Mammut Internal - Audit - Report May 31 2009

Emaar Industries & Investments (EII) Internal Audit Mammut Building Systems Balance Sheet & Internal Controls
Review
Scope EII Internal Audit conducted a review of Mammut Building Systems (MBS) operations pursuant to the 2008 Internal Audit Plan. The purposes of the review were: Assessment of key internal controls over operations and compliance Review of Balance Sheet as at 30th September 2008 Assessment of internal controls over financial reporting
EII Internal Audit visited MBS office in Hamriyah Free Zone, Sharjah. The review was conducted during the months of October, November and December 2008. EII Internal Audit procedures included interviews with MBS management and staff, walkthrough of key operational and financial reporting processes and transaction testing on a sample basis. EII Internal Audit reviewed sample key processes including Entity Level Controls, Sales and Debtors Management, Customer Service, Estimation, Engineering, Production, Quality Assurance & Quality Control, Waste Management, Maintenance and Facilities Management, Procurement, Inventory Management, Shipping, Accounts and Finance, Capital Expenditure Decision, Human Resource Management and Information Technology and Systems. EII Audit findings and recommendations were discussed with various personnel from MBS on an ongoing basis during the progress of the assignment. The findings were also discussed with the MD. The list of key personnel is provided in Appendix 4.1. The audit report was further discussed with MBS Executive Committee and action plans have been drawn to remediate the control deficiencies and address the audit recommendations. A follow up audit will be conducted after 6 months of issuing the final draft of the report. Company Overview Mammut Building Systems was established in 1997 to fulfill the demand for quality pre-engineered steel structure buildings and polyurethane sandwich panels and is now a leading player in the region for pre-engineered steel buildings. The financial results for the company for the last three years are summarized below: Million AED 2008 332.41 17.21 5%
Year Revenue (AED) Profit Profit percentage to Revenue
2006 243.18 18.85 8%
2007 317.75 14.22 4%
The companys order book for the past three years stood as follows: Million AED Year Contract Value (AED) 2006 613.68 2007 602.18 2008 653.88
The growth in revenue, profitability and order book has been marginal. Further, as a result of our review we learnt that although efforts were made for system improvement in terms of implementation of ORACLE ERP system and other related efforts, it did not bring in the desired improvement. Currently, there are systemic problems which need to be addressed on an urgent basis. There are deficiencies in the design as well as in the operative effectiveness of controls. A lot of work needs to be done pertaining to Policies & Procedures, Delegation of Authorities and defining Roles & Responsibilities with clarity. As of now, reporting mechanisms are inconsistent and processes are largely driven by individuals. Keeping in mind the current economic scenario, it is the most opportune time for the company to bring in fundamental changes and to make the systems robust enough to sustain the growth in the future. This report is an attempt to facilitate that process. Our key findings are summarized below: Key Findings: S. No. Areas Key Findings Although business plan has been prepared as per the management requirements and contains the desired elements, but certain aspects pertaining to assignment of roles and responsibilities, budget vs. actual analysis, etc have not been addressed. The risks associated with effective financial reporting and achievement of business objectives, have not been assessed. Further, the company does not have a Business Continuity Plan. A detailed Organization Structure, Authority Lines and Job Profiles are still to be defined completely. Further, mechanism to assess and monitor appropriate levels of resources for the key elements of the organisation is also not in place. 1. Entity Level Controls Employees may act in an unethical manner with legal, regulatory or reputational repercussions for themselves and/or company due to the absence of Business Code of Conduct to instill integrity and ethics among the employees. System access mechanism in terms of identification of financially critical systems and associated authorities and review of user profiles are not defined. Security management guidelines in terms of defined responsibilities for physical security of production and office assets, protection of financial data, pre-appointment screening of employees and protection of sensitive business information in not in place. Heath and safety measures like placing of emergency contact numbers and availability of employee health check ups have not
S. No.
Areas been considered.
Key Findings
At the feasibility study stage of the capital expenditure decision there is no provision for the review for environmental impact of the capital project prior to approval Record Retention Policy is not available on record covering both paper and electronic records. Company does not have a Data Protection Policy or guidelines or equivalent, covering personal data whether relating to employees, suppliers or customers. Amendments to the Customer Master Database are not authorized due to the absence of a signatory list. The Customer Master Database is not reviewed periodically and customer details are not complete. Sales and Debtors Management A documented policy for discounts does not exist and a high percentage of debtors have balances outstanding for over 180 and 360 days. The accounting system is underutilized as debtors ageing is still prepared manually in excel worksheet. Delays were noted in the communication of Invoices to the Bank for negotiation largely because of the delay by the customer in the approval of delivery note as mentioned in the Letter of Credit terms. No rack was kept of such delays in order to monitor and control such delays. The Job Acceptance Form (JAF) was not approved properly and timely in some cases and in other cases the JAF could not be located. The JAF was not always updated to reflect changes to the contract. A documented policy for the approval of the Project Information Form (PIF) does not exist. The PIF was not signed-off by the preparer and was not properly approved. Currently, the PIF is not integrated with the ERP system. Guideline for describing the issuance, importance and interpretation of Raw Material List (RML) does not exist. The RML is a broad estimate based on approval drawings or drawings forwarded to the customer, which results in inefficiencies from increased manual effort in material requirement planning. In some cases, the RML was issued before the approval drawings were approved by the customer. In-house benchmarks for performance and cycle time for each department pertaining to various stages of engineering drawings, production and dispatch have not been established. A mechanism to assess job wise throughput versus standard and to perform a comparison of job wise actual waste versus standard waste does not exist. There is also no mechanism in place to perform machine wise efficiency analysis, work-inprocess analysis and job wise margin monitoring. The quality plan section of the PIF was not always populated resulting in confusion on which quality plan was to be followed.
2.
3.
Customer Service, Estimation, Engineering, Production and QA/QC
S. No.
Areas
Key Findings Urgent Material Requests (UMR) is tracked manually instead of utilizing the ERP system. There is no mechanism in place to track UMR costs as a whole and in some cases material issued to complete the UMR was not booked against that UMR in the system.
4.
Waste Management
The company does not have a weight bridge on the premises and trucks carrying scrap material are sent elsewhere for being weighed which may result in pilferage. Scrap is not stored in a demarcated area. The C Works software implemented for maintenance management crashed about ten times. The system functionality of generating detailed work order report has not been utilised in the past. Further, there were mismatches in the work order report generated from the system and the physical work orders kept as an evidence of maintenance performed.
5.
Maintenance and Facilities Management
As a part of maintenance planning and analysis no budgets have been prepared for the maintenance department and records capturing machine-wise material and labor cost are not available. The preventive maintenance schedules have not been implemented properly and also contain errors. The responsibilities for generation and approval of work orders pertaining to breakdown maintenance is not defined. Although the work order is generated in the system, a copy of the same is not printed out, signed off and filled. There is an absence of documented criterion to select vendors and suppliers, there is no procurement policy, price comparison records were manual, and costing is tentative. Further the there are about 460 vendors with which the company deals. Of these top twenty vendors fulfill 71% of total purchases and the balance 441 fulfill remaining 29%. Currently the basis of evaluation of individual suppliers is subjective and not scientific. Further there is no defined periodicity for the same supported by periodic visits to suppliers premises.
6.
Procurement
Currently, the authorities for raising purchase requisition for goods and services are not defined. The ORACLE ERP system allows raising POs without purchase requisitions. Further, no periodic exercise is done to assess open POs and their systematic closure. It is not defined as to who will approve the payment requests without PO made by Finance Manager and MD. Proposed payment lists are not generated before a payment run. There is no written policy for cheque access, storage and usage. Cheque issue log is also not maintained. Supplier reconciliation is not done on a periodic basis. Further, the ORACLE ERP system does not generated a creditors ageing report. A dedicated inventory management team does not exist. Stores are not centralized with a layout plan and are not mapped in the ERP system. There is a lack of a well defined hygiene and staking norms. A perpetual inventory system and continuous stock taking system has not been implemented. No evidence of adhering to the FIFO principle is available particularly in case of materials having a shelf life. There is no mechanism in place for tracking unloading time and expired materials.
7.
Inventory Management
S. No.
Areas
Key Findings The ISO procedure does not specify guidelines for technical inspection and its periodicity. Rejected materials are neither tracked nor kept in a designated area. Rejected materials are not re-inspected before being returned to the supplier. A well defined physical verification procedure does not exist. Guidelines are not available for the preparation of stock verification report, or for the verification, final authorization and approval of adjustments. ABC classification of inventory is not performed and inventory levels have not been defined. The ERP system does not generate an inventory ageing report. Therefore, non-moving and slow-moving items cannot be identified and valued. There is no documented policy for transporter appointment, evaluation, and selection. Further, there has been over dependence on one transporter found. There is absence of a well documented procedure defining the parameters for the performance evaluation of the transporters. The existing procedure is not objective in nature.
8.
Shipping
Formal agreements between the company and the transporter, stating the terms and conditions of both the parties are not present. As of now quotation / rate list sent by the transporter and approved by authorized signatory is considered as a contract. The Loading report is not signed by the checker due to oversight. Proof of delivery is not obtained in certain cases due to absence of authorized personnel of the customer at the client site. Destination-wise transit periods are not defined and formally approved by both the parties in form of a contract. A mechanism to monitor and control demurrage charges does not exist. Demurrage Charges for incoming materials have been accounted for under two different heads instead of one. Further, freight Charges which could be clearly identified as demurrage charges according to descriptions of transactions amounted to AED 0.12 million. This could be much more. A documented policy for the control of the chart of accounts does not exist and there is a lack of a standardized process for amending the chart of accounts. There is no delegation of authority for the approval of payments and most of the non-standard journal entries lack proper supporting documentation. Bank reconciliations are not prepared and reviewed on a periodic basis and the company accounts are updated based on the bank statements. A documented policy for Capital Budgeting does not exist and responsibility for this process is not assigned within the company. The review of budgeted vs. actual expenses and analysis of variances is not documented and the execution and completion of capital expenditure projects is not reviewed periodically in order to assess as to whether the desired benefit was obtained. An approved vendor list for capital purchases does not exist and quotations were not always obtained for capital expenditures.
9.
Accounts and Finance
10.
Capital Expenditure Decision
S. No.
Areas
Key Findings In most of the cases, a NPV/IRR/Payback period analysis was not performed, capital expenditure requests and purchase orders could not be located, and the purchase orders were not approved. Some assets were put to use but were not capitalized. A documented policy for fixed assets does not exist. In some cases, fixed assets purchased were neither capitalized nor recorded in the Fixed Assets Register and their costs could not be tracked. Depreciation was calculated without taking into account the relevant useful lives and usage of machines. Insurance was obtained based on the net book value of the fixed assets which may result in overspending. Currently, planning and budgeting is not done in the HR department. Although a projection of salaries and benefits / allowances is done as a part of annual business plan for which there are no assumptions available on record, the same is not done in conjunction with the department. Although Future Process Model is available on record the same is yet to be implemented and as of now company is following the HR procedures set in 2006. Alignment of the recruitment activity to the business plan can not be ascertained. A staffing plan neither is in place nor is the staffing requirements monitored, including anticipated organizational changes. A detailed organization chart is not available on record. Further, there were gaps in the documents maintained in employee personal files. Overall workforce capability requirements are not assessed. Over-reliance on key individuals is not identified and succession plans are not in place for key positions. Job descriptions along with key performance indicators are still to be defined for all levels. A well defined training program has not been formulated. There is absence of measurements of employee productivity and mechanism for renewal of visa and passport. There is absence of grievance procedures, audit of disciplinary procedures, and other discipline regulating mechanisms. Although an IT policy exists at the group level, there was no evidence of extending the same policy to MBS. Disaster Recovery Plan and Disaster Recovery Framework are in draft stage. Further, this is no defined and documented plan to assess and monitor the physical and logical security of IT infrastructure. It has been almost one year since the ORACLE ERP has gone live and AED 1.5 million of expenditure was spent on it. Nevertheless, it is still not stable and does not provide the desired support and results.
11.
Human Resource Management
12.
Information Technology and Systems
2 Detailed Observations & Recommendations We have classified our observations into high, medium, low based on the following definition:
High
Matter noted constitutes an important control weakness where the potential impact is considered material for the business as a whole or any part of the business and must be resolved.
Medium
Matter noted constitutes an improvement to weakness in the current system where some compensating controls exist but which are not as effective or efficient or where the potential impact is moderate.
Low
No matters noted that would indicate the current processes are not operating effectively and efficiently as designed or where control weakness is so minimal that potential impact if any is minor.
2.1. Entity Level Controls

