Internal control framework
Procure-to-Pay
Payroll
Order-to-cash
usefull links
Inventory
How to use this document ?
- To access the dedicated process, click on
- To go the following page, click on
- To have more information on a rule, click on
- To get back to the menu, click on
Fixed asset management
Travel & expenses
Accounting organization
Procure-to-Pay (1/4)
suppliers selection
New supplier Assesment
Above 25k€ and if no framework agreement is applicable or if there is no specific client's requirements, several quotes should be gathered prior to selecting a supplier. The selection of the supplier should be formalized using a table of comparison acknowledged by the person(s) taking the decision. This TOC should be saved properly.
Prior to using a new supplier, a compliance assessment should be performed using Ethixbase or BVD Catalyst if the expected PO amount is higher than a threshold validated by VWT CCO. Before creating the supplier in LATIS, the proof of this evaluation should be handed over to the responsible team.
PO issue
SUPPLIER CREATION
A PO should be issued in LATIS for every purchase. The PO should always be validated by somebody who is entitled to do so.
The creation of a new supplier in the database (LATIS) should always be approved. The creation and its approval must be performed by two different persons.
Procure-to-Pay (2/4)
supplier bank detail modification - countercall
Supplier bank details modification
A countercall to the supplier should always be performed, using another phone number than the one indicated in the communication from the supplier informing about the new bank details. This process should be formalized, through a shared G(sheet summarizing all requests, phone call, supporting documentation)
The modification of the bank details of a supplier should always be approved. The modification and its approval must be performed by two different persons.
SUPPLIERs INVOICES
AP balance reconciliaition
Supplier invoices should be sent directly to the accounting teams thanks to a dedicated generic email adress mentionned in the PO and in the contract if existing.
The AP balance should be reconciliated with the GL at every closing. This should be propelry formalized and approved.
Procure-to-Pay (3/4)
10
Creditors suppliers
Means of payement
Creditors suppliers should be reviewed and justified in the context of the closing process
Electronic fund transfer is the only way of payment to be used. Instructing manually EFT should be limited to a maximum, used when not possible to do otherwise and always formalized through a dedicated tracking file. Other means of payments such as checks or cash should be eliminated. However, it is not possible, a strict and accruate follow-up should be set up and cashboxes or checkbooks should be kept in a secured and restricted dedicated place.
Procure-to-Pay (4/4)
PO formalization
Purchase request
The person responsible for raising PO in LATIS should attached to it, in LATIS, the selected quotation as well as the TOC if applicable. Otherwise, these documents should be stored in a dedicated G-drive classified per PO.
The purchase request should be formalized and if possible done in LATIS using the dedicated function.
Supplier database - Cleaning
Non-PO purchase
A cleaning of the supplier database should be performed at least every two years by deactivating suppliers not used for a period of 24 months
Define the type of expense for which it is authorized not to issue a PO for convenience reason such as rent, utilities... This list should be validated by the top management of the BU.
Order-to-ca$h (1/3)
Solvency analysis and credit limit
Contracts
A solvency analysis should be done when onboarding a new client to determine a credit limit. This credit limit should be set up in LATIS to block orders if reached. (Untill further notice) In addition, The credit limit & terms of payment should be reviewed periodically (frequency to be determined by BU).
Bidding offers and contracts should always be signed by persons entitled to do so according to the DOA system in place within the company.
Customers database - Creation
Customers database - modification
The creation of new customers in the database should be restricted to a limited number of person and these persons should not be able to book any manual entries. A strcit SOD should be applied between creation and approval.
The modification of any sensitive information should be approved by a person who is not entitled to proceed with modification and sensitive information should be double-checked. Sensitive informations are bank details (if any), delivery adress, terms of payments, credit limit...
Order-to-ca$h (2/3)
AR follow-up
Credit Notes
Outstanding receivables should be closely follow-up and frequently reviewed with the management. The review should be formalized by indicating actions to be taken.
The issuance of a credit note should always be validated by a person who is not entitled to raise it in the system. The issuance of a credit note should always be justified and the supporting documentation should be properly stored.
AR balance reconciliation
DSO
The AR balance should be reconciliated with the GL at every closing. This should be propelry formalized and approved.
The DSO must be computed
Order-to-ca$h (3/3)
10
AR write-off
AR provision
Justification for AR write-off should be formalised with a dedicated form and approved by the authorised person.
The provision for doubtfull debt should be computed at every closing following the Group's policy namely 50% if higher than 6 months and 100% depreciation if older than 1 year (INDUSTRIAL customers) AND 50% if older than 1 year and 100% depreciation if older than 2 years (MUNICIPAL customers)
Inventory (1/3)
INssurance
Warehouse access
The warehouse should be covered by an insurance. The value of the goods stored and the proper cost to ensure business continuity should be controlled regularly to make sure the insurance policy covers it all.
The access to the warehouse should be restricted to authorized employees. Group HSE policies should be applied.
Referencing
Incoming goods - reception
Every item should have an aquapart number. Before creating a new aquapart number, it is important to check with your L1 referent if this item does not already exist in another BU. If so, please request the opening of this reference.
The delivery should always be matched with a PO. Quantities should be checked and matched with the PO. The reception of the PO should be done in LATIS as soon as the delivery occured and the delivery note should be properly saved.
Inventory (2/3)
Outgoing goods - withdrawals
Leftovers from projects
Every withdrawal should be based on a proper documentation and formalized in LATIS (Sales order, deliver document, ...)
In case the warehouse is used to store leftovers from project, all parts should be listed and identified in a formalized list shared with the procurement team . All leftovers from projects should be stored in a dedicated space.
Damaged/obsolete goods
AStock counts
Obsolete / damaged (expired) stock should be clearly identified and stored separately (i.e., quarantine area).
A yearly stock count should be performed. It should be done by people who can't access the stock module in LATIS. The stock count methodology must not include quantities as shown in the system.
