Home> Auditing

Auditing Archive

Preparing for a DOT Safety Audit

May 13, 2010 Category :Auditing 0

John Joseph Flood asked:

You’re sitting at your desk when the telephone rings. The Department of Transportation has just told you that a safety audit will be done on your transportation company. Is your company prepared?

If you’re an owner or a manager of a trucking company, you do not have to panic when the time comes for a DOT audit. Properly training your management team so that they understand the DOT regulations will ensure that your company is operating in compliance at all times. When a trucking management team fully understands what the DOT expects, an unexpected check of the records can be painless and stress free for everyone that is involved.

What is the purpose of a DOT safety audit?

When DOT performs a their check they are there to evaluate the company’s performance in safety and to ensure that all record-keeping meets their requirements. Below is a review that covers the typical safety audit, and what they look for. The audits vary from state to state. There packets are available in every state that will instruct you on how to keep in compliance.

It is recommended that you ask for a DOT safety audit packet that is relevant for your area of operations. The packet will explain all DOT regulations that you must follow.

An audit typically involves six categories that will be inspected. General, Driver, Operational, Vehicle, Hazardous Materials and Accidents.

General:

A company needs to show that they have proper liability coverage. All required documentation will be listed in the packet that covers your area. Dot safety auditors will also request to view the company’s accident register. All recordable DOT accidents must be listed. The accident register has to be in place, even if there are no recordable accidents.

Under the general review, vehicle markings could also be inspected to ensure proper markings on all commercial vehicles. DOT will also review all training records that involve transportation safety and any other training records that involve their regulations.

Driver

DOT safety audits will review every driver’s CDL, qualifications, and alcohol and drug testing records. Management must also have a means of tracking CDL expiration dates. Under the driver category, there are several mandatory documents that are required. You can get the full list of requirements in a DOT safety audit packet.

Operational

Any company that operates a commercial motor vehicle must have record-keeping detailing driver’s hours of service. DOT safety auditors expect at least 6 months of driver logs.

Vehicles

In this category, DOT safety audits want to see detailed record-keeping of each commercial vehicle that includes maintenance, repairs and inspections.

Hazardous materials

DOT safety auditors will want to review all Hazmat related documentation that can include licenses, storage, labels, placards, training and endorsements.

Accidents

Because safety is the main concern, all driver accidents and injuries will be reviewed for proper documentation to ensure all regulations were met.

A company that has a management team that follows all regulations when handling everyday operations will likely be in compliance during a safety audit. Company’s can request a DOT safety audit packet through their state Department Of Transportation office and the packets are also available online.

Create a video blog

Audits, Commercial Vehicles, Dot Regulations, Liability Coverage, Safety Auditors, Transportation Company, Transportation Safety, Unexpected Check

Auditing Software – Useful For Businesses

April 30, 2010 Category :Auditing 0

Francisco Segura asked:

Auditing Software is the charter accountants of future. Computer being a very important mode of calculation in the field of science also plays an important role in internal accounts of any business. Paperless auditing is no more a term for future. IT sector is backbone of any company and for any country. But we also know that software’s are more risk prone in case of security .But to maintain the efficiency they take such risks and make their own software’s. Any software used to keep a check on daily happenings of the company n record the transactions are called accounting software’s. But the most important part of any accounting year is final audit.It is seen or maybe noticed that human ability of auditing can have some disadvantages and are less efficient and also time consuming. In many of the companies all main and important transactions are handled by IT systems. This ensures good management, speedy decision making. To trust on such systems companies keeps a check by regularly testing internal controls within their IT technology department. Auditing Software is a revolution in the field of accountancy.Technology and software’s have played a remarkable role in practice of internal audit. It has increased efficiency and consumes less time than humans.But what is audit software?Due to audit software’s, technology has taken over humans. This has reduced the number of audit professionals in the company and increased productivity without a corresponding staff. Obviously role of such auditing software is increasing; many internal audit departments are frequent users of IT systems in their organization. They even share their information electronically. They even use telecommunication services. Such innovations have increased the efficiency of internal audit. Before auditors had to fax the information to head office now with the help of auditing software with just a click the information is sent across countries. Many auditors are using auditing software to change the role of internal audit in their organizations.Using Such Auditing software auditors are able to provide more valuable services to management1. Standardization2. Elimination of human process3. making database of international information4. Showing if any risk.Most significant boon of such accounting software’s is that it is less time consuming. An auditor spends maximum time on site at different locations. This means taking less time we can increase our productivityAfter the process of audit it is communicated to different locations. The data can be communicated in the form of Video conference. Audit work or work samples can also be sent via email and file transfer. Audit analysis can also be saved in personal computer thus it can be accessed many times.But a number of auditors feel that software has a very little effect on the efficiency of audit analysis. How ever it has helped many companies to finish their work in time and increased productivity.

