.2 Insurance (Property & Casualty Risks) 270</p> <p>12.3 Business Continuity 272</p> <p><b>13.0 Environmental, Health, And Safety (Eh&S) 273</b></p> <p>13.1 General Controls 275</p> <p>13.1 General Controls (Continued) 276</p> <p><b>14.0 Customer Services 277</b></p> <p>14.1 Policy 279</p> <p>14.1 Policy (Continued) 280</p> <p>14.1 Policy (Continued) 281</p> <p>14.2 Call Center Management 282</p> <p>14.2 Call Center Management (Continued) 283</p> <p>14.3 Warranty 284</p> <p>14.3 Warranty (Continued) 285</p> <p>14.3 Warranty (Continued) 286</p> <p>14.4 Support Sales 287</p> <p><b>15.0 Professional Services (Ps) 288</b></p> <p>15.1 General Controls 290</p> <p>15.1 General Controls (Continued) 291</p> <p>15.2 Opportunity-Bid Process 292</p> <p>15.2 Opportunity-Bid Process (Continued) 293</p> <p>15.2 Opportunity-Bid Process (Continued) 294</p> <p>15.3 Program Management 295</p> <p>15.3 Program Management (Continued) 296</p> <p>15.3 Program Management (Continued) 297</p> <p>15.3 Program Management (Continued) 298</p> <p>15.3 Program Management (Continued) 299</p> <p>15.4 Customer Order Management 300</p> <p>15.4 Customer Order Management (Continued) 301</p> <p>15.4 Customer Order Management (Continued) 302</p> <p><b>16.0 Entity Level Controls 303</b></p> <p>16.1 Compliance And Compliance Screening 305</p> <p>16.1 Compliance And Compliance Screening (Continued) 306</p> <p>16.2 Internal Controls Roles And Responsibilities 308</p> <p>16.2 Internal Controls Roles And Responsibilities (Continued) 309</p> <p>16.4 Audit Committee Controls 313</p> <p>16.4 Audit Committee Controls (Continued) 314</p> <p>16.4 Audit Committee Controls (Continued) 315</p> <p><b>17.0 Glossary 318</b></p> <p><b>18.0 Addendum – Additional Tools 327</b></p> <p>18.1 Example Internal Controls Policy 327</p> <p>18.2 Delegation of Authority (Doa) Policy 330</p> <p>18.3 Segregation of Duties (Sod) Policy 338</p> <p>18.4 System Access (Sa) Policy 352</p> <p>18.5 Pricing Policy Example 355</p> <p>18.6 Testing Internal Controls And Selecting Sample Sizes 357</p> <p>References 361</p> <p> </p>

<p><b>CHRISTINE H. DOXEY, CAPP, CCSA, CICA, CPC,</b> is president of Doxey, Inc. Prior to forming her company, she served in executive positions with Verizon Business (formerly MCI), Hewlett Packard, Compaq, and Digital Equipment. Doxy is on the Advisory Boards of The Exchange Summit and The Institute of Internal Controls. She has authored several books and speaks at conferences globally on financial process best practices.

<p><b>An important guide to the standards of internal control and the risks they mitigate</b> <p><i>"The concept of internal control is one of the trademarks of effective governance and good business operations. Without a strong system of internal control, organizations cannot ensure that the interests of company stakeholders are being protected. Strong internal controls support organizational goals and objectives, while helping safeguard against the risks of financial loss, operational waste, environmental irresponsibility, corporate fraud, and even reputational damage that can be irreparable. Internal control over financial reporting continues to be a major area of importance in the governance of an organization."</i><br/> <b>—From the Introduction</b> <p><i>Internal Controls Toolkit</i> is an essential guide for implementing the standards of internal controls that are necessary for any organization that wishes to provide the safeguards necessary to mitigate risk. At once comprehensive and practical, the book offers suggestions for identifying roles and responsibilities within a company, highlights process improvements, ideas for creating process documentation, and analyzing root cause of potential risk.

US