PART 1
Chapter 1 About This Toolkit
Chapter 2 Defining the Role of a Controller
Introduction
Governance, Risk Management and Compliance (GRC).
Controller Job Responsibilities
The Controller as Business Partner
SECTION 1 – CORPORATE AND REPUTATIONAL RISK
Section Introduction
Chapter 3 The Controller and Risk Management
Introduction
Risk Management Process Flow
Risk Management Defined
Risk Management Models
Risk Management Table of Controls
Risk Management Risk and Controls Matrix
Chapter 4 The Controller and Ethics
Introduction
Ethics Program Process Flow
What is “Tone at the Top?”
Example Code of Conduct: MCI
Code of Conduct and Ethical Violations
Controllers and the Code of Conduct
The Reaction to Unethical Behavior
A Comparison of Sarbanes Oxley Section 302 and Section 404
Sox and Whistleblower Protection
Ethics Training Programs
Key Considerations for an Ethics Hotline
How to Manage an Ethics Hotline
How Do We Know That “Tone at the Top” Is Effective?
“Tone at the Top” and the “Tone in the Middle”
“Tone at the Top” and the U.S. Sentencing Guidelines
“Tone at the Top” and the Foreign Corrupt Practices Act (FCPA)
Anti-Bribery Provisions of the FCPA
Record Keeping Requirements of the FCPA
Guidelines for FCPA Compliance
The Dodd-Frank Act
The Whistleblower Protection Act of 1989
The False Claims Act
Table of Controls
Table of Risks and Controls
Chapter 5 The Controller and Corporate Governance
Introduction
Corporate Governance Process Flow
Corporate Governance for Small Business
Corporate Governance for Private Companies
The Financial Aspects of Corporate Governance (Cadbury Committee 1992)
The International Finance Corporation (IFC) and The Global Corporate Governance Forum
The Organization for Economic Cooperation and Development (OECD) and Corporate Governance
When Corporate Governance is Flawed
The Sarbanes Oxley Act of 2002 (SOX) and Corporate Governance
Table of Controls
Table of Risks and Controls
Chapter 6 Entity Level Controls
Introduction
Entity Level Controls Process Flow
Benefits of Entity Level Controls
Why Focus on Entity-Level Controls?
Why is Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework Important to Entity-Level Controls?
Implementing an Entity-Level Controls Framework
Examples of Entity-Level Controls
Executing an Entity-Level Controls Questionnaire
Table of Controls
Table of Risks and Controls
SECTION 2 – STRATEGIC AND M&A RISK
Section Introduction
Chapter 7 Strategic Planning and M&A
Introduction
Strategic Plan Process Flow
The Strategic Planning Process
Preparing for Strategy (Step 1)
Articulating the Mission, Vision, and Values (Step 2)
Sample Mission Statements
Vision Statements for New and Small Firms
Assessing the Situation (Step 3)
Developing Strategies, Goals, Objectives and Budget (Step 4)
Writing the Strategic Plan (Step 5)
Example Strategic Plan Table of Contents
Implementing the Strategic Plan (Step 6)
Evaluating the Effectiveness of the Strategic Plan (Step 7)
Mergers and Acquisitions (M&A)
The M&A Process Flow
The M&A Due Diligence Checklist
Table of Controls
Table of Risks and Controls
SECTION 3 – INTERNAL CONTROLS RISK
Introduction to this Section
Chapter 8 Internal Controls Program
Introduction
Internal Controls Process Flow
Application of Internal Controls
The Three Critical Corporate Controls
About the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Monitoring Internal Controls
Roles and Responsibilities
The Impact of the Sarbanes Oxley Act of 2002 (SOX) Section 404 on Internal Controls Programs
Internal Controls Best Practices for Privately Held Companies
Leveraging Internal Control Basics to Implement a Controls Self-Assessment (CSA) Program
Internal Controls and Fraud Prevention
The Fraud Triangle and Example of Fraud
The Fraud Diamond
Table of Controls
Table of Risks and Controls
SECTION 4 – COMPLIANCE RISK
Introduction to this Section
Chapter 9 Corporate Compliance
Introduction
Corporate Compliance Process Flow
The Chief Compliance Officer
Duties of the Chief Compliance Officer
The Controller’s Compliance Toolkit
Table of Controls
Table of Risks and Controls
PART 2
SECTION 5 – PAYMENT RISK
Introduction to this Section
Corporate Payments Market Drivers
Additional Statistics
Scope of Corporate Payments Risk
Table of Business Process, Sub-Process, Risk Impacts and Indicators
Chapter 10 Procure to Pay (P2P)
Introduction
Procurement
Contract Management
Purchasing and Ordering
Procurement Reporting, Metrics and Analytics
Accounts Payable
Supplier Master File
Invoice Processing
Payment Process
Accounting Process
Customer Service
P-Cards
T&E
Chapter 11 Hire to Retire (H2R)
Introduction
Human Resources
Payroll
Chapter 12 Order to Cash (O2C)
Introduction
Order to Cash (O2C) Process Flow Diagram
Sales
Customer Master File
Credit Analysis
Order Fulfilment and Invoicing
Accounts Receivable and Collections
Cash Application and Management
O2C Reporting, Analytics and Metrics
PART 3
SECTION 6: FINANCIAL OPERATIONS RISK
SECTION INTRODUCTION
Chapter 13 THE RECORD TO REPORT (R2R) PROCESS
Chapter 14 BUDGETS AND FORECASTS
CAPITAL BUDGETS AND FIXED ASSETS
Chapter 15 THE SUPPLY CHAIN PROCESS AND INVENTORY CONTROL
Chapter 16 THE TREASURY AND CASH MANAGEMENT PROCESS
Chapter 17 SHARED SERVICES AND BUSINESS PROCESS OUTSOURCING (BPO)
Chapter 18 DATA VALIDATION,ANALYTICS, METRICS AND BENCHMARKING
SECTION 7: IT RISK
SECTION INTRODUCTION
Chapter 19 INFORMATION TECHNOLOGY (IT) CONTROLS AND CYBERSECURITY
SECTION 8: SECURITY AND BUSINESS CONTINIUTY RISK
SECTION INTRODUCTION
Chapter 20 BUSINESS CONTINUTY AND PHYSICAL SECURITY
Business Continuity
Physical Security
SECTION 9: LEADERSHIP AND CHANGE MANAGEMENT RISK
SECTION INTRODUCTION
Chapter 21 LEADERSHIP AND MANAGING CHANGE
Chapter 22 TRENDS, PROCESS TRANSFORMATION AND DIGTIZATION
Roadmap for Process Transformation
PART 4
SECTION 11 – ADDENDUM
Table of Controller's Tools
Key Performance Indicator (KPI) Library
SECTION 10 – GLOSSARY
Index
