Emaar Industries & Investments (EII) Internal Audit Mammut Building Systems Balance Sheet & Internal Controls Review

Emaar Industries & Investments (EII)
Internal Audit
Mammut Building Systems
Balance Sheet & Internal Controls Review
Scope
EII Internal Audit conducted a review of Mammut Building Systems (MBS) operations pursuant to the 2008 Internal Audit Plan. The purposes of the review were:
 Assessment of key internal controls over operations and compliance

 Review of Balance Sheet as at 30th September 2008
 Assessment of internal controls over financial reporting
EII Internal Audit visited MBS office in Hamriyah Free Zone, Sharjah. The review was conducted during the months of October, November and December 2008.
EII Internal Audit procedures included interviews with MBS management and staff, walkthrough of key operational and financial reporting processes and transaction testing on
a sample basis.
EII Internal Audit reviewed sample key processes including Entity Level Controls, Sales and Debtors Management, Customer Service, Estimation, Engineering, Production,
Quality Assurance & Quality Control, Waste Management, Maintenance and Facilities Management, Procurement, Inventory Management, Shipping, Accounts and Finance,
Capital Expenditure Decision, Human Resource Management and Information Technology and Systems.
EII Audit findings and recommendations were discussed with various personnel from MBS on an ongoing basis during the progress of the assignment. The findings were also
discussed with the MD. The list of key personnel is provided in Appendix 4.1. The audit report was further discussed with MBS Executive Committee and action plans have
been drawn to remediate the control deficiencies and address the audit recommendations. A follow up audit will be conducted after 6 months of issuing the final draft of the
report.
Company Overview
Mammut Building Systems was established in 1997 to fulfill the demand for quality pre-engineered steel structure buildings and polyurethane sandwich panels and is now a
leading player in the region for pre-engineered steel buildings. The financial results for the company for the last three years are summarized below:
Million AED
Year 2006 2007 2008
Revenue
243.18 317.75 332.41
(AED)
Profit 18.85 14.22 17.21
Profit
percentage to 8% 4% 5%
Revenue
1
The company’s order book for the past three years stood as follows:
Million AED
Year 2006 2007 2008
Contract Value
613.68 602.18 653.88
(AED)
The growth in revenue, profitability and order book has been marginal. Further, as a result of our review we learnt that although efforts were made for system improvement in
terms of implementation of ORACLE ERP system and other related efforts, it did not bring in the desired improvement. Currently, there are systemic problems which need to
be addressed on an urgent basis. There are deficiencies in the design as well as in the operative effectiveness of controls. A lot of work needs to be done pertaining to Policies
& Procedures, Delegation of Authorities and defining Roles & Responsibilities with clarity. As of now, reporting mechanisms are inconsistent and processes are largely driven
by individuals. Keeping in mind the current economic scenario, it is the most opportune time for the company to bring in fundamental changes and to make the systems robust
enough to sustain the growth in the future. This report is an attempt to facilitate that process. Our key findings are summarized below:
Key Findings:
S. No. Areas Key Findings
Although business plan has been prepared as per the management requirements and contains the desired elements, but certain
aspects pertaining to assignment of roles and responsibilities, budget vs. actual analysis, etc have not been addressed.
The risks associated with effective financial reporting and achievement of business objectives, have not been assessed. Further,
the company does not have a Business Continuity Plan.
A detailed Organization Structure, Authority Lines and Job Profiles are still to be defined completely. Further, mechanism to
assess and monitor appropriate levels of resources for the key elements of the organisation is also not in place.
1. Entity Level Controls Employees may act in an unethical manner with legal, regulatory or reputational repercussions for themselves and/or company
due to the absence of Business Code of Conduct to instill integrity and ethics among the employees.
System access mechanism in terms of identification of financially critical systems and associated authorities and review of user
profiles are not defined.
Security management guidelines in terms of defined responsibilities for physical security of production and office assets,
protection of financial data, pre-appointment screening of employees and protection of sensitive business information in not in
place.
Heath and safety measures like placing of emergency contact numbers and availability of employee health check ups have not
2
been considered.
At the feasibility study stage of the capital expenditure decision there is no provision for the review for environmental impact of
the capital project prior to approval
Record Retention Policy is not available on record covering both paper and electronic records.
Company does not have a Data Protection Policy or guidelines or equivalent, covering personal data whether relating to
employees, suppliers or customers.
Amendments to the Customer Master Database are not authorized due to the absence of a signatory list. The Customer Master
Database is not reviewed periodically and customer details are not complete.
A documented policy for discounts does not exist and a high percentage of debtors have balances outstanding for over 180 and
Sales and Debtors
2. 360 days. The accounting system is underutilized as debtors ageing is still prepared manually in excel worksheet.
Management
Delays were noted in the communication of Invoices to the Bank for negotiation largely because of the delay by the customer in
the approval of delivery note as mentioned in the Letter of Credit terms. No rack was kept of such delays in order to monitor
and control such delays.
The Job Acceptance Form (JAF) was not approved properly and timely in some cases and in other cases the JAF could not be
located. The JAF was not always updated to reflect changes to the contract.
A documented policy for the approval of the Project Information Form (PIF) does not exist. The PIF was not signed-off by the
preparer and was not properly approved. Currently, the PIF is not integrated with the ERP system.
Guideline for describing the issuance, importance and interpretation of Raw Material List (RML) does not exist. The RML is a
broad estimate based on approval drawings or drawings forwarded to the customer, which results in inefficiencies from
Customer Service, increased manual effort in material requirement planning. In some cases, the RML was issued before the approval drawings
3. Estimation, Engineering, were approved by the customer.
Production and QA/QC
In-house benchmarks for performance and cycle time for each department pertaining to various stages of engineering drawings,
production and dispatch have not been established.
A mechanism to assess job wise throughput versus standard and to perform a comparison of job wise actual waste versus
standard waste does not exist. There is also no mechanism in place to perform machine wise efficiency analysis, work-in-
process analysis and job wise margin monitoring.
The quality plan section of the PIF was not always populated resulting in confusion on which quality plan was to be followed.
3
Urgent Material Requests (UMR) is tracked manually instead of utilizing the ERP system. There is no mechanism in place to
track UMR costs as a whole and in some cases material issued to complete the UMR was not booked against that UMR in the
system.
The company does not have a weight bridge on the premises and trucks carrying scrap material are sent elsewhere for being
4. Waste Management
weighed which may result in pilferage. Scrap is not stored in a demarcated area.
The C Works software implemented for maintenance management crashed about ten times. The system functionality of
generating detailed work order report has not been utilised in the past. Further, there were mismatches in the work order report
generated from the system and the physical work orders kept as an evidence of maintenance performed.
Maintenance and Facilities As a part of maintenance planning and analysis no budgets have been prepared for the maintenance department and records
5.
Management capturing machine-wise material and labor cost are not available. The preventive maintenance schedules have not been
implemented properly and also contain errors.
The responsibilities for generation and approval of work orders pertaining to breakdown maintenance is not defined. Although
the work order is generated in the system, a copy of the same is not printed out, signed off and filled.
There is an absence of documented criterion to select vendors and suppliers, there is no procurement policy, price comparison
records were manual, and costing is tentative. Further the there are about 460 vendors with which the company deals. Of these
top twenty vendors fulfill 71% of total purchases and the balance 441 fulfill remaining 29%.
Currently the basis of evaluation of individual suppliers is subjective and not scientific. Further there is no defined periodicity
for the same supported by periodic visits to suppliers’ premises.
6. Procurement
Currently, the authorities for raising purchase requisition for goods and services are not defined. The ORACLE ERP system
allows raising POs without purchase requisitions. Further, no periodic exercise is done to assess open POs and their systematic
closure.
It is not defined as to who will approve the payment requests without PO made by Finance Manager and MD. Proposed
payment lists are not generated before a payment run. There is no written policy for cheque access, storage and usage. Cheque
issue log is also not maintained. Supplier reconciliation is not done on a periodic basis. Further, the ORACLE ERP system does
not generated a creditors ageing report.
A dedicated inventory management team does not exist. Stores are not centralized with a layout plan and are not mapped in the
ERP system. There is a lack of a well defined hygiene and staking norms. A perpetual inventory system and continuous stock
7. Inventory Management
taking system has not been implemented. No evidence of adhering to the FIFO principle is available particularly in case of
materials having a shelf life. There is no mechanism in place for tracking unloading time and expired materials.
4
The ISO procedure does not specify guidelines for technical inspection and its periodicity. Rejected materials are neither
tracked nor kept in a designated area. Rejected materials are not re-inspected before being returned to the supplier.
A well defined physical verification procedure does not exist. Guidelines are not available for the preparation of stock
verification report, or for the verification, final authorization and approval of adjustments.
ABC classification of inventory is not performed and inventory levels have not been defined. The ERP system does not
generate an inventory ageing report. Therefore, non-moving and slow-moving items cannot be identified and valued.
There is no documented policy for transporter appointment, evaluation, and selection. Further, there has been over dependence
on one transporter found.
There is absence of a well documented procedure defining the parameters for the performance evaluation of the transporters.
The existing procedure is not objective in nature.
Formal agreements between the company and the transporter, stating the terms and conditions of both the parties are not
8. Shipping present. As of now quotation / rate list sent by the transporter and approved by authorized signatory is considered as a contract.
The Loading report is not signed by the checker due to oversight. Proof of delivery is not obtained in certain cases due to
absence of authorized personnel of the customer at the client site. Destination-wise transit periods are not defined and formally
approved by both the parties in form of a contract.
A mechanism to monitor and control demurrage charges does not exist. Demurrage Charges for incoming materials have been
accounted for under two different heads instead of one. Further, freight Charges which could be clearly identified as demurrage
charges according to descriptions of transactions amounted to AED 0.12 million. This could be much more.
A documented policy for the control of the chart of accounts does not exist and there is a lack of a standardized process for
amending the chart of accounts. There is no delegation of authority for the approval of payments and most of the non-standard
journal entries lack proper supporting documentation.
9. Accounts and Finance
Bank reconciliations are not prepared and reviewed on a periodic basis and the company accounts are updated based on the
bank statements.
A documented policy for Capital Budgeting does not exist and responsibility for this process is not assigned within the
company. The review of budgeted vs. actual expenses and analysis of variances is not documented and the execution and
Capital Expenditure completion of capital expenditure projects is not reviewed periodically in order to assess as to whether the desired benefit was
10.
Decision obtained.
An approved vendor list for capital purchases does not exist and quotations were not always obtained for capital expenditures.
5
In most of the cases, a NPV/IRR/Payback period analysis was not performed, capital expenditure requests and purchase orders
could not be located, and the purchase orders were not approved. Some assets were put to use but were not capitalized.
A documented policy for fixed assets does not exist. In some cases, fixed assets purchased were neither capitalized nor
recorded in the Fixed Assets Register and their costs could not be tracked. Depreciation was calculated without taking into
account the relevant useful lives and usage of machines. Insurance was obtained based on the net book value of the fixed assets
which may result in overspending.
Currently, planning and budgeting is not done in the HR department. Although a projection of salaries and benefits / allowances
is done as a part of annual business plan for which there are no assumptions available on record, the same is not done in
conjunction with the department. Although Future Process Model is available on record the same is yet to be implemented and
as of now company is following the HR procedures set in 2006.
Alignment of the recruitment activity to the business plan can not be ascertained. A staffing plan neither is in place nor is the
staffing requirements monitored, including anticipated organizational changes. A detailed organization chart is not available on
Human Resource record. Further, there were gaps in the documents maintained in employee personal files.
11.
Management
Overall workforce capability requirements are not assessed. Over-reliance on key individuals is not identified and succession
plans are not in place for key positions. Job descriptions along with key performance indicators are still to be defined for all
levels. A well defined training program has not been formulated.
There is absence of measurements of employee productivity and mechanism for renewal of visa and passport.
There is absence of grievance procedures, audit of disciplinary procedures, and other discipline regulating mechanisms.
Although an IT policy exists at the group level, there was no evidence of extending the same policy to MBS. Disaster Recovery
Plan and Disaster Recovery Framework are in draft stage. Further, this is no defined and documented plan to assess and monitor
Information Technology the physical and logical security of IT infrastructure.
12.
and Systems
It has been almost one year since the ORACLE ERP has gone live and AED 1.5 million of expenditure was spent on it.
Nevertheless, it is still not stable and does not provide the desired support and results.
6
2 Detailed Observations & Recommendations
We have classified our observations into high, medium, low based on the following definition:
Matter noted constitutes an important control weakness where the potential

