Annexure B
Commercial CrimeProposal
Proposer Details
1.Name of Company (Include details of Subsidiary and/or Associated companies)
NATIONAL REGULATOR FOR COMPULSORY SPECIFICATIONS
2.Date Established
1 SEPTEMBER 2008
3.Head Office Physical Address
SABS CAMPUS, 1 DR LATEGAN ROAD, GROENKLOOF, PRETORIA, 0181
4.VAT Registration No:
N/A ESTABLISHED UNDER ACT OF PARLIAMENT
- Nature of Operations
REGULATORY ENTITY UNDER THE DEPARTMENT OF TRADE AND INDUSTRY. REGULATING PRODUCTS FOR PUBLIC HEALTH, SAFETY AND ENVIRONMENTAL PROTECTION.
______
- Annual Turnover
REFER TO THE ANNUAL REPORT AND THE STRATEGY PLAN
- Number of Locations
Domestic: 5
Foreign : 0
______
- Number of Employees
Previous year: ______292 (2013/14)
Current year: ______302 (2014/15)
Next year: ______319(2015/16)
9.Current Market Value of all Pension and Employee Benefit Plans
EMPLOYEE BENEFITS OBLIGATIONSR23 MILLION
10. Name of parent company (if applicable)
N/A
Audit and Corporate Governance
9.Do External Auditors audit all operations at least annually?.______Yes
10.(a)Have all recommendations by External Auditors regarding internal controls been complied with, following your last audit? Yes
(b)If “no”, please provide details.
11.Is there an Audit Committee which monitors the effectiveness of internal controls and reports directly to the Board? Yes
12.(a)Does management support the principals of transparency, integrity, accountability and
accordingly endorse “The Code of Corporate Practices and Conduct” as set out in The King Report on Corporate Governance? Yes
(b)If “no”, please briefly explain reasons for areas of non-compliance.
13.(a)Do you have an Internal Audit Department?...... ______Yes
(b)Do they have an established audit cycle for all operations? ______Yes
(c)Are all recommendations by Internal Auditors regarding internal controls complied with? Yes
(d)If “no”, please provide details. ______
______
______
Recruitment Procedures
14.State the number of employees in each of the following, departments
Executive management3
Management54
Accounts/Financial
With access to money6
Without access to money16
Others:
Inspectors141
General Administration81
TOTAL NUMBER302
15.When recruiting or promoting employees to positions of trust involving handling of stock, money, financial or treasury functions, do you:
(a)undertake independent checks into their employment history? ______Yes
(b)undertake independent checks into criminal record and financial history? Financial record yes and no criminal checks
(c)undergo a process to ensure their suitability for the position? ______Yes
Internal Financial Controls
16.Are comprehensive management and reporting accounting structures, budget control and budget variance analysis and processes operative within the company? Yes
17.Through management reporting levels and variance analysis are adverse and positive variances investigated? Yes
18.Have operational and system manuals and procedures formally been defined with respect to each activity? Yes
19.If not, how is effective control maintained over the activities?
N/A
20.Are wages/salaries independently checked against personnel records for unusual or excessive payments? Yes
21.Are duties segregated so that no individual can control any of the following activities from commencement to completion without referral to others;
(a)signing cheques or authorising payments (including capital expenditure).Yes
(b)issuing funds transfer instructions?...... Yes
(c)amending funds transfer procedures?...... Yes
(d)opening new bank accounts?...... Yes
(e)investment in and custody of securities and valuables (including bank cheques, traveler’s cheques, bills of exchange etc.)? Yes
(f)refund of monies or return of goods?...... Yes
(g)disbursement of assets or funds of any Pension Plan?..N/A
(h)awarding contracts following a tender?...... Yes
22.Is all supporting documentation validated before authorising payments?____Yes
23.Are statements of accounts sent to customers independently of employees receiving payment? Yes
24.Are bank statements independently reconciled with customer accounts by persons not authorised to deposit/withdraw funds, issue funds transfer instructions or dispatch accounts to customers? Yes
Stock and Physical Security
NRCS DOES NOT MANUFACTURE OR OFFER ANY PRODUCT FOR SALE. IT IS PURELY A SERVCE DRIVEN BUSINESS.
NRCS DOES NOT ACCEPT CASH FOR PAYMENT OF SERVICES
25.Describe your system, for purchasing goods
NA
26.Describe you stock (separately for raw materials and finished goods, if applicable)
N/A
27.Describe the controls applied to stock arriving on the premises, movement within the premises and stock leaving the premises.
N/A
28.Is there controlled access to all locations?...... N/A
29.Are all premises containing stock, money, securities, precious metals etc. connected to an intruder alarm? N/A
30.Are intruder alarms maintained in proper working order and connected to a central station or
a police station?...... N/A
31.Is an independent physical count of stock, raw materials, work in progress and finished goods undertaken at least quarterly and is this count reconciled against stock records?
...... N/A
32.What action is taken upon discovery of discrepancies between inventory and stocktake?
N/A
33.Is the transfer of money and securities usually made by a security or professional cash carrying company? N/A
34.What is the maximum value of money, securities, precious metals and/or jewellery at any one location:
(a)during business hours?...... N/A
(b)outside business hours?...... N/A
Suppliers/Service Providers/Outsourcing
35.Do you maintain an approved suppliers list?...... ______Yes
36.Are suppliers, service providers and outsourcing companies vetted for competency, financial stability and honesty before being approved? Yes
37.Are all suppliers, service providers and outsourcing companies appointed under written contract? Yes
38.Are procedures in place to assess the suitability of trustees; fiduciaries; administrators or officers of any of your Pension Plans? Yes
39.(a)Do you outsource any activities to third party service providers Yes
(b)If “yes”, please detail the services provided.
