Implementation v1.0

8/12/2019 Implementation v1.0

1/264

Introduction

Risk Based Internal Aud

Three views on implemLast updated 15 January 2006

Copyright D M Griffiths

RAU basics

Appendix A Scoring risks

Appendix B Risk Register

Appendix C Assessing risk maturity

Appendix D Process map

Appendix E Audit Universe

Appendix F Risk and audit universe

Appendix G Column key

Appendix H Audit plan

Appendix I Process map - purchases

Appendix J Expense purchases

database

Appendix K Conclusions

Figure 1 Risk reduction diagram

Figure 2 Risk significance

Figure 3 Stages of RBIA

Figure 4 Stage 2 Audit planning

Figure 5 Frequency of work

Figure 6 Stage 3 Individual audits

Figure 7 Audit trail

The spreadsheets are:

The spreadsheets in the Excel workbook supp

which can be downloaded from:

www.internalaudit.b iz

For reasons of time, none of the spreadsheets
http://www.internalaudit.biz/http://www.internalaudit.biz/


2/264


3/264

Risk register and audit plan

Risks register and audit Universe (RAU) basics

PurposeThe purpose of this spreadsheetis to demonstrate how a list of risks can be used to

generate an audit plan. The IIA standards (2010.A1) states, "The internal audit activity's plan of

engagements should be based on a risk assessment, undertaken at least annually. The input

of senior management and the board should be considered in this process."

The starting point: lists of risks from many people in the organisation at various levels

The end point: a list of all the audits (the "audit universe") necessary to check that all risks are

mitigated by internal controls . These audits to be scored in order to indicate their priority

To understand the way this risk register is used, you need to visit www.internalaudit.biz

This is not a "Best Practice" guide but an example, which you must change to fit your

organisation

The process mapIn order to produce an audit plan from a list of risks, the first task is to group the risks. I believe

this is best done by linking them to the processes which any organisation has to fulfill itsDo not confuse this approach with 'Process based' or 'Systems based' auditing. Processes in

risk based auditing are used only for convenience. Risks drive the audit plan and individualaudits. If you have a risk with no process, go and set up a new process!

Processes are the means to achieve the organisation's objectives. They do not necessarily

represent actual departments and could be outsourced. It is important to concentrate on the

theoretical processes required, since the actual processes may have weaknesses or

ommmissions.

Processes are arranged in a hierarchy (like an organisation chart), with each process being

split into more detail. The first level of processes is known as level 1 and these are split into

more detailed processes at level 2. It's usually possible to plan audits at this level. Processes

are split further in the audit and the more detailed risks and controls are linked to these. The

advantage of this approach is that it avoids having a huge database.

Each level has "Define objectives" at the start and "Support" at the end. There is a need to

define the objectives of any set of processes - even if it only to set targets. "Support" refers to

the support directly required by the processes at that level. The example will give you more of

an idea.

The processes in this spreadsheet are for a company which manufactures goods and sells

them through its own shops, to resellers (wholesalers) or direct to the public.

The risk registerThe process maps are used to set up the risk register, where risks are linked to processes.

Each box on the process map has a row. This enables risks to be attached to processes at

each level, and for each level to have a risk score. This is useful in summarising the risk

scores for levels 1 & 2. (This format is slightly different to that used in www.internalaudit.biz)

David M Griffiths RAU basics
http://www.internalaudit.biz/http://www.internalaudit.biz/


4/264

Risk register and audit plan

Several risks may be linked to one process or several processes to one risk. If you have a

process with no risks, you may need to ask management if risks do exist in this area. If you

have risks but no process - you need to add a process. Do NOT drop risks because they don't

fit neatly into your map!

The risk register will be constantly updated with new risks, as they occur to me, or as my

researches reveal. It can never be complete. The important point for yourrisk register is that it

gives you a complete "audit universe". It is these audits which need to identify all the key risks

in order to assess the controls which mitigate themThe last columns in the register show details of the last audit of that risk and the next audit

planned. This enables the register to be used as an audit planning tool. By sorting and filtering

the database an annual audit plan can be produced. A calculation at the end of the "next audit

budget" column will show if sufficient resources are available.

The register has one line of titles, so that it can be used as a database (sorted, filtered, reports

produced)

I intend to produce example audit databases (audit programmes) for many of the audits in the

risk register. See www.internalaudit.biz for more details

Some audit work may be duplicated. For example; "Transaction processing - purchasing goods

for resale" may have some audit work which appears in the support processes for "Purchase of

goods for resale". This is not necessarily bad, as it may cover important areas in slightly

different ways

You may have many risks against one process at level 2. If this is the case split the process to

give processes at level 3. See 9.6 - Process Transactions

Certain major areas of risk, such as health & safety, the environment and quality control only

have one entry each. The level of detail will depend on the responsibilities of the internal audit

department. It is assumed that these areas are covered by other specialists and the audit

would be concerned with the proper operation and reporting of these functions

The following notes are tips when considering risks:When wording risks, try not to make them just the failure to deliver a process. For example if

the process is, "Pay invoices", the risk is not, "Fail to pay invoices". However, one risk would be

"Invoices not selected for payment"

More importantly risks should not be the absence of a control. For example, the risk Invoices

are not authorised presupposes a control. The riskis Invoices may be paid for goods or

services not required; the control is All invoices are authorised by a senior manager.

LanguageI have used UK english for the risk register. Variations from US english include:

Supplier = Vendor

Purchase = Procure

Cheque = Check

I have used the term "accounts payable" for purchase ledger, since this is now common in the

UK.

All sheets copyright David M Griffiths

Not to be copied or distributed without acknowledging the author, or in conjunction with a

commercial product

David M Griffiths RAU basics


5/264

Appendix A

Advice on scoring risks (inherent and resid

1 to 5 scale

If the consequence when therisk occurs is:

ORthe likelihood ofthe risk occurring is:

A catastrophic impact on the

organisation, threatening its

existence

Almost certain

Cash at risk> 1,000,000

To prevent the organisation

achieving all, or a major part, of its

objectives for a long time.

Probable

Cash at risk 100,000

To stop the organisation achieving

its objectives for a limited period.

Possible

Cash at risk 30,000

To stop the organisation achieving

its objectives for a limited period.

