Jingga/Organization-Guide
1
0
Fork 0
mirror of https://github.com/Karaka-Management/Organization-Guide.git synced 2026-01-11 12:58:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Dennis Eichhorn 2022-07-25 18:40:00 +02:00
parent 5a05e37605
commit 4dd51f6b33
32 changed files with 358 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Policies & Guidelines/IT/Backup & Data Recovery.md
View File

@ -3,14 +3,14 @@
The loss of data can have detrimental effects on the activities of the organization. Additionally, there are mandatory rules and regulations regarding data storage, which must be upheld. There are many possible reasons for data loss. Some could be:
* Faulty data storage device
* Accedential deletion or modification of files/data
* Accidental deletion or modification of files/data
* Malicious deletion or modification of files/data
* Force majeure
* Malware
## Goal
A complete mitigation of the risks is almost impossible. However, measures must be implemented which mitigate the risks as low as reasonably possible. Data backup should allow the organization to resume its activities as quickly as possible (ideally within 1-2 hours) without substential loss of data.
A complete mitigation of the risks is almost impossible. However, measures must be implemented which mitigate the risks as low as reasonably possible. Data backup should allow the organization to resume its activities as quickly as possible (ideally within 1-2 hours) without substantial loss of data.
## Implementation
@ -20,7 +20,7 @@ The organization performs 3 types of backups:
* Backup to an external service provider: Daily
* Manual backup (cloning): Quarterly
In addition to the above mentioned backup methods the server file system also uses RAID 5 providing additional redundancy in case of data storage failure. With raid 5 it's possible for 1 drive to fail without interupting the file storage.
In addition to the above mentioned backup methods the server file system also uses RAID 5 providing additional redundancy in case of data storage failure. With raid 5 it's possible for 1 drive to fail without interrupting the file storage.
Another data redundancy is implemented for the most valuable aspect of the organization, the source code. All source code is additionally stored at github.com which can be accessed globally and organization members may continue to work on the source code by pulling the latest version of the source code from this service provider.
@ -42,11 +42,11 @@ Once a quarter a full data backup (clone) is created and stored on an external h
## Responsibility
The responsibility for the data backup lies with the head of IT. Other IT employees may only take over these tasks if the head of IT consideres these employees sufficiently trained in this area. The responsible employees must control the data integrity of the backups once a quarter.
The responsibility for the data backup lies with the head of IT. Other IT employees may only take over these tasks if the head of IT considers these employees sufficiently trained in this area. The responsible employees must control the data integrity of the backups once a quarter.
## Data storage
The data should be stored in such a way that only authorized personnel has access to the backup files. Authorized in this case means IT department and management. The data backups should be marked or labelled so that it is easily possible to identify the contents of the backup (i.e. Backup 2022-01.01 2:00:01).
The data should be stored in such a way that only authorized personnel has access to the backup files. Authorized in this case means IT department and management. The data backups should be marked or labeled so that it is easily possible to identify the contents of the backup (i.e. Backup 2022-01.01 2:00:01).
## Reconstruction

2
Policies & Guidelines/Travel & Business Expenses Guideline.md
View File

@ -21,7 +21,7 @@ The following costs are only general guidelines and maximum amounts. Please note
| Germany | < 100 EUR | < 250 EUR | < 350 EUR |
| International | < 120 EUR | < 300 EUR | < 450 EUR |
## Travelling
## Traveling
| Type | Employee | Head of department | Management |
| ------------------ | ----------------- | -------------------- | ---------------- |

0
Processes/Support/Third Party Software Testing Form.md → Policies & Guidelines/Whistleblower System.md
View File

23
Processes/01_Development.md
View File

@ -95,6 +95,29 @@ The name of the branch can be chosen freely however it is recommended to follow
* `security-*` for security related fixes/improvements
* `general-*` for general improvements (i.e. code documentation improvements, code style improvements)
```mermaid
%%{init: { 'gitGraph': {'mainBranchName': 'master'}} }%%
gitGraph
commit
branch develop
branch bug-xxx
commit
commit
checkout develop
merge bug-xxx
commit
branch feature-xxx
commit
commit
commit
checkout develop
merge feature-xxx
checkout master
merge develop
```
The senior developer who performs the code review merges the change request into the `develop` branch after their successful code review. Unsuccessful reviews lead to change requests by the original developer, other developers who can make the requested changes, changes by the senior developer who performed the review, or dismissal of the changed code. (**R10**)

