Professional Documents
Culture Documents
Emaar Industries & Investments (EII) Internal Audit Mammut Building Systems Balance Sheet & Internal Controls Review
Emaar Industries & Investments (EII) Internal Audit Mammut Building Systems Balance Sheet & Internal Controls Review
Internal Audit
Mammut Building Systems
Balance Sheet & Internal Controls Review
Scope
EII Internal Audit conducted a review of Mammut Building Systems (MBS) operations pursuant to the 2008 Internal Audit Plan. The purposes of the review were:
EII Internal Audit visited MBS office in Hamriyah Free Zone, Sharjah. The review was conducted during the months of October, November and December 2008.
EII Internal Audit procedures included interviews with MBS management and staff, walkthrough of key operational and financial reporting processes and transaction testing on
a sample basis.
EII Internal Audit reviewed sample key processes including Entity Level Controls, Sales and Debtors Management, Customer Service, Estimation, Engineering, Production,
Quality Assurance & Quality Control, Waste Management, Maintenance and Facilities Management, Procurement, Inventory Management, Shipping, Accounts and Finance,
Capital Expenditure Decision, Human Resource Management and Information Technology and Systems.
EII Audit findings and recommendations were discussed with various personnel from MBS on an ongoing basis during the progress of the assignment. The findings were also
discussed with the MD. The list of key personnel is provided in Appendix 4.1. The audit report was further discussed with MBS Executive Committee and action plans have
been drawn to remediate the control deficiencies and address the audit recommendations. A follow up audit will be conducted after 6 months of issuing the final draft of the
report.
Company Overview
Mammut Building Systems was established in 1997 to fulfill the demand for quality pre-engineered steel structure buildings and polyurethane sandwich panels and is now a
leading player in the region for pre-engineered steel buildings. The financial results for the company for the last three years are summarized below:
Million AED
Year 2006 2007 2008
Revenue
243.18 317.75 332.41
(AED)
Profit 18.85 14.22 17.21
Profit
percentage to 8% 4% 5%
Revenue
1
The company’s order book for the past three years stood as follows:
Million AED
Year 2006 2007 2008
Contract Value
613.68 602.18 653.88
(AED)
The growth in revenue, profitability and order book has been marginal. Further, as a result of our review we learnt that although efforts were made for system improvement in
terms of implementation of ORACLE ERP system and other related efforts, it did not bring in the desired improvement. Currently, there are systemic problems which need to
be addressed on an urgent basis. There are deficiencies in the design as well as in the operative effectiveness of controls. A lot of work needs to be done pertaining to Policies
& Procedures, Delegation of Authorities and defining Roles & Responsibilities with clarity. As of now, reporting mechanisms are inconsistent and processes are largely driven
by individuals. Keeping in mind the current economic scenario, it is the most opportune time for the company to bring in fundamental changes and to make the systems robust
enough to sustain the growth in the future. This report is an attempt to facilitate that process. Our key findings are summarized below:
Key Findings:
Although business plan has been prepared as per the management requirements and contains the desired elements, but certain
aspects pertaining to assignment of roles and responsibilities, budget vs. actual analysis, etc have not been addressed.
The risks associated with effective financial reporting and achievement of business objectives, have not been assessed. Further,
the company does not have a Business Continuity Plan.
A detailed Organization Structure, Authority Lines and Job Profiles are still to be defined completely. Further, mechanism to
assess and monitor appropriate levels of resources for the key elements of the organisation is also not in place.
1. Entity Level Controls Employees may act in an unethical manner with legal, regulatory or reputational repercussions for themselves and/or company
due to the absence of Business Code of Conduct to instill integrity and ethics among the employees.
System access mechanism in terms of identification of financially critical systems and associated authorities and review of user
profiles are not defined.
Security management guidelines in terms of defined responsibilities for physical security of production and office assets,
protection of financial data, pre-appointment screening of employees and protection of sensitive business information in not in
place.
Heath and safety measures like placing of emergency contact numbers and availability of employee health check ups have not
2
S. No. Areas Key Findings
been considered.
At the feasibility study stage of the capital expenditure decision there is no provision for the review for environmental impact of
the capital project prior to approval
Record Retention Policy is not available on record covering both paper and electronic records.
Company does not have a Data Protection Policy or guidelines or equivalent, covering personal data whether relating to
employees, suppliers or customers.
Amendments to the Customer Master Database are not authorized due to the absence of a signatory list. The Customer Master
Database is not reviewed periodically and customer details are not complete.
A documented policy for discounts does not exist and a high percentage of debtors have balances outstanding for over 180 and
Sales and Debtors
2. 360 days. The accounting system is underutilized as debtors ageing is still prepared manually in excel worksheet.
Management
Delays were noted in the communication of Invoices to the Bank for negotiation largely because of the delay by the customer in
the approval of delivery note as mentioned in the Letter of Credit terms. No rack was kept of such delays in order to monitor
and control such delays.
The Job Acceptance Form (JAF) was not approved properly and timely in some cases and in other cases the JAF could not be
located. The JAF was not always updated to reflect changes to the contract.
A documented policy for the approval of the Project Information Form (PIF) does not exist. The PIF was not signed-off by the
preparer and was not properly approved. Currently, the PIF is not integrated with the ERP system.
Guideline for describing the issuance, importance and interpretation of Raw Material List (RML) does not exist. The RML is a
broad estimate based on approval drawings or drawings forwarded to the customer, which results in inefficiencies from
Customer Service, increased manual effort in material requirement planning. In some cases, the RML was issued before the approval drawings
3. Estimation, Engineering, were approved by the customer.
Production and QA/QC
In-house benchmarks for performance and cycle time for each department pertaining to various stages of engineering drawings,
production and dispatch have not been established.
A mechanism to assess job wise throughput versus standard and to perform a comparison of job wise actual waste versus
standard waste does not exist. There is also no mechanism in place to perform machine wise efficiency analysis, work-in-
process analysis and job wise margin monitoring.
The quality plan section of the PIF was not always populated resulting in confusion on which quality plan was to be followed.
3
S. No. Areas Key Findings
Urgent Material Requests (UMR) is tracked manually instead of utilizing the ERP system. There is no mechanism in place to
track UMR costs as a whole and in some cases material issued to complete the UMR was not booked against that UMR in the
system.
The company does not have a weight bridge on the premises and trucks carrying scrap material are sent elsewhere for being
4. Waste Management
weighed which may result in pilferage. Scrap is not stored in a demarcated area.
The C Works software implemented for maintenance management crashed about ten times. The system functionality of
generating detailed work order report has not been utilised in the past. Further, there were mismatches in the work order report
generated from the system and the physical work orders kept as an evidence of maintenance performed.
Maintenance and Facilities As a part of maintenance planning and analysis no budgets have been prepared for the maintenance department and records
5.
Management capturing machine-wise material and labor cost are not available. The preventive maintenance schedules have not been
implemented properly and also contain errors.
The responsibilities for generation and approval of work orders pertaining to breakdown maintenance is not defined. Although
the work order is generated in the system, a copy of the same is not printed out, signed off and filled.