High impact is considered material for the business as a whole or any part of the
business and must be resolved.
Matter noted constitutes an improvement to weakness in the current system

Medium where some compensating controls exist but which are not as effective or
efficient or where the potential impact is moderate.
No matters noted that would indicate the current processes are not
Low operating effectively and efficiently as designed or where control weakness
is so minimal that potential impact if any is minor.
7
2.1. Entity Level Controls
Timelines
Internal Audit Observations Management Response Management action plan
1. Refinement of Business Performance Management

System
While reviewing the Business Performance Management system,

the following was noted:
Although a business plan is prepared containing management’s
Agreed 1.Will be added in the Budget 2010. 30 September 2009
profit forecast, balance sheet projections, operating cash flows
and SWOT analysis, the following elements were absent:
2. Already available in the MIS,
1. Assignment of Management responsibility for tracking however KPI will be considered in
progress towards achievement of planned objectives and future.
goals.
2. Budgeted vs. actual analysis with root cause identification 3Will be added in the Budget 2010.
for variances, competitor analysis and Key Performance
Indications (KPIs) to ensure all relevant issues are discussed 4 Will be added
and addressed.
5. Already available in the plan.
3. Setting of team and individual objectives within the
company which are aligned to and consistent with the
company's overall objectives as defined in the business plan.
4. Defining roles and responsibilities for the communication of
strategic plans within the company.
5. Long term or Medium term strategy outlining company
objectives.
2. Absence of Risk Identification and Management System Agreed Data disaster recovery plan 30 September 2009
and BCP available which is a part of BCP,
however, complete plan will be
While reviewing the Risk Management initiatives at MBS, the finalized as per EII guidelines and
following came to light: present to EXCOM.for approval.
8
Timelines
1. Risks pertaining to key processes having a direct impact on

effective financial reporting have not yet been identified.
2. Risks to the achievement of business objectives have not
been identified.
3. There are no evidences available on record of a crisis risk
assessment being performed to identify all crisis risks which
the business faces.
4. Business continuity analysis has not been carried out to
identify the minimum hardware, software and asset
requirements for all teams and functions.
5. A Business Continuity Plan (BCP) does not exists in order to
support the business, secure the necessary hardware,
software and assets to continue critical business processes
following a crisis or emergency situation (e.g. production,
sales order handling or financial reporting)
3. Weakness in Organization Structure
While assessing the basic framework and controls pertaining to

organization structure, following aspects were noted:
1. A detailed organization chart is not available on the records 1. Agreed but available since 1. Organization chart is N.A
as of now. October 2008. available.
2. Roles and responsibilities of managers are not defined and 2. Agreed. 2. HR will define the roles & 30 September 2009
communicated to the relevant individuals. responsibilities & forward
3. A mechanism to assess and monitor appropriate levels of to all Managers.
3. Agreed. 3. HR will set the 30 September 2009
resources to support key elements of the organizational viz. mechanism.
finance, operations, IS, treasury, and human resources is not
in place.
4. A well defined statement of authority is not available on 4. Agreed 4. DOA document is 31 July 2009
record. available at Mammut
Group Level and will be
9
Timelines
implemented after
presentation to EXCOM
and approved by the BOD
5. Agreed.
5. Performance goals for individuals are not defined clearly 5. HR will define the goals. August 31,2009
6. Agreed but available since
6. Job profiles are not available for all levels. November 2008. 6. Job Profiles are available.
4. Absence of Policy and Procedure Manuals and Agreed. DOA document is available at 31 July 2009
Delegation of Authority Matrix Mammut Group Level and will be
implemented after presentation to
There are three fundamental components of internal control EXCOM and approved by BOD.
environment viz. policies and procedures frame work, Job descriptions of key functions
delegation of authority including financial delegation and available and already defined.
segregation of duties in key functions.
Currently the company does not have well defined policy

and procedures manual, delegation of authority matrix and
process wise Segregation of Duty (DoA) rules.
DOA for business routine is established but the same is not

documented and approved by the Board.
5. Mechanism to Instill Integrity and Ethics
While assessing the mechanism to instill integrity and ethics

among the employees, the following was revealed:
Code of conduct will be July 31, 2009.
1. Presently the company does not have a code of conduct Agreed implemented and circulated to all
employees.
setting out required standards of integrity and ethical
behavior along with the employee signoff as a part of the
contract.
10
Timelines
2. The Company does not have an appropriate channel like a Agreed A committee will be formed to N.A
helpline for reporting ethical violations or any incidence of report ethical violations etc.
fraud. HR/Admin department is
responsible for compliance of
No evidences are available on record indicating allocation of regulatory laws.
overall responsibility to specific members of senior management
for compliance with legislation and regulatory laws.
6. Identification and Access Control to Critical Financial

Systems
While reviewing the system access mechanism, the following

was observed:
1. Critical financial systems have not been identified. Critical 1. Disagreed, Critical financial N.A N.A
systems are defined (All ERP).
financial systems are those which directly influence the
recording, processing and reporting financial information 2. Agreed despite it is built up in to 30 June 2009
and statements. the system yet the documentation Process is in place to be
2. The company does not have a well defined and documented is required. documented.
statement of authorities which may facilitate granting of
access to the said systems. Currently the same is done as per
the approval of the line manager.
3. Agreed , All users’ access
handled by Support Desk with Separate request form will be Immediate
approval from department created
manager; however separate
3. There is no system of reviewing the user profile for request form will be created for
segregation of duties at the time of new, revised or the purpose.
composite user profiles (within critical financial systems).
7. Security Management Guidelines
Following was observed pertaining to the key security

management aspects:
11
Timelines
1. Responsibility for physical security of production/office

premises and adequate protection of assets and financial data 1. Agreed 1. HR Manager with MD will 30th Sep 2009
based on the risk environment in each of the facilities is not define the guidelines.
defined clearly and also not assigned to a member of senior
management.
2. There is no system of pre-appointment screening of all 2. Agreed 2. HR & Admin will set the July 31st -2009
prospective employees, both permanent and temporary, who procedure for screening.
are being considered for any positions in the company. 3. HR/Admin Manager with
3. Agreed MD will set the guidelines. Sept 30th -2009
3. As of now there are no guidelines available on record for the
protection of sensitive business information (hardcopy,
electronic message, or voice communication) when
transmitted internally, externally, and at disposal.
8. Control Gaps in Health Management Disagreed, Employees already N.A N.A

covered under insurance. Workers
While reviewing the occupational health and safety aspects, it have health card from Ministry of
was revealed that, although the factory has a fulltime male nurse, Health. However, this
there is no activity in place to ensure regular health checkup of recommendation will be considered
once company will be in a position to
the employees, specially the employees at the shop floor. afford it.
9. Environmental Review of Capital Projects

Guidelines are available in ISO Immediate.
At the feasibility study stage of the capital expenditure decision Agreed 14000 and we will add this area in
there is no provision for the review for environmental impact of CAPEX approval form.
the capital project prior to approval.
10. Record Retention Policy
Although record retention norms have been defined for most of Agreed Entity level Policy for record 31 July 2009
the functions as a part of ISO procedures, same has not been done retention will be documented
for Finance Department as yet. Further, there is no detailed
12
Timelines
entity-level policy for record retention..
11. Absence of Data Protection Policy Agreed MD with Group IT Director will 30 June 2009
define the policy.
Currently the company does not have a Data Protection Policy or
guidelines or equivalent covering personal data whether relating
to employees, suppliers or customers.
13
2.2 Sales and Debtors Management
Timelines
1. Customer Master Database
During the review of Customer Master Database, the following

observations were made:
1. Absence of signatory lists for additions and amendments to 1. Agreed 1. Signatory list will be created. August 31,2009
customer master data.
2. Presence of invalid / irrelevant customer entries. 2. Agreed 2. Will be rectified. 30 June 2009
Name Code Status

Misc Clients 1119 Active
Do Not Use Ever 1561 Inactive
Dummy Customer 1602 Active
Do not Use2 1603 Inactive
Do not use 1644 Active
Do not use 1828 Inactive
Do Not 2657 Active
On a review of the active invalid accounts, it was revealed that three

accounts out of four, did not have any transactions during the period
1-Jan-08 to 31-Dec-08. One account (Code: 1119, Name: Misc
Clients), had 5 transactions during the same period. Details of the
transactions are given below:
The company was not able to provide supporting documents

justifying the transactions mentioned above.
14
Timelines
3. Absence of periodic review of amendments to Customer Master 3. Agreed 3. Will set a process for periodical
Database. review.
4. Incomplete details such as billing and shipping address in
4. Agreed. 4. Will complete as soon as possible.
Customer Master Database.
2. Control Gaps in Discount Policy And Debtors Ageing

Analysis
It was observed that no documented discount policy exists outlining Disagreed, discount policy N.A
the basis on which discounts are to be approved and awarded. depends upon the area, market
situation, jobs complexity, order
size etc. It varies from case to
A review of the debtors ageing as on 30-Jun-08 revealed the case which can not be
following: standardized.
1. Alfa Industrial Refrigeration (Code: 151044) is a debtor in the

books of accounts with an outstanding balance of AED 789,920.
After discussion with finance personnel it was revealed that, the
Letter of Credit for this customer had been obtained under the 1. Agreed 1. Adjusted in December 2008. Immediate
joint bank account of Mammut Industries and MBS (Account
no.: 0800-012815-001) with Al Ahli Bank. Later, this account
was handed over to Mammut Industries as part of the
consolidation process in MBS after investment by Emaar
Industries and Investments. The payment had been received
from the customer in this account on 10-Apr-08 but inter-
company settlement has not taken place till now. This amount
will be settled against proposed dividend in the year 2008.
2. Although the Oracle has the facility to generate debtors ageing
report, but currently the same is prepared manually in an excel 2. Agreed but Debtors 2. Debtors’ aging will be monitored Immediate
workbook. aging available since on a regular basis.
December 2008 which
needs to be monitored.
15
Timelines
3. 28.58% of the debtors have balance outstanding for more than 3&4. Agreed 3&4 . Above 360 balances of Immediate(Debtor
360 days and 52.23% of the debtors have outstanding balance 22,552,340 include provision for bad Aging)
for more than 180 days. A summary of debtors aging is debts 12,981,242. Most of the sales
mentioned below: are secured against documents. The
total outstanding is 15% of total sales.
Cumulativ
Value
Age Groups Percentage e
(AED)
Percentage
26,298,73
0 - 90 DAYS 33.32% -
6
11,402,29
91 - 180 DAYS 14.45% 33.32%
8
18,666,02
180 - 360 DAYS 23.65% 47.77%
7
22,552,34
ABOVE 360 DAYS 28.58% 71.42%
0
78,919,43
TOTAL 100% 100%
0
Retentions part wherever applicable 31 July 2009

