Upload
muhammad-zubair
View
35
Download
2
Tags:
Embed Size (px)
DESCRIPTION
sdfs
Citation preview
1
Emaar Industries & Investments (EII)Internal Audit
Mammut Building SystemsBalance Sheet & Internal Controls Review
Scope
EII Internal Audit conducted a review of Mammut Building Systems (MBS) operations pursuant to the 2008 Internal Audit Plan. The purposes of the review were:
Assessment of key internal controls over operations and compliance Review of Balance Sheet as at 30th September 2008 Assessment of internal controls over financial reporting
EII Internal Audit visited MBS office in Hamriyah Free Zone, Sharjah. The review was conducted during the months of October, November and December 2008.
EII Internal Audit procedures included interviews with MBS management and staff, walkthrough of key operational and financial reporting processes and transaction testing ona sample basis.
EII Internal Audit reviewed sample key processes including Entity Level Controls, Sales and Debtors Management, Customer Service, Estimation, Engineering, Production,Quality Assurance & Quality Control, Waste Management, Maintenance and Facilities Management, Procurement, Inventory Management, Shipping, Accounts and Finance,Capital Expenditure Decision, Human Resource Management and Information Technology and Systems.
EII Audit findings and recommendations were discussed with various personnel from MBS on an ongoing basis during the progress of the assignment. The findings were alsodiscussed with the MD. The list of key personnel is provided in Appendix 4.1. The audit report was further discussed with MBS Executive Committee and action plans havebeen drawn to remediate the control deficiencies and address the audit recommendations. A follow up audit will be conducted after 6 months of issuing the final draft of thereport.
Company Overview
Mammut Building Systems was established in 1997 to fulfill the demand for quality pre-engineered steel structure buildings and polyurethane sandwich panels and is now aleading player in the region for pre-engineered steel buildings. The financial results for the company for the last three years are summarized below:
Million AEDYear 2006 2007 2008
Revenue(AED)
243.18 317.75 332.41
Profit 18.85 14.22 17.21Profit
percentage toRevenue
8% 4% 5%
2
The company’s order book for the past three years stood as follows:
The growth in revenue, profitability and order book has been marginal. Further, as a result of our review we learnt that although efforts were made for system improvement in
terms of implementation of ORACLE ERP system and other related efforts, it did not bring in the desired improvement. Currently, there are systemic problems which need to
be addressed on an urgent basis. There are deficiencies in the design as well as in the operative effectiveness of controls. A lot of work needs to be done pertaining to Policies
& Procedures, Delegation of Authorities and defining Roles & Responsibilities with clarity. As of now, reporting mechanisms are inconsistent and processes are largely driven
by individuals. Keeping in mind the current economic scenario, it is the most opportune time for the company to bring in fundamental changes and to make the systems robust
enough to sustain the growth in the future. This report is an attempt to facilitate that process. Our key findings are summarized below:
Key Findings:
S. No. Areas Key Findings
1. Entity Level Controls
Although business plan has been prepared as per the management requirements and contains the desired elements, but certainaspects pertaining to assignment of roles and responsibilities, budget vs. actual analysis, etc have not been addressed.
The risks associated with effective financial reporting and achievement of business objectives, have not been assessed. Further,the company does not have a Business Continuity Plan.
A detailed Organization Structure, Authority Lines and Job Profiles are still to be defined completely. Further, mechanism toassess and monitor appropriate levels of resources for the key elements of the organisation is also not in place.
Employees may act in an unethical manner with legal, regulatory or reputational repercussions for themselves and/or companydue to the absence of Business Code of Conduct to instill integrity and ethics among the employees.
System access mechanism in terms of identification of financially critical systems and associated authorities and review of userprofiles are not defined.
Security management guidelines in terms of defined responsibilities for physical security of production and office assets,protection of financial data, pre-appointment screening of employees and protection of sensitive business information in not inplace.
Heath and safety measures like placing of emergency contact numbers and availability of employee health check ups have not
Million AED
Year 2006 2007 2008
Contract Value(AED)
613.68 602.18 653.88
3
S. No. Areas Key Findings
been considered.
At the feasibility study stage of the capital expenditure decision there is no provision for the review for environmental impact ofthe capital project prior to approval
Record Retention Policy is not available on record covering both paper and electronic records.
Company does not have a Data Protection Policy or guidelines or equivalent, covering personal data whether relating toemployees, suppliers or customers.
2.Sales and Debtors
Management
Amendments to the Customer Master Database are not authorized due to the absence of a signatory list. The Customer MasterDatabase is not reviewed periodically and customer details are not complete.
A documented policy for discounts does not exist and a high percentage of debtors have balances outstanding for over 180 and360 days. The accounting system is underutilized as debtors ageing is still prepared manually in excel worksheet.
Delays were noted in the communication of Invoices to the Bank for negotiation largely because of the delay by the customer inthe approval of delivery note as mentioned in the Letter of Credit terms. No rack was kept of such delays in order to monitorand control such delays.
3.Customer Service,
Estimation, Engineering,Production and QA/QC
The Job Acceptance Form (JAF) was not approved properly and timely in some cases and in other cases the JAF could not belocated. The JAF was not always updated to reflect changes to the contract.
A documented policy for the approval of the Project Information Form (PIF) does not exist. The PIF was not signed-off by thepreparer and was not properly approved. Currently, the PIF is not integrated with the ERP system.
Guideline for describing the issuance, importance and interpretation of Raw Material List (RML) does not exist. The RML is abroad estimate based on approval drawings or drawings forwarded to the customer, which results in inefficiencies fromincreased manual effort in material requirement planning. In some cases, the RML was issued before the approval drawingswere approved by the customer.
In-house benchmarks for performance and cycle time for each department pertaining to various stages of engineering drawings,production and dispatch have not been established.
A mechanism to assess job wise throughput versus standard and to perform a comparison of job wise actual waste versusstandard waste does not exist. There is also no mechanism in place to perform machine wise efficiency analysis, work-in-process analysis and job wise margin monitoring.
The quality plan section of the PIF was not always populated resulting in confusion on which quality plan was to be followed.
4
S. No. Areas Key Findings
Urgent Material Requests (UMR) is tracked manually instead of utilizing the ERP system. There is no mechanism in place totrack UMR costs as a whole and in some cases material issued to complete the UMR was not booked against that UMR in thesystem.
4. Waste ManagementThe company does not have a weight bridge on the premises and trucks carrying scrap material are sent elsewhere for beingweighed which may result in pilferage. Scrap is not stored in a demarcated area.
5.Maintenance and Facilities
Management
The C Works software implemented for maintenance management crashed about ten times. The system functionality ofgenerating detailed work order report has not been utilised in the past. Further, there were mismatches in the work order reportgenerated from the system and the physical work orders kept as an evidence of maintenance performed.
As a part of maintenance planning and analysis no budgets have been prepared for the maintenance department and recordscapturing machine-wise material and labor cost are not available. The preventive maintenance schedules have not beenimplemented properly and also contain errors.
The responsibilities for generation and approval of work orders pertaining to breakdown maintenance is not defined. Althoughthe work order is generated in the system, a copy of the same is not printed out, signed off and filled.
6. Procurement
There is an absence of documented criterion to select vendors and suppliers, there is no procurement policy, price comparisonrecords were manual, and costing is tentative. Further the there are about 460 vendors with which the company deals. Of thesetop twenty vendors fulfill 71% of total purchases and the balance 441 fulfill remaining 29%.
Currently the basis of evaluation of individual suppliers is subjective and not scientific. Further there is no defined periodicityfor the same supported by periodic visits to suppliers’ premises.
Currently, the authorities for raising purchase requisition for goods and services are not defined. The ORACLE ERP systemallows raising POs without purchase requisitions. Further, no periodic exercise is done to assess open POs and their systematicclosure.
It is not defined as to who will approve the payment requests without PO made by Finance Manager and MD. Proposedpayment lists are not generated before a payment run. There is no written policy for cheque access, storage and usage. Chequeissue log is also not maintained. Supplier reconciliation is not done on a periodic basis. Further, the ORACLE ERP system doesnot generated a creditors ageing report.
7. Inventory Management
A dedicated inventory management team does not exist. Stores are not centralized with a layout plan and are not mapped in theERP system. There is a lack of a well defined hygiene and staking norms. A perpetual inventory system and continuous stocktaking system has not been implemented. No evidence of adhering to the FIFO principle is available particularly in case ofmaterials having a shelf life. There is no mechanism in place for tracking unloading time and expired materials.
5
S. No. Areas Key Findings
The ISO procedure does not specify guidelines for technical inspection and its periodicity. Rejected materials are neithertracked nor kept in a designated area. Rejected materials are not re-inspected before being returned to the supplier.
A well defined physical verification procedure does not exist. Guidelines are not available for the preparation of stockverification report, or for the verification, final authorization and approval of adjustments.
ABC classification of inventory is not performed and inventory levels have not been defined. The ERP system does notgenerate an inventory ageing report. Therefore, non-moving and slow-moving items cannot be identified and valued.
8. Shipping
There is no documented policy for transporter appointment, evaluation, and selection. Further, there has been over dependenceon one transporter found.
There is absence of a well documented procedure defining the parameters for the performance evaluation of the transporters.The existing procedure is not objective in nature.
Formal agreements between the company and the transporter, stating the terms and conditions of both the parties are not
present. As of now quotation / rate list sent by the transporter and approved by authorized signatory is considered as a contract.
The Loading report is not signed by the checker due to oversight. Proof of delivery is not obtained in certain cases due to
absence of authorized personnel of the customer at the client site. Destination-wise transit periods are not defined and formally
approved by both the parties in form of a contract.
A mechanism to monitor and control demurrage charges does not exist. Demurrage Charges for incoming materials have been
accounted for under two different heads instead of one. Further, freight Charges which could be clearly identified as demurrage
charges according to descriptions of transactions amounted to AED 0.12 million. This could be much more.
9. Accounts and Finance
A documented policy for the control of the chart of accounts does not exist and there is a lack of a standardized process foramending the chart of accounts. There is no delegation of authority for the approval of payments and most of the non-standardjournal entries lack proper supporting documentation.
Bank reconciliations are not prepared and reviewed on a periodic basis and the company accounts are updated based on thebank statements.
10.Capital Expenditure
Decision
A documented policy for Capital Budgeting does not exist and responsibility for this process is not assigned within thecompany. The review of budgeted vs. actual expenses and analysis of variances is not documented and the execution andcompletion of capital expenditure projects is not reviewed periodically in order to assess as to whether the desired benefit wasobtained.
An approved vendor list for capital purchases does not exist and quotations were not always obtained for capital expenditures.
6
S. No. Areas Key Findings
In most of the cases, a NPV/IRR/Payback period analysis was not performed, capital expenditure requests and purchase orderscould not be located, and the purchase orders were not approved. Some assets were put to use but were not capitalized.
A documented policy for fixed assets does not exist. In some cases, fixed assets purchased were neither capitalized norrecorded in the Fixed Assets Register and their costs could not be tracked. Depreciation was calculated without taking intoaccount the relevant useful lives and usage of machines. Insurance was obtained based on the net book value of the fixed assetswhich may result in overspending.
11.Human Resource
Management
Currently, planning and budgeting is not done in the HR department. Although a projection of salaries and benefits / allowancesis done as a part of annual business plan for which there are no assumptions available on record, the same is not done inconjunction with the department. Although Future Process Model is available on record the same is yet to be implemented andas of now company is following the HR procedures set in 2006.
