STANDARDS FOR
BUSINESS CONTROLS
Volume I
GENERAL BUSINESS PROCESSES
Published by
Auditing Services
Version 02 - 10/15/94
Copyright  1994 Pacific Bell. All Rights Reserved
This is an unpublished work protected by the United States copyright laws
and is proprietary to Pacific Bell. Disclosure, copying, reproduction, merger, translation,
modification, enhancement or use by anyone other than authorized employees or
licensees of Pacific Bell without prior written consent of Pacific Bell is prohibited.
i
TABLE OF CONTENTS
Purpose and Scope ............................................................................................................iv
Introduction.......................................................................................................................vi
Organization of This Manual........................................................................................ viii
Operating Environment ....................................................................................................1
Integrity and Ethical Values ....................................................................................1
Commitment to Competence ...................................................................................3
Board of Directors and Audit Committee................................................................4
Internal Audit ...........................................................................................................6
Ombudsman .............................................................................................................7
Management's Philosophy and Operating Style ......................................................8
Organizational Structure ..........................................................................................8
Assignment of Authority and Responsibility.........................................................11
Goals & Objectives ..........................................................................................................13
Company-Wide Objectives....................................................................................13
Activity-Level Objectives......................................................................................14
Risk Identification..................................................................................................16
Change Management .............................................................................................17
Policies & Procedures - Human Resources ...................................................................19
Planning .................................................................................................................19
Staffing...................................................................................................................20
Training..................................................................................................................22
Performance Appraisals .........................................................................................24
Employee Relations ...............................................................................................25
Compensation ........................................................................................................26
Benefits - Health and Welfare................................................................................27
Benefits - Profit Sharing and Retirement...............................................................29
Benefits - Relocation .............................................................................................31
Policies & Procedures - Marketing ................................................................................33
Managing Marketing Activities .............................................................................33
Market Financials ..................................................................................................34
Product Development.............................................................................................35
Managing Sales Activities .....................................................................................38
Product Sales - Demand Sales ...............................................................................39
Product Sales - Telemarketing...............................................................................40
Product Sales - Sales Agents .................................................................................42
Cease and Desist Requirements .............................................................................44
Sales Compensation ...............................................................................................46
Policies & Procedures - Sales..........................................................................................49
Order Entry ............................................................................................................49
Credit .....................................................................................................................50
Billing - Customer .................................................................................................51
Billing - Custom Work Order ................................................................................53
i
TABLE OF CONTENTS (continued)
Accounts Receivable - General..............................................................................56
Accounts Receivable - Customer Receipts ............................................................58
Collections - General .............................................................................................60
Collections - Agency .............................................................................................61
Refunds and Adjustments ......................................................................................62
Coin Operations - Collections................................................................................64
Coin Operations - Counting ...................................................................................65
Coin Operations - Banking ....................................................................................66
Policies & Procedures - Public Relations.......................................................................67
Management of Government Agencies .................................................................67
Management of Investors.......................................................................................68
Management of Employees....................................................................................71
Management of Customers ....................................................................................72
Public Service ........................................................................................................73
Monitoring .............................................................................................................74
Policies & Procedures - Assets........................................................................................75
Acquisition.............................................................................................................75
Usage......................................................................................................................76
Verification - Inventory .........................................................................................77
Verification - Reconciliation .................................................................................77
Disposal and Transfer ............................................................................................78
Depreciation...........................................................................................................80
Security - Physical Assets......................................................................................80
Security - Information Assets ................................................................................81
Policies & Procedures - Engineering..............................................................................83
Network Planning - Development .........................................................................83
Network Planning - Deployment ...........................................................................85
Network Planning - Implementation......................................................................85
Estimates ................................................................................................................86
Policies & Procedures - Purchasing ...............................................................................89
Management...........................................................................................................89
Procurement - Contracts ........................................................................................89
Procurement - Temporary Workers .......................................................................92
Receiving ...............................................................................................................93
Cash Disbursement - Bills and Vouchers ..............................................................94
Corporate Cards .....................................................................................................96
Policies & Procedures - Payroll ......................................................................................97
Payroll Processing - Authorization ........................................................................97
Payroll Processing - Adjustments ..........................................................................98
Payroll Processing - Compensation/Withholding..................................................99
Payroll Processing - Distribution.........................................................................102
Payroll Processing - Security...............................................................................102
Time Reporting ....................................................................................................104
ii
TABLE OF CONTENTS (continued)
Payroll Processing - Security...............................................................................102
Time Reporting ....................................................................................................104
Policies & Procedures - Financial Reporting ..............................................................107
Accumulation of Financial Information - General ..............................................107
Accumulation of Financial Information - Coding and Classification of
Transactions ..............................................................................................108
Accumulation of Financial Information - Journal Entries ...................................109
Accumulation of Financial Information - Disclosure Data .................................111
Processing and Consolidation of Financial Information......................................112
Preparation and Review of Financial Statements and Reports ............................113
Policies & Procedures - Treasury.................................................................................115
Segregation of Duties...........................................................................................115
Bank Accounts and Depository Requirements ....................................................115
Cash Reconciliations - Deposits ..........................................................................116
Cash Reconciliations - Disbursements ................................................................116
Cash Reconciliations - Bank Wires .....................................................................117
Check Stock Security...........................................................................................118
Cash Advances.....................................................................................................118
Policies & Procedures - Government Regulations......................................................119
Accounting Safeguards ........................................................................................120
Affiliate Transactions and Transfer Pricing.........................................................121
Employment Laws ...............................................................................................122
Employee Retirement Income Security Act (ERISA) .........................................124
Environmental Laws ............................................................................................125
Foreign Corrupt Practices Act (FCPA)................................................................127
Modification of Final Judgment (MFJ) ...............................................................128
Political Activity Laws ........................................................................................129
Safety Laws..........................................................................................................130
Worker's Compensation Laws .............................................................................131
Information System and Communication Methods ...................................................133
Information Systems ............................................................................................133
Communication - Internal ....................................................................................135
Communication - External...................................................................................136
Monitoring ......................................................................................................................139
On-going Monitoring ...........................................................................................139
Separate Evaluations............................................................................................141
Reporting Deficiencies ........................................................................................141
References.......................................................................................................................143
Index................................................................................................................................144
Acknowledgments 146
iii
I.
PURPOSE
The purpose of the Standards for Business Controls (Standards) is to assist employees in achieving
our company's objectives. They also serve to ensure the existence of basic and consistent business
controls throughout the Company and to define our responsibilities for them.
The Standards were designed to satisfy the basic objectives of any business system. They address
five interrelated components of a business system:
• the organization's operating environment
• its goals and objectives
• its policies and procedures
• its information systems and communication methods
• its activities to monitor its performance
The Standards provide an additional reference tool for all managers to identify and assess basic
weaknesses in operating controls, financial reporting, and legal/regulatory compliance and to take
action to strengthen controls where needed. By developing effective compliance programs with the
aid of the Standards, management can contribute to reducing the company's potential liability from
fines and penalties that could be imposed for violations of various tariffs and of statutes associated
with the Federal Sentencing Guidelines for Organizations.
The Standards are based upon the internal control guidelines as recommended by the Committee of
Sponsoring Organizations (COSO) of the Treadway Commission. COSO was formed to support the
Commission's recommendation to develop additional, integrated guidance on internal control. This
organizational approach provides Pacific Bell with a common, accepted, and recommended reference
point to assess the quality of its internal control systems.
II.
SCOPE
The Standards apply to all the Company’s organizations and subsidiaries and represent the minimum
requirements toward achievement of company objectives. The Examples of Control Activities
contained in the Standards are not presented as all inclusive or exhaustive of all the specific controls
appropriate in each organization. Over time, controls may be expected to change to reflect changes
in our operating environment.
The Standards are designed to provide reasonable, but not absolute assurance for the accounting for
and safeguarding of assets, the reliability of financial information, and the compliance with laws and
regulations. Reasonable assurance is a concept which acknowledges that the cost of a control should
not exceed the benefit to be derived from it.
The degree of control employed is a matter of good business judgment. When business controls are
found to contain weaknesses, we must choose among the following alternatives:
• increase supervision and monitoring;
• institute additional or compensating controls; and/or
• accept the risk inherent with the control weakness (assuming prior management
approval).
The standards presented in this document should not be considered to "stand alone," but should be
considered as a supplement to the other corporate policies and procedures. The Standards should be
used in conjunction with existing policies and procedures, including those developed locally.
iv
III. RESPONSIBILITY
All employees of the Company and its subsidiaries are responsible for compliance with the
applicable standards. Each Group, Business Unit, General Manager, Director of Finance, or Chief
Financial Officer is specifically responsible for ensuring that the standards are established, properly
documented, and maintained in each organization. Compliance with the Standards will be monitored
by periodic Auditing Services reviews and the results may be shared with the Board of Directors
Audit Committee (BODAC).
Exceptions to these Standards must be substantiated, documented, and retained in the event of an
audit by Auditing Services. Substantiation must include a cost benefit analysis, evidence of risk
assessment, and acceptance of the inherent risks. This information should be documented in a letter
signed by management and retained until compliance with the standard(s) is resumed.
v
INTRODUCTION
Business controls are designed to provide reasonable assurance to management and other personnel
regarding the achievement of objectives in the following three areas of an organization:
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
The first area addresses an entity's basic business objectives, including performance and profitability goals;
acquisition, use, and safeguarding of assets; and effective use of resources. The second area relates to the
preparation of reliable financial statements. The third area deals with compliance with those laws and
regulations to which the Company is subject.
Business controls consist of five interrelated components appearing in each of the three areas described
above. The controls are derived from the way management runs a business and are integrated with the
management process. The Standards have been divided into these interrelated components for ease of
implementation, reference, and subsequent evaluation. The five components are described as follows:
•
Operating Environment - The core of any business is its people - their individual attributes, integrity,
ethical values, and competence - and the environment in which they operate. People and the
environment are the engine that drives the Company and the foundation on which everything rests.
•
Goals & Objectives - The Company must set objectives that are integrated with sales, marketing,
finance, and other business activities so that each facet of the organization is operating in concert. The
Company must be aware of and deal with the risks it faces in its daily operations. Additionally, it must
establish mechanisms to identify, analyze, and manage those related risks.
•
Policies & Procedures - Policies and procedures are established and implemented to help ensure that
the goals and objectives of the Company are met. Additionally, the achievement of those goals and
objectives should be accomplished in an efficient and effective manner to mitigate or sufficiently
reduce the risks associated with them.
•
Information Systems and Communication Methods - Surrounding and supporting the policies and
procedures are the information systems and communication methods of an organization. These
systems enable the Company's employees to capture, exchange, and analyze the information needed to
conduct, manage, and control its operations.
•
Monitoring - All of the above components must be monitored and modifications made as needed. In
this way, the overall business system can react dynamically, changing as conditions warrant.
vi
The following models illustrate how the five business control components interrelate to the three business
objective areas, in both informal and formal controls settings:
EXAMPLES OF INFORMAL CONTROLS
BUSINESS OBJECTIVES
Operational Effectiveness Reliability of Financial
Compliance with Laws
COMPONENTS
and Efficiency
Statements
and Regulations
Operating
Employees act ethically Employees not pressured
Environmental laws,
Environment
and lawfully
to meet unrealistic profit
regulations understood
goals
Goals & Objectives
Employees
Financial reporting
Aware of circumstances
knowledgeable of annual
implications of new
giving rise to potential
business plan
products recognized
litigation
Policies & Procedures
Delegation of authority Management cognizant of
Hazardous materials
procedures understood
how different sets of
incident reporting
financial data relate
procedures understood
Information Systems &
Employees receive
Open communication
Timely, meaningful
Communication
sufficient information to
channels exist with
communications exist with
Methods
properly perform jobs
external auditor
regulators
Monitoring
Employee suggestions
Financial reporting
Communications from
communicated upward
management
government agencies
and acted on
knowledgeable of
followed up
operations
EXAMPLES OF FORMAL CONTROLS
COMPONENTS
Operating
Environment
Goals &
Objectives
Policies &
Procedures
Information
Systems &
Communication
Methods
Monitoring
BUSINESS OBJECTIVES
Operational Effectiveness
Reliability of Financial
Compliance with Laws
and Efficiency
Statements
and Regulations
Comprehensive Code of
Independent Board of
Reporting mechanism for
Conduct in place
Directors Audit Committee
Code of Conduct and
legal violations
Comprehensive business Management reviews the
Legal Department
plan prepared annually
appropriateness of
monitors new laws,
accounting principles
regulations, and other
events
Company-wide corporate Comprehensive year-end
Safety procedures
schedule of approvals
financial statement close
consistent with OSHA
procedures
have been developed
Management receives the
Financial systems are
Access to proprietary
necessary operational
integrated into entity's
customer information is
reports
operational systems
tightly controlled
Reconciliations of detail
Sign-off on unit financial
records to control records statements by operations
performed
personnel
vii
Employees confirm
compliance with Code of
Conduct annually
ORGANIZATION OF THIS MANUAL
The Standards for Business Control are produced in two volumes. Volume I presents control activities
within the Company that are not specifically associated with electronic data processing (EDP) functions.
EDP related issues are addressed in Volume II. However, managers with responsibility for EDP functions
will need to refer to Volume I for other business control activities (e.g. Payroll, Assets, Purchasing, etc.)
that are a part of their daily responsibilities.
The components of Operating Environment, Goals & Objectives, Information Systems and Communication
Methods, and Monitoring are applicable to all parts of the business. The Policies & Procedures section is
divided into major corporate processes. For this document, a process has been defined as a series of
events, from initiation to completion, for a specific transaction. For a process, one or more of the
following types of controls may exist: preventive, detective, manual, computerized, and management. The
range of controls within each process may include approvals, authorizations, verifications, and
reconciliations. Additionally, controls may include reviews of operating performance, asset security, and
segregation of duties.
For each section, standards are presented with their Business Objective Reference, associated risks, and
examples of control activities. These terms and their use are as follows:
Standard - The standard represents the basic minimum requirements for each corporate activity identified.
Compliance with these standards is required.
Bus. Obj. - This is a reference to the category of business objectives to which the standard applies (and
which may vary with circumstances). The categories are:
O = Effectiveness and efficiency of operations
F = Reliability of financial reporting
C = Compliance with applicable laws and regulations
Risks - This section lists those potential problems that may arise should the standard not be met, in the
event of poorly controlled processes, or without compensating controls.
Examples of Control Activities - This section provides examples of control activities which, if
implemented and followed, could satisfy the related standard and help to mitigate the associated risk(s).
These control activities are examples only and do not represent an all-inclusive list of activities that could
satisfy the standard. Management should exercise judgment in the selection and use of these activities. In
the application of any control, the cost of the control should not exceed the benefit derived. Management
is encouraged to develop new controls and, where feasible, to mechanize existing manual controls.
viii
OPERATING ENVIRONMENT
The Operating Environment sets the tone of an organization, influencing the control consciousness of its people. It is the
foundation for all other components of internal control, providing discipline and structure. The operating environment is
impacted by the organization's history and culture. Effectively controlled organizations strive to have competent people,
instill an organization-wide attitude of integrity and control consciousness, and set a positive "tone at the top." Thus, the
Company’s management must establish appropriate policies and procedures, often including a written code of conduct,
which foster shared values and teamwork in pursuit of the Company's objectives.
The specific aspects that the Operating Environment encompasses include:
Integrity and Ethical Values
Commitment to Competence
Board of Directors and Audit Committee
Internal Audit
Ombudsman
Management's Philosophy and Operating Style
Organizational Structure
Assignment of Authority and Responsibility
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
INTEGRITY AND
ETHICAL VALUES
Codes of conduct and other
policies regarding acceptable
business practices, conflicts of
interest, or expected standards
of ethical and moral behavior
should be developed and
communicated to all
employees of the Company.
O, C
Employees may not be aware of
behaviors that are unacceptable and
may, therefore, engage in business
practices that are unethical or
unacceptable to management.
Codes of conduct and other policies
regarding acceptable business
practice, conflicts of interest, or
expected standards of ethical and
moral behavior should be
documented.
The Company may not have a basis
for disciplinary action for those
individuals who harm or embarrass
the Company.
The codes should be periodically
acknowledged by all employees.
Business practices may violate
existing laws and regulations.
Commitment to integrity and ethics
should be communicated throughout
the organization, both in words and
deeds.
Employees should not be pressured
to cut corners, but to do the right
thing.
Management should appropriately
deal with signs that problems exist.
1
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
INTEGRITY AND
ETHICAL VALUES
Management should
demonstrate its commitment to
integrity and ethics by
conducting its dealings with
employees, suppliers,
customers, etc., on a high
ethical plane.
O, F
The Company's longevity and
profitability may be significantly
reduced from lack of customer and
vendor trust and loyalty.
The Company's financial statements
may be intentionally misstated.
The quality of products and services
provided may be reduced when
customers' needs are ignored in order
to achieve short-term performance
targets.
Customer overpayments or supplier's
underbillings should not be ignored.
Reports to third parties should be
complete and accurate.
Executive officers and senior
management should adequately
disclose matters important to an
understanding of the Company's
financial condition or results of
operations.
Inappropriate activity may continue
and may be perceived as acceptable
behavior.
Appropriate remedial action
should be taken in response to
departures from approved
policies and procedures or
violations of the code of
conduct.
Management override of
established controls should be
discouraged.
O, C
Deviations from standard policies
and procedures may not be corrected
in a timely manner.
The Company may incur fines and
penalties for violation of laws and
regulations.
O
Violations of behavioral standards
should be addressed promptly.
Disciplinary actions taken as a result
of violations should be
communicated.
Employees may perceive that
management lacks integrity and
ethics.
Employees should believe that, if
caught violating behavioral
standards, they will suffer the
consequences.
Established controls may be ignored
or overridden.
Manager override should be
explicitly prohibited.
Deviations from established policies
and procedures may be perceived as
the norm.
Management intervention should be
documented and explained
appropriately.
2
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
INTEGRITY AND
ETHICAL VALUES
Pressure to meet unrealistic
performance targets should be
discouraged.
O, F, C
The Company's long term
objectives/profitability may be
jeopardized if decisions are made
solely on achieving short-term goals.
Extreme incentives or temptations
that can unnecessarily and unfairly
test people's adherence to ethical
values should not be used.
Employees may be pressured to
perform unethically in order to meet
short-term goals.
Compensation and promotions
should not be based solely on
achievement of short-term
performance targets.
Reported earnings and/or asset
values may be misstated
COMMITMENT TO
COMPETENCE
Job descriptions or other
means of defining tasks that
comprise particular jobs
should exist.
O
Responsibilities may not be clearly
defined, assigned or carried out
appropriately.
Job descriptions should be
established to define tasks that
comprise particular jobs.
Analyses of the knowledge
and skills necessary to execute
jobs adequately should be
performed.
O
The proper people may not be hired
or the people hired may not possess
the desired/ required skills.
Management should determine to an
adequate extent the knowledge and
skills needed to perform particular
jobs.
Employees may become demotivated
and dissatisfied with their job due to
different job expectations.
Evidence should exist indicating that
employees appear to have the
requisite knowledge skills.
Tasks may not be performed or
performed below management's
standards/expectations.
Appropriate training and
education should be provided
to employees to ensure they
are performing their job
responsibilities.
O
Employees may not possess the
appropriate skills to perform their
job efficiently and effectively.
The skills necessary to perform the
job should be matched with
employees' skills and experience.
Training plans should be implemented when deficiencies occur.
Refer also to the Policies &
Procedures - Human Resources
section on Training.
3
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
BOARD OF DIRECTORS &
AUDIT COMMITTEE
The Board of Directors and
Audit Committee should be
independent from management
and controlling shareholders.
O, F, C
Management decisions may not be
appropriately challenged or
questioned.
Input from different business
experiences and perspectives may
not be obtained on major issues.
Oversight of management may not
be sufficient to reduce the likelihood
of management:
• Involving the Company in
material illegal acts (violations
of laws and regulations)
• Misappropriating material
resources
• Subjecting material assets of the
Company to inordinate risks
• Failing to ensure adequate
control structure
• Materially misstating the
Company's externally issued
financial reports
The Board and Audit Committee
should be comprised of individuals
who are not members of Company
management or controlling
shareholders.
The Board should constructively
challenge management's planned
decisions (e.g. strategic initiatives
and major transactions) and probe
for explanation of past results.
The Audit Committee should
maintain a direct line of
communication with the Company's
external and internal auditors.
The Board of Directors and
Audit Committee should be
used, where warranted, for indepth or direct attention to
particular matters.
O
Emerging issues or significant
transactions may not be
independently evaluated or given the
appropriate level of attention.
Board committees should exist and
be sufficient, in subject matter and
membership to deal with important
issues adequately.
Board members should have
the necessary knowledge and
experience to enable them to
serve effectively.
O
Board members may not have the
requisite knowledge and experience
to provide valuable input, counsel
and oversight on important issues.
Board members should possess
dynamic skills and experiences.
4
Board members' skills and
experiences should complement each
other.
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
BOARD OF DIRECTORS &
AUDIT COMMITTEE
Periodic meetings between the
Audit Committee should be
held with chief financial and/or
accounting officers, internal
auditors and external auditors.
O, F, C
The Audit Committee may not be
kept apprised of emerging issues and
resolution of these issues may not be
addressed promptly or appropriately.
Audit (internal and external)
coverage may not be adequate or
sufficient to meet the needs of the
stakeholders.
The Audit Committee should meet
privately with the chief financial
officer and internal and external
auditors to discuss the system of
internal control, reasonableness of
the financial reporting process,
significant undertakings, and
performance results.
The Audit Committee should review
the internal and external auditors'
scope of activities annually.
Sufficient and timely
information should be
provided to the Board to allow:
• monitoring of
management's objectives
and strategies, the entity's
financial position and
operating results, and terms
of significant agreements,
• appraisal of sensitive
information, investigations
and improper acts.
O, C
The Board should act as an
oversight in determining the
compensation of executive
officers and head of internal
audit, and the appointment and
termination of those
individuals.
O
Critical decisions may be made
based on erroneous or untimely
information.
The Company's financial results,
major marketing initiatives, or
significant agreements may not be
monitored adequately.
Key officers' performance appraisal
and process for salary increases may
not be independently assessed.
Excessive salaries may be paid to
key officers.
5
The Board should regularly receive
key information, such as financial
statements, major marketing
initiatives, or significant agreements.
A process should exist to inform the
Board of sensitive information such
as travel expenses of officers,
significant litigation, investigations,
or violations of corporate principles.
The Compensation Committee of the
Board of Directors should approve
all management incentive plans tied
to performance.
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
BOARD OF DIRECTORS &
AUDIT COMMITTEE
The Board of Directors should
take an active role in
establishing the appropriate
"tone at the top".
O
Management may set the wrong
tone, demotivate employees, deny
service to customers, or jeopardize
the image of the Company.
The Board and Audit Committee
should be involved sufficiently in
evaluating the effectiveness of the
"tone at the top".
The Board should monitor
management's interpretations of and
compliance with the codes of
conduct.
The Board or Audit Committee
should specify appropriate
actions to be taken as a result
of its findings.
O
Resolutions to emerging issues may
not be addressed timely or
appropriately.
The Board should issue directives to
management detailing specific
actions to be taken.
The Board should oversee and
follow up as needed.
The Audit Committee should have
procedures for reserving significant
decisions for the full Board.
INTERNAL AUDIT
Internal Audit should provide
assurance to those within the
Company responsible for
establishing internal control
structure that policies and
procedures are functioning as
prescribed.
O, C
Weaknesses in the Company's
control structure may not be detected
or corrected.
Violations of laws and regulations
may not be brought to the proper
level of management to reduce the
likelihood of future occurrences.
Internal auditors should review the
systems established to ensure
compliance with policies, plans,
procedures, laws and regulations
which could have a significant
impact on the Company's operations
and reports. Codification, Guideline
320 2
The goals and objectives of the
internal audit function, including its
charter, mission statement and
directives, should be supported by
Company officers and the Board of
Directors.
Internal Audit should have direct
access to the Audit Committee and
meet with them regularly to report
on the control structure of the
Company.
2
See Acknowledgment Page
6
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
INTERNAL AUDIT
Internal Audit's responsibility
regarding testing and
evaluating the Company's
internal control structure
should be conducted in
accordance with standards
developed by professional
internal audit associations.
O
Internal Audit's work may not be
performed in accordance with
standards developed by the auditing
profession.
The internal audit function may be
staffed by individuals who are not
qualified to perform the work.
The assignments undertaken by
Internal Audit should not be limited
by scope or access to records.
Internal audits should be performed
with proficiency and due
professional care.
The internal auditors should possess
the necessary technical proficiency
and educational background that is
appropriate for the audits to be
performed.
Codification, Standard 210 2
The results of Internal Audit's
evaluation of internal controls
should be communicated
promptly to the responsible
organizations.
O, C
Management may not be apprised of
the internal control structure for their
areas of responsibility and may be
unaware of control weaknesses.
Internal auditors should collect,
analyze, interpret and document
information to support their audit
results. Codification, Standard 420 2
Deviations from policies,
procedures, laws and regulations
may not be addressed by
management.
Internal auditors should report the
results of their work timely to
management and the Board, if
necessary.
The Company may incur fines and
penalties for violations of laws and
regulations.
Internal auditors should follow up to
ascertain that appropriate action is
taken on audit findings.
Codification, Standard 440 2
Violations of laws, regulations,
management policies or standards of
personal business conduct may not
be addressed and corrected.
The Ombudsman's staff should
accept all requests for assistance,
route concerns to proper avenues for
resolution, investigate and
recommend resolutions that support
ethical and moral behavior as
prescribed by Company policies.
OMBUDSMAN
The Ombudsman's office
should provide a neutral
environment within the
Company where employees
feel safe raising issues.
O, F, C
Company policy and/or practice may
be inconsistently applied.
Ethical and moral concerns may not
be brought to the persons capable to
resolve issues or take corrective
measures.
2
See Acknowledgment Page
7
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
MANAGEMENT'S
PHILOSOPHY AND
OPERATING STYLE
Management should analyze
business risks before
embarking on new ventures.
O, F
The Company may enter into
unprofitable agreements.
Due diligence may not be performed,
resulting in financial losses.
Personnel turnover in key
functions (e.g. operating,
accounting, data processing,
internal audit) should be
monitored.
O
Data processing and
accounting functions should be
established to ensure reliability
of financial reporting and
safeguarding of assets.
F
The Company may incur
unnecessary expenses in re-hiring
and re-training employees.
Management should move carefully,
proceeding only after carefully
analyzing the risks and potential
benefits of a venture.
Excessive turnover of management
or supervisory personnel should be
actively monitored.
Poor management and/or ineffective
hiring practices may not be detected
and corrected.
The financial statements may be
misstated.
Improper accounting principles may
be applied.
The accounting function should be
viewed as a vehicle for exercising
control over the entity's various
activities.
The accounting principles used in
financial statements should follow
Generally Accepted Accounting
Principles and regulatory
requirements.
Valuable assets, including
information, should be protected
from unauthorized use.
Senior management should
frequently interact with
operating management,
particularly when operating
from geographically removed
locations.
O
Senior management may not be kept
apprised of local issues.
Senior managers should frequently
visit divisional operations.
Local employees may perceive that
senior management does not
understand or care about their
operations.
Group or divisional management
meetings should be held frequently.
8
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
MANAGEMENT'S
PHILOSOPHY AND
OPERATING STYLE
Appropriate financial reporting
systems and application of
accounting treatments should
be implemented.
F
Financial statements may be
misstated.
Management should avoid obsessive
focus on short-term reported results.
The reporting of transactions may
not be in accordance with Generally
Accepted Accounting Principles.
Personnel should not submit
inappropriate reports to meet targets.
Managers should not ignore signs of
inappropriate practices.
ORGANIZATIONAL
STRUCTURE
The entity's organizational
structure should provide the
necessary information flow to
manage its activities.
O
Information may not be accessible to
individuals who have a need to
know.
Decisions may be based on
erroneous or incomplete information.
The flow of necessary information
may be inhibited by a structure that
is too complex.
The organizational structure should
be appropriately centralized or
decentralized, given the nature of the
entity's operations.
The organizational structure should
facilitate the flow of information
upstream, downstream and across all
business activities.
Management may not be able to
adequately monitor the business by a
structure that is too simple and lacks
the necessary controls.
The definition of key
managers' responsibilities and
their understanding of these
responsibilities should be
clearly communicated.
O
Responsibilities may not be carried
out as intended by management or
may be inconsistent with Company
objectives.
Employees may not be able to
identify who has responsibility and
accountability for issues that impact
their job.
9
Responsibilities and expectations for
the entity's business activities should
be communicated clearly to all
employees who are responsible for
those activities.
Organization charts should be
established to define the reporting
relationships.
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
ORGANIZATIONAL
STRUCTURE
The executive officers, senior
management and other key
managers should possess the
requisite experience and level
of knowledge commensurate
with their positions.
O
Reporting relationships should
be appropriate for the entity's
operations.
O
The Company may not be equipped
with the proper management team
that will enable it to compete in
current and future markets.
The executives in charge should
have the required knowledge,
experience and training to perform
their duties.
Key decisions may be made by those
individuals who do not have the
experience or knowledge.
The reporting relationships may not
be conducive to an efficient and
effective operation.
Established reporting relationships -formal or informal, direct or matrix - should be effective and provide
managers with information
appropriate to their responsibilities
and authority.
The managers of the business
activities should have access to
senior operating executives.