4. Although a control over retention receivables is kept, debtors will be maintained separately. (Retention
However all efforts will be made to Separation)
ageing report is inclusive of retentions receivables. Due to this, improve the recovery from various
the report may be misleading and may not present a true picture customers.
of the outstanding amount.
3. Control Gaps in the Invoicing Process

The delays are under normal course of Immediate
Most of the jobs undertaken by the company are covered by a Letter Agreed business. Mostly it is happening for export
of Credit (LC). Invoices are sent to the bank for negotiation on because the time for sending material to
completion of shipping of a phase of the project. other countries & getting signed delivery
note is required much more time as
16
Timelines
During the review of the invoicing activity for three jobs, it was compare to local sales. We track with
observed that invoices have not been communicated to the bank for customers regularly.
negotiations on time. We will try to reduce the time for
submission of invoices.
On the basis of the discussion with the treasury manager, it was
learnt that the delay was due to a clause in the Letter of Credit (LC)
agreement which allowed the raising of invoices against the LC only
after the customer signed the delivery note.
It is to be noted here that neither the date of signing the Delivery
Note or receipt of signed Delivery Note by the company has been
documented anywhere. Hence the cause of delays cannot be known.
4. Absence of Provisioning Policy for Receivables Agreed. Provision policy will be defined and 15 August 2009
documented. Debtors will be reconciled
No documented policy exists to make provisions for bad and periodically.
doubtful debts. Currently it is being done on the basis of discussions
with external auditors and has a very subjective basis.
5. Absence of Debtors' Reconciliation Agreed In future, Debtors records will be 15 August 2009
reconciled between two departments on a
Debtors' reconciliation is not performed at all by the accounts monthly basis.
department. At the time of external audit, only confirmation letters
are sent to debtors. Also, treasury department and accounts
department maintain separate records for debtors which are
reconciled at the end of every month. Hence, an inter-department
reconciliation is carried out.
6. Absence of Documented Revenue Recognition Policy Agreed. Revenue recognition policy will be defined 15 August 2009
& documented in accounting and finance
During discussion with the finance personnel, it was revealed that a manual.
documented revenue recognition policy does not exist in the
company.
Currently, revenue recognition is done on the basis of invoices
raised to customers. All the projects undertaken by the company are
17
Timelines
covered under LCs. When shipping for a segment of the project is

complete, a 'Shipping Completion Certificate' is issued by the
shipping department. On receiving the certificate, the accounts
department raises the invoice for the shipped material and
communicates the same to the bank for negotiation. Revenue is
booked on the date when the invoice is raised.
18
1.3 Customer Service, Estimation, Engineering, Production and QA/QC
Timelines
1. Control Gaps in Creation and Approval of Job Acceptance

Form (JAF)
Job Acceptance Form (JAF) is created after the completion of

estimation process and contains important information regarding the
job such as total estimated tonnage, mark-up on the cost, final price to
be charged to the customer and payment conditions. This important
document is reviewed by the area office manager and approved by the
sales manager.
During a review of the creation and issuance of Job Acceptance Form

(JAF) for 16 selected jobs, following was revealed:
1. JAF was not signed by sales manager in 3 cases: 1. Agreed. 1. In future General sales manager 31 July 2009
will sign all JAF.
Job Total Price
JAF Date
2. JAF Number (AED) was 2. Disagreed with observation, N.A N.A
not AE3-2084 17-Jun-08 7,496,000 document is available for
Not inspections.
AE1-2334 8,100,000
Mentioned
PK-2140 30-Aug-08 18,014,806 Immediate
3. Agreed. Rectified.
available for job OM-1667 (EURO 23,353,974).
3. Date of approval of JAF by sales manager was not mentioned on

the document for job QA-2187 (Contract Price: 4,920,000 QAR)
and QA-1021 (Contract Price: 4,550,000 QAR).
Immediate
4. The contract price for job QA-2187 was revised to QAR 4. Agreed. Rectified.
4,450,000 from QAR 4,210,000 on 28-Apr-08 but the JAF has
19
Timelines
not been updated to reflect the change.

Immediate
5. JAF for the job QA-1021 dated 7-Jul-05 has been changed / 5. Agreed. Rectified.
updated manually using a pen and there are no evidences of
approval of the modification.
2. Control gaps in Generation and Approval of Project

Information Form (PIF)
Project Information Form (PIF) is created for each job after it is

accepted and is used as an information repository for all the
departments regarding that project. It consists of two parts; General
Data Sheet (GDS) and BDS (Building Data Sheet). GDS contains all
the general information regarding the job such as, name of client, total
tonnage and payment terms. BDS contains technical information
about each building in the project.
During a review of PIF of 16 selected jobs, the following was

revealed:
1. PIF created for each job was neither signed off with date by the 1. Agreed 1. In future CSD Supervisor/Manager 30 june 2009
customer service manager nor signed off by the person who will sign all PIF.
prepared it, for all the selected jobs. This leads to the conclusion
that the approval activity for the same is not in place, although it
was given to understand that the document is circulated through
e-mails to all the concerned people.
2. PIF of each job is designed separately in Microsoft Excel and is 2.Agreed 2. As agreed with the business 30 june 2009
not integrated with the Oracle system. After discussions, it was technical data will be stored in the
learnt that the Oracle system itself is not capable of handling such ePIF(Develop by PRD). General
data is stored in Oracle.
technical data.
20
Timelines
3. Control Gaps in Creation and Issuance of Raw Material List

(RML)
N.A
1. Currently, there is a practice of making a broad estimate of 1. Disagreed, All the material should N.A
material requirement based on approval drawings. This results be managed with RML since delivery
into a raw material list (RML) which according to customer period of any raw material is more
than three months where as the job
service is an indicative figure and is meant to give a broad idea of delivery after approval drawing is
material requirement with an aim to facilitate Material normally 1 1/2 to 2 months. So RML
Requirement Planning (MRP). However, the same is taken as a can help at great extend in inventory
basis for MRP by Production Planning Department. Further, a planning. Ordering pattern for any
detailed Bill of Material is generated after the detailing stage but standard inventory items depends
mainly on historical consumption and
by that time MRP is already complete. Following is a comparison forecasted consumption against
of RML and BOM tonnage for 8 jobs: available stock and incoming
materials. For non standard inventory
Job
RML
BOM Tonnage Difference
items RML should reflect 100%
Sr. No. Tonnage requirement in order to avoid any
Number (MT) (MT)
(MT)
excess or less material during job
1 2172 1669.002 1677.77 - 8.768
execution. In general whenever
2 1414 4295.443 4483.141 -187.698
revisions are requested by the
3 2084 1000.746 885.477 115.269
4 2005 326.594 316.032 10.562
customer, the RML also must reflect
5 2071 104.034 98.222 5.812
the revised material requirement. New
6 2187 405.047 429.194 -24.147 policy implemented restricting RMLs
7 2140 2937.882 2658.496 279.386 for forecasting raw material
8 1021 700.374 758.42 -58.046
2. In certain cases, Raw Material List was issued before the

Agreed. In future we will follow the standard Immediate
approval drawings were approved by the customer: practice.
Job Date of Approval

RML Date
Number Drawings
AE3-2084 8-Apr-08 16-Jun-08
QA-1021 28-Aug-05, 21-Aug-05 23-Oct-05
It to be noted that Raw Material List is prepared based on the

approval drawings.
21
Timelines
4. Through-put and Production Efficiency
Currently the production efficiency analysis is done based on the Agreed These reports will be available once SCIA 30 September 2009
comparison of quantity of scrap generated versus the production on a will be implemented.
monthly basis and arriving at a percentage for the same and there are
no benchmark percentages established for comparison.
As of now, there is no system / method in place to assess job wise
throughput versus standard comparison of job wise actual waste
versus standard waste. There is also no method in place to perform a
machine wise efficiency analysis on an ongoing basis.
5. Job-wise WIP Valuation and Margin Monitoring
There is no mechanism in place to conduct a job wise WIP analysis Agreed This can be possible once SCIA will be 30 September 2009
against estimates and consequential margin monitoring. As of now, implemented.
only an over all assessment of profitability can be made at the year
end. Further, as there is no job wise estimation verses actual
comparison, no assessment can be made about the accuracy of the
project cost estimation.
It was given to understand that an MRP system is under

implementation which will facilitate the tracking of job WIP valuation
and margin monitoring. Currently the company if tackling the
integration of the MRP with the ORACLE ERP system.
6. Absence of Performance Monitoring of Key Departments
A cycle-time analysis of 6 closed jobs revealed a varied range of time Disagreed, since it depends upon the N.A N.A
taken for approval of drawings, finalization of detailing, production internal & external factors which
and shipping: influence the period from 1 month to
6 month, The standard cycle time has
been defined is 8 weeks for Jobs
But, currently it can not be commented as to whether the turn around ranging from 250mt to 500mt and it
22
Timelines
time mentioned is efficient or otherwise. Due to the absence of varies depending upon the job volume
internal benchmarks pertaining to the turn-around time at each stage, & complexity.
the reasonableness of the same commented above can not be
ascertained.
7. Control Gaps in Quality Assurance and Quality Check

Processes
During a review of Quality Assurance and Quality Check process for

16 jobs, following was revealed:
1. Point number 6 of PIF pertaining to quality plan to be followed Agreed In future we will follow the process. 31 July 2009
was not populated in 2 out of 8 cases. It was given to understand
that if the same is not populated then the standard QC plan is
followed. In one of the projects pertaining to Qatar Petroleum,
with job number QA-1021, it was learnt that because of lack of
clarity about quality plan to be applied, the standard QC plan was
followed. Later on, it came to light that radiography test was to
be performed as part of quality plan and the same was done later
at client site. It was given to understand the PIF did not mention
the quality plan. The same can not be confirmed as the PIF is not
preserved as the project was more than one year old.
2. While reviewing the implementation of the quality assurance
process for 15 projects out of a sample of 16, it was found that
quality steps have not been followed in case of 7 projects.
8. Inefficient Tracking of ‘Urgent Material Requests’ and High

Associated Costs
During our review of 16 jobs, it was observed that additional material

was dispatched to customers after requests were received from their
end. This was done in either of the following situations:
• Loss of material in transit
23
Timelines
• Defective / low quality material

• Damage to material during assembly
After a request for additional requirement is received from customer,

a document called Urgent Material Request (UMR) is generated by
the customer service department.
1. Till 2007, before the implementation of ORACLE, the ALPHA 1. Agreed 1. Oracle is supporting to generate this 31 August 2009
system did facilitate the tracking and cost assessment of UMRs information just we need to
populate data.
Following is the summary of claims settled between 2005 to
2007:
S. No. Year Claim settled (AED)

