volume ii (part-c) risk control matrices - … · part c - risk control matrices order to cash ......
TRANSCRIPT
Risk Control Matrices
522
Volume II
(Part-C)
Risk Control Matrices
Risk Control Matrices
523
Contents
Volume II
Part C - Risk Control Matrices
Order to Cash .......................................................................................................................... 524
Procurement ........................................................................................................................... 528
Legal and Regulatory .............................................................................................................. 533
Hire to Pay (H2P) .................................................................................................................... 535
Fixed Assets ........................................................................................................................... 537
Inventory ................................................................................................................................. 541
Treasury.................................................................................................................................. 544
Financial Closing & Reporting Process ................................................................................... 547
Joint Venture ........................................................................................................................... 551
Production ............................................................................................................................... 553
Risk Control Matrices
524
Order to Cash
1. Sales Order creation
Risk Number : O2C01
Risk Description : Invalid orders are created for further processing.
Control Activity/Mitigation Plan : Sales Order (all products) is prepared on the basis of the
reports received from Production department.
Crude Oil - report having measurement of receipt & dispatch through tank dips
Gas - SCADA report
LPG - report of bulk & cylinder quantities dispatch location wise
Wind Energy - report of units exported to the grid / customer
Financial Statement Assertion : Validity
Frequency of Control : Multiple
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
2. Billing
Risk Number : O2C02
Risk Description : Crude Oil - Unauthorized Invoices are generated using
incorrect terms and prices.
Control Activity/Mitigation Plan: Every month Price master is updated by Finance
department on the basis of Rate per barrel derived from
Reuters Marketwire adjusted to the Gross Product Worth
(GPW) formula for the particular assay. Exchange rate
master is updated by Finance dept. on the basis of rate
derived from RBI website. SAP creates the invoice based
on the system configuration considering the prices
updated by Finance dept. on monthly basis with
reference to the delivery note created in the system by
the pipeline department.
Financial Statement Assertion : Validity, Valuation
Frequency of Control : Monthly
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
Risk Control Matrices
525
3. LPG Sale
Risk Number : O2C03
Risk Description : LPG - Unauthorized Invoices are generated using
incorrect terms and prices.
Control Activity/Mitigation Plan : SAP automatically calculates value of invoice based on
condition types defined for LPG sale. The quantity is
picked up from the Sales Order.
Financial Statement Assertion : Validity, Valuation
Frequency of Control : Multiple
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
4. Gas Sale
Risk Number : O2C04
Risk Description : Gas - Unauthorized Invoices are generated using
incorrect terms and prices.
Control Activity/Mitigation Plan : Value of invoice is automatically calculated by SAP using
condition types defined for gas sale (for instance,
condition types for Quality, Calorific value, Pressure &
Volume according to the agreement with customers).
Financial Statement Assertion : Validity, Valuation
Frequency of Control : Multiple
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
5. Power Sale
Risk Number : O2C05
Risk Description : Power - Unauthorized Invoices are generated using
incorrect terms and prices.
Control Activity/Mitigation Plan: Value of invoice is automatically calculated by SAP using
condition types defined for power sale based on the
agreement.
Financial Statement Assertion : Validity, Valuation
Frequency of Control : Multiple
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
Risk Control Matrices
526
6. Crude Oil Billing, Gas sale, LPG sale, Power
Risk Number : O2C06
Risk Description : Incorrect recording of invoices.
Control Activity/Mitigation Plan: Sales Invoices can be prepared only by Accounts officer.
These invoices can be released only by Senior Manager
(Finance and Accounts) (SMFA) who verifies & signs the
invoice.
Financial Statement Assertion : Completeness, Recording, Valuation
Frequency of Control : Multiple
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
7. Credit Notes for discount to OMC
Risk Number : O2C07
Risk Description : Invalid Credit notes and adjustments to accounts
receivable
Control Activity/Mitigation Plan: Condition types have been configured in SAP which
automatically calculates customer-wise discount and
generates credit notes. The credit notes are prepared by
Accounts Officer & signed by SMFA.
