Add to collection(s) Add to saved
  1. Miscellaneous
Uploaded by Aishwan Sachwani

2022067 Aiswan Sachwani SIP Report

advertisement 
A
SUMMER INTERNSHIP PROJECT
ON
“Internal Financial Controls and Revenue
Assurance”
AT
Protiviti India Member Private Limited
Submitted to
SCHOOL OF MANAGEMENT
PANDIT DEENDAYAL ENERGY UNIVERSITY
GANDHINAGAR
IN
PARTIAL FULFILLMENT OF THE REQUIREMENTS
FOR THE AWARD OF
MASTER OF BUSINESS ADMINISTRATION
UNDER THE GUIDANCE OF
Faculty Guide
Dr. Asit Acharaya
Company Guide
Ms. Marisha Bhatt
Manager
Submitted by
Aishwan Sachwani
[Batch: General Management,2022-24, Roll No. :2022067]
DECLARATION
I, Aishwan Sachwani, student of MBA Batch General Management (2022-24), School of
Management, Pandit Deendayal Energy University, Gandhinagar hereby declare that the
Summer Internship Project entitled “Internal financial controls & Revenue assurance” is a
result of my own work and our indebtedness to other work publications, references, if any, have
been duly acknowledged. I shall be solely responsible for any plagiarism or other irregularities,
if noticed in this report.
I assert that the statements made, and conclusions drawn are the outcome of my own
understanding during the internship learning. I further declare that to the best of my knowledge
and belief that this report does not contain any part of any work which has been submitted for
the award of any other degree/diploma/certificate in this University or any other University in
India or Abroad.
Place: Gandhinagar
Signature
Date: 16-07-2023
Aishwan Sachwani
0
COMPANY CERTIFICATE
1
PLAGIARISM DECLARATION
I know that plagiarism is wrong. Plagiarism is to use another’s work and pretend that it is one’s
own. SIP Report has significant original work / knowledge as compared already published or
is under consideration to be published elsewhere. No sentence, equation, diagram, table,
paragraph or section has been copied verbatim from previous work unless it is placed under
quotation marks and duly referenced. I have used a recognized convention for citation and
referencing. Each significant contribution and quotation from the works of other people has
been attributed, cited and referenced.
The SIP Report has been checked using <Turnitin> (copy of originality report attached) and
found within limits as per PDEU Plagiarism Policy and instructions issued from time to time.
I certify that this submission is my own work. I have not allowed and will not allow anyone to
copy this work with the intention of passing it off as his or her own work.
Place: Gandhinagar
Signature:
Date: 16/06/2023
Name of Student: Aishwan Sachwani
2
TURNITIN ORIGINALITY REPORT
3
CERTIFICATE FROM SUPERVISOR
We certify that the work incorporated in this SIP Report titled “Internal Financial Controls
& Revenue assurance” submitted by Aishwan Sachwani was carried out by the student under
our supervision/guidance. To the best of our knowledge: (i) the student has not submitted the
same work to any other institution for any degree/diploma, Fellowship or other similar titles
(ii) the SIP Report submitted is a record of original internship work done by the student during
the period of internship under our joint supervision.
Signature:
Signature:
Faculty Guide: Dr. Asit Acharya
Company Guide: Ms. Marisha Bhatt
4
PREFACE
As a part of the MBA Summer Internship Programme and in order to gain practical knowledge
in the field of management, we are required to make report on “Internal Financial Controls
& Revenue Assurance”. The basic objective behind doing this project report is to get
knowledge about how these aspects helps any company to mitigate their risk.
Doing this internship, helped us to enhance my knowledge regarding new concept called Risk
and Control Matrix involved in risk mitigation of company for various process like Bad debts,
Receivables, Direct Tax, etc. And I also knew how we assure that there is no revenue leakages
of the client and if there is any we make them aware about the same and give them valuable
insights, so that they can make necessary changes in their operations.
Through this report we come to know about importance of devotion towards the work.
5
ACKNOWLEDGEMENT
I would like to express our sincere gratitude to everyone who has directly or indirectly helped
us with this project. I would like to thank Ms. Marisha Bhatt my industry mentor, and Dr. Asit
Acharya, my faculty mentor for their support and encouraging approach throughout this
internship. From the beginning, they have been a source of motivation and an inspiration to
help me grow as an MBA student. Due to their guidance, I could minimize my difficulties and
convert them into strengths during the entire process.
I would also like to thank School of Management, Pandit Deendayal Energy University for
giving us the opportunity to work with Protiviti India Member Private Limited.
6
EXECUTIVE SUMMARY
The aim of this report is to perform Internal Financial Controls for Protiviti India Member
Private Limited. By doing the testing as per Risk and control matrix I came to know about
internal financial controls.