Modifications to the
organizational structure should
be made in light of changed
conditions.
O
The organizational structure may be
inadequate to effectively deal with
issues in the competitive
environment.
Management should periodically
evaluate the entity's organizational
structure in light of changes in the
business or industry.
Customers' needs may not be
promptly addressed.
There should be sufficient
number of employees to carry
out the Company's mission.
O
The Company's objectives may not
be carried out efficiently and
effectively.
Overworked employees may be
dissatisfied with their jobs and
become less productive.
The Company may incur
unnecessary expenses for those
departments or individuals that are
not productive.
10
The Company should have an
adequate work force -- in numbers
and experience -- to carry out its
mission.
Employees should have sufficient
time to carry out their
responsibilities effectively.
Departments or individuals that are
not working to their capacity should
be identified and their
responsibilities should be adjusted.
OPERATING ENVIRONMENT
BUS.
EXAMPLES OF
ASSIGNMENT OF
AUTHORITY AND
RESPONSIBILITY
Assignment of responsibility
and authority should be
appropriately delegated to deal
with organizational goals and
objectives, operating functions
and regulatory requirements,
including the responsibility for
information systems and
authorization of changes.
O, F, C
Critical decisions may not be made
timely.
Individuals may be given too much
or not enough authority to carry out
their responsibilities effectively.
Authority and responsibility should
be assigned to employees throughout
the Company.
Responsibility for decisions should
be related to assignment of authority
and responsibility.
Proper information should be
considered in determining the level
of authority and scope of
responsibility assigned to an
individual.
Control related standards and
procedures should be
appropriately included in
employee job descriptions.
O
Delegation of authority should
be appropriate in relation to
assigned responsibilities.
O
Controls may be ignored or
overridden.
Job descriptions, for at least
management personnel, should exist.
Responsibility and accountability for
ensuring adequate controls may not
be assigned.
The job descriptions should contain
specific references to control-related
responsibilities.
Cycle time for completion of tasks
may be elongated due to the number
of approvals required.
There should be an appropriate
balance between authority needed to
"get the job done" and the
involvement of senior personnel
where needed.
Job fulfillment may decline when
appropriate employees are not given
the authority to make decisions
related to their assigned
responsibilities.
11
Employees at the "right" level should
be empowered to correct problems
or implement improvements, and
that empowerment should be
accompanied by appropriate levels
of competence and clear boundaries
of authority.
GOALS & OBJECTIVES
The Company faces a variety of risks from external and internal sources that must be assessed. These risks affect the
Company's ability to survive; successfully compete within its industry; maintain its financial strength and positive public
image; and maintain the overall quality of its products, services and people. The Company’s management must therefore
determine how much risk is to be prudently accepted, and strive to maintain risk within these levels.
A precondition to risk assessment is establishment of objectives, aligned consistently at different levels. Because economic,
industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the
special risks associated with change. The process of identifying and analyzing risk is an ongoing iterative process and is a
critical component of an effective internal control system. Management must focus carefully on risks at all levels of the
entity and take the necessary actions to manage them.
The specific areas included in Goals & Objectives are:
Company-Wide Objectives
Activity-Level Objectives
Risk Identification
Change Management
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
COMPANY-WIDE
OBJECTIVES
The Company's objectives and
what it desires to achieve
should be established and
communicated.
O
Employees may not understand or
misinterpret Company objectives, and
therefore, may not work toward
achieving these objectives or may
implement actions that are
inconsistent with Company
objectives.
Measurable targets toward which the
Company moves in conducting its
activities may not be established and
results may not be monitored.
The Company's strategies,
business plans and budgets
should be consistent with its
objectives.
O
The Company's objectives and what it
desires to achieve should be
documented in broad statements that
provide direction and guidance for
management and employees.
The Company objectives should be
included in the annual business plan,
distributed to employees and
discussed at employees' meeting and
in various departmental and business
unit meetings.
Proper direction and guidance may
not be provided for management and
employees.
Feedback should be obtained from
key managers, other employees and
the Board on the effectiveness of the
communication of company-wide
objectives.
The objectives set by management
may not be realistic due to inadequate
resources provided for in the business
plans and budgets.
The Company's strategic plan should
support the company-wide objectives.
(continued next page)
13
(continued next page)
GOALS & OBJECTIVES
BUS.
EXAMPLES OF
COMPANY-WIDE
OBJECTIVES
The Company's strategies,
business plans and budgets
should be consistent with its
objectives.
O
(continued)
(continued)
Changes in the economy or industry
The Company's strategic plan should
may not be reflected in the Company's address high level resource
strategies, plans and budgets.
allocations and priorities.
Departmental budgets and plans may
be established that are inconsistent or
not supportive of the Company's
objectives.
Assumptions inherent in the business
plans and budgets should reflect the
Company's historical experience and
current conditions.
The Company's five-year business
plan should be updated annually by
management and approved by the
Board.
Annual updating of the business plan
should include identifying
departmental and business unit
objectives, and establishing detailed
operating and capital expenditure
budgets.
Departmental and business unit
managers should be actively involved
in establishing objectives and
budgets.
Senior Management should review
and approve all plans and budgets,
assure that they are consistent with
one another, and reflect historical
experience and current economic and
industry conditions.
ACTIVITY-LEVEL
OBJECTIVES
Activity-level objectives should
be consistent and linked with
each other and relevant to all
significant business practices.
O
Activity-level objectives may be
inconsistent or not supportive of
company-wide objectives and
strategic plans.
Objectives should be established for
key activities of the business and
measurement criteria should be
clearly defined.
(continued next page)
(continued next page)
14
GOALS & OBJECTIVES
BUS.
EXAMPLES OF
ACTIVITY-LEVEL
OBJECTIVES
Activity-level objectives should
be consistent and linked with
each other and relevant to all
significant business practices.
O
(continued)
(continued)
Employees may become confused
about the direction the Company is
moving toward as a result of
inconsistent Company and activity
objectives.
Senior management should
periodically review objectives of all
activities for which they are
responsible for continued relevance.
Critical paths that the Company must
take to remain competitive and
profitable may be impeded by
activity-level objectives that focus on
short-term performance targets.
Activity-level objectives such as goals
with specific targets and deadlines
should be linked to and support the
company-wide objectives and
strategic plans.
The chief executive officer should
review activity-level objectives to
provide a broad perspective and to
ensure consistency.
Management should consider
the adequacy of resources to
achieve objectives.
O
Objectives may not be met due to
insufficient financial support,
inadequate training of employees or
outdated technology.
Management should identify the
resources necessary to achieve the
objectives.
Plans should exist for acquiring
necessary resources (e.g. financing,
personnel, facilities, technology).
The relative importance of
objectives to achievement of
company-wide objectives
should be identified.
O
Objectives may not be appropriately
prioritized and critical objectives may
not be closely monitored.
Critical success factors may not be
identified to allow the Company to
achieve its objectives.
Capital spending and expense budgets
should be based on management's
analysis of the relative importance of
objectives.
The objectives that serve as critical
success factors should provide a basis
for particular management focus.
Opportunities may be lost due to
inadequate focus of high priority
objectives.
All levels of management
should be involved in objective
setting to the extent to which
they are committed to the
objectives.
O
Managers may not perceive they have
input or involvement in the objective
setting process, thus they are less
committed to work toward
achievement of the objectives.
(continued next page)
15
Managers should participate in
establishing activity objectives for
which they are responsible.
(continued next page)
GOALS & OBJECTIVES
BUS.
EXAMPLES OF
ACTIVITY-LEVEL
OBJECTIVES
All levels of management
should be involved in objective
setting to the extent to which
they are committed to the
objectives.
O
(continued)
(continued)
Objectives set may not be realistic
and attainable due to incomplete or
erroneous information.
Procedures for resolution of
disagreements should be established.
Managers should support the
objectives and not have "hidden
agendas".
RISK IDENTIFICATION
Mechanisms should exist to
identify risks arising from
external sources.
O, C
Risks associated with changes in the
economy, industry, technology, laws
and regulations may not be identified
and action plans may not be
appropriately formulated.
The financial success of the Company
may be jeopardized when appropriate
risks are not taken and considered in
the Company's strategic plans.
Mechanisms should exist to
identify risks arising from
internal sources.
O, C
The Company's operations may be
interrupted due to high turnover of
key personnel and labor disputes.
The Company's objectives may not be
achieved due to mismanagement of
resources.
Risks may not be appropriately
identified by those individuals who
are most knowledgeable about the
issues.
Management should obtain input on
Company risks from past litigation
and industry experience.
Management should consider risks
related to:
• Supply sources
• Technology changes
• Creditor's demands
• Competitor's actions
• Economic conditions
• Political conditions
• Regulation
• Natural events
• Union demands
Management should consider risks
related to:
• Human resources, such as retention
of key personnel
• Financing, such as availability of
funds for new initiatives or
continuation of key programs
• Labor relations, such as
compensation and benefit
programs
• Information systems, such as
adequacy of back-up systems
Risks should be analyzed through
formal processes or informal
day-to-day management activities.
16
GOALS & OBJECTIVES
BUS.
EXAMPLES OF
RISK IDENTIFICATION
Significant risks for each major
activity-level objective should
be identified.
O, C
Risk assessment on major business
Significant risks should be analyzed
units or functions (e.g. sales,
thoroughly, including:
marketing, product development) may • Estimating the significance of risks
not be given adequate attention.
and related costs (e.g. insurance
premiums, self-insured losses, risk
Acceptable risk levels may not be
management personnel costs)
maintained at the company-wide
• Assessing likelihood of occurance
level.
• Determining needed actions
Key business processes where
potential exposures of some
consequence exist may not be
appropriately identified.
Risks and opportunities related to
changes should be addressed at
sufficiently high levels in the
organization so their full implications
can be identified and appropriate
action plans formulated.
Internal controls may become
ineffective due to changes in the
Company, economy, industry, or
regulatory environment.
Managers should be responsible for
identifying routine events or changing
conditions that affect their spheres of
responsibility. Such events may
include:
• Change in economic or regulatory
environment
• New or revamped information
systems
• Growth
• New technology
• New products
• Corporate restructuring
CHANGE MANAGEMENT
Mechanisms should exist to
anticipate, identify and react to
events or activities that affect
achievement of company or
activity-level objectives.
O
Increased pressures and resource
constraints that give rise to
significantly different risks may result
in exclusion of control related
activities.
Existing systems may be strained to
the point where controls may break
down.
Changes in the marketplace may not
be adequately addressed.
Modifications to internal control
systems may not be appropriately
made.
The Company may not be able to
avoid impending problems and take
advantage of forthcoming
opportunities.
17
Identified changes should be
discussed regularly and action plans
that identify risks and opportunities
formulated and followed up.
All activities within the Company or
department that are significantly
affected by the change should be
brought into the process.
Mechanisms should exist for taking
advantage and controlling the use of
new technology applications,
incorporating them into production
processes or information systems.
POLICIES & PROCEDURES - Human Resources
The Human Resources Process includes the functions involved in planning how many people the Company will need and the
required skills; developing and training the employees to ensure they have those skills; setting the appropriate performance
targets and ensuring that employees know what they are; providing an environment that motivates employees to achieve
what is expected; and ensuring that employees are recognized and paid for the work they perform, and the benefits associated
with employment are equitably applied.
The specific functions included in the Human Resources Process are:
Planning
Staffing
Training
Performance Appraisals
Employee Relations
Compensation
Benefits
• Health and Welfare
• Profit Sharing and Retirement
• Relocation
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
PLANNING
The demand for and availability
of human resources should be
forecasted. Shortages and
surplus conditions should be
identified.
O
The Company may not have sufficient The human resource implications of
employees with the appropriate skills changes in strategic objectives and
to achieve its objectives.
priorities, organization, technology,
legislation, products, services or
High operational costs may be
programs should be identified.
incurred due to extensive use of
Dolenko, p. 10, Section 1.1 3
overtime, contract or consulting
The number, type, level, and location
resources.
of human resources required to carry
out organizational objectives and
Poor matching of skills with job
operational plans should be identified.
duties may exist.
Dolenko, p. 11, Section 1.2 3
Inequitable workload distribution may
Current, accurate inventories of basic
exist.
employment data for all employees
should be maintained. Dolenko, p. 11,
Section 2.1 3
(continued next page)
3
See Acknowledgment Page
19
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
PLANNING
The demand for and availability
of human resources should be
forecasted. Shortages and
surplus conditions should be
identified.
O
See Risks on previous page.
(continued)
Relevant career data inventories,
including information experience,
skills, and promotion potential for
critical occupational groups and levels
should be maintained. Dolenko, p.
11, Section 2.2 3
The impact of identified shortages and
surpluses should be considered in the
preparation of operational and
financial plans. Dolenko, p. 11,
Section 3.2 3
Action plans should be
prepared to address imbalances
in the numbers and/or skills of
human resources which have
been identified.
O
Imbalances in the number and skills
of human resources may not be
considered in the operational and
financial objectives.
O, C
Employment equity and equality of
access requirements may not be met.
Action plans that include activities
such as staffing, separation, training,
development, and relocation should
identify the costs of implementation,
the implementation time frame, and
The Company may not have sufficient the individuals responsible for
employees with the appropriate skills implementation.
to achieve its objectives.
Action plans should be monitored on
a regular basis and the results
assessed to ensure objectives are
being met and to identify
modifications to the plans that may be
required.
STAFFING
The need for the position, job
requirements and selection
criteria should be clearly
defined.
Changes in operational or business
plans, new technology, or new
services which may require
employees with different skills may
not be considered in the replacement
process.
The need for filling a vacant position
should be reviewed before staffing
activities begin. Dolenko, p. 12,
Section 1.2 3
The number, type, level, and work
location of persons sought and when
they are required should be specified.
Dolenko, p. 12, Section 1.32 3
(continued next page)
3
See Acknowledgment Page
20
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
STAFFING
The need for the position, job
requirements and selection
criteria should be clearly
defined.
O, C
See Risks on previous page.
(continued)
A description of the purpose of the
job, the main tasks to be carried out,
and the terms and conditions of
employment should be documented
and made available to persons with
recruitment responsibilities. Dolenko,
p. 12, Section 1.42 3
The selection criteria should be based
on the job requirements, experience,
personal characteristics desired, and
application of employment equity
directives. Dolenko, p. 12, Section 1.5
3
Recruitment activities should
maximize the likelihood of
attracting qualified candidates
at a reasonable cost, within a
reasonable period of time, and
with due regard to equality of
access. Dolenko, p. 13,
Criterion 2 3
O
The cost of recruitment may not be
cost justified.
Recruitment activities may not be
focused on qualified audiences or
candidates.
Alternative methods for filling a
position including internal versus
external recruitment, advertising, and
use of agencies should be con-sidered.
Dolenko, p. 13, Section 2.1 3
The area of search should be
sufficient to attract qualified
candidates at a reasonable cost.
Dolenko, p. 13, Section 2.3 3
Turnaround time for filling positions
should be reasonable. Dolenko, p. 13,
Section 2.4 3
The selection process should
ensure that the successful
candidate possesses the
appropriate job qualifications
and should be cost effective.
Dolenko, p. 13, Criterion 3 3
O, C
Individuals may be employed who do
not meet job qualifications, or
individuals who possess the job
qualifications may not be hired.
The time and costs associated with
staffing may not be cost effective.
Job qualifications may not be well
defined.
Employment references, security
clearance, and legal entitlement to
work should be verified and
documented. Dolenko, p. 13, Section
3.3 3
An offer of employment, including
the terms and conditions, should be
provided in writing to the successful
candidate. Dolenko, p. 13, Section
3.4 3
Job qualifications should be defined
and specific to job openings.
3
See Acknowledgment Page
21
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
STAFFING
Newly appointed employees
should be provided with
appropriate orientation to the
organization and their
responsibilities. Probationary
employees should have their
performance reviewed during
the probationary period.
Dolenko, p. 14, Criterion 4 3
O, C
Newly appointed employees may not
be adequately acquainted with the
organization to carry out their
responsibilities effectively and
efficiently.
Newly appointed employees who
cannot perform the job may continue
to be employed.
New employees may be
inappropriately terminated.
All newly appointed employees
should receive appropriate
orientation. Dolenko, p. 14, Section
4.1 3
The performance of probationary
employees should be monitored
closely throughout the probationary
period. Details should be documented
and discussed with employees and
prompt action should be taken to
address perceived problems. Dolenko,
p. 14, Section 4.2 3
TRAINING
Individual and group training
needs should be analyzed and
training plans should be
developed. Dolenko, p. 15,
Criterion 2 3
O
Employees may not be able to learn
their jobs quickly, thus increasing the
learning costs.
Productivity may be reduced because
employees who are unfamiliar with
their jobs work more slowly and are
inclined to make more mistakes.
Training needs should be identified in
terms of potential improvement to
current and future job performance,
potential for enhanced understanding
of organizational direction, or
potential contribution to the
achievement of organizational
strategies and objectives. Dolenko, p.
15, Section 2.1 3
Client satisfaction may be reduced
because of the poor quality of services Priorities should be established
annually and resources allocated
received.
accordingly. Dolenko, p. 15, Section
Staff turnover may increase due to job 2.2 3
dissatisfaction.
Training budgets should be prepared.
Dolenko, p. 15, Section 2.3 3
The general morale of the
organization may be unfavorable.
Training requirements should be
considered prior to assignment of new
The Company may be less able to
undertake new opportunities because tasks or responsibilities.
of the employees' lack of
commitment, competence and
willingness to change.
3
See Acknowledgment Page
22
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
TRAINING
Course designs should reflect
the needs that have been
identified. Dolenko, p. 15,
Criterion 3 3
O
Courses developed may not contribute
to the employees' acquisition of
knowledge, skills and change of
attitudes required to meet work
expectations efficiently and
effectively.
Course designs should specify
objectives to be met by the training
and the methods by which training
results will be measured. Dolenko, p.
15, Section 3.1 3
Functional specialists who have
specialized knowledge of the subject
area should participate in the design
of training courses. Dolenko, p. 17,
Section 3.2 3
New courses should be conducted on
a pilot basis before organization-wide
implementation. Dolenko, p. 17,
Section 3.3 3
Efficient and effective systems
should be in place for
delivering training, arranging
facilities and technical aids, and
notifying participants.
Dolenko, p. 17, Section 4.1 3
O
Training facilities may not be suitable
to promote learning or may not be
cost effective.
Training facilities should be
efficiently used and economically
justified. Dolenko, p. 17, Section 4.23
Training may not be effectively or
efficiently scheduled (e.g. too many
or too few attendees and conflicts
with related course objectives).
Statistics on course attendance should
be maintained and used for future
planning. Dolenko, p. 17,
Section 4.3 3
Costs associated with the delivery of
training course should be recorded
and controlled against budget.
Dolenko, p. 17, Section 4.4 3
Staff training activities should
be evaluated. Dolenko, p. 17,
Criterion 5 3
O
Courses may become outdated due to
new technology, legislation or
changes in the business.
Training courses should be evaluated
and modified as necessary. Dolenko,
p. 17, Section 5.1 3
Training, including course material,
delivery, and facilities, may not meet
the needs of the attendees.
Course administration, use of
facilities, and training instructors
should be evaluated. Dolenko, p. 17,
Section 5.2 3
Training results should be evaluated
using predetermined learning goals
and behavioral change objectives
where feasible. Dolenko, p. 17,
Section 5.3 3
3
See Acknowledgment Page
23
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
PERFORMANCE
APPRAISALS
Work expectations should be
documented for the employee
with respect to his/her expected
contribution to the achievement
of organizational objectives.
O
Expectations between the supervisor
and employee may not be properly
communicated.
Work expectations should be linked
to the objectives of the organization.
Dolenko, p. 18, Section 1.1 3
Existing performance standards
should be reasonable and attainable.
Dolenko, p. 18, Section 1.2 3
Employees should have a clear
understanding of their job
responsibilities and expectations.
Dolenko, p. 18, Section 1.4 3
There should be ongoing
review and discussion of
achievement against
expectations or mutually agreed
upon objectives throughout the
review period. Dolenko, p. 18,
Criterion 2 3
O
Employees may not be adequately
supported in the development of
on-the-job skills and in improving
productivity.
The annual performance appraisal
may hold surprises for the individual
who was not made aware of the
progress toward achievement of
objectives throughout the review
period.
Employees should be evaluated
against known expectations. Dolenko,
p. 18, Section 2.1 3
Supervisors should provide
opportunity throughout the review
period for adjustment to or refinement
of expectations due to change in
conditions. Dolenko, p. 18, Section
2.2 3
Supervisors and employees should
meet regularly to discuss employee
performance. Dolenko, p. 18, Section
2.3 3
Where performance is less than
expected, supervisors should provide
timely feedback and assistance for
improvement. Dolenko, p. 18, Section
2.4 3
3
See Acknowledgment Page
24
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
PERFORMANCE
APPRAISALS
The annual review process
should emphasize mutual
problem-solving, recognition of
accomplishments, and provide
specific feedback to assist in
improvement of performance.
Dolenko, p. 18, Criterion 3 3
O
The annual review may only address
performance results rather than
improvement opportunities.
Employees may not be receiving
performance appraisals at the interval
required by the Company.
The annual review should:
• Reflect ongoing reviews and
discussions
• Be constructive to assist the
employee with self assessment
and/or improvement
• Identify training and development
needs
• Establish work expectations for the
next review period Dolenko, p. 18,
Section 3.1 3
Each employee's performance should
be summarized in a written appraisal
at least annually. Dolenko, p. 18,
Section 3.2 3
The performance appraisal
process should be monitored
and evaluated to ensure that
performance reviews are
occurring in accordance with
the criteria which have been set
by the Company. Dolenko, p.
19, Criterion 4 3
O
Performance appraisals given may not Feedback from both supervisors and
meet the criteria set by the Company
employees concerning the
in terms of interval and usefulness.
effectiveness of the existing
performance appraisal process should
be obtained to ensure organizational
needs are being met. Dolenko, p. 19,
Section 4.2 3
EMPLOYEE RELATIONS
The grievance and arbitration
process should be used as a tool
for timely, efficient, and
effective disposition of
disputes.
O, C
Productivity may be reduced due to
untimely and inefficient resolution of
grievances.
Managers should be aware of the
organizational climate, employee
attitudes, and causes of grievances.
The Company may be subject to
unfavorable publicity when
grievances are handled externally.
Employee grievances should be
administered expeditiously.
The cost of dispute resolution may
escalate when grievances are handled
externally.
Dispute dispositions should be
communicated and resolutions
implemented.
Disciplinary activity should be
monitored and reviewed to highlight
potential areas of concern requiring
management attention.
Refer also to the Operating Environment section on Ombudsman.
3
See Acknowledgment Page
25
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
COMPENSATION
Compensation to employees
should be made at appropriate
authorized rates and in the
proper job classifications for
the services rendered.
O, F, C
Incorrect amounts may be disbursed
to employees.
Employment laws and regulations
may be violated resulting in fines,
penalties, lawsuits, or contingent
liabilities.
Compensation may not be designed to
foster ethical behavior.
The organization should have an
established policy for setting
compensation levels, including
position with respect to market
comparability.
Positions should be analyzed to
include:
• The logical grouping of assigned
responsibilities and reporting
relationships
• The relationship of the work to
other positions within the
organization
• The requirement for knowledge
and skills
• The effort, judgment, accountability, and responsibility required
of the job
• The conditions under which the
work must be performed
Dolenko, p. 23, Section 1.1 3
Job evaluation criteria should be
consistently applied. Dolenko, p. 23,
Section 1.4 3
A senior level review process should
be in place to ensure consistency in
the application of evaluation
standards and to resolve
disagreements. Dolenko, p. 23,
Section 1.5 3
When job content changes
significantly, the job should be
re-evaluated. Dolenko, p. 23, Section
1.6 3
3
See Acknowledgment Page
26
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
BENEFITS HEALTH & WELFARE
Policies for major employee
health and welfare benefits,
such as medical, dental, and
disability should be
documented, approved by
management and
communicated to all
employees.
O, C
Employees may not be aware of the
options in health and welfare benefits
that are available to them.
Laws and regulations may be violated
if employees are not informed of the
benefits available to them.
Inconsistencies in benefit treatments
to employees may be in violation of
the Employee Retirement Income
Security Act (ERISA).
Only those plan providers and
carriers who have been
authorized by management
should be providing services to
the Company and its
employees.
O
Services may be provided by
unauthorized or unqualified providers
and carriers.
Plan documents should outline the
provisions of the plans to include:
• Types of benefits authorized (e.g.
medical, dental, disability, etc.)
• Eligibility for benefits
• Frequency and limits of benefits
Plan documents should be made
available to all Company employees.
The health and welfare benefit plans
should contain a list of authorized
plan providers.
Agreement for services with carriers
should be in writing and signed by
both parties to the contract.
Contracts with carriers should contain
a right-to-audit clause.
Specialist referrals should be made
only by authorized providers.
Refer also to the Operating
Environment - Purchasing section on
Procurement - Contracts.
Only those benefits/claims that
conform to management's
policy should be approved and
processed for payment.
O, F
Unnecessary and/or unauthorized
services may be provided.
Benefit payments may be issued to
unauthorized recipients (e.g.
employees who are not medically
certified as disabled or not eligible
under the Plans).
Duplicate coverage may be given to
plan participants and their families.
27
Plan documents should specifically
address eligibility requirements and
entitlement to benefits.
Physician's certification of medical
condition should be required prior to
authorization of disability benefits.
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
BENEFITS HEALTH & WELFARE
Disbursements to benefit
recipients, plan providers and
carriers should be accurately
computed, promptly recognized
as liabilities, and properly
classified.
O, F
Qualifying employees may not
Premium payments should be made in
receive the full benefits granted by the accordance with contractual terms.
Plans.
Carrier billings should be verified
Benefit payments may be late or
with supporting claims detail.
inaccurate.
Disability cases should be properly
Improper or unauthorized benefit
coded on time reports and benefits
payments may be made to the
paid should be reconciled with these
recipient.
documents.
Improper coding of disability
conditions on time reports may result
in misclassification on the financial
statements.
Refer also to the Policies &
Procedures - Purchasing section on
Cash Disbursement - Bills and
Vouchers.
Payments to plan providers and
carriers may not be in accordance
with contractual terms.
The quality of services
provided by the carriers and
plan providers should be
assessed periodically.
O, C
The services provided by the carriers
and plan providers may not meet
Company management or employees'
expectations.
Non-compliance with contractual
terms by the carriers and plan
providers may not be detected.
On-site audits should be conducted at
the carrier's office to review claim
data and resolve exceptions.
Audits of plan providers should be
performed periodically by either the
carrier or the Company.
Carrier statistics such as claim
turnaround time and customer service
should be reviewed for compliance
with the agreement.
Health and welfare benefit
costs should be monitored and
controlled.
O
The Company may be spending
unnecessary expenses for provision of
health and welfare benefits.
Reasonable and customary fees
should be clearly defined as to the
amounts and services covered.
The Company should consider and
seek illness preventive measures.
(continued next page)
28
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
BENEFITS HEALTH & WELFARE
Health and welfare benefit
costs should be monitored and
controlled.
O
See Risks on previous page.
(continued)
An independent assessment as to the
length of disabled time in the
Company should be compared with
standards available through the State.
Average disability periods should be
established for standard illnesses and
disability cases.
BENEFITS PROFIT SHARING &
RETIREMENT
Policies for major employee
profit sharing and retirement
benefits such as pension,
savings, and employee stock
ownership plans should be
documented, approved by
management, and
communicated to all
employees.
Only those plan administrators
who have been authorized by
management should be
providing services to the
Company.
O, F, C
The rates and terms of profit sharing
and retirement plans may not be
authorized or acceptable to
management.
The Plans may violate established
Internal Revenue Service regulations.
Inconsistent treatment of employee's
pension and deferred compensation
rights may result in violation of the
Employee Retirement Income
Security Act (ERISA).
O, F
Services may be provided by
unauthorized plan administrators.
Cash may be disbursed for services
never received.
Plan documents should outline the
provisions of the plans and approved
by the Company's Board of Directors.
Plan documents should be made
available to all Company employees.
Discriminatory testing should be
performed to ensure the plans do not
favor highly paid employees.
The Company's accounting and
funding policies for profit and
retirement benefit plans should be
clearly defined and approved by
management.
Agreement for services with plan
administrators should be in writing
and signed by both parties to the
contract.
Contracts with the plan administrators
should contain a right-to-audit clause.
Refer to the Policies & Procedures Purchasing section on Procurement Contracts.
29
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
BENEFITS PROFIT SHARING &
RETIREMENT
Employee withholdings should
be properly approved,
appropriately classified and
promptly recognized as
liabilities.
O, F, C
Accruals for pension, deferred
compensation and other liabilities
may be incorrectly calculated
resulting in unrecorded liabilities.
Unauthorized or incorrect amounts
may be withheld from employees.
The policies for accruing, funding,
and reporting pension benefits,
deferred compensation, and other
liabilities may not be in accordance
with Generally Accepted Accounting
Principles.
Employee withholdings must be
authorized in advance and in writing.
Pension, compensation and other
deferred expenses should be accrued
monthly.
Analysis of the adequacy of the
pension fund should be performed
annually and payments should be
made to the fund to ensure the
liabilities are adequately covered.
Improper treatment of employees
pension and deferred compensation
benefits may result in violation of
ERISA.
Payroll withholdings should be
periodically compared with
investment acquisitions.