Financial Statement Assertion : Validity, Recording, Valuation
Frequency of Control : Multiple
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
8. Credit Notes for discount to OMC
Risk Number : O2C08
Risk Description : Credit notes and adjustments to accounts receivable are
based on invalid discount rates
Control Activity/Mitigation Plan : Ministry of petroleum and natural gas (MOPNG)
provides rate of discount per barrel in its order at the
end of every quarter. These rates are entered in SAP by
accounts officer and verified by SMFA.
Financial Statement Assertion : Validity
Frequency of Control : Quarterly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
527
9. Carbon Credits
Risk Number : O2C09
Risk Description : Carbon credits revenue is not appropriately identified
and accounted
Control Activity/Mitigation Plan : Carbon credits revenue is identified with each billing and
entry made in the books.
Financial Statement Assertion : Validity, Recording, Valuation, Cut-off
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
10. Collections
Risk Number : O2C10
Risk Description : All receipts are recorded inaccurately and in the wrong
period
Control Activity/Mitigation Plan : Statement of Accounts received from customer is
reconciled with AR balances periodically by accounts
officers.
Financial Statement Assertion : Recording, Cut-off
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
11. Collections
Risk Number : O2C11
Risk Description : Dispute with customer due to incorrect balances
Control Activity/Mitigation Plan : Balance confirmation is taken from the customer on
quarterly basis to ensure correct balances.
Financial Statement Assertion : Validity, Completeness
Frequency of Control : Quarterly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
12. Write-off
Risk Number : O2C12
Risk Description : Unauthorized write-offs
Control Activity/Mitigation Plan : Any write-offs are approved as per delegation of
authority defined, before posting in SAP.
Financial Statement Assertion : Validity, Cut-off
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
528
Procurement
1. Purchasing
Risk Number : P2P01
Risk Description : Purchase orders are placed only for unapproved
requisitions.
Control Activity/Mitigation Plan : Materials
Purchase orders are created in the system based on
approved budgetary requisition. Purchase orders can be
created in the system only with reference to the
purchase requisition.
Services
The Service orders are based on Approved Service
Requisition. The Service Requisition is prepared on the
basis of approved budgetary requisition/ internal
estimation duly approved by Committee/ F&A.
Financial Statement Assertion : Validity
Frequency of Control : Multiple
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team
2. Processing Accounts Payable
Risk Number : P2P02
Risk Description : Posting of amounts in incorrect accounts payable
account and represent goods received / in transit
Control Activity/Mitigation Plan : Goods / Services Received
SAP automatically matches vendor invoice transactions
to receipts of goods / Service Entry Sheet (SES) and
purchase orders. It then posts the invoices to the
appropriate vendor account in Accounts Payable and to
the Accounts Payable control account in the general
ledger. Alternatively, SAP can automatically generate and
post vendor invoices once the goods receipt / SES is
posted.
Goods In Transit:
In case of goods in transit where the property has passed
as per PO terms, the accounts payable is immediately
recognized on receipt of Vendor Invoice. Later on the
receipt, inspection & acceptance of goods the GRN is
prepared.
Financial Statement Assertion : Validity, Recording
Frequency of Control : Multiple
Risk Control Matrices
529
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
3. Processing Accounts Payable
Risk Number : P2P03
Risk Description : Credit notes and other adjustments are incorrectly
calculated and recorded.
Control Activity/Mitigation Plan : Quantity in invoice is linked to GRN while invoice rate is
linked to the PO rate in SAP. There is automated 3-way
matching of invoice with GRN and PO. Discrepancy
Report are raised by MM Dept indicating the nature of
discrepancy of materials. Landed cost of short
shipped/defective materials are debited to the vendors'
account which ensures recovery of the same from the
vendors.
In case of services, as per delegation each authorized
officer reviews supporting documentation before
approving payments. Supporting documentation (hard
copy of vendor invoices, delivery documents, etc) is
cancelled once payment is made.
Financial Statement Assertion : Recording, Valuation
Frequency of Control : Multiple
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
Risk Control Matrices
530
4. Processing Disbursements
Risk Number : P2P04
Risk Description : Disbursements not made for goods and services as per
terms of Purchase Order
Control Activity/Mitigation Plan : Goods:
As per delegation each authorized officer reviews
supporting documentation before approving payments.