There is an absence of documented criterion to select vendors and suppliers, there is no procurement policy, price comparison
records were manual, and costing is tentative. Further the there are about 460 vendors with which the company deals. Of these
top twenty vendors fulfill 71% of total purchases and the balance 441 fulfill remaining 29%.
Currently the basis of evaluation of individual suppliers is subjective and not scientific. Further there is no defined periodicity
for the same supported by periodic visits to suppliers’ premises.
6. Procurement
Currently, the authorities for raising purchase requisition for goods and services are not defined. The ORACLE ERP system
allows raising POs without purchase requisitions. Further, no periodic exercise is done to assess open POs and their systematic
closure.
It is not defined as to who will approve the payment requests without PO made by Finance Manager and MD. Proposed
payment lists are not generated before a payment run. There is no written policy for cheque access, storage and usage. Cheque
issue log is also not maintained. Supplier reconciliation is not done on a periodic basis. Further, the ORACLE ERP system does
not generated a creditors ageing report.
A dedicated inventory management team does not exist. Stores are not centralized with a layout plan and are not mapped in the
ERP system. There is a lack of a well defined hygiene and staking norms. A perpetual inventory system and continuous stock
7. Inventory Management
taking system has not been implemented. No evidence of adhering to the FIFO principle is available particularly in case of
materials having a shelf life. There is no mechanism in place for tracking unloading time and expired materials.
4
S. No. Areas Key Findings
The ISO procedure does not specify guidelines for technical inspection and its periodicity. Rejected materials are neither
tracked nor kept in a designated area. Rejected materials are not re-inspected before being returned to the supplier.
A well defined physical verification procedure does not exist. Guidelines are not available for the preparation of stock
verification report, or for the verification, final authorization and approval of adjustments.
ABC classification of inventory is not performed and inventory levels have not been defined. The ERP system does not
generate an inventory ageing report. Therefore, non-moving and slow-moving items cannot be identified and valued.
There is no documented policy for transporter appointment, evaluation, and selection. Further, there has been over dependence
on one transporter found.
There is absence of a well documented procedure defining the parameters for the performance evaluation of the transporters.
The existing procedure is not objective in nature.
Formal agreements between the company and the transporter, stating the terms and conditions of both the parties are not
8. Shipping present. As of now quotation / rate list sent by the transporter and approved by authorized signatory is considered as a contract.
The Loading report is not signed by the checker due to oversight. Proof of delivery is not obtained in certain cases due to
absence of authorized personnel of the customer at the client site. Destination-wise transit periods are not defined and formally
approved by both the parties in form of a contract.
A mechanism to monitor and control demurrage charges does not exist. Demurrage Charges for incoming materials have been
accounted for under two different heads instead of one. Further, freight Charges which could be clearly identified as demurrage
charges according to descriptions of transactions amounted to AED 0.12 million. This could be much more.
A documented policy for the control of the chart of accounts does not exist and there is a lack of a standardized process for
amending the chart of accounts. There is no delegation of authority for the approval of payments and most of the non-standard
journal entries lack proper supporting documentation.
9. Accounts and Finance
Bank reconciliations are not prepared and reviewed on a periodic basis and the company accounts are updated based on the
bank statements.
A documented policy for Capital Budgeting does not exist and responsibility for this process is not assigned within the
company. The review of budgeted vs. actual expenses and analysis of variances is not documented and the execution and
Capital Expenditure completion of capital expenditure projects is not reviewed periodically in order to assess as to whether the desired benefit was
10.
Decision obtained.
An approved vendor list for capital purchases does not exist and quotations were not always obtained for capital expenditures.
5
S. No. Areas Key Findings
In most of the cases, a NPV/IRR/Payback period analysis was not performed, capital expenditure requests and purchase orders
could not be located, and the purchase orders were not approved. Some assets were put to use but were not capitalized.
A documented policy for fixed assets does not exist. In some cases, fixed assets purchased were neither capitalized nor
recorded in the Fixed Assets Register and their costs could not be tracked. Depreciation was calculated without taking into
account the relevant useful lives and usage of machines. Insurance was obtained based on the net book value of the fixed assets
which may result in overspending.
Currently, planning and budgeting is not done in the HR department. Although a projection of salaries and benefits / allowances
is done as a part of annual business plan for which there are no assumptions available on record, the same is not done in
conjunction with the department. Although Future Process Model is available on record the same is yet to be implemented and
as of now company is following the HR procedures set in 2006.
Alignment of the recruitment activity to the business plan can not be ascertained. A staffing plan neither is in place nor is the
staffing requirements monitored, including anticipated organizational changes. A detailed organization chart is not available on
Human Resource record. Further, there were gaps in the documents maintained in employee personal files.
11.
Management
Overall workforce capability requirements are not assessed. Over-reliance on key individuals is not identified and succession
plans are not in place for key positions. Job descriptions along with key performance indicators are still to be defined for all
levels. A well defined training program has not been formulated.
There is absence of measurements of employee productivity and mechanism for renewal of visa and passport.
There is absence of grievance procedures, audit of disciplinary procedures, and other discipline regulating mechanisms.
Although an IT policy exists at the group level, there was no evidence of extending the same policy to MBS. Disaster Recovery
Plan and Disaster Recovery Framework are in draft stage. Further, this is no defined and documented plan to assess and monitor
Information Technology the physical and logical security of IT infrastructure.
12.
and Systems
It has been almost one year since the ORACLE ERP has gone live and AED 1.5 million of expenditure was spent on it.
Nevertheless, it is still not stable and does not provide the desired support and results.
6
2 Detailed Observations & Recommendations
We have classified our observations into high, medium, low based on the following definition:
No matters noted that would indicate the current processes are not
Low operating effectively and efficiently as designed or where control weakness
is so minimal that potential impact if any is minor.
7
2.1. Entity Level Controls
Timelines
Internal Audit Observations Management Response Management action plan
2. Absence of Risk Identification and Management System Agreed Data disaster recovery plan 30 September 2009
and BCP available which is a part of BCP,
however, complete plan will be
While reviewing the Risk Management initiatives at MBS, the finalized as per EII guidelines and
following came to light: present to EXCOM.for approval.
8
Timelines
Internal Audit Observations Management Response Management action plan
1. A detailed organization chart is not available on the records 1. Agreed but available since 1. Organization chart is N.A
as of now. October 2008. available.
2. Roles and responsibilities of managers are not defined and 2. Agreed. 2. HR will define the roles & 30 September 2009
communicated to the relevant individuals. responsibilities & forward
3. A mechanism to assess and monitor appropriate levels of to all Managers.
3. Agreed. 3. HR will set the 30 September 2009
resources to support key elements of the organizational viz. mechanism.
finance, operations, IS, treasury, and human resources is not
in place.