O, F
Amounts remitted may be inaccurate
or not properly recorded by the
trustee.
Plan participants should verify their
quarterly statements for accuracy of
amounts deducted, deduction options,
investment direction and percentage
allotted.
Contributions sent to the trustee
should be matched against amounts
recorded by the trustee.
Contributions to and
withdrawals from the profit
sharing and retirement plans
should be properly approved
and in accordance with plan
provisions.
O, F, C
Plan benefits may exceed the
limitations set by the Internal
Revenue Code.
Withdrawals may not be in
accordance with the Internal Revenue
Code rules and regulations.
Erroneous data may be used in
computing the Company's taxable
income.
30
Employees' before and after-tax
contributions should be tracked
against the Internal Revenue Service
limitations.
Hardship withdrawals should be
approved by the appropriate authority.
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
BENEFITS PROFIT SHARING &
RETIREMENT
Billings for plan administration
and recordkeeping services
should be verified and
approved by management.
O, F
Cash disbursed may be inaccurate or
not properly substantiated.
Plan administration billings should be
verified with contractual terms and/or
detail provided.
Refer also to the Policies &
Procedures - Purchasing section on
Cash Disbursement - Bills and
Vouchers.
Plan administrator's
performance should be
reviewed periodically.
O, C
The plan administrator may provide
inferior service.
Contractual terms which specify
standards of performance may be
breached.
Information pertaining to the
profit sharing and retirement
plans should be properly
disclosed.
F, C
Improper disclosure and reporting of
plan activities may result in violation
of the Employee Retirement Income
Security Act (ERISA) and Generally
Accepted Accounting Principles.
The plan administrator's records,
including investments and payroll
deductions should be reviewed for
accuracy.
The plan administrators should file
annual reports with the Department of
Labor which include a description of
the plan, financial statements, and
supplementary schedules.
Significant information relating to the
pension and employee stock
ownership plans should be disclosed
in the financial statements and
accompanying notes.
BENEFITS - RELOCATION
Relocation plan services and
terms should be authorized by
management.
O, F
Relocation plan participants may
order goods and/or services that are
not covered under the Plan.
Excessive or unauthorized prices and
rates may be paid for goods and
services.
31
The relocation plan should be
documented and contain a clear listing
of reimbursable expenses and
services.
Prices should be pre-established for
certain expenses and services such as:
mortgage interest, property tax and
rent.
POLICIES & PROCEDURES - Human Resources
BUS.
EXAMPLES OF
BENEFITS - RELOCATION
Vendors used for relocation
purposes should be approved
by management.
O
Contracts may be entered into with
unauthorized vendors.
A list of approved movers, contractor
for home sale and property
management should be maintained.
Cash may be disbursed to
unauthorized contractors.
Only those requests for
relocation related expenses that
conform to the relocation plan
should be approved and
accepted.
O
Cash disbursed to vendors or
employees for relocation
expenses should be accurately
computed and properly
classified.
O, F, C
Services may be received by
employees who have not been
authorized to receive them.
Authorization for relocation should be
obtained from the employee's
department.
Services may be provided which are
not needed or authorized by the plan.
Employee's commute with regard to
mileage and time should be verified
prior to receipt of services.
Disbursements may be made for
services billed but not received.
Moving expenses should be verified
against tariffs and/or bills of lading.
Expense reimbursements may be
inaccurately paid.
All relocation expenses should
contain sufficient supporting
documents.
Expenses may be misstated due to
incorrect classification.
The quality of the services
provided by the vendors should
be assessed periodically.
O
Unacceptable movers or contractors
may continue to provide services to
the Company and its employees.
Company funds may be ineffectively
used due to excess interest charged on
unsold homes.
32
Employees who have used the
relocation services should have the
opportunity to provide feedback on
the quality of services received.
An inventory of the number of unsold
homes and how long the homes have
been unsold should be monitored.
POLICIES & PROCEDURES - Marketing
The Marketing Process includes the functions of research and development of products and services, preparing the financial
projections, marketing and selling the products and services through various distribution channels, and compensation to the
sales force. Compliance with regulatory requirements, such as the Cease and Desist Order, is an essential function of the
Marketing Process to ensure statutes, orders and tariffs are followed.
The specific functions included in the Marketing Process are:
Managing Marketing Activities
Market Financials
Product Development
Managing Sales Activities
Product Sales
• Demand Sales
• Telemarketing
• Sales Agents
Cease and Desist Requirements
Sales Compensation
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
MANAGING
MARKETING ACTIVITIES
Marketing strategies should be
developed that consider the
competitive, regulatory, and
business environment or other
factors that may influence the
Company's marketing
activities.
O, C
Management may not have sufficient
detail about factors that influence the
Company's marketing strategies.
Marketing should be staffed with
personnel knowledgeable in the
telecommunications industry.
Marketing strategies may be
developed that are inconsistent with
or violate laws and regulatory
requirements.
Initiatives (both legal and regulatory)
that could impact the Company
should be monitored.
Market research should be done and
economic, customer and industry
trends should be reviewed and
monitored.
Develop marketing strategies
aimed at influencing potential
and current customers to select
the Company’s products or
services.
O
Management may not receive
accurate and timely information
regarding pricing, products, actual or
potential customers, advertising and
promotion.
Pricing strategies should be
reviewed.
The effectiveness of advertising and
promotion campaigns should be
evaluated.
Lost revenue opportunities due to
lack of accurate market information.
STANDARD
BUS.
OBJ.
RISKS
33
EXAMPLES OF
CONTROL ACTIVITIES
POLICIES & PROCEDURES - Marketing
MANAGING
MARKETING ACTIVITIES
Market needs for products or
service, including introduction
of new products, and
continuance, changes to or
discontinuance of existing
products should be addressed.
O
Marketing decisions made with
insufficient information about
competitive (or potential new)
products.
Market research should be conducted
on existence of competitive
products, products under
development and customer
preferences.
Product obsolescence.
Products developed may lack
customer demand.
Information regarding profit margins
and/or sales prices may not be
available.
Market research, focusing on
competitors' technical innovations
and customers' acceptance of or
preference for such innovations
should be conducted.
The trend of product sales by the
Company and the industry should be
monitored.
The effectiveness of advertising and
promotion campaigns should be
evaluated.
MARKET FINANCIALS
A comprehensive financial and
economic analysis of proposed
new products should be
performed.
O, F
Company decision makers may not
have the information to identify
whether new business opportunities
are profitable.
All relevant information that drives
the profitability of the proposed new
product should be identified and
documented in a business case.
Pertinent information would include:
market potential/demand, projected
revenue, expenses and capital, breakeven levels and rate of return.
A tracking plan to monitor
profitability and investment
should be implemented.
O, F
Management may not be able to
determine a product's profitability.
Tracking codes should be used for
all activities associated with the
development of a product.
Actual costs to develop or enhance a
product may not be adequately
tracked.
Post implementation actuals should
be compared to business case
projections.
Management may not have the
information to make informed
decisions to react to changed
conditions in the market.
STANDARD
BUS.
OBJ.
RISKS
34
EXAMPLES OF
CONTROL ACTIVITIES
POLICIES & PROCEDURES - Marketing
MARKET FINANCIALS
The price assigned to new
products in the revenue
projection should be approved
by management and the
regulatory agencies as
appropriate.
O, F, C
The price of new products may not
be approved by the regulatory
agencies or may be in violation of
existing tariffs.
The price projected for new products
may not adequately reflect all costs
associated with the development of
the product.
Products may be incorrectly priced
and may not be responsive to
competition.
Tariff filings should be prepared as
appropriate prior to marketing the
product.
Market research and product trials
should be performed to determine
the appropriate price strategy.
Proper categorization of products
should be obtained from the
regulatory Commission.
PRODUCT
DEVELOPMENT
A systematic process for the
development and introduction
of new products and
enhancements should be used.
O, C
Products may be delayed due to
inefficient, ineffective or
inconsistent processes.
Products under development may be
subject to frequent or unnecessary
re-work.
Products may be brought to market
using processes that are not
authorized by management.
Laws and regulations relating to
anti-trust may be violated.
Products may be developed which
have not been approved by the
regulatory agencies.
The basic steps of the product
development process should be
identified such as:
• Idea generation
• Idea screening
• Business analysis
• Pilot development
• Test marketing
• Commercialization
General guidelines for the
development of products should be
documented to include:
• Definition of roles and
responsibilities
• Communication flows
• Reporting and tracking
requirements
A multi-discipline team should be
established at the inception of the
development process to ensure
diverse issues and concerns are
addressed.
Refer also to the EDP Control
Activities section on System
Development Life Cycles.
STANDARD
BUS.
OBJ.
RISKS
35
EXAMPLES OF
CONTROL ACTIVITIES
POLICIES & PROCEDURES - Marketing
PRODUCT
DEVELOPMENT
Product proposals and
assessments should be
reviewed, prioritized and
approved by management.
O
Products may be developed without
management's approval.
Projects may be inappropriately
ranked and key business
opportunities may be missed due to
limited resources.
Frequent budget and scope changes
may occur.
Product concepts may not be
adequately and properly evaluated.
Product process users and their
requirements should be
identified.
O, C
User requirements may be
inappropriately omitted.
Inadequate input/data from the users
may lead to delays in the
development process or a product
that has no market.
Opportunities can be needlessly lost
due to the failure to properly define a
product (e.g. potential benefits).
Tariff, public policy and other issues
may not be appropriately identified
and addressed.
All time and costs associated
with product development
should be reported accurately,
timely and in accordance with
regulatory requirements.
O, F, C
Actual costs incurred in researching
a product and its development may
not be accurately computed or
monitored.
Cost overruns may not be identified
timely.
(continued next page)
Criteria should be set for product
evaluation which includes factors
such as market demand, production
and marketing consistency, legal
considerations, profit maximization,
and risk minimization.
A product prioritization process
should be implemented to ensure key
business opportunities are not
missed.
Resource commitments should be
obtained from the appropriate level
of management.
Involvement of customers, suppliers
and stakeholders should be identified
early in the process.
Product attributes and desired
benefits should be defined early in
the process.
The suppliers' ability to deliver
features in a timely manner and the
cost requirements should be
identified.
Potential public policy or special
product considerations should be
identified and resolved early in the
development cycle.
Time and costs for all new product
development should be tracked via
tracking codes upon identification of
a potential product/service
development.
Product process users should be
promptly informed of the use of
tracking codes associated with the
product development process.
(continued next page)
36
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
PRODUCT
DEVELOPMENT
All time and costs associated
with product development
should be reported accurately,
timely and in accordance with
regulatory requirements.
O, F, C
(continued)
(continued)
Nonregulated/competitive products
may be inappropriately subsidized
by the ratepayers resulting in fines
and penalties.
Actual project costs should be
periodically compared with
budgeted/authorized amounts.
Exclusion from rates of development
costs of products could violate
Modified Final Judgment (MFJ)
restrictions.
Products should be properly
identified as regulated or
nonregulated to ensure research and
development costs are appropriately
classified.
The financial statements may be
misstated due to improper
classification of operating expenses.
The status of products under
development should be
monitored and communicated
to all stakeholders.
O
Project stakeholders may not be
adequately informed of the product
development progress.
Approval and input for each major
step of the development process may
not be obtained from project
stakeholders and management.
The product development
process should be assessed
periodically for effectiveness
and efficiency.
O
Reporting of product
development to the regulatory
agencies should be accurate
and timely, and comply with
regulatory requirements.
C
Deficiencies in the process may not
be identified or corrected.
Continuity and quality of products
developed may be jeopardized.
Reporting of products or services
under development may be
inaccurate or incomplete.
The regulatory agencies may not
have accurate or complete
information to properly categorize
the new products or services.
(continued next page)
Governance of the product
development process should be
assigned to the appropriate level of
management to resolve issues and to
administer the process.
Activities supporting each completed
step of the development process
should be documented and
communicated to the product process
users.
Personnel involved in the product
development process should provide
feedback with regard to the
effectiveness and efficiency of the
process.
All mandatory reporting of product/
service development should be
identified, including the submission
dates.
Reporting to the CPUC should
include all products or services
under development, preliminary
categorization, expenses, capital, and
current status.
(continued next page)
37
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
PRODUCT
DEVELOPMENT
Reporting of product
development to the regulatory
agencies should be accurate
and timely, and comply with
regulatory requirements.
C
(continued)
(continued)
The Commission may not have
sufficient information to track
product development costs for
ratemaking purposes.
Certification should be obtained
from all departments on the
completeness of the list of
products/services to be reported to
the CPUC.
The Company may not have
sufficient evidence to demonstrate
the completeness of the information
reported to the Commission.
MANAGING
SALES ACTIVITIES
Marketing strategies should be
effectively implemented.
Sales targets should be met or
exceeded in an efficient
manner.
O
O
Sales personnel may be unaware of
marketing strategies.
Marketing strategies should be
communicated to sales personnel.
Sales personnel may disregard
marketing strategies.
Management should establish sales
quotas, compensation, or other
performance criteria in a manner
where positive implementation of
strategies results in favorable
recognition.
Sales personnel may be unaware of
potential customers.
Market research results should be
communicated to sales personnel.
Sales personnel may lack knowledge
about product features or benefits.
Qualified and experienced sales staff
should be retained.
Customer information may be
incomplete or inaccurate.
The accuracy of customer information should be verified periodically.
Information that could be useful in
marketing the Company's products
or services should be maintained in a
customer information system.
Examples include: name, address,
phone number, contact, location,
history of previous orders and plans
to expand or change the business.
Sales force should be properly
organized and territories aligned in a
most efficient manner.
38
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
PRODUCT SALES DEMAND SALES
The types of products and
services offered and the
associated rates and terms
should be authorized in
accordance with
management’s policy and
regulatory requirements.
O, C
Products and services offered to
customers may not be in compliance
with existing tariffs.
All trials and promotions must be
approved by the CPUC prior to
being offered to the customer.
Post Cease and Desist requirements
may not be met.
Products/services offered must be in
compliance with the tariff.
Revenues may be reduced due to
increases in uncollectible accounts
arising from inadequate deposits
requested.
Customer contact guidelines should
be followed.
Customer’s request to either restrict
or not restrict sales personnel from
accessing their proprietary network
information or releasing it to other
vendors may not be honored.
Customers should be provided with
all the information necessary to
make purchase decisions (e.,g.
type/class of service available, tariff
names, nonrecurring charges, and
monthly rates).
Customer deposits requested or
waivers granted would be in
accordance with management’s
policy.
Customer and order
information should be
accurately and promptly
recorded.
O, F, C
Customers may be billed for services
not received or incorrectly billed for
services received.
Customer service order information
and interaction should be accurately
recorded in pertinent systems.
Sales may be recognized in the
wrong accounting period.
Confirmation of orders should be
sent to the customers to ensure they
clearly understand the products and
services for which they are billed.
Post Cease and Desist requirements
may not be met, subjecting the
Company to fines and penalties.
A quality assurance program
should be implemented to
ensure customer interactions
are in compliance with
management's expectations
and the Post Cease and Desist
requirements.
O, C
Unethical sales practices may occur
without management's knowledge.
Customers may be offered products
and services that are prohibited by
the Post Cease and Desist
requirements.
Customers may be billed for services
not received or incorrectly billed for
services received.
39
Feedback should be obtained from
customers on whether they
understand and want the services for
which they are being billed.
Customer contacts should be
monitored for compliance with
tariffs.
Refer also to the Policies &
Procedures - Marketing section on
Cease and Desist Requirements.
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
PRODUCT SALES DEMAND SALES
Only authorized and qualified
personnel should be making
service recommendations to
the customers.
O, C
Incorrect tariffs could be applied to
products and services offered.
Products and services may be
intentionally or unintentionally
bundled.
Customers may not have the
necessary information to make a
purchase decision.
Employees with responsibility for
customer contacts should be
informed of the Company's policy on
ethical conduct and professionalism.
Sales personnel should be
appropriately certified and
understand their responsibility to
safeguard customer proprietary
network information.
Customer proprietary network
information may be inappropriately
accessed by restricted customer
contact employees or released to
other vendors.
PRODUCT SALES TELEMARKETING
The prices of goods and
services offered should be
authorized by management and
CPUC rulings.
O, C
Promotions may be unlawful or
violate the Post Cease and Desist
Order.
The prices of goods and services
ordered may not conform to
management's requirements or
tariffs.
Customers contacted for a
telemarketing campaign should
be authorized in accordance
with manage-ment's policy,
laws and regulations, and
industry standards.
O, C
Multiple unrelated calls could be
made to the same customer.
Telemarketing efforts may not be
consistent and coordinated.
Complaints from customers could
impact the Company's ability to
perform telemarketing.
All free trial programs, promotions,
and discounts must be approved by
the CPUC prior to being offered to
the public.
Service contracts should comply
with tariffs.
A list of customers under the
proactive marketing campaign
should be maintained.
Customers that have explicitly or
implicitly (non-published) requested
not to be contacted should be
properly identified.
Customers who had previously been
contacted should be excluded from
future contacts based on a
pre-established time interval.
(continued next page)
40
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
PRODUCT SALES TELEMARKETING
Customers contacted for a
telemarketing campaign should
be authorized in accordance
with manage-ment's policy,
laws and regulations, and
industry standards.
O, C
See Risks on previous page.
(continued)
The time interval for exclusion of
customers from future contacts
should be identified and
communicated.
Contacts with customers should be
immediately terminated or
rescheduled if the customers gives
any indication of wanting to end the
discussion.
Customer and order
information should be
accurately and promptly
recorded.
O, F, C
Customers may be billed for services
not received or incorrectly billed for
services received.
Customer service order information
and interaction should be accurately
recorded in pertinent systems.
Sales may be recognized in the
wrong accounting period.
Confirmation of orders should be
sent to the customers to ensure they
clearly understand the products and
services for which they are being
billed.
Post Cease and Desist requirements
may not be met.
Procedures for compliance
with the Post Cease and Desist
requirements should be
established and maintained.
O, C
Unethical selling practices may
continue and violate the Post Cease
and Desist rules and regulations.
Inexperienced or unqualified
employees may be conducting
telemarketing.
The Company's policies with regard
to sales practices and campaign
quality assurance should be
documented and communicated.
Personnel with responsibility for
selling activities should be properly
trained, and those who perform
outbound calling campaigns should
be properly certified.
Refer also to the Policies &
Procedures - Marketing section on
Cease and Desist Requirements.
41
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
PRODUCT SALES TELEMARKETING
Activities associated with
telemarketing should be
tracked to monitor their
success and effectiveness from
a customer as well as a
Company perspective.
O, C
Campaign successes may not be
properly identified.
Actual performance against
anticipated sales may not be
adequately monitored.
Sales calls may not be in compliance
with tariffs and noncompliance may
not be detected.
Every aspect of an outbound calling
campaign should be tracked to
include: expenditures, revenues,
sales, contacts, and perceived
customer satisfaction.
Customer feedback should be
obtained on the quality of services
received and adherence to the Post
Cease and Desist Order.
PRODUCT SALES SALES AGENTS
Only those agents who have
been authorized by
management should be
allowed to sell network
services for the Company.
O, C
Contracts may be entered into with
unauthorized sales agents.
Sales agents may be paid for services
not authorized.
Excessive rates may be paid to sales
agents or services provided may not
meet Company standards.
Not all vendors may be given the
opportunity to do business with the
Company.
Sales agents can only offer
products that have been
approved by the regulatory
agencies through the filing
process.
O, C
Products and services offered may
not be in compliance with the tariffs.
Sales activities conducted by the
sales agents may not be ethical or in
compliance with the Post Cease and
Desist requirements.
Criteria for selection of sales agents
should be established to include:
• Sales/service history
• Product line
• Customer satisfaction
• Financial status
• Geographic location
• Business plan objectives that are
consistent with the Company's
direction
A list of authorized sales agents
should be maintained.
A monitoring process should be in
place to ensure tariff names and rates
quoted were accurate, no free trials
were offered, products sold were not
bundled and proper deposits were
received.
CPUC customer complaints should
be reviewed periodically.
The Company's commitment to
service and ethical sales practices
should be communicated to all sales
agents.
42
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
PRODUCT SALES SALES AGENTS
The services and terms of
performance by authorized
sales agents should be
documented and approved by
management and regulatory
agencies.
O, C
Services may be provided that were
not requested or approved by
management.
The services and terms of
performance may not be acceptable
to management or approved by the
regulatory agencies.
The Company may be disadvantaged
if sales agents sell intralata network
services of other providers.
The cost and performance of
sales agents should be
monitored and evaluated.
Payments to the sales agents
should be accurately computed
and promptly recognized as a
liability.
O, C
O, F, C
Sales agents must have a written
agreement with the Company.
The sales agent contract should be
included in the CPUC filing and
approved by this agency.
The exclusivity option should be
included in the contract to prohibit
the sales agents from selling intralata
network services of other providers.
Management may not have the
necessary information to evaluate the
performance and efficiency of the
sales agents.
A costing base should be established
to periodically compare the cost of
using sales agents with internal
costs.
The use of sales agents may not be
cost effective and the shareholders
and customers may bear the
additional cost of having multiple
distribution channels.
A monitoring process should be in
place to ensure sales agents comply
with the contract.
Commissions may be inaccurate due
to clerical errors, incorrect
commission rate or incorrect terms.
Sales agent invoices should itemize
individual customer sales by sales
person, product and commission
amount.
Liability for services received may
not be promptly recorded.
The rate of commission paid or
commission structure may not be in
accordance with regulatory
requirements.
Commissions paid to sales agents
may not be adequately substantiated.
Customer satisfaction surveys should
be performed.
Products and/or services sold by the
sales agents should be tracked to
ensure the orders have not been
subsequently canceled and that the
sales agents have rightfully earned
their commission.
Commissions paid to the sales agents
for products and/or services sold
should be compared to an authorized
product, service and features list.
(continued next page)
43
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
PRODUCT SALES SALES AGENTS
Payments to the sales agents
should be accurately computed
and promptly recognized as a
liability.
O, F, C
(See Risks on previous page..
(continued)
The rate of commission paid should
be in accordance with contractual
terms and structure that was
approved by the regulatory agencies.
Refer also to the Policies &
Procedures - Purchasing section on
Cash Disbursement - Bills and
Vouchers.
Filing requirements to the
regulatory agencies should be
followed and monitored.
C
FCC requirements to protect the
ratepayers and provide equitable
opportunity for Customer Premise
Equipment (CPE) vendors may be
violated.
Quarterly and annual filings and
reports to the CPUC and FCC must
be adhered to.
The Company's marketing practices
and strategic direction for ethics and
public policy effectiveness may not
be in conformance with the
appropriate statutes, orders, and
tariffs.
Guidelines should be established and
maintained to include:
• Management's standards and
expectations for conduct and
ethics
• Training requirements
• Quality assurance plans/controls
• Compliance with CPUC tariffs,
rules and regulations
CEASE AND DESIST
REQUIREMENTS
Customer interactions should
be conducted in the highest
standards of professionalism,
integrity and business ethics.
O, C
Public trust with the customers may
be impaired.
The Company's responsibility for
customer privacy may be breached.
Customers should be provided
with complete and accurate
information on the products
and services offered.
O, C
Customers may not understand that
they can subscribe to basic service
without any optional features or
enhancements.
Inappropriate or incorrect tariff
names may be applied to the
products and services offered and
sold.
(continued next page)
44
Confirmation letters should be sent
to all appropriate customers
itemizing both the monthly rate and
non-recurring charges. Any
exclusions from the process should
be appropriately identified.
Basic service should be clearly
separated from optional services.
(continued next page)
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
CEASE AND DESIST
REQUIREMENTS
Customers should be provided
with complete and accurate
information on the products
and services offered.
O, C
(continued)
(continued)
Customers may not understand the
costs associated with each product or
service ordered.
Universal Lifeline Telephone
Service (ULTS) options should be
clearly discussed on all appropriate
contacts.
When offering complementary
services, disclosures must be made
to the customers that the Company
can only provide service within the
local service area.
Complete and accurate credit
information should be obtained
on all appropriate contacts.
O, C
Customers may be denied fair and
equal access to telephone service.
Improper application of credit
requirements may increase bad debt
expense and result in financial loss
to the Company and its ratepayers.
A quality assurance plan
should be established to ensure
the Company's marketing
practices are in conformance
with the appropriate statutes,
orders, and tariffs as they
relate to the Cease and Desist
Order.
O, C
Orders may be made for goods and
services that the customer did not
request.
Quality assurance issues may not be
addressed properly or timely.
When establishing credit,
information as outlined in the tariff
must be solicited to determine the
appropriate deposits and/or advance
payments.
Monitoring of customer contact
personnel should be performed at
least quarterly to focus on quality
assurance.
An anonymous forum should be
established (e.g. service
representative survey) to address
issues that could not be audited via
monitoring.
Service orders should be confirmed
periodically by supervisory
managers.
Internal audits of Post Cease and
Desist compliance should be
performed periodically.
45
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
SALES COMPENSATION
The terms and conditions for
the sales incentive
compensation plan should be
documented, authorized by
management, and
communicated to plan
participants.
O, C
Plan participants may be paid
amounts that are not authorized or
acceptable to management.
Substantive provisions of the plan
may not comply with the rules under
the Employment Retirement Income
Security Act (ERISA).
Compensation may be applied
inconsistently or inequitably, thus
violating employment rules.
Plan participants may not understand
or misinterpret the payment process.
A written policy on sales
compensation should be developed
outlining:
• Eligibility requirements for
payout
• Calculation of payout
• Disposition of payout if the sale is
terminated
• Disposition of payout if the
account is not collected and
subsequently written-off
• Processing of appeals and
adjustments
The plan and subsequent changes
should be approved by the
appropriate executive officers and
reviewed by Legal prior to adoption.
Plan participants should formally
acknowledge their understanding of
the plan terms prior to the beginning
of the plan year (e.g. signing of the
Document of Understanding).
The basis and methodology
used for determining the
payout should be reasonable
and accurately computed.
O
Conditions could exist which result
in unrealistic performance results.
Compensation paid to sales persons
may not be competitive.
The basis for compensation may not
be aligned with Company goals and
objectives.
Sales incentive plan targets should
be in line with overall profit targets
for the organization.
Specific procedures for calculating
compensation should be developed,
documented, reviewed, approved
and used.
Industry standards should be used as
a performance measurement and
approved by management.
Performance results that serve
as the basis for determining the
payout should be reliable,
accurate and reflect actual
performance.
O
Payout may not be adequately or
accurately supported.
Performance data may be incorrect
or misstated, resulting in over/under
payment of compensation.
46
Revenues, products and performance
based on established criteria should
be tracked and reported.
Independent audits and/or reviews
should be performed on the reported
performance results for verification
of accuracy.
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
SALES COMPENSATION
Amounts due employees
should be accurately
calculated, recognized as
liabilities promptly and
properly classified.
O, F
Employees may be awarded for
terms and conditions not met or not
awarded for terms and conditions
met.
The payout calculation should be
reviewed and approved by someone
other than the preparer and someone
who is not a plan participant.
Incorrect amounts of cash may be
paid out intentionally or
unintentionally.
Compensation earned should be
compared to amount received by the
plan participant.
Incentive payment may be
incorrectly calculated resulting in
misstatement of expenses.
Adjustments which impact
compensation should be
properly approved and
substantiated.
O, F, C
Unauthorized adjustments may be
processed, resulting in over/under
payment of compensation.
Quota relief may be improperly
granted.
Policies and procedures should be
established for the review and
approval of adjustments to payouts
or sales bases.
Cut-off procedures for processing of
adjustments should be established.
Accounts may be moved into and out
of modules without proper
authorization.
Module movements should be
controlled and approved.
Inconsistencies in compensation to
employees may be in violation of the
Employee Retirement Income
Security Act (ERISA).
An appeals process should be
implemented to ensure participants
are compensated fairly and
consistently.
An appeals board should be
established consisting of employees
who are not plan participants.
The compensation plan should
be evaluated periodically for
appropriateness and alignment
with Company objectives.
O, C
Erroneous payments or excessive
costs of sales compensation may
result to the detriment of the
Company.
The compensation plan may not be
performing or administered as
originally designed.
Plan participants may only focus on
high return products and the Company may lose its market presence.
(continued next page)
47
Products that contribute to the
achievement of Company objectives
should be identified and considered
for inclusion in the determination of
the compensation base.
(continued next page)
POLICIES & PROCEDURES - Marketing
BUS.
EXAMPLES OF
SALES COMPENSATION
The compensation plan should
be evaluated periodically for
appropriateness and alignment
with Company objectives.
O, C
(continued)
(continued)
The goals of the compensation plan
may not meet the needs of the
organization, support the
achievement of objectives, exploit
opportunities, and meet the
reasonable aspirations of employees
and shareholders.
The sales compensation program
should adapt to changes in the
market and industry.
Changes in operations, regulations or
management may not be reflected in
the compensation plan.
48
POLICIES & PROCEDURES - Sales
The Sales Process includes the functions of acquiring and accepting customer orders; granting customer credit; billing and
recording sales; maintaining and monitoring accounts receivable; instituting effective collection procedures; recording and
controlling cash receipts; and properly valuing receivable balances. Refer also to the Control Activities - Marketing section
on Management of Sales Activities for standards relating to marketing strategies and sales targets.
The specific functions included in the Sales Process are:
Order Entry
Credit
Billing
• Customer
Custom Work Order
Accounts Receivable
• General
• Customer Receipts
Collections
• General
• Agency
Refunds and Adjustments
Coin Operations
• Collection
• Counting
• Banking
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
ORDER ENTRY
The credit worthiness of
potential customers must be
determined prior to acceptance
of customer orders.
