RISK ASSESSMENT ENSTRA MILL

PROCESS - FINANCIAL
CASH AND BANK 31
SPECIFIC RISKS Impact Likelihood Total
Reconciliations 126 42
Cash receipts information is not identified and recorded 7 7 49
Cash receipts information is not recorded accurately and timeously 7 7 49
Expenditure amounts are not recorded accurately and timeously 7 4 28
Sundry Allocations 52 17
Mis-allocations of charges are not identified timeously 4 4 16
Mis-allocations of sundry receipts are not identified timeously 4 5 20
Adjustments in respect of sundry amounts are not valid and processed accurately 4 4 16
Review 64 32
Balances are not reviewed and assessed for accuracy 8 4 32
Unauthorised transactions are not identified timeously 8 4 32
Cheque Controls 128 32
Access to blank cheques is not appropriately restricted 8 4 32
The accountability for the receipt of cheques is not formally transferred 8 4 32
Stock of blank cheques is not appropriately controlled and such cheques are not accounted for 8 4 32
Cheque cancellation procedures do not render the instrument unusable 8 4 32
Probability Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Probability rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the probability rating.
Probability Key
Probability rating above 30%
Probability rating between 20 % and 30%
Probability rating below 20 %
RISK ASSESSMENT ENSTRA MILL
PROCESS - FINANCIAL
GENERAL LEDGER MAINTENANCE 36
SPECIFIC RISKS Impact Likelihood Total
Reconciliations 120 30
Reconciliations are not performed timeously 8 4 32
Reconciliations are not subject to review to identify anomalies 8 4 32
Reconciliation review process is not segregated from the processing function 8 4 32
Misallocated postings are not identified timeously 4 6 24
Review 120 40
Invalid adjustments are not identified timeously 8 7 56
Review process is not sufficiently segregated from the processing function 8 4 32
Review process is not formalised and accountability cannot be allocated 8 4 32
Adjustments 116 39
Adjustments are not processed accurately 7 4 28
Masterfile amendments are only performed by authorised employees 8 4 32
Masterfile amendments are identifiable and tracked and subject to an independent review 8 7 56
Probability Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Probability rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the probability rating.
Probability Key
c
Probability rating above 30%
Probability rating between 20 % and 30%
Probability rating below 20 %
RISK ASSESSMENT ENSTRA MILL
PROCESS - FINANCIAL
STOCK CONTROL 33
SPECIFIC RISKS Impact Likelihood Total
Stock Reconciliations 243 35
Reconciliations are not performed timeously 8 4 32
Reconciliations are not subject to review to identify anomalies 7 4 28
Reconciliation review process is not segregated from the processing function 7 4 28
Misallocated postings are not identified timeously 7 6 42
Invalid stock adjustments are not identified timeously 8 6 48
Stock adjustments are not processed accurately 6 5 30
Stock variances are not investigated and reported to the appropriate employee 7 5 35
Production Orders 152 38
Production orders are not received and processed timeously 8 5 40
Invalid production orders are processed 8 5 40
Production orders are not processed accurately 8 5 40
Access to the processing functionality of production orders is not limited to the authorised 8 4 32
employees
Stock Counts 126 32
Stock count procedures are no prescribed and formalised 7 5 35
Stock count procedures are not appropriately monitored 7 4 28
Stock count results are not subject to a random validation 7 4 28
Stock counts are not performed timeously 7 5 35
Stock Provisions 52 26
Stock provisions are not being monitored 6 4 24
Transactions resulting in a movement of these provisions are not subject to the appropriate 7 4 28
authorisation
Probability Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Probability rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the probability rating.
Probability Key
c
Probability rating above 30%
Probability rating between 20 % and 30%
Probability rating below 20 %
RISK ASSESSMENT ENSTRA MILL
PROCESS - FINANCIAL
PAYROLL 30
SPECIFIC RISKS Impact Likelihood Total
Deductions 92 31
Deduction are inaccurate, invalid and incomplete 7 4 28
Deductions are not processed timeously 8 4 32
Deductions are not paid timeously 8 4 32
Leave Pay 96 24
Leave accruals are in contravention of the company's policy 6 5 30
Leave due is not monitored and subject to independent review 7 3 21
Leave taken is not formally recorded and leave records are not updated 6 4 24
The employment of staff is not supported by complete personnel records and files 7 3 21
Payroll Reconciliations 124 31
Payroll reconciliation's are not performed accurately 8 4 32
Payroll reconciliation's are not performed timeously 8 4 32
Reconciling items are not identified timeously 7 4 28
The payroll reconciling process is not appropriately segregated from the 8 4 32
payroll processing function
Processing 171 34
Information required for processing is not available timeously 8 4 32
Processing errors are not identified timeously 7 3 21
The processing function is not appropriately segregated 8 7 56
Processing functions are not limited to authorised employees 8 4 32
Processed information is not available as and when required 6 5 30
Probability Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Probability rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the probability rating.
