mirror of
https://github.com/Karaka-Management/Organization-Guide.git
synced 2026-01-11 12:58:42 +00:00
Update CLC.md
Signed-off-by: Dennis Eichhorn <spl1nes.com@googlemail.com>
This commit is contained in:
GitHub
parent
ebb86c7551
commit
da6be5abb7
|
|
@ -13,17 +13,17 @@
|
|||
| 9 | Control Environment | Organization | Does the management assign a person in charge for each role? | Yes. This can be seen in the organigram. | [Organigram](../../Organigram.md)<br />[Processes](../../)<br />Checklists |
|
||||
| 10 | Control Environment | Power | How are the assignment of responsibilities and delegation of authority made clear to all employees? | This can be seen in the organigram and processes available to all employees. | [Organigram](../../Organigram.md)<br />[Processes](../../)<br />Checklists |
|
||||
| 11 | Control Environment | Power | How are the delegation of responsibilities and authority to employees, etc. updated in case organizational structures or other fundamentals of the company are changed? | Updates are implemented immediately on organizational structure changes or in case of changes in employees. | [Organigram](../../Organigram.md)<br />[Processes](../../)<br />Checklists |
|
||||
| 12 | Control Activities | Business procedure | Which policies and procedures or operating manuals established to ensure the performance of control activities that sufficiently mitigate and address the risks in business operations, especially in regard to the reliability of the financial reporting exist? | The company implemented the process descriptions, risk control matrices of every process, risk management, CLC and ITGC. | Process Risk Control Matrix<br />[Risk Management](Risk%20Management/Risk%20Management.md)<br />Risk Review<br />[CLC](./CLC.md)<br />[ITGC](./ITGC.md) |
|
||||
| 13 | Control Activities | Business procedure | How do you confirm if employees perform their operations in compliance with policies and procedures or operating manuals? | This is done through the implemented controls and annual risk review. | Process Risk Control Matrix<br />Risk Review |
|
||||
| 12 | Control Activities | Business procedure | Which policies and procedures or operating manuals established to ensure the performance of control activities that sufficiently mitigate and address the risks in business operations, especially in regard to the reliability of the financial reporting exist? | The company implemented the process descriptions, risk control matrices of every process, risk management, CLC and ITGC. | Process Risk Control Matrix<br />[Risk Management](Risk%20Management/Risk%20Management.md)<br />[Risk Management Review](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Management%20Review%20Template.md)<br />[CLC](./CLC.md)<br />[ITGC](./ITGC.md) |
|
||||
| 13 | Control Activities | Business procedure | How do you confirm if employees perform their operations in compliance with policies and procedures or operating manuals? | This is done through the implemented controls and annual risk review. | Process Risk Control Matrix<br />[Risk Management Review](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Management%20Review%20Template.md) |
|
||||
| 14 | Control Environment | Personnel deployment and training | How does the management identify the competencies necessary for the company and procure/dispatch qualified personnel | This is done during the HR search and the employee evaluation. | [Job description](https://github.com/Karaka-Management/Organization-Guide/tree/master/Processes/HR/Job%20Descriptions)<br />[Employee Evaluation Form](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/HR/Evaluation%20Forms/Employee%20Evaluation%20Form.md) |
|
||||
| 15 | Control Environment | Personnel deployment and training | How are the competencies necessary reviewed regularly and maintained appropriately? | This is done during the HR search and the annual employee evaluation. | [Job description](https://github.com/Karaka-Management/Organization-Guide/tree/master/Processes/HR/Job%20Descriptions)<br />[Employee Evaluation Form](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/HR/Evaluation%20Forms/Employee%20Evaluation%20Form.md) |
|
||||
| 16 | Control Environment | Personnel deployment and training | Does the management provide employees, etc. with the means, training etc. necessary to fulfill their duties and support them in the improvement of their abilities and how is this implemented? | This is done during the training period and checked in the employee evaluation. If additional training or competencies are identified they are trained internally or through external seminars. | [Training Plan](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/HR/Onboarding/Sample%20Training%20Plan.md)<br />[Employee Evaluation Form](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/HR/Evaluation%20Forms/Employee%20Evaluation%20Form.md) |
|
||||
