ACKNOWLEGEMENTS
Our team would like to express our gratitude towards Dragon Link Granite Pte Ltd for their acceptance to be our host company and their active involvement in this project. We would like to especially thank Mr. Pek Tiong Hin, Managing Director of Dragon Link Granite Pte Ltd for his valuable input to our project and kind hospitality towards our team throughout the whole engagement period with us.
In addition, our team would also like to extend our gratitude towards Adjunct Associate Professor Sim Cher Khee, who has responded to our queries and provided us with guidance throughout this project.
DISCLAIMER
This report is based upon work done in fulfillment of the course requirements of AA205 Control and Risk Management, a course conducted by the Nanyang Business School. The information provided in this report, including the findings, conclusions, and recommendations represent the opinions of the authors and do not necessarily reflect the opinions of Nanyang Business School, its academic staff or its administration.
Table of Contents
1. Executive Summary
1. 1 Core Objective of Project
1. 2 Scope of Project
1. 3 Methodologies
1. 4 Summary of Key Findings and Recommendations
2. Background of Dragon Link Granite Pte Ltd
2. 1 Objectives
2. 2 Core Business Processes
2. 3 Alliances
2. 4 Customers
3. Engagement Terms of Reference
3. 1 Objectives and Scope of Project
3. 2 Methodologies
4. Environmental Analysis
4. 1 External Environment Analysis
4. 2 Internal Environment Analysis
4. 2. 1 Organizational Structure
4. 2. 2 Management’s Philosophy and Operating Style
4. 2. 3 Value Drivers
4. 2. 4 Risk Drivers
4. 2. 5 Human Resource Policies and Practices
4. 2. 6 Risk Culture and Appetite
5. Process Analysis
5. 1 Process Objectives
5. 2 Process Description
5. 3 Risk Tolerance for Distribution Process
6. Control Environment Analysis
6. 1 Segregation of Duties
6. 2 Regular Verifications and Checks
6. 3 Proper Documentation, Securities and Access Authorities
6. 4 Integrated Information Systems
7. Analysis of Risk Events and Risk Responses
8. Recommendations and Justification
9. Limitations
10. Conclusion and Moving Forward
11. Feedback from Dragon Link Granite Pte Ltd
12. Appendices
13. Glossary
14. References
1. Executive Summary
1. 1 Core Objective of Project
Risk events can significantly hamper a company’s efforts at achieving its strategic and business objectives. It is imperative that a company understands and critically evaluates the potential risks that may arise from its business setting and to develop controls and monitoring tools to ensure the smooth operation of the company. In sum, a company needs to align its risk appetite to its strategy while maintaining the delicate balance between risks and opportunities. Applying the Enterprise Risk Management framework in strategy setting and across all the company’s activities will aid management in identifying, assessing and managing risks in light of uncertainties.
The main objective of this Integrated Control and Environment Exercise (iCEE) is to identify, examine, assess and document the Distribution Process of Dragon Link Granite Pte Ltd. The cruxes of the analysis are on the risks that impede the achievement of process objectives, the existing controls and our recommendations to contain these threats.
1. 2 Scope of Project
We will first begin with the critical analysis of the external environment of the company, followed by the internal environment using the Integrated Framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which begins with deriving the risk appetite and culture of the organization and the information on internal control environment. Next, we will do a thorough analysis of the Distribution Process, articulate its process objectives and risk tolerance level in order for us to identify the risk events that will affect the achievement of the company’s objectives. We will then evaluate its control environment to ascertain if there are any existing controls and responses to risks before we determine its residual risks and subsequently, recommend further controls to bring the risks within the company’s risk appetite.
1. 3 Methodologies
Our Group has adopted various methodologies including PESTEL, Porter’s 5 Forces Framework, Internal Control Questionnaires (ICQ), KPMG’s Entity Level Business Model (ELBM), Business Process Analysis (BPA) as well as the Risk Matrix.
1. 4 Summary of Key Findings and Recommendations
Our team’s preliminary assessment of the Distribution Process had led us to identify 14 potential risks. Among them, 4 had residual risks which fell outside the risk appetite of the company and thus had established the focus of our analysis. These 4 key risks evaluated include the loss of human capital comprising skilled and experienced workers, data inaccuracy and integrity in the system, skiving employees due to lack of supervision and the wrong quantity and specification of tiles being delivered to the clients. All these risks may lead to dire consequences such as customer dissatisfaction, which would threaten the achievement of the company’s objectives. To deal with this problem, our main recommendations are to obtain and review employees’ feedback regularly, engage an external party to conduct regular checks on accounts, restructuring the hierarchy of employees and to set the right culture and finally to provide training for production staff.
2. Background of Dragon Link Granite Pte Ltd – Appendix B
2. 1 Objective
Dragon Link places great emphasis on the quality of their granite and ensures that all its granite exceed industry standards. Dragon Link also pledges prompt and fast delivery time to their clients, so as to bring customer satisfaction and generate steady profit growth.
2. 2 Core Business Processes
The company specializes in the processing and supplying of all types of natural stones, with their specialty being in granite. For its distribution process, it runs from the time when the manufacturing factory in China ships the materials to the sales office in Singapore until the time when the materials are ultimately delivered to the clients.
2. 3 Alliances
Strategic alliances are formed with industry players to obtain additional stock in times of shortages so as to ensure that its clients are able to receive the goods on time. The company also works continuously with clients who are actually resellers of the goods.
2. 4 Customers
Dragon Link’s customers comprise mainly the property sectors and other construction developers. Some of the more notable projects include SIM Clementi Campus, Istana House, Changi Airport Tower, Jurong Island project and several terrace houses and even HDB parks. The customers generally have a long-standing relationship with the company.