Inventory (3/3)
Disposal of stock items
Disposal of stocks must be witnessed by a person who is not working at the warehouse. In addition a picture of scrap or sold items must be taken and safekept
Fixed asset management (1/2)
Transfer of fixed asset
Fixed asset creation
Any transfer of fixed asset should be duly approved by an authorized person. The transfer should be formalized through a dedicated form.
The creation of an asset in LATIS should be approved by an authorized person - preferably by the CFO of the BU. This approval should be formalized through a dedicated form which includes the lifetime of the asset and its depreciation mode.
Disposal of fixed asset
Fixed asset inventory
The disposal of a fixed asset should be approved by an authorized person and formalized through a dedicated form. Moreover, the value of the asset to dispose should be documented. Eventually, depending on local regulation, the assessment by a third party might be necessary.
An inventory on fixed asset should be performed yearly. As a result, asset could be disposed and taken out of the books. This inventory should be performed by people who can't access the fixed asset module in LATIS
Fixed asset management (2/2)
TTagging
Write-off
Fixed asset should be tagged with its LATIS number.
Any write-off on an asset should be documented and duly approved. This should be formalized through a dedicated form along with the supporting documentation which should be properly saved.
Travel & expenses (1/2)
Local procedure
Expenses Justification
Local T&E procedure can only be more restrictive or equal to the VWT one
Expenses should be justified and documented when claimed. When claiming an expense, the employee should always provide supporting documentation such as detailled receipts (not only credit card receipt)
Expenses approval
Meals
Expenses reimbursement should always be approved by the direct manager. Another approval by the accounting department is a good practice.
The names and the company of persons attending a lunch or a dinner should always be mentioned when claiming the expense
corporate procedure
Travel & expenses (2/2)
Forbidden expenses
Gifts & invitations
A list of expenses that won't be reimbursed by the company is available on the Annex 1 of the VWT T&E procedure
This kind of expenses are submitted to a dedicated procedure. Please refer to it.
Small emergency purchases
Advance payments
Small emergency purchase should be done if possible by following the P2P process. If not possible, using the T&E process is acceptable but should be strictly defined.
Any advance granted should be formalized and approved. Accounting should match the justification with the advance payment. A regular review of the open advande payment should be regularly performed (part of AP) , also in the context of employees leave. ( to be included in the leaving form)
corporate procedure
ACCOUNTING (1/2)
Closing checklist
Manual entries
A checklist gathering all tasks to be performed during the closing process should be used. This checklist should include the name of the person performing the task as well as the name of the reviewer. Eventually this checklist should be acknoledged by the CFO once the closing is done.
Manual entries should be booked based on a supporting documentation and a regular review of manual entries should be performed
Closing folder
Bank reconciliations
All supporting documentation of the closing process should be gathered within a single folder.
Each and every bank account should be reconcilied with the accounting data at every closing. The reconciliation should be formalized and signed-off by an approuver. This is applicable to bank accounts with no movements. Bank statements should be consulted directly from the bank.
ACCOUNTING (2/2)
bank accounts openning
Provisions
Every bank account oppening is subject to the HQ approval
Every provision should be justified and documented.
Payroll
Salaries & bonuses data
Employees bank details
The modification of payroll data should be striclty restricted to a limited amount of people - Any modification and its approval should be done by two different persons. Controls should be performed on a monthly basis to make sure changes compared to the previous month are justified and duly approved.
The creation and the modification of employees bank details should follow the same logic as for suppliers. The modification and its approval in the system should be done by two different persons and based on the relevant supporting documentation only (namely bank certificate). The request by the employee should be done through a formalized channel.
USefull links
Procedures
Meet the team !
On VWT's intranet, you can find all core model procedures. These procedures are based on the Group's ones.
In case you have any question on internal control do not hesistate to contact us ! Please click on your right to meet the team!
Seggregation of duties
Group internal control intranet
SOD is a key pillar of internal control. The strict application of SOD principles enables to mitigate the risk of fraud within an organization. To assess if your organization is OSD-proof, please click on your right to access the Group's SOD matrix.
The Group internal control intranet displays a lot of information that could help you. Do ne hesitate to have a look!
How to comply with the rule ?
Using the ageing balance, apply this rule to compute the provision.
Why it helps mitigate risks ?
It prevents from having heavy unexpected losses.
How to comply with the rule ?
Implement the development in LATIS or use a dedicated form to formalize the expression of a need with the name of the requester.
Why it helps mitigate risks ?
It Improves tracability and reduces the risk of loss of information.
How to comply with the rule ?
The process should always include a witness who is not working at the warehouse and the scrapping or the sell of items should always be documented notably for accounting purposes.
Why it helps mitigate risks ?
The independence of the witness is key to avoid any issue with employees who would dispose of stock items for their own benefice.
How to comply with the rule ?
Check the adequation between the persons who usually sign contracts and bidding offers and the DoA. If it does not match, take related actions.
Why it helps mitigate risks ?
Monitoring this enables to make sure that nobody commits the company without being authorized to do so.
How to comply with the rule ?
Keep the list of person authorised up-to-date and implement a way to make sure people accessing the warehouse are entitled to do so or with somebody who is (security system, badge...)
Why it helps mitigate risks ?
Restricting the access to the warehouse prevents from theft
How to comply with the rule ?
Set up a process where the comparison of offers is mandatory above the threshold and set up a standardized table of comparison including the names of approvers
Why it helps mitigate risks ?
It is a rule to protect the organization from the collusion between employees and suppliers which might results in (i) not having the best price to quality ratio and (ii) to embezzelment of funds.
How to comply with the rule ?
Justification for AR write-off should be formalised with a dedicated form and approved by the authorised person.
Why it helps mitigate risks ?
If there is no SOD it means that somebody could write-off a receivable on his/her own, which is a fraud.
How to comply with the rule ?
Verify in your process if it is the case. Perform an access rights reviews to make sur nobody can do both roles.
Why it helps mitigate risks ?
A strict SOD on this is key to mitigate the risk of somebody modifying supplier for fraud purpose
How to comply with the rule ?