Unlikely

Cash at risk 5,000

To cause minor inconvenience, not

affecting the achievement of

objectives

Rare

Cash at risk


6/264

Rare(1)

Unlik

Insigni ficant (1) Minor (2) Moderate (3) Ma

Li

Consequence of r

3

Acceptable

2

Acceptable

1

Acceptable Acc

Issue

I

Rare(1)

Unlik

Insigni ficant (1) Minor (2) Moderate (3) Ma

Li

Consequence of r

3

Acceptable

2

Acceptable

1

Acceptable Acc

Issue

I


7/264

al)

Then the measure isdefined to be:

ined by the board of the organisation concerned

Insignificant (1)

Moderate (3)

Minor (2)

Catatrophic (5)

Major (4)

16ceptable

8lementary

12

ssue

10

20ceptable

15Unacceptable

20Unacceptable

25Unacceptable

16ceptable

8lementary

12

ssue

10

20ceptable

15Unacceptable

20Unacceptable

25Unacceptable


8/264

jor (4) Catastrophic (5)

isk

5

Issue

4

eptable

Issue

jor (4) Catastrophic (5)

isk

5

Issue

4

eptable

Issue


9/264

Appendix B

Risks re ister

L1 Level 1 process L2 Level 2 process L3 Level 3 process

1 Define

organisation's

objectives

1 Decide strategy

1 Define

organisation's

objectives

1 Decide strategy

1 Define

organisation's

objectives

1 Decide strategy

1 Define

organisation's

objectives

2 Communicate strategy

1 Define

organisation's

objectives

3 Deliver strategy

1 Define

organisation's

objectives

3 Deliver strategy

1 Define

organisation's

ob ectives

3 Deliver strategy

1 Define

organisation's

objectives

4 Maintain strategy

1 Define

organisation's

ob ectives

4 Maintain strategy

1 Define

organisation'sob ectives

5 Support strategy

2 Research new

business

o ortunities

1 Define objectives

2 Research new

business

o ortunities

2 Research products

David M Griffiths B Risk Register


10/264

2 Research new

business

o ortunities

3 Research markets

2 Research new

business

opportunities

4 Research customers

2 Research new

business

o ortunities

5 Research locations

2 Research new

business

o ortunities

6 Support research

3 Obtain, and fit

out, premises

1 Define objectives

3 Obtain, and fit

out, premises

2 Obtain offices

3 Obtain, and fitout, premises

3 Obtain factories

3 Obtain, and fit

out, premises

4 Obtain warehousing

3 Obtain, and fit

out, premises

5 Obtain retail premises

3 Obtain, and fit

out, premises

6 Maintain premises

3 Obtain, and fitout, premises

7 Support obtaining premises

4 Purchase ggods

and services

1 Define objectives

4 Purchase ggods

and services

2 Purchase raw materials

4 Purchase ggods

and services


4 Purchase ggods

and services

3 Purchase assets

4 Purchase ggods

and services

4 Purchase finished goods

4 Purchase ggods

and services

5 Purchase expense goods and

services

4 Purchase ggods

and services

5 Purchase expense goods and

services



11/264

4 Purchase ggods

and services

6 Support purchasing

5 Manufacture 1 Define objectives

5 Manufacture 2 Design products

5 Manufacture 3 Specify manufacturing

5 Manufacture 4 Plan manufacturing

5 Manufacture 5 Manufacture


5 Manufacture 6 Support manufacturing

6 Advertise andpromote

1 Define objectives forpromotion

6 Advertise and

promote

2 Promote in-store

6 Advertise and

promote

3 Promote to customers

6 Advertise and

promote

4 Advertise in papers

6 Advertise and

promote

5 Advertise on TV

6 Advertise and

promote

6 Support promotions

7 Store and

distribute goods

1 Define objectives for

supplying goods

7 Store and

distribute goods

2 Store goods

7 Store and

distribute goods

3 Distribute goods

7 Store and

distribute goods

4 Support supply

8 Sell goods 1 Define objectives for selling

goods

8 Sell goods 2 Sell in stores




12/264







8 Sell goods 3 Sell to resellers



8 Sell goods 4 Sell direct





8 Sell goods 5 Support selling

9 Support the

organisation in

achieving its

ob ectives


supporting the organisation

9 Support the

organisation in

achieving its

ob ectives

2 Prepare management

accounts

9 Support the

organisation in

achieving its

ob ectives

3 Prepare financial accounts



13/264

9 Support the

organisation in

achieving its

ob ectives

3 Prepare financial accounts

9 Support the

organisation in

achieving its

ob ectives

4 Provide staff

9 Support the

organisation in

achieving its

ob ectives

4 Provide staff

9 Support the

organisation in

achieving its

ob ectives

4 Provide staff

9 Support the

organisation in

achieving its

ob ectives

4 Provide staff

9 Support theorganisation in

achieving its

ob ectives

5 Provide systems

9 Support the

organisation in

achieving its

ob ectives

5 Provide systems

9 Support the

organisation in

achieving its

ob ectives

5 Provide systems

9 Support the

organisation in

achieving its

ob ectives

5 Provide systems

9 Support the

organisation in

achieving its

ob ectives

5 Provide systems

9 Support the

organisation in

achieving its

ob ectives

6 Process transactions 1 Process transactions -

purchases

9 Support the

organisation in

achieving its

ob ectives


retail sales

9 Support the

organisation in

achieving its

ob ectives


wholesale sales

9 Support the

organisation in

achieving its

ob ectives


direct sales



14/264

9 Support the

organisation in

achieving its

objectives


manufacturing stock

9 Support the

organisation in

achieving its

objectives


wholesale stock

9 Support the

organisation in

achieving its

objectives


store stock

9 Support the

organisation in

achieving its

ob ectives


payroll

9 Support the

organisation inachieving its

ob ectives


personal expenses

9 Support the

organisation in

achieving its

ob ectives


fixed assets

9 Support the

organisation in

achieving its

objectives


cash and bank

9 Support the

organisation in

achieving its

ob ectives

7 Provide legal services

9 Support the

organisation in

achieving its

ob ectives

8 Provide tax services

9 Support the

organisation in

achieving its

ob ectives

9 Ensure quality

9 Support the

organisation in

achieving itsob ectives

10 Ensure health & safety

9 Support the

organisation in

achieving its

ob ectives

11 Manage the environment



15/264

9 Support the

organisation in

achieving its

objectives

12 Ensure security

9 Support the

organisation in

achieving its

objectives

12 Ensure security

9 Support the

organisation in

achieving its

ob ectives

13 Communicate

9 Support the

organisation in

achieving its

objectives

14 Manage risks

9 Support the


ob ectives

15 Manage the assets

9 Support the

organisation in

achieving its

ob ectives

15 Manage the assets

9 Support the

organisation in

achieving its

ob ectives

16 Support the support functions



16/264

Reference Business unit Process Process Description

1.1 The board Decide strategy The most senior management group (the

"board") decide on the objectives of the

organisation



organisation



organisation

1.2 The board Communicate