1 2005 2,627,904.11
2 2006 1,816,098.17
3 2007 2,446,593.51
2. During our review of UMRs generated from Feb-08 to Oct-08, it 2. Disagreed, Job tracking 2. N.A N.A
was revealed that, post implementation of ORACLE, as of now, report is available to track
UMR & cost.
the system functionalities have not been utilized fully to track the
same. Further, the status of the active UMRs and the associated
cost is tracked manually using an excel worksheet. Hence, it is
not tracked on a real-time basis and is prone to clerical errors.
3. During our review of UMRs generated for 16 selected projects, 3. Agreed. 3. Separate account will be created to 31 August 2009
following was revealed: monitor the cost as well as report
will be developed for monitoring.
3.1 According to UMR No. C-06-1021, dated 23-Jul-06 (Job
number QA-1021), customer rejected purloins sent by the
company. This was due to the fact that they had white stains
on the surface and steel was rusty. Results of the third party
tests carried out by “Qatar Industrial Laboratories” were
negative and stated that the quality did not meet the ISO
24
Timelines
1461:1999 standard.
number QA-1021), the length of the supplied stair tread was
wrong. It was stated that ‘It doesn’t fit the stringers’.
3.3 According to UMR dated 1-Mar-07 for job number QA-
1021, customer rejected the welding done on the material
and modifications were made by the company at the site.
number AE2-2005), Mammut erection team had to conduct
modifications at site because of engineering detailing error
for the closer trims for the roof monitor and wrong supplied
door lock device.
3.5 According to UMR No. C-01-2005, dated 22-Apr-08 (Job
number AE2-2005), customer rejected the connection bolts
received from supplier ‘Al Rashed Fasteners’, due to quality
issues with the material. It was stated that ‘Customer
encountered problem of excess galvanizing at the threaded
end of the bolts’.
Further, total UMR cost for each of the 16 selected projects

could not be ascertained. On the basis of discussions it was
learnt that, the material issued to complete the urgent
material request, was not booked against that UMR / job in
the system and there is no mechanism to track UMR cost as
a whole.
25
2.4 Waste Management
Internal Audit Observations Management Response Management Action Plan Timelines
1. Weighing Bridge and House Keeping
While reviewing the process of waste and scrap management, we

noted the following:
1. Currently the company does not have a weighing bridge in the 1. Agreed. 1. CAPEX for weighing 31 August 2009
premises. Due to this, the truck full of scrap material is to be bridge already approved
sent out side for weighing. and will be ordered and
installed into the demarked
area.
2. Although separate areas have been demarcated to keep the scrap 2. Disagreed, Demarcated area 2. N.A N.A
and rejected material, rejected material was not segregated from for all type of Scrap area is
usable raw material in certain areas. place in years and records
are well maintained. Only
Hazardous waste
demarcation area recently
created for ISO 14001
26
2.5 Maintenance and Facilities Management
1. Maintenance Software Optimization
The maintenance management system namely “C Works” was

implemented by the company to facilitate the efficient management
of the maintenance function. It was observed that although it is a
single-user software, it has been used as a multi-user system in the
company. Following were observed:
1. Since implementation, the software has crashed about ten times, 1. Agreed 1. Initially, the cworks software 30 September 2009
the details pertaining to which are provided below: had a problem but now daily
backup is being taken as a
routine by IT department.
Date of
Number
Software
*
Crashing
1 18-Nov-07
2 4-Dec-07
3 12-Dec-07
4 5-Mar-08
5 27-Mar-08
6 3-Apr-08
7 17-Apr-08
8 5-May-08
9 16-Jul-08
10 10-Sep-08
* The dates on which IT
Department was notified of
the breakdown
2. Neither the system functionality of generating a detailed work 2. Disagreed, the system was 2. N.A N.A
functional in generating the
order report has been utilised in the past nor has any analysis
work orders but no hard
been performed to assess the root causes of frequent break copy of the same was
downs. generated to handover to
technicians. Technician
used the hard copy of PR
27
which was manual printed

copy. The root cause of
the frequent breakdown
was also always carried out
but lacked documentary
updating.
3. The work order files pertaining to preventive and breakdown 3. Disagreed, The work order
maintenance were not available prior to July, 2008. generation started when the
c works software was
adopted but before that
manual data was
maintained.
4. While comparing the system generated work orders for 74

4. Agreed In the initial stage of implementation Immediate
machines with the work orders report generated by the “C software had a testing problem but
Works” system, pertaining to the period July 2008 to October later it was resolved and
2008 , the following was noticed: implementation has been done
a. Work orders pertaining to seven machines generated by the properly
“C Works” system did not reflect in the work order report
1. Daily back up is being
generated by the same system. taken up
b. Similarly, some of the work orders pertaining to 21
machines were reflected in the system generated report but 2. The system does have
were not present in the work order files. the permanent record
retention. The proper
evaluation would be
done once interface will
be developed between
C work software and
ORACLE system.
2. Maintenance Planning and Analysis
While reviewing the planning and analysis aspects of maintenance

function, the following was revealed:
1. Annual budget has not been prepared for maintenance
28
department. There were no documents available on records 1. Agreed 1. Cost centre wise budget will be 30 September 2009
evidencing capturing of machine-wise material and labour cost, prepared in future, however
although down time is being captured since November 2007. accurate machine wise has been
resolved by updating the spare
Further, there is no activity in place for adequate and accurate parts item categorization in
reporting of cost and time related to maintenance. oracle system.
2. History prior to November 2007 pertaining to preventive 2. Agreed 2. Record is not available due to
maintenance, Machines breakdown maintenance and down time change of system.
is not available on record.
3. The preventive maintenance schedules have not been 3. Partially agreed. 3. C WORKS was not available to
implemented properly. Further, there are no documents retain the data. Preventive
available on record evidencing periodic review of the same in maintenance schedule were
the light of breakdown history. being done properly but lacked
recording. It is now being
reviewed in weekly
4. Preventive maintenance schedule included following errors: maintenance co ordination
4.1.The machine code was mentioned incorrectly in related meeting.
maintenance schedule
4.2 The frequency of maintenance was mentioned incorrectly
4. Agreed. 4. It has been reviewed and
corrected.
3. Work Order Generation and Maintenance Execution
While reviewing the execution of maintenance jobs, following was

revealed:
1. The responsibilities for generation and approval of work orders 1. Partially agreed. 1. The responsibility of work N.A
order generation has been
pertaining to breakdown maintenance is not defined. Although assigned to three persons and
the work order is generated in the system, a copy of the same is password key has been issued
not printed out, signed off and filled. It is to be noted that the “C to them. The proper generation
Works” software has crashed ten times in the recent past. of work order s and
Further, there is no tracking and analysis done relating to implementation is already in
effect. There is a machine
machine wise breakdown history.
29
failure analysis available from

the system for tracking.
2. A single work order is prepared for many machines in the same 2. This practice of generation of N.A
category (noted in case of welding machines). 2. Agreed. work order for same kind of
machine for the same schedule
was adopted to save the
stationary but now it is stopped
and each machine has its own
work order generated.
3. Most of the preventive maintenance checklists were neither 3. Agreed. 3. It is already implemented now N.A
signed off by the technician as a proof of job done nor were the checklist is copied at the
back side of work order and it is
they signed off by the supervisor as a proof of job supervision. crossed and signed by the
assigned technician.
4. Some preventive maintenance checklists were not attached

4. Agreed. 4. Checklist is now printed N.A
along with their related work orders. backside of the work orders.
Also there are check list
available on the machine itself
to sign off the checks.
5. Machines were not maintained at all although they were
5. Disagreed, Machines of 5. N.A N.A
scheduled to be maintained (ex: hydraulic Jacks and Fl 15) - small nature (hand tools)
requiring no attention by
the technician have been
looked after by the user
himself hence no record
needs be maintained.
6. For the last two and half years, maintenance cost has been as
30
follows:
6.1 2006- AED 1 million (Apr 2006 to Mar 2007)
6.2 2007- AED 1.78 million (Apr2007 - Dec 2007)
6.3 2008- AED 0.82 million (Jan-Jun 2008)
An analysis of the maintenance record for the period 2007 to

October 2008 revealed the following:
1. Break down incidents for the most of the machines exceeds the
6. Disagreed, Since each N.A N.A
preventive maintenance performed. Break down cases were machine has many moving
66.7% of machines maintenance history. components it is not
possible to attain 100%
preventive maintenance
completely especially when
machines are very old.
2. Of the total breakdown cases, although action taken was

Agreed Record will be maintained. 31 July 2009
mentioned in 96% of the cases, the reasons for break down were
not provided in 78% cases.
31
2.6 Procurement
1. Vendor Initial Evaluation, Development and Price Validation
While reviewing the process of initial evaluation, development of Agreed Purchase policy will be written and all 15 August 2009
vendors and their selection for purchase decision, following was aspects will be covered.
observed:
1. Based on the PO listing obtained from the ORACLE ERP system,

the company has dealt with about 461 vendors in the last one year
to whom a total of AED 621 million worth of POs have been
raised. Top twenty suppliers have about 71% of total business
amounting to AED 442 million and the remaining 441 suppliers
have 29% of total business amounting to 179 million.
2. Currently there are no guidelines available on record to facilitate
vendor initial identification from a financial and technical
perspective. Further there no defined parameters for conduct a
financial and technical evaluation to decide as to whether to do
business with the vendor.
3. New vendor master is created when business needs to be done
with that vendor. As such, there is no vendor registration process
to help build a vendor data base. A list of vendors was created in
2008 consisting of suppliers for steel, production accessories and
consumables. This is a compilation of the suppliers with whom the
company has been dealing in the past.
4. There is no detailed Purchase Policy available on record.
5. Currently the decision to select a supplier and place order on the
same is entirely discretionary and is in taken by the Purchase
Manager.
6. There exists a guideline which prescribes that for purchase of
single item valuing AED 5000, one quote needs to be invited. For
32
purchase between AED 5000 to AED 10,000, two quotations

needs to be invites and for purchased above AED 10,000, three
quotes needs to be invited.
7. A manual price comparison is maintained by the Purchase
Manager, which also contains proposed and actual delivery dates
apart from the prices. It is maintained mainly for steel and bought
out items (sent along with various parts of the buliding and are
direct bought and not manufactured). Any counter bidding and
price negotiation is done entirely by the Purchase Manager.
8. Although market rates mobilized for various material and services
on a periodic basis to facilitate rate benchmarking, there is no
mechanism for developing internal costing to arrive at tentative
cost for purchase of material to facilitate negotiations.
2. Vendor Performance Evaluation
Currently a form does exist for assessing vendor performance across Disagreed, The selection/evaluation of N.A N.A
ten parameters which are rated on point scale of 1 to 10. This rating is vendors is according to their reputations,
done by the purchase manager based on his experience and dealing quality of product, pricings, delivery etc.
Most of the purchased from the steel mills
with individual suppliers and actual performance data is not used to directly instead from traders. All steel mills
carry out the evaluation. Hence the basis of evaluation is entirely are internationally certified of their quality
subjective and not scientific. Further there is no defined periodicity of plan.
the performance evaluation exercise and there no plans to conduct
audit of suppliers’ facilities from a performance evaluation
perspective.
33
3. Requisition and Purchase Order Management
While reviewing the Purchase Requisition (PR) to Purchase Order