8
Processes/04_Support & Service.md
View File

@ -20,7 +20,7 @@ The software environment setup can be done by either the customer themselves or
In case the customer requests a custom installation (not virtualized) or a custom configured virtualized environment the support & service employee must only do this together with the responsible person for IT on the customer side (e.g. Head of IT). (**R7**)
Under no circumstances is the employee allowed to alter any permissions, change software or hardware settings on the servers of the customer or provide IT support/consultation which is unrelated to the setup of the software environment or third party software and not approved in the [Approved Customer Software]() (**R8**). Only the CTO is allowed to approve new customer software after testing, the testing is documented with the [Third Party Software Testing Form](). (**R9**).
Under no circumstances is the employee allowed to alter any permissions, change software or hardware settings on the servers of the customer or provide IT support/consultation which is unrelated to the setup of the software environment or third party software and not approved in the [Approved Customer Software]() (**R8**). Only the CTO is allowed to approve new customer software after testing, the testing is documented with the [Third Party Software Validation - New]() and [Third Party Software Validation - Update](). (**R9**).
### Environment
@ -56,7 +56,7 @@ If the customer requests additional software to be installed and/or configured t
### Main application & modules
During the application installation the support & service employee has to perform the tasks defined in the [Application Install Checklist](./Support/Application%20Install%20Checklist.md). (**R12**)
During the application installation the support & service employee has to perform the tasks defined in the [Application Install Checklist](./Support/Application%20Install%20Checklist.md). The checklist form can only get changed by the CTO. (**R12**)
## Customization
@ -72,7 +72,7 @@ The training depends on the needs of the trainee. The following training program
* End-User
* Third party developer
The different training programs put focus on different aspects of the application. The general training program defined by the CTO can be found in the [Training Manuals](./Support/). (**R13**)
The different training programs put focus on different aspects of the application. The general training program defined by the CTO can be found in the [Training Manuals](./Support/Training%20Manuals). (**R13**)
## Maintenance
@ -80,7 +80,7 @@ Customer maintenance is performed once a year per customer with a maintenance co
The customer receives a copy of the maintenance report after it is completed from the support & service employee.
Customers without a maintenance contract can also schedule a maintenance but have to pay higher fees according to the prices are defined in the [Pricing Polity]()
Customers without a maintenance contract can also schedule a maintenance but have to pay higher fees according to the prices are defined in the [Pricing Policy]()
## Support

33
Processes/06_Finance.md
View File

@ -7,21 +7,21 @@
## Budgeting
The budgeting for the organization is done once a year and involves the cooperation of various departments to create a comprehensive budget with a solid basis for the included assumptions. (**R1**)
The budgeting for the organization is done once a year and involves the cooperation of various departments to create a comprehensive budget with a solid basis for the included assumptions.
### Approval
#### Deadline
The deadline for the handover of the budget by the finance department to the management is December 15th. (**R2**)
The deadline for the handover of the budget by the finance department to the management is December 15th. (**R1**)
#### Responsibilities
The approval of the budget is handled by the management and should be done until the start of the next fiscal year. (**R3**)
The approval of the budget is handled by the management and should be done until the start of the next fiscal year. (**R2**)
If amendments need to be made the management may approve a preliminary budget until the actual budget is finalized and approved (**R4**). Examples for a preliminary budget could be the approval to work according to the budget for the first month but adjust the budget for the remaining 11 months. Another solution could be to work according to the budget of the previous year until the new budget got adjusted. The decision how the interim period until the budget is corrected and approved should be handled based on the decision of the management.
If amendments need to be made the management may approve a preliminary budget until the actual budget is finalized and approved (**R3**). Examples for a preliminary budget could be the approval to work according to the budget for the first month but adjust the budget for the remaining 11 months. Another solution could be to work according to the budget of the previous year until the new budget got adjusted. The decision how the interim period until the budget is corrected and approved should be handled based on the decision of the management.
The tasks and responsibilities can be found in the Budgeting Checklist. The checklist must be signed by every responsible person after completing the defined task. (**R5a**) (**R5b**)
The tasks and responsibilities can be found in the Budgeting Checklist. The checklist must be signed by every responsible person after completing the defined task. The CFO must ensure the checklist is filled out properly and the tasks in the checklist are taken care of. (**R4**)
### Forecast
@ -29,7 +29,7 @@ The basis of many figures and KPIs for the budgeted periods is the current fisca
### Contents
The budget must be created on a monthly basis (**R6**). During the budgeting process it may be helpful to only budget the full fiscal year and then split the total budget up into 12 months. While doing so variations in different months should be considered (e.g. audit fees in specific months, seasonal sales distribution, ...).
The budget must be created on a monthly basis (**R5**). During the budgeting process it may be helpful to only budget the full fiscal year and then split the total budget up into 12 months. While doing so variations in different months should be considered (e.g. audit fees in specific months, seasonal sales distribution, ...).
#### Sales
@ -53,11 +53,14 @@ Operating expenses must contain the following information:
##### Information requested from all departments
The following budget positions must be budgeted from the respective head of the department (**R7**):
The following budget positions must be budgeted from the respective head of the department (**R6**):
* Employee trainings
* Investments
* Employee changes (e.g. new position, ...)
* Other information important for the budget
Additional, department specific information are collected as described below.
##### HR
@ -97,31 +100,31 @@ The taxes should be estimated based on the EBIT and the local tax rate. Correcti
### Deadline
The deadline is the 4th work day of the following month. (**R8**)
The deadline is the 4th work day of the following month.
### Responsibilities
The tasks and responsibilities can be found in the [Monthly Closing Checklist](Finance/Financial%20Closing/Monthly%Closing%20Checklist.md). The checklist must be signed by every responsible person after completing the defined task. (**R9**)
The tasks and responsibilities can be found in the [Monthly Closing Checklist](Finance/Financial%20Closing/Monthly%Closing%20Checklist.md). The checklist must be signed by every responsible person after completing the defined task. (**R7**)
## Annual closing
### Deadline
The deadline is the 4th work day of the new fiscal year. (**R10**)
The deadline is the 4th work day of the new fiscal year.
### Responsibilities
The tasks and responsibilities can be found in the [Monthly Closing Checklist](Finance/Financial%20Closing/Monthly%Closing%20Checklist.md) and additionally the [Annual Closing Checklist](Finance/Financial%20Closing/Annual%Closing%20Checklist.md). The checklists must be signed by every responsible person after completing the defined task. (**R11**)
The tasks and responsibilities can be found in the [Monthly Closing Checklist](Finance/Financial%20Closing/Monthly%Closing%20Checklist.md) and additionally the [Annual Closing Checklist](Finance/Financial%20Closing/Annual%Closing%20Checklist.md). The checklists must be signed by every responsible person after completing the defined task. (**R8**)
## Annual financial audit
### Deadline
The deadline for the audit preparation is 3 days before the audit takes place. (**R12**)
The deadline for the audit preparation is 3 days before the audit takes place.
### Responsibilities
The tasks and responsibilities can be found in the [Annual Audit Checklist](Finance/Financial%20Closing/Annual%20Audit%20Checklist.md). The checklist must be signed by every responsible person after completing the defined task. (**R13**)
The tasks and responsibilities can be found in the [Annual Audit Checklist](Finance/Financial%20Closing/Annual%20Audit%20Checklist.md). The checklist must be signed by every responsible person after completing the defined task. (**R9**)
## Reporting
@ -129,11 +132,11 @@ The reporting for the organization is done once a month and shared with differen
### Deadline
The deadline is the 5th work day of the following month. (**R14**)
The deadline is the 5th work day of the following month.
### Responsibilities
The tasks and responsibilities can be found in the [Monthly Reporting Checklist](Finance/Reporting/Monthly%20Reporting%20Checklist.md). The checklist must be signed by every responsible person after completing the defined task. (**R15a**) (**R15b**)
The tasks and responsibilities can be found in the [Monthly Reporting Checklist](Finance/Reporting/Monthly%20Reporting%20Checklist.md). The checklist must be signed by every responsible person after completing the defined task. (**R10**)