Caffeinated Content – Members-Only Content for WordPress

Accounting Software, Audit Professionals, Auditing Software, Backbone, Charter, Efficiency, Internal Accounts, Own Software

PCI DSS Compliance – The How to of Becoming a Compliant Merchant

April 25, 2010 Category :Auditing 0

Marc Trimble asked:

The name PCI which means Payment Card Industry is created by the major credit card industry namely Visa, MasterCard and American express. The PCI DSS is compliance for all merchants and all business owners who offer a credit card as the payment option for transaction over the internet. Demand of this type of compliance is increased as the cases of security breaches and fraudulent transaction are increasing over internet.

This compliance will ensure the buyer that the credit card information he is using to buy a product will be secure and the data stored on merchant’s side will not be used without the permission of card owner. There are many cases in which the merchants who have been failed to comply with these regulations have ended up with stolen data or sensitive information of customers.

If you offer a product of your business on internet, it is very essential that a secure portal must be maintained. Means a portal which store or processes the credit card data of a customer must be encrypted or secured by other means. Many online transaction the servers on which the product website is hosted, become the security issue for the user world. There are hosting provider which ensure the security by SSL (secure socket layer) or by other means. But all these security can be breached. With the advancement in technology it is no longer an issue for a hacker to stole your personal data even it is stored on your personal laptop and your network do not have any firewall installed on it.

The merchants are obliged to store or process the consumer’s data securely. The web servers on which the data or a card owner is stored must be tested on regularly basis in addition to this it must be monitored with daily activity using ASV.

Always keep in mind if you are getting the PCI compliant it is just like an investment which get you the trust of your customers and ensuring the security. If your business is PCI compliant your consumers will have assurance and confidence in using their credit cards for transactions.

Kansieo.com

Business Owners, Firewall, Fraudulent Transaction, Internet Demand, Payment Option, Pci Compliant, Personal Data, Visa Mastercard

PCI DSS Compliance – Be in Control in Four Moves

April 23, 2010 Category :Auditing 0

Mark Kedgley asked:

The security standard calls for a broad range of security measures, but beyond the use of firewalling, intrusion protection systems and anti-virus software, the understanding of the requirements and responsibilities of the merchant are very often poorly understood.

This guide simplifies the scope of the balance of PCI DSS measures to just four areas.
- File Integrity monitoring
- Event Log centralization
- Security Vulnerability scanning for device hardening
- Change Management process
Understanding and implementing measures to address these four areas will make any QSA happy and get you compliant – and keep you compliant – in no time at all.

File Integrity Monitoring

As a mandated dimension of the PCI DSS, FIM verifies that program and operating system files have not been compromised.

Why is this important? The principal benefit of using FIM technology is to ensure that malicious code has not been embedded within critical application and operating system files. The insertion of a ‘backdoor’ or Trojan into core program files is one of the more audacious and elegant forms of hacking, and also one of the most dangerous.

The PCI DSS (Payment Card Industry Data Security Standard) specifies the following “Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly” and also that for log files “Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert)”.

Contemporary compliance management technology will provide pre-defined templates for all folders and files that should be tracked for File-Integrity, also allowing you to specify additional program folders and files unique to your environment, for instance, your core business applications.

