XYZ Co Ltd- Risk Control Matrix

Cash & Bank Blog:

Business Area Audit Unit Risk Internal Control Objective

Cash & Bank All cash & bank transactions
are authorized.

Manufacturing Units
Unauthorized cash All cash & bank transactions
Sales Office
& Bank transaction are made against proper
Zonal Office supportings
Cash transactions are made as
per the cash policy of the
company.

Manufacturing Units Cash & Bank All bank transactions are

Sales Office transactions are not recorded accurately and in the
Zonal Office properly recorded. correct accounting period

`-Control exists over custody

of cheque book.
-Password protection policy
Unauthorized maintained.
payment made

Manufacturing Units
Zonal Office
Cash at site is safe guarded
Theft or
misappropriation of
Manufacturing Units
cash
Sales Office
Zonal Office
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Control Activity
All Bank and cash transactions are authorised.( Authorisation as per the Authorization Matrxi
wherever applicable).

All cash & bank transactions are made only against duly approved bills and documents.

All cash transactions are made as per the guidelines enacted in the cash policy.
IOU if any are adjusted as per Cash policy.

Bank accounts are reconcilied at a regular interval and any differences are resolved.

Bank transactions are recorded immediately in the Accounting system.

New bank accounts are only opened through the direction and approval of Board of Directors.
When new bank accounts are approved and opened, finance personnel create the general ledger
account and prepare the journal entry to record the initial balance in the account. Management
reviews and approves the new general ledger account and journal entry, including supporting
documentation, before the journal entry is recorded.

`-Cheque books are lying only with the person assigned with this responsibility.
-Bank authorized signatories are basis the Board approval. Board Resolution are submitted to
bank without delay.
-No password shared among team members. Strict control maintained in this respect.

Review the sequence of cheque numbers and enquire into missing numbers

Insurance with respect to cash in transit and cash at site is taken.

Cash balance are physically verified monthly and cash certificate signed.

Annual confirmation taken for imprest advance given to employees

 XYZ Co Ltd-Risk Control Matrix
Treasury
Business Area Audit Unit Risk
Treasury Head Office Unauthorized investment made
Investments are not appropriately
recorded in SAP
Unauthorized borrowing made
Borrowings are not appropriately
recorded in SAP
Failure to repay loans resulting in
penal interest.
Interest on borrowing and on inte not Interest are properly
recorded properly in SAP.
Idle fund lying in bank accounts
resulting in loss of interest.
All monthly, quarterly and annual
documents presented to bank with
incorrect information.
Blog:
Internal Control Objective
All investments or
disinvestments made are
approved
All investments or
disinvestments are
accurately recorded in the
accounting system.
All borrowing decisions
made are approved.
All borrowings are
accurately recorded in the
accounting system.
Loan repayments are as per
Loan agreement
calculated and recorded in
the accounting system
Funds are optimally utilized
to save interest cost.
All information submitted
to bank are correct.
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Control Activity
To check all investments have been made post approval of
appropriate management as per approval matrix.

Check all investments and disinvestments ledger accounts

with corresponding supporting documents. Reconcile any
difference.

Check that all borrowing decisions are approved by the

management/ Board as per authority matrix.
Check all borrowing ledger accounts with corresponding bank
statement/supporting documents. Reconcile any difference.

Check that loan repayment requests are as per the loan

agreement.
Review all interest expenses and interest income to ensure all
interest are recorded correctly in the accounting system.

Check that interest is reconciled to the bank statement and

difference if any is acted upon.
Cashflow and bank accounts are monitored on realtime basis.
Idle funds lying in bank accounts are transferred to cash credit
account to save interest cost.
All monthly, quarterly and annual documents & information
presented to bank are prepared, reviewed and approved by
appropriate authority before submission to bank
 XYZ Co Ltd- Risk Control Matrix
IT systems Blog:

Business Area Audit Unit Risk

Information Systems HO & Zonal Office Information system is not adequately secured
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Internal Control Objective

All information system resources are
secured
 palasroy@gmail.com
l.wordpress.com

Control Activity
`-The identity of users (both local and remote) is authenticated to the system through passwords or other authentication
mechanisms. The use of passwords should incorporate policies on periodic change, confidentiality and password format (e.g.
password length).

- Access provided only on the basis of the approval of appropriate authority. Access provided only on need to know basis.

- Use of removable devices like pen-drive is disebaled for all users and can only be allowed basis approval of IT head.

- Back up of data is taken on a monthly/weekly basis.

- IT assets are safeguarded through list maintained.

-IT policy circulated by IT Head are followed and complied with.

