S Ox Inventory Management Risks and Controls

RISK
REFERENCE
OBJECTIVE
OBJECTIVE
CATEGORY
Unit:
Subject: Sarbanes-Oxley Act Review - Inventory Management
Title: Risk & Control Identification
Year end:
POTENTIAL RISK
SUGGESTED CONTROLS TO MITIGATE THE POTENTIAL RISK

(Internal Audit)
MANAGEMENT CONTROL or COMMENTS (if Risk is

excluded from the Scope)
CONTROL OWNER
(Name)
MILL RAW MATERIALS

Receiving of Raw Materials
Raw materials are received and accepted only if
they have valid Purchase Orders. (validity)
O,F INV101 Raw materials are received and accepted on invalid

Purchase Orders or without Purchase Orders. The
following may be received and ultimately paid for, rather
than returned or refused: unordered raw materials,
excessive quantities, incorrect items, cancelled or
duplicated deliveries. Raw materials that arrive too early
or too late may be accepted. Company policy is not
followed regarding the handling of receipts for which no
Purchase Order can be located on SAP.
The requirement exists that a goods receipt must reference a

Purchase or Production Order so there is certainty the goods received
were ordered. All goods received are based on a valid Purchase
Order (PO) number. Purchase Order is stated on delivery documents
and is verified for validity.
Raw materials are checked for quantity and quality O,F, INV102 Raw materials received are not subject to an inspection
before being accepted.
for quality / quantity. Criteria are not clearly established
C
for inspecting received goods and services. No policy
is established for inspecting receipts in proportion to
their importance and value. Only the vendor's delivery
note (and not the physical goods) is matched to the
Purchase Order. Inspection results are not recorded to
be available for the vendor evaluation process.
Vendors do not deliver the expected quantity or
materials. Goods receipt discrepancies are not
addressed. Company policy regarding the handling of
under/over deliveries is not followed. Tolerances for
under/over deliveries are set to inappropriate values.
Raw materials are accepted without authorised
documentation (e.g. COAs - Certificate Of Analysis).
Goods counted and inspected before acceptance: overshipments and

unacceptable items are returned to the vendor. Materials are checked
for quantity and quality: Quantities of material received are verified by
actual count, weight, or measurement by the receiving department.
Quality inspection evidenced by inspection reports, notations,
receiving reports, or other acceptable records. Variances in quantity
ordered versus quantity shipped are reported. Quantities less than
those indicated on the Purchase Order may be accepted; however,
quantities more than those indicated on the Purchase Order should be
approved by the requisitioning department and the buyer.
O, F INV103 Damaged or low quality goods received are not properly

identified and handled. Defective raw materials are not
returned to the supplier and are accepted into stock.
Accounts payable is not notified of goods returned to
vendor, and the invoice is paid. Return deliveries are
not entered promptly into the system in order to reverse
the goods receipt updates. No process is established to
ensure the vendor issues credit memos when
appropriate.
Defective raw materials received from suppliers are logged. The log is
monitored to ensure that the defective goods are returned promptly
and that the credit (AP) is received timely. Rejected raw materials are
adequately segregated from other raw materials and are not used.
Rejected raw materials are regularly monitored to ensure timely return
to suppliers. A security check to either an authorised return form or a
delivery note is performed on all goods leaving the premises.
Returns of raw materials to suppliers are properly

handled.
335046805.xls 10/28/2016
Page 1 of 21
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK
Only raw materials received are recorded. (validity) O, F INV104 Fictitious receipts of raw materials may be recorded.
Invalid materials may be recorded. Payments may be
made for fictitious goods.

(Internal Audit)

CONTROL OWNER
(Name)
SAP edits and validates input GRN data on-line. The values that are
allowed, for example, for a material master, are known to the system.
Upon entry in the field SAP automatically checks the value entered
against the values available in the configuration tables. Most goods
receipts are created with reference to a Purchase Order.
Raw materials received are recorded accurately.

(accuracy)
O, F INV105 Raw materials receipts are not recorded accurately.

Incorrect goods receipt information is entered.
Capturing of receipts directly into SAP: Mandatory fields, Tolerance

levels, Visual checks by operator, e.g. key in material number and
description appears on the screen, Limit/reasonableness checks on
quantities (e.g. no negative amounts). SAP edits and validates input
Goods received note (GRN) data on-line. Most goods receipts are
created with reference to a Purchase Order. SAP then copies
information from Purchase Order into GRNs per configuration. The
SAP material movement automatically creates both a material (for
quantity) and accounting (for value) document. The transactions
update these items: Purchase Order history, stock overview, Material
Requirements Planning (MRP) (planning file), general ledger
accounts.
Raw materials received are allocated correctly.

(classification)
All raw materials received are recorded.
(completeness)
O, F INV106 Goods receipts do not have the correct account

assignments.
O, F INV107 All raw materials are not recorded when received.
Inventory received is not recorded at all. Goods
movements are not captured on SAP (i.e. receipt of raw
materials).
Account assignment is determined at the time of purchase

authorisation (PR / PO).
All deliveries must be directed through Stores Receiving. Appropriate
stores procedures should be implemented to ensure all raw materials
receipts are recorded. Vendor statement reconciliation including
follow-up of invoices without GRNs.
Receipts of raw materials are recorded timeously

and in the correct period. (proper period)
O, F INV108 All raw materials received are not recorded in the period Documentation in respect of goods received at, before, or after the
in which they have been received. Goods receipts are end of an accounting period is scrutinised and/or reconciled to ensure
not entered immediately into the system, particularly on complete and consistent recording in the appropriate period.
period-end dates.
Received raw materials are safeguarded.
O, F INV109 Raw materials are received by unauthorised personnel. Goods are delivered only to designated, physically secure locations
Received goods are not physically secured to protect
within a warehouse or storage building and are accepted only by
them from theft. Personnel are not required to
authorised personnel (stores personnel).
acknowledge receipt of goods.
Raw materials are delivered to the correct location. O, F INV110 Raw materials are delivered to the incorrect location.
Purchase Order forms are pre-printed with the receiving location and
that instruct vendors only to deliver to that location. Security
accompanies vendors which deliver toxic, chemicals and other
environmentally sensitive material to the correct location.
Expected and overdue orders for raw materials are O, F INV111 No monitoring of expected or overdue goods receipts.
monitored.
Vendors do not deliver on time. No action is taken for
late deliveries.
Expedition of Purchase Orders is covered under the Expenditure

cycle.
See weighbridge for relevant controls and risks over

incoming product.
Transfers (issues) of Raw Materials to Production

Issues from raw materials inventory are made only O, F INV201 Goods movements in SAP (inventory transfers, transfer
on the basis of authorised documents.
postings) are not authorised. Unauthorised issues may
(authorisation)
be recorded. Incorrect quantities of raw materials may
be transferred to production. Raw materials not
requested transferred to production.
335046805.xls 10/28/2016
Appropriate documentation is completed when goods are issued:

Written stores requisition is required for all raw materials issues.
Materials are only transferred on the basis of a properly approved
source document. Transfer documentation should accompany all
transfers, stores or other activities and personnel should verify
material and quantity received. Requesting department should sign
approval on stores requisitions as acknowledgement of receipt.
Page 2 of 21
All issues of raw materials to production are

accounted for. (completeness)
All material is issued in a timely manner.
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK
O, F INV202 Issues from raw materials inventory may not be

recorded. Transfer documents may be lost. Goods
movements are not captured in SAP.
O
INV203 Late raw materials issues may resulting in loss of

production time.

(Internal Audit)
A procedure should be established that the material is issued to an

order (transfer, work, etc.) within an established time period after the
inventory has been picked. By issuing the material to the order
immediately after the pick has been completed, the inventory levels
are kept current and the possibility of the wrong material being issued
to an order is minimized.
Transfers of raw materials are documented. Transfers (issues) from
raw materials to production are only done on the basis of a source
document. A procedure should be established whereby the source
documents are captured in SAP within an established time period
after the inventory has been issued. By recording the issue in SAP
immediately after the issue has been completed, the inventory levels
in SAP are kept current and the possibility errors are reduced.
Physical inventory is counted periodically. Inventory counts are
reconciled to inventory records and a theoretical usage is derived.
Monthly consumption figures are reviewed by Management.
Variances against standard are identified and investigated.
All materials requisitioned represent valid items

and quantities used in the production of pulp or
paper at the mill. (validity)
Validations prevent the entry of incorrect information (e.g. nonexistent

storage locations or materials). SAP has standard reports for goods
issued and goods received, these report are reviewed regularly.
Transfers between units/mills are recorded

accurately and timeously.
INV205 Raw materials could be used for unauthorised

purposes. Incorrect raw materials are used.
O, F INV206 Transfers between units/mills are not recorded.
CONTROL OWNER
(Name)
Prenumber transfer documents (e.g. stores requisitions) should exist.

The sequence of these documents is independently checked. Missing
documents should be investigated.
Issues from raw materials inventory are correctly

O, F INV204 Transfers (issues) of raw materials to production may
recorded as to quantity and amount. (accuracy).
not be accurately recorded. Raw materials issues may
Issues from raw materials inventory are processed
be processed in the incorrect period or to the incorrect
in the correct accounting period to the correct
account. Raw materials may be allocated to the
account. (classification and proper period)
incorrect cost centre. Transfer procedures do not
require preparation of supporting documentation.

Require appropriate documentation of materials transferred from Raw

Materials Stores to other business activities.
See weighbridge for risks relevant to other mass

measurement devices for issues to production.
Storage of Raw Materials

Company personnel store materials in accordance O, C INV301 Raw materials inventory is unusable. Chemicals are
with established Company Policy.
not stored in a dry, safe place and separate from other
raw materials. Other raw materials are not usable due
to bad storage.
Develop strategy/policy for storing materials to include (1) the number

and type of storage locations to be used, (2) Warehouse placement of
materials (3) OSHAct requirements for the proper labelling/storage of
hazardous materials (4) Storage capacity levels (5) Physical inventory
requirements. A shelf life strategy is developed and authorised to
include any materials that would have specified timeframe for usage.
Physical storage methods regularly reviewed for sources of inventory
deterioration.
Raw materials inventory is adequately

safeguarded. There are special safeguards for
expensive material and material susceptible to
personal use or sale.
O, C INV302 Unauthorised access to raw materials inventory misappropriation of raw materials inventory.
Storage areas secured against unauthorised admission. Periodic

stock counts should be regularly performed. Storage areas secured
against unauthorised admission.
All warehouse and inventory locations comply with

appropriate government, regulatory, and company
policies.
O, C INV303 Non-compliance with statute and / or company policy

e.g. with regard to safety, notices. Fines / Loss of
ratings (e.g. NOSA).
Management reviews all physical inventory storage locations for

compliance with government, regulatory, and company policies.
335046805.xls 10/28/2016
Page 3 of 21
Hazardous materials are stored and handled in an

appropriate manner in accordance with applicable
government regulations.
Receiving and despatch of raw materials are

separate.
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK
O, C INV304 Hazardous materials are not stored, handled and

transported in compliance with applicable laws and
regulations. Fines / Loss of ratings (e.g. NOSA).