File Integrity Monitoring technology conducts an initial inventory of all filesystems specified and ‘fingerprints’ all files using secure hashing technology, generating a unique checksum for each file. The system will then audit all files being tracked on a scheduled basis every 24 hours (even though the PCI DSS calls only for weekly checks) with any changes, additions, deletions or modifications being reported to you.

The latest generation of File Integrity Monitoring software also operate in a ‘live tracking’ mode for ultra-secure environments where file changes are detected and reported in real-time.
Other options to consider are to track and identify actual changes to file contents, useful when tracking configuration files to provide you with a complete audit trail of change history – this can be applied to any form of files such as text and xml.

Continuous Vulnerability Scanning

All security standards and Corporate Governance Compliance Policies such as PCI DSS, GCSx CoCo, SOX (Sarbanes Oxley), NERC CIP, HIPAA, HITECH, ISO27000 and FISMA require Windows and Unix Servers, workstations, and firewalls, routers and switches to be secure in order that they protect and secure confidential data.

‘Hardening’ a device requires known security ‘vulnerabilities’ to be eliminated or mitigated. A vulnerability is any weakness or flaw in the software design, implementation or administration of a system that provides a mechanism for a threat to exploit the weakness of a system or process. For the PCI DSS, it is a requirement that all ‘within scope’ sites are scanned for vulnerabilities every quarter. This gets expensive in a large scale, multi-site estates, as well as being a time-consuming management overhead.

Perhaps the biggest issue is that the results of any scan are only accurate at the time of the scan – any configuration changes made after the scan could render devices vulnerable and in a worst case scenario, devices could be left vulnerable to attack for a 3 month period. The ideal solution is to continuously track configuration changes. This is the only real way to guarantee the security of your IT estate is maintained. Using continuous configuration tracking technology allows you at any time to see the Compliance Score of any server and which settings need to be changed to re-harden the config. Any changes made should be reported, including Planned Changes which should also be reconciled with the original Request For Change or RFC record.

Secure, Centralized Event Log Management

Log analysis is a key weapon in the fight against any cyberattack. By gathering logs from all unix and windows servers, applications and databases, firewalls and routers, the method and pattern of an attack can be understood. Identifying the method and source of any attack allows preventative measures to be continually improved. This is why all security policies place log retention at their core. PCI DSS compliance requires logs to be gathered and reviewed daily, and retained for at least one year. Similarly for GCSx Code of Connection or CoCo compliance – Audit logs recording user activities, exceptions and information security events are to be retained for at least 6 months.

For any compliance initiative, it will be necessary to gather logs from all
- Network Devices
- Windows, Unix and Linux servers
- Firewall or IPS and IDS devices, Email and Web Servers
- Database and Application servers – even IBM Mainframes
- All other potentially useful sources of log information

Although the scope of most compliance standards will be largely satisfied at this stage, far greater value can be extracted from Centralizing Event Logs. Contemporary event and audit log management technology ensures all event logs are analyzed and correlated automatically, applying a comprehensive series of rules pertinent to any Security or Governance policy. Any breach of compliance will be alerted immediately allowing pre-emptive action to be taken before a problem arises. The best log management solutions provide pre-defined rules templates, allowing you to be in control of compliance straight out of the box.

The following is a checklist of features available in today’s best log management software –
- All Security and Governance Policies supported via pre-packed Compliance Rule Templates
- Real Time Security Warnings i.e. violation of file integrity monitoring rules
- PCI DSS and GCSx Code of Connection supported ‘out of the box’
- Web-based Dashboard and integration with Servicedesk as standard
- Powerful, keyword-based Event Log mining across any combination of devices and applications
- Complete solution for all Security Information and Event Management (SIEM) requirements

The latest generation of centralized log server software allows you to focus on true exceptions and important events by masking off the sometimes overwhelming flood of logs. Use the pre-built Compliance Templates and build your own keyword and logic-based correlation rules, allowing you to manage what really matters to your organization from a security and compliance standpoint.