Set up a dedicated form for fixed asset approuval indicating every requirements
Why it helps mitigate risks ?
Such a process is key to comply with delegations of authority matrix.
How to comply with the rule ?
Define a spot in the warehouse - labelled everything left from projects - draft a list and share it with the procurement team. These items are already paid so it is worth try to use them.
Why it helps mitigate risks ?
Tracking leftovers from projects is key to avoid the loss or the theft of goods.
How to comply with the rule ?
Communicate on this aspect and make sure approvers won't validate any expenses without justification. If possible, make the attachment of justification mandatory for submitting expense claim when using a dedicated digital platform.
Why it helps mitigate risks ?
Expense claims without any justification (receipts) can hide some non-compliant expenses.
How to comply with the rule ?
The procurement department should appoint somebody to perform this check. Using a G-sheet file with the name of the supplier, the expected amount of the PO and the outcome of the compliance check is good practice.
Why it helps mitigate risks ?
Check before it is too late ! The consequences of working with a company that does not meet VE compliance requirements can be very damageable for the BU: the supplier might not pay or even worse, the Group might be linked with somebody not respecting the law !
How to comply with the rule ?
In addition to the correct SOD, please make sure to apply the countercall process (see P2P) to double-check every sensitive information before modifying.
Why it helps mitigate risks ?
Checking this kind of information prevents from fraud to happen as it was already the case in VWT (see here for a testimony)
How to comply with the rule ?
Use existing LATIS reports and ask your L1 for a mass deactivation
Why it helps mitigate risks ?
Cleaning the supplier database
How to comply with the rule ?
Draft a process where manual entries should be computed by somebody and review by another person before being posted.
Why it helps mitigate risks ?
A seggregation of duties is key to avoid one person to post a fraudulous entry in the book (fake supplier invoice for fund embezzlement purpose for example)
How to comply with the rule ?
This is the standard process when receiving goods. The warehouse officer (or any person receiving it on the day to day basis) should have access to LATIS to declare the reception to take it inot account in the stock quantity as soon as possible. It is also important to properly keep the delivery note.
Why it helps mitigate risks ?
It limits the risk of having a wrong information into the system and potentially into the books.
How to comply with the rule ?
Thanks to an extraction of the AR ageing balance, analyze the outstanding receivable and take related action when necessary. This is to be done on a regular basis, under the supervision of the management, and related actions should be carefully followed-up.
Why it helps mitigate risks ?
It is key to follow the outstanding AR to chase customers who did not pay and then to be paid as soon as possible (Cash cash cash ! )
How to comply with the rule ?
Setup a disposal/transfer/write-off form to document the approvals and values of any FA removal.
Why it helps mitigate risks ?
It reduces the risk of fraud as it is impossible for only one person to sell company's asset for his benefit and to move it out from the books.
How to comply with the rule ?
Set up a process where any modification of these data is done by one person and aprroved by another independant one before being taken into account in the payroll process
Why it helps mitigate risks ?
It prevents from internal fraud
How to comply with the rule ?
Setup a disposal/transfer/write-off form to document the approvals and values of any FA removal.
Why it helps mitigate risks ?
It reduces the risk of fraud as it is impossible for only one person to sell company's asset for his benefit.
How to comply with the rule ?
Define a spot in the warehouse and stored everything that is damaged or obsolete.
Why it helps mitigate risks ?
Tracking and isolating the obsolete or damaged goods is key to avoid the risk of wrong deliveries.
How to comply with the rule ?
Set up a process where an expense can not be paid if not approved.
Why it helps mitigate risks ?
If there is no approval nor control, employees could be re-imbursed for non-justified expense which could be considered as a theft of company's money.
How to comply with the rule ?
Gifts and invitation are part of a dedicated compliance procedure. In your local procedure, a mention to it should be included.
Why it helps mitigate risks ?
By being very strict on this, we mitigate the risk of corruption.
How to comply with the rule ?
Define the rules within your T&E procedure by setting up a limit and a formalization form.
Why it help mitigating risk ?
Setting up rules prevents from using this process instead of the P2P.
How to comply with the rule ?
In case you want to open a new bank account, obtain the authorization from VWT Treasury department
Why it helps mitigate risks ?
It prevents from oppening accounts in un-reliable banks and optimize the banking relationships the Group has.
How to comply with the rule ?
It is a good practice to facilitate asset management, especially when it comes to small assets (computers, tables & chairs...)
Why it helps mitigate risks ?
It reduces the risk of loss of information and helps the follow-up
How to comply with the rule ?
Set up a process that aims to verify any modification by performing a counter-call to the employee.
Why it helps mitigate risks ?
It prevents from external fraud.
How to comply with the rule ?
Set up a dedicated form to be approved and on the basis the set up in LATIS will be done.
Why it helps mitigate risks ?
Such a process is key to comply with delegations of authority matrix.
How to comply with the rule ?
Contact your L1 if neccessary
Why it helps mitigate risks ?
It helps limiting the number of reference in LATIS
How to comply with the rule ?
To proceed, draft and issue a document stating that these type of expenses and only these are allowed not to have a PO. The list should be validated by the management and should be reasonable.
Why it helps mitigate risks ?
It clarifies what can be an exception and what can't be. It mitigates the risk of by-passing the system by clarifying exactly when a PO is not necessary.
How to comply with the rule ?
Use LATIS data to generate the computation of this KPI.
Why it helps mitigate risks ?
If you can measure it, you can improve it !
How to comply with the rule ?
All supporting documentation of the closing process should be gathered within a single folder.
Why it helps mitigate risks ?
Organizing this folder is key to avoid any issue with the yearly accounts certifications.
How to comply with the rule ?
Mention this rule in your procedure and ask for the approvers/accounting team to reject the expense claim if this is not mention.
Why it helps mitigate risks ?
It brings transparency to this kind of expense which is key from a compliant point of view.
How to comply with the rule ?
Perform the banking reconciliations by comparing the bank statement to the accounting data at the same date.Formalize this analysis in a dedicated file gathering the bank statement and the accounting balance, highlighting and explaining discrepancies (if any) Formalize the review by the approval of the CFO.