O
Sales may be made to unacceptable
customers, resulting in uncollectible
accounts receivable.
A credit policy that reflects an
appropriate balance between risk and
credit loss and sales volume should
be established and enforced.
Refer also to the Policies &
Procedures - Sales section on Credit.
Orders should be processed
only for those customers who
are authorized for credit.
O
Sales and order entry personnel may
not have access to complete, timely
or accurate credit information.
Sales may be lost due to delays in
receiving customer information.
49
Sales and order entry employees
should have accurate and timely
customer information regarding
approved credit limits, current
balances due, age of receivable
balance and other pertinent
information.
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
ORDER ENTRY
Customer orders should be
processed accurately and
expeditiously.
O, F, C
Delinquent orders may not be
identified resulting in dissatisfied
customers and/or order cancellations.
Orders may be accepted and
processed at rates and terms that are
not acceptable to management or in
compliance with tariffs.
Delinquent orders could adversely
affect the Company's operating
results as well as business
relationships with other customers.
Current information on prices/tariffs
and policies on such matters as
discounts and taxes should be clearly
communicated to sales and billing
personnel and properly updated in
computer systems.
The products/services sold should be
priced in accordance with the tariff.
Open order files should be reviewed
periodically for delinquent orders.
Delinquent orders should be
researched and resolved.
Sales may be misstated.
Formal acknowledgment of order
acceptance should be sent to the
customer on a timely basis.
Customer and order information (e.g.
products and services ordered,
prices, credit approvals, etc.) should
be properly documented and fully
edited before the order is processed.
Only valid customer orders
should be approved and
processed.
O
Customer orders may not be
acceptable to management regarding
price, terms, penalty clauses, or
credit risk.
Policies and procedures should be
established for review and approval
of customer orders, including
approval of "no charge" or
discounted services.
O
Products and services may be
provided to unacceptable customers,
resulting in excessive accounts
receivable collection problems.
Formal, written policies and
procedures for granting credit and
establishing credit for new and
existing customers should be
developed.
CREDIT
The criteria for accepting
potential customers should be
defined, communicated and
enforced.
Procedures for credit review and
establishing credit for new and
existing customers may be
implemented which are not in
accordance with management's
policy and/or circumvent existing
controls.
50
Credit references should be
identified and obtained when
necessary.
(continued next page)
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
CREDIT
The criteria for accepting
potential customers should be
defined, communicated and
enforced.
O
See Risks on previous page.
(continued)
Specific individuals who understand
management's criteria should be
identified and designated the
responsibility to consider acceptance
of potential customers.
Credit limits should be established
based on review of the customer's
credit records and ability to pay.
Established customer credit limits
should be reviewed for adequacy at
least annually. Where appropriate,
adjustments should be made and
approved by the appropriate level of
management.
Complete and accurate credit files
should be maintained.
A system of credit
management reporting should
be adopted.
O
High risk accounts may be accepted
without management's knowledge.
Uncollectibles and write-offs may
increase from high risk accounts that
were not planned by management.
Reports indicating high risk accounts
should be prepared and reviewed by
management regularly.
Management, especially those who
perform the credit function, should
receive timely information about
past due accounts.
Refer also to the Information
Systems and Communication
Methods section on Information
Systems.
BILLING - CUSTOMER
All authorized sales should be
accurately recorded and billed
in the proper period.
O, F
Sales may be recorded in the wrong
accounting period.
All products sold or services provided should be billed in the period
in which the transaction occurs.
Incorrect billings may be issued
resulting in misstated sales and
receivables, dissatisfied customers
and lost revenue.
Provisioning or delivery data should
be submitted to the billing function
on a timely basis.
(continued next page).
(continued next page)
51
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
BILLING - CUSTOMER
All authorized sales should be
accurately recorded and billed
in the proper period.
O, F
(continued)
(continued)
Sales may have occurred, but may
not have been billed and/or recorded.
Appropriate cut-off procedures
should be established.
Cash flow may not be maximized
due to untimely billings, and
exposure to uncollectibility is
increased.
Delivery of products or services
should be verified prior to bill
processing.
Customer statements should be
mailed promptly.
All bills must accurately
reflect the true value of the
products sold or services
provided.
Only authorized billing
adjustments should be
processed.
O, C
Revenues and cost of sales may be
incorrectly recorded.
Tariffs may be violated. The
Company may also be exposed to
litigation from external sources for
misrepresentation of bills.
O, F
Receivables and related accounts
may be misstated due to incorrect
adjustments or incorrect
reclassification of distributed
amounts.
Adjustments may not be acceptable
to management.
Segregation of duties should
exist between the billing, sale,
provisioning, cancellation, and
accounting functions.
O, F
Intentional errors or
misappropriation of assets could
occur. Examples include:
• Products/services may be
provided, but not billed
• Products/services may be billed
and recorded, but not provided
The price assigned to products or
services sold must be in compliance
with the tariff.
Appropriate taxes should be billed in
accordance with local laws. Where
tax is not billed, documentation
should exist to support the
customers' tax exempt status.
Guidelines should be established to
clearly identify the procedures for
determining the propriety of
adjustments.
All credit memos issued to
customers should be supported,
documented, and approved by the
appropriate level of management.
Individuals with responsibilities for
preparation of bills should not record
or approve sales.
Credit memos should be authorized
by individuals independent of the
accounts receivable functions.
Customer disputes or inquiries
should be investigated and resolved
by individuals independent of the
billing function.
52
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
BILLING - CUSTOMER
The effectiveness and
efficiency of the billing
process should be evaluated
periodically.
O
Errors, delays, or omissions in
billing may not be detected or
corrected.
The number of customer complaints
regarding improper bills or
statements should be monitored.
Customer complaints may increase
due to inaccurate bills, thus
discrediting the Company's
reputation as an ethical and quality
service provider.
Backlog of unprocessed orders
should be regularly reported,
investigated and followed up.
The Company's profitability may
decline due to inefficiencies in the
billing process.
Goods/services sold but not billed
should be reported and investigated.
Suspense files for rejected data
should be reviewed and followed up
timely to ensure correct data is
re-entered.
Management should regularly
review bill processing and results
reports.
Customer bills, both computer
generated and manual, should be
reviewed periodically for accuracy
on at least a test basis.
BILLING - CUSTOM
WORK ORDER
Only those services defined by
the tariffs as custom work and
authorized by management
should be billed.
The prices and related
components used to determine
the cost of custom work should
be authorized in accordance
with tariffs and management's
policy.
O, F, C
O, C
Billing for customer work could be
overlooked, resulting in
misstatement of revenues.
Engineering jobs should be reviewed
to determine if custom work is
appropriately identified.
Custom work may not be billed in
accordance with mandates by the
California Public Utilities
Commission (CPUC).
Guidelines for billing procedures to
be used when performing custom
work should be documented.
Billings for custom work may be
misstated or inconsistently
calculated, resulting in misstatement
of revenues.
The appropriate tariffs should be
used to determine charges for
custom work.
(continued next page)
Terms and conditions could be
misinterpreted by the customer or
Company management.
(continued next page)
53
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
BILLING - CUSTOM
WORK ORDER
The prices and related
components used to determine
the cost of custom work should
be authorized in accordance
with tariffs and management's
policy.
O, C
Custom work order bills
should be properly authorized,
accurately prepared and timely
rendered.
O, F, C
(continued)
(continued)
Terms and conditions of the custom
work order agreement may not be
acceptable to management or may
violate existing laws and regulations.
Terms and conditions of custom
work should be included in an
approved written agreement with the
customer.
Billable costs may not be recovered.
Billings should be made only after
authorizations are received from the
responsible department on who to
bill, the basis for billing, and
information required by the
regulatory agencies.
Billings for custom work may not be
approved by management or in
accordance with existing tariffs or
the agreement with the customer.
Timeliness of custom work order
billing generation could be affected
if job status is not accurately
reported and monitored.
Sales and related receivables may be
recorded in the wrong accounting
period.
Job and billing reports should be
reviewed regularly by the
responsible engineer to monitor the
accuracy and completeness of job
status codes and billings.
Actual costs of work performed
should be tracked to ensure all
expenses are identified and properly
recovered.
The appropriate overhead costs
should be applied to the custom
work order billed amount.
The appropriate tariffs and rules
should be specified on the bill or
support documentation.
Billing reports should be reviewed
by the engineers to ensure timely
release of bills for payment.
The costs associated with
custom work orders should be
accurately and promptly
tracked, reported, and billed.
O, F, C
Expenses incurred by the Company
may not be recovered.
Bills may be inaccurate due to
keying errors or incorrect application
of tariffed rates.
The cost of materials, labor, and
overhead should be accurately
reported to the individual preparing
the billing document, negotiating the
billing agreement or authorizing
billing.
(continued next page)
(continued next page)
54
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
BILLING - CUSTOM
WORK ORDER
The costs associated with
custom work orders should be
accurately and promptly
tracked, reported, and billed.
O, F, C
(continued)
(continued)
Billing errors may go undetected.
Customer, order and cost
information should be documented
on the bill, including the tariff rule if
the rates are tariffed.
Costs associated with custom work
may be inaccurately recorded on the
financial statements.
Billings should reflect the
appropriate method authorized by
the responsible department.
Billings should be verified prior to
release.
Billing adjustments should be
properly substantiated and
approved.
O
Bills may not be generated for work
performed and paid for in advance.
Advanced payments and other
adjustments may not be applied to
the proper customer account.
Unauthorized, duplicate or erroneous
adjustments may be processed.
Billing discrepancies should be
resolved promptly and fairly.
O, C
Advanced payments by customer
should be accurately recorded and
appropriately applied to the
customer's account.
All adjustments should be supported
by the appropriate documentation
and proper approval.
Customer refunds may not be issued
promptly or may be inaccurately
issued.
Custom work order bills with credit
balances should be reviewed and
investigated regularly.
Incorrect billings may not be
corrected timely.
All customer inquiries should be
routed to the appropriate personnel
and addressed on a timely basis.
Adverse publicity and complaints to
regulatory agencies may occur.
55
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
ACCOUNTS RECEIVABLE
- GENERAL
The continued completeness
and accuracy of accounts
receivable records and details
should be ensured by
management.
F
Errors in either the general ledger or
detailed records may not be
identified and corrected on a timely
basis.
The financial records and financial
statements may be misstated.
The detailed accounts receivable
records should be reconciled to the
general ledger on a regular basis.
The reconciliation should be
approved by the next level of
management. Differences should be
identified and investigated.
Correspondence authorizing
cancellations and allowances should
be reviewed.
Accounts receivable with
overdue balances should be
monitored.
O, F
Incorrect aging of accounts
receivable may result in delinquent
customer remittances or
inappropriate write-off of delinquent
accounts.
An aging of accounts receivable
detail should be prepared
periodically and reviewed by
management for any unusual or
delinquent items.
Inefficient collection activities may
occur.
The bad debt reserve may be
incorrectly calculated. Net
receivables and related financial
statements may be misstated.
A system of internal receivable
management reporting should
be adopted.
O, F
Management may not be able to
adequately assess the reasonableness
of the accounts receivable bad debt
reserve, adequacy of collection
procedures and the accuracy of the
financial statements.
Reports on key ratios, trends and
variances should be prepared and
reviewed by management. Examples
of such reports include: receivable
turnover and aging, bad debt writeoffs, collection percentages,
accounts receivable balances in
relationship to sales, and delinquent
percentages.
The receivable results and statistics
should be compared with industry
trends.
Refer also to the Information
Systems and Communication
Methods section on Information
Systems.
56
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
ACCOUNTS RECEIVABLE
- GENERAL
All adjustments to the
receivable balances should be
properly approved and
substantiated.
O, F
Adjustments processed may not
reflect good business practices.
Adjustment errors may not be
detected.
Credit memos, order cancellations,
discounts, account write-offs and
debit memos should be approved by
the appropriate manager in the
period in which the need for the
adjustment was determined.
Collectible accounts receivable may
be written-off, and/or cash receipts
may be misappropriated.
Known receivable adjustments
should never be delayed or deferred.
The accounts receivable records and
financial statements may be
misstated.
Receivable adjustments should be
supported by adequate
documentation and approval.
The accounts receivable valuation
reserves may be incorrectly
calculated, resulting in misstated net
receivables and financial statements.
The accounts receivable bad debt
reserve policy should provide for a
bad debt reserve.
An accounts receivable bad
debt reserve policy to state
receivables at their net
realizable value should be
developed and implemented.
F
Accountability and
responsibility for the accounts
receivable records should be
segregated from billing and
collection functions.
O
Intentional errors or misappropriation of cash and sales related
items could occur. For example:
• Sales are billed but not recorded
and cash is misappropriated upon
receipt
• Cash receipts are incorrectly
applied to customer accounts,
misappropriated or diverted
Customer accounts receivable
records should be maintained by an
individual who does not have access
to billing documents or cash receipts.
Access to accounts receivable
records should be restricted.
O
Accounts receivable records and
stored data may be accessed by
unauthorized individuals.
Access to accounts receivable files
and data used in processing
receivables should be restricted.
Each finance director and/or chief
financial officer should review the
valuation reserves for adequacy and
reasonableness on at least a quarterly
basis, and make adjustments as
required.
57
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
ACCOUNTS RECEIVABLE
- CUSTOMER RECEIPTS
Accountability for cash items
should be established.
O, F
Cash items may be lost, stolen or
diverted.
Cash payments may not be properly
reported.
Cash and other cash-related accounts
may be misstated.
Cash receipts should be
recorded accurately,
completely, and timely.
O
The receivable balances may be
inaccurate as bills and/or cash
receipts may not be recorded, may be
incorrectly recorded, or may be
recorded in the wrong accounting
period.
Cash received may be diverted, lost
or not accurately applied to the
customer's account.
Receipts may be for amounts
different than billed amounts, or are
not identifiable.
Lost, incorrectly recorded and/or
misappropriated cash receipts may
not be identified and corrective
action may not be taken on a timely
basis.
Control and responsibility for
receiving and depositing checks/cash
should be assigned to an individual
who is not responsible for:
• Postings to the general ledger
• Collecting delinquent receivables
• Authorizing bad debt write-offs
• Authorizing credit memos,
discounts, allowances
• Preparing billing documents
Cash receipts should be accurately
logged as to amounts, dates and
customers.
Listed receipts should be compared
with credits to accounts receivable,
bank statements and postings to the
general ledger on a monthly basis.
Use of lock-box or other
arrangements to accelerate deposits
should be considered.
Cash receipts should be deposited in
the bank daily or less often if
dictated by good business practice.
Daily collections should be balanced
and reconciled to the receipt records.
Overages and shortages should be
reported and investigated.
Cash flow may not be maximized.
Inefficient collection activities may
occur due to inaccurate customer
account balances.
The receivable balance and/or aging
of receivables may be inaccurate.
Cash receipts may not be recorded in
the correct accounting period.
Input to the accounts receivable
records should be based upon
verified customer bills and
remittance copies of cash receipts.
Unidentified receipts should be
investigated and resolved.
Periodic statements should be sent to
customers and customer-noted
differences should be investigated.
Appropriate cut-offs should be
established
58
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
ACCOUNTS RECEIVABLE
- CUSTOMER RECEIPTS
Cash items received should be
posted to the customer's
account promptly.
O, F
Customer's accounts may not be
adjusted promptly, resulting in
application of late charge,
disconnection of customer's
telephone service, and customer
dissatisfaction.
Customer mail remittances should be
processed within a pre-determined
time frame established by
management.
Cash receipts should be applied to
the proper customer account timely.
Inefficient collection activities may
occur.
Adjustments to cash items
received and customer
accounts should be properly
approved and substantiated.
O, F
Customer accounts and the accounts
receivable balance may be misstated
due to incorrect handling of
adjustments.
Adjustments may be made that are
contrary to management's policy.
Access to cash received, cash
collection records and
processing areas should be
restricted.
O
Cash items received may be lost,
stolen, or misappropriated.
Adjustments to customer accounts
should be approved by the
appropriate manager in the
accounting period in which the need
for the adjustment was determined.
Adjustments should be supported by
the proper approval and written
documentation.
Cash receipts should be restrictively
endorsed and secured immediately
upon receipt.
A list of authorized messengers
should be maintained.
All messengers should be required to
sign a receipt when accepting
deposits for the bank.
Large dollar payments should be
segregated and deposited as soon as
possible to maximize security and
cash float.
Accounts receivable and other
cash accounts should be
reconciled periodically.
O, F
Discrepancies between the bank
records and Company records may
not be detected.
Losses or diversion of funds may go
undetected.
59
Cash items collected should be
reconciled to deposit records.
Bank reconciliations should be
performed and differences should be
investigated and resolved.
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
COLLECTIONS GENERAL
Management should define the
criteria for when the collection
process should be initiated.
Customer correspondence
(billing/service problems, etc.)
should be investigated and
resolved in a timely manner.
O
O, F
Inadequate or inconsistent collection
policies and procedures may be
implemented, resulting in inadequate
or insufficient collection efforts and
decreasing the likelihood of
collection.
Formal, written procedures for
treatment of delinquent accounts
should be developed.
Misapplication or misappropriation
of cash receipts may not be
identified and corrected on a timely
basis.
Customer mail should be processed
timely.
Unprocessed customer
correspondence may result in
customer dissatisfaction and increase
delinquencies and uncollectible
accounts.
Customer account write-offs
should be adequately
documented and approved.
O
Customer dissatisfaction may result
in loss of the customer.
Collectible accounts may be written
off in error.
Adjustments to revenue and
customer accounts should be
properly approved, and
collections on accounts should
be accurately applied to the
proper accounts.
O. F
Unauthorized, duplicate or erroneous
adjustments may be processed,
which result in misstatement of
customer accounts.
The accounts receivable balances
should be reviewed on a regular
basis and collection efforts should be
initiated on all accounts outstanding
over the specified terms of sale.
Customer inquiries should be routed
to the appropriate personnel for
prompt follow-up.
Summaries of customer complaints
should be distributed periodically to
management for review.
Guidelines relating to write-offs
should be documented and
maintained.
Write-offs should be reviewed and
approved by management prior to
actual write-off of account.
Customer contacts should be
adequately documented in the
customer records and files.
Adjustments to customer accounts
should be adequately documented
and approved in accordance with
management's policies.
60
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
COLLECTIONS GENERAL
The collections process and
treatment of delinquent
accounts should be monitored
by management.
O
Delinquent accounts may not be
followed up in a timely manner, thus
decreasing the likelihood of
collection.
Periodic audits of the delinquent
accounts should be performed to
ensure proper treatment steps are
applied (e.g. sit-in observations and
account reviews).
The aging of delinquent accounts
should be reviewed.
Delinquent accounts should be
prioritized systematically for
follow-up and treatment.
COLLECTIONS - AGENCY
Guidelines should be
established for the
administration of accounts
referred to a collection agency.
O
Delinquent accounts may not be
handled efficiently or may be
mismanaged.
Criteria should be established for
determining when delinquent
accounts should be turned over to a
collection agency and how these
accounts should be managed
internally.
Only authorized agencies
should collect on delinquent
accounts on behalf of the
Company.
O
Unauthorized agencies may be
conducting business with our
customers.
An agreement with the collection
agency should exist outlining the
rates/terms of performance and
eligibility requirements for
commission.
The Company's terms and conditions
relating to collection may be
misrepresented.
Payments to the collection
agency should be accurate and
timely.
O
Commissions may be paid
inappropriately or not in accordance
with contract terms.
61
Refer also to the Policies &
Procedures - Purchasing section on
Procurement - Contracts.
Commissions for accounts collected
should be verified against customer
records and contract terms prior to
payment.
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
COLLECTIONS - AGENCY
Accounts referred to the
collection agency should be
monitored.
O
The collection agency may not be
performing their services in
accordance with the contract.
Management should request
confirmation of accounts received by
the collection agency.
Accounts and/or their value may be
incorrectly transmitted to or received
by the collection agency.
The number and dollar of accounts
referred to the collection agency
should be compared to the agency's
confirmation of accounts received.
The history of accounts referred to
the collection agency (e.g. aging of
delinquent accounts, inventory of
open and closed accounts) should be
evaluated.
The collection agency's procedures
should be audited for effectiveness
by Company management or a third
party.
Customer payments received
by the collection agency
should be accurately applied to
the customer's account.
O, F
Collections may not be accurately
recorded, resulting in incorrect
customer payments and account
balance, and computation of the
collection agency's commission.
A trust account should be set up by
the collection agency for monies
collected on the Company's behalf.
Management should regularly
compare customer payments sent
directly to the collection agency with
Company billing records to ensure
proper application.
Management should verify collection
agency's reported payments made to
Pacific Bell with internal billing
records.
REFUNDS AND
ADJUSTMENTS
Credit balances indicating
potential customer
overpayment should be
investigated and resolved in a
timely manner.
O
Overpayment by customers, keying
errors, etc. may not be detected or
corrected.
Accounts with credit balances should
be investigated and refunds should
be issued to the customer for overpayment, or the dollars transferred to
the appropriate accounts.
Investigations and resolutions should
be adequately documented.
62
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
REFUNDS AND
ADJUSTMENTS
The propriety of the refund
should be verified and
approved.
Refunds should be issued in
accordance with the tariff and
properly substantiated.
O
Refunds or adjustments may be
processed for customers who were
not overbilled or who did not
overpay on their account.
Customer account history should be
reviewed to ensure customer was
billed for the product/service and
cash was received and applied to the
account.
O, C
The rate applied to the adjustment
may not be in accordance with the
tariff.
The rates and calculation used in
determining the refund should be
documented.
Unauthorized, duplicate or erroneous
adjustments and refunds may be
applied to customer's accounts.
The adjustment period for the
refunds should follow the statute of
limitation provided for in the tariff.
Adjustments and/or refunds given to
the customer may exceed the statute
of limitation based on the class of
service.
The appropriate rates should be used
in computing the adjustment or
refund.
Adjustments to customer accounts or
refunds made to the customers may
be incorrect.
Journal entries should be
prepared to reverse the
transaction and to
appropriately reduce revenue.
Vouchers for cash refunds
should be properly reviewed,
approved and processed.
A management reporting
system should be implemented
to summarize refunds and
credits issued by business unit.
F
Duplicate credits may be applied to
customers' account.
Refunds and adjustments may be
inconsistently charged to sales and
related accounts.
Overcharge penalty credit should be
applied when appropriate.
The customer's account balance
should be reviewed to ensure cash
received has been correctly applied.
Journal entries should be prepared in
accordance with the Company's chart
of accounts and Generally Accepted
Accounting Principles.
O, F
Cash refunds may be issued without
management's approval or may be
issued inappropriately.
Refer to Policies & Procedures Purchasing section on Cash
Disbursement - Bills and Vouchers.
O
Inefficient or ineffective billing and
collection procedures may not be
identified and corrected.
Reports of refunds or credits issued
by profit center should be prepared
periodically and reviewed and
analyzed by management.
Company and departmental
objectives may be established based
on incomplete information.
63
Refer also to the Information Systems and Communication Methods
section on Information Systems.
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
COIN OPERATIONS COLLECTION
Coin collection activities
should be segregated from coin
counting activities and
accounting functions.
O, F
Coins may be:
• collected, but not counted
• collected and counted, but not
reported to accounting
• not collected or counted, but
reported to accounting
Coin collection, counting, and
accounting/reporting responsibilities
should be segregated.
Lost or stolen coins may not be
detected timely.
Collections from pay
telephones should be
monitored and scheduled to
ensure efficient use of
resources.
O
Only authorized security
agencies/personnel should be
allowed to collect and
transport coins.
O
Pay telephones may be scheduled for
collection before they are full.
Pay telephones become inoperable
when the coin box is full and not
collected, resulting in lost revenues.
Collections may be delivered to the
wrong building, or incomplete
collections may be delivered.
The amount of money collected at
each pay telephone should be
monitored.
Collection schedules should be
established based upon predicted
coin capacity levels. The collection
interval should be evaluated and
adjusted as necessary to increase the
efficiency of collections.
The contract with the security
agencies should include a liability
clause to ensure secure, complete
and timely deliveries.
Guidelines should be established to
clearly define the responsibilities for
collection and transport of coins.
Accountability for collections
should be established.
O, F
Collections may be stolen or lost on
route from the collection garages to
the coin count centers.
Responsibility for the coins collected
should be clearly defined for each
step of the collection process.
Revenues may be misstated due to
lost or stolen cash.
Acknowledgment of the number of
cases picked up by the security
agencies should be in writing and
signed by the security agency and
Company personnel.
The number of cases picked up and
delivered by the security agencies
should be verified against internal
records.
64
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
COIN OPERATIONS COUNTING
Coins collected should be
properly secured.
O
Unauthorized persons may gain
access to the collections.
Unsecured coin collection vehicles
may be vulnerable to theft.
Missing keys to the pay telephones
may go undetected, leaving the
collection box at risk of
unauthorized collections.
Appropriate security systems should
be maintained at all collection
garages.
The vehicles used to collect and
transport coins should be equipped
with the proper security systems
such as alarms and ignition kill
switches.
Each coin box should be appropriately sealed to prevent unauthorized or accidental opening.
Keys returned from the field should
be compared to the listing of keys
sent to the field.
Audit of coin box keys should be
performed at least annually.
Coins collected should be
counted accurately and
promptly.
O
Missing coin collection boxes may
go undetected.
Missing and uncounted coins may go
undetected.
Coins counted may be incorrect due
to counting machine malfunctions.
Access to the coin count rooms
should be secured.
O
Unauthorized persons may gain
access to the collections.
The number of coin collection boxes
shipped from the collection garages
should be compared to the number of
boxes received by the count center.
Coins should be weighed by
denomination and the weight should
be compared to a pre-determined
acceptable range for the value of the
counted coins.
The number of coin collection boxes
picked up each day from the count
centers should be recorded and
signed by the security agencies and
Company management.
The vault area should be secured
from other processing areas.
A list of persons authorized to use a
vault key should be maintained.
65
POLICIES & PROCEDURES - Sales
BUS.
EXAMPLES OF
COIN OPERATIONS BANKING
Coins collected and counted
should be deposited timely.
O
Coins deposited at the bank
should be accurately and
promptly reported.
O, F
The Company's cash flow may be
adversely affected due to untimely
deposit of coins collected.
Coins collected should be deposited
at the bank daily.
Deposits may not be properly
reported in the general ledger.
Bank receipts should be compared to
the daily deposit slips for accuracy
and consistency.
Discrepancies between the bank
deposits and the cash recorded in the
general ledger may go undetected.
66
POLICIES & PROCEDURES - Public Relations
In today’s business environment, Public Relations play an integral part in the development of business strategies. Diversified
groups, all seeking different objectives, are required to work together to achieve progress and share common advantages.
The attitudes of the employees, the community, the government, the stockholders, and the vendors also contribute to forming
goodwill. Monitoring social trends, devising strategies to deal with them, and conducting programs to help direct those
trends are the crucial functions in public relations. Accordingly, highly skilled specialization and talent should be employed
to gather public opinion and employ techniques to influence it.
The specific functions included in the Public Relations process include:
Management of:
• Government Agencies
• Investors
• Employees
• Customers
Public Service
Monitoring
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
MANAGEMENT OF
GOVERNMENT
AGENCIES
Management, using available
legal avenues, should attempt
to influence government
policies and regulations that
could affect the Company's
objectives.
O, C
Management may lack
understanding of government
policies.
Management may not be successful
in meeting their financial
requirements.
Legislation may be imposed that
may not provide the investors with a
fair and reasonable return.
Employees responsible for public
relations should be experienced in
government affairs as they relate to
the Company.
Regulatory and other government
information should be monitored and
communicated regularly.
Management should join industry
organizations that influence
legislative or regulatory bodies.
Management should identify the
legislative or regulatory areas in
which operations and profits are
affected, or potentially affected by
federal or state actions.
Refer also to the Policies &
Procedures - Government
Regulations section on Political
Activity Laws.
67
POLICIES & PROCEDURES - Public Relations
BUS.
EXAMPLES OF
MANAGEMENT OF
GOVERNMENT
AGENCIES
Management should actively
communicate the Company’s
position on issues to the
various governmental and
regulatory agencies.
O, C
The Company's viewpoint may not
be fairly or accurately represented to
the public and the government
agencies.
Management should engage in
activities that will help the Company
establish a reputation as the industry
leader.
Laws and regulations that impact the
Company may not be properly and
promptly assessed.
The Company's officers and senior
management team should be visible
spokespeople on issues that affect
the Company.
Management should be in touch with
overall industry relations with the
government and regulators.
Studies should be made of proposed
legislation at all levels of
government and the effect such
legislation may have on the
Company's operations.
Employees should be
encouraged to become
politically involved and to be
good citizens.
O, C
Employees may not be aware of
pending legislation that impact the
Company and their personal lives.
Passage of laws and regulations that
are in the best interest of the public
and the Company may be hindered
by employees’ lack of knowledge,
involvement and support of the
legislative process.
Pending legislation should be
communicated timely to all
employees (e.g. memos, publications, newsletter, paycheck inserts).
Employees should be encouraged to
register, vote, work for a candidate
or party, and become active in
community organizations.
MANAGEMENT OF
INVESTORS
The employees responsible for
investor relations should have
the requisite skills and possess
considerable financial
sophistication.
O, C
Rules and regulations relating to the
Securities and Exchange Acts may
be misinterpreted, misunderstood, or
violated.
