Come up with a new audit program related to sales and marketing. Identify risks in a detailed manner against the sub processes listed below, categorize

Come up with a new audit program related to sales and marketing. Identify risks in a detailed manner against the sub processes listed below, categorize those risks, identify and formulate controls against those risks, and come up with test procedures (aka: how you check controls).

Fill in the blanks for all seven categories below:

Process Sub Process Risk Controls Test Procedures Strategic Updating, managing and ensuring Policies, procedures and other guidance documents may be inadequate and / or 1. XXXXXXXX Project Department policies & procedures are in place and comprehensively covers 1. Obtain policies and procedures for Project Department. (existence of Policies & Procedures, compliance to policies & work outdated which may lead to lack of accountability and potential inconsistency in all relevant areas. 2. Determine if all areas are sufficiently covered under the policies & procedures. Organization Chart, JDs, KPIs, Statement procedures managing and monitoring project (project XX) activities. 2. The policies & procedures are regularly updated to include any changes in the Department as per 3. Inquire on the updating mechanism of the Department policies & procedures and current status. of Function etc. company's needs. 4. Ensure that any updates are adequately communicated to the target audience 3. Any changes due to policies & procedures update are adequately communicated to the target 5. Verify compliance to Project Department policies & procedures with day to day activities. audience. Strategic Timely review and updating of . Inadequate clarity over reporting lines may result in incorrect decision making while 1. Organizational structure is in place and the reporting lines are clearly defined and known to the 1. Obtain approved organization chart and JDs of the Department. (existence of Policies & Procedures, organization structure & JDs handling of critical activities. employees. 2. Determine if the reporting lines have been clearly defined. Organization Chart, JDs, KPIs, Statement 2. Lack of clearly defined / outdated job descriptions may lead to Inefficient job 2. Job descriptions are available for all employees. 3. Inquire and determine if the job descriptions have been communicated and acknowledged by all the employees. of Function etc. performance. 3. Job descriptions have been communicated and acknowledged by all employees of Project (project 4. Ensure that job descriptions provide adequate coverage based on the requirements such as energy, ethics, 3. Non-updated JDs may lead to non-compliance to resources, roles, responsibility and XX) Department. sustainability etc authority clause of ISO 9001, ISO 14001 and RC 14001. Project Budget Monitoring Budgeting and Cost Management Inadequate control over budgeting for project activities or expenses may lead to 1. The project was approved from Board. The budget and actual expenses related to the project are 1. Obtain the budget for the project (project XX). unexpected costs for the organization and could possibly result in drawbacks for the tracked through WBS. 2. Ensure that deviations between planned and actual budgets are adequately analyzed and approved. organization. 2. All expenses booked to WBS are reviewed by Projects team to ensure that expenses not related to 3. Verify if appropriate cost elements are taken into consideration during development of the budget. the project are identified and excluded. Project Control & Monitoring Project Schedule Project overall and Commissioning schedules may not be adequately prepared by the 1. EPC contractor is responsible for submitting the overall project and commissioning schedules for 1. Obtain the original project work schedule and critical path activities along with revisions (if any) EPC contractor resulting in schedule and/or cost impact he project. 2. Obtain the monthly status update reports submitted by the EPC Contractor and the as on date status OR 2. Overall schedule is reviewed and approval by XXXXXXXX projects team. 3. Evaluate whether the planned dates have been accurately considered for monitoring the project status. 3. Project schedule is developed based on adequate bases and weightage 4. Identify delays (if any) in completion of critical path activities and overall project delays. Evaluate if corrective Project progress reported may not be in line with agreed Work Breakdown Structure 4. Work schedule along with critical path activities for each phase of project is finalized by EPC actions plans have been implemented for project recovery. (WBS) weightages and may not reflect actual physical works executed. Contractor. 