The Controller's Toolkit

CHRISTINE H. DOXEY, CAPP, CCSA, CICA, CPC, is president of Doxey, Inc., a consultancy that has brought vast improvements to the finance departments of leading organizations worldwide. Doxey is on the Advisory Boards of The Exchange Summit and The Institute for Internal Controls. Previously, Christine was a financial executive at Hewlett Packard and Verizon Business. She has authored several books and speaks on a range of financial processes and internal controls best practices at global conferences.

PART 1

Chapter 1 About This Toolkit

 Chapter 2 Defining the Role of a Controller

Introduction

Governance, Risk Management and Compliance (GRC).

Controller Job Responsibilities

The Controller as Business Partner

SECTION 1 – CORPORATE AND REPUTATIONAL RISK

Section Introduction

Chapter 3 The Controller and Risk Management

Introduction

Risk Management Process Flow

Risk Management Defined

Risk Management Models

Risk Management Table of Controls

Risk Management Risk and Controls Matrix

Chapter 4 The Controller and Ethics

Introduction

Ethics Program Process Flow

What is “Tone at the Top?”

Example Code of Conduct: MCI

Code of Conduct and Ethical Violations

Controllers and the Code of Conduct

The Reaction to Unethical Behavior

A Comparison of Sarbanes Oxley Section 302 and Section 404

Sox and Whistleblower Protection

Ethics Training Programs

Key Considerations for an Ethics Hotline

How to Manage an Ethics Hotline

How Do We Know That “Tone at the Top” Is Effective?

“Tone at the Top” and the “Tone in the Middle”

“Tone at the Top” and the U.S. Sentencing Guidelines

“Tone at the Top” and the Foreign Corrupt Practices Act (FCPA)

Anti-Bribery Provisions of the FCPA

Record Keeping Requirements of the FCPA

Guidelines for FCPA Compliance

The Dodd-Frank Act

The Whistleblower Protection Act of 1989

The False Claims Act

Table of Controls

Table of Risks and Controls

Chapter 5 The Controller and Corporate Governance

Introduction

Corporate Governance Process Flow

Corporate Governance for Small Business

Corporate Governance for Private Companies

The Financial Aspects of Corporate Governance (Cadbury Committee 1992)

The International Finance Corporation (IFC) and The Global Corporate Governance Forum

The Organization for Economic Cooperation and Development (OECD) and Corporate Governance

When Corporate Governance is Flawed

The Sarbanes Oxley Act of 2002 (SOX) and Corporate Governance

Table of Controls

Table of Risks and Controls

Chapter 6 Entity Level Controls

Introduction

Entity Level Controls Process Flow

Benefits of Entity Level Controls

Why Focus on Entity-Level Controls?

Why is Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework Important to Entity-Level Controls?

Implementing an Entity-Level Controls Framework

Examples of Entity-Level Controls

Executing an Entity-Level Controls Questionnaire

Table of Controls

Table of Risks and Controls

 SECTION 2 – STRATEGIC AND M&A RISK

Section Introduction

Chapter 7 Strategic Planning and M&A

Introduction

Strategic Plan Process Flow

The Strategic Planning Process

Preparing for Strategy (Step 1)

Articulating the Mission, Vision, and Values (Step 2)

Sample Mission Statements

Vision Statements for New and Small Firms

Assessing the Situation (Step 3)

Developing Strategies, Goals, Objectives and Budget (Step 4)

Writing the Strategic Plan (Step 5)

Example Strategic Plan Table of Contents

Implementing the Strategic Plan (Step 6)

Evaluating the Effectiveness of the Strategic Plan (Step 7)

Mergers and Acquisitions (M&A)

The M&A Process Flow

The M&A Due Diligence Checklist

Table of Controls

Table of Risks and Controls

 SECTION 3 – INTERNAL CONTROLS RISK

Introduction to this Section

 Chapter 8 Internal Controls Program

Introduction

Internal Controls Process Flow

Application of Internal Controls

The Three Critical Corporate Controls

About the Committee of Sponsoring Organizations of the Treadway Commission (COSO)

Monitoring Internal Controls

Roles and Responsibilities

The Impact of the Sarbanes Oxley Act of 2002 (SOX) Section 404 on Internal Controls Programs

Internal Controls Best Practices for Privately Held Companies

Leveraging Internal Control Basics to Implement a Controls Self-Assessment (CSA) Program

Internal Controls and Fraud Prevention

The Fraud Triangle and Example of Fraud

The Fraud Diamond

Table of Controls

Table of Risks and Controls

 SECTION 4 – COMPLIANCE RISK

Introduction to this Section

 Chapter 9 Corporate Compliance

Introduction

Corporate Compliance Process Flow

The Chief Compliance Officer

Duties of the Chief Compliance Officer

The Controller’s Compliance Toolkit

Table of Controls

Table of Risks and Controls

PART 2

 SECTION 5 – PAYMENT RISK

Introduction to this Section

Corporate Payments Market Drivers

Additional Statistics

Scope of Corporate Payments Risk

Table of Business Process, Sub-Process, Risk Impacts and Indicators

Chapter 10 Procure to Pay (P2P)

Introduction

Procurement

Contract Management

Purchasing and Ordering

Procurement Reporting, Metrics and Analytics

Accounts Payable

Supplier Master File

Invoice Processing

Payment Process

Accounting Process

Customer Service

P-Cards

T&E

 Chapter 11 Hire to Retire (H2R)

Introduction

Human Resources

Payroll

 Chapter 12 Order to Cash (O2C)

Introduction

Order to Cash (O2C) Process Flow Diagram

Sales

Customer Master File

Credit Analysis

Order Fulfilment and Invoicing

Accounts Receivable and Collections

Cash Application and Management

O2C Reporting, Analytics and Metrics

PART 3

 SECTION 6: FINANCIAL OPERATIONS RISK

SECTION INTRODUCTION

Chapter 13 THE RECORD TO REPORT (R2R) PROCESS

Chapter 14 BUDGETS AND FORECASTS

CAPITAL BUDGETS AND FIXED ASSETS

Chapter 15 THE SUPPLY CHAIN PROCESS AND INVENTORY CONTROL

Chapter 16 THE TREASURY AND CASH MANAGEMENT PROCESS

Chapter 17 SHARED SERVICES AND BUSINESS PROCESS OUTSOURCING (BPO)

Chapter 18 DATA VALIDATION,ANALYTICS, METRICS AND BENCHMARKING

 SECTION 7: IT RISK

SECTION INTRODUCTION

 Chapter 19 INFORMATION TECHNOLOGY (IT) CONTROLS AND CYBERSECURITY

SECTION 8: SECURITY AND BUSINESS CONTINIUTY RISK

SECTION INTRODUCTION

Chapter 20 BUSINESS CONTINUTY AND PHYSICAL SECURITY

Business Continuity

Physical Security

 SECTION 9: LEADERSHIP AND CHANGE MANAGEMENT RISK

SECTION INTRODUCTION

 Chapter 21 LEADERSHIP AND MANAGING CHANGE

 Chapter 22 TRENDS, PROCESS TRANSFORMATION AND DIGTIZATION

Roadmap for Process Transformation

PART 4

SECTION 11 – ADDENDUM

Table of Controller's Tools

Key Performance Indicator (KPI) Library

SECTION 10 – GLOSSARY

Index