Alignment of the recruitment activity to the business plan can not be ascertained. A staffing plan neither is in place nor is the
staffing requirements monitored, including anticipated organizational changes. A detailed organization chart is not available on
record. Further, there were gaps in the documents maintained in employee personal files.
Overall workforce capability requirements are not assessed. Over-reliance on key individuals is not identified and succession
plans are not in place for key positions. Job descriptions along with key performance indicators are still to be defined for all
levels. A well defined training program has not been formulated.
There is absence of measurements of employee productivity and mechanism for renewal of visa and passport.
There is absence of grievance procedures, audit of disciplinary procedures, and other discipline regulating mechanisms.
12.Information Technology
and Systems
Although an IT policy exists at the group level, there was no evidence of extending the same policy to MBS. Disaster RecoveryPlan and Disaster Recovery Framework are in draft stage. Further, this is no defined and documented plan to assess and monitorthe physical and logical security of IT infrastructure.
It has been almost one year since the ORACLE ERP has gone live and AED 1.5 million of expenditure was spent on it.Nevertheless, it is still not stable and does not provide the desired support and results.
7
2 Detailed Observations & Recommendations
We have classified our observations into high, medium, low based on the following definition:
HighMatter noted constitutes an important control weakness where the potentialimpact is considered material for the business as a whole or any part of thebusiness and must be resolved.
MediumMatter noted constitutes an improvement to weakness in the current systemwhere some compensating controls exist but which are not as effective orefficient or where the potential impact is moderate.
LowNo matters noted that would indicate the current processes are notoperating effectively and efficiently as designed or where control weaknessis so minimal that potential impact if any is minor.
8
2.1. Entity Level Controls
Internal Audit Observations Management Response Management action planTimelines
1. Refinement of Business Performance Management
System
While reviewing the Business Performance Management system,
the following was noted:
Although a business plan is prepared containing management’s
profit forecast, balance sheet projections, operating cash flows
and SWOT analysis, the following elements were absent:
1. Assignment of Management responsibility for tracking
progress towards achievement of planned objectives and
goals.
2. Budgeted vs. actual analysis with root cause identification
for variances, competitor analysis and Key Performance
Indications (KPIs) to ensure all relevant issues are discussed
and addressed.
3. Setting of team and individual objectives within the
company which are aligned to and consistent with the
company's overall objectives as defined in the business plan.
4. Defining roles and responsibilities for the communication of
strategic plans within the company.
5. Long term or Medium term strategy outlining company
objectives.
Agreed 1.Will be added in the Budget 2010.
2. Already available in the MIS,however KPI will be considered infuture.
3Will be added in the Budget 2010.
4 Will be added
5. Already available in the plan.
30 September 2009
2. Absence of Risk Identification and Management Systemand BCP
While reviewing the Risk Management initiatives at MBS, the
following came to light:
Agreed Data disaster recovery planavailable which is a part of BCP,however, complete plan will befinalized as per EII guidelines andpresent to EXCOM.for approval.
30 September 2009
9
Internal Audit Observations Management Response Management action planTimelines
1. Risks pertaining to key processes having a direct impact on
effective financial reporting have not yet been identified.
2. Risks to the achievement of business objectives have not
been identified.
3. There are no evidences available on record of a crisis risk
assessment being performed to identify all crisis risks which
the business faces.
4. Business continuity analysis has not been carried out to
identify the minimum hardware, software and asset
requirements for all teams and functions.
5. A Business Continuity Plan (BCP) does not exists in order to
support the business, secure the necessary hardware,
software and assets to continue critical business processes
following a crisis or emergency situation (e.g. production,
sales order handling or financial reporting)
3. Weakness in Organization Structure
While assessing the basic framework and controls pertaining to
organization structure, following aspects were noted:
1. A detailed organization chart is not available on the records
as of now.
2. Roles and responsibilities of managers are not defined and
communicated to the relevant individuals.
3. A mechanism to assess and monitor appropriate levels of
resources to support key elements of the organizational viz.
finance, operations, IS, treasury, and human resources is not
in place.
4. A well defined statement of authority is not available on
record.
1. Agreed but available sinceOctober 2008.
2. Agreed.
3. Agreed.
4. Agreed
1. Organization chart isavailable.
2. HR will define the roles &responsibilities & forwardto all Managers.
3. HR will set themechanism.
4. DOA document isavailable at MammutGroup Level and will be
N.A
30 September 2009
30 September 2009
31 July 2009
10
Internal Audit Observations Management Response Management action planTimelines
5. Performance goals for individuals are not defined clearly
6. Job profiles are not available for all levels.
5. Agreed.
6. Agreed but available sinceNovember 2008.
implemented afterpresentation to EXCOMand approved by the BOD
5. HR will define the goals.
6. Job Profiles are available.
August 31,2009
4. Absence of Policy and Procedure Manuals andDelegation of Authority Matrix
There are three fundamental components of internal controlenvironment viz. policies and procedures frame work,delegation of authority including financial delegation andsegregation of duties in key functions.
Currently the company does not have well defined policyand procedures manual, delegation of authority matrix andprocess wise Segregation of Duty (DoA) rules.
DOA for business routine is established but the same is notdocumented and approved by the Board.
Agreed. DOA document is available atMammut Group Level and will beimplemented after presentation toEXCOM and approved by BOD.Job descriptions of key functionsavailable and already defined.
31 July 2009
5. Mechanism to Instill Integrity and Ethics
While assessing the mechanism to instill integrity and ethics
among the employees, the following was revealed:
1. Presently the company does not have a code of conduct
setting out required standards of integrity and ethical
behavior along with the employee signoff as a part of the
contract.
AgreedCode of conduct will beimplemented and circulated to allemployees.
July 31, 2009.
11
Internal Audit Observations Management Response Management action planTimelines
2. The Company does not have an appropriate channel like a
helpline for reporting ethical violations or any incidence of
fraud.
No evidences are available on record indicating allocation of
overall responsibility to specific members of senior management
for compliance with legislation and regulatory laws.
Agreed A committee will be formed toreport ethical violations etc.HR/Admin department isresponsible for compliance ofregulatory laws.
N.A
6. Identification and Access Control to Critical FinancialSystems
While reviewing the system access mechanism, the following
was observed:
1. Critical financial systems have not been identified. Critical
financial systems are those which directly influence the
recording, processing and reporting financial information
and statements.
2. The company does not have a well defined and documented
statement of authorities which may facilitate granting of
access to the said systems. Currently the same is done as per
the approval of the line manager.
3. There is no system of reviewing the user profile for
segregation of duties at the time of new, revised or
composite user profiles (within critical financial systems).
1. Disagreed, Critical financialsystems are defined (All ERP).
2. Agreed despite it is built up in tothe system yet the documentationis required.
3. Agreed , All users’ accesshandled by Support Desk withapproval from departmentmanager; however separaterequest form will be created forthe purpose.
N.A
Process is in place to bedocumented.
Separate request form will becreated
N.A
30 June 2009
Immediate
7. Security Management Guidelines
Following was observed pertaining to the key security
management aspects:
12
Internal Audit Observations Management Response Management action planTimelines
1. Responsibility for physical security of production/office
premises and adequate protection of assets and financial data
based on the risk environment in each of the facilities is not
defined clearly and also not assigned to a member of senior
management.
2. There is no system of pre-appointment screening of all
prospective employees, both permanent and temporary, who
are being considered for any positions in the company.
3. As of now there are no guidelines available on record for the
protection of sensitive business information (hardcopy,
electronic message, or voice communication) when
transmitted internally, externally, and at disposal.
1. Agreed
2. Agreed
3. Agreed
1. HR Manager with MD willdefine the guidelines.
2. HR & Admin will set theprocedure for screening.
3. HR/Admin Manager withMD will set the guidelines.
30th Sep 2009
July 31st -2009
Sept 30th -2009
8. Control Gaps in Health Management
While reviewing the occupational health and safety aspects, it
was revealed that, although the factory has a fulltime male nurse,
there is no activity in place to ensure regular health checkup of
the employees, specially the employees at the shop floor.
Disagreed, Employees alreadycovered under insurance. Workershave health card from Ministry ofHealth. However, thisrecommendation will be consideredonce company will be in a position toafford it.
N.A N.A
9. Environmental Review of Capital Projects
At the feasibility study stage of the capital expenditure decisionthere is no provision for the review for environmental impact ofthe capital project prior to approval.
AgreedGuidelines are available in ISO14000 and we will add this area inCAPEX approval form.
Immediate.
10. Record Retention Policy
Although record retention norms have been defined for most of
the functions as a part of ISO procedures, same has not been done
for Finance Department as yet. Further, there is no detailed
Agreed Entity level Policy for recordretention will be documented
31 July 2009
13
Internal Audit Observations Management Response Management action planTimelines
entity-level policy for record retention..
11. Absence of Data Protection Policy
Currently the company does not have a Data Protection Policy or
guidelines or equivalent covering personal data whether relating
to employees, suppliers or customers.
Agreed MD with Group IT Director willdefine the policy.
30 June 2009
14
2.2 Sales and Debtors Management
Internal Audit Observations Management Response Management action planTimelines
1. Customer Master Database
During the review of Customer Master Database, the following
observations were made:
1. Absence of signatory lists for additions and amendments to
customer master data.
2. Presence of invalid / irrelevant customer entries.
Name Code Status
Misc Clients 1119 Active
Do Not Use Ever 1561 Inactive
Do Not Use Ever 1562 Inactive
Do Not Use Ever 1563 Inactive
Dummy Customer 1602 Active
Do not Use2 1603 Inactive
Do not use 1644 Active
Do not use 1828 Inactive
Do Not 2657 Active
On a review of the active invalid accounts, it was revealed that three
accounts out of four, did not have any transactions during the period
1-Jan-08 to 31-Dec-08. One account (Code: 1119, Name: Misc
Clients), had 5 transactions during the same period. Details of the
transactions are given below:
The company was not able to provide supporting documents
justifying the transactions mentioned above.
1. Agreed
2. Agreed
1. Signatory list will be created.
2. Will be rectified.
August 31,2009
30 June 2009
15
Internal Audit Observations Management Response Management action planTimelines
3. Absence of periodic review of amendments to Customer Master
Database.
4. Incomplete details such as billing and shipping address in
Customer Master Database.
3. Agreed
4. Agreed.
3. Will set a process for periodicalreview.
4. Will complete as soon as possible.
2. Control Gaps in Discount Policy And Debtors AgeingAnalysis
It was observed that no documented discount policy exists outlining
the basis on which discounts are to be approved and awarded.
A review of the debtors ageing as on 30-Jun-08 revealed the
following:
1. Alfa Industrial Refrigeration (Code: 151044) is a debtor in the
books of accounts with an outstanding balance of AED 789,920.
After discussion with finance personnel it was revealed that, the
Letter of Credit for this customer had been obtained under the
joint bank account of Mammut Industries and MBS (Account
no.: 0800-012815-001) with Al Ahli Bank. Later, this account
was handed over to Mammut Industries as part of the
consolidation process in MBS after investment by Emaar
Industries and Investments. The payment had been received
from the customer in this account on 10-Apr-08 but inter-
company settlement has not taken place till now. This amount
will be settled against proposed dividend in the year 2008.
2. Although the Oracle has the facility to generate debtors ageing
report, but currently the same is prepared manually in an excel
workbook.
Disagreed, discount policydepends upon the area, marketsituation, jobs complexity, ordersize etc. It varies from case tocase which can not bestandardized.