strategy

The objectives are communicated to all

staff in a comprehensible form

1.3 The board Deliver strategy An action plan is devised, at high level,

which will deliver the objectives





1.4 The board Maintain strategy The strategy is regularly updated to take

account of changing business conditions

1.4 The board Maintain strategy The strategy is regularly updated to take

account of changing business conditions

1.5 The board Support strategy Resources are made available to carry

out the above processes

2.1 Research and

development

Define

objectives

The objectives of the research processes

are defined

2.2 Research and

development

Research

products

Research the products, to be

manufactured or purchased, which will

achieve the organisation's objectives



17/264

2.3 Marketing Research

markets

Research the market segments which will


2.4 Marketing Research

customers

Research the customer profile which will


2.5 Property Research

locations

Research the locations, in-country and

abroad, which will achieve the

organisation's objectives

2.6 Administration Support

research

Resources are made available to carry


3.1 Property Define

objectives

The objectives of the processes for

obtaining premises are defined

3.2 Property Obtain offices Decide on the best locations for offices to

house the support staff

3.3 Property Obtain factories Decide on the best locations for factoriesto manufacture products

3.4 Property Obtain

warehousing

Decide on the best location for premises

to store goods

3.5 Property Obtain retail

premises

Decide on the best location for shops

3.6 Facilities management Maintain

premises

Premises are maintained to ensure safety,

effectiveness and efficiency at all times

3.7 Administration Supportobtaining

premises

Resources are made available to carryout the above processes

4.1 Purchasing Define

objectives


purchasing are defined

4.2 Purchasing Purchase raw

materials

Purchase items to manufacture goods

4.2 Purchasing Purchase raw

materials

Purchase items to manufacture goods

4.3 Purchasing Purchase assets Purchase fixed assets

4.4 Purchasing Purchase

finished goods

Purchase goods for resale


expense goods

and services

Purchase goods and services for the

organisation


expense goods

and services

Purchase utilities for the organisation



18/264


purchasing



5.1 Factory Define

objectives


manufacturing are defined

5.2 Factory Design products Products to be manufactured are

designed

5.3 Factory Specify

manufacturing

Specify how the products are to be

manufactured

5.4 Factory Plan

manufacturing

Plan the manufacturing schedule

5.5 Factory Manufacture Make the goods

5.5 Factory Manufacture Make the goods


manufacturing



6.1 Advertising Defineobjectives for

promotion

The objectives of the processes forpromoting sales are defined

6.2 Advertising Promote in-store Promote goods in the retail stores through

various offers

6.3 Advertising Promote to

customers

Promote goods to resellers using offers

6.4 Advertising Advertise in

papers

Advertise goods in newspapers and

magazines

6.5 Advertising Advertise on TV Advertise on television


promotions



7.1 Logistics Define

objectives for

supplying goods


supplying goods are defined

7.2 Logistics Store goods Store goods in warehouses at stages of

the supply chain

7.3 Logistics Distribute goods Distribute goods between factories,

warehouses, stores and customers

7.4 Administration Support supply Resources are made available to carry


8.1 Merchandising Define

objectives for

selling goods

The objectives of the processes for selling

are defined

8.2 Merchandising Sell in stores Sell goods in stores operated by the

organisation, or franchised





19/264













8.3 Marketing Sell to resellers Sell goods to customers who will resell

them


them


them

8.4 Internet sales Sell direct Sell direct to the public. For example,

through the internet









8.5 Administration Support selling Resources are made available to carry


9.1 Administration Define

objectives for

supporting the

organisation


supporting the organisation are defined

9.2 Management accounts Prepare

management

accounts

Collect the data from processed

transactions into accounts for

management to make decisions

9.3 Financial accounts Prepare financial

accounts


transactions into accounts for statutory or

tax purposes



20/264

9.3 Financial accounts Prepare financial

accounts



tax purposes

9.4 Human resources Provide staff Recruit staff and manage staff policies




9.5 Information systems Provide systems Provide systems, including computersystems to support the organisations

operations

9.5 Information systems Provide systems Provide systems, including computer

systems to support the organisations

operations



operations



operations



operations

9.6.1 Purchase accounting

services

Process

transactions -

purchases

Receive invoices, obtain approval for

payment, pay for goods and services

9.6.2 Retail accounting

services

Process

transactions -

retail sales

Receive cash and cash equivalents at the

till, bank them and check all money is

received

9.6.3 Sales accounting

services

Process

transactions -

wholesale sales

Carry out credit checks before goods are

despatched, issue invoices and receive

payment for goods

9.6.4 Sales accounting

services

Process

transactions -

direct sales

Process the credit card payments before

authorising despatch of the goods



21/264

9.6.5 Factory Process

transactions -

manufacturing

stock

Receive goods against the order, update

stock records, issue the goods to

manufacture, manage stock levels,

minimise stock losses, account for stock

9.6.6 Logistics Process

transactions -

wholesale stock

Receive goods from the factory, or

supplier,, update stock records, issue the

goods to manufacture, manage stock

levels, minimise stock losses, account for

stock

9.6.7 Stock accounting

services

Process

transactions -

store stock

Receive goods from the warehouse,

update store stock records, sell the goods

to customers, manage stock levels,


9.6.8 Payroll accounting

services

Process

transactions -

payroll

Receive details of employees, their salary

and working hours. Calculate pay based

on these, less deductions. Pay over

deductions

9.6.9 Expense accounting

services

Process

transactions -personal

expenses

Personal expenses (for travelling) are

claimed, authorised and paid

9.6.10 Fixed asset accounting

services

Process

transactions -

fixed assets

Receive invoice details. Decide on

whether to capitalise costs. Add assets to

register. Attach depreciation data and

calculate.

9.6.11 Cashiers accounting

services

Process

transactions -

cash and bank

Receive cash transaction data for

purchases, sales, payroll, personal

expenses and other transactions.

