mirror of
https://github.com/Karaka-Management/Organization-Guide.git
synced 2026-01-12 13:28:41 +00:00
14 KiB
14 KiB
Company Level Controls (CLC)
| No. | Component | Control Area | Question | Answer | Evidence |
|---|---|---|---|---|---|
| 1 | Control Environment | Principle of financial reporting | Do you have basic financial reporting policies? | Yes, the organization follows the German law regarding financial reporting and internal reporting guidelines. | Financial laws (i.e. HGB, AO, Ustg, ...) Policies: Reporting Process: Finance |
| 2 | Control Environment | Understanding accounting policies | Are the selected accounting principles approved? | Yes, employees are required to act according to the the German law and follow the accounting policies. | Financial laws (i.e. HGB, AO, Ustg, ...) Policies: Accounting |
| 3 | Control Environment | Management philosophy and application | Does management determine the management philosophy, operating style and code of ethics and manifest them to employees? | Yes, all are described in the organization guidelines | Code of Conduct Organization Guidelines Conflict of Interest Policy Confidentiality Policy |
| 4 | Control Environment | Management philosophy and application | Do you have any procedures or processes to re-mediate detected behaviors deviating from the management philosophy, operating style and code of ethics | Yes, public email to submit deviating behavior, public discussion and issue tracker to bring forward deviating behavior | Code of Conduct Discussions Issues |
| 5 | Control Environment | Management philosophy and application | In case you find deviations from the principles, do you deal with them according to the predetermined procedures or processes? | Yes, so far no such case occurred | Code of Conduct Organization Guidelines Conflict of Interest Policy Confidentiality Policy |
| 6 | Control Environment | Director | Do you have any company rules to clearly specify that the board of directors or a director in charge have responsibilities for appropriately supervising and monitoring the management in regard to the financial reporting and relevant internal controls? | Yes, legal obligations and the finance process must be followed. | Process: Finance |
| 7 | Control Environment | Director | Does the board of directors or corporate auditors supervise the performance of management regard the financial reporting and relevant internal controls? | Yes, financial controls are audited by independent auditors | Annual year end audit |
| 8 | Control Environment | Organization | Does the management appropriately improve organizational structures or practices to resolve existing problems considering the size, content of the operations and business objectives of the company? | Yes, during the budget process and if necessary based on information provided during meetings such as the executive committee meeting. | Budget Executive Committee Meeting Minutes |
| 9 | Control Environment | Organization | Does the management assign roles in regard to each function and activity unit in the company? | Yes. This can be seen in the organigram. | Organigram Processes Checklists |
| 10 | Control Environment | Organization | Do you have any rules to clarify segregation of duties and appropriately delegate authority and responsibilities to personnel in charge of each function and activity unit in the company? | Yes. This can be seen in the organigram and in the processes. | Organigram Processes Checklists |
| 11 | Control Environment | Organization | Does the management assign a person in charge for each role? | Yes. This can be seen in the organigram. | Organigram Processes Checklists |
| 12 | Control Environment | Power | Are the assignment of responsibilities and delegation of authority made clear to all employees? | Yes. This can be seen in the organigram and processes. | Organigram Processes Checklists |
| 13 | Control Environment | Power | Is the delegation of responsibilities and authority to employees, etc. kept at appropriate levels, not without limitation? | Yes. This can be seen in the organigram and processes. | Organigram Processes Checklists |
| 14 | Control Environment | Power | Are the delegation of responsibilities and authority to employees, etc. updated on a timely basis in case organizational structures or other fundamentals of the company are changed? | Yes. This can be seen in the organigram and processes. | Organigram Processes Checklists |
| 15 | Control Activities | Business procedure | Are policies and procedures or operating manuals established to ensure the performance of control activities that sufficiently mitigate and address the risks in business operations, especially in regard to the reliability of the financial reporting? | Yes. This is done in the risk control matrix of every process, risk management, CLC and ITGC. | Process Risk Control Matrix Risk Management Risk Review CLC ITGC |
| 16 | Control Activities | Business procedure | How do you confirm if employees perform their operations in compliance with policies and procedures or operating manuals? | This is done through the implemented controls and annual risk review. | Process Risk Control Matrix Risk Review |
| 17 | Control Environment | Personnel deployment and training | Does the management identify the competencies necessary for the company and procure/dispatch qualified personnel | Yes, this is done during the HR search and the employee evaluation. | Job description Employee Evaluation Form |
| 18 | Control Environment | Personnel deployment and training | Are the competencies necessary reviewed regularly and maintained appropriately? | Yes, this is done during the HR search and the annual employee evaluation. | Job description Employee Evaluation Form |