Supporting documentation (hard copy of vendor invoices,
delivery documents, etc) is cancelled once payment is
made, to prevent duplicate recording of invoices.
Services:
As per delegation each authorized officer reviews
supporting documentation before approving payments.
Supporting documentation (hard copy of vendor invoices,
delivery documents, etc) is cancelled once payment is
made.
Financial Statement Assertion : Validity
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
5. Processing Disbursements
Risk Number : P2P05
Risk Description : Advances are not adjusted before making final
payments
Control Activity/Mitigation Plan : Advances appear in vendor ledgers in special G/L
Transaction codes and before making payments they are
adjusted in the SAP system.
Financial Statement Assertion : Validity, Valuation
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
531
6. Processing Disbursements
Risk Number : P2P06
Risk Description : Disbursements are distributed to the wrong suppliers.
Control Activity/Mitigation Plan : Bank statements are regularly reconciled to general
ledger regularly by finance executive/cashier and
errors/omissions are rectified and the same is reviewed
by concerned Finance executive.
Financial Statement Assertion : Validity
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
7. Processing Disbursements
Risk Number : P2P07
Risk Description : Payments not routed through PO / WO route (FI
Payments).
Control Activity/Mitigation Plan : All FI payments are certified by appropriate user
authority as per delegation of power and note for
approval is sent along with invoice.
Financial Statement Assertion : Validity, Valuation
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
8. Vendor Ageing
Risk Number : P2P08
Risk Description : Dispute with vendor due to incorrect balances
Control Activity/Mitigation Plan : Balance confirmation is taken from the vendor on
quarterly basis to ensure correct balances.
Financial Statement Assertion : Validity, Completeness
Frequency of Control : Quarterly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
532
9. Maintaining Supplier Master Files
Risk Number : P2P09
Risk Description : Unauthorized changes to supplier master
Control Activity/Mitigation Plan : Changes/ updations to vendor master are made on the
basis of approval by management and person granting
approval does not have access to update the same in the
system.
Financial Statement Assertion : Validity, Completeness
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
10. Processing Disbursements
Risk Number : P2P10
Risk Description : Deductions not made as per discrepancy report, before
making payments
Control Activity/Mitigation Plan : Discrepancies report to be checked alongwith GRN
before booking invoices
Financial Statement Assertion : Validity
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
11. Bank Guarantees
Risk Number : P2P11
Risk Description : Performance / Advance bank guarantees not taken /
renewed timely
Control Activity/Mitigation Plan : Monitoring over Advance / Performance bank
guarantees - Tagging in SAP with PO.
Financial Statement Assertion : Validity
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
533
Legal and Regulatory
1. Taxes
Risk Number : L&R01
Risk Description : Risk of inaccurate charging of various direct/ indirect
taxes as per the requirement of law.
Control Activity/Mitigation Plan : The various tax rates are updated in the SAP system.
System configuration ensures that tax is calculated and
deducted at appropriate rate.
Financial Statement Assertion : Validity, Completeness, Recording
Frequency of Control : Multiple
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team
2. Taxes
Risk Number : L&R02
Risk Description : Risk of incorrect calculation and recording of various
direct/ indirect taxes (e.g. Income tax, Dividend tax etc.)
Control Activity/Mitigation Plan : Concerned finance executive (tax) calculates the income
tax, dividend tax and cess at the stipulated frequency.
This is verified by authorized finance executive (tax and
Financial Accounting) for recording in the books of
accounts.
Financial Statement Assertion : Validity, Completeness, Recording
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
3. Taxes
Risk Number : L&R03
Risk Description : Delay in submission or incorrect submission of various
taxes and related returns with statutory authorities.
Control Activity/Mitigation Plan : Tax compliances are timely monitored
Consultants are hired to get advice on selected matters.
Checklist of various due dates of submission of taxes and
returns should be prepared and monitored
Financial Statement Assertion : Validity, Completeness, Recording
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
534
4. Legal
Risk Number : L&R04
Risk Description : Incorrect assessment of contingent liability on account
of various regulatory cases in dispute.