Reconcile these to transactions passing

through the bank account. Follow-up

differences

9.7 Company Secretary Provide legal

services

Advise all areas of the company

concerning action to be taken onlegislation

9.8 Taxation Provide tax

services

Advise all areas of the company

concerning action to be taken on tax

legislation

9.9 Quality Control Ensure quality Ensure all goods sold meet the quality

standards set by legislation and the

organisation

9.10 Health and safety Ensure health &

safety

Ensure the organisation complies with

legislation and good practice to ensure

the safety of staff and customers

9.11 Health and safety Manage the

environment

Ensure the operations of the organisation

obey all environmental laws and good

practice



22/264

9.12 Security Ensure security The physical security of tangible and

intangible assets, and staff and

customers, is maintained at all times to

ensure the continued operation of the

organisation

9.12 Security Ensure security The physical security of tangible and




organisation

9.13 Public relations Communicate Inform internal and external stakeholders

of the organisation's policies and

intentions

9.14 Risk manager Manage risks Identify, evaluate and manage risks down

to the level considered acceptable by the

organisation

9.15 Treasury Manage the

assets

Ensure that assets of the organisation,

particularly cash, are maintained atoptimum levels to achieve the objectives

9.15 Treasury Manage the

assets

Ensure that assets of the organisation,

particularly cash, are maintained at

optimum levels to achieve the objectives

9.16 Administration Support the

support

functions





23/264

Key risk to process Risk Source Processowner

Cons Like

The strategy does not anticipate

customer demands

Managing

Director

5 5

The strategy is too risk-averse Managing

Director

5 5

The objectives within the strategy

are not clearly defined, financially

justified or documented

Managing

Director

5 5

Staff do not understand the

objectives in relation to their own

jobs

Managing

Director

5 5

The action plan does not cover all

objectives and does not consist of

SMART targets addressed to senior

management

Managing

Director

5 5

The organisation has not got the

resources to deliver the strategy

Managing

Director

5 5

Major projects intended to deliver

the strategy are late and/or over

budget

Managing

Director

5 5

All staff, including the Board, fail to

maintain high ethical standards,

which undermine the controls

necessary to achieve the

organisation's objectives, including

that of ensuring compliance with

laws and standards

Managing

Director

5 5

Internal and external influences are

not monitored to assess their impact

on the strategy

Managing

Director

5 5

The resources required are not

understood or are not sufficient todeliver the strategy

5 5

The objectives will not deliver the

organisation's objectives effectively

and efficiently

The research does not identify the

most effective products for

achieving the objectives

Inherent ri



24/264


most effective market segments for



most effective customer segments

for achieving the objectives


most effective locations for



understood or are not sufficient to

deliver the strategy



and efficiently

The locations are not cost-effective,

have insufficient staff in the vicinity

and has poor communications

The environment is not suitable fora factory, insufficient trained labour

is available, property costs are too

high

The buildings are not suitable for

storing products, costs are too high

and labour is not available

The locations are not cost-effective,

have insufficient staff in the vicinity

and are not near our target

customers

Poor maintenance results in injury

to staff or customers

The resources required are notunderstood are not sufficient to




and efficiently

The purchased items are

unsuitable, too expensive or

delivered late

A major supplier of a vital raw

material, not obtainable elsewhere,

is not able to deliver

Assets are not required, not suitable

or too expensiveGoods are not suitable, too

expensive or delivered late

Goods or services are not suitable,

too expensive or delivered late

Minimum prices for utilities are not

negotiated



25/264






and efficiently

There is no market for the product.

The product is too expensive to

produce

The method of manufacturing

specified is inefficient

The schedule produces the wrong

goods at the wrong time

The goods are made inefficiently

New environmental legislation

makes manufacturing process

uneconomic




The objectives will not deliver theorganisation's objectives effectively

and efficiently

Promotions do not make a profit









and efficiently

Goods are damaged, or lost

A strike of fuel suppliers brings

transport in the UK to a stop






and efficiently

Board risk workshop Merchandis

e Director

5 5

Fail to stock goods which the

customers want to buy


e Director

5 5

Fail to anticipate the competitions'

initiatives to take a bigger market

share


e Director

5 5



26/264

Prices are not competitive Board risk workshop Merchandis

e Director

5 5

Store layout confuses customers Board risk workshop Merchandis

e Director

4 4

Prices are incorrect Board risk workshop Merchandis

e Director

4 5

No stock for customers to buy Board risk workshop Merchandis

e Director

5 5

Higher minimum wage legislation

makes some stores unprofitable


e Director

5 5

Poor service/quality of goods

leading to customer complaints


e Director

5 5

A major customer goes bankrupt Board risk workshop Marketing

Director

4 4

No stock for customers to buy Board risk workshop Marketing

Director

5 5



Board risk workshop Marketing

Director

5 5




e Director

4 5

Fraudulent credit cards used Finance Director interview Merchandis

e Director

4 5

No stock for customers to buy Logistics Director interview Merchandis

e Director

4 5

Internet sites unavailable Board risk workshop Merchandis

e Director

4 5

Goods are lost Board risk workshop Merchandis

e Director

4 5





e Director

5 5



and efficiently

Management accounts do not

provide timely information on which

to make decisions

Financial accounts are issued which

do not comply with UK law



27/264

The organisation is not prepared for

the International Accounting

Standards (IAS)

High-calibre staff are not recruited

and retained

Properly qualified staff are not

available to take vacancies

Staff are not properly trained

Staff successfully claim unfair

dismissal

A virus brings down all computersystems for a week

Data is lost

Data or programs are corrupted

Major hardware failure

Major network failure

Payment is made where the

organisation has not received the

goods or services at the price and

quality ordered

Cash taken at the till is not banked

Goods are sold to customers who

cannot pay for them

Fail to pass transaction details to

the credit card company



28/264

Stock is incorrectly valued



Receive incorrect data from stores

on hours worked and new

employees

Expenses were not incurred

Revenue expenditure capitalised, or

capital expenditure put to revenue

Differences not cleared

The impact of legislation is not

anticipated which results inconsiderable costs

Schemes to minimise tax are not

used

Poor quality goods harms the

organisation's reputation

A failure in H & S occurs which

results in bad publicity and law suits

An environmental disaster occurs at

one of the organisation's premises



29/264

Confidential information is stolen

Offices are destroyed by fire

The London Stock Exchange is

given information which cannot be

substantiated

The external and internal risks

threatening the objectives, and

related processes, of the

organisation are not understood or

mitigated

Financial contracts are set up which

open the company to significantlosses

Working capital is not optimised






30/264

Score Response Control (examples)