Misrepresentations in the financial
statements may not be detected.
Critical Company activities may not
be reported or disclosed.
68
The managers assigned responsibility for investor relations should
possess knowledge in the following
areas:
• Regulatory guidelines and rules
for full disclosure in the
Securities and Exchange Acts
• Analysis and evaluation of
financial statements
• Detailed knowledge of the business activities of the Company
POLICIES & PROCEDURES - Public Relations
BUS.
EXAMPLES OF
MANAGEMENT OF
INVESTORS
The Company should maintain
an open line of communication
with its stockholders.
The annual report should be
accurately prepared and in
compliance with laws and
regulations.
Annual shareholders meeting
should be held.
Security analysts should be
kept informed of the
Company's financial condition.
O
F, C
Shareholder confidence in the
Company may decline due to
inaccurate, unreliable, or
inaccessible data.
Communication with stockholders
should take a more direct approach
to include: newsletters, quarterly
reports, special letters, annual
reports, company biographies, and
booklets describing the Company's
products and operations.
Financial information on the annual
report may be misstated.
Preparers of the annual report should
have some knowledge of the quality
or intelligence level of the
readership.
Information regarding significant
transactions may not be properly
disclosed.
O
O, C
The annual report should follow the
format and content requirements
established by the Securities and
Exchange Commission (SEC.
Shareholders may not attend in large
numbers if it requires a long and
expensive journey.
Stockholders meetings should be
held in various larger cities or where
concentration of holdings is largest.
Shareholders may not be given the
opportunity to integrally participate
in the activities of the Company.
Issue a post-meeting report including
(at minimum): presiding officer's
remarks, any new developments,
voting results for directors, auditors,
resolutions, and relevant questions
and answers that occurred during the
meeting.
The Company's securities may not be
actively sought by the public.
Key officers should be encouraged
to make presentations before one of
the societies of analysts.
The value of the Company's
securities may be downgraded.
Significant events that impact the
value of the Company's securities
may not be adequately
communicated.
69
Provide analysts with special reports
containing detailed and technical
financial data and only those plans
that can be revealed without
violating disclosure regulations.
POLICIES & PROCEDURES - Public Relations
BUS.
EXAMPLES OF
MANAGEMENT OF
INVESTORS
Periodically assess
shareholders‘ attitudes.
O
Information provided to shareholders
may not meet their investment needs.
Shareholders' confidence in the
Company may decline due to
inaccurate, unreliable or inaccessible
data.
Ensure full disclosure of all
transaction that could affect
security values or have an
influence on investment
decisions.
The timing of public releases
should be exercised by
management with extreme
care.
F, C
Securities and Exchange
Commission (SEC) regulations may
be violated.
The SEC’s function of maintaining
an orderly market for the Company’s
securities could be rendered
ineffective.
O, C
Premature public announcements
may be made.
A significant price increase or other
unusual market activity could occur
prior to an announcement of an
important corporate action or
development.
Insider trading regulations may be
violated.
Forecasts and claims may be
exaggerated or overly optimistic.
70
A questionnaire should be mailed to
shareholders to determine:
• If the shareholders understand the
financial section of the
Company's annual report.
• If the shareholders understand the
Company's operating problems
and progress.
• What shareholders think the
annual report should contain.
Financial reports should be
published frequently, regularly and
timely, and prepared in accordance
with Generally Accepted Accounting
Principles.
The SEC should be provided with
timely information.
The Company should be prepared to
make an immediate public
announcement if rumors or unusual
market activity indicate information
on impending developments has
leaked out.
Avoid premature announcements of
new products whose commercial
application has yet to be evaluated.
Limit the number of top management
involved in both formal and informal
discussions.
POLICIES & PROCEDURES - Public Relations
BUS.
EXAMPLES OF
MANAGEMENT OF
EMPLOYEES
A framework of well-planned
communication programs
should be implemented using a
variety of media.
O
Employees may not be able to obtain
detailed news and information and
exchange individual messages.
Employees with no access to
electronic systems may be denied
pertinent information.
Employees may not be motivated or
committed to achieving Company
objectives due to lack of
understanding of the workings of the
Company.
A system for upward
communication and an active
approach to listening to
employees should be
developed and implemented.
O
Management may not be in touch
with employee concerns, issues and
questions.
Employees may not feel they have a
shared understanding of
organizational goals.
Organizational strengths and
weaknesses, and issues that need
immediate attention may not be
readily addressed.
Employees should receive regular
publications and reports on major
industry developments,
accomplishments, and problems of
critical importance to the Company.
Examples include: newsletters,
newspapers, memos, pamphlets,
television/ videos.
Electronic bulletin boards, electronic
mail and voice mail should be used
by employees for internal
communication.
Senior management should have
regular interactions with employees
and their supervisors. Examples of
both formal and informal programs
include:
• Groups meetings with a question
and answer segment
• Focus groups
• Employee surveys
• Open door policy
• Skip level meetings
Management may not be able to:
• Assess employee morale and
attitudes
• Identify opportunities to improve
quality or productivity
• Measure gaps between
organizational objectives and
values and actual management
practices
The Company's overall
mission and goals should be
clearly defined and
communicated to all
employees.
O
Employees may lack understanding
of critical success factors.
Statements of the Company's vision,
mission and goals should be
communicated to all employees.
Refer also to the Information
Systems and Communication
Methods section on Communication
- Internal.
71
POLICIES & PROCEDURES - Public Relations
BUS.
EXAMPLES OF
MANAGEMENT OF
EMPLOYEES
Management should commit to
open, honest and frequent
communication throughout a
crisis situation.
O
Employees may learn about crisis
information through external sources
rather than from the organization.
Information received may be
incomplete, inaccurate or distorted,
causing confusion among the
employees.
Coordinate employee communications with other community
functions (e.g. publicity, community
and investor relations) to ensure
employees receive the same messages at the same time as the public.
Responsibility for managing the
crisis and for handling communications should be assigned in advance.
Develop a contact plan designed to
be successful in reaching key personnel with little advanced warning.
Review the crisis management plan
on a periodic basis and update it as
needed to ensure its viability with
current business conditions and
changes in personnel.
MANAGEMENT OF
CUSTOMERS
Personnel with responsibilities
for customer affairs should be
kept informed of internal and
external issues that affect the
organization, its products
and/or services, and the
industry.
O, C
A Company philosophy and
policy in dealing with
customers should be
established and communicated
to all employees and
customers.
O
Information that may affect the
Company, its products, customer
preferences, or legal and regulatory
changes may be incomplete or
inaccurate.
Customer affairs personnel should be
kept apprised of all issues that may
affect the customers.
Employees may not be encouraged
to "do it right the first time - every
time," resulting in recurring
problems and lost profits.
Document the Company’s statement
of customer philosophy and fair
policies and communicate it to all
employees and customers.
The quality of the Company's
products and services may be
perceived to be inferior.
Reinforce customer commitment
through the use of printed literature
and frequent public statements.
Customer affairs personnel actively
promote quality performance
throughout the organization.
Develop internal awareness
programs to encourage employees
customer sensitivity and
responsiveness.
72
POLICIES & PROCEDURES - Public Relations
BUS.
EXAMPLES OF
MANAGEMENT OF
CUSTOMERS
Periodically assess public
perceptions of the Company’s
performance.
O
The Company's reputation may be
damaged and become irreparable.
Customer concerns may not be
acknowledged or addressed.
Address customer complaints
promptly and appropriately.
O, C
Customers may express their
concerns to the press or consumer
advocate groups if the Company
does not address their complaints
promptly.
The cost to remedy grievances may
increase if they are not promptly
addressed.
On-going customer feedback
regarding the Company's
performance, products and/or
services should be obtained (e.g.,
using customer surveys and
interviews).
Customer complaints should be
reported promptly to the appropriate
personnel so types and patterns can
be analyzed and corrections made.
Establish prompt redress procedures
for grievances requiring legal action
or settlement.
PUBLIC SERVICE
The Company should
participate in community
activities that enhance the
public image of the Company.
O
The Company may be misinformed
of community issues.
Employees should be encouraged to
support civic endeavors.
The Company may not be perceived
as a contributor to the community
and achieving social and economic
goals.
Management should hire minorities
and participate in essential training
programs for the disadvantaged.
Government executives may make
unreasonable demands or issue
unfair restrictions if they perceive
the Company is not operating in the
best interest of the public.
The Company should
demonstrate its commitment to
preserving the environment.
O
Adverse publicity and boycott of the
Company's products or services may
occur.
The public may not be fully
informed on the Company's progress
and efforts toward environment
preservation.
73
The Company should provide
leadership and financial support to
social agencies and worthwhile
causes.
The Company should adopt
approaches to demonstrate that it is
committed to preserving the
environment through publicity and
actual expenditures.
Management should acquaint the
public with the Company's
environmental programs.
POLICIES & PROCEDURES - Public Relations
BUS.
EXAMPLES OF
MONITORING
The process for resolving
public affairs problems should
be evaluated periodically for
efficiency and effectiveness.
O
The Company may not be
responding to developments and
problems promptly.
The Company's track record with
respect to resolving public affairs
problems should be monitored. The
method in which the affairs were
handled and how successful they
were should be analyzed.
A system of routine calls to
customers should be maintained and
performed by trained
employee-interviewers.
Periodic reviews of customer service
and Company policies and
procedures should be conducted to
ensure they are adequate and
understandable.
74
POLICIES & PROCEDURES - Assets
The Assets Process includes functions involved in asset acquisition, classification and booking, inventory control and
reconciliation, adjustments to inventories and ledgers, asset disposal, tracking of asset transfers, and safeguarding of physical
and information assets.
The specific functions included in the Assets Process are:
Acquisition
Usage
Verification
• Inventory
• Reconciliation
Disposal and Transfer
Depreciation
Security
• Physical Assets
• Information Assets
STANDARDS
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
ACQUISITION
Asset acquisitions should be
authorized in accordance with
management's criteria.
O
Customer service quality levels (i.e.
source components of the Corporate
Team Report) may not be met.
Plant capacity may be under utilized
or inadequate.
Unsuitable or unauthorized assets
may be acquired.
The cost of the acquired assets may
not meet the Company's criteria for
making the investment.
75
Asset acquisitions should support the
goals of the Company.
Approval of asset acquisitions should
be made in accordance with Company
approval limits.
Clearly documented policy statements
should be developed setting forth
asset acquisition criteria such as:
• Review and approval of proposed
capital expenditures
• Acceptable inventory and service
levels
• Economic analysis and
justification
POLICIES & PROCEDURES - Assets
BUS.
EXAMPLES OF
ACQUISITION
Asset acquisitions should be
accurately and promptly
classified, summarized, and
recorded.
O, F
Inventory, property, and other asset
accounts may be misstated or not
prepared in accordance with
Generally Accepted Accounting
Principles.
Guidelines for the classification and
recording of assets should be
established, communicated, and
maintained in accordance with
Generally Accepted Accounting
Principles.
Asset location may be misstated.
Depreciation and amortization
amounts and/or classifications may be
incorrect.
Unauthorized, duplicate, or erroneous
data may go undetected.
Periodic comparison of asset reports
to source documents should be
performed by supervisory personnel.
Guidelines for capitalizing versus
expensing acquisitions should be
established (e.g. dollar amounts
and/or usage criteria).
Investment decisions may be based on
reports containing erroneous
Refer also to the Policies &
information.
Procedures - Engineering section on
Estimates.
Incorrect amounts or descriptions may
be posted to perpetual inventory
records.
Acquisitions may be incorrectly
capitalized or expensed.
USAGE
Use of Company assets should
be authorized in accordance
with management's policies.
O
Resources may be used for
unauthorized purposes or personal
gain.
Written policies should be developed
which state how resources are to be
employed
Property and scrap may be disposed
of without management approval.
Review, verification, and
authorization of resource usage
should be conducted (e.g. phone bills,
mileage, credit card statements).
Incurred expenses may be incorrect.
76
POLICIES & PROCEDURES - Assets
BUS.
EXAMPLES OF
VERIFICATION INVENTORY
Accounting for assets should be
in accordance with
management's policy, federal
regulations, and Generally
Accepted Accounting
Principles.
O, F, C
Errors or omissions in the physical
safeguarding, authorization, or
processing of transactions may not be
detected.
Inventories may be inaccurate and/or
incomplete resulting in misstatement
of financial statements, records, and
operating reports.
The Foreign Corrupt Practices Act of
1977 may be violated due to failure to
maintain adequate control of assets.
Assets may be lost, stolen, or
temporarily diverted.
Detailed records of assets should be
maintained, including the associated
cost and accumulated depreciation.
Management should identify and
monitor all major classes of assets to
be inventoried.
Any major proposed change in the
basic property record plan should be
submitted to the FCC at least 30 days
prior to the effective date.
Groups conducting inventories should
be trained.
Substantiation of account balances
and verification of the related assets
may not be possible.
Cost and accumulated depreciation
information required for tax purposes
and/or subsequent disposal may not
be available.
VERIFICATION RECONCILIATION
Recorded balances of assets
should be periodically
substantiated.
F
Interim period financial statements
may be distorted as a result of failing
to recognize physical inventory
shortages or overages, or changes in
standard costs.
77
Detailed asset records should be
reconciled to general ledger accounts
and differences investigated and
resolved.
POLICIES & PROCEDURES - Assets
BUS.
EXAMPLES OF
VERIFICATION RECONCILIATION
Adjustments to inventory and
related cost accounts should be
properly authorized and
accurately input in accordance
with management's policy.
F
Reconciliation of book to physical
adjustments may be inaccurate.
Reconciliation adjustments may not
be booked.
Accounts may be misstated because
of incorrect adjustments or
reclassifications.
Adjustments and/or classifications
may not be authorized.
Adjustments to subsidiary ledgers and
controlling accounts should be made
in accordance with management
policy.
Supervisory review, substantiation,
verification, and approval of adjusting
entries should be conducted.
Cut-off and closing schedules should
be developed and followed.
Adjustments may be recorded to
conceal inventory discrepancies.
Asset records should be
reviewed periodically by
management for accuracy and
consistency with operating
standards.
O, F
Management may remain uninformed
of the assets for which they are
responsible.
Decisions impacting assets may be
made with limited and/or incorrect
information.
Reports should be generated
periodically which communicate
investment detail to responsible
management.
Inventory results should be
documented and communicated to
appropriate management.
Problem conditions may not be
detected and corrected resulting in:
• Facility under-utilization
• Procedures not cost justified
• Inaccurate investment records.
Inventory/reconciliation discrepancies
should be investigated and corrections
implemented in a timely manner.
Assets may be sold, transferred, or
retired without management's
knowledge.
Written procedures for asset
disposition should be developed and
communicated.
Assets may be disposed of at
inappropriate prices.
Prior to asset disposition all transactions should be reviewed, verified
and approved by management.
DISPOSAL & TRANSFER
The transfer or disposal of
assets should be properly
approved by management and
regulatory agencies when
necessary.
O, C
Assets may be lost, stolen, or
converted to personal use.
(continued next page)
Transfer of assets valued at $100,000
or more to affiliate companies should
be approved by the CPUC.
(continued next page)
78
POLICIES & PROCEDURES - Assets
BUS.
EXAMPLES OF
DISPOSAL & TRANSFER
The transfer or disposal of
assets should be properly
approved by management and
regulatory agencies when
necessary.
O, C
(continued)
(continued)
Assets may be disposed of that could
be used in other Company operations.
Sales of assets necessary and useful to
the Company's duties should be
approved by the CPUC.
Transfer or sale of assets may not be
made in accordance with regulatory
requirements, resulting in fines and
penalties.
Disposition and transfer of
assets and their related
adjustments should be
accurately applied to the proper
asset accounts and subsidiary
ledgers.
F
Transactions may not be properly
reflected on the subsidiary records,
the general ledger account, or in
associated accounts (e.g. depreciation,
taxes).
Out-of-balance conditions between
the general ledger and subsidiary
records may not be detected and
corrected.
Financial statements may be
misstated.
Gains or losses from the
disposition of assets, should be
accurately and promptly
classified, summarized, and
reported.
F, C
Assets and related accounts may be
charged or credited with incorrect
amounts.
Accounting classifications may be
incorrect.
Sales prices may be established on
incorrect cost data.
Management should review, verify,
and approve adjusting entries.
After disposal or transfer of assets,
the asset reports should be validated
to ensure that the transaction was
properly reflected.
Reconciliation of subsidiary records
to the general ledger account, with
appropriate investigation and
correction of differences should be
done.
Guidelines for the classification and
recording of assets should be
established communicated, and
maintained.
Gains and losses from the disposition
of assets should be computed and
classified in accordance with
Generally Accepted Accounting
Principles.
Gains and losses may not be
accurately reported for book and tax
purposes.
The responsibilities of asset
acquisition and asset disposal
should be segregated.
O
Sale of assets converted to personal
use may go undetected.
The responsibilities for authorizing
the removal of assets, contracting for
salvage, and subsequent receipt of
payments should be segregated.
Periodic review and verification of
disposal and transfers should be made
by independent supervisory
personnel.
79
POLICIES & PROCEDURES - Assets
BUS.
EXAMPLES OF
DEPRECIATION
The depreciation method and
useful life used for depreciating
individual or classes of assets
should be established in
compliance with local, state and
federal policies and with
Generally Accepted
Accounting Principles.
O, F, C
The anticipated life of an asset may be Written policies and procedures for
improperly set.
asset related transactions (i.e.
amortization, taxation, depreciation
The wrong method may be used to
and interest under construction)
depreciate an asset.
should be established, communicated,
and maintained.
Income tax implications may not be
taken into account when setting the
Asset-related transactions should be
life of an asset.
authorized and periodically
substantiated.
Investment decisions may be based on
incorrect financial information.
Depreciation and amortization
of assets should be accurately
computed and reported,
promptly classified,
summarized and recorded.
O, F, C
Assets and other deferred cost
accounts may be charged or credited
with incorrect amounts.
Misclassification may affect
depreciation, amortization, and
taxation amounts.
Computation, reporting, and
classification guidelines for assetrelated transactions should be
documented.
Asset-related transactions should be
authorized and periodically
substantiated.
Assets may be incorrectly valued.
Sales prices may be established based
upon incorrect cost data.
Depreciation rate changes for book
purposes should be approved by the
FCC and CPUC.
Procedures may be implemented
which circumvent the intended
control activities.
Policies and procedures for asset
security should be developed and
communicated.
Assets may not be recorded or
recorded in such a way as to make it
difficult for management to identify
or safeguard them.
Periodic review of the procedures and
tests for compliance should be
conducted by management.
SECURITY PHYSICAL ASSETS
Access to physical assets
should be permitted only in
accordance with management's
policy
O
Assets may be lost, stolen, destroyed
or temporarily diverted.
Access restrictions should be
implemented to include:
• Card key devices
• ID badges
• Sign-in logs
(continued next page)
80
POLICIES & PROCEDURES - Assets
BUS.
EXAMPLES OF
SECURITY PHYSICAL ASSETS
Access to physical assets
should be permitted only in
accordance with management's
policy
O
See Risks on previous page.
(continued)
Detective/preventive devices should
be implemented to include:
• Guards
• Alarms
• Control of keys
Warehousing of assets at noncompany locations should be
governed by contractual agreement.
Assets should be properly secured
when not in use.
All company assets should be marked
(tagged) for ease of identification.
Access to processing areas
should be permitted only in
accordance with management's
policy.
O
Processing capabilities may be
destroyed, lost, or altered.
Physical restrictions, detective, and
preventive devices should be used.
Assets may be lost, stolen, destroyed
or temporarily diverted.
Work areas should permit maximum
visibility by management, guards.
Company identification should be
worn and clearly visible by all
employees.
Employees should challenge and
report any individual on Company
premises who is not wearing a
Company ID or visitor's pass.
SECURITY INFORMATION ASSETS
Access to asset records, cost
accounting detail, and computer
systems should be permitted
only in accordance with
management's policy.
O
Records may be destroyed or lost.
Financial and operating reports may
not be prepared in a reliable and/or
timely manner.
Records may be misused or altered.
Records should be properly stored in:
• Safes
• Locked cabinets
• Secured computer facilities
Appropriate off-site backup storage
should be used.
(continued next page)
81
POLICIES & PROCEDURES - Assets
BUS.
EXAMPLES OF
SECURITY INFORMATION ASSETS
Access to asset records, cost
accounting detail, and computer
systems should be permitted
only in accordance with
management's policy.
O
See Risks on previous page.
(continued)
System and password protection
methods should be used.
Refer also to the EDP Control
Activities section in Volume II for
security controls.
Confidential information
should be clearly labeled,
properly secured and
appropriately distributed.
O
Disclosure of confidential/
proprietary information may occur
and adversely affect the Company's
reputation and competitive position.
Criteria should be established for the
classification of confidential
information as "Proprietary" or
"Restricted Proprietary".
Guidelines on the distribution and
destruction of proprietary information
should be documented.
All Company documents of a
proprietary nature should be properly
labeled.
Maintenance and retention of
specific documents should be in
accordance with management's
policy, and regulatory
requirements.
O, C
Fines and penalties may be assessed
by regulatory agencies should
supporting documents not be retained
(e.g. tariff requirements, Universal
Lifeline certification).
The investment decision making
process may not be adequately
supported.
Audit trails could be eradicated.
Documentation in anticipation of
pending litigation may not be
retained.
82
Methods and procedures should be
documented, implemented, and
communicated that identify all data to
be retained and their specific retention
periods.
POLICIES & PROCEDURES - Engineering
The Engineering Process includes functions involved in network design, development, testing, maintenance, and
enhancement. In addition, the process encompasses the identification, justification, tracking, and posting of all costs related
to network undertakings.
The specific functions included in the Engineering Process are:
Network Planning
• Development
• Deployment
• Implementation
Estimates
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
NETWORK PLANNING DEVELOPMENT
The need to perform an
undertaking should be justified
in accordance with state
regulations and management's
objectives.
O, C
Business need or opportunity may not
be identified.
Alternative approaches may not be
addressed.
A project proposal (e.g. feasibility
study, economic analysis, alternatives,
risk assessment, cost/benefit analysis)
should be developed and evaluated
prior to seeking approval.
A proposed undertaking may not be
economically justified.
Projects should be authorized in
accordance with established
guidelines.
O
Projects may be performed that are
not in alignment with the Company's
goals.
A business case/implementation order
should be developed and approved in
accordance with Company approval
requirements.
Expenditures may be unauthorized.
Funding sources of the authorized
Failure to authorize and allocate
project should be identified and
resources could jeopardize the success documented.
of the project.
Project sponsors should be identified.
Policies and guidelines for the
development and
implementation of the
project/undertaking should be
established.
O
Projects may not be completed
successfully, reaching all stated
objectives and time constraints or
deadlines.
83
Standards and guidelines for project
management should be developed and
documented.
POLICIES & PROCEDURES - Engineering
BUS.
EXAMPLES OF
NETWORK PLANNING DEVELOPMENT
The organizations to conduct
the project should be identified
and defined.
Project deliverables, and
activities to produce them
should be defined.
O
O
Lack of a comprehensive plan could
jeopardize the successful completion
of the project.
A project start-up document should be
developed outlining the project's
justification, goals, and constraints.
Inadequate resources or lack of
required expertise could jeopardize
project completion.
A comprehensive plan for managing
the project should be developed.
All phases and activities required to
complete the project may not be
identified.
A defined committee, subcommittee
structure should be used to manage all
phases of the work.
Critical activities and project
milestones may not be identified and
the successful completion of the
project could be jeopardized.
Standards for development,
acquisition, testing, quality
management, product delivery, and
customer/product support should be
developed.
Resources and staff required for the
undertaking should be identified and
specific tasks should be defined and
assigned for completion.
Project milestones should be
identified and the critical path should
be determined.
Project cost, schedule, and
performance should be
monitored on a regular basis.
O, F, C
All costs associated with a project
may not be captured, resulting in
misstatement of the network
investment and the basis used for rate
making purposes.
Items on the critical path could be
delayed jeopardizing the entire
project.
Projects could fail to meet objectives
without being detected or corrected in
a timely manner.
84
A project cost tracking plan should be
designed and implemented.
Tracking codes should be assigned
and costs should be captured through
the use of on-line systems or locally
developed processes.
Actual costs should be compared to
estimated costs and variances should
be investigated and resolved.
Milestones should be periodically
reviewed and revised as needed.
POLICIES & PROCEDURES - Engineering
BUS.
EXAMPLES OF
NETWORK PLANNING DEPLOYMENT
Testing should occur prior to
full implementation of the
project.
O
Inefficiencies may not be identified.
Strategic and technical design flaws
may go undetected.
System degradation may occur.
Customer requirements may not be
met.
A quality assurance testing plan
should be documented and
implemented.
Benchmarks for acceptable
performance measurements should be
established.
An action plan to correct variances
identified during testing should be
established.
NETWORK PLANNING IMPLEMENTATION
An implementation schedule
should be designed, monitored
for completion, and updated as
needed.
O
Training needs should be
identified and provided prior to
project implementation.
O
Successful project implementation
could be jeopardized.
Customer or end user needs may not
be met.
Employees may lack sufficient skills
to implement the project.
End users may not receive full benefit
from the project.
A list of all implementation activities,
their required time frames, and the
groups responsible for completion
should be prepared.
Training requirements should be
identified by comparing current skill
levels to those required to ensure
successful implementation and end
user capabilities.
Formal training activities should be
added to the implementation schedule
as deliverables.
A post implementation review
should be conducted and
documented.
O
Stated objectives may not be met.
Future problems may arise from
unresolved issues.
Historical information which could be
used for future undertakings could be
lost.
Outstanding issues should be documented, assigned to team members for
resolution, and monitored by the
project manager for completion.
The project team (or end user) should
acknowledge acceptance of completed
project through the use of a sign-off
document.
A key learnings document should be
developed to identify process
enhancements and recommendations.
85
POLICIES & PROCEDURES - Engineering
BUS.
EXAMPLES OF
ESTIMATES
The need of the specific
undertaking, its objective, and
its time frame should be
documented.
O
Asset utilization may not be
monitored.
The measurements for utilization and
relief may not be developed based on
Company accepted standards.
Monitored assets may be
underutilized.
The timing of the undertaking may
not be reasonable or appropriate.
The basis of the investment
should be identified and
substantiated.
The estimate should accurately
reflect the selected project
alternative.
O
O, F
O
Evidence of the alternatives
considered should be retained in job
file.
The investment description should be
developed that outlines what the
estimate will do for the business and
which organization(s) will receive the
major benefit.
The economics on which the
undertaking's sizing and timing are
based may be incorrect.
Support for capacity, sizing, demand,
and timing (e.g. discounted cash
flow, standard engineering guidelines,
net present value, etc.) should be
documented.
Cost determination may be based
upon incorrect data.
The components of the accepted
design should be identified (e.g. parts
list, schematic, statement of labor
requirements etc.).
The design of the undertaking may
not match the assumptions made in
the underlying business case or
implementation order.
Estimate authorization should
be in accordance with
established guidelines.
Documentation should provide a
listing of underlying assumptions
upon which the trigger for the job was
based.
The undertaking may not be in
accordance with management's
expectations.
An estimate should be approved in
accordance with Company approval
requirements.
The budget fit may not be assessed.
Estimate funding sources should be
identified and documented.
Expenditures may not be authorized.
Adequate resources may not be
allocated.
86
POLICIES & PROCEDURES - Engineering
BUS.
EXAMPLES OF
ESTIMATES
Expenditures of capital and
expense dollars should be
monitored on a regular basis.
O, F
All costs associated with an estimate
may not be captured, resulting in
misstatement of investments.
Differences between actual and
estimated costs may not be identified
and analyzed.
Guidelines for the classification and
recording of costs should be
established, communicated, and
maintained.
Actual costs should be compared to
estimated costs and differences should
be investigated and explained.
Cost overruns may not be supported
by a supplemental estimate.
Reclassification of Plant Under
Construction to Plant in Service
should be done promptly and in
accordance with management
policy.
F
Inaccurate accumulation of interest
may occur.
Depreciation and Ad Valorum tax
could be misstated.
Investment records may be inaccurate
and out-of-date.
Guidelines for transferring dollars
from "Under Construction" to "In
Service" should be developed and
implemented.
Property should not be held in
Account for Future Telecommunications Use for more than two years
without an explicit waiver from the
FCC.
Supporting documentation for the
transferred amounts (e.g. dollars
and/or percent) should be retained in
the permanent job file.
Processes should be developed by
which the transfer of dollars is
accomplished.
All estimates should be closed
in accordance with
management's policy.
F
Investment records may not be current Guidelines should be developed for
or accurate.
estimate closing requirements and
procedures.
Financial statements may be
misstated.
An estimate report should be used to
verify that all charges, adjustments
and bills are reflected on the proper
Field Reporting Codes (FRC) or final
accounts.
All charges, credits, and adjustments
should be reflected on the estimate
prior to closing.
87
POLICIES & PROCEDURES - Engineering
BUS.
EXAMPLES OF
ESTIMATES
Estimate records should contain
sufficient documentation to
permit independent assessment
of the reasonableness and
appropriateness of the
investment decision.
O, C
The Company may not be able to
justify the appropriateness of the
investment decision. This would
place the Company in noncompliance with the Modernization
Settlement Agreement (Application
85-01-034) and the CPUC Decision
90-03-075.
88
Resource effectiveness reviews
should be conducted on a regular
basis.
Standards for records/documents to be
retained and the length and location of
retention should be established.