Internal Audit Observations 1. Refinement of Business Performance Management System Management Response Management action plan Timelines
While reviewing the Business Performance Management system, the following was noted: Although a business plan is prepared containing managements profit forecast, balance sheet projections, operating cash flows and SWOT analysis, the following elements were absent: 1. Assignment of Management responsibility for tracking progress towards achievement of planned objectives and goals. 2. Budgeted vs. actual analysis with root cause identification for variances, competitor analysis and Key Performance Indications (KPIs) to ensure all relevant issues are discussed and addressed. 3. Setting of team and individual objectives within the company which are aligned to and consistent with the company's overall objectives as defined in the business plan. 4. Defining roles and responsibilities for the communication of strategic plans within the company. 5. Long term or Medium term strategy outlining company objectives.
Agreed
1.Will be added in the Budget 2010. 2. Already available in the MIS, however KPI will be considered in future. 3Will be added in the Budget 2010. 4 Will be added 5. Already available in the plan.
30 September 2009
2.
Absence of Risk Identification and Management System and BCP
Agreed
While reviewing the Risk Management initiatives at MBS, the following came to light:
Data disaster recovery plan available which is a part of BCP, however, complete plan will be finalized as per EII guidelines and present to EXCOM.for approval.
30 September 2009
Internal Audit Observations 1. 2. 3. Risks pertaining to key processes having a direct impact on effective financial reporting have not yet been identified. Risks to the achievement of business objectives have not been identified. There are no evidences available on record of a crisis risk assessment being performed to identify all crisis risks which the business faces. Business continuity analysis has not been carried out to identify the minimum hardware, software and asset requirements for all teams and functions. A Business Continuity Plan (BCP) does not exists in order to support the business, secure the necessary hardware, software and assets to continue critical business processes following a crisis or emergency situation (e.g. production, sales order handling or financial reporting)
Management Response
Management action plan
Timelines
4.
5.
3.
Weakness in Organization Structure
While assessing the basic framework and controls pertaining to organization structure, following aspects were noted: 1. 2. 3. A detailed organization chart is not available on the records as of now. Roles and responsibilities of managers are not defined and communicated to the relevant individuals. A mechanism to assess and monitor appropriate levels of resources to support key elements of the organizational viz. finance, operations, IS, treasury, and human resources is not in place. A well defined statement of authority is not available on record. 1. 2. Agreed but available since October 2008. Agreed. 1. 2. Organization chart is available. HR will define the roles & responsibilities & forward to all Managers. HR will set the mechanism. N.A 30 September 2009
3.
Agreed.
3.
30 September 2009
4.
4.
Agreed
4.
DOA document is available at Mammut Group Level and will be
31 July 2009
Internal Audit Observations
Management Response
Management action plan implemented after presentation to EXCOM and approved by the BOD
Timelines
5. 6.
Performance goals for individuals are not defined clearly Job profiles are not available for all levels.
5. 6.
Agreed. 5. Agreed but available since November 2008. 6. HR will define the goals. Job Profiles are available. August 31,2009
4.
Absence of Policy and Procedure Delegation of Authority Matrix
Manuals
and
Agreed.
There are three fundamental components of internal control environment viz. policies and procedures frame work, delegation of authority including financial delegation and segregation of duties in key functions. Currently the company does not have well defined policy and procedures manual, delegation of authority matrix and process wise Segregation of Duty (DoA) rules. DOA for business routine is established but the same is not documented and approved by the Board. 5. Mechanism to Instill Integrity and Ethics
DOA document is available at Mammut Group Level and will be implemented after presentation to EXCOM and approved by BOD. Job descriptions of key functions available and already defined.
31 July 2009
While assessing the mechanism to instill integrity and ethics among the employees, the following was revealed: 1. Presently the company does not have a code of conduct setting out required standards of integrity and ethical behavior along with the employee signoff as a part of the contract. Agreed Code of conduct will be implemented and circulated to all employees. July 31, 2009.
10
Internal Audit Observations 2. The Company does not have an appropriate channel like a helpline for reporting ethical violations or any incidence of fraud. No evidences are available on record indicating allocation of overall responsibility to specific members of senior management for compliance with legislation and regulatory laws. 6. Identification and Access Control to Critical Financial Systems
Management Response Agreed
Management action plan A committee will be formed to report ethical violations etc. HR/Admin department is responsible for compliance of regulatory laws. N.A
Timelines
While reviewing the system access mechanism, the following was observed: 1. Critical financial systems have not been identified. Critical 1. financial systems are those which directly influence the recording, processing and reporting financial information 2. and statements. The company does not have a well defined and documented statement of authorities which may facilitate granting of access to the said systems. Currently the same is done as per the approval of the line manager. 3. Disagreed, Critical financial N.A systems are defined (All ERP). Agreed despite it is built up in to the system yet the documentation is required. N.A
30 June 2009 Process is in place to be documented.
2.
3.
There is no system of reviewing the user profile for segregation of duties at the time of new, revised or composite user profiles (within critical financial systems). Security Management Guidelines
Agreed , All users access handled by Support Desk with approval from department manager; however separate request form will be created for the purpose.
Separate request form will be created
Immediate
7.
Following was observed pertaining to the key security management aspects:
11
Internal Audit Observations 1. Responsibility for physical security of production/office premises and adequate protection of assets and financial data based on the risk environment in each of the facilities is not defined clearly and also not assigned to a member of senior management. There is no system of pre-appointment screening of all prospective employees, both permanent and temporary, who are being considered for any positions in the company. As of now there are no guidelines available on record for the protection of sensitive business information (hardcopy, electronic message, or voice communication) when transmitted internally, externally, and at disposal. Control Gaps in Health Management
Management Response
Timelines
1.
Agreed
1.
HR Manager with MD will define the guidelines.
30th Sep 2009
2.
2.
Agreed
2.
HR & Admin will set the procedure for screening. HR/Admin Manager with MD will set the guidelines.
July 31st -2009
3. 3. Agreed
Sept 30th -2009
3.
8.
While reviewing the occupational health and safety aspects, it was revealed that, although the factory has a fulltime male nurse, there is no activity in place to ensure regular health checkup of the employees, specially the employees at the shop floor.
Disagreed, Employees already N.A covered under insurance. Workers have health card from Ministry of Health. However, this recommendation will be considered once company will be in a position to afford it.
N.A
9.
Environmental Review of Capital Projects Agreed Guidelines are available in ISO 14000 and we will add this area in CAPEX approval form. Immediate.
At the feasibility study stage of the capital expenditure decision there is no provision for the review for environmental impact of the capital project prior to approval. 10. Record Retention Policy Although record retention norms have been defined for most of the functions as a part of ISO procedures, same has not been done for Finance Department as yet. Further, there is no detailed
Agreed
Entity level Policy for record retention will be documented
31 July 2009
12
Internal Audit Observations entity-level policy for record retention..
Management Response
Timelines
11. Absence of Data Protection Policy Currently the company does not have a Data Protection Policy or guidelines or equivalent covering personal data whether relating to employees, suppliers or customers.
Agreed
MD with Group IT Director will define the policy.
30 June 2009
13
2.2 Sales and Debtors Management