Change and Configuration Management

ITIL Best Practises identify Change Management as one of the key, central processes that should be understood and assimilated into an IT Service Delivery operation. Change Management as a process is intended to ensure that when changes are made, they are first verified as being completely necessary and adding some value to the organization, and if so, that changes are then well planned, documented and clearly communicated to ensure any potential negative impact from the change is understood and eliminated or minimized. The entire experience and knowledge of the enterprise is harnessed and greater efficiencies can be gained from ‘one visit’ fixes – i.e. a number of required changes can all be delivered during one planned maintenance window. A well maintained Configuration Management Database (CMDB) will often be used as a means of better understanding the ‘downstream’ effects of changes and or their impact on a number of critical business services.

Crucially for any organization subject to Corporate Governance-driven security standards, changes to any IT system can affect its security. Installing application updates may introduce new vulnerabilities and making any configuration change may also render systems less secure and more prone to a security breach. The latest change and configuration management software tracks all changes to your infrastructure, exposing all unplanned changes and reporting clearly on the intended – and uniquely, the actual outcome – of any planned change. All network device configurations are automatically and securely backed up, with the option to remediate any unauthorized configuration change. Server configurations are tracked against either pre-defined security policies or your own personalized policy, with any deviations highlighted.

And once firewalls, servers, workstations, switches and routers are all in a compliant state, you need to ensure they remain that way. The only way to do this is to automatically verify configuration settings on a regular basis. Why? Because unplanned, undocumented changes will always be made while somebody has the admin rights to do so – legal or otherwise! The configuration change tracking solution will alert you when any unplanned changes are detected as well as keeping an audit trail of planned changes, reconciled with the request for change details.

This provides a unique ‘Closed-Loop Change-Management Safety Net’ – when changes need to be made to a device it is vital to ensure that changes are approved and documented – we make this easy and straightforward, reconciling all changes made with the RFC or Change Approval record. An open API allows integration with most service/help desks or other change management systems to establish a link between the change approval process and the actual changes that are made.

Caffeinated Content – Members-Only Content for WordPress

Content Files, Core Business, Core Program, Critical System Files, Detection Software, Management Technology, Monitoring Software, Unauthorized Modification

PCI DSS Requirement 12 – Maintain an Information Security Policy – Important Tips and Strategies

April 14, 2010 Category :Auditing 0

Charles J Denyer asked:

What’s important to note about PCI DSS 1.2 compliance is that its much more than firewalls, routers, switches, and numerous other network devices; commonly called “system components” in the world of PCI.

Addresses, Compliance, Data Security, Firewalls, Manpower, Phrases, Switches, Undertaking

Franchise Regulations VS Multi Level Marketing Laws

April 8, 2010 Category :Auditing 0

Lance Winslow asked:

There is a huge rift between the laws governing Multi Level Marketing and Franchise Regulations. And there is also a huge enforcement gap. In fact there is so much over regulation in Franchising, that the regulatory agencies have really hurt America and entrepreneurship.

Franchise sales people are very closely regulated as to what they can and cannot say. In fact even if something is true they are not allowed to say it without empirical proof, proof which costs thousands of dollars to produce. Yet an mlm company can have people sitting in coffee shops running off at the mouth, telling everyone it is a private “Franchise” and say whatever they want.

You see as real franchisor; to be a franchise, has to pay $35,000 for franchise documents, $40,ooo a year for audits, $25,000 per year to stay registered in all the registration and notification states, yet these mlm folks pay little if anything and call their businesses a “private-franchise” they just made up that word? So why can’t I call my business, which is a real franchise a “Private Franchise Washing Club” and skip all the rules? I own CarWashGuys.com you see. Or can I simply call it a “Franchise Religion” and skip all the requirements, like the Catholic Church, which resembles a franchise even more than a modern franchise does.

We have double standards, as the mlms do not monitor their sales folks and the government can call a real franchisor a “Fraudster” make up false declarations file them against the founders and their company. A company, which the founder may have worked their entire life to build up; ***** that crap. Where is fair? It is all a lie really.