(Internal Audit)
INV305 Receiving and despatch of raw materials take place out Physical storage areas for goods issued and goods received should
of the same entrance. Lack of segregation of duties.
be segregated. Different personal are responsible for receiving and/or
issuing raw materials.
Detailed records maintained for any adjustments processed. The

O, F INV306 Adjustments to raw materials inventory prices or
quantities do not relate to valid price changes and
officials are authorised to make raw materials adjustments only on the
physical inventory differences. Recorded scrapped raw basis of an authorised source document.
materials are not valid.
All raw materials inventory adjustments (including

scrapping) are recorded when identified and are
subsequently accounted for as having been
processed. (completeness)
O, F INV307 All adjustments to raw materials inventory are not

recorded.
Inventory adjustments data is edited and validated; identified errors

are corrected promptly. Maintain procedures for promptly updating
inventory records.
Raw materials adjustments (including scrapping)

are processed to the correct account within the
correct accounting period. (classification and
proper period)
O, F INV308 Raw materials adjustments may be processed in the

incorrect period or to the incorrect account. Raw
materials scrapped items are not processed timeously.
Goods received at, before, or after the end of an accounting period

are scrutinised and/or reconciled to ensure complete and consistent
recording in the appropriate period.

are accurately processed. (accuracy)
Raw material adjustments are compared to authorised source

O, F INV309 Adjustments to raw materials may be inaccurately
recorded or incorrectly processed. Raw materials
documents to ensure that they were input accurately.
scrapped items are not processed accurately. Costs of
scrapped items are not written off.

are reviewed and approved by a responsible
official. (authorisation)
O, F INV310 All adjustments to raw materials inventory have not

been authorised in accordance with the appropriate
limit of authority. The scrapping of raw materials is not
authorised.
The officials are authorised to make raw materials adjustments only

on the basis of an authorised source document. Management
reviews and approves all recorded adjustments to inventory prices or
quantities.
Inventory valuation policy is adhered to when

O, C, INV311 Raw materials inventory does not reflect the existing
valuing raw materials stock. Inventory reserves
business circumstances and economic conditions in
F
are reviewed and adjusted to ensure that balances
accordance with the accounting policies being used.
do not exceed net realisable values.
(lower of cost or Net Realisable value (NRV))
Raw Materials are valued automatically in SAP according to moving

average price. At the end of each accounting period management
should assess whether there is any indication that inventory may be
impaired. The recoverable amount should be estimated. Application
of stock valuation policy by controlling when valuing stock on a
monthly basis.
Raw materials are issued on a first in first out

basis.
Materials are issued to production on a FIFO basis, expiry dates are

monitored and there is regular turnover of the main raw materials,
limiting the risk of obsolescence.
Individual inventory balances per SAP are

periodically compared to the physical inventory of
raw materials. (completeness, accuracy and
validity)
335046805.xls 10/28/2016
O,F INV312 Raw materials inventory may expire - exceed the shelf
life - or become obsolete.
O
CONTROL OWNER
(Name)
The item master record should contain a field to identify the material
as hazardous. Appropriate procedures for handling and storing
hazardous materials should be maintained. There should be proper
follow up on reported safety concerns. Relevant policies should be
maintained which are consistent with Occupational Safety and Health
Administration and other pertinent laws and regulations approved at
technical and legal personnel. Compliance should be monitored.
Raw materials inventory adjustments (including

scrapping) are valid. (validity)
Inventory levels are maintained in accordance with

established Company Policy. Limits are placed on
quantities to be maintained in inventory. The
adequacy and appropriateness of inventory levels
is monitored.

Management monitors the adequacy and appropriateness of inventory

INV313 Inadequate or inappropriate inventory levels are
maintained. Unanticipated or excess inventory carrying levels. Stock level policies are established to include replenishment
costs may be incurred.
cycles, safety stock levels, slow moving inventory, etc. and this plan is
communicated to appropriate personnel. Stock replenishment policies
are periodically reviewed, at least annually, to ensure policies meet
changing company needs. The value of items in stock is maintained at
the lowest practical levels in order to economise the use of working
capital and to minimise the costs of storage.
O,F INV314 Inventory balances may be incorrectly recorded.

Correct raw materials stock count procedures are not
followed (e.g. as regards cut-off.) Stock counts of raw
materials are not properly recorded.
Physical inventory is counted periodically by persons independent of

day-to-day custody or recording of inventory. Inventory counts are
reconciled to inventory records and inventory records are reconciled
to the general ledger.
Page 4 of 21
Adjustments resulting from the comparison of

physical to recorded inventory of raw materials are
approved by a responsible official. (authorisation)
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK
O,F INV315 Raw materials stock count adjustments are not

authorised, or are inaccurate or incomplete. Raw
materials stock count differences are not investigated
and corrected.

(Internal Audit)
CONTROL OWNER
(Name)
Raw material stock count adjustment data is edited and validated;

identified errors are corrected promptly. Raw material stock count
adjustments are compared to authorised source documents to ensure
that they were input accurately.
Raw materials inventory is usable. Inventory is

periodically reviewed for excess and obsolescence
issues.
INV316 Obsolete and slow moving raw materials items have not The usability of raw materials is assessed regularly including a review
been identified.
during physical inventory counts. Inventory ageing reports are
prepared and analysed regularly.
Replacement items have been ordered (if required)

for raw materials scrapped.
Scrapped raw materials are kept separate from
other inventory.
INV317 Replacement items have not been ordered (if required)

for raw materials scrapped.
INV318 Scrapped raw materials are not kept separate from
other inventory.
System functionality monitors and maintains inventory levels in

accordance with organisation policies.
Obsolete, excess, and damaged inventories are adequately
segregated from other finished goods inventories and are monitored
to ensure appropriate and timely disposition.
Sufficient inventory of raw materials is kept on

hand. Stock balances are adequate to support the
current rate of consumption, with regard to
economy.
INV319 Insufficient raw materials inventory levels resulting in

loss of production time or excess inventory or
inaccurate or untimely material requirement forecast.
Management monitors the adequacy and appropriateness of inventory

levels or SAP functionality monitors and maintains inventory levels in
Only valid changes are made to the raw materials

master data file. (validity)
INV401 Changes to raw materials master data are not valid.
A procedure is established that changes to the raw materials material

master record are documented on a valid source document and
approved by owner of the material master information. All information
entered during raw materials master creation and/or change is
automatically validated by SAP. For example, the values that are
allowed for base unit of measure, pricing group, purchase
organisation and account group are known to SAP. Upon entry in the
field, the system automatically checks the value entered against the
values available in the configuration tables. An error message is
generated if the value entered is not available.
Duplicate raw materials master records are

avoided.
INV402 Duplicate raw materials master data may be created.

The same material is defined more than once in the
masterfile but with different names. This may result in
incomplete materials management reporting due to
more than one material number and/or confusion when
selecting material when processing Purchase Orders.
All raw material master entries must be reviewed against the existing
material master before entry into SAP to ensure there are no
unnecessary duplication of materials in the material master. Standard
naming conventions are used to reduce the possibility of duplicate
material names. The Material List (RMMVRZ00) report is generated
and reviewed at least quarterly or as needed for duplicate materials.
This lists materials by number, type, group, and user who created the
material. Duplicate materials will be investigated and deleted from the
material master record if they are not held in inventory, used in a
BOM, or purchase requisition or Purchase Order.
Raw material master data changes are approved

by a responsible official. (authorisation)
INV403 Changes to raw materials master data are not

authorised.
The officials are authorised to enter, modify or delete raw material

master data only on the basis of an authorised source document.
Significant changes to the raw material master file are approved by
management.
Changes to raw materials master data are

accurate. (accuracy)
INV404 Inaccurate raw materials data may be entered.

Changes to raw materials master data may be
incorrect. For example, a material may be characterised
as an inappropriate material type.
The officials (responsible for maintenance of raw material master

data) shall authorise all requests for modification of the material
master data after having checked the contents and the accuracy of
the data supplied. SAP edits and validates material master records
online. Recorded changes to the material master file data are
compared to authorised source documents to ensure that they were
input accurately.
All valid and authorised changes to raw materials

master data are processed. (completeness)
INV405 Not all valid changes to the raw materials master data
are input and processed. Not all materials are included
in the material master.
Requests to change raw material master file data are submitted on

prenumbered forms, the numerical sequence of such forms is
accounted for to ensure that all request changes are processed.

Raw Materials Master Data
335046805.xls 10/28/2016
Page 5 of 21
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK

(Internal Audit)
Raw material master information is recorded in a

consistent and complete fashion to expedite
production and procurement functions. Material
master data information is complete.
INV406 Incomplete raw material master data may be entered.

Critical fields that must be entered are not specified as
mandatory. Not all materials components (general,
plant, storage location, batch valuation, forecast) are
established.
The field status group defines for a particular material type which
fields are mandatory.
Changes to the raw materials master file are

processed timeously. (proper period)

processed timeously.
Requests to change raw material master file data are logged. The log
is reviewed to ensure that all request changes are processed
timeously.
Raw materials master data remains pertinent.
INV408 Raw material master file data does not remain

Raw material master file data is periodically reviewed by management
pertinent. Material master data no longer needed is not for accuracy and ongoing pertinence. Materials that have not been
deleted/archived from the system.
used for a significant period of time are reviewed to ensure that the
material master file remains up-to-date.
All changes to, and deletion, of raw materials

master data records must be properly logged,
documented and retained. The accuracy and
timeliness of changes to the material master
record is reviewed.

supported by valid documentation. Required
documentation is not retained for mandatory retention
periods. Changes to raw materials master data are not
reviewed by a senior member of staff. No responsibility
is assigned for regularly reviewing audit trails of change
information.