4. A well defined statement of authority is not available on 4. Agreed 4. DOA document is 31 July 2009
record. available at Mammut
Group Level and will be
9
Timelines
Internal Audit Observations Management Response Management action plan
implemented after
presentation to EXCOM
and approved by the BOD
5. Agreed.
5. Performance goals for individuals are not defined clearly 5. HR will define the goals. August 31,2009
6. Agreed but available since
6. Job profiles are not available for all levels. November 2008. 6. Job Profiles are available.
4. Absence of Policy and Procedure Manuals and Agreed. DOA document is available at 31 July 2009
Delegation of Authority Matrix Mammut Group Level and will be
implemented after presentation to
There are three fundamental components of internal control EXCOM and approved by BOD.
environment viz. policies and procedures frame work, Job descriptions of key functions
delegation of authority including financial delegation and available and already defined.
segregation of duties in key functions.
10
Timelines
Internal Audit Observations Management Response Management action plan
2. The Company does not have an appropriate channel like a Agreed A committee will be formed to N.A
helpline for reporting ethical violations or any incidence of report ethical violations etc.
fraud. HR/Admin department is
responsible for compliance of
No evidences are available on record indicating allocation of regulatory laws.
overall responsibility to specific members of senior management
for compliance with legislation and regulatory laws.
1. Critical financial systems have not been identified. Critical 1. Disagreed, Critical financial N.A N.A
systems are defined (All ERP).
financial systems are those which directly influence the
recording, processing and reporting financial information 2. Agreed despite it is built up in to 30 June 2009
and statements. the system yet the documentation Process is in place to be
2. The company does not have a well defined and documented is required. documented.
statement of authorities which may facilitate granting of
access to the said systems. Currently the same is done as per
the approval of the line manager.
3. Agreed , All users’ access
handled by Support Desk with Separate request form will be Immediate
approval from department created
manager; however separate
3. There is no system of reviewing the user profile for request form will be created for
segregation of duties at the time of new, revised or the purpose.
composite user profiles (within critical financial systems).
11
Timelines
Internal Audit Observations Management Response Management action plan
2. There is no system of pre-appointment screening of all 2. Agreed 2. HR & Admin will set the July 31st -2009
prospective employees, both permanent and temporary, who procedure for screening.
are being considered for any positions in the company. 3. HR/Admin Manager with
3. Agreed MD will set the guidelines. Sept 30th -2009
3. As of now there are no guidelines available on record for the
protection of sensitive business information (hardcopy,
electronic message, or voice communication) when
transmitted internally, externally, and at disposal.
Although record retention norms have been defined for most of Agreed Entity level Policy for record 31 July 2009
the functions as a part of ISO procedures, same has not been done retention will be documented
for Finance Department as yet. Further, there is no detailed
12
Timelines
Internal Audit Observations Management Response Management action plan
11. Absence of Data Protection Policy Agreed MD with Group IT Director will 30 June 2009
define the policy.
Currently the company does not have a Data Protection Policy or
guidelines or equivalent covering personal data whether relating
to employees, suppliers or customers.
13
2.2 Sales and Debtors Management
Timelines
Internal Audit Observations Management Response Management action plan
1. Absence of signatory lists for additions and amendments to 1. Agreed 1. Signatory list will be created. August 31,2009
customer master data.
2. Presence of invalid / irrelevant customer entries. 2. Agreed 2. Will be rectified. 30 June 2009
14
Timelines
Internal Audit Observations Management Response Management action plan
3. Absence of periodic review of amendments to Customer Master 3. Agreed 3. Will set a process for periodical
Database. review.
4. Incomplete details such as billing and shipping address in
4. Agreed. 4. Will complete as soon as possible.
Customer Master Database.
It was observed that no documented discount policy exists outlining Disagreed, discount policy N.A
the basis on which discounts are to be approved and awarded. depends upon the area, market
situation, jobs complexity, order
size etc. It varies from case to
A review of the debtors ageing as on 30-Jun-08 revealed the case which can not be
following: standardized.
15
Timelines
Internal Audit Observations Management Response Management action plan
3. 28.58% of the debtors have balance outstanding for more than 3&4. Agreed 3&4 . Above 360 balances of Immediate(Debtor
360 days and 52.23% of the debtors have outstanding balance 22,552,340 include provision for bad Aging)
for more than 180 days. A summary of debtors aging is debts 12,981,242. Most of the sales
mentioned below: are secured against documents. The
total outstanding is 15% of total sales.
Cumulativ
Value
Age Groups Percentage e
(AED)
Percentage
26,298,73
0 - 90 DAYS 33.32% -
6
11,402,29
91 - 180 DAYS 14.45% 33.32%
8
18,666,02
180 - 360 DAYS 23.65% 47.77%
7
22,552,34
ABOVE 360 DAYS 28.58% 71.42%
0
78,919,43
TOTAL 100% 100%
0
16
Timelines
Internal Audit Observations Management Response Management action plan
During the review of the invoicing activity for three jobs, it was compare to local sales. We track with
observed that invoices have not been communicated to the bank for customers regularly.
negotiations on time. We will try to reduce the time for
submission of invoices.
On the basis of the discussion with the treasury manager, it was
learnt that the delay was due to a clause in the Letter of Credit (LC)
agreement which allowed the raising of invoices against the LC only
after the customer signed the delivery note.
It is to be noted here that neither the date of signing the Delivery
Note or receipt of signed Delivery Note by the company has been
documented anywhere. Hence the cause of delays cannot be known.
4. Absence of Provisioning Policy for Receivables Agreed. Provision policy will be defined and 15 August 2009
documented. Debtors will be reconciled
No documented policy exists to make provisions for bad and periodically.
doubtful debts. Currently it is being done on the basis of discussions
with external auditors and has a very subjective basis.
5. Absence of Debtors' Reconciliation Agreed In future, Debtors records will be 15 August 2009
reconciled between two departments on a
Debtors' reconciliation is not performed at all by the accounts monthly basis.
department. At the time of external audit, only confirmation letters
are sent to debtors. Also, treasury department and accounts
department maintain separate records for debtors which are
reconciled at the end of every month. Hence, an inter-department
reconciliation is carried out.
6. Absence of Documented Revenue Recognition Policy Agreed. Revenue recognition policy will be defined 15 August 2009
& documented in accounting and finance
During discussion with the finance personnel, it was revealed that a manual.
documented revenue recognition policy does not exist in the
company.
Currently, revenue recognition is done on the basis of invoices
raised to customers. All the projects undertaken by the company are
17
Timelines
Internal Audit Observations Management Response Management action plan
18
1.3 Customer Service, Estimation, Engineering, Production and QA/QC
Timelines
Internal Audit Observations Management Response Management action plan
1. JAF was not signed by sales manager in 3 cases: 1. Agreed. 1. In future General sales manager 31 July 2009
will sign all JAF.
Job Total Price
JAF Date
2. JAF Number (AED) was 2. Disagreed with observation, N.A N.A
not AE3-2084 17-Jun-08 7,496,000 document is available for
Not inspections.
AE1-2334 8,100,000
Mentioned
PK-2140 30-Aug-08 18,014,806 Immediate
3. Agreed. Rectified.
available for job OM-1667 (EURO 23,353,974).