So whereas we can talk about political reform in the mass media all day; what about regulatory reform, bureaucracy reform? How can we call an honest business man a crook and then let 40,000 per day meetings at coffee shops blow smoke up the rears of unsuspecting recruits of mlm companies, using trickery, vagueness, dodging questions, etc. If a franchisor did that in franchising, they would throw them in jail. And even if they did nothing wrong of the sort, well someone could say they did, how could anyone prove they didn’t kick their dog? My dog cannot speak English; can yours? Think on this in 2006.

Caffeinated Content

Business Man, Empirical Proof, Franchise Sales, Honest Business, Mlms, Proof Proof, Rears, Trickery

Church Audit – How to Prepare For a Nonprofit Or Church Audit

April 3, 2010 Category :Auditing 0

Vickey Boatright asked:

Whether it is an external or internal nonprofit or church audit, there are certain steps you can take to prepare for it. First of all…take a deep breath… an audit is not a reflection on the competence or integrity of your financial staff. Rather, it is a routine procedure designed to protect both your staff and your church or nonprofit.

Second…you need know what your nonprofit or church audit should accomplish.

An audit should:

Independently verify the reports of the treasurer(s); Follow the funds and see if proper steps are being taken in handling them; Document that donated funds have been used as stipulated by the donors.

In addition to tracking the cash through the system, an auditor typically will evaluate:

Accounting controls (systems that reduce the possibility of loss or errors); Segregation of duties (assurances that more than one person is involved in critical steps in handling money so that there can be checks and balances); Reasonableness of systems and procedures in the light of all factors, including the size of the organization and its budget; Adequacy of insurance coverage; Records that show donors’ stipulations for the use of contributions made to your organization.

Third…now that you know what your nonprofit or church audit should accomplish…let’s look at what kind of information the auditor is going to need to look at.

Whether it is an external or internal audit, there are certain documents you will need to have available.
They are:

Copies of all your organizations policies and procedures related to finance and treasury functions and copies of minute approving those policies. Listing of all bank and investment accounts, including the person authorized to sign on each, and including any special use accounts under the control of the pastor(s) or administrator and in the name of the nonprofit or church. All financial statements for each month of the year, plus December of the prior year and January of the subsequent year (a fourteen month period). Bank and investment account statements for the same period. Bank reconciliations for that same period. Original books of entry, which will be the general and subsidiary journals; for those books that are computerized, a print-out of all transactions by account for the entire year. All paid invoices, payroll data and files (including 941′s, year-end W-2′s, 1099′s and transmittal forms), income transmittals and deposit records for the fourteen month period. The Financial Secretary’s records and other income records for the same period.

Remember…the purpose of internal audit procedures is to ensure that the organization’s system of internal controls is operating as intended. Also remember…conducting an audit is not a symbol of distrust…it is a mark of responsibility.

Caffeinated Content

Competence, Critical Steps, Deep Breath, Integrity, Internal Audit, Policies And Procedures, Proper Steps, Routine Procedure

Understanding the Role of a Safety Management Consultant

March 29, 2010 Category :Auditing 0

Louis D Dale asked:

Organisations interested in becoming licensed self insurers should consider enlisting the help of a safety management consulting company to assist with all stages of the application and assessment process. Self Insurance is the practice of taking on the responsibility and liability of underwriting, assessing and paying out worker’s compensation claims in-house.

In the right situation, this can prove a sound financial move for businesses but also carries with it a great deal of responsibility in terms of regulatory requirements and ongoing assessment. It also requires a sound understanding and practice of managerial programs within a company, all of which are subjected to intense and ongoing auditing procedures. All of this regulation can seem overwhelming, which is why bringing a safety management consulting company on board is a wise decision.

What Does a Safety Management Consultant Do?

A Safety Management Consulting company specialises in risk management. From an in-depth and up-to-date knowledge of OHS best practises to a deep understanding of legal requirements organisations face, to ongoing advice and consulting services on the implementation of management programs, safety management consultants are experts in the field and an excellent source of confirmation on all manner of questions organisations may encounter. A safety management consultant can also create customised industry specific OHS management programs which is an advantage both for meeting and maintaining self insurance assessment criteria.