POLICIES & PROCEDURES - Purchasing
The Purchasing Process includes the functions of initiating requests for goods or services; obtaining information as to
available and approved suppliers and prices; placing orders for goods and services; receiving, inspecting and accepting the
goods or services; accounting for the proper amounts due to suppliers; and processing payments in a controlled and efficient
manner. There are also some additional requirements for the identification and management of temporary workers.
The core of the Purchasing Process in dealing with vendors is management integrity. Company management must
demonstrate that dealings with third parties are conducted ethically, honestly, and fairly. Refer also to the Operating
Environment section on Integrity and Ethical Values.
The specific functions included in the Purchasing Process are:
Management
Procurement
• Contracts
• Temporary Workers
Receiving
Cash Disbursement
• Bills and Vouchers
Corporate Cards
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
MANAGEMENT
Purchasing responsibilities
should be segregated and
independent from disbursement
and accounting functions.
O
A purchase may be:
• Unauthorized
• Made from an unauthorized
supplier
• Ordered and received by an
unauthorized individual
Sensitive payments, related party
transactions, or conflict of interest
situations may occur.
Responsibilities for vendor selection,
cash disbursement and accounting
activities should be segregated.
Purchasing agents and contract
managers should be periodically
rotated among purchasing
responsibilities to ensure
independence.
PROCUREMENT CONTRACTS
Purchase requisitions should be
initiated by the requesting
department and be properly
approved before a purchase
commitment is made.
O
Purchase commitments may be
entered into that are not needed or
approved by management.
The need and the types of goods and
services being sought should be
identified, analyzed, documented and
approved.
Internal resources should be
considered prior to using external
resources.
89
POLICIES & PROCEDURES - Purchasing
BUS.
EXAMPLES OF
PROCUREMENT CONTRACTS
Management should determine
and communicate guidelines for
vendor selection.
O, C
Purchases may be made from
unacceptable vendors.
Purchases may be made from related
parties without senior management’s
knowledge.
Purchases may be made from vendors
offering kickbacks or gifts to increase
sales.
Fines or penalties could result from
purchases with foreign vendors that
violate import quotas or other
regulations.
Management should determine
and communicate guidelines for
deciding the types, estimated
quantities, prices, and terms of
goods and services to be
purchased.
Contracts should be awarded on
the basis of the best terms
available to meet the
Company's overall
requirements.
O
Write-offs of unusable or unneeded
inventories.
Purchases of goods that do not meet
the Company’s needs or comply with
its quality standards.
O, C
Clearly written policies of criteria for
selecting vendors should include:
• Identification of credit references
that must be obtained from
potential vendors
• Financial condition that must be
maintained
• Quality and delivery criteria that
must be attainable
• Special considerations for related
parties and potential conflicts of
interest
An approved vendor list should be
established and periodically reviewed,
updated, and purged of inactive
vendors.
Approval by senior management on
the types, quantities, prices and terms
of certain purchases (e.g. purchase
contracts for unusually large amounts,
purchases from related parties, large
capital expenditures).
Purchases of goods and services on
terms that are not acceptable (e.g.
unfavorable delivery dates that
conflict with provision schedules).
Approval limits for purchases should
be identified and documented.
Sensitive payments, related party
transactions, or conflict of interest
situations may occur.
Competitive bids should be obtained
to ensure the Company obtains the
best possible terms and to reduce
dependence on one supplier.
Goods or services purchased may not
meet the Company's quality standards
or Company requirements such as
Minority, Women and Small Business
Enterprises operations.
Guidelines requiring competitive bids
for all purchases over a specified
amount should be documented and
maintained by management.
Awards not made on a competitive
bid basis should be documented and
treated as an exception to normal
business processes.
(continued next page)
90
POLICIES & PROCEDURES - Purchasing
BUS.
EXAMPLES OF
PROCUREMENT CONTRACTS
Contracts should be awarded on
the basis of the best terms
available to meet the
Company's overall
requirements.
O, C
See Risks on previous page.
(continued)
Management should periodically
conduct an in-depth review of vendor
selection documentation and identify
situations where direct award was
unacceptable.
Acceptance of vendors that did not
submit the lowest bid must be
adequately justified, documented and
approved by management before a
purchase commitment is made.
Agreements between the
Company and vendors should
be in writing and signed by
both parties to the contract
prior to performance of
contract.
O, C
Purchases may be made from
unacceptable vendors.
Purchases may be made from related
parties without senior management’s
knowledge.
Purchases may be made from vendors
offering kickbacks or gifts to increase
sales.
Fines or penalties could result from
purchases with foreign vendors in
violation of import quotas or
regulations.
All criteria used in the vendor
selection process should be
documented and safeguarded.
O, C
Purchases may be made from
unacceptable vendors.
There may be inadequate
documentation to support vendor
selection in the event litigation
occurs.
91
Company agreements should be
approved by management and
reviewed by the Legal Department.
Adequate nondisclosure agreements
should be signed by the vendor.
The contract should contain the
essential terms to imply sufficient
consideration by the parties and to
adequately protect the Company.
The contract should contain a rightto-audit clause.
Selection criteria should be
documented to include:
• Vendor's technological
competence
• Ability to properly service the
business
• Evaluation of the vendor's ongoing quality control program
• On-time delivery record
• Vendor's capacity constraints
POLICIES & PROCEDURES - Purchasing
BUS.
EXAMPLES OF
PROCUREMENT CONTRACTS
Vendors should be periodically
and systematically monitored to
ensure that actual performance
meets expectations.
O
Vendors who no longer meet the
Company's quality standards may still
be doing business with us.
Vendor performance may be
inadequate and not detected by
management.
Vendors' performance (e.g. on-time
delivery, accuracy of delivery,
product quality, and actual cost
performance) should be monitored
and documented regularly.
Company management should
periodically exercise the right-to-audit
clause in the contract.
PROCUREMENT TEMPORARY WORKERS
The criteria for use of
temporary workers should be
clearly defined, communicated
and approved.
O, C
The use of temporary workers may
not be properly authorized.
Misclassification of temporary
employees may put the Company at
risk of violating federal and state tax,
benefit, and labor laws.
Guidelines relating to the use of
temporary workers should include:
• Definition of temporary workers
• Requirements for use
• Reporting requirements
• Classification criteria
Written approval for use of temporary
workers should be obtained from a
Business Unit/Support Unit Head, or
an officer.
The use of former Pacific Bell
employees requires an additional
written evaluation from the Legal
Department.
Proper classification of temporary
workers should consider who directs
and controls when, where and how
the worker performs.
Agreements between the
Company and the temporary
workers must be in writing and
signed by both parties to the
contract prior to performance of
contract.
O, F, C
Temporary workers may be hired
without management's knowledge.
The responsibilities for timely
payment of wages, federal and state
tax withholding, benefits and other
legal liabilities may not be clearly
defined or assigned.
(continued next page)
92
Contracts with temporary workers
must be approved by management and
the Legal Department.
(continued next page)
POLICIES & PROCEDURES - Purchasing
BUS.
EXAMPLES OF
PROCUREMENT TEMPORARY WORKERS
Agreements between the
Company and the temporary
workers must be in writing and
signed by both parties to the
contract prior to performance of
contract.
O, F, C
(continued)
(continued)
The Company may be liable as a joint
employer if contract employees and
vendors fail to report employment
taxes.
The contract should set out the terms
of the working relationship -- what
services are to be performed, duration
of the service, amount and method of
compensation, and location of the
services to be performed.
The contract should contain a rightto-audit clause. The clause should be
exercised by management
periodically.
Former employees who are retained
through a broker/agency should sign a
form which acknowledges that he/she
is not an employee of Pacific Bell.
RECEIVING
Only items that were properly
ordered and meet purchase
order specifications should be
accepted.
Goods received should be
safeguarded.
O
O, F
The following goods or services may
be received and ultimately paid for,
rather than returned or refused:
• Unordered goods or services
• Excessive quantities or incorrect
items
• Canceled orders
• Duplicate orders
• Goods that arrive too early or too
late may be accepted.
Closely supervise central receiving
locations and separate those functions
from those of purchasing and storing.
Purchases may be stolen, lost,
destroyed, or temporarily diverted.
Goods received should be stored in
areas with restricted access.
Inventory may be overstated as a
result of stolen or lost goods.
Custodial and record-keeping
functions should be segregated.
93
Preprint purchase orders with the
receiving location and instruct vendor
to deliver only to that location.
Evidence should exist of a detailed
comparison of goods received to a
copy of the purchase order.
POLICIES & PROCEDURES - Purchasing
BUS.
EXAMPLES OF
RECEIVING
Accurately update vendor,
inventory and purchase order
information to reflect receipts.
O, F
Misstatement of inventory accounts as Receiving documents should be
a result of receiving information
prenumbered and missing documents
being lost or not being recorded
should be investigated.
accurately or timely.
Open purchase orders should be
periodically identified and
investigated.
Inventories should be periodically
counted and reconciled with perpetual
inventory records. Differences should
be investigated.
Periodically review receiving
information to ensure prompt
recording.
Rejected items should be
returned promptly.
O
Items received may not be inspected
adequately or timely.
Appropriate procedures for inspecting
items received should be maintained.
O
Procedures may be implemented that
circumvent existing control
techniques.
Check preparation, signing and
mailing responsibilities should be
segregated.
Potential for error, theft, sensitive
payments, and related party transactions increases substantially when
segregation of duties do not exist.
Accounts payable, purchasing and
receiving activities should be
segregated.
Goods or services may be received
but not reported, or reported
inaccurately resulting in unrecorded
liabilities, misstated inventories, and
over/under payments to vendors.
Vendor's invoice should be matched
and compared to an approved
purchase order and appropriate
receiving information before
payment.
Duplicate payments may occur, or
payments may be made for the wrong
amount or to unauthorized or
nonexistent vendors.
Original receipts should accompany
the invoice, check request or expense
statement.
CASH DISBURSEMENT BILLS AND VOUCHERS
Proper segregation of duties
should exist.
Adequate supporting
documentation should be
attached and matched to all
invoices processed for
payment.
O, F
Items may be recorded and payment
made for goods or services not
received.
94
POLICIES & PROCEDURES - Purchasing
BUS.
EXAMPLES OF
CASH DISBURSEMENT BILLS AND VOUCHERS
Vendor's invoices should be
reviewed for clerical accuracy
before approval of payments.
O, F
Purchases or services may be
unauthorized, recorded for the wrong
amount or in the wrong period, and/or
payment made to the wrong person.
Invoiced quantities, prices and terms
should be verified against the
purchase order, request for quotation,
and receiving report.
Financial statements may be
misstated.
Invoice extensions and footings of
invoices should be verified.
Critical decisions may be based upon
erroneous information.
Key fields of information (e.g.
quantity received, vendor number,
product codes, account numbers)
should be checked for validity.
Processed invoices that vary from
purchase orders or other criteria by
more than pre-established limits
should be reported and investigated.
Expenses should be properly
classified and recorded.
F, C
Expenses may be misclassified
resulting in misstatement of accounts.
Payments for goods and
services should be properly
approved.
O
Sensitive payments and related party
transactions may occur.
Payments to vendors should be
authorized in accordance with
Company approval limits.
O, F
Goods or services may be received,
but not recorded resulting in
understated liabilities.
Vendor invoices should be processed
and paid in a timely manner.
All disbursements should be
properly and accurately
recorded in the accounting
period in which the payment
was made. The proper
recognition of expense should
never be delayed or deferred.
Expenses should be coded to the
proper expense code in accordance
with the Company's chart of accounts,
Expenses may not be properly tracked Internal Revenue Code, and Generally
for tax reporting purposes.
Accepted Accounting Principles.
Unprocessed receiving reports and
invoices should be periodically
reviewed, investigated, and resolved.
Vendor statements should be
reviewed at least on a test basis for
past due items and resolved in a
timely manner.
95
POLICIES & PROCEDURES - Purchasing
BUS.
EXAMPLES OF
CASH DISBURSEMENT BILLS AND VOUCHERS
All checks should be
prenumbered, issued
numerically, and accounted for
on a periodic basis.
Cash disbursements should be
summarized and reported in
transaction summary registers.
O
O, F
Procedures may be implemented that
circumvent existing internal control
techniques. The potential for error,
theft, sensitive payments, and related
party transactions may increase
substantially.
All checks/promissory notes should
be prenumbered, issued numerically,
and accounted for on a periodic basis.
Financial statements, records, and
operating reports may be misstated.
Decisions may be based upon false
information.
Summary of expenses should be
prepared, reviewed and approved
timely.
Corporate cards may be used for
non-Company expenses.
Purchases using the corporate card
should be made only by the
cardholder.
Refer also to the Policies &
Procedures - Treasury section.
CORPORATE CARDS
Corporate card usage should be
properly authorized.
O
Corporate cards may be used by an
individual other than the cardholder.
Disbursements for corporate
card usage should be accurately
recorded and properly reviewed
in a timely manner.
O, F
Corporate card charges may not be
properly recorded as liabilities in the
period the expenses were incurred.
Corporate card charges may not be
paid on a timely basis.
96
The corporate card should be used for
the employee's business expenses that
are authorized by the Company.
Corporate card charges should be paid
timely to avoid finance charges.
Accounts with over due balances of
30 or more days should be reviewed
and investigated.
POLICIES & PROCEDURES - Payroll
The Payroll Process includes functions involved in reporting hours worked; classifying hours worked, attendance, and
compensatory absences; preparing payroll checks; accounting for payroll costs, deductions, benefits, and other adjustments;
distributing checks; and ensuring the confidentiality and physical security of payroll and personnel information.
The specific functions included in the Payroll Process are:
Payroll Processing
• Authorization
• Adjustments
• Compensation/Withholding
• Distribution
• Security
Time Reporting
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
PAYROLL PROCESSING AUTHORIZATION
Only employees who have been
hired according to
management's policy should be
working for the Company.
O
Company guidelines for the hiring of
employees may be circumvented.
The work force may be inadequate or
excessive given Corporate objectives.
Policies setting forth management's
criteria and strategy for achieving
anticipated force levels should be
developed and communicated.
Actual head count to budget should be
compared and differences explained.
Refer also to the Policies &
Procedures - Human Resources
section on Planning.
An employee payroll master
file that is accurate and
complete should be maintained.
O, F, C
Incorrect data in the payroll master
file could result in incorrect wage
payments.
Withholding of earned wages may be
incorrect.
Deferred vested pension and accrued
pension benefits may be incorrectly
calculated.
Awards, incentives, recognitions, etc.
may not be accurately reflected on the
payroll master file.
97
The payroll master file should contain
all information concerning current
pay rates, withholding deductions, tax
codes, etc.
All data in a personnel information
system should be periodically
verified.
All changes to personnel information
should be verified and authorized by
management.
POLICIES & PROCEDURES - Payroll
BUS.
EXAMPLES OF
PAYROLL PROCESSING AUTHORIZATION
All compensation
documentation should be
properly and accurately
maintained by personnel
management.
C
Employment laws and regulations
(e.g. Fair Labor Standards Act) may
be violated resulting in fines,
penalties, or litigation.
Personnel file documentation should
include properly executed employment forms, authorized classification
and pay rates, pre-employment
background, information such as
references, medical reports, etc.
Only authorized additions,
deletions, or changes to
employee information should
be permitted.
O
Changes to employee information
may be incorrect or not authorized by
the employee.
Changes should be restricted to those
supported by properly authorized
documentation.
Payroll records may not accurately
reflect employee's employment status.
Periodic testing of the permanent
payroll records against the personnel
master file should be conducted.
The payroll department should be
promptly and formally notified of
personnel terminations or transfers.
Payroll duties and
responsibilities should be
segregated.
O
Payroll records and/or personnel
Employees with responsibilities for
documents may be improperly altered. personnel should be segregated from
payroll distribution and recording
Misappropriations of funds may
functions.
occur.
Payroll preparation responsibilities
should be segregated from payroll
authorization, check signing, and
check distribution responsibilities.
PAYROLL PROCESSING ADJUSTMENTS
Payroll adjustments should be
properly approved and
accurately prepared, recorded,
and substantiated.
O, F
Inputs into the payroll process or
general ledger may be incomplete,
inadequate or inaccurate.
Unauthorized, duplicate, or erroneous
data may be entered on a payroll
reporting document.
Reports may be inaccurate with
respect to the period in which the
event occurred or to the classification.
Input documents should be reconciled
to transaction summary registers.
Classification of payroll transactions
should be based on a written Chart of
Accounts.
Cut-off and closing schedules should
be developed, communicated and
followed.
(continued next page)
98
POLICIES & PROCEDURES - Payroll
BUS.
EXAMPLES OF
PAYROLL PROCESSING ADJUSTMENTS
Payroll adjustments should be
properly approved and
accurately prepared, recorded,
and substantiated.
O, F
Adjustments to payroll should
comply with management's
policies.
O, F, C
See Risks on previous page.
Edits to prevent or detect the posting
of duplicate transactions and the loss
of accepted transactions should be
installed in the payroll system.
Adjustments may be approved which
are not acceptable to management.
Unacceptable adjustments, which
increase or decrease amounts paid to
employees, may be processed.
Erroneous adjustments may impact
tax liability, etc.
Benefits, special payments, and
bonuses, should be authorized
in accordance with
management's policies.
(continued)
O, F, C
Employees may be paid amounts
which are not acceptable to
management.
Laws and regulations may be
violated.
Accruals may be incorrectly
calculated. and improperly
journalized.
Policies and procedures relating to
payroll adjustmentsts should be
developed and communicated.
Periodic analysis of trends in amounts
and types of adjustments should be
done.
All adjustments should be verified
and authorized by management.
Methods and procedures should be
developed and communicated that
address payments for:
• commissions
• benefits
• rewards
• bonuses
• sick pay
Refer also to the Policies &
Procedures - Human Resources
section on Compensation.
PAYROLL PROCESSING COMPENSATION/
WITHHOLDING
Compensation rates and payroll
deductions should be
authorized in accordance with
management's policy.
O, F, C
Employees may be paid amounts
which are not acceptable to
management.
State labor and employment laws and
regulations may be violated.
(continued next page)
99
Methods and procedures that address
the types of items to be withheld from
an employee's paycheck should be
developed and communicated.
(continued next page)
POLICIES & PROCEDURES - Payroll
BUS.
EXAMPLES OF
PAYROLL PROCESSING COMPENSATION/
WITHHOLDING
Compensation rates and payroll
deductions should be
authorized in accordance with
management's policy.
O, F, C
Compensation rates and payroll
deductions should be accurately
and promptly entered into the
payroll system.
O
Payroll withholdings should be
properly authorized to ensure:
• proprietary of amounts
• compliance with government
requirements
• timely remittance to the
appropriate taxing entity
• timely reconciliation to
general ledger accounts
(continued)
(continued)
Accruals for vacation, pension, etc.
may be miscalculated and improperly
journalized.
All withholdings should have a form
properly approved by the employee in
file.
Transactions may not be processed or
processed incorrectly.
Supervisory review, verification, and
approval of inputs to the payroll
system should be performed.
Reports may be altered to withhold
data from those who are entitled to
receive it or to give data to those who
do not have a "need to know".
O, F, C
Inaccurate amounts may be withheld.
Incorrect amounts may be accrued
and improperly paid.
Interest and penalties may be
incurred.
Detailed withholdings and payments
may not agree to the recorded
withholdings and payments.
Inaccurate information may be input
into the general ledger.
Payroll processing schedules should
be established and communicated to
ensure payroll adjustments are
properly considered in wage
computation.
Establish and communicate company
guidelines to develop, summarize and
report required tax information.
Analysis of key ratios, trends, and
variances should be conducted by
supervisory personnel.
Formulas used for accruals (e.g.
interim period accruals for workers'
compensation) should be reviewed by
supervisory personnel for accuracy
and reasonableness.
The financial statements may be
misstated.
Each accounting period prepare
journal entries for payroll,
payroll deductions, and related
adjustments.
F
Financial statements may be misstated Transactions should be classified
due to entry omissions, incorrect
according to a written chart of
coding, duplicate journal entries, or
accounts.
improper cut-offs.
Coding instructions, cut- procedures
and closing schedules should be
developed, documented and
communicated.
(continued next page)
100
POLICIES & PROCEDURES - Payroll
BUS.
EXAMPLES OF
PAYROLL PROCESSING COMPENSATION/
WITHHOLDING
Each accounting period prepare
journal entries for payroll,
payroll deductions, and related
adjustments.
F
See Risks on previous page.
(continued)
Fluctuation analyses should be
performed for recurring entries.
Supervisory personnel should review,
verify, and approve journal entries.
Refer also to the Policies &
Procedures - Financial Reporting
section on Accumulation of Financial
Information - Journal Entries.
Periodically substantiate the
recorded balances for payroll
accounts.
O, F
Errors and omissions may go
undetected and uncorrected.
Critical decisions may be based upon
erroneous information.
Perform reconciliation of recorded
balances with source data (tax
withholdings to selected W-4 forms)
and resolve differences.
Conduct analysis of key ratios, trends,
and variances.
Accrual formulas should be
periodically reviewed for accuracy
and reasonableness.
Actual payroll costs should be
compared to budgeted costs.
Summaries of wages and
withholdings should be
prepared in accordance with
state and federal tax
regulations.
F, C
Non-compliance and/or calculation
errors may result in fines and
penalties assessed by the government.
Schedules should be developed to
ensure wage and withholding reports
are accurately prepared and submitted
to the appropriate agencies in a timely
manner.
Withholdings due to the Internal
Revenue Service should be promptly
and accurately remitted.
Annual summaries of employee
wages and withholdings should be
prepared and mailed directly to
employees.
101
POLICIES & PROCEDURES - Payroll
BUS.
EXAMPLES OF
PAYROLL PROCESSING DISTRIBUTION
Procedures for the distribution
of payroll should be established
in accordance with
management policy.
O
Misappropriation of unclaimed
checks, loss of checks, misdirected
deposits, and/or non-compliance with
government regulations could result.
Distribution may be made to
unauthorized employees and remain
undetected.
Outstanding advances may not be
collected.
Unauthorized charges may be
incurred subsequent to termination of
employment for which the Company
may become liable.
Proper segregation of duties
should exist between the
payroll distribution,
authorization and processing
functions.
O
Funds may be misappropriated as
improper changes/additions could be
made to the master file or incorrect
hours may be submitted for payment.
Pay drafts for non-management
employees should be reviewed by
management prior to distribution.
Procedures should be established for
the return of unclaimed checks (e.g.
identification, verification, and
method of delivery.)
Procedures should be established to
ensure the following occurs prior to
disbursing the final payroll check to
an employee leaving the Company:
• All outstanding advances have
been cleared
• All company credit cards have
been returned
• All computer accesses have been
withdrawn and passwords changed
• All company property, employee
badges, and security passes or keys
have been returned.
Persons responsible for the
distribution of payroll checks should
have no other personnel or payroll
responsibilities and should not
approve labor hours or time cards.
Distribution may be made to
unauthorized employees and remain
undetected.
PAYROLL PROCESSING SECURITY
Access to records, critical
forms, processing areas,
computer systems, and
processing procedures should
be permitted only in accordance
with management's policy.
O, C
Inability to prepare reliable financial
Access to the Personnel Data System
and operating results as a result of lost (PDS) and payroll records should be
or destroyed records.
restricted to authorized personnel
only.
Detriment to the Company or its
employees could occur as a result of
Computer terminals should be secured
the misuse or alteration of records by when not in use.
unauthorized persons.
(continued next page)
(continued next page)
102
POLICIES & PROCEDURES - Payroll
BUS.
EXAMPLES OF
PAYROLL PROCESSING SECURITY
Access to records, critical
forms, processing areas,
computer systems, and
processing procedures should
be permitted only in accordance
with management's policy.
Elements employed in the
preparation of payroll checks
(i.e. check stock, signature
plates, etc.) should be
safeguarded.
O, C
O
(continued)
(continued)
Inability to report or a distortion of
reported activities could occur should
processing capabilities be lost,
destroyed, or altered by unauthorized
persons.
Payroll documents should be
maintained and secured for the
required retention period.
Payroll forms (e.g. paychecks) should
be pre-numbered and controlled.
Changes such as force moves, status
codes, rate increases, and other pay
affecting matters may be misstated.
Vital documents should be properly
secured and their access restricted.
Non-compliance with federal
regulations (Fair Labor Standards Act
- FLSA) and state statutes may occur.
Periodic security compliance reviews
should be conducted to identify
weaknesses in the payroll system.
Employee confidentiality may be
compromised.
Refer also to the Policies &
Procedures - Treasury section.
Unauthorized use or issuance of
payroll checks may occur, and
misappropriation of cash may go
undetected.
Blank checks should be sequentially
pre-numbered and safeguarded.
Checks may be diverted and cashed
by unauthorized persons.
Confidential payroll information may
be reviewed and/or disclosed by
unauthorized persons to the detriment
of the Company or the employees.
Duplicate check numbers may be
assigned or check numbers may be
omitted.
Errors and omissions in the
safeguarding, authorizing, and
processing of checks may not be
detected and corrected.
All payroll checks should be
periodically accounted for as being
issued, voided, or unused.
Spoiled checks should be immediately
voided, the signature portion removed
and destroyed, and the checks
maintained in the files in compliance
with established record retention
policies.
Records should be updated to include
replacement checks.
Signed payroll checks and direct
deposit advices should be secured
until distributed to employees.
(continued next page)
103
POLICIES & PROCEDURES - Payroll
BUS.
EXAMPLES OF
PAYROLL PROCESSING SECURITY
O
See Risks on previous page.
Elements employed in the
preparation of payroll checks
(i.e. check stock, signature
plates, etc.) should be
safeguarded.
(continued)
Payroll check signatory plates and
hand stamps should be secured and
access restricted.
Payroll disbursements should be
drawn on zero balance bank accounts
(i.e., reimbursement to the account
must be equal to net pay for each
payroll prepared).
TIME REPORTING
All regulated and nonregulated
activities should be accurately
reported, properly classified,
and promptly submitted.
O, F, C
Employees may be erroneously paid
for hours not worked or may not be
paid for hours actually worked.
Overtime hours and/or meal
allowances may be misstated.
Inaccurate classification of hours for
regulated and nonregulated activities
may occur.
Supervisors should review, verify,
and approve time documents
submitted by employees prior to
payroll input processing.
All employees should be trained on
the use of proper Field Reporting
Codes, Cost Function Codes,
Tracking Codes, Environmental
Codes, etc.
Inaccurate reporting may result in
substantial penalties from the
regulatory agencies.
Time documents should be
accurately, completely, and
promptly processed.
O, F
Input errors may go undetected.
Unauthorized transactions may be
processed and remain undetected
resulting in the misappropriation or
temporary diversion of funds.
Management reports and employee
earnings records may be inaccurate.
Financial statements may be
misstated.
104
Original time documents should be
compared to the appropriate payroll
output report and approved by
appropriate management.
POLICIES & PROCEDURES - Payroll
BUS.
EXAMPLES OF
TIME REPORTING
Gross dollars, hours worked,
rate of pay and exceptions
should be periodically verified.
O, F
Unauthorized adjustments may go
undetected.
Duplicate payments may remain
undetected.
Payments may be incorrectly
classified.
Paychecks may be issued for deceased
or terminated employees.
105
Reports showing payroll detail should
be compared to the original input/time
document.
A payroll detail report should be
verified and approved by the proper
payroll approving authority as being
correct or as indicating corrections
have been made.
POLICIES & PROCEDURES - Financial Reporting
The Financial Reporting Process includes the gathering, processing, and consolidating of financial information and the
preparing and reviewing of financial statements and reports to ensure compliance with management's policies, Generally
Accepted Accounting Principles (GAAP) and applicable federal and state laws and regulations.
The specific functions included in the Financial Reporting Process are:
Accumulation of Financial Information
• General
• Coding and Classification of Transactions
• Journal Entries
• Disclosure Data
Processing and Consolidation of Financial Information
Preparation and Review of Financial Statements and Reports
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
ACCUMULATION OF
FINANCIAL
INFORMATION GENERAL
Accounting policies and
procedures should be
established in accordance with
management's criteria, GAAP,
and applicable laws and
regulations.
O, F, C
Financial statements may be
misstated, inconsistent, and/or not
prepared in accordance with
management's policies, GAAP and
applicable laws and regulations.
Incomplete or inaccurate processing
of daily transactions and journal
entries could occur.
A reduction in the segregation of
duties may occur as a result of
departmental reorganization and
personnel reassignment.
Accounting policies and procedures
should be documented and supported
by:
• Written policy statements
• Procedures manuals (e.g.
Accounting Instruction)
• Chart of accounts (e.g. Accounts
Manual)
• Training manuals
New policies and procedures or
changes to existing policies and
procedures should be documented,
reviewed and approved by
management.
Job responsibilities should
be clearly defined and properly
segregated.
107
POLICIES & PROCEDURES - Financial Reporting
BUS.
EXAMPLES OF
ACCUMULATION OF
FINANCIAL
INFORMATION - CODING
AND CLASSIFICATION OF
TRANSACTIONS
All reportable transactions and
activities should be coded and
classified on an accurate and
consistent basis, and in
accordance with management's
policy, GAAP, and applicable
laws and regulations.
O, F, C
Inaccurate coding and classification
of regulated and nonregulated
activities may occur.
Financial statements may be
misstated, inconsistent, and/or not
prepared in accordance with
management's policy, GAAP, and
applicable laws and regulations.