Why it helps mitigate risks ?
IIt is key to identify any unknown movement that could be a fraud.
How to comply with the rule ?
The criteria for advance payment should be determined by the relevant function (HR, general management) and strongly followed-up. The process should be included in the local procedure.
Why it helps mitigate risks ?
A strict control on this helps mitigating the risk of fund embezzlement
How to comply with the rule ?
Access rights monitoring is key to make sure that the SOD is respected on this process.
Why it helps mitigate risks ?
It prevents from creating a fake client.
How to comply with the rule ?
Complying with the rule is quite simple here: just apply this process. In case of language issue, keep in mind we are an international company and that somebody will probably be able to help
Why it helps mitigate risks ?
Following this process enables to make sure the new bank details belong to the supplier. A lot of external fraud could be avoided thanks to this very simple rule as fraudsters use this technique to steal money from companies.
How to comply with the rule ?
Perfom this analysis using the existing reports in LATIS. This reconciliaition is mandaotry in the context of the closing process. Discrepencies must be explained and old outstanding AP should be explained.
Why it helps mitigate risks ?
Performing this reconciliation is key to identify if what is in the GL matches with what is coming from the other modules. Otherwise, it means that something was manually booked in the GL and it can be a fraud.
How to comply with the rule ?
Perfom this analysis using the existing reports in LATIS. This reconciliaition is mandaotry in the context of the closing process. Discrepencies must be explained and old outstanding AP should be explained.
Why it helps mitigate risks ?
Performing this reconciliation is key to identify if what is in the GL matches with what is coming from the purchase module. Otherwise, it means that something was manually booked in the GL and it can be a fraud.
How to comply with the rule ?
The logic is the same as for the reception. Everything related to withdrawal should be formalized, managed in LATIS and supporting documentation properly stored.
Why it helps mitigate risks ?
It limits the risk of having a wrong information into the system and potentially into the books.
How to comply with the rule ?
Please refer to the Group's insurrance program
Why it helps mitigate risks ?
Having an inssurance reduces the risk of financial loss in case something unfortunate happen.
How to comply with the rule ?
In the context of the AP reconciliation, creditors suppliers should be investigated to make sure no double payment was performed
Why it helps mitigate risks ?
Analyzing this could results in the early identification of a fraud scheme
How to comply with the rule ?
In case you want to adopt a more restrictive policy, it is important to clearly list what is authorized and what is not.
Why it helps mitigate risks ?
It reduces the risk of paying for non-compliant expenses
How to comply with the rule ?
To proceed, you can rely on some external providers to have the information. to set these limits in LATIS, please see with your L1.
Why it helps mitigate risks ?
It reduces the risk of not being paid by analyzing our third parties.
How to comply with the rule ?
Draft the list of all tasks that need to be done and include who is responsible and who is reviewing.
Why it helps mitigate risks ?
An exhaustive checklist is key to avoid any issue on accounts certification and to make sure controls are performed over what are in the books.
How to comply with the rule ?
Verify in your process if it is the case. Perform an access rights reviews to make sur nobody can do both roles.
Why it helps mitigate risks ?
A strict SOD on this is key to mitigate the risk of somebody creating a fake supplier for fraud purpose
How to comply with the rule ?
Include in the PO a statement saying that the invoice should be exclusively sent to a genereic email adress (of the accounting department)
Why it helps mitigate risks ?
It is important to centralize the reception of suppliers invoices to avoid lost invoices and being chased by suppliers. It increases optimization!
How to comply with the rule ?
Set up an asset inventory campaign on the same logic as the one for stock
Why it helps mitigate risks ?
Performing an inventory of fixed assets helps identifying on time any adjustment needed and any missing asset that should be in function.
How to comply with the rule ?
Eliminate cashboxes and checkbooksIf not, set up a dedicated follow-up file detailing every movements, their nature and the approvers. Store properly cashboxes and checkbooks in a secure location. The access should be restricted to a limited number of employees. Manual payment should be restricted to a limited number of situations and strictly formalized through a dedicated follow-up file
Why it helps mitigate risks ?
Using exclusively EFT reduces the risk of fraud as it is a safer way to pay than cash or checks because 2 signatures are needed to sign the payment. Cash and checks can be stolen and used easily. Not to have them reduces this risk. In case it is not possible, to secure them properly reduces the risk of theft.
How to comply with the rule ?
Document the justification and the approval of each and every miscelleneous provisions booked as part of the closing folder.
Why it helps mitigate risks ?
It prevents from booking unjustified provision that could lead to unaccuracy of the financial statements
How to comply with the rule ?
Define a period and persons responsible for this task.
Why it helps mitigate risks ?
Performing the stock count is key to make sure that quantities in LATIS are correct and if not to understand why and to potentially identify theft.
How to comply with the rule ?
If necessary, please indicate your own list in your local procedure. This list can only be more restricitve than the corporate's one. Otherwise, add the corporate list in your local procedure as an appendix.
Why it helps mitigate risks ?
It is key to give a strict framework on what can be and can not be reimbursed to avoid any misuse of the company's money.
How to comply with the rule ?
Issue every PO in LATIS !
Why it helps mitigate risks ?
If not issue a LATIS, it means that the whole P2P process can be by passed. People who are not entitled to commit expense on behlaf ov the company could do it
How to comply with the rule ?
See with your L1 to implement a validation process on this topic. In addition, as the request should be justified, please use a dedicated template for the formalizing the request.
Why it helps mitigate risks ?
It is key to have a SOD on the credit note process so that nobody can generates credit note alone as there is a risk of fraud.
How to comply with the rule ?
This is a good practice but we strongly encourage you to attached in LATIS to the PO the relevant supporting documentation
Why it helps mitigate risks ?
