Professional Documents
Culture Documents
Control Overview Document VFS
Control Overview Document VFS
Control Overview Document VFS
WP Ref.:
Documentation may be included in this working paper, or other working papers (with cross-reference to
the Control Overview and Risk Assessment Document).
YES
Does the control environment appear to be satisfactory?
Control risk is the risk that a misstatement, which could occur in an account balance or class of
transactions and that could be material individually or when aggregated with misstatements in other
balances or classes, will not be prevented or detected and corrected on a timely basis by the accounting
and internal control systems.
Internal control system means all the policies and procedures adopted by the management of an entity to
assist in achieving management's objective of ensuring, as far as practicable, the orderly and efficient
conduct of its business, including adherence to management policies, the safeguarding of assets, the
prevention and detection of fraud and error, the accuracy and completeness of the accounting records,
and the timely preparation of reliable financial information.
Control procedures mean those policies and procedures in addition to the control environment which
management has established to achieve the entity's specific objectives.
Control Environment
The control environment includes the attitudes, awareness, and actions of management and those
charged with governance concerning the entity’s internal control and its importance in the entity. The
control environment also includes the governance and management functions and sets the tone of an
organization, influencing the control consciousness of its people. It is the foundation for effective internal
control, providing discipline and structure.
Consider
The entity follows the Code of Ethical Conduct which encompasses anti-corruption,
confidentiality, social media, prohibition against work performed for outside parties during
normal hours, prohibition against false statements, stealing project property and supplies,
falsely reporting time work, punctuality, no political involvement, diligence and respect to
others.
They are communicated by conducting training programs from VFS Global India
They are reinforced upon constant monitoring, supervision, review process and timely
reporting.
Commitment to competence
Consider
The competence levels for the particular jobs depend upon the post. The management
provides the details of job description, makes analysis of what sort of personnel is required for
a particular job. Different jobs require different qualification, experience and training.
ThThe The competence levels translate into requisite skills and knowledge through on the job training
and cycle evaluation.
n Management’s attitudes and actions toward financial reporting (conservative or aggressive selection
from available alternative accounting principles, and conscientiousness and conservatism with which
accounting estimates are developed)
n Management’s attitudes toward information processing and accounting functions and personnel
The management is conservative and extremely risk averse so they do not undertake any sort
of risks.
Management has positive and supportive attitude towards information processing and
accounting functions.
Organizational structure
Consider
The organization has well defined organizational structure. The key areas of authority include
Manager for corporate security, Operation, Finance, Administration.
The record of operating activities is maintained on Daily report of operation department for
various mission (eg Australia, British council etc) kept by different employee, later shared to
senior officer-operation. Once the Report is reviewed by Manager- Operation (Anil Shrestha),
final reporting is done to Operation department VFS Global Mumbai.
The record of finance activities is kept by Madhukar Karki and he directly reports it to Finance
Department head of VFS Global.
Consider
The authority and responsibility for operational activities are assigned on the basis the job
position and hierarchy of the employees and clearly mentioned under organizational chart .
An entity’s risk assessment process is its process for identifying and responding to business risks and the
results thereof. For financial reporting purposes, the entity’s risk assessment process includes how
management
n identifies risks relevant to the preparation of Financial Statements
Once risks are identified, management considers their significance, the likelihood of their occurrence, and
how they should be managed. Management may initiate plans, programs, or actions to address specific
risks or it may decide to accept a risk because of cost or other considerations.
When documenting the entity’s risk assessment process risks can arise or change due to circumstances
such as the following
n Changes in operating environment
n New personnel
n Rapid growth
n New technology
n Corporate restructurings
The entity’s risks can arise or change due to the circumstances such as changes in operating
environment, new personnel, new or revamped information systems, rapid growth, new
technology, new business models, products or activities, corporate restructurings, expanded
foreign operations and new accounting policies.
Information system, and business processes for financial reporting, and communication
An information system consists of infrastructure (physical and hardware components), software, people,
procedures, and data. Infrastructure and software will be absent, or have less significance, in systems
that are exclusively or primarily manual.
The Organization uses Visa application software customized by different missions (Embassy)
for the purpose of Operation. Such source data is accessed by Finance and Administration
department via Share point software. The organization uses SAP for the purpose of recording
the financial data. Organization have timely System Audit and ISO Audit in order to assure the
Control & Security mechanism followed by it is free from risk.
Control Activities
Control activities are the policies and procedures that help ensure that management directives are carried
out. Control activities, whether within IT or manual systems, have various objectives and are applied at
various organizational and functional levels.