Internal Audit Observations 1. Customer Master Database Management Response Management action plan Timelines
During the review of Customer Master Database, the following observations were made: 1. 2. Absence of signatory lists for additions and amendments to customer master data. Presence of invalid / irrelevant customer entries. Name Misc Clients Do Not Use Ever Do Not Use Ever Do Not Use Ever Dummy Customer Do not Use2 Do not use Do not use Do Not Code 1119 1561 1562 1563 1602 1603 1644 1828 2657 Status Active Inactive Inactive Inactive Active Inactive Active Inactive Active 1. 2. Agreed Agreed 1. 2. Signatory list will be created. Will be rectified. August 31,2009 30 June 2009
On a review of the active invalid accounts, it was revealed that three accounts out of four, did not have any transactions during the period 1-Jan-08 to 31-Dec-08. One account (Code: 1119, Name: Misc Clients), had 5 transactions during the same period. Details of the transactions are given below: The company was not able to provide supporting documents justifying the transactions mentioned above.
14
Internal Audit Observations 3. 4. Absence of periodic review of amendments to Customer Master Database. Incomplete details such as billing and shipping address in Customer Master Database. Control Gaps in Discount Policy And Debtors Ageing Analysis
Management Response 3. Agreed 3.
Management action plan Will set a process for periodical review. Will complete as soon as possible.
Timelines
4.
Agreed.
4.
2.
It was observed that no documented discount policy exists outlining the basis on which discounts are to be approved and awarded. A review of the debtors ageing as on 30-Jun-08 revealed the following:
Disagreed, discount policy depends upon the area, market situation, jobs complexity, order size etc. It varies from case to case which can not be standardized.
N.A
1.
2.
Alfa Industrial Refrigeration (Code: 151044) is a debtor in the books of accounts with an outstanding balance of AED 789,920. After discussion with finance personnel it was revealed that, the Letter of Credit for this customer had been obtained under the joint bank account of Mammut Industries and MBS (Account no.: 0800-012815-001) with Al Ahli Bank. Later, this account was handed over to Mammut Industries as part of the consolidation process in MBS after investment by Emaar Industries and Investments. The payment had been received from the customer in this account on 10-Apr-08 but intercompany settlement has not taken place till now. This amount will be settled against proposed dividend in the year 2008. Although the Oracle has the facility to generate debtors ageing report, but currently the same is prepared manually in an excel workbook.
1.
Agreed
1.
Adjusted in December 2008.
Immediate
2.
Agreed but Debtors aging available since December 2008 which needs to be monitored.
2.
Debtors aging will be monitored on a regular basis.
Immediate
15
Management Response
Timelines
3.
28.58% of the debtors have balance outstanding for more than 360 days and 52.23% of the debtors have outstanding balance for more than 180 days. A summary of debtors aging is mentioned below: Cumulativ e Percentage 33.32% 47.77% 71.42% 100%
3&4. Agreed
3&4 . Above 360 balances of 22,552,340 include provision for bad debts 12,981,242. Most of the sales are secured against documents. The total outstanding is 15% of total sales.
Immediate(Debtor Aging)
Age Groups 0 - 90 DAYS 91 - 180 DAYS 180 - 360 DAYS ABOVE 360 DAYS TOTAL
Value (AED) 26,298,73 6 11,402,29 8 18,666,02 7 22,552,34 0 78,919,43 0
Percentage 33.32% 14.45% 23.65% 28.58% 100%
4.
Although a control over retention receivables is kept, debtors ageing report is inclusive of retentions receivables. Due to this, the report may be misleading and may not present a true picture of the outstanding amount. Control Gaps in the Invoicing Process Agreed
Retentions part wherever applicable will be maintained separately. However all efforts will be made to improve the recovery from various customers.
31 July 2009 (Retention Separation)
3.
Most of the jobs undertaken by the company are covered by a Letter of Credit (LC). Invoices are sent to the bank for negotiation on completion of shipping of a phase of the project.
The delays are under normal course of business. Mostly it is happening for export because the time for sending material to other countries & getting signed delivery note is required much more time as
Immediate
16
Internal Audit Observations During the review of the invoicing activity for three jobs, it was observed that invoices have not been communicated to the bank for negotiations on time. On the basis of the discussion with the treasury manager, it was learnt that the delay was due to a clause in the Letter of Credit (LC) agreement which allowed the raising of invoices against the LC only after the customer signed the delivery note. It is to be noted here that neither the date of signing the Delivery Note or receipt of signed Delivery Note by the company has been documented anywhere. Hence the cause of delays cannot be known. 4. Absence of Provisioning Policy for Receivables
Management Response
Management action plan compare to local sales. We track with customers regularly. We will try to reduce the time for submission of invoices.
Timelines
Agreed.
No documented policy exists to make provisions for bad and doubtful debts. Currently it is being done on the basis of discussions with external auditors and has a very subjective basis. 5. Absence of Debtors' Reconciliation Agreed
Provision policy will be defined and documented. Debtors will be reconciled periodically.
15 August 2009
Debtors' reconciliation is not performed at all by the accounts department. At the time of external audit, only confirmation letters are sent to debtors. Also, treasury department and accounts department maintain separate records for debtors which are reconciled at the end of every month. Hence, an inter-department reconciliation is carried out. 6. Absence of Documented Revenue Recognition Policy Agreed.
In future, Debtors records will be reconciled between two departments on a monthly basis.
15 August 2009
During discussion with the finance personnel, it was revealed that a documented revenue recognition policy does not exist in the company. Currently, revenue recognition is done on the basis of invoices raised to customers. All the projects undertaken by the company are
Revenue recognition policy will be defined & documented in accounting and finance manual.
15 August 2009
17
Internal Audit Observations covered under LCs. When shipping for a segment of the project is complete, a 'Shipping Completion Certificate' is issued by the shipping department. On receiving the certificate, the accounts department raises the invoice for the shipped material and communicates the same to the bank for negotiation. Revenue is booked on the date when the invoice is raised.
Management Response
Timelines
18
1.3 Customer Service, Estimation, Engineering, Production and QA/QC

Timelines
Internal Audit Observations 1. Control Gaps in Creation and Approval of Job Acceptance Form (JAF)
Management Response
Job Acceptance Form (JAF) is created after the completion of estimation process and contains important information regarding the job such as total estimated tonnage, mark-up on the cost, final price to be charged to the customer and payment conditions. This important document is reviewed by the area office manager and approved by the sales manager. During a review of the creation and issuance of Job Acceptance Form (JAF) for 16 selected jobs, following was revealed: 1. JAF was not signed by sales manager in 3 cases: Job Number AE3-2084 AE1-2334 PK-2140 Total Price (AED) 7,496,000 8,100,000 18,014,806 3. 1. Agreed. 1. In future General sales manager will sign all JAF. 31 July 2009
2.
JAF not
JAF Date 17-Jun-08 Not Mentioned 30-Aug-08
was
2.
Disagreed with observation, document is available for inspections.
N.A
N.A
Agreed.
Rectified.
Immediate
available for job OM-1667 (EURO 23,353,974).
3.
4.
Date of approval of JAF by sales manager was not mentioned on the document for job QA-2187 (Contract Price: 4,920,000 QAR) and QA-1021 (Contract Price: 4,550,000 QAR). The contract price for job QA-2187 was revised to QAR 4,450,000 from QAR 4,210,000 on 28-Apr-08 but the JAF has
4.
Agreed.
Rectified.
Immediate
19
Internal Audit Observations not been updated to reflect the change.
Management Response
Timelines
Immediate 5. JAF for the job QA-1021 dated 7-Jul-05 has been changed / updated manually using a pen and there are no evidences of approval of the modification. 5. Agreed. Rectified.
2.
Control gaps in Generation and Approval of Project Information Form (PIF)
Project Information Form (PIF) is created for each job after it is accepted and is used as an information repository for all the departments regarding that project. It consists of two parts; General Data Sheet (GDS) and BDS (Building Data Sheet). GDS contains all the general information regarding the job such as, name of client, total tonnage and payment terms. BDS contains technical information about each building in the project. During a review of PIF of 16 selected jobs, the following was revealed: 1. PIF created for each job was neither signed off with date by the customer service manager nor signed off by the person who prepared it, for all the selected jobs. This leads to the conclusion that the approval activity for the same is not in place, although it was given to understand that the document is circulated through e-mails to all the concerned people. PIF of each job is designed separately in Microsoft Excel and is not integrated with the Oracle system. After discussions, it was learnt that the Oracle system itself is not capable of handling such technical data. 1. Agreed 1. In future CSD Supervisor/Manager will sign all PIF. 30 june 2009
2.
2.Agreed
2.
As agreed with the business technical data will be stored in the ePIF(Develop by PRD). General data is stored in Oracle.
30 june 2009
20
Internal Audit Observations 3. Control Gaps in Creation and Issuance of Raw Material List (RML)
Management Response
Timelines
N.A 1. Currently, there is a practice of making a broad estimate of material requirement based on approval drawings. This results into a raw material list (RML) which according to customer service is an indicative figure and is meant to give a broad idea of material requirement with an aim to facilitate Material Requirement Planning (MRP). However, the same is taken as a basis for MRP by Production Planning Department. Further, a detailed Bill of Material is generated after the detailing stage but by that time MRP is already complete. Following is a comparison of RML and BOM tonnage for 8 jobs:
Job Number 2172 1414 2084 2005 2071 2187 2140 1021 RML Tonnage (MT) 1669.002 4295.443 1000.746 326.594 104.034 405.047 2937.882 700.374 BOM Tonnage (MT) 1677.77 4483.141 885.477 316.032 98.222 429.194 2658.496 758.42 Difference (MT) - 8.768 -187.698 115.269 10.562 5.812 -24.147 279.386 -58.046
Sr. No. 1 2 3 4 5 6 7 8
1. Disagreed, All the material should be managed with RML since delivery period of any raw material is more than three months where as the job delivery after approval drawing is normally 1 1/2 to 2 months. So RML can help at great extend in inventory planning. Ordering pattern for any standard inventory items depends mainly on historical consumption and forecasted consumption against available stock and incoming materials. For non standard inventory items RML should reflect 100% requirement in order to avoid any excess or less material during job execution. In general whenever revisions are requested by the customer, the RML also must reflect the revised material requirement. New policy implemented restricting RMLs for forecasting raw material
N.A
2.
In certain cases, Raw Material List was issued before the approval drawings were approved by the customer:
Job Number AE3-2084 QA-1021 RML Date 8-Apr-08 28-Aug-05, 21-Aug-05 Date of Approval Drawings 16-Jun-08 23-Oct-05
Agreed.
In future we will follow the standard practice.
Immediate
It to be noted that Raw Material List is prepared based on the approval drawings.
21
Internal Audit Observations 4. Through-put and Production Efficiency Agreed
Management Response
Timelines
Currently the production efficiency analysis is done based on the comparison of quantity of scrap generated versus the production on a monthly basis and arriving at a percentage for the same and there are no benchmark percentages established for comparison. As of now, there is no system / method in place to assess job wise throughput versus standard comparison of job wise actual waste versus standard waste. There is also no method in place to perform a machine wise efficiency analysis on an ongoing basis.
These reports will be available once SCIA will be implemented.
30 September 2009
5.
Job-wise WIP Valuation and Margin Monitoring Agreed This can be possible once SCIA will be implemented. 30 September 2009
There is no mechanism in place to conduct a job wise WIP analysis against estimates and consequential margin monitoring. As of now, only an over all assessment of profitability can be made at the year end. Further, as there is no job wise estimation verses actual comparison, no assessment can be made about the accuracy of the project cost estimation. It was given to understand that an MRP system is under implementation which will facilitate the tracking of job WIP valuation and margin monitoring. Currently the company if tackling the integration of the MRP with the ORACLE ERP system. 6. Absence of Performance Monitoring of Key Departments
A cycle-time analysis of 6 closed jobs revealed a varied range of time taken for approval of drawings, finalization of detailing, production and shipping: But, currently it can not be commented as to whether the turn around
Disagreed, since it depends upon the internal & external factors which influence the period from 1 month to 6 month, The standard cycle time has been defined is 8 weeks for Jobs ranging from 250mt to 500mt and it
N.A
N.A
22
Internal Audit Observations time mentioned is efficient or otherwise. Due to the absence of internal benchmarks pertaining to the turn-around time at each stage, the reasonableness of the same commented above can not be ascertained. 7. Control Gaps in Quality Assurance and Quality Check Processes
Management Response varies depending upon the job volume & complexity.
Timelines
During a review of Quality Assurance and Quality Check process for 16 jobs, following was revealed: 1. Point number 6 of PIF pertaining to quality plan to be followed was not populated in 2 out of 8 cases. It was given to understand that if the same is not populated then the standard QC plan is followed. In one of the projects pertaining to Qatar Petroleum, with job number QA-1021, it was learnt that because of lack of clarity about quality plan to be applied, the standard QC plan was followed. Later on, it came to light that radiography test was to be performed as part of quality plan and the same was done later at client site. It was given to understand the PIF did not mention the quality plan. The same can not be confirmed as the PIF is not preserved as the project was more than one year old. While reviewing the implementation of the quality assurance process for 15 projects out of a sample of 16, it was found that quality steps have not been followed in case of 7 projects. Inefficient Tracking of Urgent Material Requests and High Associated Costs Agreed In future we will follow the process. 31 July 2009
2.
8.
During our review of 16 jobs, it was observed that additional material was dispatched to customers after requests were received from their end. This was done in either of the following situations: Loss of material in transit
23
Management Response
Timelines
Defective / low quality material Damage to material during assembly
After a request for additional requirement is received from customer, a document called Urgent Material Request (UMR) is generated by the customer service department. 1. Till 2007, before the implementation of ORACLE, the ALPHA system did facilitate the tracking and cost assessment of UMRs Following is the summary of claims settled between 2005 to 2007: S. No. 1 2 3 2. Year 2005 2006 2007 Claim settled (AED) 2,627,904.11 1,816,098.17 2,446,593.51 2. Disagreed, Job tracking report is available to track UMR & cost. 2. N.A N.A 1. Agreed 1. Oracle is supporting to generate this information just we need to populate data. 31 August 2009
During our review of UMRs generated from Feb-08 to Oct-08, it was revealed that, post implementation of ORACLE, as of now, the system functionalities have not been utilized fully to track the same. Further, the status of the active UMRs and the associated cost is tracked manually using an excel worksheet. Hence, it is not tracked on a real-time basis and is prone to clerical errors. During our review of UMRs generated for 16 selected projects, following was revealed: 3.1 According to UMR No. C-06-1021, dated 23-Jul-06 (Job number QA-1021), customer rejected purloins sent by the company. This was due to the fact that they had white stains on the surface and steel was rusty. Results of the third party tests carried out by Qatar Industrial Laboratories were negative and stated that the quality did not meet the ISO
3.
3.
Agreed.
3.
Separate account will be created to monitor the cost as well as report will be developed for monitoring.
31 August 2009
24
Internal Audit Observations 1461:1999 standard. According to UMR No. C-05-1021, dated 23-Jul-06 (Job number QA-1021), the length of the supplied stair tread was wrong. It was stated that It doesnt fit the stringers. According to UMR dated 1-Mar-07 for job number QA1021, customer rejected the welding done on the material and modifications were made by the company at the site. According to UMR No. C-04-2005, dated 20-Jul-08 (Job number AE2-2005), Mammut erection team had to conduct modifications at site because of engineering detailing error for the closer trims for the roof monitor and wrong supplied door lock device. According to UMR No. C-01-2005, dated 22-Apr-08 (Job number AE2-2005), customer rejected the connection bolts received from supplier Al Rashed Fasteners, due to quality issues with the material. It was stated that Customer encountered problem of excess galvanizing at the threaded end of the bolts. Further, total UMR cost for each of the 16 selected projects could not be ascertained. On the basis of discussions it was learnt that, the material issued to complete the urgent material request, was not booked against that UMR / job in the system and there is no mechanism to track UMR cost as a whole.
Management Response
Timelines
3.2
3.3
3.4
3.5
25
2.4 Waste Management