1. Agreed
2. Agreed but Debtorsaging available sinceDecember 2008 whichneeds to be monitored.
1. Adjusted in December 2008.
2. Debtors’ aging will be monitoredon a regular basis.
N.A
Immediate
Immediate
16
Internal Audit Observations Management Response Management action planTimelines
3. 28.58% of the debtors have balance outstanding for more than
360 days and 52.23% of the debtors have outstanding balance
for more than 180 days. A summary of debtors aging is
mentioned below:
Age GroupsValue(AED)
PercentageCumulativ
ePercentage
0 - 90 DAYS26,298,73
633.32% -
91 - 180 DAYS11,402,29
814.45% 33.32%
180 - 360 DAYS18,666,02
723.65% 47.77%
ABOVE 360 DAYS22,552,34
028.58% 71.42%
TOTAL78,919,43
0100% 100%
4. Although a control over retention receivables is kept, debtors
ageing report is inclusive of retentions receivables. Due to this,
the report may be misleading and may not present a true picture
of the outstanding amount.
3&4. Agreed 3&4 . Above 360 balances of22,552,340 include provision for baddebts 12,981,242. Most of the salesare secured against documents. Thetotal outstanding is 15% of total sales.
Retentions part wherever applicablewill be maintained separately.However all efforts will be made toimprove the recovery from variouscustomers.
Immediate(DebtorAging)
31 July 2009(RetentionSeparation)
3. Control Gaps in the Invoicing Process
Most of the jobs undertaken by the company are covered by a Letter
of Credit (LC). Invoices are sent to the bank for negotiation on
completion of shipping of a phase of the project.
AgreedThe delays are under normal course ofbusiness. Mostly it is happening for exportbecause the time for sending material toother countries & getting signed deliverynote is required much more time as
Immediate
17
Internal Audit Observations Management Response Management action planTimelines
During the review of the invoicing activity for three jobs, it was
observed that invoices have not been communicated to the bank for
negotiations on time.
On the basis of the discussion with the treasury manager, it was
learnt that the delay was due to a clause in the Letter of Credit (LC)
agreement which allowed the raising of invoices against the LC only
after the customer signed the delivery note.
It is to be noted here that neither the date of signing the Delivery
Note or receipt of signed Delivery Note by the company has been
documented anywhere. Hence the cause of delays cannot be known.
compare to local sales. We track withcustomers regularly.We will try to reduce the time forsubmission of invoices.
4. Absence of Provisioning Policy for Receivables
No documented policy exists to make provisions for bad and
doubtful debts. Currently it is being done on the basis of discussions
with external auditors and has a very subjective basis.
Agreed. Provision policy will be defined anddocumented. Debtors will be reconciledperiodically.
15 August 2009
5. Absence of Debtors' Reconciliation
Debtors' reconciliation is not performed at all by the accounts
department. At the time of external audit, only confirmation letters
are sent to debtors. Also, treasury department and accounts
department maintain separate records for debtors which are
reconciled at the end of every month. Hence, an inter-department
reconciliation is carried out.
Agreed In future, Debtors records will bereconciled between two departments on amonthly basis.
15 August 2009
6. Absence of Documented Revenue Recognition Policy
During discussion with the finance personnel, it was revealed that a
documented revenue recognition policy does not exist in the
company.
Currently, revenue recognition is done on the basis of invoices
raised to customers. All the projects undertaken by the company are
Agreed. Revenue recognition policy will be defined& documented in accounting and financemanual.
15 August 2009
18
Internal Audit Observations Management Response Management action planTimelines
covered under LCs. When shipping for a segment of the project is
complete, a 'Shipping Completion Certificate' is issued by the
shipping department. On receiving the certificate, the accounts
department raises the invoice for the shipped material and
communicates the same to the bank for negotiation. Revenue is
booked on the date when the invoice is raised.
19
1.3 Customer Service, Estimation, Engineering, Production and QA/QC
Internal Audit Observations Management Response Management action planTimelines
1. Control Gaps in Creation and Approval of Job AcceptanceForm (JAF)
Job Acceptance Form (JAF) is created after the completion of
estimation process and contains important information regarding the
job such as total estimated tonnage, mark-up on the cost, final price to
be charged to the customer and payment conditions. This important
document is reviewed by the area office manager and approved by the
sales manager.
During a review of the creation and issuance of Job Acceptance Form
(JAF) for 16 selected jobs, following was revealed:
1. JAF was not signed by sales manager in 3 cases:
2. JAF was
not
available for job OM-1667 (EURO 23,353,974).
3. Date of approval of JAF by sales manager was not mentioned on
the document for job QA-2187 (Contract Price: 4,920,000 QAR)
and QA-1021 (Contract Price: 4,550,000 QAR).
4. The contract price for job QA-2187 was revised to QAR
4,450,000 from QAR 4,210,000 on 28-Apr-08 but the JAF has
Job
NumberJAF Date
Total Price
(AED)
AE3-2084 17-Jun-08 7,496,000
AE1-2334Not
Mentioned8,100,000
PK-2140 30-Aug-08 18,014,806
1. Agreed.
2. Disagreed with observation,document is available forinspections.
3. Agreed.
4. Agreed.
1. In future General sales managerwill sign all JAF.
N.A
Rectified.
Rectified.
31 July 2009
N.A
Immediate
Immediate
20
Internal Audit Observations Management Response Management action planTimelines
not been updated to reflect the change.
5. JAF for the job QA-1021 dated 7-Jul-05 has been changed /
updated manually using a pen and there are no evidences of
approval of the modification.
5. Agreed. Rectified.Immediate
2. Control gaps in Generation and Approval of ProjectInformation Form (PIF)
Project Information Form (PIF) is created for each job after it is
accepted and is used as an information repository for all the
departments regarding that project. It consists of two parts; General
Data Sheet (GDS) and BDS (Building Data Sheet). GDS contains all
the general information regarding the job such as, name of client, total
tonnage and payment terms. BDS contains technical information
about each building in the project.
During a review of PIF of 16 selected jobs, the following was
revealed:
1. PIF created for each job was neither signed off with date by the
customer service manager nor signed off by the person who
prepared it, for all the selected jobs. This leads to the conclusion
that the approval activity for the same is not in place, although it
was given to understand that the document is circulated through
e-mails to all the concerned people.
2. PIF of each job is designed separately in Microsoft Excel and is
not integrated with the Oracle system. After discussions, it was
learnt that the Oracle system itself is not capable of handling such
technical data.
1. Agreed
2.Agreed
1. In future CSD Supervisor/Managerwill sign all PIF.
2. As agreed with the businesstechnical data will be stored in theePIF(Develop by PRD). Generaldata is stored in Oracle.
30 june 2009
30 june 2009
21
Internal Audit Observations Management Response Management action planTimelines
3. Control Gaps in Creation and Issuance of Raw Material List(RML)
1. Currently, there is a practice of making a broad estimate of
material requirement based on approval drawings. This results
into a raw material list (RML) which according to customer
service is an indicative figure and is meant to give a broad idea of
material requirement with an aim to facilitate Material
Requirement Planning (MRP). However, the same is taken as a
basis for MRP by Production Planning Department. Further, a
detailed Bill of Material is generated after the detailing stage but
by that time MRP is already complete. Following is a comparison
of RML and BOM tonnage for 8 jobs:
Sr. No.Job
Number
RMLTonnage
(MT)
BOM Tonnage(MT)
Difference(MT)
1 2172 1669.002 1677.77 - 8.768
2 1414 4295.443 4483.141 -187.698
3 2084 1000.746 885.477 115.269
4 2005 326.594 316.032 10.562
5 2071 104.034 98.222 5.812
6 2187 405.047 429.194 -24.147
7 2140 2937.882 2658.496 279.386
8 1021 700.374 758.42 -58.046
2. In certain cases, Raw Material List was issued before the
approval drawings were approved by the customer:
It to be noted that Raw Material List is prepared based on theapproval drawings.
JobNumber
RML DateDate of Approval
Drawings
AE3-2084 8-Apr-08 16-Jun-08
QA-1021 28-Aug-05, 21-Aug-05 23-Oct-05
1. Disagreed, All the material shouldbe managed with RML since deliveryperiod of any raw material is morethan three months where as the jobdelivery after approval drawing isnormally 1 1/2 to 2 months. So RMLcan help at great extend in inventoryplanning. Ordering pattern for anystandard inventory items dependsmainly on historical consumption andforecasted consumption againstavailable stock and incomingmaterials. For non standard inventoryitems RML should reflect 100%requirement in order to avoid anyexcess or less material during jobexecution. In general wheneverrevisions are requested by thecustomer, the RML also must reflectthe revised material requirement. Newpolicy implemented restricting RMLsfor forecasting raw material
Agreed.
N.A
In future we will follow the standardpractice.
N.A
Immediate
22
Internal Audit Observations Management Response Management action planTimelines
4. Through-put and Production Efficiency
Currently the production efficiency analysis is done based on the
comparison of quantity of scrap generated versus the production on a
monthly basis and arriving at a percentage for the same and there are
no benchmark percentages established for comparison.
As of now, there is no system / method in place to assess job wise
throughput versus standard comparison of job wise actual waste
versus standard waste. There is also no method in place to perform a
machine wise efficiency analysis on an ongoing basis.
Agreed These reports will be available once SCIAwill be implemented.
30 September 2009
5. Job-wise WIP Valuation and Margin Monitoring
There is no mechanism in place to conduct a job wise WIP analysis
against estimates and consequential margin monitoring. As of now,
only an over all assessment of profitability can be made at the year
end. Further, as there is no job wise estimation verses actual
comparison, no assessment can be made about the accuracy of the
project cost estimation.
It was given to understand that an MRP system is under
implementation which will facilitate the tracking of job WIP valuation
and margin monitoring. Currently the company if tackling the
integration of the MRP with the ORACLE ERP system.
Agreed This can be possible once SCIA will beimplemented.
30 September 2009
6. Absence of Performance Monitoring of Key Departments
A cycle-time analysis of 6 closed jobs revealed a varied range of time
taken for approval of drawings, finalization of detailing, production
and shipping:
But, currently it can not be commented as to whether the turn around
Disagreed, since it depends upon theinternal & external factors whichinfluence the period from 1 month to6 month, The standard cycle time hasbeen defined is 8 weeks for Jobsranging from 250mt to 500mt and it
N.A N.A
23
Internal Audit Observations Management Response Management action planTimelines
time mentioned is efficient or otherwise. Due to the absence of
internal benchmarks pertaining to the turn-around time at each stage,
the reasonableness of the same commented above can not be
ascertained.
varies depending upon the job volume& complexity.
7. Control Gaps in Quality Assurance and Quality CheckProcesses
During a review of Quality Assurance and Quality Check process for16 jobs, following was revealed:
1. Point number 6 of PIF pertaining to quality plan to be followed
was not populated in 2 out of 8 cases. It was given to understand
that if the same is not populated then the standard QC plan is
followed. In one of the projects pertaining to Qatar Petroleum,
with job number QA-1021, it was learnt that because of lack of
clarity about quality plan to be applied, the standard QC plan was
followed. Later on, it came to light that radiography test was to
be performed as part of quality plan and the same was done later
at client site. It was given to understand the PIF did not mention
the quality plan. The same can not be confirmed as the PIF is not
preserved as the project was more than one year old.
2. While reviewing the implementation of the quality assurance
process for 15 projects out of a sample of 16, it was found that
quality steps have not been followed in case of 7 projects.