Probability Key
c
Probability rating above 30%
Probability rating between 20 % and 30%
Probability rating below 20 %
RISK ASSESSMENT ENSTRA MILL
PROCESS - FINANCIAL
SECURITY 33
SPECIFIC RISKS Impact Likelihood Total
Entrance / Exit Controls 235 34
Unauthorised vehicles are permitted access into restricted areas 7 3 21
Vehicles are permitted entrance without security inspection 7 3 21
Vehicles entering for delivery purposes are accepted without valid delivery documentation 7 5 35
Delivery documentation is not subject to inspection for the purposes of accuracy and validity 8 5 40
All equipment entering the site is not logged and identified to validate the removal 6 3 18
Individuals entering the site are not recorded and logged 6 3 18
Vehicles leaving the site are not inspected to ensure assets are not removed without the 8 5 40
appropriate authorisation
Entry and exit is not controlled through a centralised point 8 3 24
Prior authorisation for the removal of equipment or goods is not received and not identified by 6 3 18
security
Despatch 258 32
Goods which have not been authorised for despatched are released 8 5 40
Despatched goods are not reviewed to source documentation to ensure accuracy 7 5 35
Security staff are not appropriately trained to identify the nature and volume of goods being 7 5 35
despatched
Despatched vehicles are not subject to weighbridge controls 8 5 40
Weighbridge information is inaccurate and incomplete 8 4 32
Weighbridge controls are overridden by the manual processing of despatch information 7 4 28
Weighbridge information is inaccurately transposed communicated to the invoicing function 8 3 24
The weighbridge readings are unreliable and not subject to regular calibration 8 3 24
Probability Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Probability rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the probability rating.
Probability Key
c
Probability rating above 30%
Probability rating between 20 % and 30%
Probability rating below 20 %
RISK ASSESSMENT ENSTRA MILL
PROCESS - FINANCIAL
INFORMATION TECHNOLOGY 42
SPECIFIC RISKS Impact Likelihood Total
Change Control 114 23
Requests received are not actioned 6 3 18
Requests received are not actioned according to user requirements 6 5 30
Requests for changes received are not tested 6 4 24
Change control requests are not logged and tracked to identify delays and service levels 6 3 18
Change control procedures are not in terms of a prescribed procedure 6 4 24
User Profiles 168 56
User Profiles are not established in context of job responsibility 8 8 64
User profiles do no sufficiently limit unauthorised access to specific functionality 9 8 72
The user profile database is not monitored to identify unnecessary profiles (terminated employees) 8 4 32
Support 60 20
Skill profile of the support team is inappropriate and does not meet user needs 6 4 24
Support is not available as and when required 6 3 18
Calls requesting support are not logged and monitored to ensure service delivery 6 3 18
Backups 144 36
Backups are not performed at regular intervals 9 5 45
Backups are not subject to integrity testing to ensure availability of data 9 5 45
Backups are not stored in an appropriate location 9 3 27
Backup procedure is not formalised to ensure the continuity of the process 9 3 27
DRP 54 54
Disaster recovery plan is not formalised and known 9 6 54
New Systems 54 54
The implementation and testing process is inadequate and not subject to specific control 9 6 54
measures
Network Facilities 99 50
Backup hardware is iappropriate and not available when required 9 5 45
Software currently being used is unlicensed 9 6 54
Probability Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Probability rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the probability rating.
Probability Key
c
Probability rating above 30%
Probability rating between 20 % and 30%
Probability rating below 20 %
RISK ASSESSMENT ENSTRA MILL
PROCESS - FINANCIAL
COSTING 41
SPECIFIC RISKS Impact Likelihood Total
Bills of Material 98 49
Bills of material are incomplete and do not include all cost components 7 7 49
Bills of material are inaccurately costed 7 7 49
Cost of Sales Reports 63 32
Access to reports is not limited to authorised employees only 7 6 42
Cost reports are not distributed for consideration, to the appropriate employees 7 3 21
Production Statistics 81 41
Information is not recorded accurately and timeously 9 5 45
Production information is not communicated timeously 9 4 36
Cost Adjustments 184 46
Adjustments are not appropriately authorised 8 5 40
Adjustments are not processed or processed timeously 8 5 40
Access to the processing functionality is not restricted to authorised employees 8 6 48
Processed adjustments are not identifiable 7 8 56
Analysis and Review 108 36
Cost reports are not subject to a formal review 9 4 36
The review of the cost reports is not independent and performed by a sufficiently senior employee 9 4 36
Variances from standard cost are not identified 9 4 36
Probability Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Probability rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the probability rating.