6
Processes/06_Finance_Flowchart.md
View File

@ -1 +1,7 @@
# Finance Flowchart
```mermaid
graph TD;
ASDF
```

34
Processes/06_Finance_Risk Control Matrix.md
View File

@ -1,24 +1,18 @@
# Finance Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY |
| ---- | ---- | -------- | ---------- | ---- | ---- | ---- | ----- | --------------- | ------------------- | ---- | ---- | ------- | -------- | ---- | ---- |
| 1 | | | | | | | | | | | | | | | |
| 2 | | | | | | | | | | | | | | | |
| 3 | | | | | | | | | | | | | | | |
| 4 | | | | | | | | | | | | | | | |
| 5a | | | | | | | | | | | | | | | |
| 5b | | | | | | | | | | | | | | | |
| 6 | | | | | | | | | | | | | | | |
| 7 | | | | | | | | | | | | | | | |
| 8 | | | | | | | | | | | | | | | |
| 9 | | | | | | | | | | | | | | | |
| 10 | | | | | | | | | | | | | | | |
| 11 | | | | | | | | | | | | | | | |
| 12 | | | | | | | | | | | | | | | |
| 13 | | | | | | | | | | | | | | | |
| 14 | | | | | | | | | | | | | | | |
| 15a | | | | | | | | | | | | | | | |
| 15b | | | | | | | | | | | | | | | |
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY |
| ---- | ---- | -------------------------- | ------------------------------------------------------------ | ---- | ---- | ---- | ----- | ------------------------------------------------------------ | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- |
| 1 | CFO | Operational Risk (Finance) | The company doesn't have a budget as a basis for their operations. | 1 | 1 | | | | The deadline for the budget finalization is defined with enough time until the new business year starts. | 1 | 1 | | | yes | yes |
| 2 | CFO | Operational Risk (Finance) | The budget is not approved/reviewed. | 1 | 1 | | | | The budget must be approved by the management. | 1 | 1 | | | yes | yes |
| 3 | CFO | Operational Risk (Finance) | No approved budget. | 1 | 1 | | | Budget amendments are necessary. Budget didn't get finished on time. | The management can approve a intermediate budget until the final budget is created and approved. | 1 | 1 | | | yes | yes |
| 4 | CFO | Operational Risk (Finance) | The responsibilities during the budgeting process are not defined. | 1 | 1 | | | | The tasks and responsibilities are defined in a budget checklist. | 1 | 1 | | | yes | yes |
| 5 | CFO | Operational Risk (Finance) | The budget is not broken down on a monthly basis making it difficult to validate the performance. | 1 | 1 | | | | The budget is split up on a single month basis. | 1 | 1 | | | yes | yes |
| 6 | CFO | Operational Risk (Finance) | Important information are missing. | 1 | 1 | | | | Budget information are collected from different departments. | 1 | 1 | | | yes | yes |
| 7 | CFO | Operational Risk (Finance) | The monthly closing tasks are not well defined. | 1 | 1 | | | | A monthly closing checklist exists defining the responsibilities. | 1 | 1 | | | yes | yes |
| 8 | CFO | Operational Risk (Finance) | The annual closing tasks are not well defined. | 1 | 1 | | | | An annual closing checklist exists defining the responsibilities. | 1 | 1 | | | yes | yes |
| 9 | CFO | Operational Risk (Finance) | The annual financial audit tasks are not well defined. | 1 | 1 | | | | An audit checklist exists defining the responsibilities. | 1 | 1 | | | yes | yes |
| 10 | CFO | Operational Risk (Finance) | The reporting tasks are not well defined. | 1 | 1 | | | | A reporting checklist exists defining the responsibilities. | 1 | 1 | | | yes | yes |
## Abbreviations
@ -38,4 +32,4 @@
2022-01-01 - Version 1.0
2022-01-01 - Version 1.0firefod

