Best Practices for Manufacturers
Posted on 02.20.13
Author: Scott M. McAuliffe, CPA, CISA, CFE
Companies are always looking for ways to improve controls and operational efficiencies with limited resources. As such, the majority of companies that we work with have segregation of duties concerns that have to be mitigated cost effectively. The following article includes the six best practices that manufacturers should implement to improve controls and operational efficiencies.
- Entity-Level Controls. These controls set the ethical tone of the organization. Companies should have strong Code of Conduct/Ethics policy and require employees to sign this policy at time of hire and annually thereafter.
- Cash. Expand the use of electronic receipts / payments (e.g., online banking, ACH, wires). Electronic receipts / payments can strengthen controls (helps to eliminate segregation of duties concerns), as well as improve cash flows. At a minimum, companies should receive funds through lockboxes and use positive pay for cash disbursements. These procedures, with an independently performed bank reconciliation, are the strongest controls relating to cash receipts/ disbursements
- Inventory. Companies should be performing cycle counts throughout the year. The counts can focus on higher dollar or higher risk inventory items.Payroll. Outsource the processing of payroll, require an independent review of payroll changes, and perform a comparison to prior period payroll that is independently reviewed.
- Month End Close. Use checklists to ensure all month end close procedures are performed timely and properly reviewed. All journal entries should be independently reviewed. Budget to actual expense reviews should be performed with explanations required for significant fluctuations.
- Process Control Systems. Process control systems are the life blood of manufacturers, no matter if they are producing paper, plastics, electricity, or chemicals. If process control systems go down, manufacturers cannot produce their product. Manufacturers need to take a layered approach to securing their process control systems by implementing proper network controls, and software controls. As noted in this recent article on malware found at U.S. plants, manufacturers are being hit with malware through the use of USB devices. We have seen that manufacturers will often not have anti-virus software on process control units because of the fear that the software will affect the performance of the process control system. Thus, it is very important to limit or remove the ability to connect USB devices to process control systems. Companies should also ensure that these networks are properly firewalled from business networks. Also, as many of these systems are controlled by non-IT individuals, companies should ensure that the systems conform to the company’s access controls and backup and restoration policies and procedures.
Is your company following these best practices? If not, it is time to start strengthening your controls and improving efficiencies.
If you have questions about the best practices listed above, or you need to have an Internal Control review, please contact: Scott M. McAuliffe, CPA, CISA, Partner, Risk Advisory Services firstname.lastname@example.org | 804.273.6247