Internal Financial Controls helps the clients to assure that are their processes’ (like Direct tax,
HR Payroll, Fixed assets, etc.) accounting is maintained properly or not?
This provides clients with valuable insights how efficient is their accounting process, enabling
the company to make informed decisions and mitigate the risk if there is some fault in any
processes in its operations. Internal controls can ensure compliance with laws and regulations
as well as accurate and timely financial reporting and data collection.
7
Table of content
Contents
DECLARATION ..................................................................................................................................................................... 0
COMPANY CERTIFICATE ...................................................................................................................................................... 1
PLAGIARISM DECLARATION ................................................................................................................................................ 2
TURNITIN ORIGINALITY REPORT ......................................................................................................................................... 3
CERTIFICATE FROM SUPERVISOR ....................................................................................................................................... 4
PREFACE .............................................................................................................................................................................. 5
ACKNOWLEDGEMENT ........................................................................................................................................................ 6
EXECUTIVE SUMMARY ........................................................................................................................................................ 7
Table of content ................................................................................................................................................................. 8
Table of figures ................................................................................................................................................................... 9
Introduction of Protiviti .................................................................................................................................................... 10
What is Internal Financial controls: .................................................................................................................................. 10
How is IFC important for any company: ....................................................................................................................... 12
How Protiviti does IFC: ................................................................................................................................................. 13
Risk and control Matrix: ................................................................................................................................................... 14
Importance of Risk and control matrix: ........................................................................................................................ 14
Why is Risk and control matrix necessary for a company? .......................................................................................... 14
What if RACM is not prepared? .................................................................................................................................... 16
How is risk and control matrix related to the risk assurance and corrective measures? ............................................ 17
Risk and control matrix: Important for Pharmaceutical company ............................................................................... 18
My activities in this risk and matrix control during my internship: .................................................................................. 19
Testing: ..................................................................................................................................................................... 19
RACM Updatation: .................................................................................................................................................... 20
Risk and control matrix updation is necessary for several reasons: ........................................................................ 21
Revenue Assurance: ......................................................................................................................................................... 23
Revenue leakages: .................................................................................................................................................... 24
Revenue assurance in context of warehouse leasing company: .................................................................................. 24
Bibliography ...................................................................................................................................................................... 26
8
Table of figures
Figure 1: Protiviti .............................................................................................................................................. 10
Figure 2 : IFC.................................................................................................................................................... 13
Figure 3: Risk Matrix........................................................................................................................................ 16
Figure 4: Revenue assurance ............................................................................................................................ 23
9
Introduction of Protiviti
Figure 1: Protiviti
Protiviti is a global consulting firm that specializes in risk management, internal audit, technology consulting,
and financial advisory services. Protiviti operates through member firms in various countries, including India.
Protiviti India Member Private Limited is the Indian subsidiary of Protiviti Inc. It is one of the leading
consulting firms in India, providing a wide range of professional services to clients across industries. The firm
offers expertise in areas such as risk and compliance, internal audit, IT consulting, data analytics, financial
advisory, and business process improvement.
Protiviti India Member Private Limited has a team of highly skilled professionals, including consultants,
auditors, advisors, and subject matter experts. They work closely with clients to understand their unique
challenges and develop tailored solutions to address their specific needs. The firm's consultants bring in-depth
industry knowledge, technical expertise, and global best practices to deliver value-added services and help
organizations enhance their performance and achieve their business objectives.
With offices in major cities across India, Protiviti India Member Firm serves a diverse client base, including
multinational corporations, government organizations, and small to medium-sized enterprises. The firm is
committed to delivering exceptional client service, maintaining the highest professional standards, and
fostering long-term relationships with its clients.
Protiviti India Member Private Limited is recognized for its thought leadership, innovation, and commitment
to excellence. It actively contributes to the professional community through research publications, industry
events, and knowledge sharing initiatives. The firm's professionals are known for their deep expertise, integrity,
and dedication to helping organizations succeed in today's rapidly evolving business landscape.
What is Internal Financial controls:
Internal financial controls refer to the processes, policies, and systems implemented within an organization to
safeguard its assets, ensure the accuracy and reliability of financial reporting, and promote compliance with
10
laws, regulations, and internal policies. These controls are designed to minimize the risk of errors, fraud, and
financial misstatements.
Internal financial controls encompass various areas, including:
Segregation of duties: This involves assigning different responsibilities to different individuals to prevent any
single person from having complete control over a financial transaction or process. For example, the person
responsible for approving a purchase should be different from the one responsible for making the payment.