Agreed In future we will follow the process. 31 July 2009
8. Inefficient Tracking of ‘Urgent Material Requests’ and HighAssociated Costs
During our review of 16 jobs, it was observed that additional material
was dispatched to customers after requests were received from their
end. This was done in either of the following situations:
• Loss of material in transit
24
Internal Audit Observations Management Response Management action planTimelines
• Defective / low quality material
• Damage to material during assembly
After a request for additional requirement is received from customer,
a document called Urgent Material Request (UMR) is generated by
the customer service department.
1. Till 2007, before the implementation of ORACLE, the ALPHA
system did facilitate the tracking and cost assessment of UMRs
Following is the summary of claims settled between 2005 to
2007:
S. No. Year Claim settled (AED)1 2005 2,627,904.112 2006 1,816,098.173 2007 2,446,593.51
2. During our review of UMRs generated from Feb-08 to Oct-08, it
was revealed that, post implementation of ORACLE, as of now,
the system functionalities have not been utilized fully to track the
same. Further, the status of the active UMRs and the associated
cost is tracked manually using an excel worksheet. Hence, it is
not tracked on a real-time basis and is prone to clerical errors.
3. During our review of UMRs generated for 16 selected projects,
following was revealed:
3.1 According to UMR No. C-06-1021, dated 23-Jul-06 (Job
number QA-1021), customer rejected purloins sent by the
company. This was due to the fact that they had white stains
on the surface and steel was rusty. Results of the third party
tests carried out by “Qatar Industrial Laboratories” were
negative and stated that the quality did not meet the ISO
1. Agreed
2. Disagreed, Job trackingreport is available to trackUMR & cost.
3. Agreed.
1. Oracle is supporting to generate thisinformation just we need topopulate data.
2. N.A
3. Separate account will be created tomonitor the cost as well as reportwill be developed for monitoring.
31 August 2009
N.A
31 August 2009
25
Internal Audit Observations Management Response Management action planTimelines
1461:1999 standard.
3.2 According to UMR No. C-05-1021, dated 23-Jul-06 (Job
number QA-1021), the length of the supplied stair tread was
wrong. It was stated that ‘It doesn’t fit the stringers’.
3.3 According to UMR dated 1-Mar-07 for job number QA-
1021, customer rejected the welding done on the material
and modifications were made by the company at the site.
3.4 According to UMR No. C-04-2005, dated 20-Jul-08 (Job
number AE2-2005), Mammut erection team had to conduct
modifications at site because of engineering detailing error
for the closer trims for the roof monitor and wrong supplied
door lock device.
3.5 According to UMR No. C-01-2005, dated 22-Apr-08 (Job
number AE2-2005), customer rejected the connection bolts
received from supplier ‘Al Rashed Fasteners’, due to quality
issues with the material. It was stated that ‘Customer
encountered problem of excess galvanizing at the threaded
end of the bolts’.
Further, total UMR cost for each of the 16 selected projects
could not be ascertained. On the basis of discussions it was
learnt that, the material issued to complete the urgent
material request, was not booked against that UMR / job in
the system and there is no mechanism to track UMR cost as
a whole.
26
2.4 Waste Management
Internal Audit Observations Management Response Management Action Plan Timelines
1. Weighing Bridge and House Keeping
While reviewing the process of waste and scrap management, we
noted the following:
1. Currently the company does not have a weighing bridge in the
premises. Due to this, the truck full of scrap material is to be
sent out side for weighing.
2. Although separate areas have been demarcated to keep the scrap
and rejected material, rejected material was not segregated from
usable raw material in certain areas.
1. Agreed.
2. Disagreed, Demarcated areafor all type of Scrap area isplace in years and recordsare well maintained. OnlyHazardous wastedemarcation area recentlycreated for ISO 14001
1. CAPEX for weighingbridge already approvedand will be ordered andinstalled into the demarkedarea.
2. N.A
31 August 2009
N.A
27
2.5 Maintenance and Facilities Management
Internal Audit Observations Management Response Management Action Plan Timelines
1. Maintenance Software Optimization
The maintenance management system namely “C Works” was
implemented by the company to facilitate the efficient management
of the maintenance function. It was observed that although it is a
single-user software, it has been used as a multi-user system in the
company. Following were observed:
1. Since implementation, the software has crashed about ten times,
the details pertaining to which are provided below:
Number*
Date ofSoftwareCrashing
1 18-Nov-07
2 4-Dec-07
3 12-Dec-07
4 5-Mar-08
5 27-Mar-08
6 3-Apr-08
7 17-Apr-08
8 5-May-08
9 16-Jul-08
10 10-Sep-08* The dates on which ITDepartment was notified ofthe breakdown
2. Neither the system functionality of generating a detailed work
order report has been utilised in the past nor has any analysis
been performed to assess the root causes of frequent break
downs.
1. Agreed
2. Disagreed, the system wasfunctional in generating thework orders but no hardcopy of the same wasgenerated to handover totechnicians. Technicianused the hard copy of PR
1. Initially, the cworks softwarehad a problem but now dailybackup is being taken as aroutine by IT department.
2. N.A
30 September 2009
N.A
28
Internal Audit Observations Management Response Management Action Plan Timelines
3. The work order files pertaining to preventive and breakdown
maintenance were not available prior to July, 2008.
4. While comparing the system generated work orders for 74
machines with the work orders report generated by the “C
Works” system, pertaining to the period July 2008 to October
2008 , the following was noticed:
a. Work orders pertaining to seven machines generated by the
“C Works” system did not reflect in the work order report
generated by the same system.
b. Similarly, some of the work orders pertaining to 21
machines were reflected in the system generated report but
were not present in the work order files.
which was manual printedcopy. The root cause ofthe frequent breakdownwas also always carried outbut lacked documentaryupdating.
3. Disagreed, The work ordergeneration started when thec works software wasadopted but before thatmanual data wasmaintained.
4. Agreed In the initial stage of implementationsoftware had a testing problem butlater it was resolved andimplementation has been doneproperly
1. Daily back up is beingtaken up
2. The system does havethe permanent recordretention. The properevaluation would bedone once interface willbe developed betweenC work software andORACLE system.
Immediate
2. Maintenance Planning and Analysis
While reviewing the planning and analysis aspects of maintenance
function, the following was revealed:
1. Annual budget has not been prepared for maintenance
29
Internal Audit Observations Management Response Management Action Plan Timelines
department. There were no documents available on records
evidencing capturing of machine-wise material and labour cost,
although down time is being captured since November 2007.
Further, there is no activity in place for adequate and accurate
reporting of cost and time related to maintenance.
2. History prior to November 2007 pertaining to preventive
maintenance, Machines breakdown maintenance and down time
is not available on record.
3. The preventive maintenance schedules have not been
implemented properly. Further, there are no documents
available on record evidencing periodic review of the same in
the light of breakdown history.
4. Preventive maintenance schedule included following errors:
4.1.The machine code was mentioned incorrectly in related
maintenance schedule
4.2 The frequency of maintenance was mentioned incorrectly
1. Agreed
2. Agreed
3. Partially agreed.
4. Agreed.
1. Cost centre wise budget will beprepared in future, howeveraccurate machine wise has beenresolved by updating the spareparts item categorization inoracle system.
2. Record is not available due tochange of system.
3. C WORKS was not available toretain the data. Preventivemaintenance schedule werebeing done properly but lackedrecording. It is now beingreviewed in weeklymaintenance co ordinationmeeting.
4. It has been reviewed andcorrected.
30 September 2009
3. Work Order Generation and Maintenance Execution
While reviewing the execution of maintenance jobs, following was
revealed:
1. The responsibilities for generation and approval of work orders
pertaining to breakdown maintenance is not defined. Although
the work order is generated in the system, a copy of the same is
not printed out, signed off and filled. It is to be noted that the “C
Works” software has crashed ten times in the recent past.
Further, there is no tracking and analysis done relating to
machine wise breakdown history.
1. Partially agreed. 1. The responsibility of workorder generation has beenassigned to three persons andpassword key has been issuedto them. The proper generationof work order s andimplementation is already ineffect. There is a machine
N.A
30
Internal Audit Observations Management Response Management Action Plan Timelines
2. A single work order is prepared for many machines in the same
category (noted in case of welding machines).
3. Most of the preventive maintenance checklists were neither
signed off by the technician as a proof of job done nor were
they signed off by the supervisor as a proof of job supervision.
4. Some preventive maintenance checklists were not attached
along with their related work orders.
5. Machines were not maintained at all although they were
scheduled to be maintained (ex: hydraulic Jacks and Fl 15) -
6. For the last two and half years, maintenance cost has been as
2. Agreed.
3. Agreed.
4. Agreed.
5. Disagreed, Machines ofsmall nature (hand tools)requiring no attention bythe technician have beenlooked after by the userhimself hence no recordneeds be maintained.
failure analysis available fromthe system for tracking.
2. This practice of generation ofwork order for same kind ofmachine for the same schedulewas adopted to save thestationary but now it is stoppedand each machine has its ownwork order generated.
3. It is already implemented nowthe checklist is copied at theback side of work order and it iscrossed and signed by theassigned technician.
4. Checklist is now printedbackside of the work orders.Also there are check listavailable on the machine itselfto sign off the checks.
5. N.A
N.A
N.A
N.A
N.A
31
Internal Audit Observations Management Response Management Action Plan Timelines
follows:
6.1 2006- AED 1 million (Apr 2006 to Mar 2007)
6.2 2007- AED 1.78 million (Apr2007 - Dec 2007)
6.3 2008- AED 0.82 million (Jan-Jun 2008)
An analysis of the maintenance record for the period 2007 to
October 2008 revealed the following:
1. Break down incidents for the most of the machines exceeds the
preventive maintenance performed. Break down cases were
66.7% of machines maintenance history.
2. Of the total breakdown cases, although action taken was
mentioned in 96% of the cases, the reasons for break down were
not provided in 78% cases.
6. Disagreed, Since eachmachine has many movingcomponents it is notpossible to attain 100%preventive maintenancecompletely especially whenmachines are very old.
Agreed
N.A
Record will be maintained.
N.A
31 July 2009
32
2.6 Procurement
Internal Audit Observations Management Response Management Action Plan Timelines
1. Vendor Initial Evaluation, Development and Price Validation
While reviewing the process of initial evaluation, development of
vendors and their selection for purchase decision, following was
observed:
1. Based on the PO listing obtained from the ORACLE ERP system,
the company has dealt with about 461 vendors in the last one year
to whom a total of AED 621 million worth of POs have been
raised. Top twenty suppliers have about 71% of total business
amounting to AED 442 million and the remaining 441 suppliers
have 29% of total business amounting to 179 million.
2. Currently there are no guidelines available on record to facilitate
vendor initial identification from a financial and technical
perspective. Further there no defined parameters for conduct a
financial and technical evaluation to decide as to whether to do
business with the vendor.
3. New vendor master is created when business needs to be done
with that vendor. As such, there is no vendor registration process
to help build a vendor data base. A list of vendors was created in
2008 consisting of suppliers for steel, production accessories and
consumables. This is a compilation of the suppliers with whom the
company has been dealing in the past.
4. There is no detailed Purchase Policy available on record.
5. Currently the decision to select a supplier and place order on the
same is entirely discretionary and is in taken by the Purchase
Manager.
6. There exists a guideline which prescribes that for purchase of
single item valuing AED 5000, one quote needs to be invited. For
Agreed Purchase policy will be written and allaspects will be covered.
15 August 2009
33
Internal Audit Observations Management Response Management Action Plan Timelines
purchase between AED 5000 to AED 10,000, two quotations
needs to be invites and for purchased above AED 10,000, three
quotes needs to be invited.