Internal Audit Observations 1. Weighing Bridge and House Keeping Management Response Management Action Plan Timelines
While reviewing the process of waste and scrap management, we noted the following: 1. Currently the company does not have a weighing bridge in the premises. Due to this, the truck full of scrap material is to be sent out side for weighing. 1. Agreed. 1. CAPEX for weighing bridge already approved and will be ordered and installed into the demarked area. 31 August 2009
2.
Although separate areas have been demarcated to keep the scrap and rejected material, rejected material was not segregated from usable raw material in certain areas.
2.
Disagreed, Demarcated area for all type of Scrap area is place in years and records are well maintained. Only Hazardous waste demarcation area recently created for ISO 14001
2.
N.A
N.A
26
2.5 Maintenance and Facilities Management

Internal Audit Observations 1. Maintenance Software Optimization Management Response Management Action Plan Timelines
The maintenance management system namely C Works was implemented by the company to facilitate the efficient management of the maintenance function. It was observed that although it is a single-user software, it has been used as a multi-user system in the company. Following were observed: 1. Since implementation, the software has crashed about ten times, the details pertaining to which are provided below: Date of Software Crashing 1 18-Nov-07 2 4-Dec-07 3 12-Dec-07 4 5-Mar-08 5 27-Mar-08 6 3-Apr-08 7 17-Apr-08 8 5-May-08 9 16-Jul-08 10 10-Sep-08 * The dates on which IT Department was notified of the breakdown Number * 2. Neither the system functionality of generating a detailed work order report has been utilised in the past nor has any analysis been performed to assess the root causes of frequent break downs. 2. Disagreed, the system was functional in generating the work orders but no hard copy of the same was generated to handover to technicians. Technician used the hard copy of PR 2. 1. Agreed 1. Initially, the cworks software had a problem but now daily backup is being taken as a routine by IT department. 30 September 2009
N.A
N.A
27
Management Response which was manual printed copy. The root cause of the frequent breakdown was also always carried out but lacked documentary updating.
Management Action Plan
Timelines
3.
The work order files pertaining to preventive and breakdown maintenance were not available prior to July, 2008.
3.
Disagreed, The work order generation started when the c works software was adopted but before that manual data was maintained.
4.
While comparing the system generated work orders for 74 machines with the work orders report generated by the C Works system, pertaining to the period July 2008 to October 2008 , the following was noticed: a. Work orders pertaining to seven machines generated by the C Works system did not reflect in the work order report generated by the same system. b. Similarly, some of the work orders pertaining to 21 machines were reflected in the system generated report but were not present in the work order files.
4.
Agreed
In the initial stage of implementation software had a testing problem but later it was resolved and implementation has been done properly 1. Daily back up is being taken up The system does have the permanent record retention. The proper evaluation would be done once interface will be developed between C work software and ORACLE system.
Immediate
2.
2.
Maintenance Planning and Analysis
While reviewing the planning and analysis aspects of maintenance function, the following was revealed: 1. Annual budget has not been prepared for maintenance
28
Internal Audit Observations department. There were no documents available on records evidencing capturing of machine-wise material and labour cost, although down time is being captured since November 2007. Further, there is no activity in place for adequate and accurate reporting of cost and time related to maintenance. History prior to November 2007 pertaining to preventive maintenance, Machines breakdown maintenance and down time is not available on record. The preventive maintenance schedules have not been implemented properly. Further, there are no documents available on record evidencing periodic review of the same in the light of breakdown history. Preventive maintenance schedule included following errors: 4.1.The machine code was mentioned incorrectly in related maintenance schedule 4.2 The frequency of maintenance was mentioned incorrectly
Management Response 1. Agreed
Management Action Plan 1. Cost centre wise budget will be prepared in future, however accurate machine wise has been resolved by updating the spare parts item categorization in oracle system. Record is not available due to change of system.
Timelines 30 September 2009
2.
2.
Agreed
2.
3.
3.
Partially agreed.
3.
4.
C WORKS was not available to retain the data. Preventive maintenance schedule were being done properly but lacked recording. It is now being reviewed in weekly maintenance co ordination meeting.
4.
Agreed.
4.
It has been reviewed corrected.
and
3. Work Order Generation and Maintenance Execution While reviewing the execution of maintenance jobs, following was revealed: 1. The responsibilities for generation and approval of work orders pertaining to breakdown maintenance is not defined. Although the work order is generated in the system, a copy of the same is not printed out, signed off and filled. It is to be noted that the C Works software has crashed ten times in the recent past. Further, there is no tracking and analysis done relating to machine wise breakdown history. 1. Partially agreed. 1. The responsibility of work order generation has been assigned to three persons and password key has been issued to them. The proper generation of work order s and implementation is already in effect. There is a machine N.A
29
Management Response
Management Action Plan failure analysis available from the system for tracking.
Timelines
2.
A single work order is prepared for many machines in the same category (noted in case of welding machines).
2. 2. Agreed.
This practice of generation of work order for same kind of machine for the same schedule was adopted to save the stationary but now it is stopped and each machine has its own work order generated.
N.A
3.
Most of the preventive maintenance checklists were neither signed off by the technician as a proof of job done nor were they signed off by the supervisor as a proof of job supervision.
3.
Agreed.
3.
It is already implemented now the checklist is copied at the back side of work order and it is crossed and signed by the assigned technician.
N.A
4.
Some preventive maintenance checklists were not attached along with their related work orders.
4.
Agreed.
4.
Checklist is now printed backside of the work orders. Also there are check list available on the machine itself to sign off the checks. N.A
N.A
5.
Machines were not maintained at all although they were scheduled to be maintained (ex: hydraulic Jacks and Fl 15) -
5.
Disagreed, Machines of small nature (hand tools) requiring no attention by the technician have been looked after by the user himself hence no record needs be maintained.
5.
N.A
6.
For the last two and half years, maintenance cost has been as
30
Internal Audit Observations follows: 6.1 20066.2 20076.3 2008-
Management Response
Timelines
AED 1 million (Apr 2006 to Mar 2007) AED 1.78 million (Apr2007 - Dec 2007) AED 0.82 million (Jan-Jun 2008)
An analysis of the maintenance record for the period 2007 to October 2008 revealed the following: 1. Break down incidents for the most of the machines exceeds the preventive maintenance performed. Break down cases were 66.7% of machines maintenance history.
6.
Disagreed, Since each machine has many moving components it is not possible to attain 100% preventive maintenance completely especially when machines are very old.
N.A
N.A
2.
Of the total breakdown cases, although action taken was mentioned in 96% of the cases, the reasons for break down were not provided in 78% cases.
Agreed
Record will be maintained.
31 July 2009
31
2.6 Procurement
Internal Audit Observations Management Response Management Action Plan Timelines
1.
Vendor Initial Evaluation, Development and Price Validation Agreed Purchase policy will be written and all aspects will be covered. 15 August 2009
While reviewing the process of initial evaluation, development of vendors and their selection for purchase decision, following was observed: 1. Based on the PO listing obtained from the ORACLE ERP system, the company has dealt with about 461 vendors in the last one year to whom a total of AED 621 million worth of POs have been raised. Top twenty suppliers have about 71% of total business amounting to AED 442 million and the remaining 441 suppliers have 29% of total business amounting to 179 million. Currently there are no guidelines available on record to facilitate vendor initial identification from a financial and technical perspective. Further there no defined parameters for conduct a financial and technical evaluation to decide as to whether to do business with the vendor. New vendor master is created when business needs to be done with that vendor. As such, there is no vendor registration process to help build a vendor data base. A list of vendors was created in 2008 consisting of suppliers for steel, production accessories and consumables. This is a compilation of the suppliers with whom the company has been dealing in the past. There is no detailed Purchase Policy available on record. Currently the decision to select a supplier and place order on the same is entirely discretionary and is in taken by the Purchase Manager. There exists a guideline which prescribes that for purchase of single item valuing AED 5000, one quote needs to be invited. For
2.
3.
4. 5.
6.
32
Management Response
Timelines
7.
8.
purchase between AED 5000 to AED 10,000, two quotations needs to be invites and for purchased above AED 10,000, three quotes needs to be invited. A manual price comparison is maintained by the Purchase Manager, which also contains proposed and actual delivery dates apart from the prices. It is maintained mainly for steel and bought out items (sent along with various parts of the buliding and are direct bought and not manufactured). Any counter bidding and price negotiation is done entirely by the Purchase Manager. Although market rates mobilized for various material and services on a periodic basis to facilitate rate benchmarking, there is no mechanism for developing internal costing to arrive at tentative cost for purchase of material to facilitate negotiations.
2.
Vendor Performance Evaluation Disagreed, The selection/evaluation of vendors is according to their reputations, quality of product, pricings, delivery etc. Most of the purchased from the steel mills directly instead from traders. All steel mills are internationally certified of their quality plan. N.A N.A
Currently a form does exist for assessing vendor performance across ten parameters which are rated on point scale of 1 to 10. This rating is done by the purchase manager based on his experience and dealing with individual suppliers and actual performance data is not used to carry out the evaluation. Hence the basis of evaluation is entirely subjective and not scientific. Further there is no defined periodicity of the performance evaluation exercise and there no plans to conduct audit of suppliers facilities from a performance evaluation perspective.
33
Management Response
Timelines
3.
Requisition and Purchase Order Management
