View
2
Download
0
Category
Preview:
Citation preview
A Work Project, presented as part of the requirements for the Award of a Master Degree in
Finance from the NOVA – School of Business and Economics.
SUPPLEMENTARY APPENDICES
of the Work Project
DESIGN AND IMPLEMENTATION OF AN ASSURANCE MAP AT SONAE RETAIL
BUSINESS
ANA SOFIA MURTEIRA PIMENTA DE CASTRO (1033)
A Project carried out on the Master in Finance Program, under the supervision of:
Associate Professor Maria João Major
JANUARY, 2016
2
Appendix A – Illustration of the Three Lines of Defence Model
Source: IIA, 2013.
3
Appendix B– Chronological Plan of the Internship
Tasks Month Setembro Outubro Novembro Dezembro Janeiro
Week 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2
Phase 1: Search and analysis
of concepts related with the
subject and the organizational
context.
Phase 2: Definition of project
objectives
Phase 3: Development of
Business Processes List
Phase 4: Identification of
assurance sources at the
company
Phase 5: Establishment of
evaluation criteria for the
assurance level
Phase 6: Inquiries preparation
Phase 7: Development of the
framework model
Phase 8: Operationalization of
the map through the inquiries
application - Inquiries 3rd Line
of Defence
Phase 8: Operationalization of
the map through the inquiries
application - Inquiries 1st Line
of Defence
Phase 8: Operationalization of
the map through the inquiries
application - Inquiries 2rd Line
of Defence
Phase 9: Definition of KPIs
per process
Phase 10: Analysis of results
and improvement of model
framework
Creation of a User Guide
Literature Analysis and
Working Project
4
Appendix C – Schematic illustration of the Methodology and Sources of Evidence
• Phase 1: Search and analysis of concepts related with the subjetc and the organizational context.
• Phase 2: Definition of project objectives.
Previous
Analysis
• Phase 3: Development of Business Processes List.
• Phase 4: Identification of assurance sources at the company.
• Phase 5: Establishment of evaluation criteria for the assurance level.
• Phase 6: Inquiries preparation.
• Phase 7: Development of the framework model.
Design
• Phase 8: Operationalization of the map through the inquiries application.
Implementation
• Phase 9: Analysis of results and improvement of model framework.
Posterior Analysis
Documentary analysis
Meetings
Unstructured interviews
Participant observation
Documentary analysis
Meetings
Unstructured interviews
Participant observation
Documentary analysis
Meetings
Unstructured interviews
Semi- structured
interviews
Inquiries
Participant observation
Documentary analysis
Meetings
Unstructured interviews
Participant observation
5
Appendix D – List of consulted documents
Title Author Publisher Type Topic
Assurance Mapping – Charting the
Course for Effective Risk Oversight
Anthony Reyes; Natham
Ives
Audit
Executive
Center
External
Document
Assurance
Mapping
Risk and Compliance management
through assurance mapping
Ailbhe Moynihan Deloitte External
Document
Assurance
Mapping
Implementing combined assurance:
Insights from multiple case studies
Loïc Decaux and Gerrit
Sarens
Managerial
Auditing
Journal
External
Document
Combined
Assurance
King Code of Governance Principles
for South Africa 2009
Institute of Directors in
Southern Africa and the
King Committee on
governance
Institute of
Directors
Southern
Africa
External
Document
Corporate
Governance;
Combined
Assurance
Internal Audit - Handbook Sonae Internal
Document
Internal audit
procedures
Practice Advisory 2050-2:Assurance
Maps
The Institute of Internal
Auditors
External
Document
Assurance
Mapping
IIA Position Paper: The Three Lines
of Defense in Effective Risk
Management and Control
The Institute of Internal
Auditors
External
Document
Model of Three
Lines of
Defense
Integrated Auditing – Practice Guide The Institute of Internal
Auditors
External
Document
Integrated
Auditing
International Standards for the
professional Practice of Internal
Auditing
The Institute of Internal
Auditors
External
Document
Internal Audit
Assurance & Auditing Services: Christine Jubb; Larry E. Cengage External Internal and
6
Concepts for a Changing
Environment
Rittenberg; Karla M.
Johnstone; Audrey
Gramling
Learning Book External Audit
The Essential Handbook of Internal
Auditing
K H Spencer Pickett John Wiley
& Sons, Ltd
External
Book
Internal Audit
What do we know about audit
quality?