CONTROL OWNER
(Name)
Recorded changes to raw materials master file data are compared to

authorised source documents by a senior member of staff to ensure
that the correct changes were made. A list of changes can be
generated using SAP (MM04). A list is prepared with date and time of
change, old and new values for fields and also the user that entered
the change.
MILL ENGINEERING (STORES ITEMS)

Receiving of Engineering Stores items
Engineering stores items are received and
accepted only if they have valid Purchase Orders.
(validity)
O,F INV501 Engineering stores items are received and accepted on

invalid Purchase Orders or without Purchase Orders.
Company policy is not followed regarding the handling
of receipts for which no Purchase Order can be located
on SAP.
The requirement exists that a goods receipt must reference a

Purchase or Production Order so there is certainty the goods received
were ordered. All goods received are based on a valid Purchase
Order (PO) number. Purchase Order is stated on delivery documents
and is verified for validity.
Engineering stores items are inspected before

acceptance.
O,F INV502 Engineering stores items received are not subject to an

inspection for quality / quantity. Criteria are not clearly
established for inspecting received goods. No policy is
established for inspecting receipts in proportion to their
importance and value. Only the vendor's delivery note
(and not the physical goods) is matched to the
Purchase Order. Inspection results are not recorded to
be available for the vendor evaluation process.
Vendors do not deliver the expected quantity or
materials. Goods receipt discrepancies are not
addressed. Company policy regarding the handling of
under/over deliveries is not followed. Tolerances for
under/over deliveries are set to inappropriate values.
Goods counted and inspected before acceptance: overshipments and

unacceptable items are returned to the vendor. Materials are checked
for quantity and quality: Quantities of material received are verified by
actual count, weight, or measurement by the receiving department.
Quality inspection evidenced by inspection reports, notations,
receiving reports, or other acceptable records. Variances in quantity
ordered versus quantity shipped are reported. Quantities less than
those indicated on the Purchase Order may be accepted; however,
quantities more than those indicated on the Purchase Order should be
approved by the requisitioning department and the buyer.
Returns of engineering stores items to suppliers

are properly handled.
O,F INV503 Damaged or low quality goods received are not properly
identified and handled. Defective engineering stores
items are not returned to the supplier and are accepted
into stock. Accounts payable is not notified of goods
returned to vendor, and the invoice is paid. Return
deliveries are not entered promptly into the system in
order to reverse the goods receipt updates. No process
is established to ensure the vendor issues credit
memos when appropriate.
Defective engineering stores items received from suppliers are

logged. The log is monitored to ensure that the defective goods are
returned promptly and that the credit (AP) is received timely. Rejected
engineering stores items are adequately segregated from other
engineering stores items and regularly monitored to ensure timely
return to suppliers. A security check to either an authorised return
form or a delivery note is performed on all goods leaving the
premises.
335046805.xls 10/28/2016
Page 6 of 21
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK

(Internal Audit)
Only engineering stores items received are

recorded. (validity)
O,F INV504 Invalid receipts of engineering stores items are

recorded.
Engineering stores items received are recorded

accurately. (accuracy)
O,F INV505 Engineering stores receipts are not recorded accurately. Capturing of receipts directly into SAP: Mandatory fields, Tolerance
Incorrect goods receipt information is entered.
levels, Visual checks by operator e.g. key in material number and
description appears on the screen, Limit/reasonableness checks on
quantities (e.g. no negative amounts). SAP edits and validates input
GRN data on-line. Most goods receipts are created with reference to
a Purchase Order. SAP then copies information from Purchase Order
into GRNs per configuration. The SAP material movement
automatically creates both a material (for quantity) and accounting (for
value) document. The transactions update these items: Purchase
Order history, stock overview, MRP (planning file), general ledger
accounts.
Engineering stores items received are allocated

O,F INV506 Receipts of engineering stores items do not have the
correctly. (classification)
correct account assignments.
All engineering stores items received are recorded. O INV507 All engineering stores items are not recorded.
(completeness)
Inventory received is not recorded at all.

CONTROL OWNER
(Name)
SAP edits and validates input GRN data on-line. The values that are
allowed, for example, for a material master, are known to the system.
Upon entry in the field SAP automatically checks the value entered
against the values available in the configuration tables. Most goods
receipts are created with reference to a Purchase Order.
Account assignment is determined at the time of purchase

authorisation (PR / PO).
All deliveries must be directed through Stores Receiving. Appropriate
stores procedures should be implemented to ensure all raw materials
receipts are recorded. Vendor statement reconciliation including
follow-up of invoices without GRNs.
Receipts of engineering stores items are recorded O,F INV508 All engineering stores items received are not recorded Documentation in respect of goods received at, before, or after the
timeously and in the correct period. (proper period)
in the period in which they have been received. Goods end of an accounting period is scrutinised and/or reconciled to ensure
Perpetual inventory records are updated as of the
movements are not captured on SAP (i.e. receipt of
complete and consistent recording in the appropriate period.
date the goods are received.
engineering stores items).
Received engineering stores items are
safeguarded. Engineering stores items are
delivered to the correct location.
O,F INV509 Raw materials are received by unauthorised personnel.

Received goods are not physically secured to protect
them from theft. Personnel are not required to
acknowledge receipt of goods. Engineering stores
items are delivered to the incorrect location.
Goods are delivered only to designated, physically secure locations

within a warehouse or storage building and are accepted only by
authorised personnel. Purchase Order forms are pre-printed with the
receiving location and instruct vendors only to deliver to that location.
Expected and overdue orders for engineering

stores items are monitored.
O,F INV510 No monitoring of expected or overdue goods receipts.

Vendors do not deliver on time. No action is taken for
late deliveries.
Expedition of purchase orders is covered under the Expenditure cycle.
Engineering Stores items sent for repairs

The costs relating to items sent out for repairs are
allocated accurately. (classification)
O,F INV601 Costs are not allocated to the correct department or not All costs of repairs allocated should be reviewed by management for
allocated accurately. Incorrect costs are allocated to
accuracy.
the works order. Repairs are not allocated to the
correct sub-order or allocated to the incorrect sub-order.
Items sent out for repair are repaired timeously.
INV602 Repairs are not done or not done timeously.
A maintenance register should be kept detailing all repairs history of

each engineering stores item. The maintenance register should be
regularly reviewed to identify engineering stores due for repairs.
The correct repairs are performed on items sent

out for repairs. (accuracy)
INV603 Incorrect repairs are performed. Scope of repairs are

not received from vendors or are incorrect. Repair
history does not accompany item to be repaired and
repairs are not done in terms of valid documentation.
All repairs should be supported by authorised documentation. The

documentation should state what repairs need to be performed and
repair history.
335046805.xls 10/28/2016
Page 7 of 21
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK
Items to be sent out for repair are approved by a

O,F INV604 Workshop foreman does not inspect repairable item
responsible official, to ensure inter alia, that repairs
before repairs are undertaken. Items that could be
are correctly allocated internally or externally.
repaired internally are sent out for repair at higher costs
(authorisation)
to the company. Repairs are commissioned /
undertaken without appropriate authorisation.
Items sent out for repair are accounted for and
controlled.
INV605 Items sent for repair are swapped with inferior items
before they are sent back to the mill. Long outstanding
items are not followed up. Vendors do not return
scrapped items to the mill and items are not sent to the
salvage yard at the mill. Items sent for repair are not
returned.

(Internal Audit)

CONTROL OWNER
(Name)
Only repairs which have been authorised by management can be

allocated to the works order. Repairs should be sent to an internal
specialist to determine whether the repairs should be done externally.
All repairs should be authorised in terms of the Limits of Authority.
A repairs register should exist. The register should be regularly

examined to identify long outstanding repairs not yet returned. Long
outstanding repairs should be investigated. The documentation
supporting the item to be repaired should include details of the items
make, model and serial number. These details should be agreed to
the item on return. All outstanding items sent for repairs should be
followed up. All scrapped items should be returned by the vendor and
sent to the salvage yard.
Transfers (issues) of Engineering Stores items to the Plant

Issues from engineering stores inventory are made O,F INV701 Unauthorised issues may be recorded. Incorrect
only on the basis of authorised documents.
quantities of engineering stores are transferred to the
(authorisation)
plants. Engineering stores not requested may be
transferred to production.
Written stores requisition is required for all engineering stores issues.

Materials are only transferred on the basis of a properly approved
source document. Transfer documentation should accompany all
transfers, stores or other activities and personnel should verify
material and quantity received. Requesting department should sign
approval on stores requisitions as acknowledgement of receipt.
All issues of engineering stores to the plants are

accounted for. (completeness)
Prenumbered transfer documents (e.g. stores requisitions) should

O,F INV702 Issues from engineering stores inventory may not be
recorded. Goods movements are not captured in SAP. exist. The sequence of these documents is independently checked.
Missing documents should be investigated.
Issues from engineering stores inventory are

correctly recorded as to quantity and amount.
(accuracy) Issues from engineering stores
inventory are processed in the correct accounting
period to the correct account. (classification and
proper period)
O,F INV703 Transfers of engineering stores to the plant may not be

accurately recorded. Engineering stores issues may be
processed in the incorrect period or to the incorrect
account. Engineering stores may be allocated to the
incorrect cost centre.
All engineering stores items requisitioned

represent valid items and quantities used in the
production of pulp or paper at the mill. (validity)
INV704 Engineering stores items could be used for

unauthorised purposes or personal gain.
Transfers of raw materials are documented. Transfers (issues) from

raw materials to production are only done on the basis of a source
document. A procedure should be established whereby the source
documents are captured in SAP within an established time period
after the inventory has been issued. By recording the issue in SAP
immediately after the issue has been completed, the inventory levels
in SAP are kept current and the possibility errors are reduced.
Physical inventory is counted periodically. Inventory counts are
reconciled to inventory records and a theoretical usage is derived.
Monthly consumption figures are reviewed by Management.
Variances against standard are identified and investigated.
Security perform random checks on personnel / vehicles leaving the

mill.
Storage of Engineering Stores Items

Company personnel store engineering stores items O,C INV801 Engineering stores items are unusable due to bad
in accordance with established Company Policy.
storage.
335046805.xls 10/28/2016
Develop strategy/policy for storing materials to include (1) the number

and type of storage locations to be used, (2) Warehouse placement of
materials (3) OSHAct requirements for the proper labelling/storage of
dangerous equipment (4) Storage capacity levels (5) Physical
inventory requirements. Physical storage methods regularly reviewed
for sources of inventory deterioration.
Page 8 of 21
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK

(Internal Audit)
All warehouse and inventory locations comply with

appropriate government, regulatory, and company
policies.
O,C INV802 Non-compliance with statute and / or company policy

e.g. with regard to safety, notices.
Engineering stores items are adequately

safeguarded. There are special safeguards for
expensive material and material susceptible to
personal use or sale.
Access should be restricted to authorised personnel only. Physical

O,C INV803 Unauthorised access to engineering stores items.
Engineering stores items may be stolen, lost, damaged, security arrangements (fencing and gate security) should exist and
or temporarily diverted. Fines / Loss of ratings (e.g.
periodic stock counts should be regularly performed.
NOSA).
Dangerous equipment is stored handled and

handled in an appropriate manner in accordance
with applicable government regulations.
O,C INV804 Dangerous equipment is not stored handled and

transported in compliance with applicable laws and
regulations. Fines / Loss of ratings (e.g. NOSA).
Appropriate procedures for handling and storing dangerous

equipment should be maintained. There should be proper follow up on
reported safety concerns. Relevant policies should be maintained
which are consistent with Occupational Safety and Health
Administration and other pertinent laws and regulations approved at
technical and legal personnel. Compliance should be monitored.
Engineering stores inventory adjustments

(including scrapping) are valid. (validity)
O,F INV805 Adjustments to engineering stores inventory prices or

physical inventory differences. Recorded scrapped
engineering stores items are not valid.
Detailed records maintained for any adjustments processed. Officials

are authorised to make engineering stores inventory adjustments only
on the basis of an authorised source document.
All engineering stores inventory adjustments

(including scrapping) are recorded when identified
and are subsequently accounted for as having
been processed. (completeness)
O,F INV806 All adjustments to engineering stores inventory are not

recorded.

are corrected promptly. Maintain procedures for promptly updating
inventory records.

(including scrapping) are processed to the correct
account within the correct accounting period.
(classification and proper period)
O,F INV807 Engineering stores inventory adjustments may be

account. Engineering stores scrapped items are not

recording in the appropriate period.

(including scrapping) are accurately processed.
(accuracy)
Engineering stores adjustments are compared to authorised source

O,F INV808 Adjustments to engineering stores inventory may be
inaccurately recorded or incorrectly processed.
Engineering stores scrapped items are not processed
accurately. Costs of scrapped items are not written off.

(including scrapping) are reviewed and approved
by a responsible official. (authorisation)
Inventory adjustments are compared to authorised source documents.

O,F INV809 All adjustments to engineering stores inventory have
not been authorised in accordance with the appropriate Management reviews and approves all recorded adjustments to
limit of authority. The scrapping of raw materials is not inventory prices or quantities.
authorised.

valuing stock of engineering stores items.
Inventory reserves are reviewed and adjusted to
ensure that balances do not exceed net realisable
values.
O,F, INV810 Engineering stores inventory does not reflect the

existing business circumstances and economic
C
conditions in accordance with the accounting policies
being used.
Engineering stores items are valued automatically in SAP. At the end

of each accounting period management should assess whether there
is any indication that inventory may be impaired. The recoverable
amount should be estimated.

O,F INV812 Engineering stores stock count adjustments are not
physical to recorded inventory of engineering
authorised, or are inaccurate or incomplete.
stores items are approved by a responsible official.
Engineering stores stock count differences are not
(authorisation)
investigated and corrected.
Stock count adjustment data is edited and validated; identified errors

are corrected promptly.
Scrapped engineering stores items are kept

separate from other inventory.
335046805.xls 10/28/2016
INV813 Obsolete and slow moving engineering stores items

have not been identified.
O,F INV814 Scrapped inventory stores items are not kept separate
from other inventory.
CONTROL OWNER
(Name)
Management reviews all physical inventory storage locations for

compliance with government, regulatory, and company policies.

O,F INV811 Inventory balances may be incorrectly recorded.
Correct engineering stores stock count procedures are
Engineering stores items. (completeness, accuracy
not followed (e.g. as regards cut-off). Stock counts of
and validity)
engineering stores items are not properly recorded.
Engineering stores inventory is usable. Inventory

is periodically reviewed for excess and
obsolescence issues.

The usability of raw materials is assessed regularly including a review

during physical inventory counts. Inventory ageing reports are
prepared and analysed regularly.
segregated from other stores inventories and are monitored to ensure
appropriate and timely disposition.
Page 9 of 21
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
Sufficient inventory of engineering stores is kept on O,F INV815 Insufficient inventory levels of engineering stores
hand.
resulting in loss of production time or excess inventory segregated from other stores inventories and are monitored to ensure
or inaccurate or untimely material requirement forecast. appropriate and timely disposition.
Engineering Stores Master Data

Only valid changes are made to the engineering
stores master data file. (validity)
INV901 Changes to engineering stores master data are not

valid.
A procedure is established that changes to the engineering stores

master record are documented on a valid source document and
approved by owner of the material master information. All information
entered during engineering stores material master creation and/or
change is automatically validated by SAP. For example, the values
that are allowed for base unit of measure, pricing group, purchase
organisation and account group are known to SAP. Upon entry in the
field, the system automatically checks the value entered against the
values available in the configuration tables. An error message is
generated if the value entered is not available.
Duplicate engineering stores material master

records are avoided.
INV902 Duplicate engineering stores master data may be

created. The same material is defined more than once
in the masterfile but with different names. This may
result in incomplete materials management reporting
due to more than one material number and/or confusion
when selecting material when processing Purchase
Orders.
All engineering stores master entries must be reviewed against the

existing material master before entry into SAP to ensure there are no
material names.
Engineering stores master data changes are


authorised.
The officials are authorised to enter, modify or delete engineering

stores material master data only on the basis of an authorised source
document. Significant changes to the material master file are
approved by management.
Changes to engineering stores raw materials

master data are accurate. (accuracy)
The officials (responsible for maintenance of engineering stores

INV904 Inaccurate engineering stores master data may be
entered. For example, a material may be characterised master data) shall authorise all requests for modification of the
material master data after having checked the contents and the
accuracy of the data supplied. SAP edits and validates material
master records online. Recorded changes to the material master file
data are compared to authorised source documents to ensure that
they were input accurately.
All valid and authorised changes to engineering

stores master data are processed. (completeness)
INV905 Not all valid changes to engineering stores master data Requests to change engineering stores master file data are submitted
are input and processed. Not all engineering stores are on prenumbered forms, the numerical sequence of such forms is
included in the material master.
Engineering stores master information is recorded

in a consistent and complete fashion to expedite
sales, production and procurement functions.
Material master data information is complete.
INV906 Incomplete material master data may be entered.
Critical fields that must be entered are not specified as fields are mandatory.
mandatory. Not all material components (general, plant,
storage location, batch valuation, forecast) are
established.
Changes to the engineering stores master file are


Engineering stores master file remains pertinent.
INV908 Engineering stores master file data does not remain

Engineering stores management master file data is periodically
pertinent. Engineering stores material master data no reviewed by management for accuracy and ongoing pertinence.
longer needed is not deleted/archived from the system.
335046805.xls 10/28/2016
Material master file data is periodically reviewed by management for

accuracy and ongoing pertinence. Materials that have not been used
for a significant period of time are reviewed to ensure that the material
master file remains up-to-date.
Page 10 of 21
All changes to, and deletion of, engineering stores

record is reviewed.
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
Recorded changes to engineering stores master file data are

compared to authorised source documents by a senior member of
documentation is not retained for mandatory retention staff to ensure that the correct changes were made.
periods. Changes to engineering stores master data are
not reviewed by a senior member of staff. No
responsibility is assigned for regularly reviewing audit
trails of change information.
PRODUCTION
Production Planning and Control
All production orders are accounted for as having
been fulfilled. (completeness) Production orders
are created and released on a timely basis to allow
for timely meeting of commitments to customers.
INV
1001
Work-in-progress may not be completed timeously, and Production plans and their associated demand requirements are
as a result commitments to customers may not be met, entered timely in the system which helps ensure required production
or finished goods may be unsaleable.
lead times are met. There is an established review and approval
procedure that includes the timeliness of the various cycles.
Production orders are accurately prepared.

(accuracy)
Production orders are approved by a responsible
official. (authorisation)
INV
1002
INV
1003
Incorrect product may be manufactured resulting in

unsaleable finished goods.
The company may produce unacceptable products or
quantities of products in excess of acceptable levels;
this could result in obsolete, excess, or otherwise
unsaleable inventory; it could also result in abnormal
sales returns because of unacceptable product quality.
INV
1004
Production may not be planned in an orderly manner.