7. A manual price comparison is maintained by the Purchase
Manager, which also contains proposed and actual delivery dates
apart from the prices. It is maintained mainly for steel and bought
out items (sent along with various parts of the buliding and are
direct bought and not manufactured). Any counter bidding and
price negotiation is done entirely by the Purchase Manager.
8. Although market rates mobilized for various material and services
on a periodic basis to facilitate rate benchmarking, there is no
mechanism for developing internal costing to arrive at tentative
cost for purchase of material to facilitate negotiations.
2. Vendor Performance Evaluation
Currently a form does exist for assessing vendor performance across
ten parameters which are rated on point scale of 1 to 10. This rating is
done by the purchase manager based on his experience and dealing
with individual suppliers and actual performance data is not used to
carry out the evaluation. Hence the basis of evaluation is entirely
subjective and not scientific. Further there is no defined periodicity of
the performance evaluation exercise and there no plans to conduct
audit of suppliers’ facilities from a performance evaluation
perspective.
Disagreed, The selection/evaluation ofvendors is according to their reputations,quality of product, pricings, delivery etc.Most of the purchased from the steel millsdirectly instead from traders. All steel millsare internationally certified of their qualityplan.
N.A N.A
34
Internal Audit Observations Management Response Management Action Plan Timelines
3. Requisition and Purchase Order Management
While reviewing the Purchase Requisition (PR) to Purchase Order
(PO) cycle, following came to light:
1. The authorities for raising purchase request for goods and services
are not clearly defined in terms of named individuals responsible.
2. Currently the system allows raising of POs without valid Purchase
Requisitions. An analysis of PO listing and PR to PO report for
2008 revealed that 1263 POs were raised without PR. The value of
these PO was AED 179.49 million which is 29% of sum of all PO
raised amounting to AED 620 million.
3. The purchase department does not check to ensure as to whether it
is reasonable for the company to purchase the goods /services.
4. Currently, there was no activity done to assess the number of open
PO and there systematic closure.
5. The ORACLE ERP system does not generate a report showing
pending PRs.
1. Agreed.
2. Agreed
3. Disagreed, Purchasing departmentis always cross check insisting ofrequired good s with theoriginator of PR & approvalauthority. There are severalexamples present on the recordasking suchquestions/clarifications from theoriginator of PR.
4. Agreed
5. Agreed.
1. Management will define the limitauthority & person designated forpurpose.
2. In most of cases all Pos issuedagainst PRs except certainurgencies but in future all Poswill be issued against PRs,
3. N.A
4. Open POs will be reviewed everyquarter.
5. Report will be generated.
31 July 2009
31 July 2009
N.A
30 June 2009
30 June 2009
4. Invoice Processing, Payment and Creditors Analysis
35
Internal Audit Observations Management Response Management Action Plan Timelines
While reviewing the invoice processing and creditors analysis,
following was revealed:
1. Currently all payment request without PO or Invoice is to be
approved by the MD and the Finance Manager. In case, such a
payment request is made by the MD or Finance Manager, it is not
defined as to who will approve the same
2. No proposed payment listings are prepared for each payment run
showing payee and amounts to be paid. There are no provisions
for the authorisation of the same by s Senior Manager. Currently,
it is based on requests received from purchase department,
individual experience and suppliers' follow up call.
3. Currently there is no written policy for cheque access, storage and
usage. Functionally the emirates bank cheque book is in the
custody of the Sr. Accountant who processes payments. The
remaining cheque books pertaining to twelve banks are in the
custody of treasury department. In the absence of the Sr.
Accountant, the same are kept in the custody of Finance Manager.
There is no segregation between the person issuing cheques and
the person keeping cheque books.
4. No cheque log is maintained detailing cheque numbers issued, the
first and last cheque number used for each payment run and
cheque numbers of cancelled or returned cheques.
5. The supplier statements are not obtained on a regular basis from
selected top suppliers, as agreed by the Procurement Head and the
same are not reconciled to the Accounts payable ledger balances.
1. Agreed
2. Agreed
3. Agreed
4. Agreed
5. Agreed
1. Procedure will be defined,however all payments pertainto Finance Manager or MD ofthe company signed by theGroup’s authorized banksignatories.
2. Finance department will startthe same procedure with thehelp of purchase department.
3. Policy will be defined &documented.
4. Finance will maintain logbook.
5. Reconciliation is preparedwith supplier on monthlybasis.
1. Immediate
2. 30 June 2009
3. 31 August 2009
4. 30 June 2009
5. Immediate.
36
Internal Audit Observations Management Response Management Action Plan Timelines
6. No report is produced on a periodic basis to show all POs raised
using One Time Vendor accounts and sent to the relevant
managers for review. Further there is no process in place to review
the PO's raised on the one time vendor account to ensure that all
purchases are valid and any vendors that have been used more
than an agreed amount are entered onto the Vendor Master File.
7. Currently the ORACLE ERP system cannot generate a creditors
aging report.
6. Agreed
7. Agreed but now available
6. Report will be developed inERP(Oracle). As alreadymentioned all open Pos willbe reviewed quarterly.
7. Creditors aging is available inERP(Oracle) and need tocheck accuracy.
6. 31 August 2009
Immediate
5. Weakness in Vendor Management
A review of the vendor management process revealed that:
1. There is no documentary evidence available to substantiate howsuppliers were financially or technically evaluated and approvedprior to being added to the approved supplier list and used. Thereis no proof of any financial bid evaluation conducted.
2. There is no formal vendor code creation form used by thecompany. Hence, no documented approval process exists.
3. Approval procedure pertaining to the set up of new vendors in thesystem is not present.
4. Duplicate vendor codes are present in the vendor master whichposes the risk of duplicate/ unauthorized payments.
1. Disagreed, Almost all vendors’related to regular materialpurchased and most of areinternational reputed steel mills.
2. Agreed.
3. Agreed.
4. Agreed.
1. N.A
2. Procedure will be defined.
3. Procedure will be defined.
4. This is system error. We willrectify in future.
N.A
31 August 2009
31 August 2009
31 August 2009
37
Internal Audit Observations Management Response Management Action Plan Timelines
5. 2 invalid entries exist in the vendor master.
6. Vendor evaluation is not performed
5. Agreed.
6. Disagreed, company follow ISOfor vendor evaluation
5. It will be rectified.
6. N.A
Immediate
N.A
6. Weaknesses in the Ordering Process
A sample of 14 invoices were selected during the period Jan-08 toDec08 and reviewed as per the ordering process present in thecompany. During the review it was observed that:
1. No quotations were invited in 1 case. (PO No.: 4171, Amount:175,740.60). A previously approved price list was used to place theorder.
2. Only 1 quotation was obtained in 4 cases.
3. In 2 cases, PO was not approved as per the authority matrix whichwas in effect from 3-Nov-08.
4. In 2 cases, duplicate POs were created. Old PO was created andapproval of Purchase Manager was obtained. But later, the PO detailswere changed and a new PO with the same PO number was created.Old PO was not stamped as 'Cancelled'. Approvals as per the authoritymatrix were obtained on the new POs.
1. Agreed but this is repeated orderfor standard stock paints fromapproved supplier
2. Agreed because only singlesupplier/source is available forthese items
3. Agreed, this was a transitionperiod from previous approvalhierarchy of Pos and newhierarchy of Pos otherwise systemcan not allow issuing PO withoutapproval of all authorities definedin the approval hierarchy.
4. Disagreed, these are only revisionfor original PO’s. We cannotcancel original PO. In case wecancel the original PO number fornew PO will be new.
1. Clarified.
2. Clarified.
3. Clarified.
4. N.A
N.A
N.A
Immediate
N.A
38
Internal Audit Observations Management Response Management Action Plan Timelines
7. Control Gaps in Vendor Creation Process
During our review of vendor creation process, it was observed that:
1. Defined policies and procedures for the creation of vendors in thesystem do not exist. Currently, when a new supplier is selected forpurchase, purchase manager approves the quotation/ companyprofile of the vendor and the same is used to enter the new vendorin the system by the procurement personnel.
2. Many users in the company have access to create vendors in thesystem. A list of the users is provided below.
GTS Oracle Consultants - 4 users: These users are no longer withthe company. Their accounts remain in the system, but have beendeactivated.
Purchase Order Approver - 4 users: These users were initiallygiven this access before a specific MBS Purchase ApproversResponsibility had been set up in the system.
Purchase Requestor - 6 users: These users were initially given thisaccess before a specific MBS Purchase Requestor Responsibilityhad been set up in the system.
Purchase User - 4 users: These users belong to the PurchaseDepartment
Technical Support Team - 9 users: This access enables the ITteam to handle support queries and publish reports
Our discussion with IT personnel revealed that the responsibilitymatrix in place was designed, reviewed and agreed upon by the
1. Disagreed, New vendor is onlycreated whenever a new item orproduct is required otherwise weare already having our vendors forthe supply of standard materialwith specified specifications.Therefore creation of new vendorat the time of business is anecessity & Auditor’s point isinvalid.
2. Agreed
N.A
We will review this and take necessarysteps.
N.A
31 August 2009
39
Internal Audit Observations Management Response Management Action Plan Timelines
business with the help and guidance of the Oracle implementationpartners (GTS) prior to the system going live and these business userswere set up within the system at that time. As of now, the ITDepartment has provided access to the users based on the requests andapprovals from the concerned Department Manager. Now, it is realizedthat a more formal procedure is required to control system accessrequests. This requirement has been addressed by the plannedimplementation of a change request procedure. The entire process forcreating/ changing users in the system has been defined, includingrequests, review and approval.
8. Purchase of Chemical from Group Company
During our discussion with Finance personnel, it was revealed that achemical was purchased from Mammut Iran (A Mammut GroupCompany) in Aug-08. Details of the purchase are as follows:
Date of Purchase Order: 21-Aug-08Chemical Purchased: BAYMER TRIAL PRODUCT - POLYOL27HB03Total Quantity: 150,000 KgsRate (per Kg): EURO 1.83 (AED 10.49)Total Amount (EURO): 274,500 (AED 1,573,549)
1. Early expiry of chemical:It was learnt that, usually the chemical expires after about oneyear of purchase. However, as on 31st December 2008, somechemical purchased from Mammut Iran was about to expire in themonths of Jan-09 and Feb-09. Refer to the table below for details:
ItemExpiryDate
Quantity(Kgs)
Supplier
POLYOL B3 Jan-09 31,000 Mammut Iran
POLYOL B3 Feb-09 32,000 Mammut Iran
Rest of the chemical was consumed during this period.
Although chemicals can be expired inJan/Feb 2009 purchased in year 2008 but itcan be used after expiry as per lab testreport. In addition, manufacturing dates isultra conservative to avoid any liability.
Clarified. N.A
40
Internal Audit Observations Management Response Management Action Plan Timelines
The material was sent to the laboratory for testing, to find out if it canbe used even after the expiry date. The test results were positive andstated that even after expiry, the chemical can be used.
2. Purchase at market price:Even though the material purchased was expiring soon, it waspurchased at the market price rather than a discounted price. Referto the table below for comparison of rates with earlier purchasesmade for the same chemical :
Date SupplierPrice
(Per Kg)AED
26-Jan-08 Bayer Polymer 9.95
25-Mar-08 Bayer Polymer 9.95
25-Jun-08 Bayer Polymer 9.95
9. Hiring of Consultants Without the Approval of the Board
2 consultants, namely, Mr. Andre Collignon and Mr. Norbert Holtzem,had been appointed as external consultants to MBS for a period of 24months, starting from 1st October, 2008. As per the agreement dated30th September, 2008, both the consultants are paid a monthly sum ofEURO 15,100 and all operational expenses are reimbursed againstreceipts.