Reference manuals and guides which
describe and define codes and
accounts should be maintained and
distributed, including:
• Accounts Manual
• Functional Accounting (FA)
Coding Guide and Specifications
• Job Function Code Manual
Employees should be trained on the
use of proper codes including:
• Function Codes (FC)
• Field Reporting Codes (FRC)
• Expenditure Type Codes (EXTC)
• Tracking Codes (TC)
New codes should be systematically
assigned and existing codes should be
updated as appropriate.
Documents used to report transactions
and activities (e.g. time sheets,
vouchers) should be reviewed and
approved by management.
Accounting transactions or
changes in methodology that
require advance approval by
one or more regulatory
agencies should be identified
and submitted to the
appropriate agency on an
accurate and timely basis.
F, C
Transactions and changes may not be
submitted to the appropriate
regulatory agency for advance
approval resulting in possible
penalties and fines.
Accounting transactions or changes
which require advance approval by a
regulatory agency should be
documented and distributed to
appropriate departments.
(continued next page)
108
POLICIES & PROCEDURES - Financial Reporting
BUS.
EXAMPLES OF
ACCUMULATION OF
FINANCIAL
INFORMATION - CODING
AND CLASSIFICATION OF
TRANSACTIONS
Accounting transactions or
changes in methodology which
require advance approval by
one or more regulatory
agencies should be identified
and submitted to the
appropriate agency on an
accurate and timely basis.
F, C
See Risks on previous page.
(continued)
Any group contemplating actions
which may require advance
regulatory approval should contact
Corporate Accounting.
Transactions or changes impacting
the financial reporting process that
should be reported to Corporate
Accounting.
• All new clearing accounts
• Extraordinary items, prior period
adjustments, and contingent
liabilities
ACCUMULATION OF
FINANCIAL
INFORMATION JOURNAL ENTRIES
Approval should be given to
all, and only, those
transactions/journal entries that
meet management’s guidelines.
O, F
Processing of journal entries that are
unacceptable to management.
Misstatement of account balances and
concealment of irregularities could
occur.
Omission of journal entries may
occur.
Review and approval of entries
should be made by an appropriate
level of management.
Compare critical details of each
journal entry to establish criteria.
Comparison may be done manually or
by use of computer validation
techniques.
(continued next page)
109
POLICIES & PROCEDURES - Financial Reporting
BUS.
EXAMPLES OF
ACCUMULATION OF
FINANCIAL
INFORMATION JOURNAL ENTRIES
Approval should be given to
all, and only, those
transactions/journal entries that
meet management’s guidelines.
O, F
Journal entries should be
prepared accurately, completely
and promptly.
O, F
See Risks on previous page.
(continued)
Exception reporting should be
established for:
• Processed journal entries that do
not meet established guidelines
• Standard journal entries that have
not been submitted
Entries may be omitted, incorrectly
made or made in the wrong
accounting period.
Maintain a detail closing schedule
listing due dates and individuals
responsible for various categories of
journal entries.
Cut-off procedures and dates (i.e. last
date a journal entry can be submitted)
should be established.
Journal entries received after the
established cut-off date should not be
accepted unless authorized by the
appropriate level of management.
All necessary accruals and deferral
entries should be made in the correct
accounting period.
Compare, period to period, all
recurring journal entry amounts.
Compare journal entry amounts with
original source data on a regular
basis.
Account for journal entry numbers to
prevent or detect missing or
duplicated entries.
Check actual entries against the
closing schedule (e.g., use check-off
control sheets).
110
POLICIES & PROCEDURES - Financial Reporting
BUS.
EXAMPLES OF
ACCUMULATION OF
FINANCIAL
INFORMATION JOURNAL ENTRIES
Accurate posting of all
approved journal entries to the
correct general ledger accounts.
O, F
Misstatement of general ledger
account balances owing to:
• Omission of approved entries
• Unauthorized entries
• Duplicate entries
• Entries posted to wrong accounts
• Entries posted in the wrong
accounting period
Verify journal entry approvals prior to
posting.
Batch and reconcile input totals to
posted totals and new ending
balances.
Implement programmed controls to
prevent or detect duplicate journal
entries and the loss of accepted
entries.
Restrict journal entry input through
the use of passwords.
ACCUMULATION OF
FINANCIAL
INFORMATION DISCLOSURE DATA
Accurate and prompt gathering
of pertinent disclosure data
(e.g., earnings per share, debt
agreement provisions,
commitments and
contingencies).
O, F, C
Omissions of required disclosures or
components of required disclosure
data.
Implement a process for early
identification of required disclosures
(i.e. debt agreement provisions,
commitments and contingencies,
Data calculations or estimations made stock option and purchase
based on unreasonable assumptions or information), for example:
methods.
• Review of minutes (Board of
Directors' and shareholders'
meetings)
• Reference to prior year financial
statements
• Review of new regulatory
pronouncements
• Discussions with legal counsel and
external auditors
Specific individuals are assigned
responsibility for gathering required
data.
Document and distribute data
gathering procedures to ensure
prompt identification and reporting of
necessary data.
111
POLICIES & PROCEDURES - Financial Reporting
BUS.
EXAMPLES OF
ACCUMULATION OF
FINANCIAL
INFORMATION DISCLOSURE DATA
Required disclosure data should
be summarized and reported in
an accurate and consistent
manner in accordance with
GAAP and applicable laws and
regulations.
O, F, C
Misstated or incomplete supplemental
disclosures.
The summary may contain
unauthorized, duplicated or erroneous
information.
Checking (referencing) reported
information to source documentation
by individuals who were not actively
involved in the process.
Reconciliation beginning balances
and current activities to current
period's ending balances.
Research and document significant
variances from prior period results
and/or the budget.
Informed personnel (e.g., tax
specialists, legal counsel, external and
internal auditors) perform a review of
disclosure data.
PROCESSING AND
CONSOLIDATION OF
FINANCIAL
INFORMATION
Accurate, complete, and prompt
reporting of general ledger
balances.
O, F
Misstated financial statements due to
omission of general ledger balances
and/or clerical errors.
Reconcile beginning balances and
current period activities to the ending
balances.
General ledger balances should be
reconciled with subsidiary ledger
balances.
Use of standard reporting formats by
all reporting units including
subsidiaries.
Comparison of reports received with
those required through the use of a
regular reporting schedule and checkoff sheets.
(continued next page)
112
POLICIES & PROCEDURES - Financial Reporting
BUS.
EXAMPLES OF
PROCESSING AND
CONSOLIDATION OF
FINANCIAL
INFORMATION
Accurate, complete, and prompt
reporting of general ledger
balances.
O, F
Accurate, complete and prompt
consolidation of financial
reports.
F
See Risks on previous page.
(continued)
Periodically substantiate and evaluate
general ledger recorded balances.
Examples of techniques include:
• Confirmation with third parties,
including employees and
custodians
• Analysis of key ratios, trends and
variances
• Periodic reviews of methods and
formulae used for realization,
accruals, write-offs, etc.
Misstatement of the financial
statements due to clerical errors
and/or omission of or incorrect,
elimination and reclassification
entries.
Implement standard elimination and
reclassification entries, and
consolidation formats.
Consolidation, reclassification, and
other adjustments of general ledger
balances into financial statement
formats should be explained and
documented.
All adjustments should be reviewed
and approved by management.
Number and amounts of
reclassification and elimination
entries for the current period should
be compared with the prior period.
113
POLICIES & PROCEDURES - Financial Reporting
BUS.
EXAMPLES OF
PREPARATION AND
REVIEW OF FINANCIAL
STATEMENTS AND
REPORTS
Financial statements and
reports (including filings with
the SEC, FCC and CPUC)
should be prepared in an
accurate, consistent, and timely
manner. Reports should be in
compliance with GAAP and
applicable laws and regulations.
O, F, C
Reports may be misstated,
inconsistent, and/or not prepared in
accordance with applicable laws and
regulations.
Reports may not be filed by the
required due dates.
The Company may be exposed to
litigation or enforced actions by
regulatory agencies and/or subject to
substantial fines and penalties.
Information presented may be too
high level or detailed to be useful.
Procedures for the preparation and
review of financial statements and
reports should be documented
including:
• List of reports including
description, due date, and
distribution (including applicable
regulatory agency)
• Requirements for financial
information and disclosures
• Persons and departments
responsible for providing report
data, and preparation and review of
reports
Periodic review of procedures should
be conducted by legal counsel for
compliance with applicable legal and
regulatory requirements.
Appropriate personnel should be
trained or kept updated on current
laws and regulations.
Independent review of regulatory
reports (e.g. by legal counsel,
external and internal auditors, etc.)
should be conducted.
Actual financial results should be
compared with budget.
Conduct periodic survey of users
concerning the utility of the reports
they receive.
114
POLICIES & PROCEDURES- Treasury
The Treasury Process includes those functions related to reconciling bank account cash receipts and disbursements to the
Company's cash subsidiary journal and to the originating cash receipt or expenditure log; recording and reporting cash
transactions and the Company's cash position to Corporate Accounting; and maintaining necessary banking relationships,
including opening new banking accounts.
The specific functions included in the Treasury Process are:
Segregation of Duties
Bank Accounts and Depository Requirements
Cash Reconciliations
• Deposits
• Disbursements
• Bank Wires
Check Stock Security
Cash Advances
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
SEGREGATION OF
DUTIES
Treasury personnel performing
bank account reconciliations
should be independent of the
transactions (cash receipts or
disbursements) being validated.
O
Cash may be lost, stolen, or
temporarily diverted.
Records may be misused or altered by
unauthorized personnel to the
detriment of the Company.
Errors and omissions in authorization
and transaction processing may not be
detected and corrected.
The Treasury reconciliation function
should have the following segregation
of duties:
• Segregation of bank reconciliation
from cash receipt reconciliation
• Segregation of bank reconciliation
from cash disbursement
reconciliation
BANK ACCOUNTS AND
DEPOSITORY
REQUIREMENTS
All bank accounts should be
opened and maintained in the
Company's name.
O
Cash may be lost, stolen, or
temporarily diverted.
A bank must be authorized by
Resolution of the Board of Directors
before an account may be opened.
All bank accounts should be
authorized by the Corporate Treasurer
or Assistant Treasurer.
115
POLICIES & PROCEDURES - Treasury
BUS.
EXAMPLES OF
CASH RECONCILIATIONS
- DEPOSITS
Cash deposits should be
reconciled to the Company's
records periodically.
O, F
Cash receipts may be lost and/or
misappropriated.
Cash deposits should be compared to
the Company's customer cash receipts
log, Deposit Reporting System
Lost, incorrectly reported, and/or
(DRS), and the Company's cash
misappropriated cash receipts may not subsidiary journal (Cash Book
be identified and corrective action
Register) on a daily basis.
taken on a timely basis.
Differences between bank statement
Cash accounts may be in error
deposits, DRS and Cash Book entries
resulting in misstatement of the
should be identified and resolved on a
financial statements.
daily basis.
Cash flow may not be maximized.
CASH RECONCILIATIONS
- DISBURSEMENTS
Cash balances should be
reconciled to the bank records
periodically.
O, F
Amounts recorded in the cash
accounts may be in error, resulting in
misstatement of the financial
statements.
Recorded cash balances in the
Company's cash subsidiary journal
(Cash Book Register) should be
compared to actual bank balances on
a regular basis. Differences should be
identified and resolved.
Outstanding disbursements
should be reconciled to bank
records.
O, F
Incorrect amounts may be disbursed
to employees and vendors.
A detailed listing of outstanding
disbursements by check number,
showing payee and amount, should be
compared to actual amounts paid by
the banks.
Improper disbursements may be paid
to fictitious employees or vendors.
Duplicate payments may be made.
Amounts recorded in Cash Book may
be in error resulting in misstatement
of the financial statements.
116
Differences in amounts paid by the
bank and Company amounts issued
should be identified and resolved on a
regular basis.
POLICIES & PROCEDURES - Treasury
BUS.
EXAMPLES OF
CASH RECONCILIATIONS
- DISBURSEMENTS
Detailed subsidiary records
should be maintained for all
outstanding checks payable.
O, F
Incorrect amounts may be disbursed
to employees and vendors.
Improper disbursements may be paid
to fictitious employees or vendors.
Duplicate payments may be made.
Spoiled checks should be immediately
voided, the signature portion removed
and destroyed, and the checks
maintained in the files in compliance
with record retention policies.
Records should be updated to include
replacement checks.
Amounts recorded in Cash Book may
be in error resulting in misstatement
of the financial statements.
Disbursements should be drawn
on an imprest or zero balance
account.
O
Unauthorized payments may be made
and remain undetected resulting in the
misappropriation of assets.
All Company disbursements should
be drawn on an imprest or zero
balance account.
Cash flow may not be maximized.
CASH RECONCILIATIONS
- BANK WIRES
Payments by bank wire should
be properly authorized.
O
Cash may be lost, stolen, or
temporarily diverted.
Errors and omissions in cash
transactions may not be detected and
corrected.
Unauthorized payments may be made
and remain undetected resulting in the
misappropriation of assets.
117
All bank wires executed by the
holding company on behalf of a
subsidiary should be compared to the
authorized wire amounts. Differences
should be identified and resolved.
Payments by bank wire should be
authorized by the Chief Financial
Officer or designated representative.
POLICIES & PROCEDURES - Treasury
BUS.
EXAMPLES OF
CHECK STOCK SECURITY
Blank checks should be
safeguarded from destruction or
misuse and the supply of blank
checks should be periodically
reconciled.
O
Checks may be used for unauthorized
purposes. Missing checks may go
undetected.
Check stock should be stored in a
locked safe with restricted access.
Checks should be prenumbered and
accounted for periodically.
Breaks in sequence of the check stock
should be reviewed and investigated.
CASH ADVANCES
Cash advances should be used
for authorized expenditures and
should be closed in a timely
manner.
O
Cash may be used for unauthorized
purposes or diverted for non-business
purposes.
Cash advances should be approved in
accordance with Company approval
requirements.
Outstanding advances should be
reviewed daily to ensure they are
closed in a timely manner.
118
POLICIES & PROCEDURES - Government Regulations
The Government Regulations section represents an overview of certain laws and regulations that govern or affect most of the
Company’s business processes, functions and activities. This is not an all-inclusive list of existing laws and regulations. As
our business is subject to changing laws and regulations, it is the responsibility of management to establish and monitor
effective controls to ensure that all the federal and state laws and regulations that affect the Company have been followed.
The specific laws and regulations discussed in this section are:
Accounting Safeguards
Affiliate Transactions and Transfer Pricing
Employment Laws including Equal Employment Opportunities/Affirmative Actions,
Americans With Disabilities Act, and Sexual Harassment Law
Employee Retirement Income Security Act (ERISA)
Environmental Laws
Foreign Corrupt Practices Act (FCPA)
Modification of Final Judgment (MFJ)
Political Activity Laws
Safety Laws such as Occupational Safety and Health Act (OSHA)
Worker's Compensation Laws
This section does not discuss tariff regulations, Securities Exchange Laws and other regulatory reporting requirements.
Refer to the Policies & Procedures - Marketing and Financial Reporting sections for coverage of those areas.
119
POLICIES & PROCEDURES - Government Regulations
ACCOUNTING SAFEGUARDS: This is an FCC and CPUC mandated process intended to separate and track costs (time
and expenses) and revenues for regulated and nonregulated projects and products. This process ensures that tariffs are
appropriately established and the Company can compete without unfair advantage.
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
All employees should be aware
of or familiar with the
Accounting Safeguards
requirements.
O, C
Non-compliance with the Accounting
Safeguards standards may result in
substantial fines, penalties, and more
costly regulations.
A formal process should be
established to ensure that all
employees understand and receive
mandatory coverage on the
Accounting Safeguards
requirements.
All costs (time and expenses)
and revenues associated with
nonregulated products and
projects should be accurately
and timely tracked and
reported.
O, C
Improper tracking of costs and
revenues may result in inaccurate
pricing of regulated and nonregulated
products.
Employees should be adequately and
properly trained on reporting of time,
expenses and revenues associated
with nonregulated activities and
products.
All time and expense reports
related to nonregulated
activities should be supported
and retained.
O, C
Advance filings with the
regulatory agencies should be
completed prior to offering a
nonregulated product or
service.
C
Inappropriate use of tracking codes
may result in inaccurate product
costing.
Tracking codes should be properly
established and maintained.
Inaccurate reporting may result in
substantial penalties from the
regulatory agencies.
Employees' reporting of time and
expenses should be reviewed by
management.
Inadequate supporting documentation
may result in inaccurate time
reporting and failure to meet the audit
requirements of the regulatory
agencies.
All supporting documentation for
expenses and time related to
nonregulated activities should be
retained according to the statutory
time limit.
Non-compliance may result in
potential reprimands and penalties
from the regulatory agencies.
Prior to offering a nonregulated
product or service, the product or
service should be documented in the
Cost Allocation Manual and advance
filings with the regulatory agencies
should be completed by the statutory
deadline.
120
POLICIES & PROCEDURES - Government Regulations
AFFILIATE TRANSACTIONS AND TRANSFER PRICING: The principle underlying the rule established by the
CPUC and FCC is that rate payers should not be disadvantaged by transactions between the Company and other subsidiaries.
Therefore, it is necessary to track and "transfer price" these transactions to insure the Company is receiving fair value. By
regulation, the cost of tracking and documentation must also be included in the price charged to our affiliates. Affiliate
transactions may include the purchase and sale of goods and services, assets, proprietary information, employee transfers,
intellectual properties or financial obligations.
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
All employees should be aware
of or familiar with the Affiliate
Transactions/ Transfer Pricing
Policy.
O, C
Non-compliance may result in
substantial fines, penalties and more
costly regulation.
A formal process should be
established to ensure that all
employees understand and receive
mandatory coverage on the Affiliate
Transactions/
Transfer Pricing Policy.
Contracts should be negotiated,
written, and approved by
management and reviewed by
Legal, prior to provision of a
product or service to an
affiliate.
O, C
Products or services may be agreed
upon at prices or terms that violate
governmental laws and regulations.
All contracts and related service cost
agreements with affiliates should be
approved by the appropriate level of
management and reviewed by Legal.
All costs incurred in support of
services to affiliates should be
identified and tracked.
O, C
Improper tracking of costs may result
in inaccurate billings to affiliates.
A process should be established to
identify and track all costs associated
with services to affiliates in a timely
and accurate manner.
The price charged to an affiliate
must comply with the
established rules.
O, C
Inappropriate pricing to affiliates may
result in violation of governmental
laws and regulations.
The calculation of pricing to affiliates
should be properly supported and
reviewed by management.
All services to affiliates should
be timely and accurately billed.
O, C
Inaccurate and untimely billings may
result in penalties, fines, and violation
of governmental laws and regulations.
All billings and related supporting
documentation should be retained as
required.
Billings to affiliates should be done in
an accurate and timely manner.
121
POLICIES & PROCEDURES - Government Regulations
EMPLOYMENT LAWS:
EQUAL EMPLOYMENT OPPORTUNITIES/AFFIRMATIVE ACTIONS: A group of employment laws require that
all recruitment, hiring, transfers, and promotions be on the basis of individual qualifications regardless of race, color, gender,
religion, national origin, age, sex, sexual orientation, physical or mental handicap, medical condition, marital status, or
veteran status.
AMERICANS WITH DISABILITIES ACT: The Act prohibits employers from discriminating against the disabled in
employment, public transportation, and public accommodation.
SEXUAL HARASSMENT LAW: The Law provides protection against sexual harassment. Employers are held
responsible for acts of its agents and employees with respect to sexual harassment regardless of whether the employers knew
or should have known of their occurrence. Also, employers are held responsible for acts of non-employees if employers
know or should have known of the conduct and fail to take corrective actions.
BUS.
OBJ.
STANDARD
The Company should promote
and adopt fair employment
practices in the workplace.
C
RISKS
Unfair employment practices may
result in civil or criminal penalties,
adverse publicity and loss of status as
an acceptable federal contractor.
EXAMPLES OF
CONTROL ACTIVITIES
Formal policies should be established
to discourage unlawful
discrimination.
All managers should be familiar with
the anti-discrimination laws.
Refer to the Policies & Procedures Human Resources section on Staffing.
A fair salary compensation program
should be established and maintained.
The Company should pay
employees equal pay for equal
work.
O, C
Unfair salary treatment may result in
litigation, fines and penalties.
Qualified people may be discouraged
from working for the Company.
The Company should
encourage nondiscriminatory union practices.
The Company is obligated to
furnish the union with
information concerning
compliance with the antidiscrimination laws.
EMPLOYMENT
(continued)
C
C
Failure to comply may result in
substantial fines or penalties.
Failure to comply may result in
violation of laws and regulations and
a hostile relationship with the union.
A hostile environment may result in
unproductive and inefficient work.
LAWS
122
Refer also to the Policies &
Procedures - Human Resources
section on Compensation.
Policies should be established to
ensure that all employees do not
participate in discriminatory union
practices. For example, refusal to
process grievances because of race is
a discriminatory practice.
Information such as data on the race
and sex of job applicants should be
made available for the union’s review
as required.
POLICIES & PROCEDURES - Government Regulations
STANDARD
The Company should provide
a work environment that
discourages any form of sexual
harassment or hostility.
BUS.
OBJ.
C
RISKS
Violation may result in penalties,
fines and adverse publicity.
EXAMPLES OF
CONTROL ACTIVITIES
Policies and procedures should be
established to discourage, investigate
and correct misconduct in the
workplace.
Refer also to the Operating
Environment section on the
Ombudsman.
The Company should make
"reasonable accommodation"
for disabled employees.
O, C
Disabled employees may not be able
to perform their work effectively and
efficiently if "reasonable
accommodation" is not provided.
Violation may result in penalties,
fines and adverse publicity.
All existing facilities should be made
readily accessible to and usable by the
disabled.
Policies should be established to
discourage employment
discrimination against the disabled.
EMPLOYEE RETIREMENT INCOME SECURITY ACT (ERISA): Employee pension and welfare benefit plans are
covered by this law. Not all employee benefit plans, such as stock option plans, are subject to ERISA. ERISA pre-empted
state law reporting requirements. It established reporting requirements for employee plans and disclosure of information to
plan participants was mandated. Standards for plan fiduciaries were codified and, for tax qualified pension and profit
123
POLICIES & PROCEDURES - Government Regulations
sharing plans, ERISA set more stringent minimum standards. Refer also to the Policies & Procedures - Human Resources
section on Benefits - Profit Sharing and Retirement.
STANDARD
The Company or the Plan
Administrators should provide
all required reports and
disclosure documents to the
plan participants by the
statutory deadline.
BUS.
OBJ.
O, C
RISKS
Non-compliance may result in fines,
penalties or civil litigation.
Plan participants may not have
complete and accurate information
about the benefits to which they are
entitled.
The Plan Administrator may violate
its fiduciary responsibilities to its plan
participants; consequently, it may
result in litigation, fines and penalties.
The Company or the Plan
Administrators should file
annual returns with the Internal
Revenue Service (IRS) and
annual reports with the
agencies that have ERISA
jurisdiction such as Department
of Labor (DOL) and the
Federal Pension Benefit
Guaranty Corporation.
C
The Company should engage
an independent public
accountant to audit the financial
statements of the plan.
O, F, C
Non-compliance may result in fines,
penalties, and adverse publicity.
Delay in filing returns with IRS may
result in substantial penalties.
EXAMPLES OF
CONTROL ACTIVITIES
All required reports and disclosure
documents including the summary
plan description and annual report
should be completed and distributed
to the plan participants in a timely
manner.
All material modifications to the plan
such as eligibility requirements,
vesting provisions and structure of the
plan should be disclosed to the plan
participants.
Annual reports and annual returns
should be submitted to the ERISA
agencies by the statutory deadline.
Procedures for gathering the
necessary information to meet the
filing requirements should be
documented.
The pension assets and liabilities may
be misstated and may violate certain
governmental reporting requirements.
Financial statement audits of the plan
should be performed annually as
required.
Non-compliance with ERISA may
result in fines and penalties.
Operational review of the plan
administration should be conducted
on a periodic basis.
124
POLICIES & PROCEDURES - Government Regulations
ENVIRONMENTAL LAWS: A number of federal and state environmental statutes and regulations are established with
the purposes of preserving, conserving and reusing resources and also providing people with adequate and reasonable
protection from contaminated, hazardous and/or toxic environments. Regulated parties must familiarize themselves both
with environmental laws and regulations and with state agency personnel to avoid costly compliance problems. Refer also to
the Policies & Procedures - Public Relations section on Public Service.
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
All employees should be aware
of or familiar with certain
environmental laws and
regulations such as hazardous
substance control.
O, C
Non-compliance may lead to
unnecessary costs from fines and
penalties as well as higher levels of
exposure in civil litigation and
adverse publicity.
A formal process should be
established to ensure that all
employees understand and receive
mandatory coverage on recognizing,
handling and reporting of hazardous
materials.
The Company should exercise
reasonable diligence in
providing an environment free
of contaminants, hazards and
toxics.
O, C
Violations may result in civil or
criminal penalties and/or adverse
publicity.
Legal counsel should be consulted to
ensure compliance and adequate
monitoring of changes in
requirements.
Appropriate training should be
provided to employees whose jobs are
subject to potential exposure to
hazards and toxics.
The Company should
investigate, correct and report
any leakage of underground
storage tanks in a timely
manner.
O, C
Delay in leak reporting and corrective
actions may result in environmental
contamination and adverse publicity.
Non-compliance may result in
potential litigation, civil and/or
criminal penalties.
A process should be established to
ensure that in underground storage
tanks any unauthorized release or
leakage is properly identified and
reported to the regulatory agencies
within the statutory time limit.
Corrective actions should be taken
Inadequate corrective actions may
immediately to prevent unnecessary
result in excessive costs to remedy the and excessive costs to clean-up and
situation.
settle claims.
125
POLICIES & PROCEDURES - Government Regulations
STANDARDS
All storage facilities or tanks
that contain hazardous
materials should be
constructed, handled, and
monitored in compliance with
Occupational Safety and Health
Act (OSHA) and other
environmental laws and
regulations.
BUS.
OBJ.
O, C
RISKS
Inadequate construction, handling and
monitoring of storage tanks could
result in environmental
contamination, violation of laws, and
increased costs in replacement and
clean-up.
EXAMPLES OF
CONTROL ACTIVITIES
All hazardous materials and facilities
should be properly labeled and
handled in compliance with the
governmental requirements.
Only tanks that meet the statutory
construction standards should be
purchased and used to store hazardous
materials and substances.
A monitoring program (e.g. tank
integrity testing, soil testing and
groundwater monitoring) should be
established.
All records of monitoring activities
should be retained for the statutory
period.
All company vehicles should
meet the air emission and safety
standards.
O, C
Violations of the air pollution control
law could result in civil or criminal
liabilities.
Note: There are considerable
overlaps in requirements
between Safety and
Environmental Laws.
Refer also to the Safety Laws
portion of this section.
126
Regular maintenance and inspection
of company vehicles should be
performed to ensure the standards are
met.
POLICIES & PROCEDURES - Government Regulations
FOREIGN CORRUPT PRACTICES ACT (FCPA: This law makes it illegal to obtain or retain business through
improper payment or the offer of anything of value to foreign governmental or political officials. Also, it establishes certain
accounting and reporting standards that apply to all corporations registered with the Securities Exchange Commission (SEC.
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
The Company should not make
improper payments or offer
anything of value to
governmental or political
officials in exchange for a
business favor.
C
FCPA violations may result in
imprisonment, fines, or both for
individual employees, as well as
penalties against the Company.
A formal process should be
established to ensure that all
employees understand and receive
mandatory coverage on the
Company's corporate principles on
FCPA.
The Company should maintain
records that accurately and
fairly reflect all corporate
transactions.
O, F, C
Inaccurate records may result in
misstated financial statements.
All transactions should be recorded to
permit proper preparation of financial
statements.
The Company should maintain
an internal control system to
ensure reasonable controls over
its assets and all transactions
over those assets.
Falsification of accounting records
violates FCPA and other SEC laws
and regulations.
O, F, C
Inadequate internal controls may
expose the Company to material
financial risks and ineffective and
inefficient operations.
All transactions should be executed in
accordance with management's
authorization.
Each organization should maintain
and monitor an effective internal
control system.
Access to assets should be permitted
only according to management's
authorization.
127
POLICIES & PROCEDURES - Government Regulations
MODIFICATION OF FINAL JUDGMENT (MFJ: This final court decree ended the antitrust suit against AT&T and
resulted in divestiture. The MFJ places requirements and restrictions on the activities of the Bell Operating Companies and
their affiliates. The MFJ specifies what goods and services Pacific Telesis Group is permitted to offer. Also, it requires that
our services be available to all users on an equitable basis. Additionally, the MFJ creates substantial restrictions prohibiting
the Company from engaging in certain businesses without prior court approval.
STANDARD
All employees should be aware
of or familiar with the MFJ.
BUS.
OBJ.
O, C
RISKS
Lawsuits, fines and injunctions may
result from any violation of the MFJ.
Inadequate employee coverage or
violations of MFJ may be perceived
as a contempt of the court order.
EXAMPLES OF
CONTROL ACTIVITIES
A formal process should be
established to ensure that all
employees understand and receive
mandatory coverage on the MFJ.
Legal Counsel should be consulted to
ensure compliance and adequate
monitoring of changes in
requirements.
The Company should not
provide interexchange
telecommunications or
information services.
C
Violation may result in substantial
penalties, more costly regulation
and/or adverse publicity.