(PO) cycle, following came to light:
1. The authorities for raising purchase request for goods and services 1. Agreed. 1. Management will define the limit 31 July 2009
are not clearly defined in terms of named individuals responsible. authority & person designated for
purpose.
2. Currently the system allows raising of POs without valid Purchase 2. Agreed 2. In most of cases all Pos issued 31 July 2009
Requisitions. An analysis of PO listing and PR to PO report for against PRs except certain
2008 revealed that 1263 POs were raised without PR. The value of urgencies but in future all Pos
these PO was AED 179.49 million which is 29% of sum of all PO will be issued against PRs,
raised amounting to AED 620 million.
3. The purchase department does not check to ensure as to whether it 3. Disagreed, Purchasing department 3. N.A N.A
is reasonable for the company to purchase the goods /services. is always cross check insisting of
required good s with the
originator of PR & approval
authority. There are several
examples present on the record
asking such
questions/clarifications from the
originator of PR.
4. Currently, there was no activity done to assess the number of open 4. Agreed 4. Open POs will be reviewed every 30 June 2009
PO and there systematic closure. quarter.
5. The ORACLE ERP system does not generate a report showing 5. Agreed. 5. Report will be generated. 30 June 2009
pending PRs.
4. Invoice Processing, Payment and Creditors Analysis
34
While reviewing the invoice processing and creditors analysis,

following was revealed:
1. Agreed 1. Procedure will be defined, 1. Immediate
1. Currently all payment request without PO or Invoice is to be however all payments pertain
approved by the MD and the Finance Manager. In case, such a to Finance Manager or MD of
the company signed by the
payment request is made by the MD or Finance Manager, it is not Group’s authorized bank
defined as to who will approve the same signatories.
2. Agreed 2. Finance department will start 2. 30 June 2009

2. No proposed payment listings are prepared for each payment run the same procedure with the
help of purchase department.
showing payee and amounts to be paid. There are no provisions
for the authorisation of the same by s Senior Manager. Currently,
it is based on requests received from purchase department,
individual experience and suppliers' follow up call.
3. Currently there is no written policy for cheque access, storage and 3. Agreed 3. Policy will be defined & 3. 31 August 2009
usage. Functionally the emirates bank cheque book is in the documented.
custody of the Sr. Accountant who processes payments. The
remaining cheque books pertaining to twelve banks are in the
custody of treasury department. In the absence of the Sr.
Accountant, the same are kept in the custody of Finance Manager.
There is no segregation between the person issuing cheques and
the person keeping cheque books. 4. 30 June 2009
4. No cheque log is maintained detailing cheque numbers issued, the 4. Agreed 4. Finance will maintain log
first and last cheque number used for each payment run and book.
cheque numbers of cancelled or returned cheques.
5. Immediate.
5. The supplier statements are not obtained on a regular basis from 5. Agreed 5. Reconciliation is prepared
selected top suppliers, as agreed by the Procurement Head and the with supplier on monthly
same are not reconciled to the Accounts payable ledger balances. basis.
35
6. No report is produced on a periodic basis to show all POs raised 6. Agreed 6. Report will be developed in 6. 31 August 2009
using One Time Vendor accounts and sent to the relevant ERP(Oracle). As already
managers for review. Further there is no process in place to review mentioned all open Pos will
be reviewed quarterly.
the PO's raised on the one time vendor account to ensure that all
purchases are valid and any vendors that have been used more
than an agreed amount are entered onto the Vendor Master File.
7. Currently the ORACLE ERP system cannot generate a creditors 7. Agreed but now available 7. Creditors aging is available in Immediate
aging report. ERP(Oracle) and need to
check accuracy.
5. Weakness in Vendor Management
A review of the vendor management process revealed that:

1. Disagreed, Almost all vendors’ 1. N.A N.A
1. There is no documentary evidence available to substantiate how related to regular material
suppliers were financially or technically evaluated and approved purchased and most of are
prior to being added to the approved supplier list and used. There international reputed steel mills.
is no proof of any financial bid evaluation conducted.
2. There is no formal vendor code creation form used by the 2. Agreed. 2. Procedure will be defined. 31 August 2009
company. Hence, no documented approval process exists.
3. Approval procedure pertaining to the set up of new vendors in the 3. Agreed. 3. Procedure will be defined. 31 August 2009
system is not present.
4. Duplicate vendor codes are present in the vendor master which

poses the risk of duplicate/ unauthorized payments. 4. Agreed. 4. This is system error. We will 31 August 2009
rectify in future.
36
5. 2 invalid entries exist in the vendor master. 5. Agreed. 5. It will be rectified. Immediate
6. Disagreed, company follow ISO 6. N.A N.A

6. Vendor evaluation is not performed for vendor evaluation
6. Weaknesses in the Ordering Process
A sample of 14 invoices were selected during the period Jan-08 to

Dec08 and reviewed as per the ordering process present in the
company. During the review it was observed that:
1. Agreed but this is repeated order 1. Clarified. N.A
1. No quotations were invited in 1 case. (PO No.: 4171, Amount: for standard stock paints from
175,740.60). A previously approved price list was used to place the approved supplier
order.
2. Only 1 quotation was obtained in 4 cases. 2. Agreed because only single 2. Clarified. N.A
supplier/source is available for
these items
3. In 2 cases, PO was not approved as per the authority matrix which 3. Agreed, this was a transition 3. Clarified. Immediate
was in effect from 3-Nov-08. period from previous approval
hierarchy of Pos and new
hierarchy of Pos otherwise system
can not allow issuing PO without
approval of all authorities defined
in the approval hierarchy.
4. In 2 cases, duplicate POs were created. Old PO was created and 4. Disagreed, these are only revision 4. N.A N.A
approval of Purchase Manager was obtained. But later, the PO details for original PO’s. We cannot
were changed and a new PO with the same PO number was created. cancel original PO. In case we
Old PO was not stamped as 'Cancelled'. Approvals as per the authority cancel the original PO number for
matrix were obtained on the new POs. new PO will be new.
37
7. Control Gaps in Vendor Creation Process
During our review of vendor creation process, it was observed that:
1. Defined policies and procedures for the creation of vendors in the 1. Disagreed, New vendor is only N.A N.A
system do not exist. Currently, when a new supplier is selected for created whenever a new item or
purchase, purchase manager approves the quotation/ company product is required otherwise we
profile of the vendor and the same is used to enter the new vendor are already having our vendors for
in the system by the procurement personnel. the supply of standard material
with specified specifications.
Therefore creation of new vendor
at the time of business is a
necessity & Auditor’s point is
invalid.
2. Many users in the company have access to create vendors in the 2. Agreed We will review this and take necessary 31 August 2009
system. A list of the users is provided below. steps.
GTS Oracle Consultants - 4 users: These users are no longer with

the company. Their accounts remain in the system, but have been
deactivated.
Purchase Order Approver - 4 users: These users were initially

given this access before a specific MBS Purchase Approvers
Responsibility had been set up in the system.
Purchase Requestor - 6 users: These users were initially given this

access before a specific MBS Purchase Requestor Responsibility
had been set up in the system.
Purchase User - 4 users: These users belong to the Purchase

Department
Technical Support Team - 9 users: This access enables the IT

team to handle support queries and publish reports
Our discussion with IT personnel revealed that the responsibility

matrix in place was designed, reviewed and agreed upon by the
38
business with the help and guidance of the Oracle implementation

partners (GTS) prior to the system going live and these business users
were set up within the system at that time. As of now, the IT
Department has provided access to the users based on the requests and
approvals from the concerned Department Manager. Now, it is realized
that a more formal procedure is required to control system access
requests. This requirement has been addressed by the planned
implementation of a change request procedure. The entire process for
creating/ changing users in the system has been defined, including
requests, review and approval.
8. Purchase of Chemical from Group Company
During our discussion with Finance personnel, it was revealed that a Although chemicals can be expired in Clarified. N.A
chemical was purchased from Mammut Iran (A Mammut Group Jan/Feb 2009 purchased in year 2008 but it
Company) in Aug-08. Details of the purchase are as follows: can be used after expiry as per lab test
report. In addition, manufacturing dates is
Date of Purchase Order: 21-Aug-08 ultra conservative to avoid any liability.
Chemical Purchased: BAYMER TRIAL PRODUCT - POLYOL
27HB03
Total Quantity: 150,000 Kgs
Rate (per Kg): EURO 1.83 (AED 10.49)
Total Amount (EURO): 274,500 (AED 1,573,549)
1. Early expiry of chemical:

It was learnt that, usually the chemical expires after about one
year of purchase. However, as on 31st December 2008, some
chemical purchased from Mammut Iran was about to expire in the
months of Jan-09 and Feb-09. Refer to the table below for details:
Expiry Quantity
Item Supplier
Date (Kgs)
POLYOL B3 Jan-09 31,000 Mammut Iran
POLYOL B3 Feb-09 32,000 Mammut Iran
Rest of the chemical was consumed during this period.
39
The material was sent to the laboratory for testing, to find out if it can
be used even after the expiry date. The test results were positive and
stated that even after expiry, the chemical can be used.
2. Purchase at market price:

Even though the material purchased was expiring soon, it was
purchased at the market price rather than a discounted price. Refer
to the table below for comparison of rates with earlier purchases
made for the same chemical :
Price
Date Supplier (Per Kg)
AED
26-Jan-08 Bayer Polymer 9.95
25-Mar-08 Bayer Polymer 9.95
25-Jun-08 Bayer Polymer 9.95
9. Hiring of Consultants Without the Approval of the Board
2 consultants, namely, Mr. Andre Collignon and Mr. Norbert Holtzem, The scope of work, deliverables and timing The project was awarded by Mr. N.A
had been appointed as external consultants to MBS for a period of 24 plan have been developed and issued to Bahzad. However EII team was able
months, starting from 1st October, 2008. As per the agreement dated EXCOM. to convince them to circulate the
30th September, 2008, both the consultants are paid a monthly sum of proposal, objectives, timelines for
EURO 15,100 and all operational expenses are reimbursed against approval
receipts.
However, it is to be noted that, no approval from the Board or EII has

been obtained on this matter.
Also, the agreement between MBS and consultants does not specify
the objective of the assignment, scope of work and specific
deliverables to MBS.
40
2.7 Inventory Management
Timelines
Internal Audit Observations Management Response Management Action Plan
1. Material Receiving, Storage and House-keeping
While reviewing the material receiving, storage and house keeping

function, following was noted:
1. Currently, the Company does not have centralised stores. Raw 1. Disagreed, Due to different type 1. N.A N.A
Materials are stored in an open yard, bought out items are of operations which carries out
stored in an area in the plant and stores and spares are stored in Mammut Building System
at third location. FZC plant, various products,
plant size and different
equipments which are require
for handling of raw materials;
decentralizing of stores would
be the best possible option, at
the same time there is a
centralize control from material
controller supervisor ( Mr. Jose
Dias ) whom sits in PPD
department, basically all the
information’s from different
stores flow in PPD and compile
by Senior material controller in
different type of format, so
control is centralize.
2. There is no tracking of unloading time from port-to-factory 2. Disagreed, As per discussion 2. N.A N.A
and factory-to-port. held in our conference room and
documents presented to you
there is a tracking report for all
the trucks and containers which
are entering and leaving MBS
factory at any given time, at the
same time when there is a
congestion and unusually
shipments from port all the team
41
Timelines
members up to manager level