19
Timelines
Internal Audit Observations Management Response Management action plan
1. PIF created for each job was neither signed off with date by the 1. Agreed 1. In future CSD Supervisor/Manager 30 june 2009
customer service manager nor signed off by the person who will sign all PIF.
prepared it, for all the selected jobs. This leads to the conclusion
that the approval activity for the same is not in place, although it
was given to understand that the document is circulated through
e-mails to all the concerned people.
2. PIF of each job is designed separately in Microsoft Excel and is 2.Agreed 2. As agreed with the business 30 june 2009
not integrated with the Oracle system. After discussions, it was technical data will be stored in the
learnt that the Oracle system itself is not capable of handling such ePIF(Develop by PRD). General
data is stored in Oracle.
technical data.
20
Timelines
Internal Audit Observations Management Response Management action plan
21
Timelines
Internal Audit Observations Management Response Management action plan
Currently the production efficiency analysis is done based on the Agreed These reports will be available once SCIA 30 September 2009
comparison of quantity of scrap generated versus the production on a will be implemented.
monthly basis and arriving at a percentage for the same and there are
no benchmark percentages established for comparison.
As of now, there is no system / method in place to assess job wise
throughput versus standard comparison of job wise actual waste
versus standard waste. There is also no method in place to perform a
machine wise efficiency analysis on an ongoing basis.
There is no mechanism in place to conduct a job wise WIP analysis Agreed This can be possible once SCIA will be 30 September 2009
against estimates and consequential margin monitoring. As of now, implemented.
only an over all assessment of profitability can be made at the year
end. Further, as there is no job wise estimation verses actual
comparison, no assessment can be made about the accuracy of the
project cost estimation.
A cycle-time analysis of 6 closed jobs revealed a varied range of time Disagreed, since it depends upon the N.A N.A
taken for approval of drawings, finalization of detailing, production internal & external factors which
and shipping: influence the period from 1 month to
6 month, The standard cycle time has
been defined is 8 weeks for Jobs
But, currently it can not be commented as to whether the turn around ranging from 250mt to 500mt and it
22
Timelines
Internal Audit Observations Management Response Management action plan
time mentioned is efficient or otherwise. Due to the absence of varies depending upon the job volume
internal benchmarks pertaining to the turn-around time at each stage, & complexity.
the reasonableness of the same commented above can not be
ascertained.
1. Point number 6 of PIF pertaining to quality plan to be followed Agreed In future we will follow the process. 31 July 2009
was not populated in 2 out of 8 cases. It was given to understand
that if the same is not populated then the standard QC plan is
followed. In one of the projects pertaining to Qatar Petroleum,
with job number QA-1021, it was learnt that because of lack of
clarity about quality plan to be applied, the standard QC plan was
followed. Later on, it came to light that radiography test was to
be performed as part of quality plan and the same was done later
at client site. It was given to understand the PIF did not mention
the quality plan. The same can not be confirmed as the PIF is not
preserved as the project was more than one year old.
2. While reviewing the implementation of the quality assurance
process for 15 projects out of a sample of 16, it was found that
quality steps have not been followed in case of 7 projects.
23
Timelines
Internal Audit Observations Management Response Management action plan
1. Till 2007, before the implementation of ORACLE, the ALPHA 1. Agreed 1. Oracle is supporting to generate this 31 August 2009
system did facilitate the tracking and cost assessment of UMRs information just we need to
populate data.
Following is the summary of claims settled between 2005 to
2007:
2. During our review of UMRs generated from Feb-08 to Oct-08, it 2. Disagreed, Job tracking 2. N.A N.A
was revealed that, post implementation of ORACLE, as of now, report is available to track
UMR & cost.
the system functionalities have not been utilized fully to track the
same. Further, the status of the active UMRs and the associated
cost is tracked manually using an excel worksheet. Hence, it is
not tracked on a real-time basis and is prone to clerical errors.
3. During our review of UMRs generated for 16 selected projects, 3. Agreed. 3. Separate account will be created to 31 August 2009
following was revealed: monitor the cost as well as report
will be developed for monitoring.
3.1 According to UMR No. C-06-1021, dated 23-Jul-06 (Job
number QA-1021), customer rejected purloins sent by the
company. This was due to the fact that they had white stains
on the surface and steel was rusty. Results of the third party
tests carried out by “Qatar Industrial Laboratories” were
negative and stated that the quality did not meet the ISO
24
Timelines
Internal Audit Observations Management Response Management action plan
1461:1999 standard.
3.2 According to UMR No. C-05-1021, dated 23-Jul-06 (Job
number QA-1021), the length of the supplied stair tread was
wrong. It was stated that ‘It doesn’t fit the stringers’.
3.3 According to UMR dated 1-Mar-07 for job number QA-
1021, customer rejected the welding done on the material
and modifications were made by the company at the site.
3.4 According to UMR No. C-04-2005, dated 20-Jul-08 (Job
number AE2-2005), Mammut erection team had to conduct
modifications at site because of engineering detailing error
for the closer trims for the roof monitor and wrong supplied
door lock device.
3.5 According to UMR No. C-01-2005, dated 22-Apr-08 (Job
number AE2-2005), customer rejected the connection bolts
received from supplier ‘Al Rashed Fasteners’, due to quality
issues with the material. It was stated that ‘Customer
encountered problem of excess galvanizing at the threaded
end of the bolts’.
25
2.4 Waste Management
1. Currently the company does not have a weighing bridge in the 1. Agreed. 1. CAPEX for weighing 31 August 2009
premises. Due to this, the truck full of scrap material is to be bridge already approved
sent out side for weighing. and will be ordered and
installed into the demarked
area.
2. Although separate areas have been demarcated to keep the scrap 2. Disagreed, Demarcated area 2. N.A N.A
and rejected material, rejected material was not segregated from for all type of Scrap area is
usable raw material in certain areas. place in years and records
are well maintained. Only
Hazardous waste
demarcation area recently
created for ISO 14001
26
2.5 Maintenance and Facilities Management
Internal Audit Observations Management Response Management Action Plan Timelines
1. Since implementation, the software has crashed about ten times, 1. Agreed 1. Initially, the cworks software 30 September 2009
the details pertaining to which are provided below: had a problem but now daily
backup is being taken as a
routine by IT department.
Date of
Number
Software
*
Crashing
1 18-Nov-07
2 4-Dec-07
3 12-Dec-07
4 5-Mar-08
5 27-Mar-08
6 3-Apr-08
7 17-Apr-08
8 5-May-08
9 16-Jul-08
10 10-Sep-08
* The dates on which IT
Department was notified of
the breakdown
2. Neither the system functionality of generating a detailed work 2. Disagreed, the system was 2. N.A N.A
functional in generating the
order report has been utilised in the past nor has any analysis
work orders but no hard
been performed to assess the root causes of frequent break copy of the same was
downs. generated to handover to
technicians. Technician
used the hard copy of PR
27
Internal Audit Observations Management Response Management Action Plan Timelines
3. The work order files pertaining to preventive and breakdown 3. Disagreed, The work order
maintenance were not available prior to July, 2008. generation started when the
c works software was
adopted but before that
manual data was
maintained.