Formal policies should be established
to ensure that the prohibited activities
under the MFJ are properly
communicated.
The Company should not
design, develop or manufacture customer premises
equipment and telecommunications equipment.
C
Failure to comply may result in
contempt of court charges against
both the Company and individual
employee, as well as fines and
imprisonment.
All employees, especially those who
are directly involved in product
development and marketing, should
be familiar with the MFJ and seek
legal opinion when necessary.
See above risks.
Formal policies should be in place to
make employees aware of permitted
and prohibited activities under the
MFJ.
The Company should not
provide or sell telecommunications equipment such as cable
or central switches to other
carriers, even though it is
permitted to provide or sell
customer premises equipment.
O, C
The Company should provide
all interexchange carriers and
information service providers
equal information and
exchange access, and services
for such access.
O, C
Company resources may be misused
if efforts are directed to marketing
products that are disapproved by the
court.
Unequal treatment of customers may
result in lawsuits, penalties and
adverse publicity.
Customers may not receive the best
value for the expenditures.
128
Proper training and education should
be provided to all employees,
especially those who interact with
customers.
POLICIES & PROCEDURES - Government Regulations
POLITICAL ACTIVITY LAWS: The Political Reform Act and the regulations established by the Fair Political Practices
Commission impose most of the Corporation's reporting requirements on political and lobbying activities. The laws that
regulate those activities are complex and strict. Many activities that would not generally be thought of as regulated political
activities must be reported and the penalties for failure to report are severe. While an employee retains all the rights to
participate in political activity as a citizen, any actions or activities as an employee or using corporate resources are governed
by these laws and regulations.
STANDARD
Employees who engage in
political activity should be
aware of or familiar with its
related laws and regulations.
BUS.
OBJ.
C
RISKS
Employees or the Company may
violate the laws and regulations. For
example, gifts to a public official
exceeding certain limits may be a
violation.
EXAMPLES OF
CONTROL ACTIVITIES
A process should be established to
ensure that all employees are familiar
with the laws governing political
activities.
Refer also to the Policies &
Procedures - Public Relations section
on Management of Government
Agencies.
All lobbying activities should
be reported to the regulated
agencies in a timely manner.
C
Failure to report lobbying efforts can
result in severe penalties to the
Corporation and the individual.
Certain reports such as Quarterly
Lobbyist Report and Semi-Annual
Major Report should be submitted to
the regulated agencies by the statutory
deadline.
Company contributions or
"gifts" to public officials should
be in strict compliance with the
applicable gift and
disqualification limits.
C
Both civil and criminal penalties may
apply to violations. For example,
certain limits apply to the following
activities:
• Honoraria to public officials for an
appearance or speech
• Entertainment to public officials
• Expenses incurred during
interaction with FCC or CPUC
staff
Any gifts to public officials should
not exceed the applicable limits and
should be properly recorded and
reported.
Non-compliance with the corporate
policies could result in disciplinary
actions.
Employees should be aware that the
use of corporate paid time or
resources to support any political
candidate is unacceptable, except for
ballot measure campaigns approved
by the Company.
Corporate policy should
prohibit participation in
election activities during work
hours or on corporate premises.
O, C
Company resources may be misused.
129
The Legal department should be
consulted before inviting any public
officials to a social function (such as a
meal or an entertainment) on behalf of
the Company.
POLICIES & PROCEDURES - Government Regulations
SAFETY LAWS: A number of safety laws such as Occupational Safety & Health Act (OSHA) require the maintenance of
safe conditions, or the adoption and use of one or more practices, methods, and/or operations necessary to reduce hazards in
the workplace. OSHA standards may be categorized into four broad subject areas: General Industry Standards, Maritime and
Longshoring Standards, Construction Standards, and Agricultural Standards. The standards may also be divided into three
classes based on the method of promulgation: existing (interim) standards, new (permanent) standards, and emergency
temporary standards.
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
The Company should provide
specific safety training for
employees.
O, C
Non-compliance may lead to fines
and penalties as well as higher levels
of exposure to litigation.
Adequate safety training and
education should be provided to
employees.
The Company should provide
adequate supervision of
employees, although the degree
of supervision may vary
depending on several factors
such as the level of exposure to
hazardous conditions and
experience of the employees.
O, C
Inadequate supervision and training
may result in increased accident
levels.
Appropriate level of supervision
should be provided to employees to
minimize the effects of accidents or
danger.
The Company should maintain
various records (e.g. a report of
industrial injuries or illnesses)
and such records should be
accessible to employees.
C
The Company should exercise
reasonable diligence in
providing safe working
conditions, tools and
equipment.
O, C
Note: There are considerable
overlaps in requirements
between safety and
environmental practices,
especially in the handling of
toxic and hazardous materials.
Refer also to the Environmental
Law section.
Employees may not possess the
knowledge to perform their work
safely.
Jobs should be identified by degree of
hazard to appropriately direct safety
efforts.
Non-compliance may result in fines or Procedures should be established to
penalties.
ensure that all required records are
properly maintained and retained for
Employees may not be properly
the statutory period.
informed of the causes of prior
accidents or illnesses.
Inadequate and poor maintenance of
facilities and equipment may lead to
increased accident levels.
Services to customers and Company
operations may be interrupted due to
inadequate facilities, equipment and
staffing.
Management should ensure that all
facilities, equipment, repair and
maintenance meet current safety
standards.
Management should implement
policies and procedures to enhance
workers' safety.
Legal counsel should be consulted to
ensure adequate monitoring of
changes in requirements.
Management should investigate the
cause(s) of accidents and implement
proper safeguards.
130
POLICIES & PROCEDURES - Government Regulations
WORKER'S COMPENSATION LAWS: These laws entitle an employee to certain benefits whenever he/she suffers a
"personal injury by accident arising out of and in the course of employment" or an occupational disease. The employee and
his/her dependents, in exchange for these modest but assured benefits, give up their common-law right to sue the employer
for damages for any injury covered by the act. Refer also to the Policies & Procedures - Human Resources section on
Benefits - Health and Welfare.
STANDARD
All employees who suffer
job-related injuries or illnesses
should be entitled to certain
benefits including wage
benefits, hospital, medical and
rehabilitation expenses; and in
death cases, benefits for
dependents are provided.
BUS.
OBJ.
O, C
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
Non-compliance with the laws and
regulations may result in large fines
and penalties and potential loss of the
Company's right to self-insure.
The Company or the claims
administrator should provide training
to ensure competent and qualified
claims staffs.
Compensation benefits, court awards
and medical provider's bills should be
paid promptly and correctly.
Any late payment penalties to
claimants and providers should be
tracked and corrective actions should
be taken.
Claims files should be retained for the
statutory period and should include all
items required by law.
Claims reserves should be adequately
established and maintained.
The Company should secure its
liability through private or
state-fund insurance, or "selfinsurance."
F, C
The Company or the Plan
Administrator should manage
the claims process in the most
effective and economical
fashion while complying with
the above standards.
O
Inadequate insurance may result in
penalties, civil lawsuits, and potential
impact on the Company's financial
position.
Adequate coverage should be
obtained to secure the Company's
liabilities.
Management could fail to detect
unjustified or fraudulent claims and
billings, payments for unnecessary
services and duplicate payments.
Periodic compliance and quality
review of the claims administration
should be performed.
All supervising managers should be
familiar with the reporting requirements for job-related injuries.
131
INFORMATION SYSTEMS AND COMMUNICATION METHODS
Information is needed by management to run the business, and to move toward achievement of the Company's objectives.
Pertinent information must therefore be identified, captured and communicated in a form and timeframe that enables people
to carry out their responsibilities effectively and efficiently. Information systems should contain operational, financial, as
well as compliance-related information. The systems should deal not only with internally generated data, but also
information about external events, activities and conditions necessary to make informed business decisions.
Effective communication should occur at all levels of management, flowing down, across and up the organization. It must
also take place in a broader sense, dealing with expectations, responsibilities of individuals and groups and other important
matters. Additionally, open communication channels should exist with customers, vendors, regulators and other external
parties. This communication enables the Company to better address customer demands or preferences and can often provide
management with important information on the functioning of the internal control system.
The standards included in this section deal primarily with overall information and communication controls. Specific
management reporting/information systems are addressed in each process of the Policies & Procedures section.
The specific objectives highlighted in this section include:
Information Systems
Communication
• Internal
• External
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
INFORMATION SYSTEMS
External and internal
information should be obtained
and provided to management
for assessment of
Company/organization
performance relative to
established objectives.
O, C
Management may not have the
necessary information to allow them
to carry out their responsibilities
effectively and efficiently.
Mechanisms should be in place to
obtain relevant external information
on:
• Market conditions
• Competitor's programs
The Company may not respond timely • Legislative or regulatory
to market or legislative changes.
developments
• Economic changes
Actual performance and achievement
of Company objectives may not be
Internally generated information
adequately measured, captured or
critical to the achievement of
reported.
Company/organization's objectives
should be identified and regularly
reported.
Information that managers need to
carry out their responsibilities should
be reported to them on a regular basis.
133
INFORMATION SYSTEMS AND COMMUNICATION METHODS
BUS.
EXAMPLES OF
INFORMATION SYSTEMS
Information should be provided
to the appropriate people in
sufficient detail and on time to
enable them to carry out their
responsibilities efficiently and
effectively.
O
Management may not have the
necessary information to make
informed decisions.
Managers should receive analytical
information that enables them to
identify what actions need to be
taken.
Company objectives may not be met.
Information should be provided at the
right level of detail to different levels
of management.
Information should be summarized
appropriately, providing pertinent
information while permitting closer
inspection of details as needed.
Information should be available on a
timely basis to allow effective
monitoring of events and activities
(internal and external) and prompt
reaction.
Information systems should be
developed or revised based on a
strategic plan that is linked to
the Company's overall strategy.
O
New or enhanced information
resulting from changes in the business
may not be identified, captured and
reported.
Management may be overloaded with
unnecessary information and/or
pertinent information may be lost in
the disarrangement.
Actual performance may not be
adequately measured and reported.
Management should
demonstrate support for the
development of necessary
information systems by
commitment of appropriate
resources - human and
financial.
O
Information systems may become
outdated or inefficient.
134
Mechanisms should be in place to
identify emerging information needs.
Information needs and priorities
should be determined by managers
with sufficiently broad
responsibilities.
A long-range information technology
plan should be developed and linked
with strategic initiatives.
Sufficient resources should be
provided as needed to develop new or
enhance current information systems.
INFORMATION SYSTEMS AND COMMUNICATION METHODS
BUS.
EXAMPLES OF
COMMUNICATION INTERNAL
Employees' duties and control
responsibilities should be
communicated effectively.
O
Employees may not understand or be
aware of their control responsibilities.
Controls may be circumvented or not
applied.
The Company's objectives may not be
met due to employees' limited view of
their responsibilities.
Communication vehicles (formal and
informal) should be sufficient in
effecting such communication.
Employees should know the
objectives of their own activities and
how their duties contribute to
achieving those objectives.
Employees should understand how
their duties affect, and are affected by,
the duties of other employees.
Refer also to the Policies &
Procedures - Human Resources
section on Performance Appraisals.
Channels of communication
should be established for
people to report suspected
improprieties.
O, C
Improprieties may not be reported or
investigated.
Employees may be discouraged to
report suspected improprieties.
Methods should be established to
enable employees to communicate
upstream through someone other than
a direct superior, such as an
ombudsman, the internal audit
department or corporate counsel.
Adverse publicity may result if
suspected improprieties are not
initially addressed internally.
Anonymity should be permitted.
Laws and regulations may be violated
without management's knowledge.
Persons who report suspected
improprieties should be provided with
feedback, and have immunity from
reprisals.
Refer also to the Operating
Environment section on the
Ombudsman.
Management should be
receptive to employee
suggestions of ways to enhance
productivity, quality or other
similar improvements.
O
Opportunities for improving quality
or productivity may be lost or not
followed-up promptly.
Realistic mechanisms should be in
place for employees to provide
recommendations for improvement.
The quality of the Company's
products and services may decline if
subject matter experts' suggestions are
not taken seriously.
Management should acknowledge
good employee suggestions by
providing cash awards or other
meaningful recognition.
135
INFORMATION SYSTEMS AND COMMUNICATION METHODS
BUS.
EXAMPLES OF
COMMUNICATION INTERNAL
Information should be
appropriately communicated
across the organization and
should be complete, adequate
and timely to enable people to
discharge their responsibilities
effectively.
O
Information may be withheld in order
to meet the individual or group's
objective to the detriment of meeting
the Company's overall objectives.
Tasks may be delayed or handled
inefficiently because necessary
information is not accessible.
Communication between departments or business units should be
encouraged.
Employees should be evaluated on
how well they work with other
departments and groups.
COMMUNICATION EXTERNAL
Open and effective channels of
communication should be
established with customers,
suppliers and other external
parties.
O
Future business with external parties
may be jeopardized if
misunderstandings or problems are
not communicated and addressed
timely.
Feedback mechanisms with all
pertinent parties should be
established.
Suggestions, complaints and other
input should be captured and
communicated to relevant Company
personnel.
Information should be reported
upstream as necessary and follow-up
action should be taken.
Refer also to the Policies &
Procedures - Public Relations on
Management of Customers.
Outside parties should be made
aware of the Company's ethical
standards.
O, C
The Company may not be perceived
as a quality and ethical service
provider, thus jeopardizing future
profits.
Communications to external parties
should be delivered by a management level commensurate with the
nature and importance of the message.
Misunderstandings of the relationship
and expectations between the
Company and external parties may
occur.
The Company's standards and
expectations in dealing with external
parties should be communicated to
external parties.
Fines and penalties may be incurred
for violations of public trust and laws
that protect the public interest.
Improprieties by employees of
external parties should be
appropriately reported and addressed
in a timely manner.
136
INFORMATION SYSTEMS AND COMMUNICATION METHODS
BUS.
EXAMPLES OF
COMMUNICATION EXTERNAL
Management should follow up
and take action on
communications received from
customers, vendors, regulators
or other external parties in a
timely and appropriate manner.
O, C
Indications of potential problems may
not be addressed timely.
Adverse publicity may result if
problems are not addressed and
corrected internally.
Laws and regulations to protect the
public may be violated if external
complaints are not dealt with in a
timely and appropriate manner.
Employees should be receptive to
reported problems regarding products,
services or other matters, and such
reports should be investigated and
acted upon.
Errors in customer billings should be
corrected. The source of the error
should also be investigated and
corrected.
Personnel independent of those
involved with the original transaction
should process complaints.
Appropriate actions should be taken
and follow-up communication should
be made with the original sources.
Executive officers should be aware of
the nature and volume of complaints.
137
MONITORING
Business control systems change over time due to evolving application of the controls, varying effectiveness of training and
supervision, time and resource constraints or additional pressure. Accordingly, management needs to monitor the quality of
the systems performance to ensure internal controls continue to operate effectively. Monitoring can be accomplished
through on-going monitoring activities, separate evaluations or a combination of the two. On-going monitoring occurs in the
course of operations. It includes regular management and supervisory activities and other actions personnel take in
performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks
and the effectiveness of on-going monitoring procedures. Business control deficiencies should be communicated promptly
to those individuals at a sufficiently high level to ensure appropriate action is taken.
The standards included in this section deal primarily with overall monitoring controls. Specific monitoring activities, both
on-going monitoring and separate evaluations, are addressed in each process of the Policies & Procedures section.
The specific objectives highlighted in Monitoring include:
On-going Monitoring
Separate Evaluations
Reporting Deficiencies
STANDARD
BUS.
OBJ.
RISKS
EXAMPLES OF
CONTROL ACTIVITIES
ON-GOING MONITORING
In carrying out their regular
activities, management should
obtain evidence to assess
whether the system of internal
control continues to function
adequately.
O, F
Management may not challenge
Senior management should be
financial and management reports that actively involved in all operations of
are inconsistent with its knowledge.
their organization and have direct
contact with customers, vendors and
Significant differences or
other outside parties.
inconsistencies between the
Company's information systems may
Operating management should
not be identified, reported and
compare information obtained in the
analyzed in a timely manner.
course of their daily activities to
system generated information.
Information used to manage
operations should be integrated or
reconciled with data generated by the
financial reporting system.
Operating management should be
required to "certify" the accuracy of
their unit's financial results and
should be held responsible if errors
are discovered.
139
MONITORING
BUS.
EXAMPLES OF
ON-GOING MONITORING
Communications from external
parties should corroborate with
internally generated
information or indicate
potential problems.
O, C
Periodic comparisons of
amounts recorded by the
accounting system with
physical assets should be made.
O, F
Management should be
responsive to internal and
external auditor
recommendations on means to
strengthen internal controls.
O, F
Controls that should have prevented
or detected problems may not have
been reassessed.
The Company may be subject to fines
and penalties if complaints regarding
billing inaccuracies, unfair practices
by purchasing agents or
noncompliance with regulatory
requirements are not addressed and
corrected.
Lost or stolen assets may not be
properly adjusted in the accounting
system, resulting in misstatement of
the financial statements.
Opportunities to strengthen internal
controls may not be taken, resulting in
operational inefficiencies, increased
potential for fraud and misstatement
of the financial statements.
Management should follow-up on all
communications from external parties
that indicate a problem may exist
within the Company.
Refer also to the Information Systems
and Communications Methods section
on Communication - External.
Physical inventory/assets counts
should be made at least annually, and
actual amounts should be compared
with inventory records.
Internal and external auditor
recommendations should be reviewed
by senior management and the audit
committee, if deemed appropriate.
Appropriate follow-up actions should
be taken and communicated to the
audit committee, including reasons for
any recommendations not acted upon.
Executives with proper authority
should decide which of the auditors'
recommendations will be
implemented.
Management should use
training seminars, planning
sessions and other meetings to
obtain feedback on whether
controls are operating
effectively.
O
Internal control deficiencies may not
be reported and corrected.
Management may not receive
adequate feedback on employees'
understanding of their control
responsibility; thus, controls may be
ignored or critical functions may not
be performed.
140
Relevant issues and questions raised
at training seminars and meetings
should be captured.
Employee suggestions should be
communicated upstream and acted on
as appropriate.
MONITORING
BUS.
EXAMPLES OF
ON-GOING MONITORING
Employees should be asked to
periodically state whether they
understand and comply with the
Company's code of conduct and
regularly perform critical
control activities.
Internal audit activities should
be effective in meeting the
needs of the Company.
O, F
O
The Company's ethical standards may
not be understood or consistently
followed by the employees.
Employees should be required to
periodically acknowledge compliance
with the code of conduct.
Critical control functions may not be
performed, resulting in error or
omission of transactions,
misstatement of the financial
statements, and increased opportunity
for fraud.
Signatures should be required to
evidence performance of critical
control functions, such as reconciling
amounts and approval of expenses.
Personnel performing internal control
reviews and evaluations may not
possess the requisite skills and
knowledge.
Internal audit should be staffed with
appropriate levels of competent and
experienced staff.
Internal auditors' objectivity and
independence may be impaired due to
conflicts in reporting relationships
with operating management.
Internal audit activities may not be
sufficient or properly focused to meet
the critical needs of the business.
Refer also to the Operating
Environment section on Integrity and
Values.
Internal audit should be independent
from operating management.
Internal audit should have access to
the Board of Directors and the Audit
Committee.
Internal audit's scope, responsibility
and audit plans should be appro-priate
to the organization's needs.
Refer also to the Operating Environment section on Internal Audit.
SEPARATE
EVALUATIONS
O
The scope and frequency of
separate evaluations of the
internal control system should
be determined.
Independent evaluations of the
internal control system may not be
performed and new or different
perspectives on improving the
business may not be obtained.
The depth, scope and frequency of
separate evaluations may not be
adequate to assist management in
meeting its objectives.
141
Appropriate portions of the internal
control system should be evaluated
periodically.
The evaluations should be conducted
by personnel with the requisite skills.
The depth, scope of coverage and
frequency should be adequate.
MONITORING
BUS.
EXAMPLES OF
REPORTING
DEFICIENCIES
Policies for capturing and
reporting identified internal
control deficiencies should
exist.
O, C
Control deficiencies identified by
employees and third parties may not
be adequately reported/captured and
corrective actions may not be initiated
promptly.
Internal and external sources for
capturing reports on internal control
deficiencies should be used (e.g.
employees, customers, vendors,
auditors, regulators).
The Company may incur fines and
penalties for failure to correct
reported control deficiencies.
Deficiencies should be reported to the
person directly responsible for the
activity and to a person at least one
level higher.
Specified types of deficiencies should
be reported to more senior
management and to the Board of
Directors.
Follow-up actions should be
monitored and reported back to
senior management.
O
Management may not be aware of
deficiencies that have not been
corrected or followed up and critical
decisions may be made based on
incorrect assumptions.
Deficiencies may continue to occur if
the underlying causes are not
investigated and corrected.
REFERENCES
142
The deficiency identified should be
corrected.
The underlying causes of the problem
should be investigated.
AICPA Audit and Accounting Guide - Audits of Employee Benefit Plans, American Institute of Certified Public Accountants,
March 31, 1991.
Codification of Standards for the Professional Practice of Internal Auditing, The Institute of Internal Auditors, 1989.
Equal Employment Opportunity Commission Compliance Manual, 1992, Commerce Clearing House, Inc.
Evaluation of Internal Controls, A Guide for Studying and Evaluating Internal Accounting Controls, Arthur Andersen,
February 1987.
Gray, Brian E. California Environmental Laws, 1993 Edition, West Publishing Co.
Kheel, Theodore, Labor Law, (January 1994 Supplement), Matthew Bender & Co., Inc. New York, 1984.
Internal Control Self-Assessment, Release Two, Nynex Corporation, New York.
Lesley, Phillip (ed.), Lesley’s Handbook of Public Relations and Communications, (Fourth Edition), AMACOM, New York,
1991.
Modification of Final Judgment Civil Action No. 82-0192
Regional Markets Quality Assurance Audit, October 1993.
Standards of Internal Control, Revised June 1, 1989, Motorola, Inc., Schaumburg, IL, 1989.
143
INDEX
A
accounting
advance approval, 108
codes, 108
policies, 107
accounting safeguards, 120
accounts receivable, 56-57
aging, 49, 56
customer receipts, 58-59
accruals, 113
payroll, 100, 101
journal entries, 109-111
adjustments
accounts receivable, 57,59
assets, 78, 79
billing, 52, 55
consolidation, 113
payroll, 98-99, 101
advance approval
accounting transactions, 108
advanced payments, 55
affiliate transactions, 121
assets
acquisition, 75-76
classification, 76, 79
depreciation, 80
disposal and transfer, 78-79
inventory, 77, 140
reconciliation, 77-78
security, 80-82
usage, 76
audit committee, 4-6, 141
B
bad debt reserve, 56, 57
bank depository, 115
benefits
health & welfare, 27-29
profit sharing & retirement, 29-31
relocation, 31-32
billing
affiliates, 121
custom work order, 53-55
customer, 51-53
bills & vouchers, 94-96
board of directors, 4-6, 141
business plan, 13, 14
C
cash
access, 59
accountability, 58
advances, 118
disbursement - bills & vouchers,
94-96
receipts - See accounts receivable
- customer receipts
Cease & Desist Requirements, 39,
40, 41, 42, 44-45
change management, 17
check stock
accounting for, 96, 103
safeguards, 104, 118
claims - See benefits - health &
welfare
code of conduct, 1, 2, 6, 141
coding/classification, 108-109
coin operations
banking, 66
collection, 64
counting, 65
collection agency, 61-62
commissions
collection agency, 61
sales agents, 43, 44
communication
external, 69, 136-137
information systems, 133-134
internal, 71, 135-136
compensation, 26, 99, 100, 122
sales, 46-48
confirmation letters, 44
consolidation, financial reports, 113
contracts
affiliates, 121
carriers, 27
collection agency, 61
plan administrators, 29
temporary workers, 92-93
vendors, 89-92
corporate cards, 96, 102
Cost Allocation Manual (CAM), 109,
120
cost tracking, 36, 84, 120, 121
credit
establishment, 50-51
policy, 49
custom work order - See billing custom work order
customer complaints, 42, 53, 73
customer proprietary network
information, 39, 40
cut-off procedures
accounts receivable, 58
billing, 52
journal entries, 110
144
payroll, 98, 100
sales compensation, 47
D
delegation of authority and
responsibility, 11
disclosure data
benefits data, 124
financial information, 111-112,
114
value of securities, 69
document retention - See also
information - retention
accounting safeguards, 120
estimates, 87, 88
payroll, 103
safety, 130
E
employee relations, 25
Employee Retirement Income
Security Act (ERISA) 27, 29, 46,
47, 124
employment laws, 122-123
environmental
laws, 125-126
preservation, 73
estimates, 86-88
ethics, 1-3, 40, 72, 136<T>
F
filing requirements
new products, 35, 37-38
ERISA, 124
financial reports, 114
lobbying activities, 129
nonregulated activities, 120
sales agents, 44
wages, 101
financial statements preparation, 114
Foreign Corrupt Practices Act
(FCPA), 127
H
hazardous substance, 125-126, 130
human resources
performance appraisals, 22-23
planning, 19-20
staffing, 20-22
training, 22-23
work force, 10, 97
I
information
classification, 82
retention, 82
internal audit, 6-7, 141
investor relations - See public
relations
J
job descriptions, 3, 11, 21
journal entries, 109-111
payroll, 100-101
sales, 63
M
mail remittances - See accounts
receivable - customer receipts
management reporting
accounts receivable, 56
credit, 51
market financials, 34-35
marketing activities, management,
33-34
marketing strategies, 33, 38
Modified Final Judgment (MFJ), 37,
128
N
network planning
development 83-84
deployment, 85
implementation, 85
project management, 83
O
objectives
activity-level, 14-16
company-wide, 13-14
Occupational Safety & Health Act
(OSHA), 126, 130
ombudsman, 7
orders, customer, 39, 49-50
organizational structure, 9-10
P
payroll
authorization, 97-98 - See also
human resources
adjustments, 98-99
compensation, 26, 99, 100
distribution, 102
withholding, 99-100
verification, 104, 105
performance appraisals, 24-25
product development, 35-38
political activities
employee involvement, 68
laws, 129
payment, 127
project management - See network
planning
public relations
customers, 72-73
employees, 71-72
government agencies, 67-68
investors, 68-70
public service, 73
purchasing
corporate cards, 96
management, 89
payment, bills & vouchers, 94-96
procurement, 89-93
receiving, 93-94, 96
Q
quality assurance, 39, 45, 85
R
reconciliation
accounts receivable, 59
assets, 77-78, 79, 138
bank, 59, 116, 117
general ledger, 112
information, 139
payroll, 101
recruitment activities - See human
resources - staffing
refunds, 62-63
relocation, 31-32
reporting, management - See
management reporting
risk identification, 16-17
S
sales
activities, management, 38
demand, 39-40
sales agents, 42-44
targets, 38
telemarketing, 40-42
Securities and Exchange Commission
(SEC), 69, 70
security
assets, information, 81-82
assets, physical, 80-81
checks, 96, 103-104, 117
coins, 64-65
payroll processing, 102-104
segregation of duties
accounting, 107
accounts receivable, 57
145
assets, 79
billing, 52
cash, 58
cash disbursement, 94
payroll, 98, 102
procurement, 89
treasury, 115
T
tariff filings, 35
temporary workers, 92, 93
time reporting, 104-105, 120
tracking codes, 34, 36, 84, 104, 108,
120
training, 3, 22-23
transfer pricing, 121
U
uncollectibles, 51
V
vendors (suppliers)
relationships, 2
selection, 90, 91
invoices, 95
W
withholdings, 30
wire transfers, 117
worker's compensation laws, 131 See also benefits, health &
welfare
write-offs, 51, 56, 57, 113
ACKNOWLEDGMENTS
1
Material from Internal Control -- Integrated Framework, ©1992 Committee of Sponsoring Organizations of the Treadway
Commission, is adapted with permission of the American Institute of Certified Public Accountants, Inc.
2
Codification of Standards for the Professional Practice of Internal Auditing, by The Institute of Internal Auditors, Inc.
©1993 Institute of Internal Auditors, Inc., 249 Maitland Avenue, Altamonte Springs, Florida 32710-4201 U.S.A. Reprinted
with permission.
3
Dolenko, M. (1990). Auditing Human Resources Management (A Monograph). Institute of Internal Auditors Research
Foundation, 249 Mainland Avenue, Altamonte Springs, Florida 32710-4201 U.S.A. Reprinted with permission.
4
©Reprinted by permission of the Information Systems Audit and Control Foundation, formerly the EDP Auditors
Foundation, from Control Objectives: Controls in an Information Systems Environment: Objectives, Guidelines, and Audit
Procedures Fourth Edition, April 1992. Dr. Charlene A. Dykman, Editor, and Dr. Charles K. Davis, Associate Editor.
Reference work in hard binder, approximately 200 pages. For other copying, reprint or publication, permission must be
obtained in writing from the Information Systems Audit and Control Association/Foundation, 3701 Algonquin Road, Suite
1010, Rolling Meadows, IL 60008 USA.
Contributors to this document include:
M. J. Bean
G. H. Blythe
H. J. Gordon
L. M. Hirsh
B. O. Liang
W. G. Martin
A. L. O’Neal
N. Secher
C. A. Wright
B. J. Yearby
J. G. Chinn
J. F. Johnson
M. A. Miller
E. R. Stupi
Coopers and Lybrand
146