Incorrect manufacturing processes may be used
resulting in unsaleable finished goods.
Production operates consistent with management

intent and the approved production plans. The
various measurements/criteria reporting are
enabled and are properly approved.
O,F
Only authorised personnel may enter demand requirements and

release production plans to help ensure the validity of system
production data. Only authorised personnel have the authority to
process planned production orders to help ensure validity of
production records.
Various reports are available from SAP and PTS. These reports are
reviewed periodically by Production Management and supervisors to
ensure the proper production control. There are operating procedures
that define the process by which the criteria, measurements and
reporting is determined, and who is responsible.
Processing and Recording of Production Costs

The use of labour, materials and plant in
production is recorded. All labour, materials, and
overhead recovery bases are accounted for as
having been processed to cost of production.
(completeness)
O,F
INV
1101
Production costs may not be accounted for. All direct

and indirect expenses associated with production may
not be recorded as production costs.
Costs associated with raw materials, labour and overhead are

independently reconciled to appropriate supporting records.
Labour, materials, overhead recovered and other

O,F
production measurements are accurately recorded.
(accuracy) To properly account for productions
costs, collected machine costs (run-times, set-up
costs, changeover costs, maintenance costs),
labour costs (standard costs, actual costs,
overtime costs) collected/entered are accurate.
INV
1102
Production costs may be inaccurately recorded.
Reconciliations of quantities set forth in BOMs to quantities actually

used in production. Costs associated with raw materials, labor and
overhead are independently reconciled to appropriate supporting
records. When standard costing is used, management approves the
standard costs and reviews variances between actual and standard
costs. Significant variances are investigated. When actual costing is
used, management reviews actual costs based on their knowledge of
day-to-day activities.
Production costs are recorded against the

appropriate production units in the correct
accounting period. (classification and proper
period)
INV
1103
Production costs may be recorded against incorrect

production units or the incorrect period.
SAP account assignment configuration ensures that amounts for raw

materials are posted to the appropriate general ledger account.
Management should review the recording of production costs to
production units to ensure that they have been recorded correctly and
in the correct period.
335046805.xls 10/28/2016
O,F
Page 11 of 21
OBJECTIVE
CATEGORY
RISK
REFERENCE
Labour, materials, and plant are used in production O,F

only if authorised. (authorisation)
INV
1104
Unauthorised factors of production may be used and

Only authorised costs should be allocated to production.
result in irrecoverable costs. The production processes
and inventory holdings may be sub-optimal and result in
irrecoverable costs.
INV
1201
Scrapped items (broke) are not authorised. Materials

are transferred to scrap without proper authorisation.
All products are inspected before being transferred to finished goods

inventory: products not meeting specified quality standards will be
reworked or scrapped. Separate personnel to investigate the need for
write-offs. Items identified as scrapped (broke) should be authorised
prior to being written down or reworked.
All defective products and scrap resulting from the

production process are valid and recorded
completely and accurately in the appropriate
period. (completeness, accuracy, and validity)
O,F
INV
1202
Scrapped items (broke) are not valid. Inventory is

intentionally scrapped to facilitate misappropriation.
All scrap items (broke) should be written down/ off. WIP written off as
broke is reviewed by the Production Department and the
management team. Abnormal wastage's and variances between
actual production versus budget are investigated.
The reporting of defective products and scrap is

recorded completely and accurately in the
appropriate period. (completeness, accuracy, and
proper period)
O,F
INV
1203
Broke not monitored, not properly reported (production

inefficiencies result in excess waste). Sale of broke not
reported properly. Broke or proceeds from sale of
broke misappropriated.
Management, based on their knowledge of day-to-day activities

review records of scrapped and reworked items and check whether
such items have been correctly identified and properly recorded in the
appropriate accounting period.
Orders are fulfilled if make is broked.
Scrapped (broke) and by-product items are kept

separate from other inventory.
INV
1204
INV
1205
Due to broking of original make, customer or

The customer should be notified of any delays in receiving their order.
replenishment order is not fulfilled.
Scrapped (broke) items not kept separate from other
Rejected work in process is adequately segregated from other work in
inventory. Scrapped (broke) items may be despatched. progress and is monitored to ensure it is scrapped or reworked on a
timely basis.
OBJECTIVE
POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
Defective Products and Scrap

All defective products, by products and scrap
resulting from the production process are
authorised. (authorisation)
Production Master Data (BOMs - Bill of Material)

Only valid changes are made to the BOMs.
(validity) Only valid BOMs are created and saved.
O,F
INV
1301
Changes to BOMs are not valid. Incorrect product

costing.
A procedure is established that changes to the BOMs are documented

on a valid source document and approved by management. All
information entered during material master creation and/or change is
automatically validated by SAP.
Changes to the BOMs are approved by a

responsible official. (authorisation)
O,F
INV
1302
Changes to BOMs are not authorised.
SAP may be configured to process all BOM changes through the

engineering change (with history) process, which provides traceability
and proper approvals.
Changes to the BOMs are accurate. (accuracy)

BOMs and their associated data are created and
saved accurately which helps ensure accurate
inventory valuation and cost of goods sold.
O,F
INV
1303
Changes to the BOMs may be incorrect. Bill of

Materials changes are entered incorrectly.
The officials (responsible for maintenance of the BOMs) shall

authorise all requests for changes to the BOMs after having checked
the contents and the accuracy of the data supplied. SAP edits and
validates material master records online. Recorded changes to the
BOMs are compared to authorised source documents to ensure that
they were input accurately.
Material master information is recorded in a

consistent and complete fashion. All BOM master
data is complete (including all relevant views for
manufacturing planning and execution) to ensure
material master data integrity.
O,F
INV
1304
Incomplete BOMs data may be entered. Critical fields

that must be entered are not specified as mandatory.
SAP is configured with mandatory fields to help ensure complete data

entry of this information.
All valid and authorised changes to BOMs are

O,F
INV
1305
Not all valid changes to the BOMs are input and

processed.
Requests to change BOM master file data are submitted on

prenumbered forms, the numerical sequence of such forms is
Changes to the BOMs are processed timeously

(proper period) to help ensure the existence of
pertinent master records.
O,F
INV
1306
Changes to BOMs are not processed timeously.
Requests to change BOM master file data are logged. The log is
reviewed to ensure that all request changes are processed timeously.
All changes to and deletion of BOMs must be

properly logged, documented and retained.
O,F
INV
1307
Changes to BOMs are not supported by valid

Recorded changes to BOM master file data are compared to
documentation. Changes to BOMs are not reviewed by authorised source documents by a senior member of staff to ensure
a senior member of staff.
that the correct changes were made.
335046805.xls 10/28/2016
Page 12 of 21
OBJECTIVE
CATEGORY
RISK
REFERENCE
OBJECTIVE
O,F
INV
1401
POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
Paper Converters
Inventory transfers to / from paper converters
("subcontractors") are complete, accurate and
valid to ensure material transaction integrity and
that stock is properly tracked and safeguarded.
Loss of stock sent to converters. Inaccurate reporting

of costs relating to stock sent to converters.
SAP standard functionality requires that all material movements are

recorded through a material document. SAP is configured with
specific movement types, reason for movement and/or storage
locations for material transfers to subcontractors. SAP is configured
with edit checks, mandatory fields, and validity checks to help ensure
accurate data entry of material movement information. Procedures
are established for the regular review of a Material Movements by
Material Report for inappropriate material movement types and
storage locations.
MILL FINISHED GOODS

Receipt of Finished Goods from Production
Finished goods transferred from production to
O,F
inventory are recorded accurately and in the period
transferred.
INV
1501
Not all transfers of complete units of production to

finished goods are recorded completely and accurately
in the appropriate period and to the correct account.
All finished goods produced should be accounted

for as having being recorded in finished goods
inventory. (completeness)
O,F
INV
1502
Finished goods inventory receipts from production may Finished goods sent to the warehouse are logged; the log is used to
not be recorded: Not all transfers of complete units of
ensure that all finished goods are recorded in the inventory records.
production to finished goods are recorded. Goods
movements are not captured in SAP (i.e. movements to
and from production).
Inventory receipts from production should be

accurately recorded as to quality, quantity, and
amount - mass. (accuracy)
O,F
INV
1503
Finished goods inventory receipts from production may Goods received input data is edited and validated; identified errors are
be inaccurately processed.
corrected promptly.
Completed production should be promptly

recorded.
O,F
INV
1504
Production may be completed but not reported as

available for sale (finished goods inventory); this could
result in lost sales or requesting additional production
(inefficient use of resources) to fill a customer's order. It
could also result in an undervaluation of finished goods
inventory.
Proper reports should exist for all transfers; from raw materials to
production, production to work in progress, work in progress to
finished goods and finished goods to stores. These reports should be
reconciled to actual goods transferred.
INV
1505
Inventory may be unsaleable. Unsaleable goods are

sent to the customer.
Quality control inspections are performed for finished goods received

from production to assess whether such goods should be forward to
finished goods inventory, reworked, or scrapped. The saleability and
usability of finished goods are assessed regularly including a review
during physical inventory counts.
Finished goods transferred from production to

inventory should be inspected for quality.
Management should periodically review the status of production jobs

and ensure that finished goods have moved out of WIP to Finished
Goods Inventory. Inventories received, including transfers, are
counted and compared to receipt or transfer documentation (that is
used to record movements of inventory in the financial records), by
personnel in the area assuming responsibility for the inventory (e.g.,
production, finished goods storage), and are recorded in the
appropriate period.
Finished Goods Returned for Credit ("Return Orders")

Return orders are processed accurately. Finished
goods returned by customers are recorded
accurately. (accuracy)
335046805.xls 10/28/2016
O,F
INV
1601
Customer returns may be incorrectly processed.

Returns are processed more than once.
SAP is configured to automatically validate the return order on

quantity and material. SAP will issue a warning message if the
quantity entered on a return order exceeds the quantity purchased on
the original sales order. In addition, SAP will issue a warning message
if there is an existing return for this material against the original sales
order.
Page 13 of 21
OBJECTIVE
CATEGORY
RISK
REFERENCE
O,F
INV
1602
Return orders are processed for invalid materials.
SAP standard functionality validates materials included on sales order

and return order line items. A return order will not be accepted by SAP
if the material line items do not exist in the SAP material master.
INV
1603
Return documents and return deliveries do not

accurately reflect the returned materials. Returned
goods are not inspected for quality and quantity.
Received inventory has not been quality inspected.
Returned goods that are damaged are posted back into
inventory.
Receiving personnel check the returned goods against the Stock