- Proper SLA has been signed with third party handling IT projects, assets and information.

- SAP authorization is provided basis proper approval. SAP roles are reviewed keeping in mind segregation of duties (SOD)

- Changes in SAP master ( vendor code, customer code, Fixed asset code etc.) are made only on the basis of proper approval &
requisite documentation.
 XYZ Co Ltd- Risk Control Matrix Author: CA.Palash Roy; Email- palasroy@gmail.co
Inventory Blog: https://cisaforaccountantsschool.wordpress.com

Business Area Audit Unit Risk Internal Control Objective

Inventory Manufacturing Unauthorized procurement of All inventory procured are only
units & Depots inventory against approved indent for
procurement.

Manufacturing Inventories are booked in SAP Inventories are booked in SAP

units & Depots inappropriately. properly and in the proper
accounting period.

Manufacturing Inventory may be recorded at the Correct inventory cost are booked
units & Depots incorrect cost under the entity’s in SAP
costing method.
 Manufacturing Unauthrorized transfer of All transfer of materials between
units & Depots inventory units are authorized and
appropriately captured.

Manufacturing Misappropriation of inventories Inventory are under proper

units & Depots custody and free from frauds and
error

Manufacturing Inventory valuation is not proper Inventories reflected in the books

units & Depots of accounts at proper value
y; Email- palasroy@gmail.com
ntsschool.wordpress.com

Control Activity
Check that all goods received are against a valid
purchase order (which has been approved as per the
Authority Matrix)

Inventory and trade payables entries are recorded

automatically by SAP upon matching the purchase
order and goods received note (GRN).

Physical inventory is counted monthly and

discrepancies are investigated and corrected in SAP
after approval. Inventory records based on the
physical inventory are reconciled to the general
ledger with any differences being recorded as a
book-to-physical inventory adjustment

Periodic reconciliation of Open Purchase order from

SAP are reviewed to identify any goods/items
received but not recorded.

On a periodic basis, the reports provided by the

third party to the entity for inventories lying with
third party (CBU), either directly or by
confirmation, are reviewed and reconciled to
internal records.

On a quarterly basis, accounting personnel compare

the costs automatically calculated by SAP to
manually calculated inventory costs using the
selected costing method.
Management reviews SKU wise contribution on a
monthly basis to analyze of results of operations,
specifically focused on production cost evaluation
including a comparison of current-period
productions cost to the current-year budget and
prior-period benchmarks.

All the transfer of material are approved by

appropriate maganement authority and as per the
effected only basis proper approved documentation.

Physically verify inventories at regular interval at

Contract Bottling Units, Own units & Depots.

Security personnel monitor all incoming and

outgoing vehicles and ensure all goods leaving the
premises are accompanied by duly completed
documentation (e.g., delivery note or goods
returned note).

`- Inventory ageing report are reviewed at a regular

interval and necessary action taken including
provision in books for non-usuable items.

- Monthly physical verification is carried out and

any discrepancies are investigated and resolved.
Proper accounting entry is passed for the
discrepancy after approval.
 XYZ Co Ltd- Risk Control Matrix
Cost of Sales Blog:

Business Area Audit Unit Risk Internal Control Objective

Cost of Sales Manufacturing Inventory that was sold to Cost of sales is properly accounted
units & Contract customers and recorded as cost of in books (SAP)
Bottling Unit sales are recorded inappropriately
and in the incorrect period.
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Control Activity
Management reviews SKUwise contribution report on a
monthly basis to discuss results of operations,
specifically focused on production cost evaluation
including a comparison of current-period productions
cost to the current-year budget and prior-period
benchmarks.

Physical inventory is counted monthly and discrepancies

are investigated and corrected in SAP after approval.
Inventory records based on the physical inventory are
reconciled to the general ledger with any differences
being recorded as a book-to-physical inventory
adjustment

Cost of sales is recorded and inventory is relieved

automatically by the SAP upon matching the customer
sales order, dispatch documents, and the invoice
generated, completing a 3-way match.

On a quarterly basis, accounting personnel compare the

costs automatically calculated by SAP to manually
calculated inventory costs using the selected costing
method.
 XYZ Co Ltd- Risk Control Matrix
Contract Bottling Unit Blog:

Business Area Audit Unit Risk Internal Control Objective

Contract Bottling Unit Contract Bottling Contract Bottler does not operate Company controls the activities of
Unit as per company's requirement the Control Bottling Unit.

Contract Bottling unit does not Contract Bottling unit fulfills

confirm to statutory requirements requirement of various statutes.