gets involve to ease up the
operation. In terms of off
loading priority it goes with
FIFO and type of materials, if
we receive a container shipment
there is a receiving date on
containers and containers are
getting off loaded base of FIFO
3. There is no dedicated store in place with a layout plan and the 3. Partially agreed 3. There is a dedicated store in 30 September 2009
same being mapped in the ORACLE ERP system. place where as the lay out
plan will be established and
same will be mapped with
ORACLE
4. There are no defined stacking norms in terms of types of 4. Partially agreed, As far as steel 4. N.A 30 September 2009
stacks, number of pieces / boxes / items kept in a stack, concern number of pieces in
stacking hight etc. for various types of material. each bundle and bundling is
different from supplier to
supplier and practically it is not
possible to re bundling them, for
buy out items packing is subject
to supplier and shipment type
which is different and that
depends on suppliers and it has
to be forced by purchasing to
supplier, for sacking we fallow
industry practice which is vary
for each type of materials and
mainly depends on volume of
materials which we receive in
MBS plant, as we have
explained to you all the pre
painted Aluzinc materials can go
up to 3 coils vertically on top of
42
Timelines
each other, and for still hot

rolled sections industry practice
is 3.5 meter which we are
fallowing it.
5. The hygiene norms in terms of cleaning schedule, hygiene 5. Disagreed, _Cleaning of 5. N.A N.A
standards to be maintained in the stores etc. for the stores are inventory is carrying every
not defined. alternative week and procedure
for 5s inspection start on 2end
March and we hold it every
Monday on entire plant, the rest
of procedure is under review to
be establish as standard policy,
and it has shown to you on a day
which we had a meeting, there is
an enormous improvement in all
the area in terms of cleaning and
arranging written procedure will
be establish in six months.
6. Although ORACLE ERP has been implemented, but the same

6. Agreed. 6. Objective of continues 30 September 2009
is not supported by a perpetual inventory system and system will be achieved after
continuous stocking system, which is absolute essential in an implementation of SCIA
ERP environment. software.
7. Control Gaps in Material Rejection .
It was noted that, there are no guidelines to facilitate re-inspection Agreed. Guidelines to facilitate re inspection of 31 August 2009
rejected material to recover good
of rejected material to recover good material before it may be material will be established with co
returned to suppliers. ordination of Purchasing, material and
Engineering Dept.
43
Timelines
8. Physical Verification of Inventory
Although physical verification is done as a part of statutory audit Agreed Written procedures and guidelines will 15 August 2009
be defined & established.
process every six months, currently the company does not have a
well defined physical verification procedure pertaining to
inventory on an ongoing basis. Further, there are no guidelines
available on record for the preparation of stock verification report,
their verification and final authorization and approval for effecting
adjustments.
9. Inventory Management and Optimization
While evaluating the inventory management and optimization,

1. Currently classification of inventory is not done. 1. Disagreed, Inventory 1. N.A N.A

classification in terms of type of
materials route to production
and consumption is defined, for
example HRCs, HR Plate, Flat
Bar, Galvanize materials, and
Pre painted materials.. etc, and
segmentation it has been set in
the system and reports are
available for review, at the same
time physically materials have
been separated base on the route
of production too, as an
examples materials are getting
utilized in main frame shop are
store in open material yard while
as materials for cold form are in
lean to area.
44
Timelines
2. Inventory levels in terms of maximum level, minimum level 2. Agreed 2. We will implement in ERP 31 August 2009
and re-order level have not been defined. .
3. Currently the ORACLE ERP system does not generate an 3. Agreed but available from Jan- 3. N.A N.A
inventory ageing report and in turn, non-moving and slow 2009
moving items cannot be identified and valued.
10. Control Gaps in Material Consumption Booking
During our review of the material consumption booking, it was Agreed This will be available once SCIA will 30 September 2009
be implemented.
revealed that since the manufacturing module of Oracle is not
implemented as of now, all raw material consumption booking is
done manually at the end of the month. At the end of each month,
production manager creates a 'Production Report' manually in an
excel sheet and sends it to Accounts Department. This report
contains the raw material items and quantities consumed during
the month. This report is used as a basis to book the consumption
in the system by the Accounts Department. The rates of raw
materials are obtained from the Oracle System itself.
11. Absence of Provisioning Policy for Inventory
Currently, the company does not have in place any provisioning Agreed Inventory policy will be formalized 15 August 2009
policy for inventory. An age-wise analysis of inventory currently
on hand is not carried out to ascertain the quantity of inventory
under different age brackets and compare the age on inventory
with the shelf-life. This results into non-tracking of obsolete and
un-usable inventory items.
Discussion with Finance Personnel revealed that, most of the raw
materials used by the company have very long shelf lives. Even, if
the steel is rusted, it can be used after re-blasting.
45
2.8 Shipping
1. Control Gaps in Transporter Evaluation and Selection
Following was revealed during the review of Approved Transporters Agreed Complete document will be 31 July 2009
List: available cover all aspects of
1. A procedure for appointment of transporter clearly defining the recommendations.
parameters for attributes like rate, efficiency, timeliness etc. was
not available on record.
2. Transporter evaluation and justification for appointment is not
documented. Thus, appointment of the best transporter available
cannot be guaranteed.
3. There is an over dependence on a single transporter. Majority of
the dispatches are done through a sister concern namely Trans1.
Management has decided to give first preference to the sister
concern for all the domestic dispatches irrespective of the rates
charged. If, the sister concern is not able to fulfill the dispatch
requirements, alternative transporters are arranged for those
dispatches.
2. Absence of Transporters Performance Evaluation
Discussion with the Shipping Manager revealed the following: Agreed Procedure to be defined for 31 August 2009
1. Absence of a well documented procedure defining the parameters performance.
for the performance evaluation of the transporters.
2. An objective assessment of the performance of the approved
transporters is not carried out.
3. Absence of Long-term Agreements with the Transporters
During a review of the selected transporters of the company, it was Agreed Formal agreement to be prepared. 31 July 2009
revealed that formal agreements between the company and the
transporter, stating the terms and conditions of both the parties are not
present. Authorized signatory approves the quotation / rate list sent by
the transporter and this document is considered as a contract.
46
4. Control Gaps in Dispatch Monitoring
1. During a review of fifteen dispatches made during the period 1-

Nov-08 to 15-Nov-08, following was revealed:
1.1 Loading report is not signed by the material checker during
loading in all the cases. Loading report only contains the part 1. Agreed 1. Already implemented. Immediate
numbers and their respective quantities. Loading Foremen and
1.2 Proof of delivery was not obtained from the customer in six Supervisors are signing the
cases. loading docs before
preparing the packing list
Weight
Date Job No. Description DN No.
(MT)
01.11.2008 AE1-2020 PEB Materials 13.053 34955
02.11.2008 AE3-2129 Sheeting Materials 2.435 35004
08.11.2008 AE1-1795 PEB Materials 13.676 35167
09.11.2008 AE1-1526 PEB Materials 10.148 35204
12.11.2008 AE1-1526 Touch-up paint 0.028 35287
14.11.2008 AE1-2121 Sheeting Materials 6.318 35341
2. Destination-wise transit periods are not defined and formally 2. Agreed 2. Will be defined. 31 July 2009
approved by both the parties in form of a contract.
5. Lack of Control Over Demurrage Charges
During a review of financial accounts for the period Jan-08 to Nov-08

pertaining to demurrage charges, it was revealed that:
1. Agreed 1. Mechanism will be 30 September 2009
1. A mechanism to monitor and control demurrage charges does not established for demurrage
exist. Demurrage Charges for incoming materials have been monitoring.
accounted for under two different heads of accounts namely, 2. Agreed
Landed Cost Clearing Account – Freight and Freight Purchase. 2. Procedure needs to be 30 September 2009
2. Freight Charges which could be clearly identified as demurrage defined with the purchase
department to incorporate
charges according to descriptions of transactions amounted to the rate contract with
AED 121,498.This could be much more. transporters
47
2.9 Accounts and Finance
Timelines
1. Control gaps in Account Master Management
While reviewing the master data management pertaining to

Accounts, following was revealed:
1. Although there are named individuals responsible for creation,
1. Agreed 1. Policy will be Aug 31, 2009
deletion and modification of the chart of accounts, but there is documented.
no documented policy for the same.
2. There is no standardized process of amending and updating 2. Agreed 2. Procedure will be Aug 31, 2009
accounts, nor there is a process of identification in-active or defined.
dormant accounts.
3. Disagreed, all entries entered 3. N.A N.A
3. Currently all non-standard journal entries such as the adjusting by respective staff and not
entries are entered by Finance Head himself and there is no Finance Manager , however
authority delegated to any of the staff to do so. Further, there are for control purpose all entries
no supporting documents for most of the reversal entries. posted by Finance Manager.
However supporting
documents wherever missing
will be attached.
4. There is no delegation of authority defined for the approval of 4. Disagreed, all approval for 4. N.A N.A
payments limits. Generally all payments are approved by the payments done by Chief
Accounts Manager except for some material payments. accountant and forward to
Finance Manager for approval
with chque/TT signature
Finance Manager singed
cheques/TTs with MD of the
company upto the limits
approved by BOD.
Cheques/TT more then the
limit forward to Group and
EII for authorization.
48
Timelines
2. Periodic Bank Reconciliation Statements Not Prepared
Currently, the company does not prepare bank reconciliations at all. Agreed., the main reason to use Implemented Implemented
It was given to understand that by preparing a list of all post dated CDC account instead to have
and current dated checks and reconciling them with the bank Bank account in GL that we
issued future dated cheques in
statements immediately after they have been cashed from the bank bulk instead to make CDC. All
the purpose is served. Further, the company updates its accounts PDCs incorporated into PDC
based on the bank statements. account in GL instead to credit
into bank account in GL. Every
When reviewing account # 133301-Cash Clearing Account, it was month only cleared PDCs
incorporated into bank book
noted that the System facilitates the option of recording Post Dated which eventually match with
Cheques, Current Dated Letter of Credit and Letter of Credit Bank statement. The rest of the
payments separately , but all of them were recorded as Current items reconciled and part of
Dated Cheques which has resulted in a balance of AED 114,661,279 bank reconciliation statement
pending in Current Dated Cheques account. which is available from
December 2008.
3. High Finance Costs

Agreed, Due to huge liability N.A N.A
During our analysis of the financial statements for 2005, 2006 and payable to the bank in 2006 but
2007, it was revealed that profit margin has declined to 4% in 2006 after EII taken over most of the
from 8% in 2005. On further analysis of financial information and bank’s liabilities paid from the
consideration received. In
discussions with finance personnel, it was observed that it was addition EIBOR rate was higher
mainly due to increase in finance costs in 2006. Interest on terms in the year 2006 if we compare
loans increased from AED 1,832,195 in 2005 to AED 6,135,359 in year 2008.
2006 which is more than a 230% increase from the previous year.
Interest on trust receipt loans and overdrafts increased from AED
823,597 in 2005 to AED 2,099,367 in 2006. Also, current portion of
bank overdrafts increased to AED 13,394,599 in 2006 from AED
136,233 in 2005
49
Timelines
Company obtained term loans in 2006 to meet its financing needs.