Certain control activities may depend on the existence of appropriate higher-level policies established by
management or those charged with governance. For example, authorization controls may be delegated
under established guidelines, such as investment criteria set by those charged with governance;
alternatively, non-routine transactions such as major acquisitions or divestments may require specific
high-level approval.
Control over Revenue generation process
Control are performed to ensure the accuracy, cutoff, occurrence and completeness
n Visa Application is entered on the visa application system (VISA Application software) of different
embassy by the operation department member of VFS Nepal.
n Daily Revenue data is pulled by SharePoint software through Visa application system
n Rates of Visa fees and Service charges are updated by respective Embassy on VFS website
n Daily Revenue data is uploaded to SAP through share point system, then such data can be accessed
by Finance Department, once the database is updated (entry) by VFS Global Mumbai.
n Daily Accounting Report (DAR) is prepared on daily basis, country wise by operation department
n Such DAR is sent to Finance department on daily basis from Operation department
n Based on DAR, Finance department deposit the draft (group of 25) to concerned authorized bank on
next working day
n This income mainly consist of income generated from the visa processing for countries like Australia,
Canada,Italy,Denmark, Netherland,Turkey , Greece etc.Visa processing charges mainly include the
service charge paid by applicants for services rendered by VF Services:
Information processing
Controls are performed to check accuracy, completeness, and authorization of transactions.
n Application controls apply to the processing of individual applications. These controls help ensure that
transactions occurred, are authorized, and are completely and accurately recorded and processed.
Examples of application controls include checking the arithmetical accuracy of records, maintaining
and reviewing accounts and Account balances, automated controls such as edit checks of input data
and numerical sequence checks, and manual follow-up of exception reports.
n General IT-controls are policies and procedures that relate to many applications and support the
effective functioning of application controls by helping to ensure the continued proper operation of
information systems. General IT-controls commonly include controls over data center and network
operations; system software acquisition, change and maintenance; access security; and application
system acquisition, development, and maintenance.
VFS Nepal uses SAP as the accounting software. SAP only allows the valid user having the
valid Username & Password for the data posting, extraction of reports.
Access of Data on SAP is provided to Senior Finance Officer Madhukar Karki, who has the
authority to post the transaction once they are entered from VFS Global Reversal entry is
coded separately by SAP and only Madhukar Karki has the Authority to do such actions. Data
maintained by operation department are accessed through Share point application software,
after using the valid Username and Password
Physical controls
These activities encompass the physical security of assets, including adequate safeguards such as
secured facilities over access to assets and records; authorization for access to computer programs and
data files; and periodic counting and comparison with amounts shown on control records (for example
comparing the results of cash, security and inventory counts with accounting records).
The organization maintains fixed assets register on SAP. The organization has maintained
proper record of date of purchase, value of purchased items, model number, asset type.The
organization have 24hrs camera surveillance, security guards and well as card Access
system.
Segregation of duties
Ensure that following three activities are separately assigned:
authorizing transactions
recording transactions, and
maintaining custody of assets
This would reduce the opportunities to allow any person to be in a position to both perpetrate and conceal
errors or fraud in the normal course of the person’s duties.
VFS Nepal has the segregation of Duties among the different department. It mainly has
Operation, Administration, and Finance Department. Preparation of daily accounting report is
done by operation department and later it is verified along with the daily invoice by
Administrative Department. Database is maintained by VFS global Mumbai, after that it is
posted on SAP by Senior Finance Manager on SAP of VFS Nepal
Monitoring of controls
Examples are:
management’s review of whether bank reconciliations are being prepared on a timely basis
internal auditors’ evaluation of sales personnel’s compliance with the entity’s policies
legal department’s oversight of compliance with the entity’s ethical or business practice policies.
Consider:
assessment and reassessment of design and operation of controls on a timely basis
necessary corrective actions
ongoing monitoring activities (activities are built into the normal recurring activities)
separate evaluations
Bank reconciliations are prepared every month by Santosh Tandukar and reviewed by Madhukar
Karki. The management reviews the bank reconciliation, obtained the confirmation year ended.
The entity makes assessment and reassessment of design and operation of controls on a timely
basis.
VFS Nepal has the segregation of Duties among the different department. It mainly has Operation,
Administration, and Finance Department. The monitoring processes and policies of VFS Nepal comply
with VFS holding. Each Department of VFS Nepal directly report to the Department Head of VFS
Global (Mumbai). Hence VFS Nepal has independent unit wise reporting to VFS Global (Mumbai)