28
Internal Audit Observations Management Response Management Action Plan Timelines
department. There were no documents available on records 1. Agreed 1. Cost centre wise budget will be 30 September 2009
evidencing capturing of machine-wise material and labour cost, prepared in future, however
although down time is being captured since November 2007. accurate machine wise has been
resolved by updating the spare
Further, there is no activity in place for adequate and accurate parts item categorization in
reporting of cost and time related to maintenance. oracle system.
2. History prior to November 2007 pertaining to preventive 2. Agreed 2. Record is not available due to
maintenance, Machines breakdown maintenance and down time change of system.
is not available on record.
3. The preventive maintenance schedules have not been 3. Partially agreed. 3. C WORKS was not available to
implemented properly. Further, there are no documents retain the data. Preventive
available on record evidencing periodic review of the same in maintenance schedule were
the light of breakdown history. being done properly but lacked
recording. It is now being
reviewed in weekly
4. Preventive maintenance schedule included following errors: maintenance co ordination
4.1.The machine code was mentioned incorrectly in related meeting.
maintenance schedule
4.2 The frequency of maintenance was mentioned incorrectly
4. Agreed. 4. It has been reviewed and
corrected.
1. The responsibilities for generation and approval of work orders 1. Partially agreed. 1. The responsibility of work N.A
order generation has been
pertaining to breakdown maintenance is not defined. Although assigned to three persons and
the work order is generated in the system, a copy of the same is password key has been issued
not printed out, signed off and filled. It is to be noted that the “C to them. The proper generation
Works” software has crashed ten times in the recent past. of work order s and
Further, there is no tracking and analysis done relating to implementation is already in
effect. There is a machine
machine wise breakdown history.
29
Internal Audit Observations Management Response Management Action Plan Timelines
2. A single work order is prepared for many machines in the same 2. This practice of generation of N.A
category (noted in case of welding machines). 2. Agreed. work order for same kind of
machine for the same schedule
was adopted to save the
stationary but now it is stopped
and each machine has its own
work order generated.
3. Most of the preventive maintenance checklists were neither 3. Agreed. 3. It is already implemented now N.A
signed off by the technician as a proof of job done nor were the checklist is copied at the
back side of work order and it is
they signed off by the supervisor as a proof of job supervision. crossed and signed by the
assigned technician.
6. For the last two and half years, maintenance cost has been as
30
Internal Audit Observations Management Response Management Action Plan Timelines
follows:
6.1 2006- AED 1 million (Apr 2006 to Mar 2007)
6.2 2007- AED 1.78 million (Apr2007 - Dec 2007)
6.3 2008- AED 0.82 million (Jan-Jun 2008)
1. Break down incidents for the most of the machines exceeds the
6. Disagreed, Since each N.A N.A
preventive maintenance performed. Break down cases were machine has many moving
66.7% of machines maintenance history. components it is not
possible to attain 100%
preventive maintenance
completely especially when
machines are very old.
31
2.6 Procurement
While reviewing the process of initial evaluation, development of Agreed Purchase policy will be written and all 15 August 2009
vendors and their selection for purchase decision, following was aspects will be covered.
observed:
32
Internal Audit Observations Management Response Management Action Plan Timelines
Currently a form does exist for assessing vendor performance across Disagreed, The selection/evaluation of N.A N.A
ten parameters which are rated on point scale of 1 to 10. This rating is vendors is according to their reputations,
done by the purchase manager based on his experience and dealing quality of product, pricings, delivery etc.
Most of the purchased from the steel mills
with individual suppliers and actual performance data is not used to directly instead from traders. All steel mills
carry out the evaluation. Hence the basis of evaluation is entirely are internationally certified of their quality
subjective and not scientific. Further there is no defined periodicity of plan.
the performance evaluation exercise and there no plans to conduct
audit of suppliers’ facilities from a performance evaluation
perspective.
33
Internal Audit Observations Management Response Management Action Plan Timelines
1. The authorities for raising purchase request for goods and services 1. Agreed. 1. Management will define the limit 31 July 2009
are not clearly defined in terms of named individuals responsible. authority & person designated for
purpose.
2. Currently the system allows raising of POs without valid Purchase 2. Agreed 2. In most of cases all Pos issued 31 July 2009
Requisitions. An analysis of PO listing and PR to PO report for against PRs except certain
2008 revealed that 1263 POs were raised without PR. The value of urgencies but in future all Pos
these PO was AED 179.49 million which is 29% of sum of all PO will be issued against PRs,
raised amounting to AED 620 million.
3. The purchase department does not check to ensure as to whether it 3. Disagreed, Purchasing department 3. N.A N.A
is reasonable for the company to purchase the goods /services. is always cross check insisting of
required good s with the
originator of PR & approval
authority. There are several
examples present on the record
asking such
questions/clarifications from the
originator of PR.
4. Currently, there was no activity done to assess the number of open 4. Agreed 4. Open POs will be reviewed every 30 June 2009
PO and there systematic closure. quarter.
5. The ORACLE ERP system does not generate a report showing 5. Agreed. 5. Report will be generated. 30 June 2009
pending PRs.
34
Internal Audit Observations Management Response Management Action Plan Timelines
3. Currently there is no written policy for cheque access, storage and 3. Agreed 3. Policy will be defined & 3. 31 August 2009
usage. Functionally the emirates bank cheque book is in the documented.
custody of the Sr. Accountant who processes payments. The
remaining cheque books pertaining to twelve banks are in the
custody of treasury department. In the absence of the Sr.
Accountant, the same are kept in the custody of Finance Manager.
There is no segregation between the person issuing cheques and
the person keeping cheque books. 4. 30 June 2009
4. No cheque log is maintained detailing cheque numbers issued, the 4. Agreed 4. Finance will maintain log
first and last cheque number used for each payment run and book.
cheque numbers of cancelled or returned cheques.
5. Immediate.
5. The supplier statements are not obtained on a regular basis from 5. Agreed 5. Reconciliation is prepared
selected top suppliers, as agreed by the Procurement Head and the with supplier on monthly
same are not reconciled to the Accounts payable ledger balances. basis.
35
Internal Audit Observations Management Response Management Action Plan Timelines
6. No report is produced on a periodic basis to show all POs raised 6. Agreed 6. Report will be developed in 6. 31 August 2009
using One Time Vendor accounts and sent to the relevant ERP(Oracle). As already
managers for review. Further there is no process in place to review mentioned all open Pos will
be reviewed quarterly.
the PO's raised on the one time vendor account to ensure that all
purchases are valid and any vendors that have been used more
than an agreed amount are entered onto the Vendor Master File.
7. Currently the ORACLE ERP system cannot generate a creditors 7. Agreed but now available 7. Creditors aging is available in Immediate
aging report. ERP(Oracle) and need to
check accuracy.
2. There is no formal vendor code creation form used by the 2. Agreed. 2. Procedure will be defined. 31 August 2009
company. Hence, no documented approval process exists.
3. Approval procedure pertaining to the set up of new vendors in the 3. Agreed. 3. Procedure will be defined. 31 August 2009
system is not present.
