mirror of
https://github.com/Karaka-Management/Organization-Guide.git
synced 2026-01-16 06:58:41 +00:00
42 lines
6.7 KiB
Markdown
42 lines
6.7 KiB
Markdown
# Purchase Risk Control Matrix
|
|
|
|
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY |
|
|
| ---- | -------------------------------------- | --------------------------- | ------------------------------------------------------------ | ---- | ---- | ---------------- | ----- | ---------------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- |
|
|
| 1 | Employee | Operational Risk (Purchase) | Purchasing not the optimal investment product due to no market research. *"Optimal" includes product/service quality, vendor reliability, price, ...* | 1 | 1 | Many times a day | | Preventing (Manual) | Compare products and vendors | 1 | 1 | | | yes | yes |
|
|
| 2 | See purchase approval table | Operational Risk (Purchase) | Unauthorized purchase (budget risks, fraud, compliance, ...) | 1 | 1 | Many times a day | | Preventing (Manual) | Authorize purchases according to the purchase approval table. This functions as control and separation of responsibilities. | 1 | 1 | | | yes | yes |
|
|
| 3 | Employee | Operational Risk (Purchase) | Critical information related to a purchase are not stored or difficult to find. | 1 | 1 | Many times a day | | Preventing (Manual & System) | Documents and important information related to a purchase are stored in the IT system referring the purchase. | 1 | 1 | | | yes | yes |
|
|
| 4 | Purchase | Operational Risk (Purchase) | Invalid invoice contents (formal and other mistakes/deviations) | 1 | 1 | Many times a day | | Preventing (System) | Automatic IT system checks. | 1 | 1 | | | yes | yes |
|
|
| 5 | Purchase | Operational Risk (Purchase) | Invalid invoice contents (formal and other mistakes/deviations) | 1 | 1 | Many times a day | | Preventing (Manual) | Additional manual invoice approval by purchase clerk. | 1 | 1 | | | yes | yes |
|
|
| 6 | Head of department + Head of purchase | Operational Risk (Purchase) | Deviations between order and invoice | 1 | 1 | Many times a day | | Preventing (Manual) | Approval by responsible staff. | 1 | 1 | | | yes | yes |
|
|
| 7 | Finance | Operational Risk (Finance) | Invalid posting. | 1 | 1 | Many times a day | | Preventing (System) | The IT system generates an automatic posting suggestion. | 1 | 1 | | | yes | yes |
|
|
| 8 | Finance | Operational Risk (Purchase) | Invalid posting suggestion. | 1 | 1 | Many times a day | | Preventing (Manual) | The accountant can adjust the posting suggestion from the IT system. | 1 | 1 | | | yes | yes |
|
|
| 9 | Head of finance | Operational Risk (Purchase) | Invalid posting. | 1 | 1 | Many times a day | | Preventing (System & Manual) | The head of finance checks a selection invoice postings randomly. | 1 | 1 | | | yes | yes |
|
|
| 10 | Finance | Operational Risk (Purchase) | Missing invoice payments. | 1 | 1 | Weekly | | Preventing (System) | The IT system generates a list of invoices for payment. | 1 | 1 | | | yes | yes |
|
|
| 11 | Finance | Operational Risk (Purchase) | Invalid cash back or forex calculations. | 1 | 1 | Weekly | | Preventing (System) | The IT system automatically calculates the cash back or forex differences. | 1 | 1 | | | yes | yes |
|
|
| 12 | Finance | Operational Risk (Purchase) | Invalid payment suggestion. | 1 | 1 | Weekly | | Preventing (Manual) | The accountant can add or remove payments. | 1 | 1 | | | yes | yes |
|
|
| 13 | Finance + Head of finance | Operational Risk (Purchase) | Invalid payments | 1 | 1 | Weekly | | Preventing (System & Manual) | Both accountant and head of finance approve the payments. The payment list shows which invoices got manually added, excluded and adjusted. | 1 | 1 | | | yes | yes |
|
|
| 14 | Purchase | Operational Risk (Purchase) | Missing supplier information (e.g. important tax information) | 1 | 1 | Many times a day | | Preventing (System) | The IT system requires mandatory information before invoices can be created for a supplier. | 1 | 1 | | | yes | yes |
|
|
| 15 | Purchase | Operational Risk (Purchase) | Invalid supplier information | 1 | 1 | Many times a day | | Preventing (System) | The IT system performs automatic checks. | 1 | 1 | | | yes | yes |
|
|
| 16 | Head of purchase | Operational Risk (Purchase) | False positive supplier errors. | 1 | 1 | Many times a day | | Preventing (Manual) | Manual supplier approval by head of purchase | 1 | 1 | | | yes | yes |
|
|
| 17 | Purchase | Operational Risk (Purchase) | Critical changes to suppliers (e.g. sanctions) | 1 | 1 | Daily | | Preventing (System) | The IT system automatically checks suppliers against sanction lists every day. | 1 | 1 | | | yes | yes |
|
|
|
|
## Abbreviations
|
|
|
|
* R: Responsible
|
|
|
|
* L: Likelihood (1-5)
|
|
|
|
* C: Consequence (1-5)
|
|
|
|
* L\*/C\*: Likelihood and Consequence after mitigation
|
|
|
|
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
|
|
|
|
* ES: Effective
|
|
|
|
* EY: Efficient
|
|
|
|
|
|
|
|
2022-01-01 - Version 1.0
|