Authorization and approval: Clear guidelines should be established for authorizing and approving financial
transactions. This ensures that transactions are conducted within the limits of authority and adhere to
established policies.
•
Recording and documentation: Accurate and complete recording of financial transactions is essential.
This includes maintaining supporting documents such as invoices, receipts, and contracts, which
provide evidence of the transactions and help in the auditing process.
•
Physical safeguards: Physical controls, such as secure storage areas, locked cabinets, and access
controls, are implemented to protect valuable assets, cash, and financial records from unauthorized
access, theft, or damage.
•
Reconciliation and review: Regular reconciliation of financial records, such as bank statements and
general ledger accounts, is conducted to verify the accuracy and completeness of the recorded
transactions. Independent reviews of financial information by qualified personnel help identify any
discrepancies or errors.
Internal audit is an independent function within an organization that evaluates and assesses the effectiveness
of internal controls, risk management processes, and governance practices. It provides an objective assurance
and consulting service to management by reviewing and evaluating the adequacy and efficiency of internal
controls, including financial controls.
The internal audit function plays a crucial role in ensuring the effectiveness of internal financial controls. It
examines the design and implementation of control procedures, tests their operating effectiveness, and
identifies any control deficiencies or weaknesses. By conducting regular audits, internal auditors provide
management with an independent assessment of the organization's internal controls, highlighting areas of
improvement and recommending corrective actions.
Internal auditors also contribute to the ongoing monitoring of internal financial controls by performing periodic
audits, reviewing control activities, and assessing compliance with policies and procedures. Their work helps
management to maintain and enhance the overall control environment, mitigating risks and ensuring the
reliability of financial reporting.
11
In summary, internal financial controls and internal audit are interconnected in the sense that internal financial
controls establish the structure and processes for managing financial risks, while internal audit provides an
independent and objective evaluation of the effectiveness of these controls. Together, they contribute to the
organization's overall governance framework, ensuring financial integrity, compliance, and accountability.
How is IFC important for any company:
IFC is helpful to companies in the following ways:
•
Risk Mitigation: IFC helps mitigate risks associated with financial transactions, fraud, errors, and
financial misstatements. By implementing control activities and segregation of duties, companies
reduce the likelihood of unauthorized actions, misappropriation of assets, and financial irregularities.
•
Accuracy of Financial Reporting: IFC ensures the accuracy and reliability of financial statements. It
helps in maintaining proper books of accounts, recording transactions accurately, and preparing
financial reports in compliance with accounting standards. Reliable financial reporting is essential for
stakeholders, including investors, lenders, and regulatory authorities, to make informed decisions.
•
Compliance with Laws and Regulations: IFC assists companies in complying with applicable laws,
regulations, and internal policies. By establishing control procedures, companies ensure that their
financial activities are conducted within the legal and regulatory framework. Compliance reduces the
risk of penalties, fines, and reputational damage.
•
Protection of Assets: IFC safeguards a company's assets, including physical assets, cash, and intellectual
property, from theft, unauthorized use, or damage. It establishes controls such as access restrictions,
secure storage, and regular inventories to protect the company's resources.
•
Efficient Operations: IFC promotes efficient and effective operations within a company. By
streamlining processes, establishing control mechanisms, and minimizing errors and rework,
companies can optimize their financial operations and allocate resources effectively.
•
Transparency and Accountability: IFC promotes transparency and accountability within an
organization. It ensures that financial transactions are properly documented, authorized, and recorded,
making it easier to trace and audit them. This transparency enhances trust among stakeholders and
strengthens the company's reputation.
•
Investor and Creditor Confidence: Strong internal financial controls increase investor and creditor
confidence in a company. Robust controls provide assurance that the company's financial statements
are reliable and accurate, reducing the perception of financial risks and enhancing the company's ability
to attract investments and secure financing.
12
•
Business Continuity: IFC contributes to the continuity of business operations. By identifying and
mitigating risks, companies are better prepared to address potential disruptions and minimize their
impact on financial performance. Well-designed controls help companies recover quickly from
unforeseen events and maintain stability.
•
Overall, internal financial controls are essential for any company as they promote good governance,
mitigate risks, ensure compliance, protect assets, enhance operational efficiency, and build stakeholder
confidence. By establishing and maintaining strong IFC, companies can achieve their financial
objectives while safeguarding their reputation and long-term sustainability.
Figure 2 : IFC
How Protiviti does IFC:
•
Protiviti apply their process, risk, and control expertise to help organisations design, implement, and
operate controls programmes that are fit-for-purpose, right-sized, and support the needs of internal
and external stakeholders, all while striking the right balance between efficiency and control. They
speak the language of controls which their experts help organisations translate to meet the specific
context and objectives.