25 The board received a quarterly report from outside

consultants which forecasts likely trends in customer

demand for the next year

25 The quarterly meeting with consultants considers all

possible strategy options which are analysed objectively

to ensure all are properly considered

25 The strategy is written and published on the intranet. All

elements are financially justified and subject to risk

modelling

25 The Company Secretary is charged with ensuring all non-

sensitive information relating to company objectives and

strategy is published on the intranet

25

25

25

25

25

25

0

0

sks



31/264

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0



32/264

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

25 treat Overall targets for sales and profits are set by the board

in the annual budget. As part of the budget package the

Merchandise Director outlines the action to be taken toachieve the targets. See also strategy controls

25 treat Regular visists by Merchandising Director and staff to

markets which anticipate ours eg the US. Attendence at

trade shows. Focus Groups

25 treat All competitors' advertising campaigns are monitored,

with a weekly report to the Merchandising Director.



33/264

25 treat Competitors' prices are monitored every week, with

reports going to appropriate Heads of Merchandise

Departments

16 treat None

20 treat Retail prices are input by an assisatant buyer and

checked by a supervisor. Prices are downloaded onto

the EPOS system overnight

25 treat Each store has automatic replenishment, based on sales

and PI counts in store

25 treat Monthly profitability report of each store, checked by

stores accountant

25 treat All customer complaints logged on a database. Monthly

report to the Merchandise Managers, with comments on

action being taken

16 transfer with

insurance

Credit control procedures prevent orders being sent to

customers who pay late. Overseas debts are insured.

25 treat Computer report produced which estimates stock holding

and orders necessary to ensure 3 weeks stock holding.

Report checked by Senior Buyer



action being taken



action being taken

20 treat Credit card details checked to external database of

fraudulent cards

20 treat Computer report produced which estimates stock holding

and orders necessary to ensure 3 weeks stock holding.Report checked by Senior Buyer

20 tolerate An external internet provide is used who has back-up

computers available in the event of hardware and

comms failure

20 tolerate Reputable carrier used. Value of goods is relatively low

and missing goods are replaced without question

25 treat Various reports (Out of stock, late deliveries) will indicate

if insufficient staff are available

0

0

0



34/264

0

0

0

0

0

0

0

0

0

0

0

0

0

0



35/264

0

0

0

0

0

0

0

0

0

0

0



36/264

0

0

0

0

0

0

0



37/264

Monitoring (examples) Potential issue Cons Like Score

The role of the non-executive directors

is defined to ensure they challenge

board strategy to ensure it is robust

5 1 5




5 1 5




5 1 5

A staff council exists to feed back

concerns on communication to the

board

4 1 4

5 2 10

5 2 10

5 2 10

5 2 10

5 2 10

5 2 10

0

0

Residual risks



38/264

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0



39/264


40/264

None No checks to ensure reports are

issued and acted upon

5 2 10

None No customer groups to report on

their opinions of store layouts

4 4 16

A gross profit exception report is

generated for any changes to GP >5%.

This should pick up any incorrect input

of retail prices. The report is signed off

bu a buyer.

4 1 4

Computer report to buyer reports zero

stocks in stores

5 1 5

None Stores accountant is not

required to report exceptions to

senior management

5 4 20

Copy of report sent to Merchandising

Director and summaries are put on the

intranet

5 1 5

Head of Accounting Services examines

Aged Trial Balance each month andfollows up overdue debts

4 1 4

Head of Production also receives

report and ensures orders have been

received where necessary.

5 1 5

Copy of report sent to Marketing


intranet

5 1 5

Copy of report sent to Merchandising


intranet

5 1 5

Report of fraudulent transactions sent

to Head of Security.

4 1 4

Computer report to buyer reports zero

stocks in warehouse

4 1 4

Sevice agreement with provider

commits to 99% availability or

compensation

4 1 4

Report of lost goods sent to Head of

Security.

4 1 4

Failure to achieve targets may indicate

shortage of staff

There is no sucession plan, or

any attempt to anticipate staff

required in the future

5 3 15

0

0

0



41/264

0

0

0

0

0

0

0

0

0

0

0

0

0

0



42/264

0

0

0

0

0

0

0

0

0

0

0

0



43/264

0

0

0

0

0

0

0



44/264

Control

score20

20

20

21

15

15

15

15

15

15

0

0



45/264

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0



46/264

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

20

20

10



47/264

15

0

16

20

5

20

12

20

20

15

16

16

16

16

10

0

0

0



48/264

0

0

0

0

0

0

0

0

0

0

0

0

0

0



49/264

0

0

0

0

0

0

0

0

0

0

0

0



50/264

0

0

0

0

0

0

0



51/264

Appendix C

Assessing the organisations risk maturity(A more detailed matrix is included in the IIA Guidance Note An Approach to I

Risk nave Risk aware

Key characteristics (See IIAstatement Risk Based Internal

Auditing)

No formal approachdeveloped for risk

management

Scattered silo basedapproach to risk

management

ProcessAre the organisation's objectives defined?

Have management have been trained to

understand what risks are, and their

responsibility for them?

Has a scoring system for assessing risks

been defined?

Have processes been defined to

determine risks, and these have been

followed?

Have all risks been collected into one list?

Have risks been allocated to specific job

titles?

Have all risks been assessed in

accordance with the defined scoring

system?

Have responses to the risks (e.g. controls)

been selected and implemented?

Have management set up controls to

monitor the proper operation of key

controls?

Are risks regularly reviewed by the

organisation?

Has the risk appetite of the organisation

been defined in terms of the scoring

system?

No


52/264

Have management reported risks to

directors where responses are not

managing the risks to a level acceptable to

the board?

Are all significant new projects routinely

assessed for risk?

Is responsibility for the determination,

assessment, and management of risks

included in job descriptions?

Do managers provide assurance on the

effectiveness of their risk management?

Are managers assessed on their risk

management performance?

Internal Audit approach Promote riskmanagement and

rely on audit risk

assessment

Promote enterprise-

wide approach to

risk management

and rely on audit

risk assessment


53/264

mplementing Risk Based Internal Auditing)

Risk defined Risk managed Risk enabled

Strategy and policiesin place and

communicated. Risk

appetite defined

Enterprise approachto risk management

developed and

communicated

Risk managementand internal controls

fully embedded into

the operations

Inart

Yes


54/264

Facilitate risk

management/liaise

with risk management

and use management

assessment of risk

where appropriate

Audit risk

management

processes and use

management

assessment of risk

as appropriate

Audit risk

management

processes and use

management

assessment of risk

as appropriate


55/264

Audit test

Core IA roles are in brackets - see IIA statementThe Role of Internal Audit in Enterprise-wide Risk

Management

Check the organisation's objectives are determined by

the board and have been communicated to all staff.