Control Activity/Mitigation Plan : Legal department shares the details with finance
department for appropriate reporting
Financial Statement Assertion : Validity, Recording, Cut-off
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
5. Statutory dues
Risk Number : L&R05
Risk Description : Tracker to be maintained to monitor statutory dues like
VAT, cess, royalty, PF.
Control Activity/Mitigation Plan : Value of invoice is automatically calculated by SAP using
condition types defined for power sale based on the
agreement.
Financial Statement Assertion : Validity, Recording
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
535
Hire to Pay (H2P)
1. Recruitment
Risk Number : H2P01
Risk Description : Risk of payroll disbursements and recorded payroll
expenses not related to actual time worked
Control Activity/Mitigation Plan : Payroll variance analysis is reviewed by Payroll Manager
& Fund manager prior to disbursement. Payroll manager
also verifies calculation of payroll on a sample basis.
Financial Statement Assertion : Validity, Completeness, Recording
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
2. Payroll
Risk Number : H2P02
Risk Description : Incorrect processing of salary resulting into excess or
short payout
Control Activity/Mitigation Plan : Salary is processed from the SAP based on the master
entered at the time of joining.
Changes to payroll master files in SAP is restricted to
authorised personnel. All changes are made based on
authorized source documents.
Payment process directly through Finance should be
authorised by the responsible person.
Salary processed should be reconciled with the master
and previous month salary for identifying any inaccuracy.
Financial Statement Assertion : Validity, Completeness, Recording
Frequency of Control : Monthly
Nature of Control : Combination – Automated and Manual
Control Owner : SAP Core Team / Concerned executive from the Finance
department
Risk Control Matrices
536
3. Payroll
Risk Number : H2P03
Risk Description : Inadequate deduction or settlement of loan and
advances resulting into financial loss or incorrect
reporting of loans and advances
Control Activity/Mitigation Plan : Payroll variance analysis is reviewed by Payroll Manager
& Fund manager prior to disbursement. Payroll manager
also verifies calculation of payroll on a sample basis.
Financial Statement Assertion : Validity, Completeness, Recording
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
537
Fixed Assets
1. Constructed Assets
Risk Number : FA01
Risk Description : Risk of delay in capitalization of Assets
Control Activity/Mitigation Plan : Finance enters the date put to use after AUC settlement
based on Job Closing Advise received from user
departments as and when the assets is commissioned/
installed. After entering the date put to use, asset moves
from AUC to Fixed Assets.
Financial Statement Assertion : Validity, Completeness, Recording
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
2. Constructed Assets
Risk Number : FA02
Risk Description : Incorrect identification and classification of constructed
asset under correct category resulting into incorrect
depreciation.
Control Activity/Mitigation Plan : Finance verifies the assets categorized and capitalized
under appropriate head.
Financial Statement Assertion : Validity, Completeness, Recording, Cut-off
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
3. Acquisition
Risk Number : FA03
Risk Description : Risk of not recording or delay in recording of acquired
Fixed Assets in the FAR with accurate value
Control Activity/Mitigation Plan : Concerned finance executive periodically reviews all
changes to the fixed asset register with the base
documents.
Financial Statement Assertion : Validity, Recording
Frequency of Control : Quarterly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
538
4. Physical Verification
Risk Number : FA04
Risk Description : Risk of incorrect reporting of Fixed Assets details in the
Financial Report
Inter-sphere/intra-sphere movement of assets not
recorded
Control Activity/Mitigation Plan : 1. The fixed asset register and/or master file data are
periodically reviewed by management for accuracy and
ongoing pertinence and are reconciled to the
corresponding general ledger accounts.
2. Any reconciling items are identified and addressed in a
timely manner
3. Access to Fixed Asset Register is restricted to
authorized personnel.
4. Physical verification of fixed assets is performed by
concerned department in SAP. Authorization for the
same is provided by ERP-FI.
5. Prenumbered identification tags are attached to fixed
assets on acquisition to facilitate accurate identification
of assets and recording of details
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
539
5. Depreciation
Risk Number : FA05
Risk Description : Depreciation charges are not correctly calculated and
recorded in the appropriate period.