38
Processes/07_Management.md
View File

@ -6,13 +6,49 @@
## Planning
The management has to plan and layout the vision as well as the strategy for the organization. This is documented in the [Business Plan](./Management/Business%20Plan.md) and annual budget described in the [Finance](./06_Finance.md) process.
## Organizing
### Implementation
The management has to check if the organizational structure fits the needs of the company or if changes/improvements need to be made. The company structure is defined in the [Organigram](./Organigram.md). This includes but is not limited to ensuring sufficient resources are available. Resources are checked during every meeting described in the [Information Flow](./Management/Information%20Flow.md). The management also determines how information is appropriately and effectively shared between the different employees. This is defined in the [Information Flow](./Management/Information%20Flow.md).
### Staffing
Staffing is handled primarily by the HR department. However the following aspects are handled as described below:
* Hiring
* [HR](./05_HR.md) process
* Resource definition
* [Budget](./06_Finance.md)
* [Regular meetings](./Management/Information%20Flow.md) (i.e. [executive committee meeting](./Management/Executive%20Committee%20Minute%20Template.md))
* Training
* [Training plans](./HR/Onboarding/Sample%20Training%20Plan.md)
* [Employee evaluation](./HR/Evaluation%20Forms/Employee%20Evaluation%20Form.md)
## Leading
## Controlling & Optimization
The leadership and responsibilities of the organization is defined in the [Organigram](./Organigram.md). Additionally, responsibilities are also defined in the processes, risk control matrices, [Document Owners](./Document%20Owners.md) and individual contracts.
## Controlling
The following controlling instruments are implemented.
* [Internal audits](./Quality%20Management/Internal%20Quality%Management%Audit%Form.md)
* [Risk Management](./COSO/Risk%20Management) and Process Risk Control Matrices
* [Whistleblower System](../Policies%20&%20Guidelines/Whistleblower%20System.md)
* [Regular meetings](./Information%20Flow.md) for information exchange
* Checklists as described in the processes
* External audits
* Tax audits
* Annual accounting audit
## Optimization
From the controlling activities optimizations arise which can be brought forward by anyone in [meetings](./Management/Information%20Flow.md) and changes can be made to the processes by the responsible persons defined in the [Document Owners](./Document%20Owners.md)
2022-01-01 - Version 1.0

14
Processes/07_Management_Flowchart.md
View File

@ -0,0 +1,14 @@
# Management Flowchart
```mermaid
graph TD;
PLAN[Plan]-->IMPLEMENT[Implement]
IMPLEMENT-->CONTROL[Control]
CONTROL-->OPTIMIZE[Optimize]
OPTIMIZE-->PLAN
```
2022-01-01 - Version 1.0

3
Processes/07_Management_Risk Control Matrix.md
View File

@ -22,4 +22,5 @@
2022-01-01 - Version 1.0
2022-01-01 - Version 1.0

14
Processes/08_Quality Management.md
View File

@ -4,5 +4,19 @@
| ---------------------- | ----------------------------------- | -------- |
| High quality standards | Pass annual quality audit checklist | YES |
## Internal Audits
### Internal Auditors
### Audits
Every department needs to be audited once every quarter by an internal auditor who is not part of the department. The DQM organizes and controls these internal audits. The results of the internal audits must be documented by the internal auditors on the [Internal Quality Management Audit Form](./Quality%20Management/Internal%20Quality%20Management%20Audit%20Form.md).
The results of the internal audits are reviewed by the DQM and appropriate steps are taken by the DQM in case of audit findings.
2022-01-01 - Version 1.0

11
Processes/08_Quality Management_Flowchart.md
View File

@ -0,0 +1,11 @@
# Quality Management Flowchart
## Internal Audit
```mermaid
graph TD;
PICK_AUDITOR-->AUDIT
AUDIT-->FINDING
FINDING-->IMPROVEMENT
```

19
Processes/09_IT.md.md Normal file
View File

@ -0,0 +1,19 @@
# IT
| Key Objective | Target | Achieved |
| ----------------------------------------------------- | ---------------------- | -------- |
| High internal server and software availability | > 99% of business days | YES |
| High customer facing server and software availability | > 99% | YES |
| High data protection | No data loss | YES |
| High data security | No severe data leak | YES |
## Backups
## Maintenance
## Data security
2022-01-01 - Version 1.0

0
Processes/Support/Training Manual Admin and Key-User.md → Processes/09_IT_Flowchart.md
View File

0
Processes/Support/Training Manual Developer.md → Processes/09_IT_Risk Control Matrix.md
View File

2
Processes/COSO/CLC.md
View File

@ -36,7 +36,7 @@
| 33 | Communication and information | Information sharing with managements | Does your management share information with each other in actual business? | Yes. During executive committee meetings, monthly reporting and budgeting process. | Executive Committee Meeting Minutes<br />Monthly Reporting<br />Annual Budget |
| 34 | Monitoring | Ongoing monitoring | Are ongoing monitoring activities appropriately embedded within the company's overall business operations? | Yes, this is done during the monthly reporting, annual budget, executive committee meeting and risk review. | Monthly Reporting<br />Budget<br />Executive Committee Meeting Minutes<br />Risk Review |
| 35 | Monitoring | Ongoing monitoring | Are the ongoing monitoring activities operated appropriately according to the original designs and purposes? | Yes. | Quality Management Audit Checklist |
| 36 | Monitoring | Independent monitoring | Do you have any independent monitoring system other than ongoing monitoring activities embedded within the company's business operations, such as internal audits? | Yes. | Internal Quality Management Audit |
| 36 | Monitoring | Independent monitoring | Do you have any independent monitoring system other than ongoing monitoring activities embedded within the company's business operations, such as internal audits? | Yes, internal audits are performed. | Internal Quality Management Audit |
| 37 | Monitoring | Independent monitoring | Are the ongoing monitoring activities operated appropriately according to the original designs and purposes | Yes. | Quality Management Audit Checklist |
| 38 | Monitoring | Response to results of monitoring | Are errors, material weakness of internal controls, etc. detected through the performance of control activities or noticed from outside the company timely reported to the management or senior managers and appropriately investigated and properly addressed? | Yes, this is ensured through the executive committee meeting, risk review, internal audit and Whistleblower system. | Executive Committee Meeting Minutes<br />Risk Review<br />Internal Quality Management Audit |

