Best in class Practices and SOX Controls

for
Quote to Cash Tower
Index
Topic Slide No.
Customer Master Data/File 3-4
Create Sales Order 5-7
Order Release 8-8
Process customer invoice 10-13
Off-Invoice Discounts 14-16
Collection Process 17-18
Customer Receipts 19-20
Customer Returns 21-22
Credit Limit Review and Assessment 23-24
Process Customer refund 25-26
Customer Enquiry Management 27-28

2
 Customer Master Data
Best Controls Sox Controls
• New customer master record is created only if all the mandatory information is provided.
System configuration setup should have mandatory fields designed such as Name, Address,
Tax Identification number and Billing Address
• Before creating a new account, duplicates are checked based on customer name, address
and Tax ID
• Establish a parent-child relationship between related accounts
• A standard naming convention is followed for creating new customer master
• New customer account is created based on approval of acceptance of a customer, the terms
and conditions and evaluation. Such supporting documentation / reference thereof should be
reviewed before creation of customer record in the system
• New account set up on the system is placed on hold, pending approval from specified users.
New requests not approved within specified time limit gets blocked
• All changes to Customer Master data is approved prior to input
• Customer Master file is reviewed periodically to identify old/inactive or duplicate records
• A periodic edit report of changes to customer master should be reviewed to identify
unapproved changes

3

Best Practices
Control Objective
Customer Master Data is
accurate and complete
Approved changes are
input for processing
completely and accurately.
Only authorized users have
access to customer master
data and duties are
adequately segregated
Customer Master Data is
accurate and up-to-date
Customer Master Data
Sox Controls
Control Activity
The Customer Account is created only after necessary approvals and review of
details
The Customer account is created only after mandatory information has been
updated
All changes to Customer Master Data are approved prior to input. Each change is
supported by sufficient documentation
For changes in certain types of standing data and /or changes outside certain
parameters – such as enhancement to credit exposure limit, the system produces
a report of these changes which is reviewed for supporting documentation and
approval.
Access to Customer Master Data is restricted to authorized users only.
Segregation of duties is maintained between the update of standing data and the
maintenance of financial records (i.e. posting or approval of adjustments,
reconciliations, etc).
Reports of customers who have not placed orders within a specified period of time
are reviewed to ensure that customer master file data remains pertinent.
Master files are periodically analyzed for old or duplicate records. Customer
Accounts not used for specified period marked as inactive.
4
 Create Sales Order
Best Practices Sox Controls
• Provide customers with multiple channels for placing the orders like electronic mode, telephone,
mail, fax etc – Oral Orders take confirmation from customer prior to shipping/ despatch
• The order management system interlinked with the customer master, price master and product
master
• The order entry form should have mandatory fields to be filled without which it will not be
processed
• Standard discount applicable for different customer/product segments should be updated in the
system. Any discount over and above the standard rate should be approved
• Sales order numbers are sequentially numbered and a manual/system check is performed to
identify orders falling outside a specified range or duplicate orders
• Validate and process orders based on rules for minimum order policy, credit, product and service
entitlement, sourcing and stock availability, lead-time and pricing, based on Client policy
• The order details verification should be automated to replace manual intervention
• In case of orders from new customers, first it should be added to the master and then orders
should be accepted
• Customer’s expectation regarding lead time should be set at order entry
• No order to be processed without a valid PO number
• Design rule based, automated applications, by :
– order type,
– customer & customer hierarchy groups, and
– product & product hierarchy groups

5
 Create Sales Order
Best Practices Sox Controls

Control Objective Control Activity

Orders are recorded A manual or system check is performed to ensure documents are not duplicated
completely and Accurately or fall outside of a specified range of numbers. All rejected, suspense, or missing
orders are researched, corrected and re-entered on a timely basis.

Sale orders have fields for all pertinent order information including: item
descriptions, quantities, price, price adjustment mechanisms, delivery
requirements, freight terms, taxes, and payment terms.

Key data fields must be made mandatory and populated to process a sales order.
Any entries with invalid, missing or incomplete information are rejected and it is
researched, corrected and re-entered on a timely basis.