36
Internal Audit Observations Management Response Management Action Plan Timelines
5. 2 invalid entries exist in the vendor master. 5. Agreed. 5. It will be rectified. Immediate
2. Only 1 quotation was obtained in 4 cases. 2. Agreed because only single 2. Clarified. N.A
supplier/source is available for
these items
3. In 2 cases, PO was not approved as per the authority matrix which 3. Agreed, this was a transition 3. Clarified. Immediate
was in effect from 3-Nov-08. period from previous approval
hierarchy of Pos and new
hierarchy of Pos otherwise system
can not allow issuing PO without
approval of all authorities defined
in the approval hierarchy.
4. In 2 cases, duplicate POs were created. Old PO was created and 4. Disagreed, these are only revision 4. N.A N.A
approval of Purchase Manager was obtained. But later, the PO details for original PO’s. We cannot
were changed and a new PO with the same PO number was created. cancel original PO. In case we
Old PO was not stamped as 'Cancelled'. Approvals as per the authority cancel the original PO number for
matrix were obtained on the new POs. new PO will be new.
37
Internal Audit Observations Management Response Management Action Plan Timelines
1. Defined policies and procedures for the creation of vendors in the 1. Disagreed, New vendor is only N.A N.A
system do not exist. Currently, when a new supplier is selected for created whenever a new item or
purchase, purchase manager approves the quotation/ company product is required otherwise we
profile of the vendor and the same is used to enter the new vendor are already having our vendors for
in the system by the procurement personnel. the supply of standard material
with specified specifications.
Therefore creation of new vendor
at the time of business is a
necessity & Auditor’s point is
invalid.
2. Many users in the company have access to create vendors in the 2. Agreed We will review this and take necessary 31 August 2009
system. A list of the users is provided below. steps.
38
Internal Audit Observations Management Response Management Action Plan Timelines
During our discussion with Finance personnel, it was revealed that a Although chemicals can be expired in Clarified. N.A
chemical was purchased from Mammut Iran (A Mammut Group Jan/Feb 2009 purchased in year 2008 but it
Company) in Aug-08. Details of the purchase are as follows: can be used after expiry as per lab test
report. In addition, manufacturing dates is
Date of Purchase Order: 21-Aug-08 ultra conservative to avoid any liability.
Chemical Purchased: BAYMER TRIAL PRODUCT - POLYOL
27HB03
Total Quantity: 150,000 Kgs
Rate (per Kg): EURO 1.83 (AED 10.49)
Total Amount (EURO): 274,500 (AED 1,573,549)
Expiry Quantity
Item Supplier
Date (Kgs)
POLYOL B3 Jan-09 31,000 Mammut Iran
POLYOL B3 Feb-09 32,000 Mammut Iran
39
Internal Audit Observations Management Response Management Action Plan Timelines
The material was sent to the laboratory for testing, to find out if it can
be used even after the expiry date. The test results were positive and
stated that even after expiry, the chemical can be used.
Price
Date Supplier (Per Kg)
AED
26-Jan-08 Bayer Polymer 9.95
25-Mar-08 Bayer Polymer 9.95
25-Jun-08 Bayer Polymer 9.95
2 consultants, namely, Mr. Andre Collignon and Mr. Norbert Holtzem, The scope of work, deliverables and timing The project was awarded by Mr. N.A
had been appointed as external consultants to MBS for a period of 24 plan have been developed and issued to Bahzad. However EII team was able
months, starting from 1st October, 2008. As per the agreement dated EXCOM. to convince them to circulate the
30th September, 2008, both the consultants are paid a monthly sum of proposal, objectives, timelines for
EURO 15,100 and all operational expenses are reimbursed against approval
receipts.
Also, the agreement between MBS and consultants does not specify
the objective of the assignment, scope of work and specific
deliverables to MBS.
40
2.7 Inventory Management
Timelines
Internal Audit Observations Management Response Management Action Plan
1. Currently, the Company does not have centralised stores. Raw 1. Disagreed, Due to different type 1. N.A N.A
Materials are stored in an open yard, bought out items are of operations which carries out
stored in an area in the plant and stores and spares are stored in Mammut Building System
at third location. FZC plant, various products,
plant size and different
equipments which are require
for handling of raw materials;
decentralizing of stores would
be the best possible option, at
the same time there is a
centralize control from material
controller supervisor ( Mr. Jose
Dias ) whom sits in PPD
department, basically all the
information’s from different
stores flow in PPD and compile
by Senior material controller in
different type of format, so
control is centralize.
2. There is no tracking of unloading time from port-to-factory 2. Disagreed, As per discussion 2. N.A N.A
and factory-to-port. held in our conference room and
documents presented to you
there is a tracking report for all
the trucks and containers which
are entering and leaving MBS
factory at any given time, at the
same time when there is a
congestion and unusually
shipments from port all the team
41
Timelines
Internal Audit Observations Management Response Management Action Plan
3. There is no dedicated store in place with a layout plan and the 3. Partially agreed 3. There is a dedicated store in 30 September 2009
same being mapped in the ORACLE ERP system. place where as the lay out
plan will be established and
same will be mapped with
ORACLE
4. There are no defined stacking norms in terms of types of 4. Partially agreed, As far as steel 4. N.A 30 September 2009
stacks, number of pieces / boxes / items kept in a stack, concern number of pieces in
stacking hight etc. for various types of material. each bundle and bundling is
different from supplier to
supplier and practically it is not
possible to re bundling them, for
buy out items packing is subject
to supplier and shipment type
which is different and that
depends on suppliers and it has
to be forced by purchasing to
supplier, for sacking we fallow
industry practice which is vary
for each type of materials and
mainly depends on volume of
materials which we receive in
MBS plant, as we have
explained to you all the pre
painted Aluzinc materials can go
up to 3 coils vertically on top of
42
Timelines
Internal Audit Observations Management Response Management Action Plan
5. The hygiene norms in terms of cleaning schedule, hygiene 5. Disagreed, _Cleaning of 5. N.A N.A
standards to be maintained in the stores etc. for the stores are inventory is carrying every
not defined. alternative week and procedure
for 5s inspection start on 2end
March and we hold it every
Monday on entire plant, the rest
of procedure is under review to
be establish as standard policy,
and it has shown to you on a day
which we had a meeting, there is
an enormous improvement in all
the area in terms of cleaning and
arranging written procedure will
be establish in six months.
It was noted that, there are no guidelines to facilitate re-inspection Agreed. Guidelines to facilitate re inspection of 31 August 2009
rejected material to recover good
of rejected material to recover good material before it may be material will be established with co
returned to suppliers. ordination of Purchasing, material and
Engineering Dept.
43
Timelines
Internal Audit Observations Management Response Management Action Plan
Although physical verification is done as a part of statutory audit Agreed Written procedures and guidelines will 15 August 2009
be defined & established.
process every six months, currently the company does not have a
well defined physical verification procedure pertaining to
inventory on an ongoing basis. Further, there are no guidelines
available on record for the preparation of stock verification report,
their verification and final authorization and approval for effecting
adjustments.