•
They help one to identify risk, design and implement controls, and provide control testing and
validation services over core processes, systems, initiatives and transformation programmes - no
matter which industry, business model, or location.
•
They perform risk assessments, identify control gaps, provide recommendations, support remediation
and validation efforts and does support communications with regulators and external auditors.
13
Risk and control Matrix:
A risk and control matrix is a tool used in risk management and internal control systems to identify and assess
risks associated with specific business processes or activities and determine the corresponding control
measures to mitigate those risks. It is also known as a risk and control framework or a risk control matrix.
The matrix typically consists of a grid that lists various risks in one column and the corresponding control
activities in another column. The risks are identified through a risk assessment process, which involves
analysing potential threats, vulnerabilities, and their potential impact on business objectives. The control
activities outline the specific measures or actions that are put in place to manage and mitigate those risks.
Importance of Risk and control matrix:
The importance of a risk and control matrix lies in the following aspects:
1. Risk Identification and Assessment: It helps in systematically identifying and evaluating risks specific
to different business processes. By documenting risks and their potential impacts, organizations can
gain a comprehensive understanding of their risk landscape.
2. Control Design and Implementation: The matrix facilitates the design and implementation of
appropriate control measures to mitigate identified risks. It ensures that controls are aligned with
specific risks, addressing them effectively and efficiently.
3. Compliance and Governance: A risk and control matrix plays a crucial role in meeting regulatory
requirements and internal governance standards. It helps organizations demonstrate their commitment
to risk management, compliance, and internal control to stakeholders such as regulators, auditors, and
investors.
4. Communication and Decision-making: The matrix serves as a valuable communication tool, providing
a structured format to discuss and present risks and controls within an organization. It enables informed
decision-making by highlighting areas of concern and facilitating prioritization of risk mitigation
efforts.
5. Monitoring and Review: The matrix forms the basis for ongoing monitoring and review of risks and
controls. It enables organizations to assess the effectiveness of controls, identify gaps or weaknesses,
and take corrective actions to continuously improve their risk management practices.
Why is Risk and control matrix necessary for a company?
A risk and control matrix holds significant importance for any company. Here are some key reasons why it is
essential:
14
1. Risk Management: A risk and control matrix allows companies to identify, assess, and manage risks
effectively. By documenting potential risks and their corresponding control measures, organizations
can proactively address vulnerabilities and minimize the likelihood and impact of adverse events. This
proactive risk management approach helps protect the company's assets, reputation, and overall
business continuity.
2. Compliance and Regulation: Companies operate in a complex regulatory environment with various
compliance requirements. A risk and control matrix aids in ensuring compliance by mapping controls
to specific regulatory requirements. It assists in demonstrating that the organization has implemented
appropriate measures to meet legal and regulatory obligations.
3. Internal Control Enhancement: Internal controls play a critical role in safeguarding company assets,
preventing fraud, ensuring accuracy of financial reporting, and promoting operational efficiency. The
matrix helps in designing and implementing effective control activities tailored to address identified
risks. By strengthening internal controls, companies can enhance operational performance, reduce
errors, and mitigate financial and operational risks.
4. Decision-Making Support: The risk and control matrix provide valuable information for decisionmaking. It helps management and stakeholders understand the potential risks associated with various
business processes and activities. By having a comprehensive view of risks and controls, decisionmakers can make informed choices about resource allocation, risk tolerance, and strategic planning.
5. Audits and Reviews: Internal and external audits are essential to assess the effectiveness of controls
and identify any gaps or weaknesses in risk management. A risk and control matrix serves as a
foundational document during audits, providing auditors with an organized framework to evaluate
control design, implementation, and effectiveness. It streamlines the audit process and ensures a
systematic review of key risks and controls.
6. Communication and Transparency: The risk and control matrix promotes transparency and effective
communication within the organization. It serves as a common reference point for discussing risks and
controls across different departments and levels of management. By providing a standardized format,
the matrix facilitates clear and concise communication of risk-related information, enabling
stakeholders to understand the company's risk profile and control environment.
In summary, a risk and control matrix is essential for any company as it supports effective risk
management, compliance, internal control enhancement, decision-making, audits, and communication. It
helps organizations proactively address risks, ensure regulatory compliance, and strengthen governance
practices, ultimately contributing to the company's long-term success and sustainability.
15
Figure 3: Risk Matrix
What if RACM is not prepared?
If a risk and control matrix is not prepared, it can lead to several challenges and potential negative
consequences for a company:
1. Lack of Risk Awareness: Without a risk and control matrix, the company may have limited visibility
and understanding of the risks it faces. This can result in a lack of awareness regarding potential threats
and vulnerabilities, making it difficult to prioritize risk mitigation efforts effectively.