Prices/discounts are pre populated in the system from authorized price lists or
standing data before orders are processed and cannot be overridden. If prices
need to be overridden, IBPO associates will do the same only based on
necessary approval from Client.
A one-for-one check between the sales order source documents (i.e. customer
initiated purchase order, signed contract etc.) and the sales order occurs. Any
discrepancies are identified and re-entered. The check occurs again for reentered
data.
Duplicate sales are not The system shows a warning message on the basis of customer name/number,
recorded. purchase order number, item, etc to prevent duplicate creation of sales order

6
 Create Sales Order
Best Practices Sox Controls
Control Objective Control Activity
Sales terms and prices Sales orders over a set threshold (limit set in the application) require approval by
are approved. management before acceptance by the system. The lack of approval creates a
suspense file that is reviewed by management for clearance on a regular basis.
Orders are processed •Orders are automatically blocked by the system if the customer's credit limit is
within approved customer exceeded.
credit limits. •Access to release blocked orders is restricted to authorized personnel.
•Segregation of duties ensures that person responsible for order entry does not have
access to release blocked orders.
•Approval limits for releasing block orders have been established and are enforced
through system configuration or manual discipline.
Sales to fictitious Verify customer information against approved customer standing data (i.e.
customers (on credit) are addresses, credit limits, etc.). Where items do not match, the request gets rejected
prevented and detected. and is sent back to the Client for appropriate action.
Duties are adequately •Only appropriate users can enter sales orders into the system. These people do not
segregated. have access to set up new customer accounts or make changes to standing data.
•Appropriate segregation of duties should be maintained. (For example, consider
segregation of the following functions and duties: order entry, determining credit
limits, inventory custody, shipping, invoicing, returns acceptance, returns approval,
credit note approval, cash receipts, cash disbursements, bank reconciliations,
approval of bank reconciliations, A/R accounting/maintenance, and G/L maintenance
functions.) Exceptions noted are investigated and resolved. If management accepts
incompatible duties, appropriate mitigating controls exist.

7
 Order Release
Best Practices Sox Controls
• In case of clean account with low risks, orders within the credit limit are released
automatically by the system
• Credit status is checked routinely when orders are taken and just before they are despatched
• System checks for the total amount of the new order plus any outstanding debt not to exceed
the credit limit issued to the customer. Orders exceeding the credit limit is put on hold and
released after proper approvals
• Orders are released after review of the outstanding balance, previous year turnover, current
year turnover, payment history and other customer evaluation features
• Orders exceeding the credit limit and over and above a monetary amount are released after
Supervisor/Manager’s approval
• Once orders are released from hold or in case of automatic release, an order confirmation is
generated and send to customer
• Schedule delivery based on transport routes and vehicle ; generate delivery confirmation
notes
• Monitor individual transport segments periodically and manage problems

8
 Order Release
Best Practices Sox Controls

Control Objective Control Activity

Orders are processed and Orders are released after review of the accounts, past due outstanding and credit
released correctly and limit In case of prepay accounts, orders are released only after receipt of payment
accurately
Orders once released from the system cannot be viewed again and no risk of
repeated processing of the orders
Only authorized users have Access to Order Hold Release is restricted to authorized users only and is
access to release orders segregated from order entry/determining credit limits/shipping, invoicing/credit
and duties are adequately note approval/cash receipts functions.
Segregated List of all such cases is reviewed at periodic intervals.

9
 Process customer invoice
Best Practices Sox Controls
• Send Advanced Shipping Note (ASN) to customer or site specifying order-lines by container
by pallet by load
• Register delivery: signed proof of delivery (POD) or, if to an unmanned location, by some
other delivery confirmation, e.g. location scan or stock telemetry
• Adjust delivery details for damage or rejected goods
• Scan and archive delivery confirmation documentation
• According to customer billing type, generate (i) invoice on despatch, (ii) invoice on receipt of
POD or other delivery confirmation, (iii) simply register debit to match customer self-billing,
(iv) move inventory to a status of consignment stock, or (v) inter-company accounting
• Consolidated billing for customers - Provide facility for customer group payment
consolidation with automated allocation of payment where possible
• Auto-generation of invoice from delivery notes (with the use of EDI)
• The invoice should be produced automatically once the billing trigger has been met.
• Invoices should be dispatched, electronically, immediately and directly upon delivery of
product/service.
• A clear billing format that details the product/service provided, amount due and the date by
which payment should be made.
• According to customer billing type- invoice on dispatch or receipt of POD or delivery
confirmation or milestone completion (for service invoices)