————————————————————————————————————-
3. Engagement Terms of Reference
3. 1 Objectives and Scope of Project
The core objective of this project is to evaluate Dragon Link’s risk exposure and ascertain its alignment with the risk appetite of the organization. Since the company’s main granite processing process cannot be studied as the factory is situated in China, the Distribution process analyzed in this report involves only the distribution of the processed stones from the factory to its ultimate clients. To gain competitive advantage in a fast-paced and highly-uncertain industry, Dragon Link must constantly monitor both its internal and external environment to identify and mitigate risks that hinder its objectives.
3. 2 Methodologies
Our group adopts Integrated Framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) as the basis of our analysis of the effectiveness of the Distribution Process. As for our client’s external environment, it will be evaluated using the PESTEL and Porter’s 5 Forces Framework. The KPMG’s Entity Level Business Model (ELBM) will be utilized to reflect our client’s specific niche and idiosyncrasies. For its internal environment, it will be assessed using the Internal Controls Questionnaire (ICQ). The Business Process Analysis (BPA) is used to understand the existing core business process while the Risk Matrix aids the identification of risk events. Applying these individual models will allow us to investigate the various components from different standpoints, thus enabling us to perform a more complete analysis of its business process.
————————————————————————————————————-
4. Environmental Analysis
4. 1 External Environment Analysis
There are many external forces and agents affecting the company’s operations. Entrance of new competitors and substitute products like ceramic tiles may affect its market share.
There are also many competitors especially from China which may pose a serious threat because the nature of this industry is such that the products are commodities and brand awareness is low. Demographic lifestyle changes also affect customers’ tastes and preferences from time to time. With a wide variety of choices, they can easily demand high quality products at low prices. The growth of the property sector is an opportunity for the company with an increased demand for tiles. Technology poses a threat to the company because it has created homogeneous tiles that resembled marble tiles. Adverse weather conditions like typhoon can also affect the delivery time of goods to the clients.
4. 2 Internal Environment Analysis – Appendix C, D
4. 2. 1 Organizational Structure
There is a well-defined and decentralized organizational structure across China and Singapore with a Managing Director. It also fosters the empowerment of employees .
4. 2. 2 Management’s Philosophy and Operating Style
The Managing Director makes most major decisions and concerns himself with good work performance and meeting budget and other goals. Despite the absence of written policies and procedures of the company, these are still well-communicated to its employees.
4. 2. 3 Value Drivers
The employees form the main value drivers of the company. Having understood their roles and responsibilities, they play a critical role in ensuring that they deliver what their clients expect of them, eg. prompt delivery of goods, which leads to customer satisfaction.
4. 2. 4 Risk Drivers
The major risk driver of the company is its human capital. Miscommunication between the employees in Singapore and those in China could lead to wrong specifications of goods and hence customer dissatisfaction. Employees leaving the company could also pose a serious problem because it takes time and resources to train the new employees to be competent enough to understand the industry practices and to perform their job well.
4. 2. 5 Human Resource Policies and Practices
The company is financially-oriented and customer-oriented by seeking to retain customers which in turn will lead to profitable financial results. There is a probation period for the to-be-employees of the company to monitor their performance before they are actually hired. Although the compensation process is not formally documented, the promotion criteria and rewards are verbally made known to the employees.
4. 2. 6 Risk Culture and Appetite
The company’s risk appetite ranges moderate to risk averse. Having a 15% decrease in revenue is deemed out of its risk appetite. The company also particularly selects projects with fewer risks. If there are requirements which are not easily realizable, it will re-negotiate the terms with those particular clients to achieve a less risky position for itself.
————————————————————————————————————-
5. Process Analysis
5. 1 Process Objectives – Appendix E
The main objective of this distribution process is to ensure timely delivery and excellent services. This would attain the utmost customer satisfaction and thus improve the customer retention rate. The company places emphasis on efficiency of the distribution process and strives to minimize any unexpected delays which lower costs and maximize its returns.
5. 2 Process Description – Appendix F
The process begins with the China coordinator receiving the goods from the suppliers or factory. He then packs the goods into crates and prepares the packing list, which will be sent to Singapore. The warehouse man in Singapore will do another round of verification with the packing list attached to the crates. After which he will pack the goods accordingly to the sales orders and send them to the respective customers.
5. 3 Risk Tolerance for Distribution Process
The managing director is relatively risk adverse and has zero tolerance for delays. Any delays would result in a decrease in customer satisfaction. Since process efficiency is an important competitive advantage, the company does not tolerate any risks such as delays. Though in reality, delays do occur in unexpected circumstances, the company would put itself in a losing situation to minimize the delays so as to satisfy their customers.
————————————————————————————————————-
6. Control Environmental Analysis – Appendix D
6. 1 Segregation of Duties
There is a clear segregation of duties and every employee understands their roles and responsibilities. Most employees are experienced and have well-honed skills and knowledge. The top management occasionally monitors the employees.
6. 2 Regular Verifications and Checks
Each of the department manager and supervisor does regular checks on the workers’ output and performance. The managers are required to submit a monthly report to the managing director. The managing director also makes frequent trips to China to perform verification on the data or information that has flowed between China office and Singapore office.
6. 3 Proper Documentation, Securities and Access Authorities
The company has proper documentation procedures. This is mandatory so that checks and verification can be done. Confidential information is kept in the computer and is accessible only to the managing director, the managers and the accountant with password controls.
6. 4 Integrated Information Systems
The company does not have an integrated information system between the China and Singapore offices. Transferring information through emails often result in poor coordination and errors, which greatly affect the reliability and integrity of the information.
————————————————————————————————————-
7. Analysis of Risk Events and Risk Responses – Appendix G, H, I
R4: Loss of human capital, which includes skilled and experienced workers
Risk Event Description
In this industry, besides timely delivery of high quality goods to the clients, the quality of service rendered by the employees of the company plays a big role too. The smooth process of delivery depends on the competency of the employees. As Mr. Pek travels to the factory in China very frequently, it is imperative for Dragon Link to retain the skilled and experienced workers. Loss of such human capital can result in decreased productivity and ultimately, leaving customers dissatisfied, which poses high costs to the company.
