CORPORATE STRATEGIC and OPERATIONAL CONTROLS

CORPORATE STRATEGIC and OPERATIONAL CONTROLS

TABLE OF CONTENTS

DEDICATIONS xv

DISCLAIMER xvi

BOOK SYNOPSIS xvii

PREFACE xxvii

PART A: BASIC TERMS AND CONCEPTS 1

CHAPTER 1: INTRODUCTION TO MANAGEMENT, REGULATIONS AND CONTROLS 3

1.1. Chapter Summary 3

1.2. Management Roles 4

1.3. Levels of Management Structure 5

1.4. Legal and Religious Systems 5

1.4.1. Civil Law 6

1.4.2. Common Law 6

1.4.3. Religious Laws 7

1.5. International Regulations, Guidelines and Control Frameworks 9

1.5.1. Introduction 9

1.5.2. Corporate Governance Guidelines 11

1.5.2.1. The UN Global Compact Guidelines 11

1.5.2.2. The ILO Declaration on Fundamental Principles and Rights at Work 12

1.5.2.3. The OECD Corporate Governance Guidelines 13

1.5.2.4. The Canadian Coalition for Good Governance Guidelines 13

1.5.2.5. The U.S. GLB Act 15

1.5.2.6. The U.S. HIPAA Act 15

1.5.2.7. The GRI Framework 16

1.5.3. Internal Control Frameworks 17

1.5.3.1. The COSO Framework 17

1.5.3.2. The Sarbanes - Oxley (SOX) Act 17

1.5.3.3. The BIS Framework 18

1.5.4. IT related Control Frameworks 18

1.5.5. IT Security Guidelines and Standards 19

1.6. Key Concepts of Management Controls 19

1.6.1. Management Control Systems 19

1.6.2. Description of the concept of control 20

1.6.3. Characteristics of Control 21

1.6.4. Organizational, Strategic and Operational Control 21

1.6.5. Problems of Control 23

1.6.6. Measurement of Output 23

1.6.7. Setting Standards 24

1.6.8. The Importance of Strategic Control 25

1.6.9. Differences Between Strategic and Operational Control 26

1.7. Conclusion 29

1.8. Review Questions 29

1.9. End Notes 30

1.10. Selected References 32

CHAPTER 2: PROPOSED ORGANIZATIONAL CONTROLS FRAMEWORK 35

2.1. Chapter Summary 35

2.2. Description of the Present Socio-Economic Environment 36

2.3. Socio-economic needs for the Organizational Controls Framework 38

2.4. Regulatory Control Frameworks 44

2.4.1. The COSO Framework 44

2.4.2. The Sarbanes - Oxley (SOX) Act 47

2.4.3. The BIS Framework 48

The full framework contains the following: 53

2.4.4. The COBIT Framework 54

2.4.5. The ITIL Framework 54

2.5. Basic Components of the proposed Organizational Controls Framework 55

2.5.1. Organization Controls Framework Checklist 55

2.5.2. Proposed Organizational Controls Framework 56

2.6. Conclusion 59

2.7. Review Questions 60

2.8. End Notes 61

2.9. Selected References 63

PART B: MAIN ORGANIZATIONAL CONTROLS 65

CHAPTER 3: CORPORATE PHILOSOPHY CONTROLS 67

3.1. Chapter Summary 67

3.2. Purpose of Corporate Philosophy Controls 68

3.3. Main Corporate Philosophy Controls 70

3.3.1. Vision, Mission and Values Statements 70

3.3.2. Corporate Ethics Policy 74

3.3.3. Corporate Social Responsibility Policy 81

3.3.4. Corporate Ethics Committee, Office and Program 82

3.3.5. Other Relevant Corporate Policies 83

3.4. Corporate Philosophy Performance Measures 84

3.5. Review and Audit Tools and Techniques 84

3.5.1. Corporate Vision, Mission, and Values Statements Checklist 85

3.5.2. Departmental Vision, Mission, and Values Statements Checklist 86

3.5.3. Corporate Ethics Policy Checklist 86

3.5.4. Corporate Ethics Program Checklist 87

3.5.5. Corporate Fraud Management Checklist 88

3.6. Conclusion 91

3.7. Review Questions 93

3.8. End Notes 93

3.9. Selected References 94

CHAPTER 4: MAIN CORPORATE GOVERNANCE CONTROLS 97

4.1. Chapter Summary 97

4.2. Purpose and Main Types of Corporate Governance Controls 98

4.3. Board of Directors Charter 99

4.4. Corporate Committees 101

4.4.1. Audit Committee 102

4.4.2. Benefits and Personnel Committee 105

4.4.3. Information Technology (IT) Committee 105

4.4.4. Financial Issues Committee 105

4.4.5. Business Continuity Issues Committee 105

4.5. Corporate Policies 106

4.5.1. Financial Accounting Policy 106

4.5.2. Customer Relations Policy 107

4.5.3. Fraud and Theft Policy 107

4.5.4. Human Rights Policy 108

4.5.5. Community Relations Policy 108

4.5.6. Information Technology Policy 108

4.5.7. Health and Safety Policy 109