10
 Process customer invoice
Best Practices Sox Controls
• Manual invoices are created based on proper approvals
• Replace low value cash transactions with sales on company credit cards or direct debit
• Customer billing types are designed within the system, with integrated facilities for standard
EDI and Internet invoicing
• System feature / application to facilitate automatic allocation of customer payment with
system tolerances for matching
• Workflow to support speedy resolution of customer short or net payments, including handling
customers’ debit memoranda, e.g. claims from customers for reimbursement of extra
handling resultant of delivery non-compliance; settlement net of charges for in-store
promotion

11
 Process customer invoice
Best Practices Sox Controls

Control Objective Control Activity

Sales invoice is generated Upon approved release of a shipment from the warehouse the system
for every approved automatically produced invoices with the same date. Shipping dates cannot be
shipment and recorded in modified with out approval by the appropriate levels of management.
the proper period.
Invoices generated Sales personnel reconcile control totals of the invoices generated for the day with
represent the actual goods the total shipments per the shipping system. A manual or system check is
shipped. performed to ensure data is not duplicated or falls outside a specified range of
numbers (check can be preventive or detective). All rejected, suspense or missing
items are researched, corrected and re-entered on a timely basis.
Price, amount, and other System edits exist to validate invoice data input (for example, customer name and
information on the invoice number, pricing, amounts and other information) against approved standing data
are correct. and the sales order system. Invalid data is rejected for re-entry or stored in a
suspense file where it is researched, corrected and re-entered on a timely basis to
ensure completeness.
Client's approval is required for discounts and allowances in excess of predefined
limits. Invoicing personnel examine the sales order for evidence of appropriate
approval before input. All such cases without approval are reviewed by Client for
clearance on a regular basis

12
 Process customer invoice
Best Practices Sox Controls

Control Objective Control Activity

Duplicate recording of A manual or system check is performed to ensure invoice numbers are not
invoices is prevented. duplicated or fall outside a specified range of numbers (check can be preventive
or detective). All rejected, suspense or missing items are researched, corrected
and reentered on a timely basis.
Only appropriate users can •Billing system access is appropriately restricted to those with functional
generate sales invoices. responsibility.
•Only appropriate users can generate sales invoices and duties are adequately
segregated (e.g. between generating sales invoices and cash receipting)
•User access is periodically reviewed by management.
Invoices are recorded in •Cut-off procedures have been established to ensure that sales are recognized in
the appropriate period. the proper period
•Goods shipped at, before, or after the end of an accounting period are scrutinized
and/or reconciled to ensure complete and consistent recording in the appropriate
accounting period including the raising and recording of the related invoices.
•Sales invoices and shipping logs are pre-numbered (should be system defined)
to assist with recording.
•"Invoices not shipped” and “shipped not billed” control report are used as a
method to ensure proper period-end cutoff.

13
 Off-Invoice Discounts
Best Practices Sox Controls
• All the relevant information of the agreement e.g. price drop, sku number, effective date,
etc are captured correctly in the system
• Eligible Customers are notified about the rebate along with a standard claim form
• Certain key fields in the claim form are non editable by the customer e.g. price drop,
SKU Number, etc
• All the claims should be properly validated and verified
• Duplicate claims should be identified by reviewing all the claims (both open and closed)
of the customer
• Invalid claims are rejected promptly and decisively

14

Best Practices
Control Objective
Data is input for processing
accurately and completely.
Debit/Credit Memos are
raised in accordance with
defined policies and based
on necessary documentary
evidence.
All Debit/Credit Memos are
duly authorized.
Off-Invoice Discounts
Sox Controls
Control Activity
Notifications received from the Vendors are tracked for ensuring that all
notifications are updated in the system.
Data in respect of Price Drops that is updated in the system is independently
verified for ensuring accuracy and completeness.
Notifications are sent out only to eligible customers based on the criteria defined
by the Vendor.
IBPO Associates will raise debit Memos/credit Memos only after necessary
documentary evidence as defined by Client (Stock Statements/Invoice Copies etc)
are submitted.
All such documentary evidences are verified prior to processing of debit/credit
memos.
Necessary approvals are sought from the vendor prior to billing of claims
submitted by customers, depending on the value of the claim. Claims pending for
approval are followed up with the vendor for taking the same to closure.
Based on the value of the claim and pre-defined authorization matrix, necessary
approvals are sought from the client before the claim is billed
15
 Off-Invoice Discounts
Best Practices Sox Controls