Control Activity/Mitigation Plan : 1. Depreciation is calculated by the system based on the
master data updated at the time of capitalization of
Assets.
2. Concerned finance executives reviews the depreciation
calculated by the system and performs variance analysis
for depreciation charge and in case of any major
deviations investigates the same.
Financial Statement Assertion : Completeness, Recording, Cut-off
Frequency of Control : Quarterly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
6. Pre producing Properties
Risk Number : FA06
Risk Description : Pre Producing properties not being recorded and
capitalized correctly
Control Activity/Mitigation Plan : On the basis of Well status reports received by Finance
dept. from Drilling/ G&R on monthly basis:-
In case of success the transfer from well-WBS accounts to
Asset-under-construction (AUC) i.e. Pre-Producing
Property Account.
In case of failure the well WBS account is written off to
P&L manually in SAP after taking approval as per defined
delegation of authority.
In case of deviation from drilling plan the abortive
portion of well WBS account is written off to P&L account
through manual journal entry
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off
Frequency of Control : Quarterly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
540
7. Depletion charges
Risk Number : FA07
Risk Description : Depletion charges are not accurately calculated and
recorded in the appropriate period.
Control Activity/Mitigation Plan : Finance records depletion of Production Properties in
SAP based on the Reserves and Production figures given
in the G&R report & Production Department report on a
quarterly basis.
SAP automatically calculates depletion and passes
necessary accounting entries.
Concerned finance executives verifies the accounting
entries passed by SAP using offline calculations done in
Excel sheet. Necessary corrective entries, if any, are
passed.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
541
Inventory
1. Material Receipt
Risk Number : INV01
Risk Description : Risk of incorrect recording of inventory at the time of
receipt of material resulting into incorrect inventory
record and excess/ short payout
Control Activity/Mitigation Plan : Goods received are matched on-line or manually with
purchase order details and/or invoices with challans,
packing list, and invoice and suitability report before
being accepted and taken into stock. Two layer check is
in place to verify goods received with PO. First layer
check is done by concerned finance officer (Accounts
Payable). Second layer check is done by concerned
finance executive (Accounts Payable2).
Financial Statement Assertion : Validity, Completeness, Recording
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
2. Material Receipt
Risk Number : INV02
Risk Description : Rejected material are not returned and accounted on
timely basis
Control Activity/Mitigation Plan : Rejected materials are adequately segregated from
other materials and regularly monitored to ensure timely
return to suppliers. Reports of rejected materials are
verified by top field/project management on a monthly
basis.
Financial Statement Assertion : Validity, Recording
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
542
3. Material Accounting
Risk Number : INV03
Risk Description : Incorrect inventory value being reported in financial
reports
Control Activity/Mitigation Plan : 1. Physical inventory is counted periodically and
reconciled to the bin card by the materials department.
On a monthly basis, the same are reconciled with the
price stock ledger by the concerned finance executive,
Stores. Discrepancies are reported to the top
management monthly. Adjustment entries, if any, are
passed based on approved documents.
2. If goods received by the user department do not meet
merchantability standards, user departments initiate
return of inventories to materials department through
SAP (using MIGO) and taken up by materials department
with the vendor for correction/replacement.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off
Frequency of Control : Quarterly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
4. Material Accounting
Risk Number : INV04
Risk Description : Incorrect recording of material issue and consumption
figures
Control Activity/Mitigation Plan : 1. Material is issued or consumed against the approved
requisition in system.
2. Material issued is verified by the store/ material
department.
Financial Statement Assertion : Validity, Recording
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
543
5. Material Receipt
Risk Number : INV05
Risk Description : Delay in recording of GRN resulting into delay in
updating the inventory figures in financial records.
Control Activity/Mitigation Plan : Material receipt is monitored to ensure timely recording
of GRN.
Recording of all GRNs to be ensured before closure of
financial period
Financial Statement Assertion : Validity, Recording, Cut-off
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
544
Treasury
1. Investment
Risk Number : TR01
Risk Description : Investments of the organization are not recorded.
Control Activity/Mitigation Plan : Authorized personnel reviews the investments
recorded manually with the approval as per delegation
and values are reconciled in books
Financial Statement Assertion : Validity
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
2. Investment
Risk Number : TR02
Risk Description : All Investment purchases, sales, and maturities are not
recorded accurately in the appropriate period.