Contract Bottling Unit takes Contract Bottling unit does not

credit facility declaring company take credit facility declaaring
inventory company's stock

CBU reconciliation not done and CBU reconciliation done at a

signed balance confirmation not regular interval.
taken

Bottling Fee is not properly Bottling Fee calculated properly

calculated and accounted in the and accounted in the current
correct period. period.
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Control Activity
`- Terms and condition of operations are decided and
incorporated into Contract Bottling Unit agreement.

- Activities of Contract bottling unit are monitored

regularly to confirm whether the activities are carried
out as per the terms of agreement.

`- Necessary documentation taken from the Contract

Bottling unit to ensure that the statutory requirement has
been fulfilled. ( For example- Pollution Control, Excise
License, Labour Contract, Fire License etc.)

`- Contract Bottling unit submits Bank Lien certificate

confirming no credit facility has been availed using
company's stock.

- Sign board to be affixed in CBU stores declaring

hypothecation of stock by company to respective Bank.

`- CBU reconciliation carried out at regular interval and

necessary accounting entries passed post approval.

- Wastage & scrap are reconciled at a regular interval

and any shortages are debited to the CBU.

- Stock/inventory are physically verified on a monthly

basis and signed and confirmed by CBU

`- Debit Note received from CBU are verified, approved

and accounted in SAP.

- Reconciliations with CBU carried out a regular

interval.
 XYZ Co Ltd- Risk Control Matrix
Fixed Asset Blog:

Business Area Audit Unit Risk Internal Control Objective

Fixed Asset Manufacturing Unauthorized All Fixed Asset acquisition
Units acquisition of Fixed are approved
Sales Office Asset.
Zonal Office

Fixed asset not All Fixed asset acquired are

properly accounted in properly recorded in the
SAP and in the correct period.
correct accounting
period.

Depreciation are Depreciation charges are

inaccurately accurately calculated and
calculated and recorded.
wrongly captured in
books.

Unauthorized disposal All disposal of fixed assets

of fixed Asset. are approved

Disposal of assets are All disposal of fixed assets

not appropriately are accurately recorded.
captured in SAP and
in wrong period.
Misappropriation of Safeguarding of Fixed
Fixed Asset. Asset
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Control Activity
Acquisition of all capital asset are pre-approved
by appropriate management as per company's
Authority Matrix. ROI has been calculated and
approved for high value capital expenditure.

Reconcile asset acquisition supporting details

with entries in the Fixed Asset Register in SAP.
CWIP reports are regularly reviewed to identify
any asset put to use and to be capitalized.

Necessary accounting entry passed for Assets

identified as impaired asset.

Compare recorded changes to the fixed asset

register/ Fixed Asset account to authorized source
documents.
`-Check that depreciation charges are calculated
as per generally accepted accounting standard
(Companies Act/INDAS)and at the prescribed
rate.
-Depreciation calculated by SAP are cross
verified by manual calculation at regular interval.

All disposals are made post approval of

appropriate management of company ( as
prescribed in the authority matrix).
Compare recorded changes to the fixed asset
register/ Fixed Asset account to authorized source
documents. Any discrepancies are investigated
and resolved.

Review calculation of profit or loss for disposal

of fixed asset. Also scrutinize the supporting
documentation and the journal entry passed in
this regard

Compare recorded changes to the fixed asset

register/ Fixed Asset account to authorized source
documents. Any discrepancies are investigated
and resolved.
 Physical verification of Fixed Asset with SAP
carried on a monthly basis. Any discrepancy is
investigated and necessary action taken.
Adjustment in SAP is made post approval.

System exists wherein security personnel whether

all goods leaving the premises are accompanied
by duly completed documents like Goods
Returned Note, delivery note etc.

Insurance on Fixed asset taken and reviewed

annually for any shortage and excess.
 XYZ Co Ltd- Risk Control Matrix
Revenue & Trade Receivables Blog:

Business Area Audit Unit Risk Internal Control Objective

Revenue & Trade Manufacturing `-Sales Revenue & Trade Sales & Trade Receivables are
Receivables Units Receivables not recorded properly properly recorded ( confirming
Sales Office in correct period and at correct IND AS) at correct amount and
Zonal Office amount. upon valid shipment in the proper
period.
-Sales & Trade Receivables not Decision for provision for
recorded for valid shipment. doubtful debt are approved and
accounted properly.
Payment receipt from Debtors are Payment received from debtors are
not accounted properly. accounted properly.
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Control Activity
`-Invoices are generated in SAP only upon matching the
excise permit and despatch/transporter documents.
- Corporation Agreements are taken into consideration
for recognition of revenue.