Existing Internal Controls
Preventive controls
• Being a small company, Mr. Pek tries to foster close ties with his employees and offers small rewards for outstanding performance.
Risk Response
Dragon Link recognizes its risk exposure to the loss of human capital and has taken steps to mitigate the likelihood of occurrence of the risk through the implementation of preventive controls.
Residual Risk
• Likelihood: Moderate
The likelihood of occurrence remains unchanged as humans are practical. Therefore, token rewards and good working environment are insufficient to retain the employees, especially if competitors or other industries are offering much higher salaries.
• Impact: Major
Dragon Link will definitely suffer in terms of productivity and customer satisfaction in the event that the current employees leave the company. The impact of risk remains unchanged with only preventive controls in place.
R8: Threat of data inaccuracy and integrity in the system
Risk Event Description
Dragon Link uses the accounting package AccMan, which is accessed and managed by a single person in the finance department. As a result, there is a lack of checks and controls to ensure that this person enters accurate figures. This can cause customer dissatisfaction when particulars and details of transactions are not updated on a timely basis. Costs will also be incurred in identifying and rectifying the errors.
Existing Internal Controls
Preventive controls
• Access to the system is only limited to the finance officer so as to prevent duplication of data and to maintain integrity of the information entered.
Detective controls
• Regular checking and screening of the financial reports by Mr. Pek every three months to ensure that no error occurs.
Risk Response
Dragon Link has in place both preventive and detective controls to both mitigate the likelihood of occurrence of the risk. However, the controls are slightly lagging as reviews by Mr. Pek are only done every three months.
Residual Risk
• Likelihood: Likely
Regular reviews of reports by Mr. Pek limit the authority and freedom of the finance officer to alter the figures as errors can be detected. Restricting the access to only one finance officer also increases accountability, which makes it even harder for the finance officer to enter inaccurate data.
• Impact: Major
The impact of the risk in the event that it does occur remains the same, despite the controls in place.
R10: Risk of skiving employees
Risk Event Description
As the company operates in two different countries, it is difficult for Mr. Pek to supervise every employee. Hence, this presents an opportunity for his employees to take time off for personal activities. Also, he evaluates all employees’ performance based on department’s performance (except for salesperson) so some employees may shirk their responsibilities to others. Such actions can cause a drain in Dragon Link’s resources that lower the efficiency and maximum utility of human capital.
Existing Internal Controls
The nature of the control makes use of performance-based compensation method to deter skiving employees and monitor their activities even in the absence of Mr. Pek’s.
Preventive Control
• Sales personnel are compensated using variable pay structures. Commission is issued to them for meeting sales target.
Detective Control
• Dragon Link assesses and monitors their employees’ performance (except for salesperson) based on department’s performance which is shown on the financial statements.
• Mr. Pek conducts constant spot checks in China to ensure that their workers are not skiving.
Risk Response
Dragon Link adopts a passive approach to control any undesirable opportunistic behaviour. This approach of risk reduction is justified by the impracticality and immense cost of constant monitoring of all employees. Further, Dragon Link places trust and confidence in its employees and managers to give honest feedback and reports for evaluation.
Residual Risk
• Likelihood: Likely
Feedback from an independent third party (customers) ensures prompt detection of skiving activities of sales personnel. For other departments, skiving activities can be detected from the quarterly reports submitted to Mr. Pek for performance evaluation. The fear of punishments also acts as a deterrent. However, there is no monitoring mechanism to detect skiving employees within each department. Hence, the opportunity still exists for employees to skive and shirk their responsibilities to other people in the same department.
• Impact: Moderate
As sales personnel are rewarded based on commission, they are motivated to meet the sales target so the chances of skiving activities are greatly reduced, hence lowering the impact. However, variable pay structures may de-motivate the sales personnel if they deemed the sales target as unachievable. Also, as mentioned above, there are still chances for other employees to display opportunistic behavior which lowers the efficiency of the operations.
R11: Wrong quantity and specification of tiles are delivered to the customers
Risk Event Description
Communication with customers and fellow employees is important for attaining process efficiency. As product specifications are written down, then faxed or emailed to the factory manager, this may lead to misinterpretation of the specifications. This is especially so as the diagrams may not be accurate in dimensions and the words are illegible. Time is needed to rectify the errors so leading to delays and customer dissatisfaction.
Existing Internal Controls
Preventive Control
• Dragon Link has stringent hiring process whereby they hire only Chinese who is fluent in communicating in Mandarin.
• To ensure that goods are delivered in correct amounts, China workers conduct manual checks once before they are shipped to Singapore and they always shipped extra quantity, in case the fragile tiles are broken during shipment.
• To ensure that goods are of correct specifications, factory managers will show one sample to Mr. Pek before they are mass-produced.
Risk Response
Getting the right candidate for the job and checking the goods produced will reduce the likelihood of wrong quantity and specification of tiles delivered to the customers. Thus, he has adopted the risk adoption approach.
Residual Risk
• Likelihood: Likely
Verifications of new samples by Mr. Pek will reduce the likelihood of wrong specifications. For repeated products, factory manager will use his experience to make decisions, which seldom goes wrong unless there is a change in dimension. Since the worker only counts the goods once before dispatch, it is still likely that quantity delivered may be incorrect.
• Impact: Major
The current controls do not reduce the impact of the event. Wrong specification or wrong quantity delivered may have huge impact on the customers, in terms of real financial costs and delays, resulting in customers’ dissatisfaction. This will lead to a domino effect of poor performance and negative reflection on Dragon Link’s competency and reputation.
————————————————————————————————————-
8. Recommendation and Justification – Appendix J
R4: Loss of human capital, which includes skilled and experienced workers
Recommendation – Regularly obtaining and reviewing employees’ feedback and opinions (formal)
Fostering close ties with employees and occasionally offering token rewards for employees are preventive controls that serve to mitigate the likelihood of the occurrence of the risk. If these are coupled with the regular review of employees’ feedback, which is a detective control, the risk can be better controlled.