Control Activity/Mitigation Plan : Reconciliation of GL account with Mutual funds
statement, bank statement and incoming remittances is
done by concerned finance executive.
Financial Statement Assertion : Completeness, Recording, Cut-off
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
3. Interest Accounting
Risk Number : TR03
Risk Description : Income on all investments is not correctly calculated
and recorded in the appropriate period.
Control Activity/Mitigation Plan : Interest is recalculated in excel sheets. These
calculations are verified with bank statements on
maturity. Accounting entry is passed by Accounts officer
and approved by concerned finance executive.
Financial Statement Assertion : Completeness, Recording, Cut-off
Frequency of Control : Quarterly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
545
4. Dividend Receivable
Risk Number : TR04
Risk Description : All dividend income is not correctly calculated and
recorded in the appropriate period.
Control Activity/Mitigation Plan : Concerned Executives at Corporate Finance verifies the
proceedings of the Board Meetings/AGMs of the
companies, where investment has been made, to
ascertain Dividend declaration and probable date of
receipt.
Same is manually monitored and requisite entries are
passed in books.
Financial Statement Assertion : Completeness, Recording, Cut-off
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
5. Term Loans (including ECBs)
Risk Number : TR05
Risk Description : Interest on loans is not calculated and recorded
accurately in the appropriate period.
Control Activity/Mitigation Plan : Interest is recalculated in excel sheets. These
calculations are verified with bank statements.
Accounting entry is passed by Accounts officer and
approved by Treasury Manager
Financial Statement Assertion : Completeness, Recording, Cut-off
Frequency of Control : Quarterly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
546
6. Bank Guarantees (BG) Issued
Risk Number : TR06
Risk Description : Charges for BG issued are not accounted correctly.
Control Activity/Mitigation Plan : BG to be issued are approved appropriately as per
delegation and are opened through designated banks
only. All BG charges are accounted by the concerned
finance executive.
Financial Statement Assertion : Validity, Recording, Valuation
Frequency of Control : Multiple
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
7. Insurance
Risk Number : TR07
Risk Description : Inadequate / Inappropriate insurance coverage
Control Activity/Mitigation Plan : Insurance is centralized and should be taken for all - All
wells, transit, public liability (Only NELP blocks are
decentralized)
Financial Statement Assertion : Validity, Completeness, Valuation
Frequency of Control : Yearly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department at
Duliajan
Risk Control Matrices
547
Financial Closing & Reporting Process
1. Financial Closing & Reporting Process
Risk Number : FCRP01
Risk Description : The financial closing and reporting process is not
adequate to identify and update the internal and external
financial reporting requirements and deadlines; the
methodology, format, and frequency of required
analyses; and the content of reporting packages from
departments.
Control Activity/Mitigation Plan : Management has established well-defined accounts
closure circulars to process financial reporting. The
circulars detail all key attributes (e.g., overall timing,
methodology, format and frequency of analyses).
Circulars are approved, and reviewed on a regular basis.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off,
Presentation
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
2. Financial Closing & Reporting Process
Risk Number : FCRP02
Risk Description : Procedures and timetables for communicating relevant
information affecting the financial closing and reporting
process within the entity are not established /
documented, and updated on a timely basis.
Control Activity/Mitigation Plan : Processes and policies are established and documented
regarding the requirements for entity personnel to
communicate information timely to the financial
reporting department with respect to events and
transactions affecting financial reporting, including
reservoir data from G&R department, production
oil/gas/LPG disposal statement from production
departments, electricity generation and distribution from
electrical engineering department, business development
from business development department, joint venture
statements from joint venture operators in case of non-
operating joint ventures, SLOC status, imprest cash, etc.
The compliance with communication processes and
policies is monitored on a regular basis.
Risk Control Matrices
548
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off,
Presentation
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
3. Financial Closing & Reporting Process
Risk Number : FCRP03
Risk Description : Reconciliations for all significant accounts are not
performed or not prepared on a timely basis. Also, issues
identified (if any) are not resolved and recorded in the
general ledger on a timely basis.