While reviewing the Purchase Requisition (PR) to Purchase Order (PO) cycle, following came to light: 1. The authorities for raising purchase request for goods and services are not clearly defined in terms of named individuals responsible. Currently the system allows raising of POs without valid Purchase Requisitions. An analysis of PO listing and PR to PO report for 2008 revealed that 1263 POs were raised without PR. The value of these PO was AED 179.49 million which is 29% of sum of all PO raised amounting to AED 620 million. The purchase department does not check to ensure as to whether it is reasonable for the company to purchase the goods /services. 1. Agreed. 1. Management will define the limit authority & person designated for purpose. In most of cases all Pos issued against PRs except certain urgencies but in future all Pos will be issued against PRs, 31 July 2009
2.
2.
Agreed
2.
31 July 2009
3.
3.
Disagreed, Purchasing department is always cross check insisting of required good s with the originator of PR & approval authority. There are several examples present on the record asking such questions/clarifications from the originator of PR.
3.
N.A
N.A
4.
Currently, there was no activity done to assess the number of open PO and there systematic closure. The ORACLE ERP system does not generate a report showing pending PRs.
4.
Agreed
4.
Open POs will be reviewed every quarter. Report will be generated.
30 June 2009
5.
5.
Agreed.
5.
30 June 2009
4.
Invoice Processing, Payment and Creditors Analysis
34
Management Response
Timelines
While reviewing the invoice processing and creditors analysis, following was revealed: 1. Currently all payment request without PO or Invoice is to be approved by the MD and the Finance Manager. In case, such a payment request is made by the MD or Finance Manager, it is not defined as to who will approve the same
1.
Agreed
1.
Procedure will be defined, however all payments pertain to Finance Manager or MD of the company signed by the Groups authorized bank signatories. Finance department will start the same procedure with the help of purchase department.
1.
Immediate
2. 2. No proposed payment listings are prepared for each payment run showing payee and amounts to be paid. There are no provisions for the authorisation of the same by s Senior Manager. Currently, it is based on requests received from purchase department, individual experience and suppliers' follow up call. Currently there is no written policy for cheque access, storage and usage. Functionally the emirates bank cheque book is in the custody of the Sr. Accountant who processes payments. The remaining cheque books pertaining to twelve banks are in the custody of treasury department. In the absence of the Sr. Accountant, the same are kept in the custody of Finance Manager. There is no segregation between the person issuing cheques and the person keeping cheque books. No cheque log is maintained detailing cheque numbers issued, the first and last cheque number used for each payment run and cheque numbers of cancelled or returned cheques. The supplier statements are not obtained on a regular basis from selected top suppliers, as agreed by the Procurement Head and the same are not reconciled to the Accounts payable ledger balances. 3.
Agreed
2.
2.
30 June 2009
3.
Agreed
3.
Policy will be defined & documented.
3.
31 August 2009
4. 4. Agreed 4. Finance will maintain log book.
30 June 2009
4.
5. 5. 5. Agreed 5. Reconciliation is prepared with supplier on monthly basis.
Immediate.
35
Management Response
Timelines
6.
No report is produced on a periodic basis to show all POs raised using One Time Vendor accounts and sent to the relevant managers for review. Further there is no process in place to review the PO's raised on the one time vendor account to ensure that all purchases are valid and any vendors that have been used more than an agreed amount are entered onto the Vendor Master File.
6.
Agreed
6.
Report will be developed in ERP(Oracle). As already mentioned all open Pos will be reviewed quarterly.
6.
31 August 2009
7.
Currently the ORACLE ERP system cannot generate a creditors aging report.
7.
Agreed but now available
7.
Creditors aging is available in ERP(Oracle) and need to check accuracy.
Immediate
5.
Weakness in Vendor Management
A review of the vendor management process revealed that: 1. 1. There is no documentary evidence available to substantiate how suppliers were financially or technically evaluated and approved prior to being added to the approved supplier list and used. There is no proof of any financial bid evaluation conducted. Disagreed, Almost all vendors related to regular material purchased and most of are international reputed steel mills. 1. N.A N.A
2.
There is no formal vendor code creation form used by the company. Hence, no documented approval process exists.
2.
Agreed.
2.
Procedure will be defined.
31 August 2009
3.
Approval procedure pertaining to the set up of new vendors in the system is not present. Duplicate vendor codes are present in the vendor master which poses the risk of duplicate/ unauthorized payments.
3.
Agreed.
3.
Procedure will be defined.
31 August 2009
4.
4.
Agreed.
4.
This is system error. We will rectify in future.
31 August 2009
36
Management Response
Timelines
5.
2 invalid entries exist in the vendor master.
5. 6.
Agreed. Disagreed, company follow ISO for vendor evaluation
5. 6.
It will be rectified. N.A
Immediate N.A
6.
Vendor evaluation is not performed
6.
Weaknesses in the Ordering Process
A sample of 14 invoices were selected during the period Jan-08 to Dec08 and reviewed as per the ordering process present in the company. During the review it was observed that: 1. 1. No quotations were invited in 1 case. (PO No.: 4171, Amount: 175,740.60). A previously approved price list was used to place the order. 2. Only 1 quotation was obtained in 4 cases. 2. Agreed but this is repeated order for standard stock paints from approved supplier 1. Clarified. N.A
Agreed because only single supplier/source is available for these items
2.
Clarified.
N.A
3. In 2 cases, PO was not approved as per the authority matrix which was in effect from 3-Nov-08.
3.
Agreed, this was a transition period from previous approval hierarchy of Pos and new hierarchy of Pos otherwise system can not allow issuing PO without approval of all authorities defined in the approval hierarchy.
3.
Clarified.
Immediate
4. In 2 cases, duplicate POs were created. Old PO was created and approval of Purchase Manager was obtained. But later, the PO details were changed and a new PO with the same PO number was created. Old PO was not stamped as 'Cancelled'. Approvals as per the authority matrix were obtained on the new POs.
4. Disagreed, these are only revision for original POs. We cannot cancel original PO. In case we cancel the original PO number for new PO will be new.
4.
N.A
N.A
37
Management Response
Timelines
7.
Control Gaps in Vendor Creation Process
During our review of vendor creation process, it was observed that: 1. Defined policies and procedures for the creation of vendors in the system do not exist. Currently, when a new supplier is selected for purchase, purchase manager approves the quotation/ company profile of the vendor and the same is used to enter the new vendor in the system by the procurement personnel. 1. Disagreed, New vendor is only created whenever a new item or product is required otherwise we are already having our vendors for the supply of standard material with specified specifications. Therefore creation of new vendor at the time of business is a necessity & Auditors point is invalid. Agreed N.A N.A
2.
Many users in the company have access to create vendors in the system. A list of the users is provided below. GTS Oracle Consultants - 4 users: These users are no longer with the company. Their accounts remain in the system, but have been deactivated. Purchase Order Approver - 4 users: These users were initially given this access before a specific MBS Purchase Approvers Responsibility had been set up in the system. Purchase Requestor - 6 users: These users were initially given this access before a specific MBS Purchase Requestor Responsibility had been set up in the system. Purchase User - 4 users: These users belong to the Purchase Department Technical Support Team - 9 users: This access enables the IT team to handle support queries and publish reports
2.
We will review this and take necessary steps.
31 August 2009
Our discussion with IT personnel revealed that the responsibility matrix in place was designed, reviewed and agreed upon by the
38
Management Response
Timelines
business with the help and guidance of the Oracle implementation partners (GTS) prior to the system going live and these business users were set up within the system at that time. As of now, the IT Department has provided access to the users based on the requests and approvals from the concerned Department Manager. Now, it is realized that a more formal procedure is required to control system access requests. This requirement has been addressed by the planned implementation of a change request procedure. The entire process for creating/ changing users in the system has been defined, including requests, review and approval.
8.
Purchase of Chemical from Group Company Although chemicals can be expired in Jan/Feb 2009 purchased in year 2008 but it can be used after expiry as per lab test report. In addition, manufacturing dates is ultra conservative to avoid any liability. Clarified. N.A
During our discussion with Finance personnel, it was revealed that a chemical was purchased from Mammut Iran (A Mammut Group Company) in Aug-08. Details of the purchase are as follows: Date of Purchase Order: 21-Aug-08 Chemical Purchased: BAYMER TRIAL PRODUCT - POLYOL 27HB03 Total Quantity: 150,000 Kgs Rate (per Kg): EURO 1.83 (AED 10.49) Total Amount (EURO): 274,500 (AED 1,573,549) 1. Early expiry of chemical: It was learnt that, usually the chemical expires after about one year of purchase. However, as on 31st December 2008, some chemical purchased from Mammut Iran was about to expire in the months of Jan-09 and Feb-09. Refer to the table below for details:
Item POLYOL B3 POLYOL B3 Expiry Date Jan-09 Feb-09 Quantity (Kgs) 31,000 32,000 Supplier Mammut Iran Mammut Iran
Rest of the chemical was consumed during this period.
39
Management Response
Timelines
The material was sent to the laboratory for testing, to find out if it can be used even after the expiry date. The test results were positive and stated that even after expiry, the chemical can be used. 2. Purchase at market price: Even though the material purchased was expiring soon, it was purchased at the market price rather than a discounted price. Refer to the table below for comparison of rates with earlier purchases made for the same chemical :
Price (Per Kg) AED 9.95 9.95 9.95
Date 26-Jan-08 25-Mar-08 25-Jun-08
Supplier Bayer Polymer Bayer Polymer Bayer Polymer
9.
Hiring of Consultants Without the Approval of the Board The scope of work, deliverables and timing plan have been developed and issued to EXCOM. The project was awarded by Bahzad. However EII team was to convince them to circulate proposal, objectives, timelines approval Mr. able the for N.A
2 consultants, namely, Mr. Andre Collignon and Mr. Norbert Holtzem, had been appointed as external consultants to MBS for a period of 24 months, starting from 1st October, 2008. As per the agreement dated 30th September, 2008, both the consultants are paid a monthly sum of EURO 15,100 and all operational expenses are reimbursed against receipts. However, it is to be noted that, no approval from the Board or EII has been obtained on this matter. Also, the agreement between MBS and consultants does not specify the objective of the assignment, scope of work and specific deliverables to MBS.
40
2.7 Inventory Management