Dragon Link encourages the employees to provide feedback to the management. This will give the employees a stronger sense of belonging and appreciation to the company. Ultimately, they might even be willing to give up the more competitive salaries for the good working environment. This includes conducting regular formal feedback sessions and more channels of communication to the management, especially Mr. Pek himself. Freedom of expression allows employees to voice out their concerns to Mr. Pek without fearing that any misunderstandings will arise. The “ tone from the top” also plays a part. To create a transparent culture with a favourable working environment, the management should encourage employees to voice out their concerns and make it known to them that their welfare is of utmost importance to the company.
Benefits:
• Sense of belonging to the company, leading to a greater commitment by the employees
• Increase in productivity with lesser tension among employees
• Loyalty to the company, leading to lower turnover rates
Costs:
• Time and effort spent in conducting formal feedback sessions
R8: Threat of data inaccuracy and integrity in the system
Recommendation – Engage an external and independent party to conduct regular checks on the accounts (eg. Fortnightly)
Having only one person to enter data and to consolidate the accounts introduces the risk of overlook of errors and the lack of integrity in data entry. The existing control of having Mr. Pek to personally review the financial statements quarterly is insufficient to accurately identify the errors. Besides, even if errors are identified, they are already ‘ lagging’ indicators. Therefore, a more relevant control would be to engage an external and independent party to conduct more regular checks on the accounts, such as every fortnight.
Benefits:
• A more objective view of the company’s performance
• Errors can be identified and rectified earlier before damage is done to the company
Costs:
• Extra costs involved in engaging an external party
R10. Risk of skiving employees
Recommendation – Restructure the hierarchy of the employees and cultures
To enhance the level of supervision, a leader can be appointed in each department. The leader should act as a role model by displaying qualities like integrity, leadership and commitment and detect skiving employees within his/her department. The management should also emphasize a culture whereby company’s interests should be above self and that opportunistic behaviour will not be condoned. He can conduct in-door feedbacks session with each sales personnel regularly to review their performance and the achievability of the sales target. In addition, a clock-in system can be implemented in China where employees need to clock in the time they reach and leave the office. Moreover, a CCTV can be installed to deter employees skive during working hours.
Benefits:
• Better allocation of resources and increase in productivity.
• Management time and effort can be channeled to tackle the strategic issues faced by Dragon Link.
Costs:
• Time for employees to adapt to a new structure as they may be resistant to changes.
R11. Wrong quantity and specification of tiles are delivered to the customers
Recommendation – Training for Production staff and increase number of checks
With regard to the problem of wrong specification, we suggest that the production unit should always start work way before the deadlines so that errors can be discovered at the early stage and be rectified in time. Also, instead of relying solely on the factory manager to make decisions regarding repeated products, Dragon Link can train other employees like the three production officers, to identify errors in the production process. Hence, it will reduce stoppage during production process when factory manager is not around to make decisions and reduce specification errors made due to his wrong discretion.
To further minimize the likelihood of wrong quantity of tiles delivered, we suggest to increase the number of checks. First, quantity is checked before shipment to Singapore. Second, quantity is double-checked with the packing list when the goods arrived in Singapore in case any loss during shipment. Third, just before delivery, quantity of goods is to be checked again. With numerous rounds of detailed check conducted, the likelihood of mistakes will be reduced.
Benefits:
• Have a back-up person in charge if the factory manager quits. Thus, reducing any stoppage or delay that may occur.
Costs:
• Resources needed to train the production officers
• Time wastage due to the numerous rounds of check conducted
————————————————————————————————————-
9. Limitations
Our team has collected information for this project through interviews without having any hands-on involvement in the process or site-visits. In addition, we were unable to access the information system to examine the risks related information processing due to time constraints. This report thus evaluates the design instead of the actual implementation of the controls.
Moreover, owing to time constraints, we were unable to conduct interviews with other relevant personnel. Hence, this has limited our access to the quantity of information which may present differing perspectives and beliefs of the company.
————————————————————————————————————-
10. Conclusion and Moving Forward
Control and risk management is a requisite, if not, mandatory for a company to operate effectively and efficiently. The management should constantly assess the company’s risks and review the current risk responses and controls. Our recommendations serve to provide an outsiders’ view and insights of the company’s risk status. We hope that the management will benefit from our project and have better control in the company’s risks.
11. Feedback from Dragon Link Granite Pte Ltd
12. Appendices
Appendix A: Acceptance letter
Appendix B: Entity Level Business Model
Entity Level Business Model for Dragon Link Granite Pte Ltd
External Forces and Agents
• Demographic Lifestyle Trends: Customers’ tastes change from time to time – their preferences range from marble tiles to ceramic tiles to granite tiles
• Regulators: Government regulation in China- export tax rebate
• New Entrants: New competitors and substitute products like ceramic tiles
• Customers: Mainly property sector and other construction projects
• Suppliers: Goods usually obtained from the same suppliers
• Competitors: Many competitors, especially from China producing the same goods and offering competitive prices
• Economy: Economic recession, growth of property sector
• Technology: Homogeneous tiles resembling marble tiles created, new discoveries of quarries
.
Markets/ Formats Business Processes Alliances Core Services/ Products Customers
Its major markets are in:
– Singapore
– China Its core business processes include:
– Production
– Finance
– Distribution
– Sales Strategic alliances are formed with:
– Industry players
– Resellers of their goods
Its core products include:
– All types of natural stones, eg. Granite
– Tiles Its main customers include:
– Property sector
– Other construction project developers
Appendix C: Organizational Structure
Dragon Link Organization Chart
As at 7 March 2008
Appendix D: Internal Controls Questionnaire
INTERNAL CONTROLS QUESTIONNAIRE
This questionnaire aims to analyze the internal environment of the company and identify internal and external factors that have given rise, or may give rise, to events. As such, this questionnaire is divided into 5 sections, namely the control environment, risk assessment, control activities, information and communication and monitoring.