Control Activity/Mitigation Plan : All significant analyses and reconciliations are
independently reviewed in comparison with established
guidelines. Key reconciliations done are, sub-ledger to
general ledger reconciliations, bank reconciliations, cost
ledger to finance ledger, sales reconciliations (sales value
is calculated separately and reconciled with general
ledger balances. Similar reconciliations are done for
royalty, cess, sales tax and service tax). Unusual items
and exceptions in analyses and reconciliations are
documented upon identification. Resolution and
treatment of unusual items identified are documented
and reviewed independently for appropriateness on a
timely basis. Management reviews resolution of items on
a regular basis.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off,
Presentation
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
549
4. Financial Closing & Reporting Process
Risk Number : FCRP04
Risk Description : Journal entries are not reviewed, validated, authorized,
properly and inadequate recording in the accounting
period.
Control Activity/Mitigation Plan : Journal entries have adequate supporting
documentation and are reviewed and approved
independently prior to posting.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off,
Presentation
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
5. Financial Closing & Reporting Process
Risk Number : FCRP05
Risk Description : Disclosure checklists and instructions (or other suitable
mechanisms) are not used in preparing and reviewing of
all draft financial-statement disclosures for completeness
and consistency.
Control Activity/Mitigation Plan : The entity uses up-to-date accounts closure circulars to
ensure that all relevant financial information is disclosed
(1) appropriately in accordance with generally accepted
accounting principles and the entity's accounting and
disclosure policies and (2) in the appropriate accounting
period. Closure circulars provide relevant checklists and
instructions to perform assigned duties in accordance
with the entity's disclosure policies.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off,
Presentation
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
550
6. Financial Closing & Reporting Process
Risk Number : FCRP06
Risk Description : The application of the entity's accounting policies to
each non-routine event or transaction is not performed
and documented.
Control Activity/Mitigation Plan : Accounting treatment for significant non-routine events
and transactions (including those requiring the use of
accounting estimates and judgment (for e.g., actuarial
valuation of retirement benefits, reservoir estimation
based on engineering estimates in the selection and
application of accounting principles, service liability for
service provided but invoice not received) is researched,
analyzed, documented, updated, and communicated to
responsible parties on a regular basis. Such
communication also includes the timeframes and
appropriate methods for computing estimates and the
framework for judgments involved.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off,
Presentation
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
7. Financial Closing & Reporting Process
Risk Number : FCRP07
Risk Description : Dividends paid / declared are not in accordance with
the company policy and prescribed laws and regulation.
Control Activity/Mitigation Plan : Dividend distribution is recommended by the BOD and
approved by the AGM.
Financial Statement Assertion : Validity
Frequency of Control : Yearly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
551
Joint Venture
1. Operated Venture
Risk Number : JV01
Risk Description : SAP is not configured correctly for joint ventures
Control Activity/Mitigation Plan : JV team (maker ; checker -concerned finance executive)
creates the JV in SAP on the basis of terms and conditions
(like, penalty percentage, share of overhead, share of
payroll etc.) agreed with the joint venture partners as per
the PSC/JOA. SAP automatically calculates penalties,
allocates share of expenses etc. based on the
configuration for the respective JV
Financial Statement Assertion : Validity, Completeness
Frequency of Control : Not Applicable
Nature of Control : Automated/Combination Control
Control Owner : JV Team
2. Operated Venture
Risk Number : JV02
Risk Description : Expenses recorded for particular joint ventures are not
valid
Control Activity/Mitigation Plan : Operator creates the budgets for expenses to be
incurred on the joint venture. This budget is approved by
the partners and DGH. JV team (maker checker -
concerned finance executive) configures the WBS in SAP
based on the approved budget. Any further changes to
the WBS are done similarly based on necessary
approvals. SAP does not allow recording any expense for
the JV that is not defined in the WBS.