Internal Audit Observations 1. Material Receiving, Storage and House-keeping Management Response Management Action Plan Timelines
While reviewing the material receiving, storage and house keeping function, following was noted: 1. Currently, the Company does not have centralised stores. Raw Materials are stored in an open yard, bought out items are stored in an area in the plant and stores and spares are stored at third location. 1. Disagreed, Due to different type of operations which carries out in Mammut Building System FZC plant, various products, plant size and different equipments which are require for handling of raw materials; decentralizing of stores would be the best possible option, at the same time there is a centralize control from material controller supervisor ( Mr. Jose Dias ) whom sits in PPD department, basically all the informations from different stores flow in PPD and compile by Senior material controller in different type of format, so control is centralize. Disagreed, As per discussion held in our conference room and documents presented to you there is a tracking report for all the trucks and containers which are entering and leaving MBS factory at any given time, at the same time when there is a congestion and unusually shipments from port all the team 1. N.A N.A
2.
There is no tracking of unloading time from port-to-factory and factory-to-port.
2.
2.
N.A
N.A
41
Management Response members up to manager level gets involve to ease up the operation. In terms of off loading priority it goes with FIFO and type of materials, if we receive a container shipment there is a receiving date on containers and containers are getting off loaded base of FIFO
Timelines
3.
There is no dedicated store in place with a layout plan and the same being mapped in the ORACLE ERP system.
3.
Partially agreed
3.
There is a dedicated store in place where as the lay out plan will be established and same will be mapped with ORACLE
30 September 2009
4.
There are no defined stacking norms in terms of types of stacks, number of pieces / boxes / items kept in a stack, stacking hight etc. for various types of material.
4.
Partially agreed, As far as steel concern number of pieces in each bundle and bundling is different from supplier to supplier and practically it is not possible to re bundling them, for buy out items packing is subject to supplier and shipment type which is different and that depends on suppliers and it has to be forced by purchasing to supplier, for sacking we fallow industry practice which is vary for each type of materials and mainly depends on volume of materials which we receive in MBS plant, as we have explained to you all the pre painted Aluzinc materials can go up to 3 coils vertically on top of
4.
N.A
30 September 2009
42
Management Response each other, and for still hot rolled sections industry practice is 3.5 meter which we are fallowing it.
Timelines
5.
The hygiene norms in terms of cleaning schedule, hygiene standards to be maintained in the stores etc. for the stores are not defined.
5.
Disagreed, _Cleaning of inventory is carrying every alternative week and procedure for 5s inspection start on 2end March and we hold it every Monday on entire plant, the rest of procedure is under review to be establish as standard policy, and it has shown to you on a day which we had a meeting, there is an enormous improvement in all the area in terms of cleaning and arranging written procedure will be establish in six months.
5.
N.A
N.A
6.
Although ORACLE ERP has been implemented, but the same is not supported by a perpetual inventory system and continuous stocking system, which is absolute essential in an ERP environment.
6.
Agreed.
6.
Objective of continues system will be achieved after implementation of SCIA software.
30 September 2009
7.
Control Gaps in Material Rejection Agreed. Guidelines to facilitate re inspection of rejected material to recover good material will be established with co ordination of Purchasing, material and Engineering Dept.
. 31 August 2009
It was noted that, there are no guidelines to facilitate re-inspection of rejected material to recover good material before it may be returned to suppliers.
43
Internal Audit Observations 8. Physical Verification of Inventory
Management Response
Timelines
Although physical verification is done as a part of statutory audit process every six months, currently the company does not have a well defined physical verification procedure pertaining to inventory on an ongoing basis. Further, there are no guidelines available on record for the preparation of stock verification report, their verification and final authorization and approval for effecting adjustments.
Agreed
Written procedures and guidelines will be defined & established.
15 August 2009
9.
Inventory Management and Optimization
While evaluating the inventory management and optimization, following was revealed: 1. Currently classification of inventory is not done. 1. Disagreed, Inventory classification in terms of type of materials route to production and consumption is defined, for example HRCs, HR Plate, Flat Bar, Galvanize materials, and Pre painted materials.. etc, and segmentation it has been set in the system and reports are available for review, at the same time physically materials have been separated base on the route of production too, as an examples materials are getting utilized in main frame shop are store in open material yard while as materials for cold form are in lean to area. 1. N.A N.A
44
Internal Audit Observations 2. Inventory levels in terms of maximum level, minimum level and re-order level have not been defined. Currently the ORACLE ERP system does not generate an inventory ageing report and in turn, non-moving and slow moving items cannot be identified and valued. 2.
Management Response Agreed . 2.
Management Action Plan We will implement in ERP
Timelines
31 August 2009
3.
3.
Agreed but available from Jan2009
3.
N.A
N.A
10. Control Gaps in Material Consumption Booking During our review of the material consumption booking, it was revealed that since the manufacturing module of Oracle is not implemented as of now, all raw material consumption booking is done manually at the end of the month. At the end of each month, production manager creates a 'Production Report' manually in an excel sheet and sends it to Accounts Department. This report contains the raw material items and quantities consumed during the month. This report is used as a basis to book the consumption in the system by the Accounts Department. The rates of raw materials are obtained from the Oracle System itself. 11. Absence of Provisioning Policy for Inventory Currently, the company does not have in place any provisioning policy for inventory. An age-wise analysis of inventory currently on hand is not carried out to ascertain the quantity of inventory under different age brackets and compare the age on inventory with the shelf-life. This results into non-tracking of obsolete and un-usable inventory items. Discussion with Finance Personnel revealed that, most of the raw materials used by the company have very long shelf lives. Even, if the steel is rusted, it can be used after re-blasting. Agreed Inventory policy will be formalized 15 August 2009 Agreed This will be available once SCIA will be implemented. 30 September 2009
45
2.8 Shipping
1.
Management Response
Timelines
Control Gaps in Transporter Evaluation and Selection Agreed Complete document will be available cover all aspects of recommendations. 31 July 2009
Following was revealed during the review of Approved Transporters List: 1. A procedure for appointment of transporter clearly defining the parameters for attributes like rate, efficiency, timeliness etc. was not available on record. 2. Transporter evaluation and justification for appointment is not documented. Thus, appointment of the best transporter available cannot be guaranteed. 3. There is an over dependence on a single transporter. Majority of the dispatches are done through a sister concern namely Trans1. Management has decided to give first preference to the sister concern for all the domestic dispatches irrespective of the rates charged. If, the sister concern is not able to fulfill the dispatch requirements, alternative transporters are arranged for those dispatches.
2.
Absence of Transporters Performance Evaluation Agreed Procedure to be defined for performance. 31 August 2009
Discussion with the Shipping Manager revealed the following: 1. Absence of a well documented procedure defining the parameters for the performance evaluation of the transporters. 2. An objective assessment of the performance of the approved transporters is not carried out.
3.
Absence of Long-term Agreements with the Transporters Agreed Formal agreement to be prepared. 31 July 2009
During a review of the selected transporters of the company, it was revealed that formal agreements between the company and the transporter, stating the terms and conditions of both the parties are not present. Authorized signatory approves the quotation / rate list sent by the transporter and this document is considered as a contract.
46

4.
Management Response
Timelines
Control Gaps in Dispatch Monitoring During a review of fifteen dispatches made during the period 1Nov-08 to 15-Nov-08, following was revealed: 1.1 Loading report is not signed by the material checker during loading in all the cases. Loading report only contains the part numbers and their respective quantities. 1.2 Proof of delivery was not obtained from the customer in six cases.
Date 01.11.2008 02.11.2008 08.11.2008 09.11.2008 12.11.2008 14.11.2008 Job No. AE1-2020 AE3-2129 AE1-1795 AE1-1526 AE1-1526 AE1-2121 Description PEB Materials Sheeting Materials PEB Materials PEB Materials Touch-up paint Sheeting Materials Weight (MT) 13.053 2.435 13.676 10.148 0.028 6.318 DN No. 34955 35004 35167 35204 35287 35341
1.
1.
Agreed
1.
Already implemented. Loading Foremen and Supervisors are signing the loading docs before preparing the packing list
Immediate
2.
Destination-wise transit periods are not defined and formally approved by both the parties in form of a contract. Lack of Control Over Demurrage Charges
2.
Agreed
2.
Will be defined.
31 July 2009
5.
During a review of financial accounts for the period Jan-08 to Nov-08 pertaining to demurrage charges, it was revealed that: 1. A mechanism to monitor and control demurrage charges does not exist. Demurrage Charges for incoming materials have been accounted for under two different heads of accounts namely, Landed Cost Clearing Account Freight and Freight Purchase. 2. Freight Charges which could be clearly identified as demurrage charges according to descriptions of transactions amounted to AED 121,498.This could be much more.
1.
Agreed
1.
Mechanism will be established for demurrage monitoring. Procedure needs to be defined with the purchase department to incorporate the rate contract with transporters
30 September 2009
2.
Agreed 2. 30 September 2009
47
2.9 Accounts and Finance

Timelines
Internal Audit Observations 1. Control gaps in Account Master Management
Management Response
While reviewing the master data management pertaining to Accounts, following was revealed: 1. Although there are named individuals responsible for creation, deletion and modification of the chart of accounts, but there is no documented policy for the same. 2. There is no standardized process of amending and updating accounts, nor there is a process of identification in-active or dormant accounts. 3. Currently all non-standard journal entries such as the adjusting entries are entered by Finance Head himself and there is no authority delegated to any of the staff to do so. Further, there are no supporting documents for most of the reversal entries.
1. Agreed
1.
Policy will documented. Procedure defined. N.A will
be
Aug 31, 2009
2. Agreed
2.
be
Aug 31, 2009
3. Disagreed, all entries entered by respective staff and not Finance Manager , however for control purpose all entries posted by Finance Manager. However supporting documents wherever missing will be attached. 4. Disagreed, all approval for payments done by Chief accountant and forward to Finance Manager for approval with chque/TT signature Finance Manager singed cheques/TTs with MD of the company upto the limits approved by BOD. Cheques/TT more then the limit forward to Group and EII for authorization.
3.
N.A
4.
There is no delegation of authority defined for the approval of payments limits. Generally all payments are approved by the Accounts Manager except for some material payments.
4.
N.A
N.A
48
Internal Audit Observations 2. Periodic Bank Reconciliation Statements Not Prepared
Management Response
Timelines
Currently, the company does not prepare bank reconciliations at all. It was given to understand that by preparing a list of all post dated and current dated checks and reconciling them with the bank statements immediately after they have been cashed from the bank the purpose is served. Further, the company updates its accounts based on the bank statements. When reviewing account # 133301-Cash Clearing Account, it was noted that the System facilitates the option of recording Post Dated Cheques, Current Dated Letter of Credit and Letter of Credit payments separately , but all of them were recorded as Current Dated Cheques which has resulted in a balance of AED 114,661,279 pending in Current Dated Cheques account. 3. High Finance Costs
Agreed., the main reason to use CDC account instead to have Bank account in GL that we issued future dated cheques in bulk instead to make CDC. All PDCs incorporated into PDC account in GL instead to credit into bank account in GL. Every month only cleared PDCs incorporated into bank book which eventually match with Bank statement. The rest of the items reconciled and part of bank reconciliation statement which is available from December 2008.
Implemented
Implemented
During our analysis of the financial statements for 2005, 2006 and 2007, it was revealed that profit margin has declined to 4% in 2006 from 8% in 2005. On further analysis of financial information and discussions with finance personnel, it was observed that it was mainly due to increase in finance costs in 2006. Interest on terms loans increased from AED 1,832,195 in 2005 to AED 6,135,359 in 2006 which is more than a 230% increase from the previous year. Interest on trust receipt loans and overdrafts increased from AED 823,597 in 2005 to AED 2,099,367 in 2006. Also, current portion of bank overdrafts increased to AED 13,394,599 in 2006 from AED 136,233 in 2005
Agreed, Due to huge liability payable to the bank in 2006 but after EII taken over most of the banks liabilities paid from the consideration received. In addition EIBOR rate was higher in the year 2006 if we compare year 2008.
N.A
N.A
49
Internal Audit Observations Company obtained term loans in 2006 to meet its financing needs. Details of the loans are given below: 1. A commercial loan of AED 15,325,761 repayable in 24 equal installments of AED 765,324 each from Bank Melli Iran. This was used to finance property purchases. 2. A commercial loan of AED 18,341,640 repayable in 16 equal quarterly installments of AED 1,147,289 from Northstar. This was used to finance machine purchase. 3. A commercial loan of AED 12,178,028 repayable in 12 equal semi-yearly installments of AED 950,000 from Abu Dhabi Commercial Bank. This was used to finance property purchases. We understand that, this has resulted in increased financial cost in 2006, leading to a decline in profit margin for the year. Further, as of now the properties purchased have been transferred to the group company. 4. Exposure to Swap Transactions
Management Response
Timelines
During our analysis of the treasury function, it was observed that the company entered into various interest rate swaps during the period Apr-05 to Apr-08. Although the company has made a profit over all, but the same is not the core activity of the company and amounts to entering into transactions involving a lot of financial risk.
The reasons and methodology already discussed at EXCOM and Board level and approved the Exposure to Swap Transactions.
Approval has been sought from board
N.A
50
2.10. Capital Expenditure