2
Processes/COSO/ITGC.md
View File

@ -58,7 +58,7 @@
| 5 | User-ID administration requests are approved by managers in user dpt. and/or IT dpt, as appropriate | A, OS, DB, N, O | Records are maintained in the change management | |
| 6 | Access to privileged IT functions is restricted to appropriate personnel | A, OS, DB, N, O | These functions are restricted to IT personnel. Logs of the use of such privileged user-IDs are reviewed annually | |
| 7 | The level of complexity in password settings are appropriate | A, OS, DB, N, O | Password complexity is configured based on a minimum length of 8, at least one upper case letter, at least one lower case letter, at least one special character and at least one numeric value. Password changes must happen every 3 months | |
| 8 | Policies and procedures for direct change to data are descripted in a documentation | DB | Only the head of IT may perform and authorize direct changes to the data | |
| 8 | Policies and procedures for direct change to data are described in a documentation | DB | Only the head of IT may perform and authorize direct changes to the data | |
| 9 | Direct change to data are authorized | DB | No direct changes to data where made | |
| 10 | Direct change to data are tested | DB | No direct changes to data where made | |
| 11 | Access to DB and/or utilities for direct change to data is restricted to appropriate personnel | DB | Only the head of IT has write/change permissions to the DB | |

107
Processes/Document Owners.md Normal file
View File

@ -0,0 +1,107 @@
# Document Owners
| Category | Document | Maintainer / Responsible | Change Approval |
| --------------------- | ------------------------------------------------------------ | ------------------------ | --------------- |
| Legal | [License](../Legal/License.md) | CEO | CEO |
| Legal | [Licensors](../Legal/Licensors.md) | CTO | DQM or CEO |
| Legal | [Licensees](../Legal/Licensees.md) | CTO | CEO |
| Policies & Guidelines | Accounting: [Assets](../Policies%20&%20Guidelines/Accounting/Assets.md) | CFO | DQM or CEO |
| Policies & Guidelines | Accounting: [Cash](../Policies%20&%20Guidelines/Accounting/Cash.md) | CFO | DQM or CEO |
| Policies & Guidelines | Accounting: [Currency Translation](../Policies%20&%20Guidelines/Accounting/Currency%20Translation.md) | CFO | DQM or CEO |
| Policies & Guidelines | Accounting: [General Standards](../Policies%20&%20Guidelines/Accounting/General%20Standards.md) | CFO | DQM or CEO |
| Policies & Guidelines | Accounting: [Payables](../Policies%20&%20Guidelines/Accounting/Payables.md) | CFO | DQM or CEO |
| Policies & Guidelines | Accounting: [Provisions](../Policies%20&%20Guidelines/Accounting/Provsions.md) | CFO | DQM or CEO |
| Policies & Guidelines | Accounting: [Receivables](../Policies%20&%20Guidelines/Accounting/Receivables.md) | CFO | DQM or CEO |
| Policies & Guidelines | Accounting: [Reporting](../Policies%20&%20Guidelines/Accounting/Reporting.md) | CFO | DQM or CEO |
| Policies & Guidelines | Accounting: [Taxes](../Policies%20&%20Guidelines/Accounting/Taxes.md) | CFO | DQM or CEO |
| Policies & Guidelines | IT: [Back & Data Recovery](../Policies%20&%20Guidelines/IT/Backup%20&%20Data%20Recovery.md) | Head of IT and CTO | DQM or CEO |
| Policies & Guidelines | IT: [Change Management](../Policies%20&%20Guidelines/IT/Change%20Management.md) | Head of IT and CTO | DQM or CEO |
| Policies & Guidelines | IT: [Database Guidelines](../Policies%20&%20Guidelines/IT/Database%20Guidelines.md) | Head of IT and CTO | DQM or CEO |
| Policies & Guidelines | IT: [Development and Maintenance](../Policies%20&%20Guidelines/IT/Development%20and%20Maintenance.md) | Head of IT and CTO | DQM or CEO |
| Policies & Guidelines | IT: [General Employee Guideline](../Policies%20&%20Guidelines/IT/General%20Employee%20Guideline.md) | Head of IT and CTO | DQM or CEO |
| Policies & Guidelines | IT: [Operations Guidelines](../Policies%20&%20Guidelines/IT/Operations%20Guideline.md) | Head of IT and CTO | DQM or CEO |
| Policies & Guidelines | IT: [Password Guideline](../Policies%20&%20Guidelines/IT/Password%20Guideline.md) | Head of IT and CTO | DQM or CEO |
| Policies & Guidelines | IT: [Software Guidelines](../Policies%20&%20Guidelines/IT/Software%20Guidelines.md) | Head of IT and CTO | DQM or CEO |
| Policies & Guidelines | IT: [Back & Data Recovery](../Policies%20&%20Guidelines/IT/Backup%20&%20Data%20Recovery.md) | Head of IT and CTO | DQM or CEO |