Transport Order, and record details in a Customer Return book.
Quality control inspections are performed for product returned by
customers to assess whether such goods should be returned to
inventory, reworked, or scrapped. These results are written into the
Customer Return book and signed by the QA inspector.
Approved returns are processed in a timely

manner. Customer returns are recorded timeously
and in the appropriate period. (proper period)
O,F
INV
1604
Returned goods are not recorded in the period they are On a daily basis, the Sales Accountants create return orders using
received back.
appropriate data for approved returns (per CSRs).
Customer returns are approved by a responsible

official (authorisation). Finished goods returned by
customers are only accepted in accordance with
company policy.
INV
1605
Inventory is accepted without authorised

documentation.
Product upliftments from customers should only be made once an

authorised Upliftment form has been completed (DC). No product
returns should be made to / accepted by the Mill without a Stock
Transport Order having been raised (Mill). The approved Limits Of
Authority is used for the authorisation.
Recorded customer returns are valid. (validity)
O,F
INV
1606
Product for which a credit note is processed is not

returned to the Mill timeously. Returned goods are not
posted back into inventory.
A copy from the Customer Returns book (detailing product returned)

should be attached to the CSR before Credit Notes are processed.
All return information is recorded for audit trail

purposes.
O,F
INV
1607
Critical information for returns or return deliveries is not SAP standard functionality automatically creates an audit trail of all
specified as mandatory. Audit trail is lost. Returned
return order creation (Credit memo request) and maintenance.
goods are not tracked adequately, leading to a loss of
Appropriate validations are defined for critical fields
control over the goods.
OBJECTIVE
Return orders are processed only for valid

materials.
Finished goods returned for credit are quality

inspected and the quantities verified.
POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
See weighbridge for additional risks and controls

relevant to incoming product.
Despatch of Finished Goods and By-Products

All orders scheduled for delivery are shipped to the O,F
customer. Picking is performed promptly.
INV
1701
Delivery is not made for those sales orders due to be

despatched. Orders authorised for shipment are not
shipped. Product is shipped early or late, causing
disruptions of customers operations (poor customer
relations). Product is not picked promptly.
The delivery due list is printed and reviewed on a daily basis. SAP
reports of open sales documents are prepared and monitored to
ensure timely shipment. Deliveries not able to be fulfilled are
communicated to the relevant Sales Office.
All orders scheduled for delivery are shipped only

once to the customer.
O,F
INV
1702
Deliveries for the same sales order are duplicated.
SAP matches goods shipped to open line items on an open sales

order and closes each line item as the goods are shipped, thereby
preventing further shipments for those line items.
Finished goods (and by-products) are assembled

for delivery only on the instruction of authorised
documents e.g. an approved sales order raises a
picking list and a delivery note. (authorisation)
O,F
INV
1703
Unauthorised deliveries may be made. Unordered

product may be delivered to customers.
SAP standard functionality validates picking lists for requested product

against the quantities in the sales order.
Picking is performed accurately (correct quantities

and materials).
O,F
INV
1704
Incorrect picked quantities are entered into the system. Finished goods are drawn for delivery against appropriate source
Picking lists may not match the delivery documents.
documents - picking slip. Bar code scanners are used to input actual
Incorrect goods may be despatched.
inventory picking and storage locations and quantities; differences
from picking and storage instructions are investigated.
Verification of completed picking lists to physical

goods picked is performed.
O,F
INV
1705
Verification of completed picking lists to physical goods Before goods are shipped, the details of the picking list are compared
picked is not performed.
to actual goods prepared for shipment by an individual independent of
the order picking process.
335046805.xls 10/28/2016
Page 14 of 21
OBJECTIVE
CATEGORY
RISK
REFERENCE
Deleted and cancelled deliveries are logged and

reviewed.
O,F
INV
1706
Deleted and cancelled deliveries are neither logged nor Despatch personnel use real-time picking lists / delivery due lists
reviewed. A delivery may be prepared even though the when preparing product for deliveries. SAP will not generate a delivery
sales order was cancelled by the customer.
note (needed as authority to leave warehouse) if sales order is
cancelled by order flow personnel.
Shipping information is correct (for delivery

purposes).
O,F
INV
1707
The shipment is made to the incorrect customer or to

an invalid customer. The shipment is made to the
incorrect customer location. Partial deliveries are sent
to customers who specify only full deliveries. Multiple
shipping points are specified for the items in an order
although the customer requested a single shipment.
Delivery notes details (including customer delivery address) are

uploaded into SAP at time of order placement.
Shipment problems are promptly resolved.
O,F
INV
1708
Shipments are lost, misplaced or misappropriated.

Misappropriated shipments are not identified. A
backorder is not created when goods are not available
for shipment.
Despatch department / outsourced contractors match PODs to

despatch records. Discrepancies are timeously resolved and
validated.
Deliveries reference sales orders.
O,F
A delivery does not reference a sales order.
SAP delivery notes automatically include the sales order number.
Deliveries are approved by a responsible official.

(authorisation)
O,F
INV
1709
INV
1710
Improper shipment. Unordered or non-authorised

products may be included in customer shipment.
Customer orders shipped may be incomplete,
damaged, or of poor quality.
A physical inspection of shipments is made prior to delivery for quality

and agreement to SAP delivery note.
All deliveries / shipments are recorded. Finished

goods and by-products may leave the premises
only if authorised in writing. (completeness)
O,F
INV
1711
Finished goods and by-products may leave the

premises/security area without being monitored and
recorded. Goods movements are not captured in SAP
(transfer of finished goods).
Security personnel monitor all incoming and outgoing vehicles and

ensure all goods leaving the premises are accompanied by duly
completed documentation (e.g., delivery note or goods returned note).
Deliveries / Shipments are recorded accurately.
O,F
INV
1712
Shipments may be recorded incorrectly.
Sales order entry, shipping, and invoice processing are performed by

an integrated application system. The general ledger is automatically
updated for shipping and invoicing transactions.
Deliveries / shipments are recorded timeously and

in the correct period. Appropriate cut-off
procedures are used to ensure deliveries are
invoiced in the correct period. (proper period)
O,F
INV
1713
Goods issue transactions are not created promptly after

the goods are shipped. Goods issue transactions are
posted in the incorrect period. Shipments may not be
recorded in the period they are shipped. Deliveries may
be invoiced in the incorrect period. No review is
performed to ensure that goods issue has occurred for
all shipments.
Goods shipped at, before, or after the end of an accounting period are
scrutinised and/or reconciled to ensure complete and consistent
recording in the appropriate accounting period including the raising
and recording of the related invoice.
Recorded shipping transactions are valid. (validity)
O,F
INV
1714
Shipping transactions may be purposefully or

erroneously altered, resulting in incorrect invoicing and
misstated revenues and receivables.
Sales order entry, shipping, and invoice processing are performed by

an integrated application system. The general ledger is automatically
updated for all valid deliveries.
Controls over manual delivery documents are

O,F
adequate (in particular to ensure that all shipments
are recorded).
INV
1715
Manual delivery documents not actioned and recorded

in SAP.
Manual documents should be processed as soon as the system is up

and running. Manual documents should be compared / agreed to
information processed on SAP. Policies and procedures are in place
for using manual delivery notes.
O,F
INV
1716
INV
1717
Goods not despatched due to system being offline or

down.
Inappropriate vehicles and/or routes may be used
resulting in unnecessary costs to the Company.
Manual documents are in use, and are appropriately controlled.

Policies and procedures are in place for off-line situations.
Contracts with haulage contractors specify rates per destination
(regardless of vehicle / route).
INV
1801
Recorded Cost of Sales may be incomplete.

(understated)
Maintain procedures for promptly updating cost of sales records.
OBJECTIVE
Appropriate procedures are in place to control

situations when SAP is off-line.
Shipments are delivered in a cost-effective
manner. Routes and vehicles are appropriate for
the movement of goods and materials.
O,F
POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
Finished Goods - Cost of Sales

Costs of shipped inventory are transferred from
inventory to cost of sales. (completeness)
335046805.xls 10/28/2016
Page 15 of 21
OBJECTIVE
OBJECTIVE
CATEGORY
RISK
REFERENCE
Costs of shipped inventory are recorded accurately

(accuracy) and posted correctly (classification).
INV
1802
Recorded Cost of Sales may be inaccurately calculated. SAP account assignment configuration ensures that amounts for
shipped goods are posted to the appropriate Cost of Goods Sold
account
Amounts posted to Cost of Sales represent those

associated with shipped inventory. (validity)
INV
1803
Cost of Sales transactions may be invalid.
Cost of sales is periodically reviewed by management for accuracy

and ongoing pertinence.
Costs of shipped inventory are transferred from

inventory to Cost of Sales timeously and in the
appropriate period. (proper period)
INV
1804
Cost of sales transactions may be recorded in the

incorrect period. Incorrect costing methods may be
used.
Management reviews relevant costs of sales, and inventory reports

related to order entry, shipping, invoicing, and accounts receivable;
significant unusual relationships are monitored and acted upon.
INV
1901
Receiving and despatch take place out of same

entrance.
The warehouse layout will be established to segregate receiving and

shipping locations. A separate entrance and exit should exist.
Security should ensure deliveries and despatch only take place at the
correct location.
Finished goods inventory adjustments (including

write-offs) are valid. (validity)
O,F
INV
1902
Adjustments to finished goods inventory prices or

physical inventory differences. Adjustments may be
processed that are not acceptable to management e.g.
saleable inventory may be improperly written off and
scrapped.
Finished goods adjustments are compared to authorised source

documents to ensure that they were input accurately. Management
reviews and approves all recorded adjustments to inventory prices or
quantities.
All finished goods inventory adjustments (including

write-offs) are recorded when identified and are
subsequently accounted for as having been
O,F
INV
1903
All adjustments to finished goods inventory are not

recorded.

are corrected promptly. Inventory adjustment forms are numbered; the
sequence of such forms is accounted for.

write-offs) are processed to the correct account
within the correct accounting period. (classification
and proper period)
O,F
INV
1904
Finished goods inventory adjustments may be

account. Scrapped (written-off to broke) items may not recording in the appropriate period.
be processed timeously.

write-offs) are accurately processed. (accuracy)
O,F
INV
1905
Adjustments to finished goods inventory may be

inaccurately recorded or incorrectly processed. Writeoffs of finished goods items may not be processed
accurately. Costs of items broked are not written off
correctly.
Finished goods adjustments are compared to authorised source


write-offs) are reviewed and approved by a
responsible official. (authorisation).
O,F
INV
1906
All adjustments to finished goods inventory have not

been authorised in accordance with the appropriate
limit of authority. The write-off of finished goods items
to broke may not be authorised. Possible irregularity:
unwarranted reduction of inventory value to facilitate
"bargain" purchases by employees or third parties.
Inventory adjustments are compared to authorised source documents.

Management reviews and approves all recorded adjustments to
inventory prices or quantities.

O,F,
valuing finished goods stock. Inventory reserves
C
are reviewed and adjusted to ensure that balances
do not exceed net realisable values. Inventory is
carried at the lower of cost or market value.
INV
1907
Finished goods inventory does not reflect the existing

business circumstances and economic conditions in
accordance with the accounting policies being used.
(Loss not provided for: inventory valued at above
market price). Continued production of items being
sold at a loss.
At the end of each accounting period management should assess

whether there is any indication that inventory may be impaired. The
recoverable amount should be estimated. Application of stock
valuation policy by controlling when valuing stock on a monthly basis.