Control Objective Control Activity

Debit/Credit Memos are IBPO Associates will verify whether credit/Return Merchandise Authorization
raised for claims approved (RMA) has already been issued to the customer by reviewing all credits in the
by the vendors. customer account. Where the claim has already been processed, customer is
informed of the same and the duplicate claim is rejected.
Claims Log Sheet is maintained for tracking all claims received till their closure.
Details of debit/credit memo numbers are updated in the Log Sheet.
Duties are adequately Billing of Claims is segregated from logging and validation of claims. Persons who
segregated. are responsible for logging claims do not have access to the billing menu. Access
rights are defined and enforced by the client.
Once claims have been billed, option to edit/modify the same is not allowed to
IBPO Associates.

16
 Collection Process
Best Practices Sox Controls
• The accounts are classified into different categories based on the number of past due
days
• The collection calls are done on a priority basis with high value dues
• The collection call is started at least few days before the due date encouraging the
customers to make prompt payment. Contact should commence 15 days prior to due
date or within 7 days of invoice dispatch
• Call details, including details of payment promises should be recorded on the AR
system and followed up in a timely manner.
• Establish a value driven proactive collection strategy, using a combination of telephone
calls for major value debtors and automated dunning letters for low value debts.
• The system automatically generate the Demand letters for accounts past due for a
specified period
• A reminder letter to be sent 1 day after the due date and the demand letter should be
sent 10 days after the due date. If the payment is not received within 20 days after the
due date, legal action should be initiated

17
 Collection Process
Best Practices Sox Controls

Control Objective Control Activity

Collection calls are made The Past due accounts are automatically segregated into different buckets based
and demand letters send to on the past due days and system automatically generate demand letters if the
all the past due accounts account is past due for a specified period.
The Supervisor reviews the ageing report and compares the collections made
during the period with the amount outstanding at the beginning of the period

18
 Customer Receipts
Best Practices Sox Controls
• Build customer partnerships and spur payments. Partner with high value customers to encourage
them to make payment on receipt of good on the basis of a two match with the PO rather than to
wait for invoice
• A tolerance limit is defined for short/over payment over which credit/debit memos have to be
raised
• Automatic write-off of underpayments within accepted tolerances
• Short payment is promptly referred to account management for resolution and / or authorisation
for any write-off
• Different payment options may be offered, including online payments, payment in person at
convenient locations, night depository or after-hours payments, payment by telephone,
prepayments, and installment payments.
• Deduction management software may be used to monitor and control deductions claimed by the
customer for invoicing, billing, shipping and payment discrepancies
• Electronic payments with electronic remittance advices uploaded into the sales ledger enabling
automatic matching.
• Cash is only posted and allocated to invoices as stated by the customer on their remittance
advice.
• Any cheques received are banked daily. Only one cash banking carried out each day.
• The A/R Manager will review all unidentified checks. If the Manager cannot determine whom the
check is for, the receipt will be temporarily applied against the unapplied/unallocated cash
account. Submit a copy of the check to collections for further research to be performed.
Collections will be responsible for clearing the unapplied/unallocated cash account

19

Best Practices
Control Objective
Cash receipts are
accurately recorded and in
the appropriate period.
Cash receipts relate to
sales made and are posted
to the correct customer
account,
All cash receipts are input
for processing.
Duties are adequately
segregated.
Customer Receipts
Sox Controls
Control Activity
Bank Statement is reconciled with cash receipts recorded in the system on a
periodic basis. Reconciliations are reviewed and approved by appropriate
personnel.
Receipts are applied to the customer accounts based on matching of customer
name, customer number and invoice number. Matching is done only against open
invoices in the customer account.
Unapplied Cash receipts are reviewed and applied manually.
Control Totals of Cash Receipts from lockbox receipts/wire remittance/credit cards
are compared with the total of cash receipts posted to the customers account.
Differences are investigated and rectified on a timely basis.
Duties are adequately segregated between the following functions - order entry,
determining credit limits, inventory custody, shipping, invoicing, returns
acceptance, returns approval, credit note approval, cash receipts, cash
disbursements, bank reconciliations, approval of bank reconciliations, A/R
accounting/maintenance, and G/L (maintenance functions.)
20
 Customer Returns
Best Practices Sox Controls
• Customer Service logs the return request in the system by entering the following
details-
– Customer number
– Corresponding invoice number
– Reasons for return
– Number of units
• Returns should be approved by appropriate authority and in accordance with
established and updated return policies
• All sales return should be tracked with an unique Return Material Authorisation number
(RMA)
• The replacement/refund should be provided only after proper examination and
investigation of the customer claim
• Credit memo should be raised after proper approvals