2. Inadequate Control Measures: A risk and control matrix helps in identifying and designing appropriate
control measures to mitigate risks. Without it, the company may struggle to implement robust controls
or may end up with generic control measures that do not address specific risks adequately. This
increases the likelihood of control failures and exposes the company to potential losses, fraud, or noncompliance.
16
3. Increased Exposure to Risks: The absence of a risk and control matrix means that the company may
not have a structured approach to risk management. This can lead to gaps in risk identification and
assessment, leaving the company exposed to various operational, financial, regulatory, and strategic
risks. Failure to proactively manage risks can result in unexpected and costly consequences.
4. Compliance and Regulatory Risks: In today's regulatory landscape, companies must adhere to
numerous laws, regulations, and industry standards. A risk and control matrix helps align controls with
specific compliance requirements. Without it, the company may struggle to demonstrate compliance
and may face penalties, legal issues, or reputational damage due to non-compliance.
5. Inefficient Resource Allocation: A risk and control matrix assists in prioritizing risk mitigation efforts
based on their significance and potential impact on the company's objectives. Without this
prioritization, the company may allocate resources inefficiently, investing time and effort in areas with
minimal risk while neglecting critical areas that require attention.
6. Lack of Accountability and Monitoring: A risk and control matrix provides a framework for monitoring
and reviewing the effectiveness of controls. Without it, there may be a lack of accountability and a
diminished ability to track and assess control performance. This can result in control weaknesses going
unnoticed, allowing risks to persist and potentially escalate.
Overall, the absence of a risk and control matrix hampers a company's ability to proactively manage risks,
implement effective controls, ensure compliance, and make informed decisions. It increases the likelihood of
control failures, exposes the company to various risks, and can have detrimental effects on its financial
performance, reputation, and long-term sustainability.
How is risk and control matrix related to the risk assurance and corrective measures?
A risk and control matrix is closely linked to risk assurance and corrective measures. Here's how they are
connected:
Risk Assurance: Risk assurance is the process of providing confidence and assurance to stakeholders that risks
are being effectively managed within an organization. A risk and control matrix plays a crucial role in risk
assurance by documenting the identified risks and corresponding control measures. It provides a structured
framework for evaluating the design and effectiveness of controls, ensuring that they are properly implemented
and operating as intended.
Corrective Measures: A risk and control matrix helps identify control gaps, weaknesses, or deficiencies within
a company's risk management and control environment. These identified issues can serve as triggers for
17
implementing corrective measures. When deficiencies are identified, corrective actions can be taken to address
them and strengthen the control framework. This may involve modifying existing controls, implementing
additional controls, or revising control processes to mitigate the identified risks effectively.
The risk and control matrix facilitates the process of identifying which corrective measures are necessary by
highlighting the risks that are not adequately controlled. It provides a comprehensive view of the risks and
controls, enabling organizations to prioritize corrective actions based on the severity and significance of the
risks.
Furthermore, the risk and control matrix can also be used to monitor the implementation and effectiveness of
corrective measures. By documenting the expected control activities and their associated risks, the matrix
serves as a reference point for tracking the progress of corrective actions and assessing their impact on risk
mitigation.
Overall, the risk and control matrix is an integral component of risk assurance, as it helps identify control
deficiencies and guides the implementation of corrective measures. It ensures that risks are managed
effectively, controls are appropriately designed and implemented, and the necessary actions are taken to
address any identified weaknesses in the control environment.
Risk and control matrix: Important for Pharmaceutical company
The risk and control matrix holds significant importance for the pharmaceutical industry due to the unique
risks and regulatory requirements associated with this sector. Here are some specific reasons why a risk and
control matrix is important for the pharma industry:
Regulatory Compliance: The pharmaceutical industry is subject to stringent regulatory frameworks, such as
Good Manufacturing Practices (GMP), Good Clinical Practices (GCP), and Good Pharmacovigilance
Practices (GVP). A risk and control matrix helps in mapping control measures to these regulatory
requirements, ensuring compliance and mitigating the risk of non-compliance, which can result in severe
penalties, product recalls, or reputational damage.
•
Patient Safety: Patient safety is of paramount importance in the pharmaceutical industry. A risk and
control matrix helps identify risks associated with drug development, manufacturing, distribution, and
post-market surveillance. By implementing appropriate controls, such as quality control measures,
adverse event reporting systems, and pharmacovigilance processes, the matrix helps ensure the safety
of pharmaceutical products and minimize potential harm to patients.