SECTION 1 – CONTROL ENVIRONMENT
1 – Organizational Structure
Description of Factor Questions Assessment of Factor
Yes No
Organization charts Do you have an updated copy of the organization chart? ?
Complexity of the organizational structure Is the complexity of the structure proportionate to the organization’s size, lines of reporting clear and documentation timely? ?
Size of the management group Is the size able to cope with the complexity of the unit and its growth? ?
Consistency of the management group Is the turnover rate low? ?
2 – Management’s Philosophy and Operating Style
Description of Factor Questions Assessment of Factor
Yes No
Compliance to laws and regulations Is there a great emphasis on complying with the law? ?
Good work performance Is the management concerned with doing the job without any errors? ?
Emphasis on meeting budget and other goals Is there active monitoring and follow-up on the results? ?
If deviations occur, is corrective action taken as necessary? ?
Approach to decision making Is the decision making process both formal and consistent? ?
Are there procedures and policies to ensure that appropriate supervision is involved in decision making process? ?
3 – Integrity and Ethics
Description of Factor Questions Assessment of Factor
Yes No
Conflicting interests Are your employees aware of the company’s policies regarding potential conflicting interests?
For eg. Between their outside business investments. ?
Codes of conduct and appropriate practices Do your employees understand the codes of conducts and practices, with regard to relationships with suppliers, creditors, customers and the public at large? ?
Integrity Does management set a good example for the employees? ?
Does management set high standards for integrity and ethical values to the employees? ?
4 – Delegation of Authority and Responsibility
Description of Factor Questions Assessment of Factor
Yes No
Assignment of authority and responsibility Is the assignment of authority and responsibility clearly defined to the extent that each individual is held accountable for results? ?
Experience and know-how Does management delegate authority to key personnel who are sufficiently experienced and knowledgeable? ?
Extent of authority Are the authority limits defined clearly in writing or communicated effectively to the employees? ?
Delegated signature authority Is the delegation of signature authority clearly defined and understood by employees?
For example, who is allowed to sign on behalf of another party? ?
5 – Commitment to Competence
Description of Factor Questions Assessment of Factor
Yes No
Knowledge and skills Does management understand the knowledge and skills needed for task accomplishment? ?
Job descriptions Are the roles and responsibilities clearly defined in writing or communicated in an appropriate mode? ?
Competency of employees Does management keep track of employee’s competency levels and take actions when the competency is low?
For example, increased training and supervision to its employees. ?
6 – Human Resource Policies and Practices
Description of Factor Questions Assessment of Factor
Yes No
Selection of personnel Is there a formal hiring procedure in which the hiring personnel select potential employees based on job requirements? ?
Training Do the training programs have clear objectives and are treated as high priority? ?
Supervision Are the personnel adequately supervised? ?
Inappropriate behavior Is there prompt and fair treatment to those who exhibit inappropriate behavior with no regard of his/her position? ?
Methods of compensation Is there a formal compensation process in place and if so, is its relationship to the performance evaluation process defined and communicated throughout the company? ?
Evaluation of personnel Is there a consistent and procedural evaluation process in place? ?
Staffing of critical functions Are critical functions adequately staffed such that workloads are reasonable and manageable? ?
Turnover in non-managerial positions Is turnover rate low? ?
Does management understand the root cause of the turnover? ?
SECTION 2 – RISK ASSESSMENT
7 – Goals and Objectives
Description of Factor Questions Assessment of Factor
Yes No
Company-wide objectives Do you have a set of targets or goals that are communicated to the management and the employees? ?
Activity-level objectives Are all targets and objectives set realistically? ?
Measurement of objectives Are consistent / periodic evaluations of your company’s goals and their measurement criteria done? ?
Critical success factors Do you allocate resources according to the importance of the critical success factors (eg. Customer satisfaction, timely delivery etc)? ?
Employee involvement Do all your employees work towards achieving the same company goals? ?
Budgeting Are budgets developed realistically and do they help in achieving the company’s objectives? ?
8 – Risks
Description of Factor Questions Assessment of Factor
Yes No
Identification and consideration of external risk factors Does your company have any process in place that helps to identify and to consider the implications of external risk factors (eg. Economic changes, lifestyle changes, technological developments etc) on your company’s goals and plans? ?
Identification and consideration of internal risk factors Does your company have any process in place that helps to identify and to consider the implications of internal risk factors (eg. Changes in employees’ roles and responsibilities, new IT systems, new staff etc) on your company’s goals and plans? ?
Prioritization of risks Do you consider and evaluate the potential risks that your company faces, according to the likelihood of occurrence and the potential impact? ?
Approach to risk evaluations Do you consider the potential costs and benefits of a particular plan / decision before committing to it? ?
Process for mitigation of risks Do you have a process in place to minimize the potential risks in every business deal / decision? ?
9 – Managing Change
Description of Factor Questions Assessment of Factor
Yes No
Commitment to change Is your company receptive to new business ideas and changes required to meet the goals set? ?
Support of change Is your company willing to commit resources for proposed changes? ?
SECTION 3 – CONTROL ACTIVITIES
10 – Controls
Description of Factor Questions Assessment of Factor
Yes No
Management reviews Any review of actual operating performance against budgets and forecasts? ?
Any review on company’s performance against competitors or industrial standards? ?
Any analytical review performed on variance of current year’s figures against prior years’? ?
Do you review expenses and cash flows of the company? ?
Independent checks and verification Are there any checks executed to ensure strategic and process objectives are met? ?
Is there an internal audit committee to perform independent checks and balances on the company? ?
Activity or direct functional management Is review of performance reports, which includes operational and financial results, segregated by process? ?
Is there compliance with the accounting and industrial standards?
(eg. Financial Reporting Standards) ?
Reconciliations Are accounts reconciled timely?
(eg. Bank reconciliations) ?
Key performance indicators Does the company perform analysis on the company’s key performance indicators and carry out follow-up actions? ?