How To Choose A Consultant

One of the easiest ways to find an excellent consultant is to network with other organisations who have had similar experiences and find out who comes highly recommended. If you have a particular problem you need help with it is advisable to choose a consultant based on their experience with similar situations, or alternatively to find a consultant or consultancy firm that specialises in your particular industry. References from other clients are a good benchmark, as are qualifications and membership to associations.

The Process

Once you’ve enlisted the help of a quality safety management consulting firm, the way to proceed will be determined based on the specific requirements of your organisation. Whether you need advice on OHS management systems, need a system designed, or need to discuss certain challenges involved with either an application for or maintenance of a self-insurer’s license, a detailed program will be discussed and decided upon and your consultant can advise you as to how to move forward.

With something like self insurance, millions of dollars can be involved in small mistakes or oversights, and especially for an organisation unfamiliar with the often complex legislature, it is a wise investment to double-check decisions with a qualified and experienced consulting firm.

Caffeinated Content

Compensation Claims, Insurance Assessment, Management Consulting Company, Management Programs, Managerial Programs, Regulatory Requirements, Self Insurance, Wise Decision

Insurance Premium Audits For Contractors – How to Avoid Getting Overcharged in an Audit

March 20, 2010 Category :Auditing 0

Don Bury asked:

WHAT DO CONTRACTORS NEED TO KNOW ABOUT PREMIUM AUDITS? Most contractors find they are subject to premium audits from insurance companies for general liability, workers compensation, and sometimes for automobile, and even builders risk insurance policies. This applies most types of contractors, including general contractors, plumbing contractors, heating ventilation and air conditioning (HVAC) contractors, electrical contractors drywall contractors, painting contractors, roofing contractors, and so on.

A premium audit is a review of your business operations, financial reports, and records to determine what to charge you for your contractor liability insurance, workers compensation, or other coverage provided. The objective is to determine the final earned premium for a given policy that was issued on the basis of payroll, sales, subcontracting costs, or other variables.

Policy premiums are based on projections you provided for payroll, sales, and perhaps subcontractor costs. Your insurance rates can vary based on this information, the audit determines what the correct premium should be based on your actual experience.

The audit is performed by an auditor selected by the insurance company. They may be an employee of the insurance company, or an employee of an auditing firm, or even an independent contractor.

THERE ARE THREE TYPES OF PREMIUM AUDITS. Depending on the size of your premiums and your operations you may get one of the following:

Physical Audit – Conducted at your premises or at a secondary location such as your accountant’s office.

Phone Audit – An auditor contacts you over the phone to complete the audit. This type of audit is generally for small- to mid-sized accounts.

Mail Audit – A voluntary audit form with instructions is mailed to you. Mail audits are generally conducted for smaller accounts.

RECORDS AUDITORS MAY ASK TO SEE: Auditors are likely to ask for one or more of the following types of records:

Journals and Ledgers
Tax filings Individual
Pay Records
Time cards
Vehicle titles
Contracts with clients
Contracts with subcontractors
Records of Job Costs
P&L Statements
Balance Sheets

QUESTIONS AUDITORS MAY ASK The auditor will likely ask questions about your records or operations. They may be asking questions to determine if the correct classifications are being applied. If an auditor decides your operations are not correctly classified, it can have an unwelcome surprising result of a large audit billing. Make sure you understand your classifications, and how the boundaries of your particular classifications are defined.

If an auditor questions the use of any classifications, they may ask to see some actual work being done by your employees.

It is important to understand credits you are entitled to in audits.

Insurance classification and rating rules often allow credits to your audit, but your records must be maintained to provide the necessary information in detail and summary form.

If premiums are payroll based, you will pay for total remuneration as defined in the policy.