However, it is to be noted that, no approval from the Board or EII hasbeen obtained on this matter.
Also, the agreement between MBS and consultants does not specifythe objective of the assignment, scope of work and specificdeliverables to MBS.
The scope of work, deliverables and timingplan have been developed and issued toEXCOM.
The project was awarded by Mr.Bahzad. However EII team was ableto convince them to circulate theproposal, objectives, timelines forapproval
N.A
41
2.7 Inventory Management
Internal Audit Observations Management Response Management Action PlanTimelines
1. Material Receiving, Storage and House-keeping
While reviewing the material receiving, storage and house keeping
function, following was noted:
1. Currently, the Company does not have centralised stores. Raw
Materials are stored in an open yard, bought out items are
stored in an area in the plant and stores and spares are stored
at third location.
2. There is no tracking of unloading time from port-to-factory
and factory-to-port.
1. Disagreed, Due to different typeof operations which carries outin Mammut Building SystemFZC plant, various products,plant size and differentequipments which are requirefor handling of raw materials;decentralizing of stores wouldbe the best possible option, atthe same time there is acentralize control from materialcontroller supervisor ( Mr. JoseDias ) whom sits in PPDdepartment, basically all theinformation’s from differentstores flow in PPD and compileby Senior material controller indifferent type of format, socontrol is centralize.
2. Disagreed, As per discussionheld in our conference room anddocuments presented to youthere is a tracking report for allthe trucks and containers whichare entering and leaving MBSfactory at any given time, at thesame time when there is acongestion and unusuallyshipments from port all the team
1. N.A
2. N.A
N.A
N.A
42
Internal Audit Observations Management Response Management Action PlanTimelines
3. There is no dedicated store in place with a layout plan and the
same being mapped in the ORACLE ERP system.
4. There are no defined stacking norms in terms of types of
stacks, number of pieces / boxes / items kept in a stack,
stacking hight etc. for various types of material.
members up to manager levelgets involve to ease up theoperation. In terms of offloading priority it goes withFIFO and type of materials, ifwe receive a container shipmentthere is a receiving date oncontainers and containers aregetting off loaded base of FIFO
3. Partially agreed
4. Partially agreed, As far as steelconcern number of pieces ineach bundle and bundling isdifferent from supplier tosupplier and practically it is notpossible to re bundling them, forbuy out items packing is subjectto supplier and shipment typewhich is different and thatdepends on suppliers and it hasto be forced by purchasing tosupplier, for sacking we fallowindustry practice which is varyfor each type of materials andmainly depends on volume ofmaterials which we receive inMBS plant, as we haveexplained to you all the prepainted Aluzinc materials can goup to 3 coils vertically on top of
3. There is a dedicated store inplace where as the lay outplan will be established andsame will be mapped withORACLE
4. N.A
30 September 2009
30 September 2009
43
Internal Audit Observations Management Response Management Action PlanTimelines
5. The hygiene norms in terms of cleaning schedule, hygiene
standards to be maintained in the stores etc. for the stores are
not defined.
6. Although ORACLE ERP has been implemented, but the same
is not supported by a perpetual inventory system and
continuous stocking system, which is absolute essential in an
ERP environment.
each other, and for still hotrolled sections industry practiceis 3.5 meter which we arefallowing it.
5. Disagreed, _Cleaning ofinventory is carrying everyalternative week and procedurefor 5s inspection start on 2endMarch and we hold it everyMonday on entire plant, the restof procedure is under review tobe establish as standard policy,and it has shown to you on a daywhich we had a meeting, there isan enormous improvement in allthe area in terms of cleaning andarranging written procedure willbe establish in six months.
6. Agreed.
5. N.A
6. Objective of continuessystem will be achieved afterimplementation of SCIAsoftware.
N.A
30 September 2009
7. Control Gaps in Material Rejection
It was noted that, there are no guidelines to facilitate re-inspection
of rejected material to recover good material before it may be
returned to suppliers.
Agreed. Guidelines to facilitate re inspection ofrejected material to recover goodmaterial will be established with coordination of Purchasing, material andEngineering Dept.
.
31 August 2009
44
Internal Audit Observations Management Response Management Action PlanTimelines
8. Physical Verification of Inventory
Although physical verification is done as a part of statutory audit
process every six months, currently the company does not have a
well defined physical verification procedure pertaining to
inventory on an ongoing basis. Further, there are no guidelines
available on record for the preparation of stock verification report,
their verification and final authorization and approval for effecting
adjustments.
Agreed Written procedures and guidelines willbe defined & established.
15 August 2009
9. Inventory Management and Optimization
While evaluating the inventory management and optimization,
following was revealed:
1. Currently classification of inventory is not done. 1. Disagreed, Inventoryclassification in terms of type ofmaterials route to productionand consumption is defined, forexample HRCs, HR Plate, FlatBar, Galvanize materials, andPre painted materials.. etc, andsegmentation it has been set inthe system and reports areavailable for review, at the sametime physically materials havebeen separated base on the routeof production too, as anexamples materials are gettingutilized in main frame shop arestore in open material yard whileas materials for cold form are inlean to area.
1. N.A N.A
45
Internal Audit Observations Management Response Management Action PlanTimelines
2. Inventory levels in terms of maximum level, minimum level
and re-order level have not been defined.
3. Currently the ORACLE ERP system does not generate an
inventory ageing report and in turn, non-moving and slow
moving items cannot be identified and valued.
2. Agreed.
3. Agreed but available from Jan-2009
2. We will implement in ERP
3. N.A
31 August 2009
N.A
10. Control Gaps in Material Consumption Booking
During our review of the material consumption booking, it was
revealed that since the manufacturing module of Oracle is not
implemented as of now, all raw material consumption booking is
done manually at the end of the month. At the end of each month,
production manager creates a 'Production Report' manually in an
excel sheet and sends it to Accounts Department. This report
contains the raw material items and quantities consumed during
the month. This report is used as a basis to book the consumption
in the system by the Accounts Department. The rates of raw
materials are obtained from the Oracle System itself.
Agreed This will be available once SCIA willbe implemented.
30 September 2009
11. Absence of Provisioning Policy for Inventory
Currently, the company does not have in place any provisioning
policy for inventory. An age-wise analysis of inventory currently
on hand is not carried out to ascertain the quantity of inventory
under different age brackets and compare the age on inventory
with the shelf-life. This results into non-tracking of obsolete and
un-usable inventory items.
Discussion with Finance Personnel revealed that, most of the raw
materials used by the company have very long shelf lives. Even, if
the steel is rusted, it can be used after re-blasting.
Agreed Inventory policy will be formalized 15 August 2009
46
2.8 Shipping
Internal Audit Observations Management Response Management Action Plan Timelines
1. Control Gaps in Transporter Evaluation and Selection
Following was revealed during the review of Approved Transporters
List:
1. A procedure for appointment of transporter clearly defining the
parameters for attributes like rate, efficiency, timeliness etc. was
not available on record.
2. Transporter evaluation and justification for appointment is not
documented. Thus, appointment of the best transporter available
cannot be guaranteed.
3. There is an over dependence on a single transporter. Majority of
the dispatches are done through a sister concern namely Trans1.
Management has decided to give first preference to the sister
concern for all the domestic dispatches irrespective of the rates
charged. If, the sister concern is not able to fulfill the dispatch
requirements, alternative transporters are arranged for those
dispatches.
Agreed Complete document will beavailable cover all aspects ofrecommendations.
31 July 2009
2. Absence of Transporters Performance Evaluation
Discussion with the Shipping Manager revealed the following:
1. Absence of a well documented procedure defining the parameters
for the performance evaluation of the transporters.
2. An objective assessment of the performance of the approved
transporters is not carried out.
Agreed Procedure to be defined forperformance.
31 August 2009
3. Absence of Long-term Agreements with the Transporters
During a review of the selected transporters of the company, it was
revealed that formal agreements between the company and the
transporter, stating the terms and conditions of both the parties are not
present. Authorized signatory approves the quotation / rate list sent by
the transporter and this document is considered as a contract.
Agreed Formal agreement to be prepared. 31 July 2009
47
Internal Audit Observations Management Response Management Action Plan Timelines
4. Control Gaps in Dispatch Monitoring
1. During a review of fifteen dispatches made during the period 1-
Nov-08 to 15-Nov-08, following was revealed:
1.1 Loading report is not signed by the material checker during
loading in all the cases. Loading report only contains the part
numbers and their respective quantities.
1.2 Proof of delivery was not obtained from the customer in six
cases.
Date Job No. DescriptionWeight(MT)
DN No.
01.11.2008 AE1-2020 PEB Materials 13.053 34955
02.11.2008 AE3-2129 Sheeting Materials 2.435 35004
08.11.2008 AE1-1795 PEB Materials 13.676 35167
09.11.2008 AE1-1526 PEB Materials 10.148 35204
12.11.2008 AE1-1526 Touch-up paint 0.028 35287
14.11.2008 AE1-2121 Sheeting Materials 6.318 35341
2. Destination-wise transit periods are not defined and formally
approved by both the parties in form of a contract.
1. Agreed
2. Agreed
1. Already implemented.Loading Foremen andSupervisors are signing theloading docs beforepreparing the packing list
2. Will be defined.
Immediate
31 July 2009
5. Lack of Control Over Demurrage Charges
During a review of financial accounts for the period Jan-08 to Nov-08
pertaining to demurrage charges, it was revealed that:
1. A mechanism to monitor and control demurrage charges does not
exist. Demurrage Charges for incoming materials have been
accounted for under two different heads of accounts namely,
Landed Cost Clearing Account – Freight and Freight Purchase.
2. Freight Charges which could be clearly identified as demurrage
charges according to descriptions of transactions amounted to
AED 121,498.This could be much more.
1. Agreed
2. Agreed
1. Mechanism will beestablished for demurragemonitoring.
2. Procedure needs to bedefined with the purchasedepartment to incorporatethe rate contract withtransporters
30 September 2009
30 September 2009
48
2.9 Accounts and Finance
Internal Audit Observations Management Response Management Action PlanTimelines
1. Control gaps in Account Master Management
While reviewing the master data management pertaining to
Accounts, following was revealed:
1. Although there are named individuals responsible for creation,
deletion and modification of the chart of accounts, but there is
no documented policy for the same.
2. There is no standardized process of amending and updating
accounts, nor there is a process of identification in-active or
dormant accounts.
3. Currently all non-standard journal entries such as the adjusting
entries are entered by Finance Head himself and there is no
authority delegated to any of the staff to do so. Further, there are
no supporting documents for most of the reversal entries.
4. There is no delegation of authority defined for the approval of
payments limits. Generally all payments are approved by the
Accounts Manager except for some material payments.
1. Agreed
2. Agreed
3. Disagreed, all entries enteredby respective staff and notFinance Manager , howeverfor control purpose all entriesposted by Finance Manager.However supportingdocuments wherever missingwill be attached.
4. Disagreed, all approval forpayments done by Chiefaccountant and forward toFinance Manager for approvalwith chque/TT signatureFinance Manager singedcheques/TTs with MD of thecompany upto the limitsapproved by BOD.Cheques/TT more then thelimit forward to Group andEII for authorization.
1. Policy will bedocumented.
2. Procedure will bedefined.
3. N.A
4. N.A
Aug 31, 2009
Aug 31, 2009
N.A
N.A
49
Internal Audit Observations Management Response Management Action PlanTimelines
2. Periodic Bank Reconciliation Statements Not Prepared
Currently, the company does not prepare bank reconciliations at all.