It increases transparency and reduces the risk of loosing information
Internal control framework
Antonin Muret
Created on November 29, 2023
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Museum Flipcards
View
Image Comparison Slider
View
Microcourse: Key Skills for the Professional Environment
View
The Meeting Microlearning
View
The Meeting Microlearning Mobile
View
Corporate Who's Who
View
Concepts Comparison Flipcards
Explore all templates
Transcript
Internal control framework
Procure-to-Pay
Payroll
Order-to-cash
usefull links
Inventory
How to use this document ?
Fixed asset management
Travel & expenses
Accounting organization
Procure-to-Pay (1/4)
suppliers selection
New supplier Assesment
Above 25k€ and if no framework agreement is applicable or if there is no specific client's requirements, several quotes should be gathered prior to selecting a supplier. The selection of the supplier should be formalized using a table of comparison acknowledged by the person(s) taking the decision. This TOC should be saved properly.
Prior to using a new supplier, a compliance assessment should be performed using Ethixbase or BVD Catalyst if the expected PO amount is higher than a threshold validated by VWT CCO. Before creating the supplier in LATIS, the proof of this evaluation should be handed over to the responsible team.
PO issue
SUPPLIER CREATION
A PO should be issued in LATIS for every purchase. The PO should always be validated by somebody who is entitled to do so.
The creation of a new supplier in the database (LATIS) should always be approved. The creation and its approval must be performed by two different persons.
Procure-to-Pay (2/4)
supplier bank detail modification - countercall
Supplier bank details modification
A countercall to the supplier should always be performed, using another phone number than the one indicated in the communication from the supplier informing about the new bank details. This process should be formalized, through a shared G(sheet summarizing all requests, phone call, supporting documentation)
The modification of the bank details of a supplier should always be approved. The modification and its approval must be performed by two different persons.
SUPPLIERs INVOICES
AP balance reconciliaition
Supplier invoices should be sent directly to the accounting teams thanks to a dedicated generic email adress mentionned in the PO and in the contract if existing.
The AP balance should be reconciliated with the GL at every closing. This should be propelry formalized and approved.
Procure-to-Pay (3/4)
10
Creditors suppliers
Means of payement
Creditors suppliers should be reviewed and justified in the context of the closing process
Electronic fund transfer is the only way of payment to be used. Instructing manually EFT should be limited to a maximum, used when not possible to do otherwise and always formalized through a dedicated tracking file. Other means of payments such as checks or cash should be eliminated. However, it is not possible, a strict and accruate follow-up should be set up and cashboxes or checkbooks should be kept in a secured and restricted dedicated place.
Procure-to-Pay (4/4)
PO formalization
Purchase request
The person responsible for raising PO in LATIS should attached to it, in LATIS, the selected quotation as well as the TOC if applicable. Otherwise, these documents should be stored in a dedicated G-drive classified per PO.
The purchase request should be formalized and if possible done in LATIS using the dedicated function.
Supplier database - Cleaning
Non-PO purchase
A cleaning of the supplier database should be performed at least every two years by deactivating suppliers not used for a period of 24 months
Define the type of expense for which it is authorized not to issue a PO for convenience reason such as rent, utilities... This list should be validated by the top management of the BU.
Order-to-ca$h (1/3)
Solvency analysis and credit limit
Contracts
A solvency analysis should be done when onboarding a new client to determine a credit limit. This credit limit should be set up in LATIS to block orders if reached. (Untill further notice) In addition, The credit limit & terms of payment should be reviewed periodically (frequency to be determined by BU).
Bidding offers and contracts should always be signed by persons entitled to do so according to the DOA system in place within the company.
Customers database - Creation
Customers database - modification
The creation of new customers in the database should be restricted to a limited number of person and these persons should not be able to book any manual entries. A strcit SOD should be applied between creation and approval.
The modification of any sensitive information should be approved by a person who is not entitled to proceed with modification and sensitive information should be double-checked. Sensitive informations are bank details (if any), delivery adress, terms of payments, credit limit...
Order-to-ca$h (2/3)
AR follow-up
Credit Notes
Outstanding receivables should be closely follow-up and frequently reviewed with the management. The review should be formalized by indicating actions to be taken.
The issuance of a credit note should always be validated by a person who is not entitled to raise it in the system. The issuance of a credit note should always be justified and the supporting documentation should be properly stored.
AR balance reconciliation
DSO
The AR balance should be reconciliated with the GL at every closing. This should be propelry formalized and approved.
The DSO must be computed
Order-to-ca$h (3/3)
10
AR write-off
AR provision
Justification for AR write-off should be formalised with a dedicated form and approved by the authorised person.
The provision for doubtfull debt should be computed at every closing following the Group's policy namely 50% if higher than 6 months and 100% depreciation if older than 1 year (INDUSTRIAL customers) AND 50% if older than 1 year and 100% depreciation if older than 2 years (MUNICIPAL customers)
Inventory (1/3)
INssurance
Warehouse access
The warehouse should be covered by an insurance. The value of the goods stored and the proper cost to ensure business continuity should be controlled regularly to make sure the insurance policy covers it all.
The access to the warehouse should be restricted to authorized employees. Group HSE policies should be applied.
Referencing
Incoming goods - reception
Every item should have an aquapart number. Before creating a new aquapart number, it is important to check with your L1 referent if this item does not already exist in another BU. If so, please request the opening of this reference.
The delivery should always be matched with a PO. Quantities should be checked and matched with the PO. The reception of the PO should be done in LATIS as soon as the delivery occured and the delivery note should be properly saved.
Inventory (2/3)
Outgoing goods - withdrawals
Leftovers from projects
Every withdrawal should be based on a proper documentation and formalized in LATIS (Sales order, deliver document, ...)
In case the warehouse is used to store leftovers from project, all parts should be listed and identified in a formalized list shared with the procurement team . All leftovers from projects should be stored in a dedicated space.
Damaged/obsolete goods
AStock counts
Obsolete / damaged (expired) stock should be clearly identified and stored separately (i.e., quarantine area).
A yearly stock count should be performed. It should be done by people who can't access the stock module in LATIS. The stock count methodology must not include quantities as shown in the system.