Reconciliation is performed between trade receivables

in the general ledger and trade receivables subsidiary
ledger amounts, and is then reviewed by finance
personnel. Any reconciling items are reviewed and
addressed on a timely basis.

Roadmap for Debtors reconciliation prepared on a

annual basis and reconciliation carried out as per the
roadmap.
Signed reconciliation statement taken from the
customer/debtors. (Exception: Corporation dos not
provide signed reconciliation statement)
Necessary accounting entry including provision taken in
books of accounts (basis reconciliation) after approval.

Debtors ageing statement prepared on a monthly basis

and outstanding debtors are followed up.
All credit note issued to customer are approved by
appropriate authority as per Approval Matrix of the
company. No verbal communication of credit note to
customer should be entertained.

Provision for doubtful debt is reviewed at regular

interval. Addition to provision for doubtful debt is made
after review of Debtors ageing statement and post
approval.

Ageing of Corporation depot stock to be maintained and

reviewed regularly so that decision for provision can be
taken.
All bank receipts recorded to the general ledger are
agreed to bank deposit slips/Bank statement by Treasury
personnel. Discrepancies are investigated and resolved.

Payment received from one party in a syndicate should

not adjusted any other party in the syndicate. Approved
accounting method to be followed in case syndicate
payment received.

Debtors reconciliation are to be carried out at regular

interval.
 XYZ Co Ltd- Risk Control Matrix
Procurement & Trade Payables Blog:

Business Area Audit Unit Risk Internal Control Objective

Procurement & Trade Manufacturing Unauthroised All purchases are authorised
Payables Units Procurement made and valid.
Sales Office
Zonal Office

Procurement at higher All PO raised are in the

than the market rate interest of the company.

Purchase & Trade All goods received are

Payables are not recorded accurately.Also,
booked properly and vendor accounts are
in the proper period. accounted appropriately.
Inventories are Only quality passed
booked for material material are booked in SAP
not confirming as inventory
quality.

Payment made to All payment for purchases

vendor without are made only for goods
receipt of goods & actually received.
services.
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Control Activity
`-All purchases orders raised are approved by
appropriate authority of the company.
-No procurement is made without PO. Any deviation
should be approved by appropriate authority.

More than one quotations are taken from vendors and

the same are techno-commercially evaluated. For
exceptional cases where more than one quotation was
not available, reason for the same is documented and
approved.

Trade payables and other expenses are recorded

automatically by the SAP upon matching the purchase
order/ vendor work order and GRN.

GR/IR Clearing account in SAP are reviewed on a

monthly basis and any unreconciled balance is
investigated and resolved. Necessary entries are passed
in books after approval.

Check whether there is any break in the sequence of

GRN numbers. Any gap in the sequence are
investigated.
Open PO s are reviewed at a regular interval and
investigated for any long pending open PO and
resolved.
On a periodic basis, management compares actual
results with budgeted and prior-year amounts;
significant and/or unusual differences are investigated
and resolved.

On a periodic basis, finance personnel perform a

reconciliation of the trade payables sub-ledger to the
general ledger (Though this tallies in SAP however this
control needs to be carried out as a preventive measure).

Annual vendor Reconcilitation roadmap is prepared and

vendor balances are reconciled and confirmation taken.
Ensure all receipts are checked for quality and quantity;
Check that all material received are verified by actual
weight & Qty. In case of items like bottles, estimated
method approved by the management is followed for
breakages.

Materials received but not tested are separately kept and

marked until quality test report is received.
Rejected raw materials are adequately segregated from
other raw materials and regularly monitored to ensure
timely return to suppliers. In SAP, items having quality
issue should be parked under Block stock.

`-Material not confirming quality standard are returned

to the supplier without delay. Debit note to be raised by
Accounts department immediately on return of the
goods after proper approval.
-All adjustments to Accounts Payable account are
approved.

All supporting documents are reviewed before approval

for payment is made.The vendor payment is approved as
per Authorization Matrix of the company.

All vendor invoices are marked in such a manner that

they cannot be submitted for payment for second time.

Fresh cheque to be issued out of stale cheque list should

be approved by appropriate authority as per autorization
matrix of the company. Stale cheque account are
regularly reviewed and unwanted balances are written
back after proper approval.
 XYZ Co Ltd- Risk Control Matrix
Marketing & Sales Incentive cost

Business Area Audit Unit Risk

Marketing & Sales Unauthorized expense made
Incentive Cost Sales Office
Zonal Office
 Blog:

Internal Control Objective

All sales incentive and marketing cost are
approved and authorized.

All sales incentive & Marketing expense are

booked for services actually received.