Information processing Are there controls to ensure data access is limited only to authorized personnel, accounting records are kept properly, transaction numbers run sequentially?
(eg. Pre-defined data listings, restricted input format) ?
Safeguarding of assets Are there physical counts and security measures available to safeguard your company’s assets?
(eg. Cash, inventory and equipment) ?
Segregation of duties Are there separate personnel for the handling of different duties?
(eg. Is there a different person in charged for each of the responsibilities: authorizing transactions, recording them and handling assets of the company?) ?
Maintaining of records Are books and records of the company properly kept? ?
11 – Policies and Procedures
Description of Factor Questions Assessment of Factor
Yes No
Communication of policies and procedures Are your company’s policies and procedures communicated to your employees either orally or through other communication channels? ?
Understandability of policies and procedures Are your company’s policies and procedures easily understandable and well-understood by your employees? ?
Implementation of policies Are your company’s policies implemented conscientiously and consistently with a sharp focus? ?
Follow-up on procedures Are follow-up actions taken after the procedures are effected to examine and take appropriate corrective actions? ?
12 – Controls over Information Systems
Description of Factor Questions Assessment of Factor
Yes No
Business Continuity Planning Do you have a business continuity plan in place to maintain systems availability that is communicated to key personnel? ?
Backup Do you do backup of your key data and information in your computer system on a regular basis? ?
Do you have an off-site storage backup for your company’s information system in case any breakdowns and loss of information occur? ?
Security management Is your computer system installed with anti-virus (AV) software to filter incoming email and to detect and deter viruses? ?
Do you have a virtual private network (VPN) which uses the public Internet for private communication, accomplished through encryption? ?
Application controls Do your computer applications ensure completeness, accuracy, validity of data capturing and processing? ?
SECTION 4 – INFORMATION AND COMMUNICATION
13 – Information Accessibility
Description of Factor Questions Assessment of Factor
Yes No
External information Does everyone in the company have access to external information such as legislation, development and economic changes that might affect the company? ?
Management reporting system Do the employees report to the top management regularly in a well-defined procedure or system? ?
Management of information security Is information analyzed and classified by the degree of integrity, confidentiality and availability? ?
14 – Communication
Description of Factor Questions Assessment of Factor
Yes No
Trust Does the company delegate responsibilities and tasks to the employees based on trust? ?
Recommendations for improvement Does the company encourage employees to contribute ideas for improvement and are they rewarded for their contributions? ?
Formal communications Is important information (such as policies, performance reports etc) communicated in a formal manner? ?
Communication channels Do the employees have more than 1 communication channels? Are they able to communicate directly to the various managers? ?
SECTION 5 – MONITORING
15 – Management Supervision
Description of Factor Questions Assessment of Factor
Yes No
Management routine checks Does the management perform routine checks on the operational activities? ?
Involvements by employees Do the employees understand the importance and measures used in the routine checks? ?
Performance supervision Do the management monitor the employees’ performance? ?
16 – Outside Sources
Description of Factor Questions Assessment of Factor
Yes No
External environment analysis Is data evaluated and analyzed to identify changes in the market? ?
Response to external parties Are there investigations done on complaints or inquiries from external parties such as customers and suppliers? ?
External auditors Does the management consider and act on the information given by the external auditors? ?
Regulatory compliance Are regulatory requirements implemented into the internal management system? ?
17 – Response Mechanisms
Description of Factor Questions Assessment of Factor
Yes No
Management follow-up on violation of policies Does the management take timely actions on violations of policies? ?
Management follow-up on external events Does the management take timely actions on external events that affect the company?
?
18 – Self-Assessment Mechanisms
Description of Factor Questions Assessment of Factor
Yes No
Monitoring of internal environment Does the management evaluate the effectiveness of the organization structure? ?
Does the management review the effectiveness of the policies and procedures regularly? ?
Risk assessment Does the management carry out risk assessment regularly? ?
Does the management review the effectiveness of the risk assessment procedures? ?
Information and communication system assessment Does the management evaluate the effectiveness of the information and communication system ?
Appendix E: Business Process Analysis
Distribution Process
Process Objective: • Ensure high quality of their granite and that all its granite exceed industry standards.
• Prompt and fast delivery time to their clients, so as to bring customer satisfaction and generate steady profit growth.
Inputs: • Sales orders
• Forwarders list
• Packing lists
• Warehouse inventory list
• Weight and dimension of the crates of goods
• Delivery orders
Process activities: The process begins with the China coordinator receiving the goods from the suppliers or factory. He checks the goods with the sales order given to him earlier by the sales department. He then packs the goods into crates, prepare the packing list and files back the sales order. Two copies of packing lists are emailed to the Singapore coordinator. He will also select a forwarder from a list depending on the weight and dimension of the crates. Additional packing lists are packed into each of the crate for easy verification by the forwarder. The crates of goods are then collected by the forwarders and sent to Singapore.
Sometimes, goods are sent directly to the customers by the forwarders. However, in most cases the goods are sent to the Singapore coordinator as the customers have requested for later date receipt. The coordinator will then verify the goods with the packing list. However, the crates are not opened up for detailed quantity check. He merely checks for correct number of crates and recipients with the packing lists. The 1st copy of the packing list is filed, while the 2nd copy is passed to the warehouse along with the verified goods.
The warehouse store man will do the same verification as the coordinator accordingly to the packing list. He then files the packing list as well for documentation and stock checking. Regularly, the store man retrieves the sales order, which was given to him earlier by the sales department, and check the inventory list to see if any of the sales orders can be fulfilled with the current stock count. If the sales orders cannot be fulfilled, he will wait for further receipts of goods and then files the sales orders. If a sales order can be fulfilled, he will pack the goods and prepare a delivery order according to the sales order. The sales order is filed back for documentation purposes as well. He will also select a forwarder, who will then collect the goods and the delivery order, and send them to the respective customers.
