mirror of
https://github.com/Karaka-Management/Organization-Guide.git
synced 2026-01-13 22:08:40 +00:00
18 KiB
18 KiB
Company Level Controls (CLC)
| No. | Component | Control Area | Question | Answer | Evidences |
|---|---|---|---|---|---|
| 1 | Control Environment | Management philosophy and application | Does management determine the management philosophy, operating style and code of ethics and how are they communicated to the employees? | Yes, all are described in the organization guidelines which are available to every employee. | Code of Conduct Organization Guidelines Conflict of Interest Policy Confidentiality Policy |
| 2 | Control Environment | Management philosophy and application | Which procedures or processes do you have to re-mediate detected behaviors deviating from the management philosophy, operating style and code of ethics. | Employees can submit deviations to a public email and employees can openly mention such deviations. | Code of Conduct Discussions Issues |
| 3 | Control Environment | Management philosophy and application | In case you find deviations from the principles, how do you deal with them? | So far no such case occurred but the company deals with them according to the German law and as described in the policies. | Code of Conduct Organization Guidelines Conflict of Interest Policy Confidentiality Policy |
| 4 | Control Environment | Director | How do you define the responsibilities of the management in regard to the financial reporting and relevant internal controls? | They are defined by the legal obligations and the processes. | Processes |
| 5 | Control Environment | Director | How does the board of directors or corporate auditors supervise the performance of management regard the financial reporting and relevant internal controls? | The financial statement and controls are audited annualy by independent auditors. | Annual year end audit |
| 6 | Control Environment | Organization | How does the management appropriately improve organizational structures or practices to resolve existing problems considering the size, content of the operations and business objectives of the company? | During the budget process and if necessary based on information provided during meetings such as the executive committee meeting. | Budget Executive Committee Meeting Minutes |
| 7 | Control Environment | Organization | How does the management assign roles in regard to each function and activity unit in the company? | This is handled in the organigram. | Organigram Processes Checklists |
| 8 | Control Environment | Organization | How do you clarify segregation of duties and appropriately delegate authority and responsibilities to personnel in charge of each function and activity unit in the company? | This is implemented in the organigram and in the processes. | Organigram Processes Checklists |
| 9 | Control Environment | Organization | Does the management assign a person in charge for each role? | Yes. This can be seen in the organigram. | Organigram Processes Checklists |
| 10 | Control Environment | Power | How are the assignment of responsibilities and delegation of authority made clear to all employees? | This can be seen in the organigram and processes available to all employees. | Organigram Processes Checklists |
| 11 | Control Environment | Power | How are the delegation of responsibilities and authority to employees, etc. updated in case organizational structures or other fundamentals of the company are changed? | Updates are implemented immediately on organizational structure changes or in case of changes in employees. | Organigram Processes Checklists |
| 12 | Control Activities | Business procedure | Which policies and procedures or operating manuals established to ensure the performance of control activities that sufficiently mitigate and address the risks in business operations, especially in regard to the reliability of the financial reporting exist? | The company implemented the process descriptions, risk control matrices of every process, risk management, CLC and ITGC. | Process Risk Control Matrix Risk Management Risk Management Review CLC ITGC |
| 13 | Control Activities | Business procedure | How do you confirm if employees perform their operations in compliance with policies and procedures or operating manuals? | This is done through the implemented controls and annual risk review. | Process Risk Control Matrix Risk Management Review |
| 14 | Control Environment | Personnel deployment and training | How does the management identify the competencies necessary for the company and procure/dispatch qualified personnel | This is done during the HR search and the employee evaluation. | Job description Employee Evaluation Form |
| 15 | Control Environment | Personnel deployment and training | How are the competencies necessary reviewed regularly and maintained appropriately? | This is done during the HR search and the annual employee evaluation. | Job description Employee Evaluation Form |
| 16 | Control Environment | Personnel deployment and training | Does the management provide employees, etc. with the means, training etc. necessary to fulfill their duties and support them in the improvement of their abilities and how is this implemented? | This is done during the training period and checked in the employee evaluation. If additional training or competencies are identified they are trained internally or through external seminars. | Training Plan Employee Evaluation Form |