Check other objectives and targets are consistent with

the organisation's objectives. (1)

Interview managers to confirm their understanding of risk

and the extent to which they manage it. (1)

Check the scoring system has been approved,

communicated and is used. (2)

Examine the processes to ensure they are sufficient to

ensure identification of all risks. Check they are in use, by

examining the output from any workshops. (1)

Examine the Risk Universe. Ensure it is complete,

regularly reviewed, assessed and used to manage risks.

Risks are allocated to managers. (1)

Check the scoring applied to a selection of risks is

consistent with the policy. Look for consistency (that is,

similar risks have similar scores). (2)

Examine the risk register to ensure proper controls

should be in place. (3)

For significant risks, examine the control(s) treating it and

ensure management would know if the control failed. (5)

Check for evidence that a thorough review process is

regularly carried out. (1)

Check the document on which the controlling body has

approved the risk appetite. Ensure it is consistent with the

scoring system and has been communicated. (1)


56/264

For risks above the risk appetite, check that the board

has been formally informed of there existence. (4)

Examine project proposals for an analysis of the risks

which might threaten them. (1)

Examine job descriptions. Check the instructions for

setting up job descriptions. (1)

Examine the assurance provided. For key risks, check

that controls and the management system of monitoring,

are operating.(4)

Examine a sample of appraisals for evidence that risks

management was properly assessed for performance. (1)


57/264

Appendix D

Process map for an organisation (levels 1 and 2)

Define objectives Obtain premisesResearch

Decide strategy

Maintain strategy

Deliver strategy

Communicatestrategy

Research markets

Research products

Research locations

Researchcustomers

Obtain factories

Obtain offices

Obtain retailpremises

Obtainwarehousing

Define objectives

Support research

Support strategy

Define objectives

Support obtainingpremises
http://localhost/var/www/apps/conversion/tmp/Web%20site/Web%20site%20for%20publication%20v1/files/databases/expense_purchases.xls


58/264


59/264


60/264

Manufacture PromotePurchase

Organisation'sobjectives

Purchase assets

Purchase rawmaterials

Purchase expensegoods

Purchase finishedgoods

Specify

manufacturing

Design products

Manufacture

Plan manufacturing

Promote to

customers

Promote in-store

Advertise on TV

Advertise in papers

Define objectives Define objectives Define objectives

Supportpromotions

Supportmanufacturing

Supportpurchasing
http://localhost/var/www/apps/conversion/tmp/Web%20site/Web%20site%20for%20publication%20v1/files/databases/expense_purchases.xlshttp://localhost/var/www/apps/conversion/tmp/Web%20site/Web%20site%20for%20publication%20v1/files/databases/expense_purchases.xlshttp://localhost/var/www/apps/conversion/tmp/Web%20site/Web%20site%20for%20publication%20v1/files/databases/expense_purchases.xls


61/264


62/264


63/264

SellSupply Support

Distribute goods

Store goods

Supportdistribution

Sell to resellers

Sell in stores

Support sales

Sell direct

Prepare financialaccounts

Preparemanagement

accounts

Provide systems

Provide staff

Define objectives Define objectives Define objectives

Processtransactions


64/264

Provide legalservices

Provide taxservices

Ensure quality

Ensure health &safety

Manage theenvironment

Ensure security

Communicate

Manage risks

Manage assets


65/264

Support thesupport services


66/264

E Audit Universe

List of all audits, in business unit order

Businessunit Process Process DescriptionLast audit

number

Administration Support manufacturing Resources are made available to carry


Administration Support promotions Resources are made available to carry


Administration Support supply Resources are made available to carry


Administration Support selling Resources are made available to carry


Administration Define objectives for supporting

the organisation


supporting the organisation are defined

Administration Support the support functions Resources are made available to carry

out the above processesAdministration Support research Resources are made available to carry


Administration Support obtaining premises Resources are made available to carry


Administration Support purchasing Resources are made available to carry


Advertising Define objectives for promotion The objectives of the processes for

promoting sales are defined

Advertising Promote in-store Promote goods in the retail stores through

various offers

Advertising Promote to customers Promote goods to resellers using offers

Advertising Advertise on TV Advertise on television

Advertising Advertise in papers Advertise goods in newspapers andmagazines

Cashiers

accounting

services

Process transactions - cash

and bank

Receive cash transaction data for

purchases, sales, payroll, personal

expenses and other transactions.

Reconcile these to transactions passing

through the bank account. Follow-up

differences

Company

Secretary

Provide legal services Advise all areas of the company

concerning action to be taken on

legislation

Expense

accounting

services

Process transactions - personal

expenses

Personal expenses (for travelling) are

claimed, authorised and paid

Facilitiesmanagement

Maintain premises Premises are maintained to ensuresafety, effectiveness and efficiency at all

times

Factory Plan manufacturing Plan the manufacturing schedule

Factory Manufacture Make the goods

Factory Manufacture Make the goods

David M Griffiths E Audit Universe


67/264

Factory Process transactions -

manufacturing stock

Receive goods against the order, update

stock records, issue the goods to

manufacture, manage stock levels,


Factory Define objectives The objectives of the processes for

manufacturing are defined

Factory Design products Products to be manufactured are

designed

Factory Specify manufacturing Specify how the products are to be

manufactured

Financial

accounts

Prepare financial accounts Collect the data from processed


tax purposes

Financial

accounts

Prepare financial accounts Collect the data from processed


tax purposes

Fixed asset

accounting

services

Process transactions - fixed

assets

Receive invoice details. Decide on

whether to capitalise costs. Add assets to

register. Attach depreciation data and

calculate.Health and

safety

Ensure health & safety Ensure the organisation complies with

legislation and good practice to ensure

the safety of staff and customers

Health and

safety

Manage the environment Ensure the operations of the organisation

obey all environmental laws and good

practice

Human

resources

Provide staff Recruit staff and manage staff policies

Human

resources


Human

resources


Human

resources


Information

systems

Provide systems Provide systems, including computer


operations

Information

systems



operations

Information

systems



operations

Information

systems



operations

Informationsystems Provide systems Provide systems, including computersystems to support the organisations