18
•
Supply Chain Risks: The pharmaceutical industry relies on complex global supply chains involving
multiple stakeholders, including suppliers, manufacturers, distributors, and logistics providers. A risk
and control matrix assists in identifying and managing risks associated with supply chain disruptions,
counterfeiting, product quality, and regulatory compliance throughout the supply chain. It helps
implement controls to ensure the integrity and traceability of pharmaceutical products.
•
Data Integrity: Data integrity is critical for the pharmaceutical industry, as it impacts product quality,
safety, and regulatory compliance. A risk and control matrix helps identify risks related to data integrity,
such as unauthorized access, data manipulation, or loss of data. It enables the implementation of control
measures, such as data backup systems, access controls, and data validation processes, to maintain the
integrity of critical data and ensure accurate documentation throughout the product lifecycle.
•
Quality Management: Quality is a key focus in the pharmaceutical industry to ensure that drugs meet
the required standards and specifications. A risk and control matrix aids in identifying risks that could
impact product quality, such as deviations from manufacturing processes, inadequate testing
procedures, or improper handling of raw materials. By implementing controls, such as quality control
systems, quality assurance processes, and robust validation protocols, the matrix helps maintain and
enhance product quality.
•
Audits and Inspections: The pharmaceutical industry is subject to frequent audits and inspections by
regulatory authorities. A risk and control matrix provides a structured framework to demonstrate
compliance, ensuring that control activities are aligned with regulatory requirements. It helps
companies prepare for audits and inspections, enabling efficient and effective evaluation of their risk
management practices and control environment.
My activities in this risk and matrix control during my internship:
Testing:
Testing the process of a risk and control matrix involves assessing its effectiveness and ensuring that it fulfils
its intended purpose. Here are some steps you can take to test the process of a risk and control matrix:
1. Evaluate Risk Identification: Assess the effectiveness of risk identification within the matrix. Review
the methodology used to identify risks and evaluate whether it is thorough and considers both internal
and external factors. Verify that the identified risks align with the organization's objectives and are
relevant to its operations.
2. Assess Control Mapping: Examine the mapping of control activities to identified risks. Evaluate
whether the controls listed in the matrix adequately address and mitigate the identified risks. Verify
19
that the control measures are well-defined, practical, and aligned with industry best practices or
regulatory requirements.
3. Test Control Effectiveness: Test the effectiveness of the controls listed in the matrix. This can be done
through control testing procedures, such as walkthroughs, observations, or sample testing. Assess
whether the controls are properly implemented, consistently followed, and achieving the desired
outcomes.
4. Evaluate Control Design: Evaluate the design of the controls listed in the matrix. Assess whether they
are designed in a way that is suitable for mitigating the identified risks. Verify that the controls are
logically connected to the risks they are intended to address and that there are no control gaps or
duplications.
5. Monitor Ongoing Updates: Ensure that the risk and control matrix is regularly updated to reflect
changes in the business environment, regulatory landscape, and internal processes. Evaluate the
process for updating the matrix and verify that it is reviewed and approved by relevant stakeholders.
6. Test Documentation and Communication: Evaluate the documentation and communication of the risk
and control matrix within the organization. Verify that it is easily accessible to relevant personnel, welldocumented, and clearly communicates the associated risks and control measures. Assess whether the
matrix is effectively communicated to employees, management, and other stakeholders.
By following these steps, you can systematically test the process of a risk and control matrix, identify any
shortcomings, and make necessary improvements to ensure its effectiveness in identifying, assessing, and
managing risks within your organization.
RACM Updatation:
Updating a risk and control matrix is an essential process to ensure its relevance and effectiveness over time.
Here are the steps typically involved in updating a risk and control matrix:
1. Regular Review: Set a schedule for regular review and update of the risk and control matrix. This can
be done annually, quarterly, or based on significant changes in the business environment, processes, or
regulations.
2. Risk Assessment: Conduct a thorough risk assessment to identify new risks or changes to existing risks.
Consider internal and external factors that may impact the organization's risk profile. Engage relevant
stakeholders such as subject matter experts, process owners, and risk management teams to gather
inputs for risk identification.
3. Control Evaluation: Evaluate the effectiveness of existing control measures listed in the matrix.
Determine if controls are still relevant, properly designed, and aligned with the identified risks.
20
Consider changes in regulations, industry standards, and best practices to ensure controls remain up to
date.
4. Gap Analysis: Perform a gap analysis by comparing the identified risks with the existing controls.
Identify any control gaps or areas where controls are insufficient to mitigate the identified risks. This
analysis helps prioritize areas that require updates or additional control measures.
5. Update Control Activities: Revise or add control activities to address the identified risks and control
gaps. Ensure that control activities are clearly defined, practical, and aligned with the organization's
objectives, regulations, and industry standards. Involve relevant stakeholders in the process to gather
their expertise and insights.