4.5.8. Privacy of Information Policy 109

4.5.9. Information Sensitivity Policy 109

4.5.10. Environment Management Policy 110

4.5.11. Fixed Asset Management Policy 111

4.6. Corporate Processes and Plans 112

4.6.1. Corporate Strategic Plans 112

4.6.2. Performance Management Process 112

4.6.2.1. Performance Management Policy 112

4.6.3. Risk Management Process 115

4.6.4. Internal Audit Process 117

4.5.5. Business Continuity Plan 119

4.5.6. Employee Management Policies and Procedures Handbook 120

4.5.7. Transaction Authorization Controls 120

4.5.8. Corporate Compliance Officer 121

4.6. Other Corporate Controls 123

4.7. Corporate Governance Performance Measures 123

4.8. Review and Audit Tools and Techniques 123

4.8.1. Internal Controls Framework Checklist 124

4.8.2. Business Continuity Audit Review Program 124

4.8.3. Generic Performance Audit Program 125

4.9. Conclusion 127

4.10. Review Questions 127

4.11. End Notes 128

4.12. Selected References 130

CHAPTER 5: STRATEGIC MANAGEMENT CONTROLS 133

5.1. Chapter Summary 133

5.2. Purpose and Main Types of Strategic Management Controls 134

5.3. Corporate Strategic Planning Committee 136

5.4. Strategic Plans 138

5.4.1. Description of Strategy 138

5.4.2. Strategy Types 139

5.4.3. Description of the Strategic Management Process 140

5.4.4. Objectives of the Strategic Management Control System 142

5.4.5. How to create a Corporate Strategic Plan 142

5.4.6. Strategic Process Methodology 143

5.4.7. Corporate Strategic Plan-Example 151

5.4.8. Strategic Resource Plans 153

5.5. Strategic Budgets 153

5.6. Strategy Implementation Action Plans 154

5.7. Performance Management Framework 155

5.8. Strategic Performance Measures 156

5.9. Review and Audit Tools and Techniques 156

5.9.1. Strategic Readiness Checklist 157

5.9.2. Business Idea Development Checklist 161

5.9.3. Corporate Strategic Plan Checklist 161

5.10. Conclusion 163

5.11. Review Questions 164

5.12. End Notes 165

5.13. Selected References 168

CHAPTER 6: FINANCIAL CONTROLS 171

6.1. Chapter Summary 171

6.2. Purpose and Main Types of Financial Controls 172

6.3. Financial Organization Controls 173

6.3.1. Financial Issues Committee 174

6.3.2. The Function of the Controller 174

6.3.3. Accounting Manager – Job Description 175

6.3.4. Budget Department 176

6.4. Financial Policies and Procedures 176

6.4.1. Financial Accounting Controls Policy 177

6.4.2. Financial Accounting Procedures 179

6.4.3. Financial Revenue Procedures 179

6.4.4. Budgeting Procedure 180

6.5. General Ledger Controls 187

6.5.1. Chart of Accounts 187

6.5.2. General Ledger 187

6.5.3. Trial Balance 188

6.5.4. Financial Statements 188

6.6. Computerized Financial Systems 189

6.6.1. General Ledger Financial Systems 189

6.6.2. Customer Invoicing (CI) Systems 190

6.6.3. Accounts Payable (AP) Systems 190

6.6.4. Customer Orders /Sales Processing (COP) Systems 190

6.6.5. Payroll Systems 191

6.7. Financial Performance Measures 191

6.8. Review and Audit Tools and Techniques 192

6.8.1. Detail Management Controls Checklist 192

6.8.2. Financial Management Controls Checklist 193

6.8.3. Asset Management Controls Checklist 194

6.9. Conclusion 194

6.10. Review Questions 195

6.11. End Notes 196

6.12. Selected References 199

CHAPTER 7: ADMINISTRATIVE CONTROLS 201

7.1. Chapter Summary 201

7.2. Purpose and Main Types of Administrative Controls 202

7.3. Administrative Organizational Controls 203

7.3.1. Corporate Committees 203

7.3.2. Organizational Structure and Departmental Terms of Reference 204

7.4. Administrative Procedures 206

7.4.1. Files, Documents and Records Management Procedures 207

7.4.2. Confidential Information Release Procedures 208

7.4.3. Management Reporting Procedures 209

7.4.4. Asset Protection Procedures 209

7.4.5. Legal Procedures 210

7.5. Administrative Office Controls 210

7.5.1. Physical Security Controls 210

7.5.2. Mail Controls 211

7.5.3. EDI Controls 211

7.5.4. Facsimile Transmission Controls 213

7.5.5. Personnel Management Controls 213

7.5.6. Social Engineering Controls 214

7.5.7. Daily Activities Controls 216