Remuneration in most states, means money or substitutes for money, and includes:

Bonuses
Commissions
Holiday Pay
Other Money Substitutes
Overtime Pay
Payments made to Profit Sharing Plans
Payments made to statutory benefit plans
The value of board and lodging
Tool Allowances
Wages

Understand the following concepts and definitions to help make sure you avoid overpaying from an audit.

OVERTIME
In most states, the amount attributable to overtime in excess of the regular time pay rate may be deducted. It must be clearly identified in your records. Excess pay for overtime must be clearly segregated in the payroll records.

DIVISION OF PAYROLL
Division of an individual employee’s payroll to more than one classification is not allowed, except for construction or ******** operations and/or certain executive officer classifications. When payroll is divisible, daily time card must be kept allocating the work to different classifications. Failure to keep daily time cards may result in all payroll of an employee getting assigned to the highest rated classification.

SUB-CONTRACTORS
Avoid becoming responsible for injuries to employees of subcontractor, by obtaining certificates of insurance naming you additional insured. Check your contracts with your subcontractors to make sure you are held harmless and properly protected by indemnification clauses. Auditors look to see if you have adhered to the terms in your policy as respects to your subcontractors. Sometimes audits go bad when the certificates are not in place, or the auditor decides payments to subcontractors are really wages to employees.

AUTOMATED RECORDS
Set up your automated records to provide audiors what they need, and you will find your audits go smoothly, and save you lots of time in the future.

DOCUMENTS YOU MAY BE ASKED FOR AT AN AUDIT
Accounts payable journal and cash dispersements
A/R journal
All vehicle leases, including but not limited to, owner-operator leases
Annual income tax statements
Documents supporting entries in the journals and financial statements
Driver and vehicle logs
Expense journal
Income Statements
Monthly Individual earnings reports
Payroll records including the payroll journal
Quarterly 941′s
Registrations for owned vehicles
SUI’s (State Unemployment Reports – DE 6′s in California)
General and subsidiary sales ledgers
All underlying journals

Create a video blog

Auditing Firm, Independent Contractor, Insurance Premium, Mail, Phone Audit, Policy Premiums, Roofing Contractors, Sized Accounts

Policies and Procedures "Control Points" – Make Sure Your Policies and Procedures Are Followed

March 3, 2010 Category :Auditing 0

Stephen Page asked:

Policies and procedures writers have been faced with the dilemma of finding ways to get people to follow the content of policies and procedures for decades. Writers have tried everything from:

Training Communications Coaching and Mentoring Hand-holding Newsletter articles Posting on a bulletin board Videotape, DVD Auditing And much more

These traditional methods can work in some cases but let’s be honest, unless these traditional methods are routinely done, there is no way to ensure that policies and procedures are followed.

There are some “sure-fire” methods to ensure policies and procedures are followed. My two favorites are “Control Points” and “Buy-In”. As I have written articles on “Buy-In,” I won’t focus on it other than to say that “If you solicit the help of your users as you are writing policies and procedures, then the chances of those users following the policies and procedures are much higher.”

On to “Control Points”:

Policies And Procedures, Policies Procedures

Page: 15 of 17 « Previous 1 ... 10 11 12 13 14 15 16 17 Next »

Search for:

Recent Posts

Bookkeeping Software Reviews: Review the Best Bookkeepers

What is the Difference Between Bookkeeping and Accounting?

Understanding CPT Code 28510 – Billing for Fracture Care Follow-Ups

Bookkeeping Outsourcing – How To Get Started

Disability Benefits: Disabled Adult Child Benefits

Recent Comments
Mr WordPress on Hello world!
Archives

May 2012

April 2012

March 2012

February 2012

January 2012

December 2011

November 2011

October 2011

September 2011

August 2011

July 2011

June 2011

May 2011

April 2011

March 2011

February 2011

January 2011

December 2010

November 2010

October 2010

September 2010

August 2010

July 2010

June 2010

May 2010

April 2010

March 2010

February 2010

January 2010

Categories

Acounting

Auditing

Billing

Bookkeeping

Cash Flow

Tax

Uncategorized

Meta

Log in

Entries RSS

Comments RSS

WordPress.org