| Policies & Guidelines | Sales: [Export Control](../Policies%20&%20Guidelines/Sales/Export%20Control.md) | Export Control Officer | CEO |
| Policies & Guidelines | Sales: [Export Control](../Policies%20&%20Guidelines/Sales/Pricing%20Policy.md) | CSO | CEO |
| Policies & Guidelines | [Car Pool Policy](../Policies%20&%20Guidelines/Car%20Pool%20Policy.md) | Fleet Manager | CEO |
| Policies & Guidelines | [Code of Conduct](../Policies%20&%20Guidelines/Code%20of%20Conduct.md) | DQM and CEO | CEO |
| Policies & Guidelines | [Confidentiality Policy](../Policies%20&%20Guidelines/Confidentiality%20Policy.md) | DHR | CEO |
| Policies & Guidelines | [Development Guidelines](../Policies%20&%20Guidelines/Development%20Guidelines.md) | HOCS and CTO | CTO or CEO |
| Policies & Guidelines | [General Definitions & Standards](../Policies%20&%20Guidelines/General%20Definitions%20&%20Standards.md) | HOCS and CTO | CTO or CEO |
| Policies & Guidelines | [Organization Activity Policy](../Policies%20&%20Guidelines/Organization%20Activity%20Policy.md) | DHR and CEO | CEO |
| Policies & Guidelines | [Organization Guidelines](../Policies%20&%20Guidelines/Organization%20Guidelines.md) | DHR and CEO | CEO |
| Policies & Guidelines | [Travel & Business Expenses Guideline](../Policies%20&%20Guidelines/Travel%20&%20Business%20Expenses%20Guideline.md) | CFO | DQM or CEO |
| Processes | [Acronyms and Abbreviations](./Acronyms%20and%20Abbreviations.md) | DQM | DQM or CEO |
| Processes | [Interdependency](./Interdependency.md) | DQM | DQM or CEO |
| Processes | [Document Owners](./Document%20Owners.md) | DQM | CEO |
| Processes | [Organigram](./Organigram.md) | DQM | DQM or CEO |
| Processes | Development: [Development](./01_Development.md) | CTO | DQM or CEO |
| Processes | Development: [Development Flowchart](./01_Development_Flowchart.md) | CTO | DQM or CEO |
| Processes | Development: [Development Risk Control Matrix](./01_Development_Risk%20Control%20Matrix.md) | CTO | DQM or CEO |
| Processes | Purchase: [Purchase](./02_Purchase.md) | HOP and CFO | DQM or CEO |
| Processes | Purchase: [Purchase Flowchart](./02_Purchase_Flowchart.md) | HOP and CFO | DQM or CEO |
| Processes | Purchase: [Purchase Risk Control Matrix](./02_Purchase_Risk%20Control%20Matrix.md) | HOP and CFO | DQM or CEO |
| Processes | Sales: [Sales](./03_Sales.md) | CSO | DQM or CEO |
| Processes | Sales: [Sales Flowchart](./03_Sales_Flowchart.md) | CSO | DQM or CEO |
| Processes | Sales: [Sales Risk Control Matrix](./03_Sales_Risk%20Control%20Matrix.md) | CSO | DQM or CEO |
| Processes | Support & Service: [Support & Service](./04_Support%20&%20Service.md) | HOCS and CTO | DQM or CEO |
| Processes | Support & Service: [Support & Service Flowchart](./04_Support%20&%20Service_Flowchart.md) | HOCS and CTO | DQM or CEO |
| Processes | Support & Service: [Support & Service Risk Control Matrix](./04_Support%20&%20Service_Risk%20Control%20Matrix.md) | HOCS and CTO | DQM or CEO |
| Processes | HR: [HR](./05_HR.md) | DHR and CFO | DQM or CEO |
| Processes | HR: [HR Flowchart](./05_HR_Flowchart.md) | DHR and CFO | DQM or CEO |
| Processes | HR: [HR Risk Control Matrix](./05_HR_Risk%20Control%20Matrix.md) | DHR and CFO | DQM or CEO |
| Processes | Finance: [Finance](./06_Finance.md) | CFO | DQM or CEO |
| Processes | Finance: [Finance Flow Chart](./06_Finance_Flowchart.md) | CFO | DQM or CEO |
| Processes | Finance: [Finance Risk Control Matrix](06_Finance_Risk%20Control%20Matrix.md) | CFO | DQM or CEO |
| Processes | Management: [Management](./07_Management.md) | DQM and CEO | CEO |
| Processes | Management: [Management Flowchart](./07_Management_Flowchart.md) | DQM and CEO | CEO |
| Processes | Management: [Management Risk Control Matrix](./07_Management_Risk%20Control%20Matrix.md) | DQM and CEO | CEO |
| Processes | Quality Management: [Quality Management](./08_Quality%20Management.md) | DQM and CEO | CEO |
| Processes | Quality Management: [Quality Management Flow Chart](./08_Quality%20Management_Flowchart.md) | DQM and CEO | CEO |
| Processes | Quality Management: [Quality Management Risk Control Matrix](./08_Quality%20Management_Risk%20Control%20Matrix.md) | DQM and CEO | CEO |
| Processes/COSO | Quality Management: [Risk Management](./COSO/Risk%20Management) | CFO and DQM | CEO |
| Processes/COSO | Quality Management: [CLC](./COSO/CLC.md) | DQM and CEO | CEO |