| 17 | Control Environment | Personnel evaluation | What are your personnel evaluation standards? | All employee evaluations must be performed based on the standard evaluation form once a year. | [Employee Evaluation Form](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/HR/Evaluation%20Forms/Employee%20Evaluation%20Form.md) |
|
||||
| 18 | Control Environment | Personnel evaluation | How are the personnel evaluation standards regularly reviewed and updated appropriately? | During the annual quality management audit the evaluation form is reviewed. | [Quality Management Audit Checklist](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/Quality%20Management%20Audit%20Checklist.md) |
|
||||
| 19 | Risk Assessment and Response | Risk assessment structure | Is there an effective risk assessment system that involves appropriate levels of the management and managers? | Yes. | [Risk Management](Risk%20Management/Risk%20Management.md)<br />Risk Review<br />[Risk Report](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Report.xlsx)<br />[Processes](../../)<br />Process Risk Control Matrix |
|
||||
| 20 | Risk Assessment and Response | Risk assessment structure | Does the management asses the risk considering not only superficial facts but also backgrounds, incidents and other substantial elements? | Yes. | [Risk Management](Risk%20Management/Risk%20Management.md)<br />Risk Review<br />[Risk Report](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Report.xlsx)<br />[Processes](../../)<br />Process Risk Control Matrix |
|
||||
| 21 | Risk Assessment and Response | Risk assessment structure | Does the management appropriately assess and address fraud risks based on not only superficial facts regarding fraud, but also incentives, causes, backgrounds and other factors that may result in fraud? | Yes. | [Risk Management](Risk%20Management/Risk%20Management.md)<br />Risk Review<br />[Risk Report](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Report.xlsx)<br />[Processes](../../)<br />Process Risk Control Matrix |
|
||||
| 22 | Risk Assessment and Response | Risk assessment structure | How does the management reassess the risk and take appropriate measures whenever changes occur that may have a significant impact on the company? | This is done at least annually during the risk review. | Risk Review |
|
||||
| 19 | Risk Assessment and Response | Risk assessment structure | Is there an effective risk assessment system that involves appropriate levels of the management and managers? | Yes. | [Risk Management](Risk%20Management/Risk%20Management.md)<br />[Risk Management Review](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Management%20Review%20Template.md)<br />[Risk Report](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Report.xlsx)<br />[Processes](../../)<br />Process Risk Control Matrix |
|
||||
| 20 | Risk Assessment and Response | Risk assessment structure | Does the management asses the risk considering not only superficial facts but also backgrounds, incidents and other substantial elements? | Yes. | [Risk Management](Risk%20Management/Risk%20Management.md)<br />[Risk Management Review](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Management%20Review%20Template.md)<br />[Risk Report](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Report.xlsx)<br />[Processes](../../)<br />Process Risk Control Matrix |
|
||||
| 21 | Risk Assessment and Response | Risk assessment structure | Does the management appropriately assess and address fraud risks based on not only superficial facts regarding fraud, but also incentives, causes, backgrounds and other factors that may result in fraud? | Yes. | [Risk Management](Risk%20Management/Risk%20Management.md)<br />[Risk Management Review](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Management%20Review%20Template.md)<br />[Risk Report](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Report.xlsx)<br />[Processes](../../)<br />Process Risk Control Matrix |
|
||||
| 22 | Risk Assessment and Response | Risk assessment structure | How does the management reassess the risk and take appropriate measures whenever changes occur that may have a significant impact on the company? | This is done at least annually during the risk review. | [Risk Management Review](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Management%20Review%20Template.md) |
|
||||
| 23 | Communication and information | Communicating information | How are the management's or supervisor's instruction communicated to all employees? | This is done by providing the processes, policies and guidelines to all employees. | [Processes](../../)<br />[Guidelines & Policies](https://github.com/Karaka-Management/Organization-Guide/tree/master/Policies%20%26%20Guidelines) |
|
||||
| 24 | Communication and information | Internal reporting | Do you have the Whistleblower System or other internal reporting program? | Yes, there is a whistleblower system in place. | [Whistleblower System](https://github.com/Karaka-Management/Organization-Guide/blob/master/Policies%20%26%20Guidelines/Whistleblower%20System.md) |