| 19 | Control Environment | Personnel deployment and training | Does the management provide employees, etc. with the means, training etc. necessary to fulfill their duties and support them in the improvement of their abilities? | Yes, this is done during the training period and checked in the employee evaluation. | Training Form Employee Evaluation Form |
| 20 | Control Environment | Personnel evaluation | Do you have personnel evaluation standards? | Yes, all employee evaluations must be performed based on the standard evaluation form. | Employee Evaluation Form |
| 21 | Control Environment | Personnel evaluation | Are the personnel evaluation standards regularly reviewed and updated appropriately? | Yes, during the annual quality management audit. | Quality Management Audit Checklist |
| 22 | Risk Assessment and Response | Risk assessment structure | Is there an effective risk assessment system that involves appropriate levels of the management and managers? | Yes. | Risk Management Risk Review Risk Register Processes Process Risk Control Matrix |
| 23 | Risk Assessment and Response | Risk assessment structure | Does the management asses the risk considering not only superficial facts but also backgrounds, incidents and other substantial elements? | Yes. | Risk Management Risk Review Risk Register Processes Process Risk Control Matrix |
| 24 | Risk Assessment and Response | Risk assessment structure | Does the management appropriately assess and address fraud risks based on not only superficial facts regarding fraud, but also incentives, causes, backgrounds and other factors that may result in fraud? | Yes. | Risk Management Risk Review Risk Register Processes Process Risk Control Matrix |
| 25 | Risk Assessment and Response | Risk assessment structure | Does the management reassess the risk and take appropriate measures whenever changes occur that may have a significant impact on the company? | Yes, this is done at least annually during the risk review. | Risk Review |
| 26 | Communication and information | Communicating information | Are the management's or supervisor's instruction communicated to all employees? | Yes, this is done by providing the processes, policies and guidelines to all employees. | Processes Policies |
| 28 | Communication and information | Internal reporting | Do you have the Whistleblower System or other internal reporting program? | Yes, there is a email address which sends the incident to all executive committee members. | compliance@karaka.app |
| 29 | Communication and information | Internal reporting | Is the system or program in operation according to its original design? | Yes, according to the annual check. | Quality Management Audit Checklist |
| 30 | Communication and information | Financial information | How does the management acquire or access the accounting and financial information of the company? | Financial information are provided during the budgeting process, monthly reporting and executive committee meeting. | Budget Monthly Reporting Executive Committee Meeting |
| 31 | Communication and information | Financial information | How are the accounting and financial information or data from relevant business processes input to your accounting system or application? | Partly automatic (e.g. invoice scanning, customer invoices, online orders) and partly manually (e.g. accruals, manual bookings) | |
| 32 | Communication and information | Information sharing with managements | Do you have any internal rules documents which stipulate that the managements should share business an other information with each other? | Yes, this is defined in the management process and organization guidelines. | Process: Management Organization Guidelines |
| 33 | Communication and information | Information sharing with managements | Does your management share information with each other in actual business? | Yes. During executive committee meetings, monthly reporting and budgeting process. | Executive Committee Meeting Minutes Monthly Reporting Annual Budget |
| 34 | Monitoring | Ongoing monitoring | Are ongoing monitoring activities appropriately embedded within the company's overall business operations? | Yes, this is done during the monthly reporting, annual budget, executive committee meeting and risk review. | Monthly Reporting Budget Executive Committee Meeting Minutes Risk Review |
| 35 | Monitoring | Ongoing monitoring | Are the ongoing monitoring activities operated appropriately according to the original designs and purposes? | Yes. | Quality Management Audit Checklist |
| 36 | Monitoring | Independent monitoring | Do you have any independent monitoring system other than ongoing monitoring activities embedded within the company's business operations, such as internal audits? | Yes. | Internal Quality Management Audit |
| 37 | Monitoring | Independent monitoring | Are the ongoing monitoring activities operated appropriately according to the original designs and purposes | Yes. | Quality Management Audit Checklist |
| 38 | Monitoring | Response to results of monitoring | Are errors, material weakness of internal controls, etc. detected through the performance of control activities or noticed from outside the company timely reported to the management or senior managers and appropriately investigated and properly addressed? | Yes, this is ensured through the executive committee meeting, risk review, internal audit and Whistleblower system. | Executive Committee Meeting Minutes Risk Review Internal Quality Management Audit |
2022-01-01 - Version 1.0