| Processes/COSO | Quality Management: [ITGC](./COSO/ITGC.md) | Head of IT and DQM | CEO |
| Processes | Development: [Tutorials](./Development/Tutorials) | HOCS and CTO | CTO |
| Processes | Finance: [Budgeting](./Finance/Budgeting) | CFO | DQM or CEO |
| Processes | Finance: [Financial Closing](./Finance/Financial%20Closing) | CFO | DQM or CEO |
| Processes | Finance: [Reporting](./Finance/Reporting) | CFO | DQM or CEO |
| Processes | HR: [Evaluation Forms](./HR/Evaluation%20Forms) | DHR | CEO |
| Processes | HR: [Default Rejection](./HR/Hiring/Default%20Rejection.md) | DHR | DQM or CEO |
| Processes | HR: [Employee Search Form](./HR/Hiring/Employee%20Search%20Form.md) | DHR | DQM or CEO |
| Processes | HR: [Hiring Checklist](./HR/Hiring/Hiring%20Checklist.md) | DHR | DQM or CEO |
| Processes | HR: [Individual Contributor License Agreement](./HR/Hiring/Individual%20Contributor%20License%20Agreement.md) | CTO and DHR | DQM or CEO |
| Processes | HR: [Sample Contract](./HR/Hiring/Sample%20Contract.md) | DHR | CEO |
| Processes | HR: [Job Descriptions](./HR/Hiring/Job%20Descriptions) | DHR | DQM or CEO |
| Processes | HR: [Developer Onboarding Cheat-Sheet](./HR/Hiring/Onboarding/Developer%20Onboarding%20Cheat-Sheet.md) | CTO | DQM or CEO |
| Processes | HR: [Developer Onboarding Q&A](./HR/Hiring/Onboarding/Developer%20Onboarding%20Q&A.md) | CTO | DQM or CEO |
| Processes | HR: [Onboarding Checklist](./HR/Hiring/Onboarding/Onboarding%20Checklist.md) | DHR | DQM or CEO |
| Processes | HR: [Onboarding Does and Donts](./HR/Hiring/Onboarding/Onboarding%20Does%20and%20Donts.md) | DHR | DQM or CEO |
| Processes | HR: [Sample Training Plan](./HR/Hiring/Onboarding/Sample%20Training%20Plan.md) | DHR | DQM or CEO |
| Processes | IT: [Automated Jobs](./IT/Automated%20Jobs.md) | Head of IT and CTO | CTO or CEO |
| Processes | IT [Equipment & Software](./IT/Equipment%20&%20Software.md) | Head of IT and CTO | CTO or CEO |
| Processes | IT: [Permission List](./IT/Permission%20List.md) | Head of IT and CTO | CTO or CEO |
| Processes | IT: [Third Party Software Validation - New](./IT/Third%20Party%20Software%20Validation%20-%20New.md) | Head of IT and CTO | CTO or CEO |
| Processes | IT: [Third Party Software Validation - Update]((./IT/Third%20Party%20Software%20Validation%20-%20Update.md)) | Head of IT and CTO | CTO or CEO |
| Processes | Management: [Business Model Canvas](./Management/Business%20Model%20Canvas.md) | CEO | CEO |
| Processes | Management: [Business Plan](./Management/Business%20Plan.md) | CFO and CEO | CEO |
| Processes | Management: [Executive Committee Minute Template](./Management/Executive%20Committee%20Minute%20Template.md) | CEO | CEO |
| Processes | Management: [SWOT](./Management/SWOT.md) | CFO and CEO | CEO |
| Processes | Management: [Information Flow](./Management/Information%20Flow.md) | CEO | CEO |
| Processes | Purchase: [Investment Form](./Purchase/Investment%20Form.md) | HOP and CFO | DQM or CEO |
| Processes | Purchase: [Key Supplier Evaluation](./Purchase/Key%20Supplier%20Evaluation.md) | HOP and CFO | DQM or CEO |
| Processes | Quality Management: [Quality Management](./Quality%20Management) | DQM | DQM or CEO |
| Processes | Sales: [Customer Data Protection Policy](./Sales/Customer%20Data%20Protection%20Policy.md) | CTO | DQM or CEO |
| Processes | Sales: [Customer Service Agreement](./Sales/Customer%20Service%20Agreement.md) | CTO | DQM or CEO |
| Processes | Sales: [General Terms and Conditions](./Sales/General%20Temrs%20and%20Conditions.md) | CFO, CTO and CEO | DQM or CEO |
| Processes | Sales: [Key Selling Points](./Sales/Key%20Selling%20Points.md) | CSO | DQM or CEO |
| Processes | Sales: [Pitching FAQ](./Sales/Pitching%20FAQ.md) | CSO | DQM or CEO |
| Processes | Support & Service: [Application Install Checklist](./Support/Application%20Install%20Checklist.md) | CTO | DQM or CEO |
| Processes | Support & Service: [Approved Customer Software](./Support/Approved%20Customer%20Software.md) | CTO | DQM or CEO |
| Processes | Support & Service: [Maintenance Checklist](./Support/Maintenance%20Checklist.md) | HOCS and CTO | DQM or CEO |
| Processes | Support & Service: [Third Party Software Testing Form](./Support/Third%20Party%20Software%20Testing%20Form.md) | CTO | DQM or CEO |
| Processes | Support & Service: [Training Manuals](./Support/Training%20Manuals) | CTO | DQM or CEO |
2022-01-01 - Version 1.0