Inventory (3/3)
Disposal of stock items
Disposal of stocks must be witnessed by a person who is not working at the warehouse. In addition a picture of scrap or sold items must be taken and safekept
Fixed asset management (1/2)
Transfer of fixed asset
Fixed asset creation
Any transfer of fixed asset should be duly approved by an authorized person. The transfer should be formalized through a dedicated form.
The creation of an asset in LATIS should be approved by an authorized person - preferably by the CFO of the BU. This approval should be formalized through a dedicated form which includes the lifetime of the asset and its depreciation mode.
Disposal of fixed asset
Fixed asset inventory
The disposal of a fixed asset should be approved by an authorized person and formalized through a dedicated form. Moreover, the value of the asset to dispose should be documented. Eventually, depending on local regulation, the assessment by a third party might be necessary.
An inventory on fixed asset should be performed yearly. As a result, asset could be disposed and taken out of the books. This inventory should be performed by people who can't access the fixed asset module in LATIS
Fixed asset management (2/2)
TTagging
Write-off
Fixed asset should be tagged with its LATIS number.
Any write-off on an asset should be documented and duly approved. This should be formalized through a dedicated form along with the supporting documentation which should be properly saved.
Travel & expenses (1/2)
Local procedure
Expenses Justification
Local T&E procedure can only be more restrictive or equal to the VWT one
Expenses should be justified and documented when claimed. When claiming an expense, the employee should always provide supporting documentation such as detailled receipts (not only credit card receipt)
Expenses approval
Meals
Expenses reimbursement should always be approved by the direct manager. Another approval by the accounting department is a good practice.
The names and the company of persons attending a lunch or a dinner should always be mentioned when claiming the expense
corporate procedure
Travel & expenses (2/2)
Forbidden expenses
Gifts & invitations
A list of expenses that won't be reimbursed by the company is available on the Annex 1 of the VWT T&E procedure
This kind of expenses are submitted to a dedicated procedure. Please refer to it.
Small emergency purchases
Advance payments
Small emergency purchase should be done if possible by following the P2P process. If not possible, using the T&E process is acceptable but should be strictly defined.
Any advance granted should be formalized and approved. Accounting should match the justification with the advance payment. A regular review of the open advande payment should be regularly performed (part of AP) , also in the context of employees leave. ( to be included in the leaving form)
corporate procedure
ACCOUNTING (1/2)
Closing checklist
Manual entries
A checklist gathering all tasks to be performed during the closing process should be used. This checklist should include the name of the person performing the task as well as the name of the reviewer. Eventually this checklist should be acknoledged by the CFO once the closing is done.
Manual entries should be booked based on a supporting documentation and a regular review of manual entries should be performed
Closing folder
Bank reconciliations
All supporting documentation of the closing process should be gathered within a single folder.
Each and every bank account should be reconcilied with the accounting data at every closing. The reconciliation should be formalized and signed-off by an approuver. This is applicable to bank accounts with no movements. Bank statements should be consulted directly from the bank.
ACCOUNTING (2/2)
bank accounts openning
Provisions
Every bank account oppening is subject to the HQ approval
Every provision should be justified and documented.
Payroll
Salaries & bonuses data
Employees bank details
The modification of payroll data should be striclty restricted to a limited amount of people - Any modification and its approval should be done by two different persons. Controls should be performed on a monthly basis to make sure changes compared to the previous month are justified and duly approved.
The creation and the modification of employees bank details should follow the same logic as for suppliers. The modification and its approval in the system should be done by two different persons and based on the relevant supporting documentation only (namely bank certificate). The request by the employee should be done through a formalized channel.
USefull links
Procedures
Meet the team !
On VWT's intranet, you can find all core model procedures. These procedures are based on the Group's ones.
In case you have any question on internal control do not hesistate to contact us ! Please click on your right to meet the team!
Seggregation of duties
Group internal control intranet
SOD is a key pillar of internal control. The strict application of SOD principles enables to mitigate the risk of fraud within an organization. To assess if your organization is OSD-proof, please click on your right to access the Group's SOD matrix.
The Group internal control intranet displays a lot of information that could help you. Do ne hesitate to have a look!
How to comply with the rule ?
Using the ageing balance, apply this rule to compute the provision.
Why it helps mitigate risks ?
It prevents from having heavy unexpected losses.
How to comply with the rule ?
Implement the development in LATIS or use a dedicated form to formalize the expression of a need with the name of the requester.
Why it helps mitigate risks ?
It Improves tracability and reduces the risk of loss of information.
How to comply with the rule ?
The process should always include a witness who is not working at the warehouse and the scrapping or the sell of items should always be documented notably for accounting purposes.
Why it helps mitigate risks ?
The independence of the witness is key to avoid any issue with employees who would dispose of stock items for their own benefice.
How to comply with the rule ?
Check the adequation between the persons who usually sign contracts and bidding offers and the DoA. If it does not match, take related actions.
Why it helps mitigate risks ?
Monitoring this enables to make sure that nobody commits the company without being authorized to do so.
How to comply with the rule ?
Keep the list of person authorised up-to-date and implement a way to make sure people accessing the warehouse are entitled to do so or with somebody who is (security system, badge...)
Why it helps mitigate risks ?
Restricting the access to the warehouse prevents from theft
How to comply with the rule ?
Set up a process where the comparison of offers is mandatory above the threshold and set up a standardized table of comparison including the names of approvers
Why it helps mitigate risks ?
It is a rule to protect the organization from the collusion between employees and suppliers which might results in (i) not having the best price to quality ratio and (ii) to embezzelment of funds.
How to comply with the rule ?
Justification for AR write-off should be formalised with a dedicated form and approved by the authorised person.
Why it helps mitigate risks ?
If there is no SOD it means that somebody could write-off a receivable on his/her own, which is a fraud.
How to comply with the rule ?
Verify in your process if it is the case. Perform an access rights reviews to make sur nobody can do both roles.
Why it helps mitigate risks ?