Probability Key
c
Probability rating above 30%
Probability rating between 20 % and 30%
Probability rating below 20 %
RISK ASSESSMENT ENSTRA MILL
PROCESS - FINANCIAL
ASSETS 30
SPECIFIC RISKS Impact Likelihood Total
Allocations 30 30
Asset allocations are inaccurate and not recorded timeously 5 6 30
Recording 110 28
Acquisitions are not recorded 8 4 32
The value at which assets are recorded are not in terms of policies procedures and legislation 7 3 21
Fixed assets are not recorded in the appropriate period 6 6 36
The recording function of assets is not restricted to authorised employees only 7 3 21
Maintaining 111 37
The asset register is not updated at regular intervals 7 3 21
Recorded assets are not verified for existence and locations are not identifiable 8 6 48
Assets are not identifiable 7 6 42
Depreciation 109 22
Depreciation is not processed timeously 6 3 18
Depreciation raised is not in terms of company policy and legislation 6 4 24
Adjustments processed are not valid and recorded in-accurately 7 4 28
Adjustments are not processed in the appropriate period 7 3 21
Access to process adjustments is not limited to authorised employees only 6 3 18
Acquisitions / Disposals 96 32
Acquisitions and disposals are not authorised by the appropriate employee 8 4 32
Asset valuation on disposal are inaccurately valued 8 4 32
The acquisition decision is not justified by the appropriate feasibility study or supplier selection 8 4 32
process
Probability Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Probability rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the probability rating.
Probability Key
c
Probability rating above 30%
Probability rating between 20 % and 30%
Probability rating below 20 %
RISK ASSESSMENT ENSTRA MILL
PROCESS - FINANCIAL
SALES 30
SPECIFIC RISKS Impact Likelihood Total
Sundry Debtors 44 15
Sundry debtor sales are not valid and appropriately authorised 4 3 12
Sundry debtor amounts are not accurately processed 4 5 20
Adjustments to sundry debtor amounts are not valid, processed accurately and timeously 4 3 12
Reconciling 104 35
All goods despatched are not invoiced 8 5 40
Differences between despatched and invoiced is not identified timeously 8 4 32
Unauthorised or inaccurate adjustments are not identified timeously 8 4 32
Invoice Processing 530 41
Orders are processed for customers who are not within approved credit limits 8 4 32
Orders are not approved by management in respect of prices and terms of sale 8 6 48
Orders or cancellations are not processed accurately 8 7 56
Processed orders are not transferred accurately and completely to despatch and invoicing 7 3 21
All orders received are not processed timeously 7 8 56
Sales adjustments are not valid and processed accurately 7 3 21
The issuing and processing of credit notes is not in terms of the company's stated policy 8 4 32
Invoices are not processed timeously and do not include all appropriate transactions 7 4 28
Discounts processed are not valid and accurate in terms of the organisations policies 6 6 36
Access the invoicing function is not appropriately restricted 8 4 32
Masterfile amendments are not processed accurately 8 7 56
Masterfile amendments are not valid and subject to the appropriate authorisation 8 7 56
Masterfile amendments are not identified timeously 8 7 56
Probability Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Probability rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the probability rating.
Probability Key
c
Probability rating above 30%
Probability rating between 20 % and 30%
Probability rating below 20 %
RISK ASSESSMENT ENSTRA MILL
PROCESS - FINANCIAL
PAYABLES 30
SPECIFIC RISKS Impact Likelihood Total
Invoice Matching 64 32
Amounts posted to accounts payable are in respect of goods or services not received 8 4 32
Amounts posted to accounts payable are inaccurate in value or amount 8 4 32
Reconciling 56 28
Adjustments to amounts posted to accounts payable are not identified timeously 7 4 28
All amounts posted to accounts payable are not recorded accurately and timeously 7 4 28
Processing of Payments 239 30
Accounts payable amounts are not calculated and processed accurately 7 3 21
Amounts for goods or services are not recorded in the appropriate period 7 4 28
Accounts payable amounts are adjusted for invalid reasons 8 4 32
Credit notes and other adjustments are not calculated accurately 8 5 40
All valid credit notes and adjustments are not processed 7 4 28
Access to the processing function is not restricted to authorised employees only 8 3 24
Access to masterfile amendments is not restricted to authorised employees only 8 3 24
Amendments processed to masterfile information are not timeously identified and reviewed 7 6 42
Risk Rating
This rating is based on the probability of the risk ocurring as it takes into consideration the controls ability to prevent the potential risk
Risk rating is also based on the potential impact the risk will have, in the event that it does materialise.
The higher the impact and likelihood the higher the risk rating.
Internal Audit Coverage Key
Risk rating above 30%
Risk rating between 20 % and 30%
Risk rating below 20 %