Financial Statement Assertion : Validity
Frequency of Control : Not Applicable
Nature of Control : Automated/Combination Control
Control Owner : JV Team
Risk Control Matrices
552
3. Operated Venture
Risk Number : JV03
Risk Description : Inaccurate processing of all JOA expenses & revenues
and recording after the period which they are disbursed/
received
Control Activity/Mitigation Plan : The share of each Joint Venture partner as per JOA
terms is configured in SAP. SAP automatically allocates
from Joint Venture 1, the joint cost of operation to all
Joint venture partners as per share of involvement
defined in PSC/JOA. Based on this the Finance dept.
monthly raises Cash Call to JV partners. Quarterly,
Finance dept. runs cut-back procedures in SAP & verifies
that the JV1 is reduced to zero balance.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
4. Non- Operated Venture
Risk Number : JV04
Risk Description : Inaccurate processing of all JOA expenses & revenues
and recording after the period which they are disbursed/
received
Control Activity/Mitigation Plan : Finance dept. books OIL's share of expenditures on the
JV's, on the basis of Cash calls & Monthly Billing
Statement received from Joint Operators. Any deviation
in cash call is reported to the operator for
modification/correction.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Concerned executive from the Finance department
Risk Control Matrices
553
Production
1. Production of crude oil/ condensate
Risk Number : PROD01
Risk Description : Crude oil produced is not recorded accurately and the
recorded period is not correct.
Control Activity/Mitigation Plan : Production is recorded in books (SAP transaction MIGO)
on the basis of measurement of receipt & dispatch
through tank dips taken on as & when basis by
Installation Manager of field installation, reviewed by
Chief Engineer / Zonal In-Charge and approved by Chief
Engineer.
Financial Statement Assertion : Recording, Valuation, Cut-off
Frequency of Control : Daily
Nature of Control : Manual
Control Owner : Chief Engineer - Production Oil
2. Production of crude oil/ condensate
Risk Number : PROD02
Risk Description : Crude oil produced is not recorded accurately and the
recorded period is not correct.
Control Activity/Mitigation Plan : Production department provides details of production,
losses, dispatch and stock to the Finance dept. on a
monthly basis which is then used by Finance department
to review inventory records in SAP.
Financial Statement Assertion : Recording, Valuation, Cut-off
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Chief Engineer - Production Oil
Risk Control Matrices
554
3. Production of Gas
Risk Number : PROD03
Risk Description : Gas produced is not recorded accurately and the
recorded period is not correct.
Control Activity/Mitigation Plan : As per contract, quantity produced is sold to the
customer, thus any adjustments to be made to the
production quantity as per contract terms, are based on
the reconciliation meeting held among the gas customer
as well as producer (OIL) / AGCL. This reconciliation
meeting is held in the first week of each month.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off
Frequency of Control : Monthly
Nature of Control : Manual
Control Owner : Chief Engineer - Production Gas (Utilization)
4. Production of Gas
Risk Number : PROD04
Risk Description : Gas produced is not recorded accurately and the
recorded period is not correct.
Control Activity/Mitigation Plan : The Production of gas is recorded on the basis of daily
report from "SCADA” wherever the facility is available. In
other places where "SCADA" connection is not available
the data is collected manually (periodically) through
Square Root chart using planimeter. Composition of gas
is measured by Chemical department against the gas
sample provided by Production Gas department.
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off
Frequency of Control : Daily
Nature of Control : Manual
Control Owner : Chief Engineer - Production Gas (Gas Field)
Risk Control Matrices
555
5. Production of LPG/ condensate
Risk Number : PROD05
Risk Description : LPG / Condensate produced is not recorded accurately
and the recorded period is not correct.
Control Activity/Mitigation Plan : The production of LPG and Condensate are recorded
and reported daily on the basis of measurement taken
through Mass Flowmeter by Sr. Engineer Operation (LPG)
and approved by Head-LPG
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off
Frequency of Control : Daily
Nature of Control : Manual
Control Owner : Head-LPG
6. Renewable energy
Risk Number : PROD06
Risk Description : Power produced is not recorded accurately and the
recorded period is not correct.
Control Activity/Mitigation Plan : The Production is recorded on the basis of meter
reading taken by the Engineer - Renewable Energy
Financial Statement Assertion : Validity, Completeness, Recording, Valuation, Cut-off
Frequency of Control : Daily
Nature of Control : Manual
Control Owner : Chief Engineer - Wind Power