Details of the loans are given below:
1. A commercial loan of AED 15,325,761 repayable in 24 equal

installments of AED 765,324 each from Bank Melli Iran. This was
used to finance property purchases.

quarterly installments of AED 1,147,289 from Northstar. This was
used to finance machine purchase.

semi-yearly installments of AED 950,000 from Abu Dhabi
Commercial Bank. This was used to finance property purchases.
We understand that, this has resulted in increased financial cost in

2006, leading to a decline in profit margin for the year. Further, as of
now the properties purchased have been transferred to the group
company.
4. Exposure to Swap Transactions
During our analysis of the treasury function, it was observed that the The reasons and methodology Approval has been sought from N.A
company entered into various interest rate swaps during the period already discussed at EXCOM board
Apr-05 to Apr-08. Although the company has made a profit over all, and Board level and approved
the Exposure to Swap
but the same is not the core activity of the company and amounts to Transactions.
entering into transactions involving a lot of financial risk.
50
2.10. Capital Expenditure
1. Capital Budgeting – Policy and Procedures
Following was revealed pertaining to the Capital Budgeting activity

in the company:
1. There is no defined capital budgeting exercise done as a part of 1. Disagreed, Each HOD submits the N.A
N.A
Annual Budgeting Process. Further, there is no centralized budget each year as par of annual
body that drives the capital expenditure decisions of the budgeting process. In addition, Budget
vs actual statement submits to EXCOM
company.
level for review. Since company
purchased only few assets except plant
and machinery for expansion which is
HOLD due to current economic
conditions. MD is authorized to take
decision upto certain limits.
2. Disagreed, Capital budget submitted by

N.A
each department which is part of
N.A
2. There is no documented process of allocating annual capital annual budget and same approved and
budgets to various departments before the year starts. intimated to all HODs
3. Disagreed, Monthly MIS is available

for review against budget and same
N.A N.A
3. There is no provision of periodic documented review of discussed in each and every EXCOM.
budgeted vs. actual expenses and analysis of variances there
4. Agreed
off..
In future all execution of 31 July 2009
projects will be done
periodically.
4. There is no system of periodic review or monitoring of
execution of projects (only capital expenditures that require
51
acquiring materials internally are not given internal Job

number, nor there is a system of periodic reporting of execution
of each project.
2. Capital Expenditure – Initiation and Approval
While reviewing a sample of sixteen capital expenditure decisions

amounting to AED 27,058,965 the following was revealed:
1. In two cases amounting to AED 99,824 no quotations were 1. Agreed 1. In future all
supporting 1. Immediate.
obtained. In ten cases amounting to AED 25,923,775 only one documents wherever
quotation was obtained. possible since some
time we need brand
specific product in
which case three
quotations are not
possible.
2. The company does not have an approved vendors list for 2. Disagreed since 95% capital purchased 2. N.A N.A
capital purchases. related to plant and machinery and it is
not possible to prepare standard list of
vendors since it depends upon the specs
and budget availability. The same has
been done during finalization of
purchased plant and machinery for
plant expansion where BOD approval
obtained after finalization of specs and
vendors.
3. In fifteen cases amounting to AED 26,573,965 no 3. Agreed 3. NPV/DCF/IRR will July 31, 2009
NPV/IRR/Payback period analysis was done. Further, there are be added in the
no guidelines available on record for performing the same. CAPEX
52
4. As of now, there is no serial number control over CER. 4. Agreed 4. CER will be Aug 31, 2009
Further, Capital Expenditure Requests (CER) were not found in generated from ERP
with serial nos.
seven cases amounting to AED 6,305,243.
5. Purchase requests were not mentioned in three cases amounting 5. Agreed 5. In future, all relevant Immediate.
to AED 4,557,272 and purchase order was not found in one documents will be
case amounting to AED 77,437 attached.
6. Agreed 6. Corrected, now no Immediate

6. In four cases amounting to AED 4,538,632 the purchase order PO can submit from
was not signed by the Finance Manager and General Manager. the ERP without
approving by Finance
Manager & MD.
7. In two cases amounting to AED 861,640, although the assets N.A
7. Disagreed, company capitalizes assets 7. N.A
were put to use but the same were not capitalized. In one case, after installation, internal satisfaction,
a purchased asset amounting to AED 3,797,760 was not performing all procedures i.e test and
booked to the extent of part payment of AED 2,800,944 as trial etc. So just assets available in the
capital commitment and in another case although full payment factory can not simply capitalize
of AED 1,341,216 was made, but the asset was not recognized without following above steps.
in the books of accounts.
3. Capital Expenditure – Fixed Asset Purchase and

Capitalization
While reviewing the fixed asset purchases and capitalization the

Immediate
1. In ten cases, the cost of the assets could not be tracked. 1. Agreed, These items are very old items 1. A proper cost
and coming from old plant. The costs tracking system in
of these items are very minor. The cost place
might be considered as expenditure at
the time of purchase from old plant.
53
2. Some Fixed assets that were purchased, but they were not 2. Agreed, 2. Now as a part of 30 September 2009
capitalized yet. (refer to annexure) CWIP since all meant
for plant expansion
which is hold now as
per directives from
the BOD.
3. Some fixed assets that actually existed were not on the fixed 3. Agreed 3. Physical verification 30 September 2009
exercise will be
assets register. carried out and will
be maintained Fixed
Assets Register.
4. Depreciation of all machines related to each category is

4. Disagreed, This is company policy of 4. N.A N.A
calculated on a lump sum basis for the whole category without last many years and it is not
taking into account the relevant useful lives and usage of worthwhile to change the policy at this
various machines stage where all machineries are very
old and overall value will not be
material to consider for revision.
5. Fixed assets insurance is prepared based on the net book value 5. Disagreed, We are doing insurance on 5. N.A N.A
of the fixed assets. Gross Value and not on net value.
Policy is available for cross
verification.
6. No information about the legal ownership of old fixed assets 6. In future, proper files Immediate
6. Agreed but it is difficult to
obtained before 2007 are available on record. identify at this stage since will be maintained.
company maintained current
year and last year record.
54
4. Weak Control Over Fixed Assets Verification

Fixed assets will be verified & 30 September 2009
We understand that, a physical verification of fixed assets is not Agreed, code will be done.
carried out by the company. Also, the assets do not have an 'Asset
Identification Code' due to which, they can not be easily identified
and located. An exercise for bar-coding of fixed assets was
undertaken at a group level about one year back. However, the
exercise was not completed and all the fixed assets were not bar-
coded. According to a list of all bar-coded items generated from the
IT System, a total of only 435 assets were coded. The list contains a
limited number of Furniture items and computer hardware only.
55
1.11. Human Resources and Payroll
Timelines
Detailed manpower and cost to company reports 30 September 2009

based on current headcount and following year
1. We agreed with the projections are prepared by HR in deliberations with
1. No Annual HR Budget, Planning and Management observation various departments and provided to them for the
purpose of planning and budgeting. Assumptions on
which the CTC is based are available with HR.
While reviewing the budgeting and planning aspect of HR function,
A number of HR Policies and Procedures which are
following was revealed: working well have been incorporated in the BP 080
as there is no need for changes. Where necessary
changes have been made in the Future Process
1. Currently, detailed planning and budgeting is not done in the
Model.
HR department. Although a projection of salaries and benefits / The Future Process Model (BP080) has already been
allowances is done as a part of annual business plan for which implemented. The Oracle process is based on the
BP080 which is running since 2008.
there are no assumptions available on record, the same is not
HR Department objectives and KPIs are being set.
done in conjunction with the department as well. Further, it is HR Department budgets have already been prepared
also not cascaded down to the department to facilitate the and submitted to Finance.
Staffing requirement, forecasted expenditure and key
formulation of a detailed budget and submission of the same
legislative requirements are all part of the budgeting
back to the management for deliberations, fine tuning and process and have already been taken into
approval. consideration.
KPIs for HR & Admin Manager, agreed by the GM
2. Currently the company is following HR procedures set in the
are being finalized.
year 2006. Although, the “Future Process Model” (dated July HR Policies and procedures already exist. They are
07, 2008) for the HR Department is available and it was given continuously updated on a need basis.
The Policy Manual is available for Department
to understand that the same are approved at the group level, an
Heads. Employee Handbook is being prepared and is
approved copy of the same was not available on record. Further, expected to be ready for distribution to all employees
the implementation of the same is still to be initiated by the by September 2009
company.
2. Control Gaps in Recruitment Activity
56
Timelines
While reviewing the recruitment aspect of HR function, following

was noted:
1. Alignment of the recruitment activity to the business plan can 1. Agreed 1. HR Manager will prepare the annual 30 September 2009
recruitment plan based on the
not be ascertained as the same is not cascaded to the Head of the budgeted figures and initiate the
HR Department. recruitment process at the agreed time.
2. A detailed updated organization chart highlighting all levels of 2. Available now. 2. N.A N.A
management down to the supervisory and workers level is not
available on record. Further, detailed job profiles / job
descriptions identifying key position requirements were not
developed for each designation. 3. HR has started to prepare this letters. Immediate
3. Rejection letters are not issued to rejected candidates and no 3. Agreed
track record of rejected employees is maintained.
4. A staffing plan neither is in place nor is the Staffing 4. HR Manager with General Manager 30 September 2009
4. Agreed will start to prepare the plan.
requirements monitored, including anticipated organizational
change.
5. No documentary evidence was available on record for imparting 5. HR Manager with general manger will 30 September 2009
training in interview and selection techniques to line managers 5. Agreed define the guidelines.
involved in the recruitment process.
While reviewing the recruitment process of fifteen employees,

1. Manpower request form was not available for eleven

employees. Further, manpower request form was used by the 1. Disagreed, All N.A N.A
department head to inform the HR Department of recruitment of manpower request
forms are available
three employees. Thus, the manpower recruitment form was not
used for its intended purpose.
57
Timelines
2. Recruitment documents such as interview sheet were not 2. Agreed In ture HR Manager will make sure that Immediate
available for ten employees. recruitments documents will be available for all
employees.
3. Educational certificates are not obtained for seven employees at 3. Agreed In future HR Manager will make sure that Immediate
the time of recruitment and the same are still not available in Educational Certificates will be available for all
their personal files. employees.
4. Agreed
4. Documentation for background checks was not retained for all In future HR Manager will make sure that Immediate
fifteen employees. 5. Disagreed, All documents for background check will be
employee orientation available for all employees.
5. Documentary evidence of employee orientation for nine forms are available
employees was not available on record.
6. Employee reporting form was not available on record for three 6. Disagreed, All N.A N.A
employees. employee reporting
forms are available
3. Control Gaps in Recruitment Activity

While reviewing the recruitment aspect of HR function, following was
noted:
1. Alignment of the recruitment activity to the business plan can 1. Agreed 1. HR Manager will prepare the annual 30 September 2009
not be ascertained as the same is not cascaded to the Head of recruitment plan based on the
the HR Department. budgeted figures and initiate the
recruitment process at the agreed time.
2. A detailed updated organization chart highlighting all levels 2. Available now. 2. N.A N.A
of management down to the supervisory and workers level is
not available on record. Further, detailed job profiles / job
descriptions identifying key position requirements were not
58
Timelines
developed for each designation.
3. Rejection letters are not issued to rejected candidates and no 3. Agreed 3. HR has started to prepare this letters. Immediate
track record of rejected employees is maintained.
4. A staffing plan neither is in place nor is the Staffing 4. Agreed 4. HR Manager with MD will start to 30 September 2009
requirements monitored, including anticipated organizational
prepare the plan.
change.
5. Agreed 5. HR Manager with MD will define the 30 September 2009
5. No documentary evidence was available on record for guidelines.
imparting training in interview and selection techniques to
line managers involved in the recruitment process.
While reviewing the recruitment process of fifteen employees, following
was revealed:
1. Manpower request form was not available for eleven Disagreed, All manpower N.A
employees. Further, manpower request form was used by the request forms are available
department head to inform the HR Department of recruitment
of three employees. Thus, the manpower recruitment form
was not used for its intended purpose.
2. Recruitment documents such as interview sheet were not