operations

Internet sales Sell direct Sell direct to the public. For example,




130





68/264





Logistics Define objectives for supplying

goods


supplying goods are defined

Logistics Store goods Store goods in warehouses at stages of

the supply chain

Logistics Distribute goods Distribute goods between factories,

warehouses, stores and customers

Logistics Process transactions -

wholesale stock

Receive goods from the factory, or

supplier,, update stock records, issue the

goods to manufacture, manage stock

levels, minimise stock losses, account for

stock

Management

accounts

Prepare management accounts Collect the data from processed

transactions into accounts for

management to make decisions

Marketing Sell to resellers Sell goods to customers who will resell

them

Marketing Sell to resellers Sell goods to customers who will resellthem

Marketing Sell to resellers Sell goods to customers who will resell

them

Marketing Research markets Research the market segments which will


Marketing Research customers Research the customer profile which will


Merchandising Define objectives for selling

goods

The objectives of the processes for selling

are defined

Merchandising Sell in stores Sell goods in stores operated by the


Merchandising Sell in stores Sell goods in stores operated by theorganisation, or franchised







143







Payroll

accounting

services

Process transactions - payroll Receive details of employees, their salary

and working hours. Calculate pay based

on these, less deductions. Pay over

deductions

Property Research locations Research the locations, in-country and

abroad, which will achieve the

organisation's objectives



69/264

Property Define objectives The objectives of the processes for

obtaining premises are defined

210

Property Obtain offices Decide on the best locations for offices to

house the support staff

Property Obtain factories Decide on the best locations for factories

to manufacture products

Property Obtain warehousing Decide on the best location for premises

to store goods

Property Obtain retail premises Decide on the best location for shops

Public relations Communicate Inform internal and external stakeholders

of the organisation's policies and

intentions

Purchase

accounting

services

Process transactions -

purchases

Receive invoices, obtain approval for

payment, pay for goods and services

Purchasing Define objectives The objectives of the processes for

purchasing are defined

Purchasing Purchase raw materials Purchase items to manufacture goods

Purchasing Purchase raw materials Purchase items to manufacture goods

Purchasing Purchase assets Purchase fixed assets

Purchasing Purchase finished goods Purchase goods for resale

Purchasing Purchase expense goods and

services

Purchase goods and services for the

organisation

Purchasing Purchase expense goods and

services

Purchase utilities for the organisation

Quality Control Ensure quality Ensure all goods sold meet the quality

standards set by legislation and the

organisation

Research and

development

Define objectives The objectives of the research processes

are defined

Research and

development

Research products Research the products, to be

manufactured or purchased, which will


Retail

accounting

services

Process transactions - retail

sales

Receive cash and cash equivalents at the

till, bank them and check all money is

received

Risk manager Manage risks Identify, evaluate and manage risks down

to the level considered acceptable by the

organisation

Sales

accounting

services

Process transactions -

wholesale sales

Carry out credit checks before goods are

despatched, issue invoices and receive

payment for goods

Sales

accounting

services

Process transactions - direct

sales

Process the credit card payments before

authorising despatch of the goods

Security Ensure security The physical security of tangible and




organisation



70/264

Security Ensure security The physical security of tangible and




organisation

Stock

accounting

services

Process transactions - store

stock

Receive goods from the warehouse,

update store stock records, sell the goods

to customers, manage stock levels,


Taxation Provide tax services Advise all areas of the company

concerning action to be taken on tax

legislation

The board Decide strategy The most senior management group (the


organisation

The board Deliver strategy An action plan is devised, at high level,


The board Deliver strategy An action plan is devised, at high level,


The board Deliver strategy An action plan is devised, at high level,which will deliver the objectives

The board Maintain strategy The strategy is regularly updated to take 203

The board Maintain strategy The strategy is regularly updated to take

The board Support strategy Resources are made available to carry

Treasury Manage the assets Ensure that assets of the organisation,

Treasury Manage the assets Ensure that assets of the organisation,



71/264

Last audit name Last audit

Budget

Last audit

actual

Last

timing

Last

auditor

Last final

report

Target

Final

report

achieved

Manufacturing resource

planning

Promotions resource

planning

Supply resource planning

Selling resource planning

Support strategy

Support resource planning

Research resource planning

Location resource planning

Purchase resource planning

Selling strategy

Retail promotions

Wholesale promotions

TV advertising

Newspaper advertising

Bank and cash

Provision of legal services

Personal expenses

Maintenance of premises

Scheduling manufacture

Production accounting

Environmental audit

Last audit details



72/264

Manufacturing stock

Manufacturing strategy

Product design

Manufacturing specification

Financial accounting

Project - IAS

Fixed assets

Health and safety

Environmental

Recruitment

Succession planning

Staff training

Staff policies

Virus checking

Back-up procedures

Access controls

IS contingency plans -

hardware

IS contingency plans -communications

Stock control

Internet sales 15 14 Mar-05 Heath 5-Apr-05 5-Apr-05

Internet sales



73/264

Internet sales See above

Complaints procedures

Supply strategy

Warehouse operations

Distribution

Wholesale stock

Management accounting

Stock control

Accounts receivable


Market research

Market research

Selling strategy

Market anticipation

Market anticipation

Store planning

Price file maintenance

Stock control 20 22 Sep-06 Smith 1-Oct-04 3-Oct-04

Store accounts

Pricing policy


Payroll

Geographic research



74/264

Location strategy 50 45 2004 Murphy 10/28/2004 10/28/2004

Locating offices

Locating factories

Locating warehouses

Locating shops

Communications

Accounts Payable

Purchasing strategy

Purchasing for manufacture


Purchase of assets

Purchase of goods for

resale

Purchase of expense goods

and services

Purchase of expense goods

and services

Quality control

Research strategy

Product research

Retail cash takings

Risk management

Accounts receivable See above

Internet sales See above

Site security



75/264

Contingency planning

Retail stock

Provision of tax services

Organisation's strategy

Delivery of strategy


(Projects are individuallyaudited)