44
Timelines
Internal Audit Observations Management Response Management Action Plan
2. Inventory levels in terms of maximum level, minimum level 2. Agreed 2. We will implement in ERP 31 August 2009
and re-order level have not been defined. .
3. Currently the ORACLE ERP system does not generate an 3. Agreed but available from Jan- 3. N.A N.A
inventory ageing report and in turn, non-moving and slow 2009
moving items cannot be identified and valued.
During our review of the material consumption booking, it was Agreed This will be available once SCIA will 30 September 2009
be implemented.
revealed that since the manufacturing module of Oracle is not
implemented as of now, all raw material consumption booking is
done manually at the end of the month. At the end of each month,
production manager creates a 'Production Report' manually in an
excel sheet and sends it to Accounts Department. This report
contains the raw material items and quantities consumed during
the month. This report is used as a basis to book the consumption
in the system by the Accounts Department. The rates of raw
materials are obtained from the Oracle System itself.
Currently, the company does not have in place any provisioning Agreed Inventory policy will be formalized 15 August 2009
policy for inventory. An age-wise analysis of inventory currently
on hand is not carried out to ascertain the quantity of inventory
under different age brackets and compare the age on inventory
with the shelf-life. This results into non-tracking of obsolete and
un-usable inventory items.
Discussion with Finance Personnel revealed that, most of the raw
materials used by the company have very long shelf lives. Even, if
the steel is rusted, it can be used after re-blasting.
45
2.8 Shipping
Internal Audit Observations Management Response Management Action Plan Timelines
Following was revealed during the review of Approved Transporters Agreed Complete document will be 31 July 2009
List: available cover all aspects of
1. A procedure for appointment of transporter clearly defining the recommendations.
parameters for attributes like rate, efficiency, timeliness etc. was
not available on record.
2. Transporter evaluation and justification for appointment is not
documented. Thus, appointment of the best transporter available
cannot be guaranteed.
3. There is an over dependence on a single transporter. Majority of
the dispatches are done through a sister concern namely Trans1.
Management has decided to give first preference to the sister
concern for all the domestic dispatches irrespective of the rates
charged. If, the sister concern is not able to fulfill the dispatch
requirements, alternative transporters are arranged for those
dispatches.
Discussion with the Shipping Manager revealed the following: Agreed Procedure to be defined for 31 August 2009
1. Absence of a well documented procedure defining the parameters performance.
for the performance evaluation of the transporters.
2. An objective assessment of the performance of the approved
transporters is not carried out.
During a review of the selected transporters of the company, it was Agreed Formal agreement to be prepared. 31 July 2009
revealed that formal agreements between the company and the
transporter, stating the terms and conditions of both the parties are not
present. Authorized signatory approves the quotation / rate list sent by
the transporter and this document is considered as a contract.
46
Internal Audit Observations Management Response Management Action Plan Timelines
2. Destination-wise transit periods are not defined and formally 2. Agreed 2. Will be defined. 31 July 2009
approved by both the parties in form of a contract.
47
2.9 Accounts and Finance
Timelines
Internal Audit Observations Management Response Management Action Plan
4. There is no delegation of authority defined for the approval of 4. Disagreed, all approval for 4. N.A N.A
payments limits. Generally all payments are approved by the payments done by Chief
Accounts Manager except for some material payments. accountant and forward to
Finance Manager for approval
with chque/TT signature
Finance Manager singed
cheques/TTs with MD of the
company upto the limits
approved by BOD.
Cheques/TT more then the
limit forward to Group and
EII for authorization.
48
Timelines
Internal Audit Observations Management Response Management Action Plan
Currently, the company does not prepare bank reconciliations at all. Agreed., the main reason to use Implemented Implemented
It was given to understand that by preparing a list of all post dated CDC account instead to have
and current dated checks and reconciling them with the bank Bank account in GL that we
issued future dated cheques in
statements immediately after they have been cashed from the bank bulk instead to make CDC. All
the purpose is served. Further, the company updates its accounts PDCs incorporated into PDC
based on the bank statements. account in GL instead to credit
into bank account in GL. Every
When reviewing account # 133301-Cash Clearing Account, it was month only cleared PDCs
incorporated into bank book
noted that the System facilitates the option of recording Post Dated which eventually match with
Cheques, Current Dated Letter of Credit and Letter of Credit Bank statement. The rest of the
payments separately , but all of them were recorded as Current items reconciled and part of
Dated Cheques which has resulted in a balance of AED 114,661,279 bank reconciliation statement
pending in Current Dated Cheques account. which is available from
December 2008.
49
Timelines
Internal Audit Observations Management Response Management Action Plan
During our analysis of the treasury function, it was observed that the The reasons and methodology Approval has been sought from N.A
company entered into various interest rate swaps during the period already discussed at EXCOM board
Apr-05 to Apr-08. Although the company has made a profit over all, and Board level and approved
the Exposure to Swap
but the same is not the core activity of the company and amounts to Transactions.
entering into transactions involving a lot of financial risk.
50
2.10. Capital Expenditure
1. There is no defined capital budgeting exercise done as a part of 1. Disagreed, Each HOD submits the N.A
N.A
Annual Budgeting Process. Further, there is no centralized budget each year as par of annual
body that drives the capital expenditure decisions of the budgeting process. In addition, Budget
vs actual statement submits to EXCOM
company.
level for review. Since company
purchased only few assets except plant
and machinery for expansion which is
HOLD due to current economic
conditions. MD is authorized to take
decision upto certain limits.
51
Internal Audit Observations Management Response Management Action Plan Timelines
1. In two cases amounting to AED 99,824 no quotations were 1. Agreed 1. In future all
supporting 1. Immediate.
obtained. In ten cases amounting to AED 25,923,775 only one documents wherever
quotation was obtained. possible since some
time we need brand
specific product in
which case three
quotations are not
possible.
2. The company does not have an approved vendors list for 2. Disagreed since 95% capital purchased 2. N.A N.A
capital purchases. related to plant and machinery and it is
not possible to prepare standard list of
vendors since it depends upon the specs
and budget availability. The same has
been done during finalization of
purchased plant and machinery for
plant expansion where BOD approval
obtained after finalization of specs and
vendors.
3. In fifteen cases amounting to AED 26,573,965 no 3. Agreed 3. NPV/DCF/IRR will July 31, 2009
NPV/IRR/Payback period analysis was done. Further, there are be added in the
no guidelines available on record for performing the same. CAPEX
52
Internal Audit Observations Management Response Management Action Plan Timelines
4. As of now, there is no serial number control over CER. 4. Agreed 4. CER will be Aug 31, 2009
Further, Capital Expenditure Requests (CER) were not found in generated from ERP
with serial nos.
seven cases amounting to AED 6,305,243.
5. Purchase requests were not mentioned in three cases amounting 5. Agreed 5. In future, all relevant Immediate.
to AED 4,557,272 and purchase order was not found in one documents will be
case amounting to AED 77,437 attached.
53
Internal Audit Observations Management Response Management Action Plan Timelines
2. Some Fixed assets that were purchased, but they were not 2. Agreed, 2. Now as a part of 30 September 2009
capitalized yet. (refer to annexure) CWIP since all meant
for plant expansion
which is hold now as
per directives from
the BOD.