It was given to understand that by preparing a list of all post dated
and current dated checks and reconciling them with the bank
statements immediately after they have been cashed from the bank
the purpose is served. Further, the company updates its accounts
based on the bank statements.
When reviewing account # 133301-Cash Clearing Account, it was
noted that the System facilitates the option of recording Post Dated
Cheques, Current Dated Letter of Credit and Letter of Credit
payments separately , but all of them were recorded as Current
Dated Cheques which has resulted in a balance of AED 114,661,279
pending in Current Dated Cheques account.
Agreed., the main reason to useCDC account instead to haveBank account in GL that weissued future dated cheques inbulk instead to make CDC. AllPDCs incorporated into PDCaccount in GL instead to creditinto bank account in GL. Everymonth only cleared PDCsincorporated into bank bookwhich eventually match withBank statement. The rest of theitems reconciled and part ofbank reconciliation statementwhich is available fromDecember 2008.
Implemented Implemented
3. High Finance Costs
During our analysis of the financial statements for 2005, 2006 and
2007, it was revealed that profit margin has declined to 4% in 2006
from 8% in 2005. On further analysis of financial information and
discussions with finance personnel, it was observed that it was
mainly due to increase in finance costs in 2006. Interest on terms
loans increased from AED 1,832,195 in 2005 to AED 6,135,359 in
2006 which is more than a 230% increase from the previous year.
Interest on trust receipt loans and overdrafts increased from AED
823,597 in 2005 to AED 2,099,367 in 2006. Also, current portion of
bank overdrafts increased to AED 13,394,599 in 2006 from AED
136,233 in 2005
Agreed, Due to huge liabilitypayable to the bank in 2006 butafter EII taken over most of thebank’s liabilities paid from theconsideration received. Inaddition EIBOR rate was higherin the year 2006 if we compareyear 2008.
N.A N.A
50
Internal Audit Observations Management Response Management Action PlanTimelines
Company obtained term loans in 2006 to meet its financing needs.
Details of the loans are given below:
1. A commercial loan of AED 15,325,761 repayable in 24 equal
installments of AED 765,324 each from Bank Melli Iran. This was
used to finance property purchases.
2. A commercial loan of AED 18,341,640 repayable in 16 equal
quarterly installments of AED 1,147,289 from Northstar. This was
used to finance machine purchase.
3. A commercial loan of AED 12,178,028 repayable in 12 equal
semi-yearly installments of AED 950,000 from Abu Dhabi
Commercial Bank. This was used to finance property purchases.
We understand that, this has resulted in increased financial cost in
2006, leading to a decline in profit margin for the year. Further, as of
now the properties purchased have been transferred to the group
company.
4. Exposure to Swap Transactions
During our analysis of the treasury function, it was observed that the
company entered into various interest rate swaps during the period
Apr-05 to Apr-08. Although the company has made a profit over all,
but the same is not the core activity of the company and amounts to
entering into transactions involving a lot of financial risk.
The reasons and methodologyalready discussed at EXCOMand Board level and approvedthe Exposure to SwapTransactions.
Approval has been sought fromboard
N.A
51
2.10. Capital Expenditure
Internal Audit Observations Management Response Management Action Plan Timelines
1. Capital Budgeting – Policy and Procedures
Following was revealed pertaining to the Capital Budgeting activity
in the company:
1. There is no defined capital budgeting exercise done as a part of
Annual Budgeting Process. Further, there is no centralized
body that drives the capital expenditure decisions of the
company.
2. There is no documented process of allocating annual capital
budgets to various departments before the year starts.
3. There is no provision of periodic documented review of
budgeted vs. actual expenses and analysis of variances there
off..
4. There is no system of periodic review or monitoring of
execution of projects (only capital expenditures that require
1. Disagreed, Each HOD submits thebudget each year as par of annualbudgeting process. In addition, Budgetvs actual statement submits to EXCOMlevel for review. Since companypurchased only few assets except plantand machinery for expansion which isHOLD due to current economicconditions. MD is authorized to takedecision upto certain limits.
2. Disagreed, Capital budget submitted byeach department which is part ofannual budget and same approved andintimated to all HODs
3. Disagreed, Monthly MIS is availablefor review against budget and samediscussed in each and every EXCOM.
4. Agreed
N.A
N.A
N.A
In future all execution ofprojects will be doneperiodically.
N.A
N.A
N.A
31 July 2009
52
Internal Audit Observations Management Response Management Action Plan Timelines
acquiring materials internally are not given internal Job
number, nor there is a system of periodic reporting of execution
of each project.
2. Capital Expenditure – Initiation and Approval
While reviewing a sample of sixteen capital expenditure decisions
amounting to AED 27,058,965 the following was revealed:
1. In two cases amounting to AED 99,824 no quotations were
obtained. In ten cases amounting to AED 25,923,775 only one
quotation was obtained.
2. The company does not have an approved vendors list for
capital purchases.
3. In fifteen cases amounting to AED 26,573,965 no
NPV/IRR/Payback period analysis was done. Further, there are
no guidelines available on record for performing the same.
1. Agreed
2. Disagreed since 95% capital purchasedrelated to plant and machinery and it isnot possible to prepare standard list ofvendors since it depends upon the specsand budget availability. The same hasbeen done during finalization ofpurchased plant and machinery forplant expansion where BOD approvalobtained after finalization of specs andvendors.
3. Agreed
1. In future allsupportingdocuments whereverpossible since sometime we need brandspecific product inwhich case threequotations are notpossible.
2. N.A
3. NPV/DCF/IRR willbe added in theCAPEX
1. Immediate.
N.A
July 31, 2009
53
Internal Audit Observations Management Response Management Action Plan Timelines
4. As of now, there is no serial number control over CER.
Further, Capital Expenditure Requests (CER) were not found in
seven cases amounting to AED 6,305,243.
5. Purchase requests were not mentioned in three cases amounting
to AED 4,557,272 and purchase order was not found in one
case amounting to AED 77,437
6. In four cases amounting to AED 4,538,632 the purchase order
was not signed by the Finance Manager and General Manager.
7. In two cases amounting to AED 861,640, although the assets
were put to use but the same were not capitalized. In one case,
a purchased asset amounting to AED 3,797,760 was not
booked to the extent of part payment of AED 2,800,944 as
capital commitment and in another case although full payment
of AED 1,341,216 was made, but the asset was not recognized
in the books of accounts.
4. Agreed
5. Agreed
6. Agreed
7. Disagreed, company capitalizes assetsafter installation, internal satisfaction,performing all procedures i.e test andtrial etc. So just assets available in thefactory can not simply capitalizewithout following above steps.
4. CER will begenerated from ERPwith serial nos.
5. In future, all relevantdocuments will beattached.
6. Corrected, now noPO can submit fromthe ERP withoutapproving by FinanceManager & MD.
7. N.A
Aug 31, 2009
Immediate.
Immediate
N.A
3. Capital Expenditure – Fixed Asset Purchase andCapitalization
While reviewing the fixed asset purchases and capitalization the
following was revealed:
1. In ten cases, the cost of the assets could not be tracked. 1. Agreed, These items are very old itemsand coming from old plant. The costsof these items are very minor. The costmight be considered as expenditure atthe time of purchase from old plant.
1. A proper costtracking system inplace
Immediate
54
Internal Audit Observations Management Response Management Action Plan Timelines
2. Some Fixed assets that were purchased, but they were not
capitalized yet. (refer to annexure)
3. Some fixed assets that actually existed were not on the fixed
assets register.
4. Depreciation of all machines related to each category is
calculated on a lump sum basis for the whole category without
taking into account the relevant useful lives and usage of
various machines
5. Fixed assets insurance is prepared based on the net book value
of the fixed assets.
6. No information about the legal ownership of old fixed assets
obtained before 2007 are available on record.
2. Agreed,
3. Agreed
4. Disagreed, This is company policy oflast many years and it is notworthwhile to change the policy at thisstage where all machineries are veryold and overall value will not bematerial to consider for revision.
5. Disagreed, We are doing insurance onGross Value and not on net value.Policy is available for crossverification.
6. Agreed but it is difficult toidentify at this stage sincecompany maintained currentyear and last year record.
2. Now as a part ofCWIP since all meantfor plant expansionwhich is hold now asper directives fromthe BOD.
3. Physical verificationexercise will becarried out and willbe maintained FixedAssets Register.
4. N.A
5. N.A
6. In future, proper fileswill be maintained.
30 September 2009
30 September 2009
N.A
N.A
Immediate
55
Internal Audit Observations Management Response Management Action Plan Timelines
4. Weak Control Over Fixed Assets Verification
We understand that, a physical verification of fixed assets is notcarried out by the company. Also, the assets do not have an 'AssetIdentification Code' due to which, they can not be easily identifiedand located. An exercise for bar-coding of fixed assets wasundertaken at a group level about one year back. However, theexercise was not completed and all the fixed assets were not bar-coded. According to a list of all bar-coded items generated from theIT System, a total of only 435 assets were coded. The list contains alimited number of Furniture items and computer hardware only.
Agreed,Fixed assets will be verified &code will be done.
30 September 2009
56
1.11. Human Resources and Payroll
Internal Audit Observations Management Response Management Action PlanTimelines
1. No Annual HR Budget, Planning and Management
While reviewing the budgeting and planning aspect of HR function,
following was revealed:
1. Currently, detailed planning and budgeting is not done in the
HR department. Although a projection of salaries and benefits /
allowances is done as a part of annual business plan for which
there are no assumptions available on record, the same is not
done in conjunction with the department as well. Further, it is
also not cascaded down to the department to facilitate the
formulation of a detailed budget and submission of the same
back to the management for deliberations, fine tuning and
approval.
2. Currently the company is following HR procedures set in the
year 2006. Although, the “Future Process Model” (dated July
07, 2008) for the HR Department is available and it was given
to understand that the same are approved at the group level, an
approved copy of the same was not available on record. Further,
the implementation of the same is still to be initiated by the
company.
1. We agreed with theobservation
Detailed manpower and cost to company reportsbased on current headcount and following yearprojections are prepared by HR in deliberations withvarious departments and provided to them for thepurpose of planning and budgeting. Assumptions onwhich the CTC is based are available with HR.A number of HR Policies and Procedures which areworking well have been incorporated in the BP 080as there is no need for changes. Where necessarychanges have been made in the Future ProcessModel.The Future Process Model (BP080) has already beenimplemented. The Oracle process is based on theBP080 which is running since 2008.HR Department objectives and KPIs are being set.HR Department budgets have already been preparedand submitted to Finance.Staffing requirement, forecasted expenditure and keylegislative requirements are all part of the budgetingprocess and have already been taken intoconsideration.KPIs for HR & Admin Manager, agreed by the GMare being finalized.HR Policies and procedures already exist. They arecontinuously updated on a need basis.The Policy Manual is available for DepartmentHeads. Employee Handbook is being prepared and isexpected to be ready for distribution to all employeesby September 2009
30 September 2009
2. Control Gaps in Recruitment Activity
57
Internal Audit Observations Management Response Management Action PlanTimelines
While reviewing the recruitment aspect of HR function, following
was noted:
1. Alignment of the recruitment activity to the business plan can
not be ascertained as the same is not cascaded to the Head of the
HR Department.
2. A detailed updated organization chart highlighting all levels of
management down to the supervisory and workers level is not
available on record. Further, detailed job profiles / job
descriptions identifying key position requirements were not
developed for each designation.