Ethical guidelines 20 23 2003 Smith 6/23/2003 6/28/2003

Monitoring of external

(Carried out within the

Treasury

Working capital



76/264

Last result Audit plan

date

Next audit

number

Next audit name Next audit

budget

Next

timing

Manufacturing resource

planning

Promotions resource planning

Supply resource planning

Selling resource planning

Support strategy

Support resource planning

Research resource planning

Location resource planning

Purchase resource planning

Selling strategy

Retail promotions

Wholesale promotions

TV advertising

Newspaper advertising

Bank and cash

Provision of legal services

Personal expenses

Maintenance of premises

Scheduling manufacture

Production accounting

Environmental audit

Next audit detai



77/264

Manufacturing stock

Manufacturing strategy

Product design

Manufacturing specification

Financial accounting

Project - IAS

Fixed assets

Health and safety

Environmental

Recruitment

Succession planning

Staff training

Staff policies

Virus checking

Back-up procedures

Access controls

IS contingency plans - hardware

IS contingency plans -communications

Stock control

Issues 2006 201 Internet sales 14 Oct-06

Internet sales



78/264

Internet sales

207 Complaints procedures (see above)

Supply strategy

Warehouse operations

Distribution

Wholesale stock

Management accounting

Stock control 20 Oct-06

Accounts receivable 10 Aug-06

207 Complaints procedures (see above)

Market research

Market research

200 Selling strategy 10 Jan-06

201 Market anticipation 20 Jan-06

201 Market anticipation (see above)

203 Store planning 15 Mar-06

204 Price file maintenance 20 Apr-06

Acceptable 2006 205 Stock control 22 Sep-06

206 Store accounts 10 Jun-06

202 Pricing policy 20 Feb-06

207 Complaints procedures 30 Jul-06

Payroll

Geographic research



79/264

nacceptable

253

Location strategy

Jones

Locating offices

Locating factories

Locating warehouses

Locating shops

Communications

Accounts Payable

Purchasing strategy



Purchase of assets

Purchase of goods for resale

Purchase of expense goods and

services

Purchase of expense goods and

services

Quality control

Research strategy

Product research

Retail cash takings

Risk management

Accounts receivable

Internet sales

Site security



80/264

Contingency planning

Retail stock

Provision of tax services

Organisation's strategy



(Projects are individuallyaudited)

acceptable 2006 250 Ethical guidelines Q1 2005

Monitoring of external influences

(Carried out within the above

Treasury

Working capital



81/264

Next

auditor

Status Next final

report

Target

Next final

report

Achieved

2006

opinion on

risk

ls



82/264

Heath To start TBA



83/264

Smith To start TBA

Khan To start TBA

Smith To start 18-Jan-06

Khan To start 18-Feb-06

Smith To start 24-Mar-06

Heath To start TBA

Khan To start TBA

Smith To start TBA

Heath To start 27-Feb-06

Heath To start TBA



84/264

To start 8/20/2005



85/264

Patel To start



86/264

Appendix F

Risk and Audit Universe

L1 Level 1 process L2 Level 2 process L3 Level 3 process

1 Define

organisation's

objectives

1 Decide strategy

1 Define

organisation's

objectives

1 Decide strategy

1 Define

organisation's

ob ectives

1 Decide strategy

1 Defineorganisation's

objectives

2 Communicate strategy

1 Define

organisation's

ob ectives

3 Deliver strategy

1 Define

organisation's

objectives

3 Deliver strategy

1 Define

organisation's

ob ectives

3 Deliver strategy

1Defineorganisation's

objectives

4 Maintain strategy

1 Define

organisation's

ob ectives

4 Maintain strategy

1 Define

organisation's

objectives

5 Support strategy

2 Research new

business

opportunities

1 Define objectives

2 Research new

business

opportunities

2 Research products

2 Research new

business

o ortunities

3 Research markets

David M Griffiths F Risk and audit universe


87/264

2 Research new

business

o ortunities

4 Research customers

2 Research new

business

o ortunities

5 Research locations

2 Research new

business

o ortunities

6 Support research

3 Obtain, and fit out,

premises

1 Define objectives


premises

2 Obtain offices


premises

3 Obtain factories


premises

4 Obtain warehousing

3 Obtain, and fit out,premises

5 Obtain retail premises


premises

6 Maintain premises


premises

7 Support obtaining

premises

4 Purchase ggods

and services

1 Define objectives

4 Purchase ggods

and services


4 Purchase ggods

and services


4 Purchase ggods

and services

3 Purchase assets

4 Purchase ggods

and services

4 Purchase finished

goods

4 Purchase ggods

and services

5 Purchase expense

goods and services

4 Purchase ggods

and services

5 Purchase expense

goods and services

4 Purchase ggods

and services

6 Support purchasing

5 Manufacture 1 Define objectives

5 Manufacture 2 Design products

5 Manufacture 3 Specify manufacturing

5 Manufacture 4 Plan manufacturing




88/264


5 Manufacture 6 Support manufacturing

6 Advertise and

promote


promotion

6 Advertise and

romote

2 Promote in-store

6 Advertise and

promote

3 Promote to customers

6 Advertise and

romote

4 Advertise in papers

6 Advertise and 5 Advertise on TV

6 Advertise and

romote

6 Support promotions

7 Store and distribute

goods


supplying goods


goods

2 Store goods


goods

3 Distribute goods


goods

4 Support supply

8 Sell goods 1 Define objectives for

selling goods











89/264









8 Sell goods 5 Support selling

9 Support the

organisation in

achieving its

ob ectives


supporting the

organisation


achieving its

2 Prepare managementaccounts

9 Support the

organisation in

3 Prepare financial

accounts

9 Support the

organisation in

3 Prepare financial

accounts

9 Support the

organisation in

achieving its

ob ectives

4 Provide staff

9 Support the


ob ectives

4 Provide staff

9 Support the

organisation in

achieving its

ob ectives

4 Provide staff



90/264

9 Support the

organisation in

achieving its

ob ectives

4 Provide staff

9 Support the

organisation in

achieving its

ob ectives

5 Provide systems

9 Support the

organisation in

achieving its

ob ectives

5 Provide systems

9 Support the

organisation in

achieving its

ob ectives

5 Provide systems

9 Support the

organisation in

achieving its

ob ectives

5 Provide systems


achieving its

ob ectives

5 Provide systems

9 Support the

organisation in

achieving its

6 Process transactions 1 Process transactions

- purchases

9 Support the

organisation in

achieving its


- retail sales

9 Support the

organisation in

achieving its


- wholesale sales

9 Support the

organisation in

achieving its


- direct sales

9 Support the

organisation in

achieving its

objectives

6 Pr

Implementation v1.0

Documents