Output: • Stock-count report
• Signed delivery order
• Packing list
Systems • AccMan – recording of all transactions
• Warehouse storage and stock count system
Classes of Transactions Routine transactions
• Fulfilling sales orders, matching the goods in stock with sales orders
• Verify goods received
Risks that threaten objectives 1. Natural disasters
2. Data entry error
3. Theft of goods
4. Wrong quantity and specifications of goods delivered
Controls linked to risks Refer to appendix H
Other symptoms of poor performance • Customers complaints
• Customers/projects lost to competitors
• Increase number of delays
Appendix F: Business Process Flowchart page1
Appendix F: Business Process Flowchart page2
Appendix G: Risk Descriptors
22nd February 2008
Risk Descriptors Definition
Likelihood Dimension Probability of Occurrence
(For Strategic Risks) Frequency of Occurrence
(For Operational Risks)
Almost Certain Will happen within this half year Will have > 20 incidents in 100 jobs
Likely Will happen within this year Will have <15 incidents in 100 jobs
Moderate Will happen within these 2 years Will have <10 incidents in 100 jobs
Unlikely Will not happen within these 2 years Will have <3 incidents in 100 jobs
Impact Dimension Impact on Efficiency of Distribution Impact on Customer Satisfaction Financial Impact
Increases total
number of delays by X % Increase number of ‘ lost’ customers by X% % decrease in revenue or % increase in
additional cost
Major X > 15% X > 10% > 25%
Moderate 10% < X ? 15% 5% < X ? 10% 15% < X ? 25%
Minor 5% < X ? 10% 2% < X ? 5% 5% < X ? 15%
Insignificant X ? 5% X ? 2% X ? 5%
Appendix H
Risk Event Risk Inherent Risk Within Risk Appetite? (Y/N) Controls in place Residual Risk within Risk Appetite? (Y/N) Residual Risk
Likelihood Impact Likelihood Impact
Strategic Risks
R1 Threat of new competitors Almost certain
Mr Pek mentioned that in the construction materials industry, new competitors emerge very rapidly and frequently. Therefore, it will most likely occur within half a year Minor
In this industry, clients often switch to competitors and new entrants if they can offer a more competitive price, but as Mr Pek has mentioned, most of these clients will eventually return back to Dragon Link as they are more familiar with the company. Therefore, % of ‘ lost’ clients is between 2-5%. Y Preventive Controls
• Foster good relationship with clients through excellent service delivery (timely delivery and quality of products).
• Constant communication with clients throughout the whole project and attending to their feedback when necessary.
Y Risk acceptance
R2 Economic crisis (eg. Asian financial crisis and sub-prime crisis) Unlikely
The possibility of an economic crisis occurring is too low and hence it will not happen within these 2 years Major
During economic crisis, many clients often default payments, resulting in large amounts of bad debts written off. The increase in costs is hence > 25%. Y Preventive Controls
• For larger projects, the company will request for progressive payments, which lowers the eventual loss, if any.
Y Uncontrollable
Risk acceptance
R3 Natural disasters (eg. Floods, earthquakes and snowstorms in China) Unlikely
The possibility of a natural disaster occurring is too low and hence it will not happen within these 2 years Major
When natural disasters strike, many supplies will get cut off as they are obtained from quarries, and shipments get delayed, resulting in > 15% of delays. Y Preventive Controls
• Keep inventory in warehouse to minimize delays
Y Uncontrollable
Risk acceptance
R4 Loss of human capital, which includes skilled and experienced workers Moderate
The employees of the company have worked there for many years and the turnover rate is very low. Therefore, it will not happen within 2 years Major
Service to the clients is of utmost importance in this industry. If experienced workers leave, it can have a major impact on customer satisfaction, with a > 10% ‘ lost’ customers. N Preventive Controls
• Foster good relationships with the employees
• Constantly review the employees’ feedback on the management
N Moderate
Being a small company, it is unable to provide employees with extra remuneration to retain them. As salaries in other companies become more competitive, Dragon Link still face the risk of losing the experienced workers. Major
R5 Changing demographics and lifestyles Moderate
People’s lifestyles and preferences are always changing, hence it will happen within these 2 years Major
When people’s lifestyles and preferences change, the mass market will move towards substitutes, such as ceramics. This results in a decrease of > 25% in revenue. N No control N Moderate Major
R6 Price fluctuations in raw materials Moderate
Although not frequent, price fluctuations occur occasionally due to certain factors such as availability of the natural stones and number of suppliers of the stone. Therefore it will occur within 2 years Insignificant
Prices of raw materials causes costs to increase, but as Mr Pek has mentioned, this affects the whole industry, and hence the impact on customer satisfaction is insignificant. Y Uncontrollable Y Risk acceptance
R7 Default of payment from clients Likely
Mr Pek claims that such occurrences are common even though the frequency is not as high as during economic downturn. Therefore it will most likely happen within 1 year Moderate
Dragon Link always pays for supplies on behalf of their clients first. When clients default payment, the increase in costs amount to 15-25%. N Preventive Controls
• For larger projects, the company will request for progressive payments, which lowers the eventual loss, if any.
• Careful review of clients’ credit position by the MD before accepting the sales Y Moderate Minor
Business Process Risks
Inputs Risks
R8 Threat of data inaccuracy and integrity in the system Almost certain
ACCMAN is entirely managed by one person in the Finance Department so there may be lack of integrity and accurate information. Major
Customer satisfaction might be reduced if the particulars and details of transactions are not updated on a real time basis. Costs may have to be incurred to verify and obtain the correct information. N Preventive Controls
• ACCMAN is restricted to the access of finance officer so as to prevent duplication of information and maintain integrity of info.
Detective Controls
• Checking of financial reports by Mr Pek every 3 months N Likely Major
R9
Data entry errors in the computer system
(Customer details and Sales details)
Moderate
Data entry by salesperson is not verified and checked by another party. Moderate
Wrong data inputs would cause wrong analysis and cause disruptions in distribution. Wrong customer details would result in delays (inefficiencies) and customer dissatisfaction. This might also incur additional costs as they may engage the deliverymen for making extra trips.