O,F
finished goods stock. (completeness, accuracy and
validity). Physical verification of inventory is
conducted regularly and accurately.
INV
1908
Inventory balances may be incorrectly recorded. SAP

inventory records may have overstated quantities on
hand. Book inventory quantities are inaccurate causing
stock outs or excess inventories and misstated financial
statements.

POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
Storage of Finished Goods

Receiving and despatch of finished goods are
separate.
335046805.xls 10/28/2016
Page 16 of 21
OBJECTIVE
CATEGORY
RISK
REFERENCE
Correct finished goods stock count procedures are

followed in order to detect any physical loss of
finished goods inventory. (validity) Physical
verification of inventory is appropriately planned.
INV
1909
Undetected physical loss or deterioration of inventory.

The physical inventory process and timing is not in
accordance with company policy. Instructions for
performing the physical verification are inadequate. No
preliminary warehouse clean-up is performed (reducing
damaged, failed inspection and in-transit inventory).
Goods receipts and issues are not processed prior to
physical verification. Materials are inadvertently
excluded from the verification process. Inventory
documents are mislaid so the count is incomplete.
Appropriate cut-off procedures are not documented,
planned, followed and communicated. Inventory
balances are not "frozen" at the time of the account to
ensure proper cut off and to prevent artificial
discrepancies or incorrect adjustments being made.
Company owned materials at all locations(e.g. materials
at customers or third party warehouses) are not
physically verified. Non-Company owned material is
counted in the company's own inventory. Possible
irregularity: non-existent items are included in periodic
physical inventory count.
Stock counts should be performed in accordance with the company

policy. Employees who perform the counts should be given written
guidelines. Procedures should ensure that consignment materials are
not inadvertently counted in Company's own inventory. All stock count
documents are retained after the count is completed (as an audit trail).

physical to recorded inventory of finished goods
stock are completely and accurately recorded, and
are approved by a responsible official.
(authorisation)
O,F
INV
1910
Finished goods stock count differences are not

investigated and corrected. Adjustments may be
recorded to conceal physical shortages. Incorrect
inventory differences are recorded. No report of
differences is produced or reviewed by management.
Inventory differences are posted to the incorrect GL
account. Posting of inventory differences is not
appropriately authorised.
Finished goods stock count adjustment data is edited and validated;

identified errors are corrected promptly. Finished goods stock count
adjustments are compared to authorised source documents to ensure
that they were input accurately.
Inventory is managed to prevent obsolescence and

excessive write-offs. Obsolete, slow-moving
and/or overstocked inventory is prevented or
promptly detected and provided for.
INV
1911
Obsolete and slow moving finished goods stock items

have not been identified and are maintained in
inventory. Inventory known to be obsolete or slowmoving not written-off. Continued production of finished
goods stock that cannot be sold.
Inventory ageing reports are prepared and analysed regularly and

necessary follow-up action is completed. Quality control inspections
are performed to assess whether such goods should be returned to
inventory, reworked, or scrapped.
O,F
INV
1912
INV
1913
Insufficient finished goods inventory levels resulting in

loss of sales.
Handling and storage procedures are inappropriate for
the nature of the products. Finished goods are not
stored in an appropriate environment. (safe and dry)
System functionality monitors and maintains inventory levels in

Physical storage methods are regularly reviewed for sources of
inventory deterioration.
INV
1914
Unauthorised access to inventory. Finished goods may Access should be restricted to authorised personnel only. Physical
be stolen, lost, damaged, or temporarily diverted.
security arrangements (fencing and gate security) should exist.
Periodic stock counts should be regularly performed. Bar codes: The
shipping label and bar code contain all relevant information. There is
a coding structure in place which ensures identification and
traceability of finished product.
OBJECTIVE
Sufficient inventory of finished goods is kept on

hand.
Finished goods inventory is protected from
damage.
Physical loss of finished goods inventory is

prevented.
POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
Finished Goods Master Data
335046805.xls 10/28/2016
Page 17 of 21
RISK
REFERENCE
Only valid changes are made to finished goods

master data. (validity)
OBJECTIVE
CATEGORY
OBJECTIVE
INV
2001
Changes to finished goods master data are not valid.
A procedure is established that changes to the material master record

are documented on a valid source document and approved by owner
of the material master information. All information entered during
material master creation and/or change is automatically validated by
SAP. For example, the values that are allowed for base unit of
measure, pricing group, purchase organisation and account group are
known to SAP. Upon entry in the field, the system automatically
checks the value entered against the values available in the
configuration tables. An error message is generated if the value
entered is not available.
INV
2002
The same material is defined more than once in the

masterfile but with different names. This may result in
incomplete materials management reporting due to
more than one material number and/or confusion when
selecting material when processing Sales Orders.
All material master entries must be reviewed against the existing

material master before entry into SAP to ensure there are no
material names.
The officials are authorised to enter, modify or delete material master
data only on the basis of an authorised source document. Significant
changes to the material master file are approved by management.
Duplicate finished goods material master records

are avoided.
POTENTIAL RISK

(Internal Audit)
Changes to finished goods master data are

INV
2003
Changes to finished goods master data are not

authorised.

accurate. (accuracy)
INV
2004
Changes to finished goods master data may be

The officials (responsible for maintenance of material master data)
incorrect. For example, a material may be characterised shall authorise all requests for modification of the material master data
after having checked the contents and the accuracy of the data
supplied. SAP edits and validates material master records online.
Recorded changes to the material master file data are compared to
authorised source documents to ensure that they were input
accurately.
All valid and authorised changes to finished goods

master data are processed. (completeness)
INV
2005
Not all valid changes to the finished goods master data Requests to change finished goods master file data are submitted on
are input and processed. Not all materials are included prenumbered forms, the numerical sequence of such forms is
in the material master.
INV
2006
Incomplete material master data may be entered.

Critical fields that must be entered are not specified as
mandatory. Not all materials components (general,
plant, storage location, batch valuation, forecast) are
established.
processed timeously. Obsolete materials are not
deactivated immediately to prevent sales orders from
referring to them.
fields are mandatory.
INV
2008
Material master file data does not remain pertinent.

Material master data no longer needed is not
deleted/archived from the system.
Material master file data is periodically reviewed by management for

accuracy and ongoing pertinence. Materials that have not been used
for a significant period of time are reviewed to ensure that the material
master file remains up-to-date.
INV
2009

documentation is not retained for mandatory retention
periods. Changes to finished goods master data are not
reviewed by a senior member of staff. No responsibility
is assigned for regularly reviewing audit trails of change
information.
Recorded changes to finished goods master file data are compared to

authorised source documents by a senior member of staff to ensure
that the correct changes were made. A list of changes can be
generated using SAP (MM04).A list is prepared with date and time of
change, old and new values for fields and also the user that entered
the change.
Material master information is recorded in a

consistent and complete fashion to expedite sales,
production and procurement functions. Material
master data information is complete.
Material master data remains pertinent.
All changes to, and deletion of, finished goods

record is reviewed.
335046805.xls 10/28/2016
INV
2007

CONTROL OWNER
(Name)
Requests to change finished goods master file data are logged. The
log is reviewed to ensure that all request changes are processed
timeously.
Page 18 of 21
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
ROAD AND RAIL WEIGHBRIDGES

Details of all commercial vehicles & train "wagons"
are entered into the weighbridge system on when
entering and exiting the mill.
All relevant details of commercial vehicles and

wagons entering /exiting the Mill are recorded.
INV
2101
Details of commercial vehicles & wagons are not

entered into the weighbridge system on entering and
exiting the mill.
Security should ensure that all commercial vehicles, trucks & wagons
entering and exiting the mill go via the weighbridge, generating an In /
Out transaction in the weighbridge system file. The weighbridge
should be situated at the entrance/exit to the Mill. There should be no
by-pass lane into/out of the mill. If there is a by-pass lane, security
should monitor the use of the by-pass lane at the weighbridge.
INV
2102
Relevant details of commercial vehicles and wagons

entering /exiting the Mill are not recorded.
There should be a standard system-generated pre-numbered

weighbridge ticket on which all details of the truck and wagon e.g.
registration number, tonnage, time of entrance/exit, company name,
truck drivers name, train drivers name, number of trailers and wagons
should be recorded.
The incoming and outgoing masses of vehicles

and wagons entering the mill are recorded.
INV
2103
On entering and exiting the Mill, the mass of the vehicle

& wagons are not checked against the mass of the
invoiced / returned goods. Prescribed weighbridge
tolerance levels are not adhered to.
The mass of the product (Vehicle Out mass less Vehicle In mass) is
automatically compared against the mass on the document
accompanying the product leaving the Mill. No vehicle outside a preset tolerance will be permitted to exit the Mill. Any variance outside
the tolerance should be reported to a Security Superintendent and
followed up by Security. Reasons therefore should be written onto the
weighbridge ticket / OB (Occurrence Book) entry system (also signed
by the investigating parties). Policies and procedures should exist
stipulating the prescribed tolerance levels and investigating
procedures.
The nature of the product being removed per the

accompanying documentation is verified.
INV
2104
Type of product on vehicle & wagon has not been

verified to the invoiced product.
Security should verify the nature of product being removed against the
description on the accompanying documentation (delivery note, etc),
and should sign the documentation as verification thereof.
Unauthorised removal of product or other goods.
INV
2105
Documentation authorising the removal of product

(Delivery notes, route rosters, etc) are used more than
once.
All documentation supporting / authorising the removal of product