| 17 | Control Environment | Personnel evaluation | What are your personnel evaluation standards? | All employee evaluations must be performed based on the standard evaluation form once a year. | Employee Evaluation Form |
| 18 | Control Environment | Personnel evaluation | How are the personnel evaluation standards regularly reviewed and updated appropriately? | During the annual quality management audit the evaluation form is reviewed. | Quality Management Audit Checklist |
| 19 | Risk Assessment and Response | Risk assessment structure | Is there an effective risk assessment system that involves appropriate levels of the management and managers? | Yes. | Risk Management Risk Management Review Risk Report Processes Process Risk Control Matrix |
| 20 | Risk Assessment and Response | Risk assessment structure | Does the management asses the risk considering not only superficial facts but also backgrounds, incidents and other substantial elements? | Yes. | Risk Management Risk Management Review Risk Report Processes Process Risk Control Matrix |
| 21 | Risk Assessment and Response | Risk assessment structure | Does the management appropriately assess and address fraud risks based on not only superficial facts regarding fraud, but also incentives, causes, backgrounds and other factors that may result in fraud? | Yes. | Risk Management Risk Management Review Risk Report Processes Process Risk Control Matrix |
| 22 | Risk Assessment and Response | Risk assessment structure | How does the management reassess the risk and take appropriate measures whenever changes occur that may have a significant impact on the company? | This is done at least annually during the risk review. | Risk Management Review |
| 23 | Communication and information | Communicating information | How are the management's or supervisor's instruction communicated to all employees? | This is done by providing the processes, policies and guidelines to all employees. | Processes Guidelines & Policies |
| 24 | Communication and information | Internal reporting | Do you have the Whistleblower System or other internal reporting program? | Yes, there is a whistleblower system in place. | Whistleblower System |
| 25 | Communication and information | Internal reporting | Is the system or program in operation according to its original design? | Yes, according to the annual check. | Quality Management Audit Checklist |
| 26 | Communication and information | Financial information | How does the management acquire or access the accounting and financial information of the company? | Financial information are provided during the budgeting process, monthly reporting and executive committee meeting. | Budget Monthly Reporting Executive Committee Meeting |
| 27 | Communication and information | Financial information | How are the accounting and financial information or data from relevant business processes input to your accounting system or application? | Partly automatic (e.g. invoice scanning, customer invoices, online orders) and partly manually (e.g. accruals, manual bookings) | |
| 28 | Communication and information | Information sharing with managements | What are your internal rules regarding information sharing for the management? | This is defined in the management process and organization guidelines. | Process: Management Organization Guidelines |
| 29 | Communication and information | Information sharing with managements | How does your management share information with each other in actual business? | During executive committee meetings, monthly reporting and budgeting process. | Executive Committee Meeting Minutes Monthly Reporting Annual Budget |
| 30 | Monitoring | Ongoing monitoring | How are ongoing monitoring activities appropriately embedded within the company's overall business operations? | This is done during the monthly reporting, annual budget, executive committee meeting and risk review. | Monthly Reporting Budget Executive Committee Meeting Minutes Risk Management Review |
| 31 | Monitoring | Ongoing monitoring | Are the ongoing monitoring activities operated appropriately according to the original designs and purposes? | Yes. | Quality Management Audit Checklist |
| 32 | Monitoring | Independent monitoring | Do you have any independent monitoring system other than ongoing monitoring activities embedded within the company's business operations, such as internal audits and how are they implemented? | Yes, internal audits are performed. | Internal Quality Management Audit |
| 33 | Monitoring | Independent monitoring | Are the ongoing monitoring activities operated appropriately according to the original designs and purposes | Yes. | Quality Management Audit Checklist |
| 34 | Monitoring | Response to results of monitoring | How are errors, material weakness of internal controls, etc. detected through the performance of control activities or noticed from outside the company timely reported to the management or senior managers and appropriately investigated and properly addressed? | This is ensured through the executive committee meeting, risk review, internal audit and Whistleblower system. | Executive Committee Meeting Minutes Risk Management Review Internal Quality Management Audit |
2024-03-20 - Version 2.0