21
 Customer Returns
Best Practices Sox Controls
Control Objective Control Activity
All the return are Returns from customers must be physically verified, reviewed and approved by
authorized and in appropriate personnel in line with established and updated return policies
accordance with Company
return policy All returns must be authorized and/or made in accordance
with policy in advance by appropriate personnel
Product returns are Returned goods are subject to typical receiving controls such as counting,
processed completely inspecting and noting quantities and condition.
and correctly
Returns must be authorized and given a Return Number as
reference for Invoicing or Refund for proper monitoring
Returns are appropriately Returns are accounted for appropriately in inventory, AR, sales and general ledger
accounted
Restocked returned goods inventory is reconciled to return goods advices on a
periodic basis.
Returns are reviewed and Unprocessed sales returns should be reviewed at month-end to ensure
processed in the correct accounting in the proper period
period

22
 Credit Limit Review and Assessment
Best Practices Sox Controls
• Classify the customers on the basis of risk profile. Credit limits and payment terms organised
into credit profiles for ease of maintenance
• Customer performance review done for firming on credit limit, semi annually for high risk
customers and annually/every two years for other customers
• The review should be done on a standard template to ensure that all data and information
has been gathered. Standard data to be analyzed for credit limit review include volume of
transactions (sales), payment history, typical order cycle, customer’s financial position and
any significant changes since the last review, such as change in holding pattern for the
customer organization, liquidity crisis any point of time during the year and so on
• Credit limit update to be based on inputs from appropriate client team such as Area Manager,
Field Manager, Sales Representative. Their inputs should be maintained in a standard form,
along with reasons for consideration of limit update.
• Business rules to be set up in the system that determine when an account is stopped but
orders can still be captured, and when orders can no longer be taken
• Use a credit scoring model to grant/assign credit limit and monitor payment behavior
• Changes in credit limit to be notified to the client within seven working days, following a
predefined format

23
 Credit Limit Review and Assessment
Best Practices
Control Objective
Credit limit review is done
for all the customer
accounts once in a year
Credit limit review is done
on an objective Basis
Sox Controls
Control Activity
Each customer account is assigned a review date and system pops up a flash
signaling the expiry of review date for a customer account
Low risk customer accounts are reviewed automatically based on certain defined
parameters while the remaining accounts are manually reviewed.
The review is done in a standard template and after gathering all the relevant
information from different sources
24
 Process Customer refund
Best Practices Sox Controls
• Robust unambiguous agreements with a limited period of claim. Predefined agreement
templates for each type of discount
• Clearly defined management approval and control process
• Customer’s acceptance of agreement proactively managed
• Central control and storage of agreements. Key details relating to type of refund and
conditions for the same logged on central database; Access to the database is controlled
• Claims processed and approved promptly per the terms of the agreement
• Only approved refund requests are processed - approval of high value claims from
authorized client management personnel, automatic approval of low value claims

• Establish a system for recording and tracking claims and deductions (query management
system), with the following attributes :
– Claim types including resolution service standards.
– Routing of claims.
– Escalation of unresolved claims.
– Flagging of debit notes on AR (for dunning purposes)

• Integration of query management system to AR system

25
 Process Customer refund
Best Practices Sox Controls

Control Objective Control Activity

Customer refund is All the customer refund requests are validated and then approved by appropriate
approved and validated authority before being processed

26
 Customer Enquiry Management
Best Practices Sox Controls
• Encourage customer self-service over the Internet as this increases customers’
perception of service while reducing service costs
• Maximise call centre efficiency with well designed interactive voice recognition (IVR)
routing system
• Monitor query trends and identify the most frequent and critical queries – sponsor
business process improvements / priority action to address the root cause of these
queries
• Identify high frequency queries for which the root cause cannot be addressed in the
short term and develop and automate standard query resolution processes for these
• Monitor case resolution against service standards and action in case of service level
failure appropriately (re-train, higher quality review till errors are corrected and so on)

27
 Customer Enquiry Management
Best Practices Sox Controls

Control Objective Control Activity

Not Applicable

28
Thank you

29