A strict SOD on this is key to mitigate the risk of somebody modifying supplier for fraud purpose
How to comply with the rule ?
Set up a dedicated form for fixed asset approuval indicating every requirements
Why it helps mitigate risks ?
Such a process is key to comply with delegations of authority matrix.
How to comply with the rule ?
Define a spot in the warehouse - labelled everything left from projects - draft a list and share it with the procurement team. These items are already paid so it is worth try to use them.
Why it helps mitigate risks ?
Tracking leftovers from projects is key to avoid the loss or the theft of goods.
How to comply with the rule ?
Communicate on this aspect and make sure approvers won't validate any expenses without justification. If possible, make the attachment of justification mandatory for submitting expense claim when using a dedicated digital platform.
Why it helps mitigate risks ?
Expense claims without any justification (receipts) can hide some non-compliant expenses.
How to comply with the rule ?
The procurement department should appoint somebody to perform this check. Using a G-sheet file with the name of the supplier, the expected amount of the PO and the outcome of the compliance check is good practice.
Why it helps mitigate risks ?
Check before it is too late ! The consequences of working with a company that does not meet VE compliance requirements can be very damageable for the BU: the supplier might not pay or even worse, the Group might be linked with somebody not respecting the law !
How to comply with the rule ?
In addition to the correct SOD, please make sure to apply the countercall process (see P2P) to double-check every sensitive information before modifying.
Why it helps mitigate risks ?
Checking this kind of information prevents from fraud to happen as it was already the case in VWT (see here for a testimony)
How to comply with the rule ?
Use existing LATIS reports and ask your L1 for a mass deactivation
Why it helps mitigate risks ?
Cleaning the supplier database
How to comply with the rule ?
Draft a process where manual entries should be computed by somebody and review by another person before being posted.
Why it helps mitigate risks ?
A seggregation of duties is key to avoid one person to post a fraudulous entry in the book (fake supplier invoice for fund embezzlement purpose for example)
How to comply with the rule ?
This is the standard process when receiving goods. The warehouse officer (or any person receiving it on the day to day basis) should have access to LATIS to declare the reception to take it inot account in the stock quantity as soon as possible. It is also important to properly keep the delivery note.
Why it helps mitigate risks ?
It limits the risk of having a wrong information into the system and potentially into the books.
How to comply with the rule ?
Thanks to an extraction of the AR ageing balance, analyze the outstanding receivable and take related action when necessary. This is to be done on a regular basis, under the supervision of the management, and related actions should be carefully followed-up.
Why it helps mitigate risks ?
It is key to follow the outstanding AR to chase customers who did not pay and then to be paid as soon as possible (Cash cash cash ! )
How to comply with the rule ?
Setup a disposal/transfer/write-off form to document the approvals and values of any FA removal.
Why it helps mitigate risks ?
It reduces the risk of fraud as it is impossible for only one person to sell company's asset for his benefit and to move it out from the books.
How to comply with the rule ?
Set up a process where any modification of these data is done by one person and aprroved by another independant one before being taken into account in the payroll process
Why it helps mitigate risks ?
It prevents from internal fraud
How to comply with the rule ?
Setup a disposal/transfer/write-off form to document the approvals and values of any FA removal.
Why it helps mitigate risks ?
It reduces the risk of fraud as it is impossible for only one person to sell company's asset for his benefit.
How to comply with the rule ?
Define a spot in the warehouse and stored everything that is damaged or obsolete.
Why it helps mitigate risks ?
Tracking and isolating the obsolete or damaged goods is key to avoid the risk of wrong deliveries.
How to comply with the rule ?
Set up a process where an expense can not be paid if not approved.
Why it helps mitigate risks ?
If there is no approval nor control, employees could be re-imbursed for non-justified expense which could be considered as a theft of company's money.
How to comply with the rule ?
Gifts and invitation are part of a dedicated compliance procedure. In your local procedure, a mention to it should be included.
Why it helps mitigate risks ?
By being very strict on this, we mitigate the risk of corruption.
How to comply with the rule ?
Define the rules within your T&E procedure by setting up a limit and a formalization form.
Why it help mitigating risk ?
Setting up rules prevents from using this process instead of the P2P.
How to comply with the rule ?
In case you want to open a new bank account, obtain the authorization from VWT Treasury department
Why it helps mitigate risks ?
It prevents from oppening accounts in un-reliable banks and optimize the banking relationships the Group has.
How to comply with the rule ?
It is a good practice to facilitate asset management, especially when it comes to small assets (computers, tables & chairs...)
Why it helps mitigate risks ?
It reduces the risk of loss of information and helps the follow-up
How to comply with the rule ?
Set up a process that aims to verify any modification by performing a counter-call to the employee.
Why it helps mitigate risks ?
It prevents from external fraud.
How to comply with the rule ?
Set up a dedicated form to be approved and on the basis the set up in LATIS will be done.
Why it helps mitigate risks ?
Such a process is key to comply with delegations of authority matrix.
How to comply with the rule ?
Contact your L1 if neccessary
Why it helps mitigate risks ?
It helps limiting the number of reference in LATIS
How to comply with the rule ?
To proceed, draft and issue a document stating that these type of expenses and only these are allowed not to have a PO. The list should be validated by the management and should be reasonable.
Why it helps mitigate risks ?
It clarifies what can be an exception and what can't be. It mitigates the risk of by-passing the system by clarifying exactly when a PO is not necessary.
How to comply with the rule ?
Use LATIS data to generate the computation of this KPI.
Why it helps mitigate risks ?
If you can measure it, you can improve it !
How to comply with the rule ?
All supporting documentation of the closing process should be gathered within a single folder.
Why it helps mitigate risks ?
Organizing this folder is key to avoid any issue with the yearly accounts certifications.
How to comply with the rule ?
Mention this rule in your procedure and ask for the approvers/accounting team to reject the expense claim if this is not mention.
Why it helps mitigate risks ?
It brings transparency to this kind of expense which is key from a compliant point of view.
How to comply with the rule ?