(delivery notes, weighbridge tickets, etc) should be stamped and
signed to prevent re-submission.
No unauthorised goods leave or enter the mill

without the necessary authorisation and
documentation.
INV
2106
Undeclared and unauthorised goods may be hidden in

vehicles and not detected.
Security should search trucks & trains (both the horse, trailer &
wagon) and all other vehicles on entry and exit for unauthorised
goods, fire arms, cameras etc. Goods leaving the premises should be
supported by the authorised relevant documentation.
Weighbridge system data is valid.
INV
2107
Weighbridge masses and other data can be overwritten. The weighbridge system should be set up in such a way that it can not
be overridden by unauthorised staff. There must be a register or log
book to record any "overrides" that should be reconciled (by a senior
person) to the changes made.
Reliance can be placed on the accuracy of the

mass-measurement devices.
INV
2108
Weighbridge scale tests are not performed internally

resulting in incorrect mass readings.
O,C
INV
2109
Weighbridge not calibrated by independent contractor Policies and procedures should exist stipulating the weighbridge
on a regular basis resulting in inter alia contravention of calibration intervals and the regulatory requirements (i.e. calibrations
government regulations.
to be done every two years).
INV
2110
Inadequate control when weighbridge fails. i.e. when During a weighbridge failure, only urgent deliveries should be made.
the computer system or weighbridge scale equipment is There should be adequate manual documentation completed when
down (manual tickets).
the computer or weighbridge system is down. The mass that is
calculated manually should be checked by a senior person for
correctness before entry or exit. A register should be established and
maintained to record all "off-line" transactions.
Mass-measurement calibrations are done in

conformance with statutory regulations.
Adequate controls are in place when the
weighbridge system fails.
335046805.xls 10/28/2016
Policies and procedures should exist stipulating the weighbridge scale

testing (including the way they should be performed). Any
unacceptable variances should be reported, investigated, and
corrected.
Page 19 of 21
Weighbridge movements during system failures

are recorded.
RISK
REFERENCE
OBJECTIVE
CATEGORY
OBJECTIVE
POTENTIAL RISK

(Internal Audit)
INV
2111
Weighbridge movements during system failures are not All manual transactions should be captured into the weighbridge
recorded.
system as soon as the system is "up & running". A senior official
should agree the information captured to the manual transactions to
ensure accuracy and completeness of captured information.
INV
2112
Security not performing duties diligently.
Senior security officials should monitor junior security to ensure that

they are performing their duties diligently. Rotation of security
personnel should be done as a matter of course.
There is adequate segregation of duties relating to

the receiving of raw materials.
INV
2201
Ordering, receiving and issue of raw materials are not

segregated.
Persons responsible for purchasing, accounts payable, receiving and

issue of raw materials should have responsibility for only one such
function and have no system access to functions other than their
assigned function.

the receiving of engineering stores items.
INV
2202
Ordering, receiving and issue functions for stores

engineering are not segregated.
Persons responsible for purchasing, receiving and issue for function

stores engineering should have responsibility for only one such
function and have no system access to functions other than their
assigned function.

finished goods stock.
INV
2203
Finished goods receiving and despatch functions are

not segregated.
Personnel responsible for sales, order entry, shipping, invoicing,

accounting receivable, and cash receipts have responsibility for only
one such function and have no system access to functions other than
their assigned function. Despatch function should be adequately
segregated from receiving of other finished goods and monitored to
ensure and timely disposition.
Physical stock counts are performed by persons

independent of inventory custodians.
INV
2204
The same employees receiving, despatching and

controlling the store perform the stock counts without
independent review.

reconciled to inventory records and the inventory records are
reconciled to general ledger.
Security are performing their duties diligently.

CONTROL OWNER
(Name)
SEGREGATION OF DUTIES
ACCESS TO INVENTORY RECORDS AND RESOURCES

Access to production, cost accounting and
inventory records, critical forms, processing areas,
and computer systems should be permitted only in
accordance with management's criteria (which
should provide for segregation of duties).
INV
2301
Records may be destroyed or lost; this could result in

an inability to prepare reliable and/or timeous financial
and operating reports. Records may be misused or
altered, to the detriment of the entity or other parties
(vendors, customers, employees).
Prenumbered documents should exist and missing documents should

be investigated, documents should be retained in accordance with the
company policy. Documents should be safeguarded and access
thereto have to be restricted to authorised personnel only.
Access to material master data amendments is

restricted to authorised employees only. (raw
materials, engineering stores items, finished
goods, BOMs).
INV
2302
Inappropriate authority to add, change or delete

materials master data is granted.
Through the use of SAP security authorisations, access is restricted.

Transaction codes MM01 Create Material Master, MM02 Change
Material Master, MM06, Delete material master). SAP R/3 restricts to
authorised personnel the ability to create, change, or delete bills of
material.
Access to maintain process production orders is

restricted to authorised employees only.
Access to process goods movement transactions
is restricted to authorised employees only.
INV
2303
INV
2304
Access to maintain process production orders is

inappropriately assigned.
Goods movements transactions and data are
accessible to inappropriate staff. Material movement
data is altered to conceal theft or loss of materials.
Access to post goods receipts is restricted to

authorised employees only.
INV
2305
Unauthorised users have the ability to post the receipt

of goods into the system.

Transaction codes MB01, MB04, MB31, MB1C - Goods Receipts
transactions.
335046805.xls 10/28/2016

Transaction codes MB02 (Change material document), MB1A (Goods
issue), MB1B, Transfer posting.
Page 20 of 21
OBJECTIVE
CATEGORY
RISK
REFERENCE
O,F
INV
2306
Authority is inappropriately assigned for the steps and SAP restricts to authorised personnel the ability to create, change, or
functions in the shipping process (e.g. create deliveries, delete picking lists, delivery notes, and goods issues.
produce picking list, confirm deliveries, enter picking
information, post goods issue transactions).
Policies and procedures are complete.
INV
2401
Lack of procedures.
Departments have reviewed internal process and documented

procedures. Process and procedures methods are updated regularly.
Policies and procedures are clearly communicated

to all parties.
Policies and procedures remain pertinent and upto-date.
Policies and procedures are valid and authorised.
Procedures not communicated to employees.

Policies and procedures may be outdated.
All inventory policies and procedures should be fully documented and

communicated to personnel.
Policies and procedures should be kept up to date.
Policies and procedures are not authorised.
Management should authorise all policies and procedures.
Investment in system design is safeguarded by

adequate documentation of procedures.
INV
2402
INV
2403
INV
2404
INV
2405
Investment in system design is not safeguarded when

there is a high employee turnover.
Policies and procedures should be clearly stated in writing,

systematically organised into handbooks, manuals, or other
publications (including electronic formats).
Controls mandated by policies and procedures are

established.
Employees have a clear understanding of their
responsibilities and the detailed procedures they
are to perform
INV
2406
INV
2407
Controls mandated by policies and procedures are not

established as desired.
Employees may not have a clear understanding of their
responsibilities and the detailed procedures they are to
perform.
Formal and documented policies and procedures should be tested,

updated, authorised and reviewed on a regular basis.
The employees job description should clearly document their
responsibility and should be agreed between the line manager and
employee.
Minimisation of risk of fraud occurring with regard

to employees.
INV
2408
Employees are in a position to perpetuate irregularities

without detection (leave not taken / no rotation of
duties).
Employees should be encouraged to take leave regularly and rotate

duties to prevent over reliance on key personnel.
INV
2409
Low morale / Lack of recognition.
A suggestion box and mentorship programmes should be in place to

encourage employees. Regular promotions as well as greater
incentives should be in place. Career paths and continuous
education.
OBJECTIVE
Authority is appropriately assigned / restricted for

shipping functions.
POTENTIAL RISK

(Internal Audit)

CONTROL OWNER
(Name)
GENERAL
335046805.xls 10/28/2016
O
O
Page 21 of 21

S Ox Inventory Management Risks and Controls

Uploaded by

Copyright:

Available Formats

You might also like

S Ox Inventory Management Risks and Controls

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

S Ox Inventory Management Risks and Controls

Uploaded by

Copyright:

Available Formats

RISK

SUGGESTED CONTROLS TO MITIGATE THE POTENTIAL RISK

MANAGEMENT CONTROL or COMMENTS (if Risk is

MILL RAW MATERIALS

O,F INV101 Raw materials are received and accepted on invalid

The requirement exists that a goods receipt must reference a

Goods counted and inspected before acceptance: overshipments and

O, F INV103 Damaged or low quality goods received are not properly

Returns of raw materials to suppliers are properly

SUGGESTED CONTROLS TO MITIGATE THE POTENTIAL RISK

MANAGEMENT CONTROL or COMMENTS (if Risk is

Raw materials received are recorded accurately.

O, F INV105 Raw materials receipts are not recorded accurately.

Capturing of receipts directly into SAP: Mandatory fields, Tolerance

Raw materials received are allocated correctly.

O, F INV106 Goods receipts do not have the correct account

Account assignment is determined at the time of purchase

Receipts of raw materials are recorded timeously

Received raw materials are safeguarded.

Expedition of Purchase Orders is covered under the Expenditure

See weighbridge for relevant controls and risks over

Transfers (issues) of Raw Materials to Production

Appropriate documentation is completed when goods are issued:

All issues of raw materials to production are

O, F INV202 Issues from raw materials inventory may not be

INV203 Late raw materials issues may resulting in loss of

SUGGESTED CONTROLS TO MITIGATE THE POTENTIAL RISK

A procedure should be established that the material is issued to an

All materials requisitioned represent valid items

Validations prevent the entry of incorrect information (e.g. nonexistent

Transfers between units/mills are recorded

INV205 Raw materials could be used for unauthorised

O, F INV206 Transfers between units/mills are not recorded.

Prenumber transfer documents (e.g. stores requisitions) should exist.

Issues from raw materials inventory are correctly

MANAGEMENT CONTROL or COMMENTS (if Risk is

Require appropriate documentation of materials transferred from Raw

See weighbridge for risks relevant to other mass

Storage of Raw Materials

Develop strategy/policy for storing materials to include (1) the number

Raw materials inventory is adequately

Storage areas secured against unauthorised admission. Periodic

All warehouse and inventory locations comply with

O, C INV303 Non-compliance with statute and / or company policy

Management reviews all physical inventory storage locations for

Hazardous materials are stored and handled in an

Receiving and despatch of raw materials are

O, C INV304 Hazardous materials are not stored, handled and

SUGGESTED CONTROLS TO MITIGATE THE POTENTIAL RISK

Detailed records maintained for any adjustments processed. The

All raw materials inventory adjustments (including

O, F INV307 All adjustments to raw materials inventory are not

Inventory adjustments data is edited and validated; identified errors

Raw materials adjustments (including scrapping)

O, F INV308 Raw materials adjustments may be processed in the

Goods received at, before, or after the end of an accounting period

Raw materials adjustments (including scrapping)

Raw material adjustments are compared to authorised source