mirror of
https://github.com/Karaka-Management/Organization-Guide.git
synced 2026-01-19 16:18:41 +00:00
12 lines
1.7 KiB
Markdown
12 lines
1.7 KiB
Markdown
# Purchase Risk Control Matrix
|
|
|
|
| No. | R | Category | Risk Event | L | C | O | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY |
|
|
| ---- | --------------------------- | --------------------------- | ------------------------------------------------------------ | ---- | ---- | ---------------- | ---------------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- |
|
|
| 1 | Employee | Operational Risk (Purchase) | Purchasing not the optimal product due to no market research. *"Optimal" includes product/service quality, vendor reliability, price, ...* | 1 | 1 | Many times a day | Preventing (Manual) | Compare products and vendors | 1 | 1 | | | yes | yes |
|
|
| 2 | See purchase approval table | Operational Risk (Purchase) | Unauthorized purchase (budget risks, fraud, compliance, ...) | 1 | 1 | Many times a day | Preventing (Manual) | Authorize purchases according to the purchase approval table. This functions as control and separation of responsibilities. | 1 | 1 | | | yes | yes |
|
|
| 3 | Purchase + Employee | Operational Risk (Purchase) | Invalid invoice contents (formal or other mistakes) | 1 | 1 | Many times a day | Preventing (Manual & System) | Automatic system checks and manual checks. | 1 | 1 | | | yes | yes |
|
|
|
|
|
|
|
|
2022-01-01 - Version 1.0
|