5. Verify whether project schedule is developed based on adequate bases and weightage and ensure the overall project OR . On monthly basis, status update report detailing planned v/s. actual project completion is prepared schedule is reviewed & approved as per the DOA. by contractor and shared with XXXXXXXX. Inadequate monitoring over critical path activities, overall project completion status and timeliness of milestone achievement may lead to delays in completion of project. Project Control & Monitoring Project Progress Reporting 1. Inadequate monitoring and reporting of Project activities may lead to incorrect 1. EPC Contract defines the progress reporting requirements. 1. Verify whether the EPC Contract defines the progress reporting requirements. decision making by senior management. 2.Monthly/Weekly Progress reports are submitted by PMC/EPC Contractor highlighting project 2. On sample basis whether Monthly/Weekly Progress reports are submitted by PMC/EPC Contractor highlighting 2. Not performing analysis of data could lead to delayed decision and required progress and areas of concerns with action plan. project progress and areas of concerns with action plan. intervention 3. Regularly meetings are conducted by Projects team to review and assess the project progress and 3. Verify whether regularly meetings are conducted by Projects team to review and assess the project progress and concerns concerns . Project Control & Monitoring Project Progress & Invoice Verification Inaccurate invoices raised by the EPC Contractor or invoices may not be raised as per 1. Project Milestones and underlying scope of work is defined in the contract along with corresponding 1. Obtain list of all invoices processed. Select sample of invoice and obtain supporting documents for the sample. work certified by PMC team. payment release %. 2. Review the adequacy of supporting documents and verify that contractual scope of work is completed in entirety for OR 2. Milestone is certified by the Project team based on review of all supporting documents submitted the milestone. Progress certificates may not be certified in accordance with procedures and by the contractor. 3. Evaluate that the invoice has been approved as per the DoA. Delegation of Authority (DOA). Project Payments Invoice Payments & Financial Controls Inadequate monitoring of AEL, payments released, advances, bank guarantees, 1. Release PO are created in SAP against contract. The cumulative value of PO cannot exceed the 1. Understand the existing practice followed by Projects team for monitoring project budgets retentions and insurance may lead to: target value of contract. 2. Verify that advance payments have been processed against valid bank guarantee and the same is recovered against a. depletion of the budget and payments in excess of approved budget. 2. The open value of contracts is monitored to ensure. Invoices. b. potential financial loss to the company 3. Advance payments are released as per the terms of contract, against bank guarantee and post 3. Ensure that invoice retentions are made for warranty claims. c. inadequate indemnity with the company for deficiencies in contractor services and approval as per DoA. Invoices received from vendor are adjusted against advances. 4. Ensure that payment for materials is made after receipt of Bank Guarantee. resultant losses. . Payment for Materials is not be made unless Contractor submit BG equal to Total Material price 5. Verify that insurance policy is maintained by contractor as per the contract requirement. paid Less Retentions on such amount. 5. Invoice retentions are made foe warranty claims. 6. Validity and coverage of contractors insurance is monitored too ensure adequate safeguard of Yasref's interest.Project Execution Procurement and Manpower Planning Inadequate controls and monitoring of procurement activities may lead to delay in 1. Procurement Plan is developed, identification and ordering of all required of items especially the |1. Obtain the approved procurement plan and verify adequacy of the same. procurement and further impacting the project progress Long Lead is planned accordingly, procurement status is reported in the monthly reports and linked to 2. On a sample basis, identify if timely procurement process has been performed for the items. the overall Project schedule. 3. Verify if procurement status is reported adequately in the monthly reports such PO issuance information, current Inadequate monitoring & controlling of deployment of resources may lead to inconsistent status, expected delivery and actual delivery date. manpower at site 2. Manpower mobilization plan as per the project requirement is developed and Manpower 4. Verify if the actual procurement is in the line with the overall Project schedule. Mobilization Request (MMR) forms are established to manage the manpower deployment. 5. Obtain the approved Manpower Mobilization Plan (MMP). 