Y Detective Controls
• Perform system checks
• ACCMAN ensures validity and completeness checks. Y Moderate Minor
Performing occasional checks are enough to mitigate wrong inputs and rectify these mistakes in time. (Risk reduction)
Process Risks
R10 Risk of skiving employees Almost certain
Mr Pek stays in Singapore office most of the times so there is high chance of skiving employees in China. Moderate
Efficiency would be affected as skiving employees could have used that time more productivity. This would lead to resource wastage and excessive manpower. N Preventive Controls
• Performance-based compensation for sales personnel
Detective Controls
• Constant spot checks in China
• Evaluate employees’ performance using dept’s performance
• Customer feedbacks N Likely
Managers are to generate reports for department’s performance evaluation and customer feedbacks on quality of services and goods may act as deterrence. Moderate
The sales person and customers may collude so the impact will still not be reduced.
R11
Wrong quantity and specification of tiles are delivered to the customers
Almost certain
Miscommunication between employees due to language differences. Major
Goods with wrong specifications mass-produced may lead to additional costs to verify the problem. Time is needed to re-produce the goods so leading to delays and customer dissatisfaction. N Preventive Controls
• Hire only Chinese who is fluent in communicating in Mandarin.
• Manual checks done before goods are produced and shipped to Singapore N Likely
Chinese coordinator will reduce chances of miscommunication with customers, China’s suppliers and factory manager. Checks to avoid wrong quantity delivered to customers. Major
The existing controls only help to reduce the possibility of the risk occurring.
R12 Theft of goods at the warehouse Moderate
The goods are only managed by 1 storekeeper. Insignificant
Loss of unwanted scraps of tiles will have no major impact on the company performance. Packed tiles are too heavy to be stolen. N Preventive Controls
• Restrict people having access to physical goods
Detective Controls
• Periodic counts of inventory and compared with amounts on control records N Unlikely
Only storekeeper will have actual access to goods so reduce the likelihood of theft. Insignificant
With periodic checks and regular reports to be submitted to Mr Pek, impacts of lost items can be mitigated quickly.
R13 Extension of deadlines due to more time needed on the job Unlikely
Due to high penalty, Mr Pek rather buys from competitors at higher rate than breach the contracts. Major
Customers will be dissatisfied if there are delays in the delivery of goods. Higher costs arise from purchasing from competitors. Y • No controls Y Risk acceptance
Output Risks
R14 Inaccurate reports from warehouse ( to check for timeliness of deliveries, aging reports) Unlikely Moderate
As long as the company ensures there are sufficient stocks to distribute to the customers, some slight differences in the reports will not affect normal operations. Y
• Customer feedbacks Y Risk acceptance
Appendix I: Risk Matrix
Appendix J: Recommendation Timelines
R4: Loss of human capital, which includes skilled and experienced workers
R8: Threat of data inaccuracy and integrity in the system
R10. Risk of skiving employees
R11. Wrong quantity and specification of tiles are delivered to the customers
Appendix K: 1st Meeting Minutes
NANYANG TECHNOLOGICAL UNIVERSITY
AA205 iCEE Project
Minutes for meeting
Client: Dragon Link Granite Pte Ltd
Members present: Chai Jun Yang
How Shu Ying (Minutes-taker)
Ou Lijuan Lynette
Tay Wen Xia (Facilitator)
Date of meeting: 18 February 2008
Time of meeting: 3pm to 5pm
AGENDA OF MEETING
Our first interview with our client commenced on 18 February 2008 from 3pm to 5pm. Our team started our interview with Mr. Pek Tiong Hin, Managing Director of Dragon Link Granite Pte Ltd by explaining to him what our iCEE project is about and the objectives of the project. We also stated our chosen process – distribution and sought his assistance in helping us to learn more about the company and the distribution process.
The following items were discussed during the interview:
• Organizational structure of the company
Mr. Pek, being the Managing Director of the company sits at the top of the organization and is the overall in charge of the company. He will oversee the operations both in Singapore and also in China where the production of goods takes place. The factory in China operates very independently and all matters are handled by the factory manager, who will give monthly reports to Mr. Pek. In Singapore, there are two salespersons in charge of sales and two accounts and administration staff, one of whom is a coordinator who is responsible for liaising with the staff in China. There is also a storekeeper in charge of the warehouse and passing duties to the deliverymen, who are external independent persons.
• Objectives of the distribution process
Basically, the objectives of the distribution process are to ensure that goods can be delivered on time, are of a high quality and of a competitive price.
• Distribution process flow
Our team then learnt about the distribution process and how it actually works so that we will be able to flowchart out the process using Microsoft Visio.
• Competitors
Mr. Pek mentioned that the company has many competitors. There are competitors in Singapore and from other countries, especially those from China. In China alone, there are about 400 factories in the same industry producing tiles. He added that in this industry, the products are in fact commodities; there are no particular brands to them. The only differentiating factors between companies are in the processing quality and the servicing of the clients. Some companies will perform better in these factors, while others may not do them as well. For Dragon Link Granite, Mr. Pek expressed that there are certain steps taken to control the quality and color consistency of the tiles.
• Customers
As for the company’s customers, Mr. Pek stated that the customer turnover rate is quite low. It would be quite difficult for the company to penetrate other customers because most often than not, the customers would stick to those companies that they have worked and enjoying working with.
To deal with any uncertainties, the company will usually work with selective customers based on past history records and experience and those that pose fewer risks to them.
• Suppliers
The company usually obtains their raw materials from the same suppliers, especially for those raw materials which are produced in one and only one quarry. For new suppliers, there is a need to look at the finished products and carry out inspection before deciding whether or not to sign a contract with them. Mr. Pek would usually inform the purchasing staff in China about the market expectations in Singapore and educate them constantly on the acceptable standard of qua