3. Some fixed assets that actually existed were not on the fixed 3. Agreed 3. Physical verification 30 September 2009
exercise will be
assets register. carried out and will
be maintained Fixed
Assets Register.
5. Fixed assets insurance is prepared based on the net book value 5. Disagreed, We are doing insurance on 5. N.A N.A
of the fixed assets. Gross Value and not on net value.
Policy is available for cross
verification.
6. No information about the legal ownership of old fixed assets 6. In future, proper files Immediate
6. Agreed but it is difficult to
obtained before 2007 are available on record. identify at this stage since will be maintained.
company maintained current
year and last year record.
54
Internal Audit Observations Management Response Management Action Plan Timelines
55
1.11. Human Resources and Payroll
Timelines
Internal Audit Observations Management Response Management Action Plan
56
Timelines
Internal Audit Observations Management Response Management Action Plan
57
Timelines
Internal Audit Observations Management Response Management Action Plan
2. Recruitment documents such as interview sheet were not 2. Agreed In ture HR Manager will make sure that Immediate
available for ten employees. recruitments documents will be available for all
employees.
3. Educational certificates are not obtained for seven employees at 3. Agreed In future HR Manager will make sure that Immediate
the time of recruitment and the same are still not available in Educational Certificates will be available for all
their personal files. employees.
4. Agreed
4. Documentation for background checks was not retained for all In future HR Manager will make sure that Immediate
fifteen employees. 5. Disagreed, All documents for background check will be
employee orientation available for all employees.
5. Documentary evidence of employee orientation for nine forms are available
employees was not available on record.
6. Employee reporting form was not available on record for three 6. Disagreed, All N.A N.A
employees. employee reporting
forms are available
58
Timelines
Internal Audit Observations Management Response Management Action Plan
3. Rejection letters are not issued to rejected candidates and no 3. Agreed 3. HR has started to prepare this letters. Immediate
track record of rejected employees is maintained.
4. A staffing plan neither is in place nor is the Staffing 4. Agreed 4. HR Manager with MD will start to 30 September 2009
requirements monitored, including anticipated organizational
prepare the plan.
change.
5. Agreed 5. HR Manager with MD will define the 30 September 2009
5. No documentary evidence was available on record for guidelines.
imparting training in interview and selection techniques to
line managers involved in the recruitment process.
While reviewing the recruitment process of fifteen employees, following
was revealed:
1. Manpower request form was not available for eleven Disagreed, All manpower N.A
employees. Further, manpower request form was used by the request forms are available
department head to inform the HR Department of recruitment
of three employees. Thus, the manpower recruitment form
was not used for its intended purpose.
59
Timelines
Internal Audit Observations Management Response Management Action Plan
6. Employee reporting form was not available on record for Disagreed, All employee N.A N.A
three employees. reporting forms are available
60
Timelines
Internal Audit Observations Management Response Management Action Plan
6. Discipline Management
1. No mechanism exists for employees to raise concerns about 1. HR will prepare the procedure 15 august 2009
1. Agreed and communicate to all.
their place of work and working relationships through a discrete
procedure either formally or informally.
2. No formal record exists for training provided to line managers 2. The Disciplinary Procedures are 31 October 2009
in application of disciplinary procedures. 2. Agreed. defined clearly in the BP 080.
These are supported by a Rule
Book specifying penalties to be
applied in various circumstances
and situations. These are available
with all Managers and are being
strictly implemented.
3. No periodic audit of actions taken against the disciplinary 3. Monthly audits of Disciplinary 30 September 2009
actions is conducted to ensure compliance with laid down 3. Agreed penalties to be carried out by HR.
procedures.
61
2.12 Information Technology
Timelines
Internal Audit Observations Management Response Management Action Plan
1. Two documents viz. Disaster Recovery Plan and Disaster 1. Agreed 1. Restate rescue plan & 30 September 2009
Recovery Framework were available on record, but as of now, framework will be presented &
prepared to Board for approval
both of them are at a draft stage and still to be finalised. This also 2. Disagreed., Logical security
contains the back up plan. is inherent within the
2. Currently, there is no well defined, documented and approved plan Windows and Linux server 2. N.A N.A
pertaining to assessment and monitoring the physical and logical environments. Logical
security of IT infrastructure in terms of periodic review of access passwords are defined at
multiple level, server ie.
logs. network 90 day password
expiry is in place for all
users. In addition to this all
business critical
applications ie. ERP have
there own
application/database level
passwords this is inherent in
the software application.
All servers are physically secure
and kept in air conditioned IT
server room. The only people
who have access are the IT
manager and the IT Engineers.
DR Plan will be updated to
include details of Logical &
Physical security
62
Timelines
Internal Audit Observations Management Response Management Action Plan
2. ERP Implementation
3. It has been a year since the ORACLE ERP has gone live. 3. Agreed but available from
Following are some of the facts in this regard: Jan-2009.
2.1 The June 2008 closing of the books of accounts for the
Agreed but available from Jan-
purpose of Statutory Audit has happened in Alpha (the old 2009.
legacy system) and not in ORACLE.
63
Timelines
Internal Audit Observations Management Response Management Action Plan
2.3 ORACLE ERP does not generate an inventory ageing report. Disagreed, Following reports are N.A N.A
It was given to understand that the inventory coding is still to available :
- Oracle standard Purchase
be completed in the system. Requisition Status report
2.4 There is no report generated by the system which can - MBS PR to PO Status
facilitate the assessment of Purchase Requisition (PR) status report
as to whether it is pending approval or approved but not MBS PR to DO tracking report
serviced, serviced but not closed and serviced and closed. Following Open PO reports are
available:
- Standard Open PO
Report(by Buyer)
- Standard Open PO
Report(by Cost Center)
MBS PO Status Report
64
Timelines
Internal Audit Observations Management Response Management Action Plan
2.7 The ERP system does not generate a Bank Reconciliation Agreed Company will see the possibility to
Statement. In fact, MBS does not have the practice of generate bank reconciliation
preparing Bank Reconciliation Statement at all. statement from ERP since this
facility may require additional cost
to the company.
2.8 The company has not opted for ORACLE Manufacturing.
Instead a new software SCIA has been bought at the cost of Agreed Oracle Manufacturing has not been
AED 0.90 million for managing production and MRP. factored into the ERP
Currently, the same is being integrated with ORACLE. Till implementation as it was decided
such time the whole MRP and production management is that SCIA would perform this
function better then Oracle.
performed manually. It was given to understand that the
decision to opt for SCIA instead of ORACLE Manufacturing
was taken by the top management, but there are no
documents available on record supporting the technical and
financial evaluation for supporting the decision.
N.A
2.9 Currently the material management department does not Disagreed, Report is available N.A
utilise the MRV reports to manage material receipt. and has being utilized by PPD &
Finance since module GO-Live.
no additional reports have been
requested
2.10It was given to understand that before going live, parallel Agreed This was a decision by the MD of
runs with the legacy system were not performed to ensure the company.
ERP stability.
65
66