|
||||
| 25 | Communication and information | Internal reporting | Is the system or program in operation according to its original design? | Yes, according to the annual check. | [Quality Management Audit Checklist](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/Quality%20Management%20Audit%20Checklist.md) |
|
||||
|
|
@ -31,10 +31,10 @@
|
|||
| 27 | Communication and information | Financial information | How are the accounting and financial information or data from relevant business processes input to your accounting system or application? | Partly automatic (e.g. invoice scanning, customer invoices, online orders) and partly manually (e.g. accruals, manual bookings) | |
|
||||
| 28 | Communication and information | Information sharing with managements | What are your internal rules regarding information sharing for the management? | This is defined in the management process and organization guidelines. | Process: [Management](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/07_Management.md)<br />[Organization Guidelines ](https://github.com/Karaka-Management/Organization-Guide/blob/master/Policies%20%26%20Guidelines/Organization%20Guidelines.md) |
|
||||
| 29 | Communication and information | Information sharing with managements | How does your management share information with each other in actual business? | During executive committee meetings, monthly reporting and budgeting process. | Executive Committee Meeting Minutes<br />Monthly Reporting<br />Annual Budget |
|
||||
| 30 | Monitoring | Ongoing monitoring | How are ongoing monitoring activities appropriately embedded within the company's overall business operations? | This is done during the monthly reporting, annual budget, executive committee meeting and risk review. | Monthly Reporting<br />Budget<br />Executive Committee Meeting Minutes<br />Risk Review |
|
||||
| 30 | Monitoring | Ongoing monitoring | How are ongoing monitoring activities appropriately embedded within the company's overall business operations? | This is done during the monthly reporting, annual budget, executive committee meeting and risk review. | Monthly Reporting<br />Budget<br />Executive Committee Meeting Minutes<br />[Risk Management Review](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Management%20Review%20Template.md) |
|
||||
| 31 | Monitoring | Ongoing monitoring | Are the ongoing monitoring activities operated appropriately according to the original designs and purposes? | Yes. | [Quality Management Audit Checklist](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/Quality%20Management%20Audit%20Checklist.md) |
|
||||
| 32 | Monitoring | Independent monitoring | Do you have any independent monitoring system other than ongoing monitoring activities embedded within the company's business operations, such as internal audits and how are they implemented? | Yes, internal audits are performed. | [Internal Quality Management Audit](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/Internal%20Quality%20Management%20Audit%20Form.md) |
|
||||
| 33 | Monitoring | Independent monitoring | Are the ongoing monitoring activities operated appropriately according to the original designs and purposes | Yes. | [Quality Management Audit Checklist](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/Quality%20Management%20Audit%20Checklist.md) |
|
||||
| 34 | Monitoring | Response to results of monitoring | How are errors, material weakness of internal controls, etc. detected through the performance of control activities or noticed from outside the company timely reported to the management or senior managers and appropriately investigated and properly addressed? | This is ensured through the executive committee meeting, risk review, internal audit and Whistleblower system. | Executive Committee Meeting Minutes<br />Risk Review<br />[Internal Quality Management Audit](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/Internal%20Quality%20Management%20Audit%20Form.md) |
|
||||
| 34 | Monitoring | Response to results of monitoring | How are errors, material weakness of internal controls, etc. detected through the performance of control activities or noticed from outside the company timely reported to the management or senior managers and appropriately investigated and properly addressed? | This is ensured through the executive committee meeting, risk review, internal audit and Whistleblower system. | Executive Committee Meeting Minutes<br />[Risk Management Review](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/COSO/Risk%20Management/Risk%20Management%20Review%20Template.md)<br />[Internal Quality Management Audit](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/Quality%20Management/Internal%20Quality%20Management%20Audit%20Form.md) |
|
||||
|
||||
2024-03-20 - Version 2.0
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user