42
Processes/IT/Third Party Software Validation - New.md
View File

@ -4,27 +4,27 @@ Before buying/implementing a new software the following aspects must be checked:
| To be considered | Result | Evidence / Basis | Responsible | Date |
| ---- | ------ | ------ | ----------- | ------ |
| Reasons / Goals / Opportunities | | | |
| Advantages of new software | | | |
| Disadvantages of new software | | | |
| Risks to be considered | | | |
| Alternative solution | | | |
| Supplier comparison | ATTACHED | Investment Form | |
| Fullfilled goals | | | |
| Unfullfilled goals | | | |
| Integration with existing software possible | | | |
| Manual black box testig | Successfull | Validation Report | |
| Support by vendor available | | | |
| Data protection successfully checked | YES | | |
| One-off net expenses | | Investment Form + Offer | |
| Annual net expenses | | Investment Form + Offer | |
| Estimated required resources for implementation | | | |
| Estimated time until operation | | Timeline | |
| Estimated effects on work efficiency per year in days | | Investment Form | |
| Effects on work effectiveness | | Investment Form | |
| Estimated cost savings (one-off/annual) | | Investment Form | |
| Estimated ROI in years | | Investment Form | |
| Opinion project manager | | See above | |
| Reasons / Goals / Opportunities | | | ||
| Advantages of new software | | | ||
| Disadvantages of new software | | | ||
| Risks to be considered | | | ||
| Alternative solution | | | ||
| Supplier comparison | ATTACHED | Investment Form | ||
| Fulfilled goals | | | ||
| Unfulfilled goals | | | ||
| Integration with existing software possible | | | ||
| Manual black box testing | Successful | Validation Report | ||
| Support by vendor available | | | ||
| Data protection successfully checked | YES | | ||
| One-off net expenses | | Investment Form + Offer | ||
| Annual net expenses | | Investment Form + Offer | ||
| Estimated required resources for implementation | | | ||
| Estimated time until operation | | Timeline | ||
| Estimated effects on work efficiency per year in days | | Investment Form | ||
| Effects on work effectiveness | | Investment Form | ||
| Estimated cost savings (one-off/annual) | | Investment Form | ||
| Estimated ROI in years | | Investment Form | ||
| Opinion project manager | | See above | ||

10
Processes/Management/Business Model Canvas.md
View File

@ -50,6 +50,14 @@
### Revenue
* Recurring software license fees
* Maintenance contract fees
* Hosting
* Customizations
* Customizations
2022-01-01 - Version 1.0

5
Processes/Management/Business Plan.md
View File

@ -84,3 +84,8 @@ The decision why Karaka decided to use PHP came down to the following points:
6. Implement modify and create functionality for the above mention imported modules (data)
7. Further implement basic modules (news, profile, wiki, kanban, Q&A, calendar, messaging)
8. Create new design
2022-01-01 - Version 1.0

7
Processes/Management/Executive Committee Minute Template.md
View File

@ -95,4 +95,9 @@ All members report, that the resources are sufficient to ensure the ongoing of t
## Important upcoming events
None
None
2022-01-01 - Version 1.0

18
Processes/Management/Information Flow.md Normal file
View File

@ -0,0 +1,18 @@
# Information Flow
## Regular Meetings
```mermaid
flowchart TD;
MANAGEMENT[Management]<--Monthly: Executive Meeting-->EXECUTIVE_COMMITTEE[Executive Committee]
EXECUTIVE_COMMITTEE<--Monthly: Head of Department Meeting-->HEAD_OF_DEPARTMENTS[Head of Departments]
HEAD_OF_DEPARTMENTS<--Monthly: Department Meetings-->EMPLOYEES[Employees / Teams]
MANAGEMENT--Annually: Company Meeting-->EMPLOYEES
EMPLOYEES-->WHISTLEBLOWER[Anonymous whistleblower System]
```
2022-01-01 - Version 1.0

7
Processes/Management/SWOT.md
View File

@ -58,4 +58,9 @@
##### Internal
* Own organization size/workload. A large amount of modules and tools are required to reach the critical size to make a product which is beneficial for a large amount of organizations and businesses
* Own organization size/workload. A large amount of modules and tools are required to reach the critical size to make a product which is beneficial for a large amount of organizations and businesses
2022-01-01 - Version 1.0

5
Processes/Organigram.md
View File

@ -69,6 +69,11 @@ flowchart TD;
| Equal Opportunities Officer | |
| Ladder Officer | |
| Officer for Severely Disabled | |
| Internal Auditor | |
## Responsibilities
Additional responsibilities are defined in the respective process documentation, [Document Owners](./Document%20Owner.md) and individual employee contracts.

11
Processes/Quality Management/Internal Quality Management Audit Form.md
View File

@ -1,2 +1,13 @@
# Internal Quality Management Audit Form
| Audit | Comments |
| ----------------- | -------- |
| Auditor | |
| Department | |
| Documents audited | |
| Audit specifics | |
2022-01-01 - Version 1.0

1
Processes/Sales/Requirement Checklist.md
View File

@ -1 +0,0 @@

1
Processes/Sales/Setup Checklist.md
View File

@ -1 +0,0 @@

0
Processes/Support/Training Manual End-User.md → Processes/Support/Training Manuals/Training Manual Admin and Key-User.md
View File

0
Processes/Support/Training Manuals/Training Manual Developer.md Normal file
View File

0
Processes/Support/Training Manuals/Training Manual End-User.md Normal file
View File