7.6. Policies, Procedures and Forms Controls 220

7.7. Administrative Performance Measures 221

7.8. Review and Audit Tools and Techniques 221

7.8.1. Internal Controls System: Policies and Procedures Checklist 222

7.8.2. Departmental Terms of Reference Checklist 223

7.8.3. Records Management System Checklist 224

7.8.4. Legal Issues Checklist 225

7.9. Conclusion 225

7.10. Review Questions 226

7.11. End Notes 227

7.12. Selected References 228

CHAPTER 8: HUMAN RESOURCE CONTROLS 231

8.1. Chapter Summary 231

8.2. Purpose and Main Types of Human Resource Controls 232

8.3. Human Rights Policy 233

8.4. Benefits and Personnel Committee 234

8.5. Human Resource (HR) Systems 235

8.6. Personnel Administration Procedures 237

8.7. Employee Management Policies and Procedures Handbook 241

8.8. Human Resource Performance Measures 253

8.9. Review and Audit Tools and Techniques 254

8.9.1. Human Resources Management System Checklist 254

8.9.2. Personnel Responsibilities and Skills Checklist 255

8.9.3. Personnel Management Audit Program 255

8.10. Conclusion 256

8.11. Review Questions 257

8.12. End Notes 258

8.13. Selected References 260

CHAPTER 9: PRODUCTION CONTROLS 261

9.1. Chapter Summary 262

9.2. Purpose and Main Types of Production Controls 263

9.3. Purpose and Main Types of Production Controls 264

9.4. Operations Policies and Procedures 265

9.4.1. Purchasing Process and Procedural Controls 267

9.4.2. Inventory Control Procedures 271

9.4.3. Project Management Controls 271

9.5. Manufacturing Process Controls 272

9.5.1. New Product Development Controls 272

9.5.2. Bill of Materials (BOM) File 273

9.5.3. Master Production Schedule (MPS) 273

9.5.4. Material Requirements Planning (MRP) 273

9.5.5. Inventory Master Records (IMR) File 273

9.5.6. Inventory Transactions File 274

9.5.7. Preventive Maintenance Controls 274

9.6. Computerized Production Information Systems 275

9.6.1. Material Requirements Planning (MRP) System 276

9.6.2. Cost Accounting (CA) System 276

9.6.3. Production Planning and Control (PPC) System 276

9.6.4. Enterprise Resource Planning (ERP) System 276

9.7. Quality Management Controls 277

9.8. Standardization Procedures 280

9.9. Performance Management Controls 281

9.9.1. Divisional, Departmental and Individual Performance Goals 281

9.9.2. Production Performance Measures 282

9.10. Review and Audit Tools and Techniques 286

9.10.1. Production Process Audit Program 286

9.10.2. Purchasing Controls Checklist 287

9.10.3. Inventory Controls Checklist 288

9.10.4. Quality Management Controls Checklist 289

9.11. Conclusion 289

9.12. Review Questions 290

9.13. End Notes 291

9.14. Selected References 293

CHAPTER 10: INFORMATION TECHNOLOGY (IT) CONTROLS 295

10.1. Chapter Summary 295

10.2. Purpose and Main Types of IT Controls 295

10.3. IT Organization Controls 297

10.4. IT Administration Controls 299

10.5. IT Strategy Controls 300

10.5.1. IT Strategic Process Methodology 301

10.5.2. IT Strategic Plan 301

10.6. System Development Controls 302

10.7. IT Security Controls 303

10.8. IT Operational Controls 309

10.9. IT Technical Controls 311

10.10. Computerized Application Controls 311

10.11. IT Performance Management Controls 316

10.11.1. IT Balanced Scorecard 316

10.11.2. IT Management Reporting 318

10.12. Review and Audit Tools and Techniques 318

10.12.1. IT Terms of Reference Checklist 318

10.12.2. IT Vision, Mission, and Values Checklist 319

10.12.3. IT Strategic Planning Checklist 320

10.12.4. IT Technology Coverage Checklist 321

10.12.5. IT Performance Assessment Audit Program 322

10.13. Conclusion 323

10.14. Review Questions 324

10.15. End Notes 325

10.16. Selected References 326

PART C: DESIGN, IMPLEMENTATION AND MONITORING OF CONTROLS 329

CHAPTER 11: DESIGNING STRATEGIC AND OPERATIONAL CONTROLS 331

11.1. Chapter Summary 331

11.2. Basic Components of Designing Strategic and Operational Controls 332

11.3. The Process of Strategic and Operational Controls 332

11.4. Objectives of a Strategic and Operational Control System 333