Internal Audit Observations 1. Capital Budgeting Policy and Procedures Management Response Management Action Plan Timelines
Following was revealed pertaining to the Capital Budgeting activity in the company: 1. There is no defined capital budgeting exercise done as a part of Annual Budgeting Process. Further, there is no centralized body that drives the capital expenditure decisions of the company. 1. Disagreed, Each HOD submits the budget each year as par of annual budgeting process. In addition, Budget vs actual statement submits to EXCOM level for review. Since company purchased only few assets except plant and machinery for expansion which is HOLD due to current economic conditions. MD is authorized to take decision upto certain limits. Disagreed, Capital budget submitted by each department which is part of annual budget and same approved and intimated to all HODs N.A
N.A
2. 2. There is no documented process of allocating annual capital budgets to various departments before the year starts. 3. 3. There is no provision of periodic documented review of budgeted vs. actual expenses and analysis of variances there off..
N.A
N.A
Disagreed, Monthly MIS is available for review against budget and same discussed in each and every EXCOM. Agreed
N.A
N.A
4.
4.
There is no system of periodic review or monitoring of execution of projects (only capital expenditures that require
In future all execution of projects will be done periodically.
31 July 2009
51
Internal Audit Observations acquiring materials internally are not given internal Job number, nor there is a system of periodic reporting of execution of each project. 2. Capital Expenditure Initiation and Approval
Management Response
Timelines
While reviewing a sample of sixteen capital expenditure decisions amounting to AED 27,058,965 the following was revealed: 1. In two cases amounting to AED 99,824 no quotations were obtained. In ten cases amounting to AED 25,923,775 only one quotation was obtained. 1. Agreed 1. In future all supporting documents wherever possible since some time we need brand specific product in which case three quotations are not possible. N.A 1. Immediate.
2.
The company does not have an approved vendors list for capital purchases.
2.
Disagreed since 95% capital purchased related to plant and machinery and it is not possible to prepare standard list of vendors since it depends upon the specs and budget availability. The same has been done during finalization of purchased plant and machinery for plant expansion where BOD approval obtained after finalization of specs and vendors.
2.
N.A
3.
In fifteen cases amounting to AED 26,573,965 no NPV/IRR/Payback period analysis was done. Further, there are no guidelines available on record for performing the same.
3.
Agreed
3.
NPV/DCF/IRR will be added in the CAPEX
July 31, 2009
52
Management Response
Timelines
4.
5.
As of now, there is no serial number control over CER. Further, Capital Expenditure Requests (CER) were not found in seven cases amounting to AED 6,305,243. Purchase requests were not mentioned in three cases amounting to AED 4,557,272 and purchase order was not found in one case amounting to AED 77,437 In four cases amounting to AED 4,538,632 the purchase order was not signed by the Finance Manager and General Manager.
4.
Agreed
4.
CER will be generated from ERP with serial nos. In future, all relevant documents will be attached. Corrected, now no PO can submit from the ERP without approving by Finance Manager & MD. N.A
Aug 31, 2009
5.
Agreed
5.
Immediate.
6.
6.
Agreed
6.
Immediate
7.
In two cases amounting to AED 861,640, although the assets were put to use but the same were not capitalized. In one case, a purchased asset amounting to AED 3,797,760 was not booked to the extent of part payment of AED 2,800,944 as capital commitment and in another case although full payment of AED 1,341,216 was made, but the asset was not recognized in the books of accounts.
7.
Disagreed, company capitalizes assets after installation, internal satisfaction, performing all procedures i.e test and trial etc. So just assets available in the factory can not simply capitalize without following above steps.
7.
N.A
3.
Capital Expenditure Fixed Asset Purchase and Capitalization
While reviewing the fixed asset purchases and capitalization the following was revealed: 1. In ten cases, the cost of the assets could not be tracked. 1. Agreed, These items are very old items and coming from old plant. The costs of these items are very minor. The cost might be considered as expenditure at the time of purchase from old plant. 1. A proper cost tracking system in place
Immediate
53
Internal Audit Observations 2. Some Fixed assets that were purchased, but they were not capitalized yet. (refer to annexure) 2.
Management Response Agreed,
Management Action Plan 2. Now as a part of CWIP since all meant for plant expansion which is hold now as per directives from the BOD.
Timelines
30 September 2009
3.
Some fixed assets that actually existed were not on the fixed assets register.
3.
Agreed
3.
Physical verification exercise will be carried out and will be maintained Fixed Assets Register.
30 September 2009
4.
Depreciation of all machines related to each category is calculated on a lump sum basis for the whole category without taking into account the relevant useful lives and usage of various machines
4.
Disagreed, This is company policy of last many years and it is not worthwhile to change the policy at this stage where all machineries are very old and overall value will not be material to consider for revision.
4.
N.A
N.A
5.
Fixed assets insurance is prepared based on the net book value of the fixed assets.
5.
Disagreed, We are doing insurance on Gross Value and not on net value. Policy is available for cross verification.
5.
N.A
N.A
6.
No information about the legal ownership of old fixed assets obtained before 2007 are available on record.
6.
Agreed but it is difficult to identify at this stage since company maintained current year and last year record.
6.
In future, proper files will be maintained.
Immediate
54
Internal Audit Observations 4. Weak Control Over Fixed Assets Verification Agreed,
Management Response
Timelines
We understand that, a physical verification of fixed assets is not carried out by the company. Also, the assets do not have an 'Asset Identification Code' due to which, they can not be easily identified and located. An exercise for bar-coding of fixed assets was undertaken at a group level about one year back. However, the exercise was not completed and all the fixed assets were not barcoded. According to a list of all bar-coded items generated from the IT System, a total of only 435 assets were coded. The list contains a limited number of Furniture items and computer hardware only.
Fixed assets will be verified & code will be done.
30 September 2009
55
1.11.
Human Resources and Payroll

Timelines
Management Response

Detailed manpower and cost to company reports based on current headcount and following year projections are prepared by HR in deliberations with various departments and provided to them for the purpose of planning and budgeting. Assumptions on which the CTC is based are available with HR. A number of HR Policies and Procedures which are working well have been incorporated in the BP 080 as there is no need for changes. Where necessary changes have been made in the Future Process Model. The Future Process Model (BP080) has already been implemented. The Oracle process is based on the BP080 which is running since 2008. HR Department objectives and KPIs are being set. HR Department budgets have already been prepared and submitted to Finance. Staffing requirement, forecasted expenditure and key legislative requirements are all part of the budgeting process and have already been taken into consideration. KPIs for HR & Admin Manager, agreed by the GM are being finalized. HR Policies and procedures already exist. They are continuously updated on a need basis. The Policy Manual is available for Department Heads. Employee Handbook is being prepared and is expected to be ready for distribution to all employees by September 2009
30 September 2009
1. 1. No Annual HR Budget, Planning and Management While reviewing the budgeting and planning aspect of HR function, following was revealed: 1. Currently, detailed planning and budgeting is not done in the HR department. Although a projection of salaries and benefits / allowances is done as a part of annual business plan for which there are no assumptions available on record, the same is not done in conjunction with the department as well. Further, it is also not cascaded down to the department to facilitate the formulation of a detailed budget and submission of the same back to the management for deliberations, fine tuning and approval. Currently the company is following HR procedures set in the year 2006. Although, the Future Process Model (dated July 07, 2008) for the HR Department is available and it was given to understand that the same are approved at the group level, an approved copy of the same was not available on record. Further, the implementation of the same is still to be initiated by the company.
We agreed with the observation
2.
2.
Control Gaps in Recruitment Activity
56
Management Response
Timelines
While reviewing the recruitment aspect of HR function, following was noted: 1. Alignment of the recruitment activity to the business plan can not be ascertained as the same is not cascaded to the Head of the HR Department. 2. A detailed updated organization chart highlighting all levels of management down to the supervisory and workers level is not available on record. Further, detailed job profiles / job descriptions identifying key position requirements were not developed for each designation. 3. Rejection letters are not issued to rejected candidates and no track record of rejected employees is maintained. 4. A staffing plan neither is in place nor is the Staffing requirements monitored, including anticipated organizational change. 5. No documentary evidence was available on record for imparting training in interview and selection techniques to line managers involved in the recruitment process. While reviewing the recruitment process of fifteen employees, following was revealed: 1. Manpower request form was not available for eleven employees. Further, manpower request form was used by the department head to inform the HR Department of recruitment of three employees. Thus, the manpower recruitment form was not used for its intended purpose.
1.
Agreed
1.
2.
Available now.
2.
HR Manager will prepare the annual recruitment plan based on the budgeted figures and initiate the recruitment process at the agreed time. N.A
30 September 2009
N.A
3. 3. Agreed 4. 4. Agreed
HR has started to prepare this letters.
Immediate
HR Manager with General Manager will start to prepare the plan.
30 September 2009
5. 5. Agreed
HR Manager with general manger will define the guidelines.
30 September 2009
1.
Disagreed, All manpower request forms are available
N.A
N.A
57
Internal Audit Observations 2. Recruitment documents such as interview sheet were not available for ten employees.
Management Response 2. Agreed
Management Action Plan In ture HR Manager will make sure that recruitments documents will be available for all employees.
Timelines
Immediate
3.
Educational certificates are not obtained for seven employees at the time of recruitment and the same are still not available in their personal files. Documentation for background checks was not retained for all fifteen employees. Documentary evidence of employee orientation for nine employees was not available on record.
3.
Agreed
In future HR Manager will make sure that Educational Certificates will be available for all employees.
Immediate
4.
4. 5.
Agreed Disagreed, All employee orientation forms are available In future HR Manager will make sure that documents for background check will be available for all employees. Immediate
5.
6.
Employee reporting form was not available on record for three employees.
6.
Disagreed, All employee reporting forms are available
N.A
N.A
3. Control Gaps in Recruitment Activity While reviewing the recruitment aspect of HR function, following was noted: 1. Alignment of the recruitment activity to the business plan can not be ascertained as the same is not cascaded to the Head of the HR Department. 2. A detailed updated organization chart highlighting all levels of management down to the supervisory and workers level is not available on record. Further, detailed job profiles / job descriptions identifying key position requirements were not
1.
Agreed
1.
2.
Available now.
2.
HR Manager will prepare the annual recruitment plan based on the budgeted figures and initiate the recruitment process at the agreed time. N.A
30 September 2009
N.A
58