3. Rejection letters are not issued to rejected candidates and no
track record of rejected employees is maintained.
4. A staffing plan neither is in place nor is the Staffing
requirements monitored, including anticipated organizational
change.
5. No documentary evidence was available on record for imparting
training in interview and selection techniques to line managers
involved in the recruitment process.
While reviewing the recruitment process of fifteen employees,
following was revealed:
1. Manpower request form was not available for eleven
employees. Further, manpower request form was used by the
department head to inform the HR Department of recruitment of
three employees. Thus, the manpower recruitment form was not
used for its intended purpose.
1. Agreed
2. Available now.
3. Agreed
4. Agreed
5. Agreed
1. Disagreed, Allmanpower requestforms are available
1. HR Manager will prepare the annualrecruitment plan based on thebudgeted figures and initiate therecruitment process at the agreed time.
2. N.A
3. HR has started to prepare this letters.
4. HR Manager with General Managerwill start to prepare the plan.
5. HR Manager with general manger willdefine the guidelines.
N.A
30 September 2009
N.A
Immediate
30 September 2009
30 September 2009
N.A
58
Internal Audit Observations Management Response Management Action PlanTimelines
2. Recruitment documents such as interview sheet were not
available for ten employees.
3. Educational certificates are not obtained for seven employees at
the time of recruitment and the same are still not available in
their personal files.
4. Documentation for background checks was not retained for all
fifteen employees.
5. Documentary evidence of employee orientation for nine
employees was not available on record.
6. Employee reporting form was not available on record for three
employees.
2. Agreed
3. Agreed
4. Agreed
5. Disagreed, Allemployee orientationforms are available
6. Disagreed, Allemployee reportingforms are available
In ture HR Manager will make sure thatrecruitments documents will be available for allemployees.
In future HR Manager will make sure thatEducational Certificates will be available for allemployees.
In future HR Manager will make sure thatdocuments for background check will beavailable for all employees.
N.A
Immediate
Immediate
Immediate
N.A
3. Control Gaps in Recruitment ActivityWhile reviewing the recruitment aspect of HR function, following was
noted:
1. Alignment of the recruitment activity to the business plan can
not be ascertained as the same is not cascaded to the Head of
the HR Department.
2. A detailed updated organization chart highlighting all levels
of management down to the supervisory and workers level is
not available on record. Further, detailed job profiles / job
descriptions identifying key position requirements were not
1. Agreed
2. Available now.
1. HR Manager will prepare the annualrecruitment plan based on thebudgeted figures and initiate therecruitment process at the agreed time.
2. N.A
30 September 2009
N.A
59
Internal Audit Observations Management Response Management Action PlanTimelines
developed for each designation.
3. Rejection letters are not issued to rejected candidates and no
track record of rejected employees is maintained.
4. A staffing plan neither is in place nor is the Staffing
requirements monitored, including anticipated organizational
change.
5. No documentary evidence was available on record for
imparting training in interview and selection techniques to
line managers involved in the recruitment process.
While reviewing the recruitment process of fifteen employees, following
was revealed:
1. Manpower request form was not available for eleven
employees. Further, manpower request form was used by the
department head to inform the HR Department of recruitment
of three employees. Thus, the manpower recruitment form
was not used for its intended purpose.
2. Recruitment documents such as interview sheet were not
available for ten employees.
3. Educational certificates are not obtained for seven employees
at the time of recruitment and the same are still not available
in their personal files.
4. Documentation for background checks was not retained for
all fifteen employees.
5. Documentary evidence of employee orientation for nine
employees was not available on record.
3. Agreed
4. Agreed
5. Agreed
Disagreed, All manpowerrequest forms are available
Agreed
Agreed
Agreed
Disagreed All employeeorientation forms are available
3. HR has started to prepare this letters.
4. HR Manager with MD will start toprepare the plan.
5. HR Manager with MD will define theguidelines.
N.A
In future HR Manager will make sure thatrecruitments documents will be available for allemployees.
In future HR Manager will make sure thatEducational Certificates will be available for allemployees.
In future HR Manager will make sure thatdocuments for background check will beavailable for all employees.
Immediate
30 September 2009
30 September 2009
Immediate
Immediate
Immediate
60
Internal Audit Observations Management Response Management Action PlanTimelines
6. Employee reporting form was not available on record for
three employees.
Disagreed, All employeereporting forms are available
N.A N.A
4 Control Gaps in Information Management Systems
Following gaps were observed in the information management
system of HR department:
1. Various parameters for measuring the capability and
effectiveness of various activities such as recruitment, training
and performance management are not in place.
2. Employee productivity measures have not been established. Due
to this, processes and systems to capture the data are not
available.
3. Delay in visa renewal processing is observed for one employee
during the review of visa renewal process for 16 employees.
Emp. # Employee NameVisa Expiry
DateApplication
DateGap
(Days)
13020VadakkedathVarghese
3-Oct-08 6-Oct-08 (3.00)
4. Delay in passport renewal process is observed for 3 employees
during the review of passport renewal process for 8 employees.
Emp. # Employee NamePPt Expiry
Date
PptWithdrawl
Date
Gap(Days)
13240Mohammad HaroonKhan
11-Nov-07 12-Nov-08 (367.00)
12435 Bilal Tariq Awan 24-Oct-08 26-Oct-08 (2.00)
12559Davis ChiriyanKandath Rappai
25-Sep-08 20-Oct-08 (25.00)
1. Agreed
2. Agreed
3. Disagreed, UAE law 30days grace period isavailable for renewal ofVISA. This is generalpractice in UAE.
4. Partly agreed
The process will be in place with Group HR.
The process will be in place with Group HR.
N.A
In future, HR/Admin will avoid such delay.
30 September 2009
30 September 2009
N.A
Immediate
61
Internal Audit Observations Management Response Management Action PlanTimelines
6. Discipline Management
Implementation of disciplinary procedure of the company had the
following gaps:
1. No mechanism exists for employees to raise concerns about
their place of work and working relationships through a discrete
procedure either formally or informally.
2. No formal record exists for training provided to line managers
in application of disciplinary procedures.
3. No periodic audit of actions taken against the disciplinary
actions is conducted to ensure compliance with laid down
procedures.
1. Agreed
2. Agreed.
3. Agreed
1. HR will prepare the procedureand communicate to all.
2. The Disciplinary Procedures aredefined clearly in the BP 080.These are supported by a RuleBook specifying penalties to beapplied in various circumstancesand situations. These are availablewith all Managers and are beingstrictly implemented.
3. Monthly audits of Disciplinarypenalties to be carried out by HR.
15 august 2009
31 October 2009
30 September 2009
62
2.12 Information Technology
Internal Audit Observations Management Response Management Action PlanTimelines
1. IT Policy, Disaster Recovery Plan and System Security
A review of the Information Technology framework revealed the
following:
1. Two documents viz. Disaster Recovery Plan and Disaster
Recovery Framework were available on record, but as of now,
both of them are at a draft stage and still to be finalised. This also
contains the back up plan.
2. Currently, there is no well defined, documented and approved plan
pertaining to assessment and monitoring the physical and logical
security of IT infrastructure in terms of periodic review of access
logs.
1. Agreed
2. Disagreed., Logical securityis inherent within theWindows and Linux serverenvironments. Logicalpasswords are defined atmultiple level, server ie.network 90 day passwordexpiry is in place for allusers. In addition to this allbusiness criticalapplications ie. ERP havethere ownapplication/database levelpasswords this is inherent inthe software application.
All servers are physically secureand kept in air conditioned ITserver room. The only peoplewho have access are the ITmanager and the IT Engineers.DR Plan will be updated toinclude details of Logical &Physical security
1. Restate rescue plan &framework will be presented &prepared to Board for approval
2. N.A
30 September 2009
N.A
63
Internal Audit Observations Management Response Management Action PlanTimelines
2. ERP Implementation
While assessing the ERP implementation, following came to light:
1. The project was initiated in April 2007 and went live in January
2008 that is approximately nine months.
2. As the software was purchased at the group level, Mammut
Building Systems share of the cost was about AED 1.5 million
which is 42% of the total cost including the consultants’ fees.
3. It has been a year since the ORACLE ERP has gone live.
Following are some of the facts in this regard:
2.1 The June 2008 closing of the books of accounts for the
purpose of Statutory Audit has happened in Alpha (the old
legacy system) and not in ORACLE.
1. Agreed however note thatERP systems generally take anumber of years to mature. Amodular implementationapproach was taken for ERPimplementation at MBS. Thismeans that not all moduleswent live at the same time.Modules were phased in overa period of time due to datadependencies. It is notuncommon during the earlystages of a newimplementation for smallissues to exist.
2. Agreed. The half year Auditdid happen in Alpha, howeverwe are more than confidentthat the pertaining issues havebeen resolved and that OracleERP is functioning as requiredby the business.
3. Agreed but available fromJan-2009.
Agreed but available from Jan-2009.
N.A
N.A
N.A
N.A
64
Internal Audit Observations Management Response Management Action PlanTimelines
2.2 Debtors ageing is done manually as the ORACLE is not
giving the desired report and is still under development. ERP
also does not support the generation of creditors ageing.
2.3 ORACLE ERP does not generate an inventory ageing report.
It was given to understand that the inventory coding is still to
be completed in the system.
2.4 There is no report generated by the system which can
facilitate the assessment of Purchase Requisition (PR) status
as to whether it is pending approval or approved but not
serviced, serviced but not closed and serviced and closed.
2.5 There is no pending PR and pending PR ageing report.
Further, there is no report showing the open POs and their
ageing.
2.6 Two PO listings were generated for analysis purposes,
namly, one from the purchase department ( 11270 listed
POs) and another from the IT department (10036 listed POs).
The PO listed in the report by purchase department were
Disagreed, Following reports areavailable :- Oracle standard Purchase
Requisition Status report- MBS PR to PO Status
reportMBS PR to DO tracking reportFollowing Open PO reports areavailable:- Standard Open PO
Report(by Buyer)- Standard Open PO
Report(by Cost Center)MBS PO Status Report
Partly agreed
Agreed
N.A
Pending PR report available, there isno standard PR ageing report, it willbe developed.
Reports needs to be revisited.
N.A
30 September 2009
30 June 2009
65
Internal Audit Observations Management Response Management Action PlanTimelines
more than the PO listed in the report generated by IT
department by 1231.
2.7 The ERP system does not generate a Bank Reconciliation
Statement. In fact, MBS does not have the practice of
preparing Bank Reconciliation Statement at all.
2.8 The company has not opted for ORACLE Manufacturing.
Instead a new software SCIA has been bought at the cost of
AED 0.90 million for managing production and MRP.
Currently, the same is being integrated with ORACLE. Till
such time the whole MRP and production management is
performed manually. It was given to understand that the
decision to opt for SCIA instead of ORACLE Manufacturing
was taken by the top management, but there are no
documents available on record supporting the technical and
financial evaluation for supporting the decision.
2.9 Currently the material management department does not
utilise the MRV reports to manage material receipt.
2.10It was given to understand that before going live, parallel
runs with the legacy system were not performed to ensure
ERP stability.
Agreed
Agreed
Disagreed, Report is availableand has being utilized by PPD &Finance since module GO-Live.no additional reports have beenrequested
Agreed
Company will see the possibility togenerate bank reconciliationstatement from ERP since thisfacility may require additional costto the company.
Oracle Manufacturing has not beenfactored into the ERPimplementation as it was decidedthat SCIA would perform thisfunction better then Oracle.
N.A
This was a decision by the MD ofthe company.
N.A