mirror of
https://github.com/Karaka-Management/Organization-Guide.git
synced 2026-01-15 22:48:41 +00:00
1.7 KiB
1.7 KiB
Purchase Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Employee | Operational Risk (Purchase) | Purchasing not the optimal product due to no market research. "Optimal" includes product/service quality, vendor reliability, price, ... | 1 | 1 | Many times a day | Preventing (Manual) | Compare products and vendors | 1 | 1 | yes | yes | ||
| 2 | See purchase approval table | Operational Risk (Purchase) | Unauthorized purchase (budget risks, fraud, compliance, ...) | 1 | 1 | Many times a day | Preventing (Manual) | Authorize purchases according to the purchase approval table. This functions as control and separation of responsibilities. | 1 | 1 | yes | yes | ||
| 3 | Purchase + Employee | Operational Risk (Purchase) | Invalid invoice contents (formal or other mistakes) | 1 | 1 | Many times a day | Preventing (Manual & System) | Automatic system checks and manual checks. | 1 | 1 | yes | yes |
2022-01-01 - Version 1.0