developed for each designation. 3. Rejection letters are not issued to rejected candidates and no track record of rejected employees is maintained. A staffing plan neither is in place nor is the Staffing requirements monitored, including anticipated organizational change.
Management Response
Timelines
3.
Agreed
3.
HR has started to prepare this letters.
Immediate
4.
4.
Agreed
4.
HR Manager with MD will start to prepare the plan.
30 September 2009
No documentary evidence was available on record for imparting training in interview and selection techniques to line managers involved in the recruitment process. While reviewing the recruitment process of fifteen employees, following was revealed: 1. Manpower request form was not available for eleven employees. Further, manpower request form was used by the department head to inform the HR Department of recruitment of three employees. Thus, the manpower recruitment form was not used for its intended purpose. 2. Recruitment documents such as interview sheet were not available for ten employees. Educational certificates are not obtained for seven employees at the time of recruitment and the same are still not available in their personal files. Documentation for background checks was not retained for all fifteen employees. Documentary evidence of employee orientation for nine employees was not available on record.
5.
5.
Agreed
5.
HR Manager with MD will define the guidelines.
30 September 2009
Disagreed, All manpower request forms are available
N.A
Agreed
In future HR Manager will make sure that recruitments documents will be available for all employees. In future HR Manager will make sure that Educational Certificates will be available for all employees.
Immediate
3.
Agreed Immediate
4.
Agreed In future HR Manager will make sure that documents for background check will be available for all employees. Immediate
5.
Disagreed All employee orientation forms are available
59
Management Response
Timelines
6.
Employee reporting form was not available on record for three employees.
Disagreed, All employee reporting forms are available
N.A
N.A
Control Gaps in Information Management Systems
Following gaps were observed in the information management system of HR department: 1. Various parameters for measuring the capability and effectiveness of various activities such as recruitment, training and performance management are not in place. 2. Employee productivity measures have not been established. Due to this, processes and systems to capture the data are not available. 3. Delay in visa renewal processing is observed for one employee during the review of visa renewal process for 16 employees.
Visa Expiry Date 3-Oct-08 Application Date 6-Oct-08 Gap (Days) (3.00)
1. 2.
Agreed Agreed
The process will be in place with Group HR.
30 September 2009
The process will be in place with Group HR.
30 September 2009
3.
Emp. # 13020
Employee Name Vadakkedath Varghese
Disagreed, UAE law 30 days grace period is available for renewal of VISA. This is general practice in UAE.
N.A
N.A
4.
Delay in passport renewal process is observed for 3 employees during the review of passport renewal process for 8 employees.
Employee Name Mohammad Haroon Khan Bilal Tariq Awan Davis Chiriyan Kandath Rappai PPt Expiry Date 11-Nov-07 24-Oct-08 25-Sep-08 Ppt Withdrawl Date 12-Nov-08 26-Oct-08 20-Oct-08 Gap (Days) (367.00) (2.00) (25.00)
4.
Partly agreed
In future, HR/Admin will avoid such delay.
Immediate
Emp. # 13240 12435 12559
60
Management Response
Timelines
6.
Discipline Management
Implementation of disciplinary procedure of the company had the following gaps:

1.
No mechanism exists for employees to raise concerns about their place of work and working relationships through a discrete procedure either formally or informally. No formal record exists for training provided to line managers in application of disciplinary procedures.
1. 1. Agreed
HR will prepare the procedure and communicate to all.
15 august 2009
2.
2. 2. Agreed.
The Disciplinary Procedures are defined clearly in the BP 080. These are supported by a Rule Book specifying penalties to be applied in various circumstances and situations. These are available with all Managers and are being strictly implemented. Monthly audits of Disciplinary penalties to be carried out by HR.
31 October 2009
3.
No periodic audit of actions taken against the disciplinary actions is conducted to ensure compliance with laid down procedures.
3. 3. Agreed
30 September 2009
61
2.12 Information Technology

Timelines
Internal Audit Observations 1. IT Policy, Disaster Recovery Plan and System Security
Management Response
A review of the Information Technology framework revealed the following: 1. Two documents viz. Disaster Recovery Plan and Disaster Recovery Framework were available on record, but as of now, both of them are at a draft stage and still to be finalised. This also contains the back up plan. Currently, there is no well defined, documented and approved plan pertaining to assessment and monitoring the physical and logical security of IT infrastructure in terms of periodic review of access logs. 1. Agreed 1. Restate rescue plan & framework will be presented & prepared to Board for approval 30 September 2009
2.
2.
Disagreed., Logical security is inherent within the Windows and Linux server environments. Logical passwords are defined at multiple level, server ie. network 90 day password expiry is in place for all users. In addition to this all business critical applications ie. ERP have there own application/database level passwords this is inherent in the software application. All servers are physically secure and kept in air conditioned IT server room. The only people who have access are the IT manager and the IT Engineers. DR Plan will be updated to include details of Logical & Physical security
2. N.A
N.A
62
Internal Audit Observations 2. ERP Implementation
Management Response
Timelines
While assessing the ERP implementation, following came to light: 1. The project was initiated in April 2007 and went live in January 2008 that is approximately nine months.
1. Agreed however note that ERP systems generally take a number of years to mature. A modular implementation approach was taken for ERP implementation at MBS. This means that not all modules went live at the same time. Modules were phased in over a period of time due to data dependencies. It is not uncommon during the early stages of a new implementation for small issues to exist. 2. Agreed. The half year Audit did happen in Alpha, however we are more than confident that the pertaining issues have been resolved and that Oracle ERP is functioning as required by the business.
N.A
N.A
2.
As the software was purchased at the group level, Mammut Building Systems share of the cost was about AED 1.5 million which is 42% of the total cost including the consultants fees.
N.A
N.A
3.
It has been a year since the ORACLE ERP has gone live. Following are some of the facts in this regard: 2.1 The June 2008 closing of the books of accounts for the purpose of Statutory Audit has happened in Alpha (the old legacy system) and not in ORACLE.
3. Agreed but available from Jan-2009. Agreed but available from Jan2009.
63
Management Response
Timelines
2.2 Debtors ageing is done manually as the ORACLE is not giving the desired report and is still under development. ERP also does not support the generation of creditors ageing. 2.3 ORACLE ERP does not generate an inventory ageing report. It was given to understand that the inventory coding is still to be completed in the system. 2.4 There is no report generated by the system which can facilitate the assessment of Purchase Requisition (PR) status as to whether it is pending approval or approved but not serviced, serviced but not closed and serviced and closed. Disagreed, Following reports are available : - Oracle standard Purchase Requisition Status report - MBS PR to PO Status report MBS PR to DO tracking report Following Open PO reports are available: - Standard Open PO Report(by Buyer) - Standard Open PO Report(by Cost Center) MBS PO Status Report N.A
N.A
2.5 There is no pending PR and pending PR ageing report. Further, there is no report showing the open POs and their ageing. 2.6 Two PO listings were generated for analysis purposes, namly, one from the purchase department ( 11270 listed POs) and another from the IT department (10036 listed POs). The PO listed in the report by purchase department were
Partly agreed
Pending PR report available, there is no standard PR ageing report, it will be developed. Reports needs to be revisited.
30 September 2009
Agreed
30 June 2009
64
Internal Audit Observations more than the PO listed in the report generated by IT department by 1231.
Management Response
Timelines
2.7 The ERP system does not generate a Bank Reconciliation Statement. In fact, MBS does not have the practice of preparing Bank Reconciliation Statement at all. 2.8 The company has not opted for ORACLE Manufacturing. Instead a new software SCIA has been bought at the cost of AED 0.90 million for managing production and MRP. Currently, the same is being integrated with ORACLE. Till such time the whole MRP and production management is performed manually. It was given to understand that the decision to opt for SCIA instead of ORACLE Manufacturing was taken by the top management, but there are no documents available on record supporting the technical and financial evaluation for supporting the decision.
Agreed
Company will see the possibility to generate bank reconciliation statement from ERP since this facility may require additional cost to the company. Oracle Manufacturing has not been factored into the ERP implementation as it was decided that SCIA would perform this function better then Oracle.
Agreed
2.9 Currently the material management department does not utilise the MRV reports to manage material receipt.
Disagreed, Report is available and has being utilized by PPD & Finance since module GO-Live. no additional reports have been requested
N.A
N.A
2.10It was given to understand that before going live, parallel runs with the legacy system were not performed to ensure ERP stability.
Agreed
This was a decision by the MD of the company.
65
66

Mammut Internal - Audit - Report May 31 2009

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mammut Internal - Audit - Report May 31 2009

Uploaded by

Copyright:

Available Formats

Emaar Industries & Investments (EII) Internal Audit Mammut Building Systems Balance Sheet & Internal Controls

Year Revenue (AED) Profit Profit percentage to Revenue

2006 243.18 18.85 8%

2007 317.75 14.22 4%

Areas been considered.

Customer Service, Estimation, Engineering, Production and QA/QC

Maintenance and Facilities Management

Accounts and Finance

Capital Expenditure Decision

Human Resource Management

Information Technology and Systems

2.1. Entity Level Controls

Absence of Risk Identification and Management System and BCP

Management action plan

Weakness in Organization Structure

DOA document is available at Mammut Group Level and will be

Internal Audit Observations

Absence of Policy and Procedure Delegation of Authority Matrix

Management Response Agreed

30 June 2009 Process is in place to be documented.

Separate request form will be created

Following was observed pertaining to the key security management aspects:

Management action plan

HR Manager with MD will define the guidelines.

30th Sep 2009

July 31st -2009

Sept 30th -2009

Entity level Policy for record retention will be documented

Internal Audit Observations entity-level policy for record retention..

Management action plan

MD with Group IT Director will define the policy.

2.2 Sales and Debtors Management

Management Response 3. Agreed 3.

Adjusted in December 2008.

Debtors aging will be monitored on a regular basis.

Internal Audit Observations

Management action plan

Value (AED) 26,298,73 6 11,402,29 8 18,666,02 7 22,552,34 0 78,919,43 0

Percentage 33.32% 14.45% 23.65% 28.58% 100%

31 July 2009 (Retention Separation)

Management action plan

1.3 Customer Service, Estimation, Engineering, Production and QA/QC

Management action plan

JAF Date 17-Jun-08 Not Mentioned 30-Aug-08

Disagreed with observation, document is available for inspections.

available for job OM-1667 (EURO 23,353,974).

Internal Audit Observations not been updated to reflect the change.

Management action plan

Control gaps in Generation and Approval of Project Information Form (PIF)

Management action plan

In future we will follow the standard practice.

Internal Audit Observations 4. Through-put and Production Efficiency Agreed

Management action plan

These reports will be available once SCIA will be implemented.

Management action plan

Internal Audit Observations

Management action plan

Defective / low quality material Damage to material during assembly

Management action plan

2.4 Waste Management

2.5 Maintenance and Facilities Management

Internal Audit Observations

Management Action Plan