6. Documentation: Update the risk and control matrix document to reflect the changes made. Clearly
document the identified risks, control activities, and any modifications or additions made to the matrix.
Ensure that the document is organized, easy to understand, and accessible to relevant stakeholders.
7. Approval and Communication: Obtain necessary approvals from management or governance bodies
for the updated risk and control matrix. Communicate the changes and updates to relevant stakeholders,
such as process owners, employees, and internal auditors. Ensure that stakeholders understand the
purpose, content, and any actions required as a result of the updates.
8. Implementation and Monitoring: Implement the updated risk and control matrix across the
organization. Ensure that employees are aware of the changes and follow the updated control activities.
Monitor the effectiveness of the controls and regularly assess their performance to identify any areas
that may require further adjustments.
By following these steps, organizations can keep their risk and control matrix up to date, ensuring that it
accurately reflects the current risk landscape and provides effective guidance for managing risks and
implementing control measures.
Risk and control matrix updation is necessary for several reasons:
Changing Risk Landscape: The risk landscape is dynamic and constantly evolving. New risks may emerge,
existing risks may change in nature or severity, and the business environment may undergo significant shifts.
Updating the risk and control matrix ensures that it accurately reflects the current risk profile of the
organization and enables proactive risk management.
1. Regulatory Compliance: Regulatory requirements and industry standards are subject to updates and
revisions over time. Organizations must stay abreast of these changes and ensure that their controls
align with the latest regulations. Updating the risk and control matrix helps ensure compliance with
evolving regulatory expectations and reduces the risk of non-compliance.
21
2. Internal Control Effectiveness: Over time, the effectiveness of control measures listed in the risk and
control matrix may need evaluation. New control measures may be implemented, existing controls
may become obsolete or less effective, or control gaps may be identified. Regular updates to the matrix
help maintain the relevance and effectiveness of control activities, ensuring that they adequately
mitigate identified risks.
3. Business Changes: Organizations undergo changes such as expansion into new markets, introduction
of new products or services, adoption of new technologies, or changes in organizational structure.
These changes can introduce new risks or alter existing risk profiles. Updating the risk and control
matrix enables organizations to identify and address these changes, ensuring that controls are in place
to mitigate associated risks.
4. Lessons Learned and Feedback: Organizations learn from past experiences, incidents, and audits.
Feedback from internal and external stakeholders also provides valuable insights into the effectiveness
of controls. Updating the risk and control matrix allows organizations to incorporate lessons learned,
address control deficiencies, and enhance risk management based on feedback received.
5. Stakeholder Expectations: Stakeholders such as shareholders, customers, regulatory authorities, and
business partners have increasing expectations regarding risk management and control. They expect
organizations to demonstrate that risks are being appropriately identified, assessed, and managed.
Regularly updating the risk and control matrix helps organizations meet stakeholder expectations by
ensuring that risk management practices and control measures remain robust and up to date.
6. Continuous Improvement: The process of updating the risk and control matrix fosters a culture of
continuous improvement. It encourages organizations to regularly assess and enhance their risk
management practices, control effectiveness, and overall governance framework. By staying proactive
and continuously updating the matrix, organizations can optimize risk management efforts and enhance
their ability to achieve business objectives.
22
Revenue Assurance:
Figure 4: Revenue assurance
Revenue assurance is a process or set of activities undertaken by businesses to ensure the accuracy,
completeness, and integrity of their revenue streams. It involves implementing controls, systems, and practices
to minimize revenue leakage, identify and resolve revenue-related issues, and maximize revenue collection.
The primary goal of revenue assurance is to safeguard a company's revenue by identifying and rectifying any
discrepancies or vulnerabilities in the revenue generation process. This typically involves monitoring and
analysing data from various sources, such as sales transactions, billing systems, and financial records, to
identify potential revenue losses or risks.
23
Revenue leakages:
Revenue leakage refers to the loss of potential revenue or the reduction in revenue that a company could have
earned but didn't due to various factors. It occurs when there are gaps or weaknesses in the revenue generation
process that result in missed or underreported revenue.
Revenue leakage can stem from a variety of sources and can occur at different stages of the revenue cycle.
Some common causes of revenue leakage include:
1. Billing errors: Inaccurate billing or invoicing can lead to undercharging customers or failing to bill for
certain products, services, or usage.
2. Pricing discrepancies: Inconsistent or incorrect pricing of products or services can result in
undercharging customers or missed opportunities for higher revenue.
3. Contractual non-compliance: Failure to enforce or adhere to contractual terms and conditions, such as
pricing agreements, discounts, or service-level agreements, can lead to revenue leakage.