All sales incentive & marketing expenses are

booked properly and in the appropriate period
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Control Activity
All sales incentive & marketing cost are planned and incurred based on approved scheme and
strategy.

`-All purchases/service orders raised are approved by appropriate authority of the company.

-No procurement/service is made/received without PO/SO. Any deviation should be approved

by appropriate authority.

- KYC documents are taken before making payments of incentives to Counter Sales
Managers/Waiters etc.

- All payments/expense booked should be supported by adequate supportings including

photographs, recipient signature etc wherever applicable. Any deviation is resolved through
proper approval.

`- All invoices are booked post verification and scrutiny.

- Monthly/Annual provision is taken for expenses based on work done & bill yet to be
received (Basis approval of Marketing Head & Sales Head)

- Old provisions are reviewed at a regular interval and necessary accounting entry passed (write
back) wherever applicable.
 XYZ Co Ltd- Risk Control Matrix
Advances & Provisions

Business Area Audit Unit Risk

Advances & Manufacturing Units, Provisions are not taken appropriately in the
Provisions HO, Zonal Office books of accounts

Advances are not monitored regularly

resulting in loss.
 Blog:

Internal Control Objective

Provisions are taken properly in the books
& Accounts

Advances are reviewed at a regular interval

Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com cisaforaccountantsschool.wor

Control Activity
`- GL reviewed on a monthly basis. Advances, Receivables are reviewed and discussed to
decide whether provision needs to be taken or not.

- Provision in books taken after proper approval.

- Provision taken on for monthly book closing are reviewed and reversed next month.

- Year end -Provision are reviewed and decision taken whether the provision needs to be
maintained or written back.

-Write off & write back in books are taken only after approval of company management.

`- Advance GL are reviewed on a monthly basis.

- Yearly confirmation is taken for advances made.
- Follow up is carried out for advances made and lying unadjusted.
cisaforaccountantsschool.wordpress.com
 XYZ Co Ltd- Risk Control Matrix
Manufacturing

Business Area Audit Unit Risk

Manufacturing & Manufacturing Units Excess wastage resulting in loss
Bottling

Excess freight incurred resulting in loss

Loss of revenue on account of scrap generated

 Blog:

Internal Control Objective

Control exercised over manufacturing
process to minimise wastage loss

Control exercised over Freight process to

minimise wastage loss.

Scrap items identified and sold without

unncessary wastage. Scrap booking is
properly made in the books.
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com cisaforaccountantsschool.wor

Control Activity
Key Performance indicators ( like Spirit wastage, PM & other RM wastage, bottle breakages
etc.) are monitored on a monthly basis.

- Deviation of actual performance from the budgeted are captured. Reason for the deviation
reviewed and analyzed.

- Optimization of production capacity monitored against production plan & actual production.

- Sales Plan, Actual sales despatch, Production Plan & actual production are reviewed on a
monthly basis.

Cross check Freight calculated by SAP basis Fright circular on a sample basis at regular
interval.
Detention reports prepared on a monthly basis to analyze the reason for the detention expense
incurred. Necessary steps are taken to reduce the Detention expense.
Scrap reconciliation is prepared on a monthly basis and any discrepancy is investigated and
resolved.
- Weighment of scrap is carried out in the presence of more than one representative. Rotation
of personnel made for scrap weighment. Signature is taken on the weighbridge slip.

- Truck in and Out timings are booked in Security Gate register and at times reconcilied with
Scrap Invoice.
cisaforaccountantsschool.wordpress.com
 XYZ Co Ltd- Risk Control Matrix
Statutory Compliance Blog:

Business Area Audit Unit Risk

Statutory Manufacturing Units The company has complied with all statutory
Compliance Sales Office compliances
Zonal Office
Author: CA.Palash Roy; Email- palasroy@gmail.com
https://cisaforaccountantsschool.wordpress.com

Internal Control Objective

All statutory requirement are complied
with.
 palasroy@gmail.com
l.wordpress.com cisaforaccountantsschool.wor

Control Activity
`- Tracker maintained and monitored for statutory compliance requirement with respect to:
a) Factories Act
b) Contract Labour Act
c) Companies Act
d) PF, ESI etc.
e) MSMED
f) VAT
g) GST
h) Excise of various States
i) Pollution Control Board
j) Payment of Bonus Act
k) Minimum Wages Act
l) Payment of Gratuity Act
m)Sexual Harassament of Women at Work place (Prevention, Prohibition & Redressal)
n) Information Technology Act 2000
o) Any other Act/rules/statute applicable to the company
cisaforaccountantsschool.wordpress.com