6. Verify whether the mobilization is carried out as per the MMP & MMR. 7. Document gaps, if any Project Execution Project Variation Orders & Change orders may be processed without proper review of: i) contract scope of work, 1. CO is processed based on review of the contract scope of work to ensure that the proposed CO is 1. Obtain list of CO created against contract. Deviations/Waivers ii) supporting documents and negotiations, iii) delegation of authority which may lead to: not included in the contract value. . Select a sample of CO and verify: 1. Higher cost to Yasref 2. The CO value is arrived based on review of contractor submission of cost break and negotiation. a. Justification for the proposed work. 2. Processing of CO without compliance to DOA 3. CO is approved as per the DOA. b. Scope of work and basis for arriving at the CO value and negotiations (if any). c. Verify the adequacy of approvals obtained for CO. Project Execution Inspection & Testing Plans Absence of appropriate Inspection and Testing plan/requirements for the project may 1. Inspection & Test Plans (ITP) for each equipment (as applicable) is submitted by the EPC 1. Verify whether Inspection & Test Plans (ITP) for each equipment (as applicable) is submitted by the EPC Contractor result in acceptance of sub-optimal product. Quality audits are not conducted as per an Contractor for approval by PMC/PMT. or approval by PMC/PMT. agreed audit plan 2. Third party inspectors are deployed at source and site to meet the quality control requirements. 2. Verify whether third party inspectors are deployed at source and site to meet the quality control requirements. 3. The Third Party Inspector (TPI) ensures Contractor's compliance with the approved ITP. Project Execution Quality Management Inadequate controls and monitoring of activities related to project quality may lead to sub 1. Quality Management Plan by the EPC Contractor is in place to govern the quality aspects related to 1. Obtain the Quality Management Plan developed for the Project. standard project documentation and EPC Contractor workmanship. the Project. 2. Verify if the plan has been reviewed and approved. 2. Non-conformance log is developed and maintained for the activities being carried out for the Project 3. Verify if the QMP is adequate to cover the key aspects for the Project as stated in the contract document. and corrective actions are communicated to the Contractors. 4. Verify if key activities listed out in the QMP are being effectively followed. 3. Quality audits are conducted by as per the quality audit schedule to ensure that satisfactory Project 5. On a sample basis, verify if any NCR is pending since long and may effect the overall progress. quality is maintained by the Contractor 6. On a sample basis, verify if correction action and implementation due date is established for the NCR. 4. Overall project punch list is developed & monitored for pending activities by the project team. 7. Obtain the approved schedule for conducting audits. B. On a sample basis, obtain the reports for quality audits been conducted. 9. Check if the corrective actions were recorded and communicated opt the Contractor. Contract Compliance and Administration Sub-Contracting Inadequate process and pre-approvals for sub-contracting scope of work may lead to 1. As per Contract, Contractor must obtain written approval from Contract Proponent prior to initiating | 1. Obtain list of sub-contractors engaged by EPC Contractor. engaging of a sub-contractor with poor technical ability which may eventually lead to any subcontract development. The approval from Proponent must be based on detailed Technical 2. Select a sample sub-contractors and verify whether the subcontracting arrangement was approved based on: provision of sub-standard services to Yasref evaluation of the proposed sub-contractor a. Sub-contracting plan or b. technical & commercial evaluation of the sub-contractor. Contract Compliance and Administration Contract Compliance and Evaluation Absence of periodic performance evaluation of contractor and sub-contractors incl. All contracts with expected duration of one year or more, Performance Evaluation Report shall . Obtain list of all contractors and related sub-contractors. contract compliance may result in inability to identify poor performing contractors, non- normally be initiated at intervals of six-months and at the completion of the contract. For contracts 2. Obtain the last 2 performance evaluation reports of contractors and sub-contractors. compliance and plan corrective actions which may eventually impact the project quality with expected duration of less than one year, a single report shall be initiated, developed, and . Evaluate the timeliness and adequacy of performance evaluation. and timelines. approved at the completion of the contract. The results of each performance appraisal will be 4. Ensure that discussions are held with under-performing vendors to plan and implement corrective actions plans. summarized in SAP to enable overall comparison of contractor's performance on all contracts which he has been engaged. Contract Compliance and Administration Adjustments related to claims and back Inadequate monitoring of deductions to be made from contractor payments may lead to The contract defines the basis may making deduction from invoice for: i) contractors non-compliance 1. Verify the monthly Saudization level maintained by contractor for each work group and evaluate whether deductions charges higher cost of services to Yasref and excess payments to vendor. i) resources provided by Yasref: (e.g.) have been made for non-compliance. 