Mon, Jan 27, 2025

Tools

The following tools were published on KnowledgeLeader this week:

Manage Customer Orders: Sales System Order Entry RCM

An RCM provides an overview of different control objectives that organizations should take into consideration and the corresponding controls to safeguard the company against risks, which may arise if not checked timely. Once customized to an organization, this document can help the user in assessing each control. This document outlines risks and controls common to the 10.0 Manage Customer Orders process in a risk control matrix (RCM) format.

Foreign Corrupt Practices Act (FCPA) Audit Work Program

This Foreign Corrupt Practices Act (FCPA) Audit Work Program provides the necessary steps for evaluating a company's internal controls, policies and procedures related to the FCPA. It includes detailed audit steps such as identifying payments to government officials, reviewing financial statements of foreign entities, and ensuring proper documentation and authorization of transactions. The program emphasizes the importance of maintaining accurate records, segregation of duties, and adequate training for employees on FCPA requirements.

Pricing and Discounts Audit Work Program

Download our Pricing and Discounts Audit Work Program to evaluate your organization's adherence to pricing and discount policies and procedures. This tool addresses the significant risk of noncompliance by sales personnel with price controls, emphasizing the need for flexibility within structured price offerings to customers. The work program outlines steps for developing an understanding of the product pricing and discounts process, scrutinizing management reports, reviewing pricing policies, and meeting with teams to refine audit objectives.

Computer Operations/Job Scheduling Audit Work Program

Conduct an in-depth audit of your organization’s computer operations and IT job scheduling with this audit program sample, which provides detailed objectives and test steps that help review the role, responsibilities and proactive management capabilities of the computer operations department. The document covers a wide range of topics, such as organizational structure, interaction with the company, budgeting, performance metrics, use of automated tools, service-level agreements and staffing plans. 

IT SOX Compliance Officer Job Description

This sample job description outlines the responsibilities, required qualifications and preferred skills for an IT SOX compliance officer. It serves as a blueprint for organizations aiming to ensure that their information technology systems adhere to Sarbanes-Oxley Act (SOX) regulations, which are critical for maintaining accurate financial reporting and safeguarding against fraud. The document details various duties, such as evaluating IT controls, conducting risk assessments, collaborating with key departments, and documenting all relevant procedures and findings.  

Warranty Policy

Our Warranty Policy contains guidelines for managing warranty accruals and reserves within your company. This policy includes a systematic approach to determining the rates for warranty accruals and the methodology for analyzing the sufficiency of warranty reserves allocated for customer service inventory and anticipated future product returns. This policy is applicable across all business units that sell products with warranties and maintain inventory for customer service repairs. The document details the procedures for calculating warranty reserves, which are based on historical data on product defects, repairs and industry trends.

Special Payment Handling Policy

This document includes two samples that aim to establish standards and procedures for handling special payments. The objective of these policies is to ensure proper management of checks that need to be returned to the requestor, sent overnight to the vendor, or handled in a way different from standard company check processing procedures. A key principle outlined is the use of a special payment terms code in the company's workflow when an approver requires a check to be returned to them rather than having it sent directly to the vendor from the Shared Services Center (SSC).

Bank Audit Plan Report

Explore a bank audit plan report that includes a thorough risk assessment and gap analysis, developed using a risk-based audit approach for effective auditing. By utilizing a risk-based audit approach, organizations can identify key auditable areas, assess each for potential risks, and assign a risk rating, ensuring that high-risk areas are prioritized and audited annually, while medium to low-risk areas follow an 18-to-24-month cycle. 

Publications 

KnowledgeLeader has also published several publications this week.

Top Compliance Challenges Facing the Technology Industry in 2025 

In the fast-paced world of technology, both regulators and companies face challenges applying existing laws to rapid developments. In 2025, navigating this complex regulatory landscape will be even more challenging, given a slew of new regulations and increased oversight aimed at protecting consumers, safeguarding children, promoting fair competition, preventing misinformation and bolstering national security. This whitepaper highlights the top compliance challenges for technology companies in 2025 and offers steps to turn regulatory demands into strategic benefits.  

The Compliance Playbook: Navigating the Financial Services Industry’s Compliance Priorities in 2025

As we enter the new year, the financial services industry once again faces increasingly diverse and complex compliance risks. For 2025, we asked a larger-than-usual group of Protiviti colleagues worldwide to help identify the most pressing compliance issues in their market. In this edition of Compliance Insights, we explain the top risks facing compliance officers across the globe and outline priorities for how to effectively manage them. 

TPG Telecom’s Head of Risk on Data Privacy, Cybersecurity, AI and the Regulatory Landscape

Malcolm Eng is the head of risk and business partnering at New South Wales-based TPG Telecom. He has spent the past decade working with some of Australia’s leading organizations to navigate the complexities of privacy, risk and the regulatory landscape. In this VISION by Protiviti podcast, Ruby Chen, a director with Protiviti Australia, sits down with Eng to discuss data, CrowdStrike, emerging tech, AI, cybersecurity in the telecom industry and what he sees on the privacy landscape over the next five years.

Recommended Resources 

This list of recommended resources from the web may be of interest to you. Click each link to learn more. 

  1. A Return to Capacity Planning: Staying Ahead in the Manufacturing Industry
  2. Artificial Intelligence ROI Exceeds Expectations for Many
  3. Meet the Corporate Governance Awards Winners – Part Two: Nasdaq

 

0 Comments

Topics

Read More