CONSULTING SERVICES
40.Do you audit outsourcing companies during the term of their contract?__Yes
41.If the service provider or outsourcing company operates on your premises are their employees under your daily management control? Yes
Computer Systems
42.Are unique passwords used to give various levels of entry to the computer depending on the users authorisation? Yes No
43.Are passwords automatically withdrawn when people leave?______Yes
44.Are all amendments to programs approved independently of the persons making the amendments? Yes
45.Are programs protected to detect unauthorised changes?...______Yes
46.Is your computer system “firewall” protected to prevent unauthorised access? Yes
47.Is your computer system protected by virus detection and repair software? __Yes
48.Are your electronic data processing operation audited regularly?______Yes
49.Has a security policy, which addresses security objectives, top management level support and high level security principles e.g. access profile, compliance conditions etc., been introduced and implemented? Yes
50.Do persons other than employees have physical or electronic access to you facilities? Yes
51. If yes, describe circumstances and controls in effect.
ONLY AUTORISED CONTRACTORS GIVEN LIMITED ACCESS
52.Do you operate “Remote Access Systems” which allows users to dial into the network and have the same access as if they were in the office? Yes
53.If yes, provide a brief overview of the controls over “Remote Access”
REMOTE ACCES IS PASSWORD PROTECTED AND ONLY USERS WITH
REMOTE ACCESS RIGHTS CAN ACCESS THE SYSTEM
54Does the Internal Audit staff have the qualifications to and do they review the work of external consultants to check for programming faults, errors and fraud?
Yes
55If you do not have an Internal Audit Department how do you and/or your independent External Auditors/Accountants review the work of external consultants to check for programming faults, errors and fraud?
MAKE USE OF CO-SOURCED AUDIT PARTNERS
56Is anyone other than your employees allowed access to your computer system? Yes
If so:
a)Which computer systems are they allowed to access? What restrictions or parameters are placed on their access?DATABASES AND BUSINESS APPLICATIONS
b)Who overseas their activity?IT MANAGEMENT
c)What safeguards are in place to prevent access to other systems?ACCESS RIGHTS
d)Do you review the changes/alterations made to your computer systems before going live and releasing to end users? If yes, how often? How do you identify deviations from the approved parameters? If one occurs, how is this handled?YES ALL SYSTEMS ARE REVIEWED ON THE DEVELOPMENT ENVIRONMENT BEFORE GOING LIVE
e)What is the scope of the background check performed in respect of all such individuals before being approved to start work for you?BACKGROUND CHECKS ARE DONE ON A COMPANY LEVEL
57Do you have a contingency plan to provide specific safeguards against employee theft or crime exposures affecting payroll, accounts receivable accounts payable, inventory systems, funds transfer and security systems in the event of a crisis such as a power outage or extended computer system failure? Please provide details.
THE IT INFRASTRUCTURE IS HOSTED AT A REMOTE DATA CENTER AND IN THE CASE OF POWER OUTAGES THERE IS BACKUP POWER. THERE IS ALSO A DISASTER RECOVERY SITE IN CASE OF A DISASTER AT THE PRODUCTION SITE ALL SECURITY IS HANDLED AT THE DATA CENTER AND POWER OUTAGES ON SITE WILL NOT AFFECT SYSTEM SECURITY.
Fund Transfers
“Fund Transfers” means any instructions (other than cheques) given to a Financial Institution to pay or deliver funds.
58.What is the approximate annual value of fund transfers?...Cover required for R15 MILLION
59.Please specify the method of instruction (e.g. written, electronic, computer, telephone etc.).
ELECTRONIC - INTERNET BANKING
60.Can payment instructions be made to any account which has not been pre-agreed?
...... ____Yes
61.Is the financial institution required to authenticate the instruction before payment is released? No
62.Please provide a brief description of the methods used to secure fund transfers (e.g. passwords, encryption, code words, call back).
DUAL SIGNATORIES
NORMAL BANKING SECURITY PASSWORDS
TWO TIER APPROVAL PROCESS ( A AND B SIGNATORIES
Plans and Policies
63.Do you maintain a written crisis management or contingency plan covering procedures following kidnapping or extortion? Yes FOR NORMAL BUSINESS INTERRUPTIONS AND NOT FOR KIDNAPPING OR EXTORTION
64.Do you maintain a written anti-fraud policy which is distributed throughout your organisation? Yes
Loss History
65.(a)Please provide brief details of any losses (of a type covered by this insurance)
sustained during the past five (5) years and before application of any deductible, retention or excess whether insured or not. (Please include date discovered, location, nature of loss and amount).
R120 000.00 FRAUD. AN INDIVIDUAL WITH ACCESS TO THE INTERNAL FINANCIAL SYSTEM AMENDED BANKING DETAILS IN THE BACKGROUND. AS THE TRANSFER WAS MADE THE MONEY WAS DIVERTED IN TO A WRONG ACCOUNT, APRIL 2010.
(b)Please describe what corrective measures were taken to prevent similar losses.
IMPROVED SYSTEM SECURITY AND AUDIT TRAILS