Perform the banking reconciliations by comparing the bank statement to the accounting data at the same date.Formalize this analysis in a dedicated file gathering the bank statement and the accounting balance, highlighting and explaining discrepancies (if any) Formalize the review by the approval of the CFO.
Why it helps mitigate risks ?
IIt is key to identify any unknown movement that could be a fraud.
How to comply with the rule ?
The criteria for advance payment should be determined by the relevant function (HR, general management) and strongly followed-up. The process should be included in the local procedure.
Why it helps mitigate risks ?
A strict control on this helps mitigating the risk of fund embezzlement
How to comply with the rule ?
Access rights monitoring is key to make sure that the SOD is respected on this process.
Why it helps mitigate risks ?
It prevents from creating a fake client.
How to comply with the rule ?
Complying with the rule is quite simple here: just apply this process. In case of language issue, keep in mind we are an international company and that somebody will probably be able to help
Why it helps mitigate risks ?
Following this process enables to make sure the new bank details belong to the supplier. A lot of external fraud could be avoided thanks to this very simple rule as fraudsters use this technique to steal money from companies.
How to comply with the rule ?
Perfom this analysis using the existing reports in LATIS. This reconciliaition is mandaotry in the context of the closing process. Discrepencies must be explained and old outstanding AP should be explained.
Why it helps mitigate risks ?
Performing this reconciliation is key to identify if what is in the GL matches with what is coming from the other modules. Otherwise, it means that something was manually booked in the GL and it can be a fraud.
How to comply with the rule ?
Perfom this analysis using the existing reports in LATIS. This reconciliaition is mandaotry in the context of the closing process. Discrepencies must be explained and old outstanding AP should be explained.
Why it helps mitigate risks ?
Performing this reconciliation is key to identify if what is in the GL matches with what is coming from the purchase module. Otherwise, it means that something was manually booked in the GL and it can be a fraud.
How to comply with the rule ?
The logic is the same as for the reception. Everything related to withdrawal should be formalized, managed in LATIS and supporting documentation properly stored.
Why it helps mitigate risks ?
It limits the risk of having a wrong information into the system and potentially into the books.
How to comply with the rule ?
Please refer to the Group's insurrance program
Why it helps mitigate risks ?
Having an inssurance reduces the risk of financial loss in case something unfortunate happen.
How to comply with the rule ?
In the context of the AP reconciliation, creditors suppliers should be investigated to make sure no double payment was performed
Why it helps mitigate risks ?
Analyzing this could results in the early identification of a fraud scheme
How to comply with the rule ?
In case you want to adopt a more restrictive policy, it is important to clearly list what is authorized and what is not.
Why it helps mitigate risks ?
It reduces the risk of paying for non-compliant expenses
How to comply with the rule ?
To proceed, you can rely on some external providers to have the information. to set these limits in LATIS, please see with your L1.
Why it helps mitigate risks ?
It reduces the risk of not being paid by analyzing our third parties.
How to comply with the rule ?
Draft the list of all tasks that need to be done and include who is responsible and who is reviewing.
Why it helps mitigate risks ?
An exhaustive checklist is key to avoid any issue on accounts certification and to make sure controls are performed over what are in the books.
How to comply with the rule ?
Verify in your process if it is the case. Perform an access rights reviews to make sur nobody can do both roles.
Why it helps mitigate risks ?
A strict SOD on this is key to mitigate the risk of somebody creating a fake supplier for fraud purpose
How to comply with the rule ?
Include in the PO a statement saying that the invoice should be exclusively sent to a genereic email adress (of the accounting department)
Why it helps mitigate risks ?
It is important to centralize the reception of suppliers invoices to avoid lost invoices and being chased by suppliers. It increases optimization!
How to comply with the rule ?
Set up an asset inventory campaign on the same logic as the one for stock
Why it helps mitigate risks ?
Performing an inventory of fixed assets helps identifying on time any adjustment needed and any missing asset that should be in function.
How to comply with the rule ?
Eliminate cashboxes and checkbooksIf not, set up a dedicated follow-up file detailing every movements, their nature and the approvers. Store properly cashboxes and checkbooks in a secure location. The access should be restricted to a limited number of employees. Manual payment should be restricted to a limited number of situations and strictly formalized through a dedicated follow-up file
Why it helps mitigate risks ?
Using exclusively EFT reduces the risk of fraud as it is a safer way to pay than cash or checks because 2 signatures are needed to sign the payment. Cash and checks can be stolen and used easily. Not to have them reduces this risk. In case it is not possible, to secure them properly reduces the risk of theft.
How to comply with the rule ?
Document the justification and the approval of each and every miscelleneous provisions booked as part of the closing folder.
Why it helps mitigate risks ?
It prevents from booking unjustified provision that could lead to unaccuracy of the financial statements
How to comply with the rule ?
Define a period and persons responsible for this task.
Why it helps mitigate risks ?
Performing the stock count is key to make sure that quantities in LATIS are correct and if not to understand why and to potentially identify theft.
How to comply with the rule ?
If necessary, please indicate your own list in your local procedure. This list can only be more restricitve than the corporate's one. Otherwise, add the corporate list in your local procedure as an appendix.
Why it helps mitigate risks ?
It is key to give a strict framework on what can be and can not be reimbursed to avoid any misuse of the company's money.
How to comply with the rule ?
Issue every PO in LATIS !
Why it helps mitigate risks ?
If not issue a LATIS, it means that the whole P2P process can be by passed. People who are not entitled to commit expense on behlaf ov the company could do it
How to comply with the rule ?
See with your L1 to implement a validation process on this topic. In addition, as the request should be justified, please use a dedicated template for the formalizing the request.
Why it helps mitigate risks ?
It is key to have a SOD on the credit note process so that nobody can generates credit note alone as there is a risk of fraud.
How to comply with the rule ?
This is a good practice but we strongly encourage you to attached in LATIS to the PO the relevant supporting documentation
Why it helps mitigate risks ?
It increases transparency and reduces the risk of loosing information