11.5. Selecting a Strategic and Operational Control System 334

11.6. Designing Strategic Management Controls 335

11.6.1. Strategic Controls Process 336

11.7. Corporate Policies and Procedures Management Plan 339

11.8. Management Duties, Responsibilities and Conflicts of Interest Guidelines 340

11.8.1. Duties and Responsibilities 340

11.8.2. Conflicts of Interest Guidelines 343

11.9. Key Issues in Designing Strategic and Operational Controls 344

11.10. Frameworks for Implementing Strategic Controls 345

11.10.1. The BSC Framework 345

11.10.2. The Total Quality Management (TQM) Framework 349

11.10.3. The EFQM Framework 352

11.10.4. Common Assessment Framework (CAF) 352

11.10.5. Other Frameworks 354

11.10.6. Comparative Analysis of Frameworks 355

11.11. Performance Measures for Designing Controls 356

11.12. Review and Audit Tools and Techniques 356

11.12.1. Strategic Management Controls Checklist 356

11.12.2. Organizational Controls Readiness Checklist 358

11.13. Conclusion 360

11.14. Review Questions 361

11.15. End Notes 363

11.16. Selected References 365

CHAPTER 12: Implementing STRATEGIC and operational CONTROLS WITH THE BSC 367

12.1. Chapter Summary 368

12.2. Basic Components of Implementing Strategic Management Controls 368

12.3. The Rationale for BSC Development and Implementation 369

12.4. The BSC General Implementation Process 369

12.5. BSC Detail Implementation Approaches 372

12.5.1. Full-Scale BSC Implementation Methodology 372

12.5.2. BSC Quick Implementation Approach 386

12.5.3. Linking the various BSC components 388

12.6. Critical Success Factors in Implementing Strategic Controls 390

12.7. Examples of Strategic Management Controls Implemented via BSC 391

12.8. Performance Measures for Implementing Controls 392

12.9. Review and Audit Tools and Techniques 392

12.9.1. BSC Implementation Checklist 392

12.9.2. Strategic Controls Implementation Checklist 394

12.9.3. Strategic and Operational Controls Checklist 395

12.10. Conclusion 396

12.11. Review Questions 397

12.12. End Notes 398

12.13. Selected References 399

CHAPTER 13: Monitoring AND REVIEW CONTROLS 401

13.1. Chapter Summary 401

13.2. Purpose and Main Types of Monitoring and Review Controls 402

13.3. Monitoring Controls System 404

13.4. Monitoring Implementation of the Strategic Plan 405

13.5. Monitoring Implementation of Policies and Procedures 406

13.5.1. Continuous Management Monitoring Procedures 406

18.5.2. Communicating Performance Information Procedure 411

13.5.3. Management Reports Monitoring Procedures 411

13.5.4. Data Quality Monitoring Procedures 411

13.6. Review and Compliance Controls 414

13.6.1. Internal Audit Process 414

13.6.2. Corporate Compliance Officer 416

13.6.3. Daily Activities Review Controls 417

13.6.4. Computer Security Monitoring and Review Procedures 417

13.6.5. The Corporate Governance Information System (CGIS) 419

13.6.6. External Assessment Procedures 421

13.6.7. Self Assessment Procedures 421

13.7. Performance Measures for Monitoring Controls 422

13.8. Review and Audit Tools and Techniques 422

13.8.1. Organizational Controls Monitoring Audit Program 423

13.8.2. Communications System Review Checklist 425

13.8.3. Internal Audit Checklist 426

13.8.4. Monitoring Strategic Plan Checklist 427

13.8.5. Monitoring Corporate Controls Checklist 427

13.8.6. Monitoring IT Controls Checklist 428

13.9. Conclusion 432

13.10. Review Questions 433

13.11. End Notes 434

13.12. Selected References 436

APPENDICES 439

Appendix 1. The Code of Hammurabi 439

Appendix 2. The Ten Laws of Solon 440

Appendix 3. The Maxims of the Oracle of Delphi 441

Appendix 4. Examples of BSC Implementations 445

Appendix 5. Strategic Analysis and Assessment Methods and Tools 458

Appendix 6. Chief Information Officer – Job Description 463

Appendix 7. List of Audit and Review Programs 467

Appendix 8. List of Audit and Review Checklists 467

Appendix 9. Review Questions and Answers 469

GLOSSARY OF BUSINESS TERMS AND CONCEPTS 508

BIBLIOGRAPHY AND OTHER RESOURCES 533

SUMMARY BIOGRAPHICAL DATA OF AUTHORS 569