1. Insufficient Saudization in the workforce. 2. Understand whether utilities (water, steam and electricity) are provided to contractor for carrying out work at the 2. Utilities provided by Yasref to Contractor. site. Verify whether deductions have been made for the cost of utilities provided by Yasref.Standards & Regulatory Compliance Health, Safety and Environment Non-compliance by contractor to XXXXXXXX HSE COP's and procedures may lead to 1. Safety Studies (HAZOP, HSEAI, etc.) to be carried out are defined in the XXXXXXXX COPs and 1. Verify whether the Safety Studies (HAZOP, HSEAI, etc.) are carried out as defined in the XXXXXXXX COPs and accidents/injuries and incidents. EPC Contract. EPC Contract. OR 2. HSE Plan has been prepared by the EPC Contractor for the Project. Additionally, Contractor 2. Verify the compliance and adequacy of the HSE Plan prepared by the EPC Contractor for the Project. Health Safety & Environmental impacts of project may not be assessed and controlled complies with HSE requirements stated in the EPC Contract and COPs. 3. Verify whether periodic HSE audits are conducted by XXXXXXXX HSE team to ensure efficient HSE practices are adequately. 3. Periodic HSE audits are conducted by XXXXXXXX HSE team to ensure efficient HSE practices are being followed during Project execution. OR being followed during Project execution. 4. Verify whether PMC monitors the safety audit punch list regularly and documents deviation whenever encountered. Safety audit punch list may not be prepared by the EPC contractor, which affects the 4. PMC monitors the safety audit punch list regularly and documents deviation whenever 5. Obtain the HSE Plan, Loss Prevention Program, Emergency Evacuation & Pollution Contingency Plan and verify timely completion of the pre-commissioning stage encountered Yasref approvals. OR Inadequate coverage of Health, Safety and Environments aspects during project planning and execution may lead to HSE incidents at work site affecting the workforce / reputation of the company and leading to fines / penalties. Standards & Regulatory Compliance Legal compliance Non-compliance to the regulatory and statutory requirement may lead to penalty and All Statutory and regulatory requirement applicable to the organization reputational damage Risk Management Risk Identification and Lesson Learnt Absence of comprehensive project risk register may lead to project risks not being 1. A risk register is prepared in accordance with the guidelines by the project team. 1. Verify whether a risk register is prepared in accordance with the guidelines. identified, prioritized and monitored adequately 2. The risk register is regularly updated during the EPC phase of the project in order to capture the 2. Verify whether the risk register is regularly updated during the EPC phase of the project in order to capture the risks risks encountered during this phase. encountered during this phase. Absence of practice of documenting lessons learnt may lead to repetition of errors and 3. All lessons learnt are to be captured from the start of the project and maintained periodically 3. Whether the lessons learnt are captured adequately and updated/maintained periodically throughout the life of the non-improvement of processes. throughout the life of the project project. Project Close-Out Project Handover 1. Relevant project handover documents (as built drawings, operating & maintenance 1. EPC Contract defines the Project Handover Documentation requirement, the EPC contractor is 1. Verify adequate whether implementation of Project Handover Documentation is carried out by the EPC Contract. manuals, warranties) are not submitted by the Contractor for approval responsible for preparing a project commissioning and handover plan. This plan will contain the 2. Verify whether the EPC contractor has prepared a project commissioning and handover plan. 2. Delay in handover of the completed project house to HR team delivery of all as-built drawings, operating and maintenance manuals and warranties etc. and will be 3. Verify whether timeline for documentation handover is established and tracked. approved by PMC. 4. Handover process documentation from project team to HR department for all the completed projects 2. Post handover from the contractor, Project team handover the project house to the HR team for the allotment to the employeeProcess Sub Process Risk Controls Test Procedures Policies and Procedures, job description and organizational structure, KPIs (from a strategic point of view) 3 Sales and marketing strategies and plans Pricing strategies (whether they are reviewed periodically) Advertisment Customer management (how customers are getting identified + how customer directories, sales services, and customer satisfaction is maintained) 6 7 Sales targets (market forecast and research) and incentive program (incentives to employees who sell the products) 8 Budgeting for sales and marketing