4. Subscription and usage errors: In subscription-based businesses or industries, revenue leakage can
occur if customers are not correctly billed for their usage or if there are errors in tracking and reporting
usage.
5. Unauthorized access or fraud: Revenue leakage can result from unauthorized access to services or
products, subscription abuse, fraudulent activities, or billing manipulation.
6. System and process inefficiencies: Inefficient or outdated systems, manual errors, or inadequate
controls can contribute to revenue leakage by causing delays, errors, or inconsistencies in revenue
generation and reporting.
7. Revenue recognition issues: Improper application of revenue recognition principles and standards can
lead to revenue leakage or misreporting of revenue.
Revenue leakage can have a significant impact on a company's financial performance and profitability. It is
important for businesses to implement revenue assurance measures, such as data reconciliation, fraud
detection, and process improvements, to identify and mitigate revenue leakage risks. By addressing revenue
leakage, companies can optimize their revenue streams, improve financial accuracy, and maximize revenue
potential.
Revenue assurance in context of warehouse leasing company:
In the context of a warehouse leasing company, revenue assurance refers to the practices and processes
implemented to ensure the accuracy and completeness of revenue generated from leasing warehouse space to
24
customers. The primary objective is to minimize revenue leakage, identify potential risks, and optimize
revenue collection within the specific context of warehouse leasing operations.
Here are some key aspects of revenue assurance in a warehouse leasing company:
1. Lease agreement management: Implementing robust systems and processes to effectively manage lease
agreements with customers. This includes ensuring accurate documentation, tracking lease terms and
conditions, and monitoring lease renewals and terminations.
2. Billing and invoicing accuracy: Ensuring accurate and timely billing and invoicing processes to capture
the correct rental charges, additional fees, and any other charges associated with the warehouse lease.
This involves validating lease terms, calculating charges correctly, and addressing any billing errors
promptly.
3. Occupancy tracking and reporting: Maintaining accurate records of warehouse occupancy and
utilization. This includes tracking the availability of warehouse space, monitoring lease expirations
and renewals, and generating occupancy reports to identify opportunities for maximizing utilization
and revenue.
4. Rent escalation management: Implementing mechanisms to accurately calculate and apply rent
escalations as specified in lease agreements. This involves monitoring lease terms, calculating rent
adjustments correctly, and ensuring timely and accurate communication with customers regarding
changes in rental charges.
5. Tenant account reconciliation: Conducting regular reconciliation of tenant accounts to ensure that
payments received align with lease agreements and invoicing. This helps identify any discrepancies or
underpayments, enabling prompt resolution and minimizing revenue leakage.
6. Audit and compliance: Performing regular audits and reviews of lease agreements, financial records,
and revenue recognition practices to ensure compliance with accounting standards, contractual
obligations, and regulatory requirements. This helps identify any revenue leakage risks and ensures
adherence to relevant guidelines and regulations.
7. Revenue forecasting and analysis: Utilizing data and analytics to forecast future revenue, identify
trends, and make informed decisions regarding pricing, occupancy rates, and lease terms. This enables
the company to optimize revenue generation and identify potential areas for improvement.
By implementing robust revenue assurance practices, a warehouse leasing company can enhance revenue
accuracy, minimize revenue leakage, maintain strong customer relationships, and improve overall financial
performance.
25
Bibliography
(n.d.).
Retrieved
from
https://www.apqc.org/resource-library/resource-listing/internal-controls-key-
benchmarks-pharmaceutical-industry
IFC.
(n.d.).
Retrieved
from
http://finsq.in/audit/internal-finance-control-audit-decode-the-mandatory-
compliance-for-companies/:
http://finsq.in/audit/internal-finance-control-audit-decode-the-
mandatory-compliance-for-companies/
Neural. (n.d.). Retrieved from https://www.neuralt.com/what-is-revenue-assurance-and-how-does-it-work/:
https://www.neuralt.com/what-is-revenue-assurance-and-how-does-it-work/
Protiviti. (n.d.). Protiviti. Retrieved from https://www.protiviti.com/in-en: https://www.protiviti.com/in-en
26
Related documents
Service Delivery Support Manager
Service Delivery Support Manager
Role Name QA Executive- maternity leave cover 9 months fixed term
Role Name QA Executive- maternity leave cover 9 months fixed term
Quality Review and Assurance Committee Terms of Reference
Quality Review and Assurance Committee Terms of Reference
cH 19 qUALITY aSSURANCE QC TQM
cH 19 qUALITY aSSURANCE QC TQM
Date Your Name Your Address
Date Your Name Your Address
Download
advertisement