Agreed In future HR Manager will make sure that Immediate
available for ten employees.
recruitments documents will be available for all
employees.
3. Educational certificates are not obtained for seven employees Agreed
at the time of recruitment and the same are still not available In future HR Manager will make sure that Immediate
in their personal files. Educational Certificates will be available for all
employees.
4. Documentation for background checks was not retained for Agreed
all fifteen employees. In future HR Manager will make sure that Immediate
documents for background check will be
5. Documentary evidence of employee orientation for nine Disagreed All employee available for all employees.
employees was not available on record.
orientation forms are available
59
Timelines
6. Employee reporting form was not available on record for Disagreed, All employee N.A N.A
three employees. reporting forms are available
4 Control Gaps in Information Management Systems
Following gaps were observed in the information management

system of HR department:
1. Various parameters for measuring the capability and
1. Agreed The process will be in place with Group HR. 30 September 2009
effectiveness of various activities such as recruitment, training
and performance management are not in place. 2. Agreed
2. Employee productivity measures have not been established. Due The process will be in place with Group HR. 30 September 2009
to this, processes and systems to capture the data are not
available.
3. Disagreed, UAE law 30 N.A N.A
3. Delay in visa renewal processing is observed for one employee days grace period is
during the review of visa renewal process for 16 employees. available for renewal of
VISA. This is general
Visa Expiry Application Gap practice in UAE.
Emp. # Employee Name
Date Date (Days)
Vadakkedath
13020 3-Oct-08 6-Oct-08 (3.00)
Varghese
4. Delay in passport renewal process is observed for 3 employees

during the review of passport renewal process for 8 employees. 4. Partly agreed In future, HR/Admin will avoid such delay. Immediate
Ppt
PPt Expiry Gap
Emp. # Employee Name Withdrawl
Date (Days)
Date
Mohammad Haroon
13240 11-Nov-07 12-Nov-08 (367.00)
Khan
12435 Bilal Tariq Awan 24-Oct-08 26-Oct-08 (2.00)
Davis Chiriyan
12559 25-Sep-08 20-Oct-08 (25.00)
Kandath Rappai
60
Timelines
6. Discipline Management
Implementation of disciplinary procedure of the company had the

following gaps:
1. No mechanism exists for employees to raise concerns about 1. HR will prepare the procedure 15 august 2009
1. Agreed and communicate to all.
their place of work and working relationships through a discrete
procedure either formally or informally.
2. No formal record exists for training provided to line managers 2. The Disciplinary Procedures are 31 October 2009
in application of disciplinary procedures. 2. Agreed. defined clearly in the BP 080.
These are supported by a Rule
Book specifying penalties to be
applied in various circumstances
and situations. These are available
with all Managers and are being
strictly implemented.
3. No periodic audit of actions taken against the disciplinary 3. Monthly audits of Disciplinary 30 September 2009
actions is conducted to ensure compliance with laid down 3. Agreed penalties to be carried out by HR.
procedures.
61
2.12 Information Technology
Timelines
1. IT Policy, Disaster Recovery Plan and System Security
A review of the Information Technology framework revealed the

following:
1. Two documents viz. Disaster Recovery Plan and Disaster 1. Agreed 1. Restate rescue plan & 30 September 2009
Recovery Framework were available on record, but as of now, framework will be presented &
prepared to Board for approval
both of them are at a draft stage and still to be finalised. This also 2. Disagreed., Logical security
contains the back up plan. is inherent within the
2. Currently, there is no well defined, documented and approved plan Windows and Linux server 2. N.A N.A
pertaining to assessment and monitoring the physical and logical environments. Logical
security of IT infrastructure in terms of periodic review of access passwords are defined at
multiple level, server ie.
logs. network 90 day password
expiry is in place for all
users. In addition to this all
business critical
applications ie. ERP have
there own
application/database level
passwords this is inherent in
the software application.
All servers are physically secure
and kept in air conditioned IT
server room. The only people
who have access are the IT
manager and the IT Engineers.
DR Plan will be updated to
include details of Logical &
Physical security
62
Timelines
2. ERP Implementation
While assessing the ERP implementation, following came to light:

1. Agreed however note that N.A N.A
1. The project was initiated in April 2007 and went live in January ERP systems generally take a
2008 that is approximately nine months. number of years to mature. A
modular implementation
approach was taken for ERP
implementation at MBS. This
means that not all modules
went live at the same time.
Modules were phased in over
a period of time due to data
dependencies. It is not
uncommon during the early
stages of a new
implementation for small
issues to exist.
2. As the software was purchased at the group level, Mammut
2. Agreed. The half year Audit N.A N.A
Building Systems share of the cost was about AED 1.5 million did happen in Alpha, however
which is 42% of the total cost including the consultants’ fees. we are more than confident
that the pertaining issues have
been resolved and that Oracle
ERP is functioning as required
by the business.
3. It has been a year since the ORACLE ERP has gone live. 3. Agreed but available from
Following are some of the facts in this regard: Jan-2009.
2.1 The June 2008 closing of the books of accounts for the
Agreed but available from Jan-
purpose of Statutory Audit has happened in Alpha (the old 2009.
legacy system) and not in ORACLE.
63
Timelines
2.2 Debtors ageing is done manually as the ORACLE is not

giving the desired report and is still under development. ERP
also does not support the generation of creditors ageing.
2.3 ORACLE ERP does not generate an inventory ageing report. Disagreed, Following reports are N.A N.A
It was given to understand that the inventory coding is still to available :
- Oracle standard Purchase
be completed in the system. Requisition Status report
2.4 There is no report generated by the system which can - MBS PR to PO Status
facilitate the assessment of Purchase Requisition (PR) status report
as to whether it is pending approval or approved but not MBS PR to DO tracking report
serviced, serviced but not closed and serviced and closed. Following Open PO reports are
available:
- Standard Open PO
Report(by Buyer)
- Standard Open PO
Report(by Cost Center)
MBS PO Status Report
2.5 There is no pending PR and pending PR ageing report.

Partly agreed Pending PR report available, there is 30 September 2009
Further, there is no report showing the open POs and their no standard PR ageing report, it will
ageing. be developed.
30 June 2009
2.6 Two PO listings were generated for analysis purposes, Agreed Reports needs to be revisited.
namly, one from the purchase department ( 11270 listed
POs) and another from the IT department (10036 listed POs).
The PO listed in the report by purchase department were
64
Timelines
more than the PO listed in the report generated by IT

department by 1231.
2.7 The ERP system does not generate a Bank Reconciliation Agreed Company will see the possibility to
Statement. In fact, MBS does not have the practice of generate bank reconciliation
preparing Bank Reconciliation Statement at all. statement from ERP since this
facility may require additional cost
to the company.
2.8 The company has not opted for ORACLE Manufacturing.
Instead a new software SCIA has been bought at the cost of Agreed Oracle Manufacturing has not been
AED 0.90 million for managing production and MRP. factored into the ERP
Currently, the same is being integrated with ORACLE. Till implementation as it was decided
such time the whole MRP and production management is that SCIA would perform this
function better then Oracle.
performed manually. It was given to understand that the
decision to opt for SCIA instead of ORACLE Manufacturing
was taken by the top management, but there are no
documents available on record supporting the technical and
financial evaluation for supporting the decision.
N.A
2.9 Currently the material management department does not Disagreed, Report is available N.A
utilise the MRV reports to manage material receipt. and has being utilized by PPD &
Finance since module GO-Live.
no additional reports have been
requested
2.10It was given to understand that before going live, parallel Agreed This was a decision by the MD of
runs with the legacy system were not performed to ensure the company.
ERP stability.
65
66

Emaar Industries & Investments (EII) Internal Audit Mammut Building Systems Balance Sheet & Internal Controls Review

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Emaar Industries & Investments (EII) Internal Audit Mammut Building Systems Balance Sheet & Internal Controls Review

Uploaded by

Copyright:

Available Formats

Emaar Industries & Investments (EII)

 Assessment of key internal controls over operations and compliance

S. No. Areas Key Findings

Matter noted constitutes an important control weakness where the potential

Matter noted constitutes an improvement to weakness in the current system

1. Refinement of Business Performance Management

While reviewing the Business Performance Management system,

1. Risks pertaining to key processes having a direct impact on

3. Weakness in Organization Structure

While assessing the basic framework and controls pertaining to

Currently the company does not have well defined policy

DOA for business routine is established but the same is not

5. Mechanism to Instill Integrity and Ethics

While assessing the mechanism to instill integrity and ethics

6. Identification and Access Control to Critical Financial

While reviewing the system access mechanism, the following

7. Security Management Guidelines

Following was observed pertaining to the key security

1. Responsibility for physical security of production/office

8. Control Gaps in Health Management Disagreed, Employees already N.A N.A

9. Environmental Review of Capital Projects

10. Record Retention Policy

entity-level policy for record retention..

1. Customer Master Database

During the review of Customer Master Database, the following

Name Code Status

On a review of the active invalid accounts, it was revealed that three

The company was not able to provide supporting documents

2. Control Gaps in Discount Policy And Debtors Ageing

1. Alfa Industrial Refrigeration (Code: 151044) is a debtor in the

Retentions part wherever applicable 31 July 2009

3. Control Gaps in the Invoicing Process

covered under LCs. When shipping for a segment of the project is

1. Control Gaps in Creation and Approval of Job Acceptance

Job Acceptance Form (JAF) is created after the completion of

During a review of the creation and issuance of Job Acceptance Form

3. Date of approval of JAF by sales manager was not mentioned on

not been updated to reflect the change.

2. Control gaps in Generation and Approval of Project

Project Information Form (PIF) is created for each job after it is

During a review of PIF of 16 selected jobs, the following was

3. Control Gaps in Creation and Issuance of Raw Material List

2. In certain cases, Raw Material List was issued before the

Job Date of Approval

It to be noted that Raw Material List is prepared based on the

4. Through-put and Production Efficiency

5. Job-wise WIP Valuation and Margin Monitoring

It was given to understand that an MRP system is under

6. Absence of Performance Monitoring of Key Departments

7. Control Gaps in Quality Assurance and Quality Check

During a review of Quality Assurance and Quality Check process for

8. Inefficient Tracking of ‘Urgent Material Requests’ and High

During our review of 16 jobs, it was observed that additional material

• Defective / low quality material

After a request for additional requirement is received from customer,

S. No. Year Claim settled (AED)

Further, total UMR cost for each of the 16 selected projects

Internal Audit Observations Management Response Management Action Plan Timelines

1. Weighing Bridge and House Keeping

While reviewing the process of waste and scrap management, we

1. Maintenance Software Optimization

The maintenance management system namely “C Works” was