Jere R. Francis The British
Accounting
Review
External
Paper
Audit quality of
publicly listed
companies
The Transformation of Internal
Auditing
Gaurav Kapoor; Michael
Brozzetti
The CPA
Journal
External
Paper
Internal Audit
Perceptions of factors affecting audit
quality in the post- SOX UK
regulatory environment
Viviam Beattie; Stella
Fearnley; Tony Hines
Accounting
and
Business
Research
External
Paper
Internal and
External Audit
Internal Auditing Henry B. Fernald Accounting
Review
External
Paper
Internal Audit
Internal Audit: A comfort provider to
the audit committee
Gerrit Sarens; Ignace De
Beelde; Patricia Everaert
The British
Accounting
Review
External
Paper
Relationship
between
Internal Audit
and Audit
Committee
Audit committee quality, auditor
independence, and internal control
weaknesses
Yan Zhang; Jian Zhou;
Nan Zhou
Journal if
Accounting
and Public
Policy
External
Paper
Relationship
between audit
committee
quality, auditor
independence,
and internal
control
7
A Post-Sox Examination of Factors
associated with the size of internal
audit functions
Urton L. Anderson;
Margaret H. Christ, Karla
M. Johnstone; Larry E.
Rittenberg
Accounting
Horizons
External
Paper
Internal Audit
size SOX
The Relationship between Internal
Audit and Senior Management: A
Qualitative Analysis of Expectations
and Perceptions
Gerrit Sarens; Ignace De
Beelde
Internationa
l Journal of
Auditing
External
Paper
Relationship
between
internal
auditing and
top managers
The CAE as CEO Dennis Drent Internal
Auditor
External
Document
The CAE role
The Black Hole of Assurance Andrew Chambers Internal
Auditor
External
Document
Assurance
Partners in Assurance Tony Jackson Internal
Auditor
External
Document
Assurance
Optimized Integrated Assurance Dan Clemens Internal
Auditor
External
Document
Integrated
Assurance
From Compliance to the Bottom
Line
Scott Wisniewski Internal
Auditor
External
Document
Assurance
Mapping
Guidance on the 8th EU Company
Law Directive – Article 41
FERMA /ECCIA External
Document
Internal Audit;
Internal
Control
A Strategy for Providing Assurance Michael Parkinson Internal
Auditor
External
Document
Assurance
A Risk-oriented Approach Hans Beumer Internal
Auditor
External
Document
Internal Audit;
Risk
Management
2015 The Year Ahead Russell A. Jackson Internal
Auditor
External
Document
Internal Audit
The dispositive of risk management: Christian Huber; Tobias Managemen External Risk
8
Reconstructing risk management
after the financial crisis
Scheytt t
Accounting
Research
Paper Management
G20/OECD Principles of Corporate
Governance
Organization for
Economic Co-operation
and Development
External
Docuemnt
Corporate
Governance
Corporate Governance, Risk
Management and the Financial
Crisis: An Information Processing
View
Michael Pirson; Shann
Turnbull
Corporate
Governance
: An
Internationa
l Review
External
Paper
Corporate
Governance
Sonae Financial Report’14 -
Management Report
Sonae Internal
Document
Sonae
Sonae Financial Report’14 –
Financial Statements
Sonae Internal
Document
Sonae
Sonae Financial Report’14 –
Corporate Governance Report
Soane Internal
Document
Sonae
Brochura – Sonae Improving Life Sonae Internal
Document
Sonae
9
Appendix E - List of meeting and interviews
Date Duration Type Objective/ Subject Participants
14/09 30 min Meeting Introduction to the
company and
department.
Director of Internal Auditing;
Coordinator of Continuous
Auditing team; Coordinator of
Compliance and Process auditing
(Sonae SR) team
14/09 30 min Unstructured
Interview
Assurance Mapping.
Coordinator of Compliance and
Process auditing (Sonae SR)
21/09 2h Unstructured
Interview
Assurance Mapping and
Project’s objectives.
Internal Audit Specialist
28/09 1h Unstructured
Interview
Development of the
Business Processes
List.
Coordinator of Compliance and
Process auditing (Sonae SR)
29/09 1h Unstructured
Interview
Development of the
Business Processes
List.
Coordinator of Compliance and
Process auditing (Sonae MC)
01/10 30 min Unstructured
Interview
Project’s objectives and
plan.
Director of Internal Auditing
09/10 30 min Unstructured Assurance Map – Director of Internal Auditing
10
Interview framework
12/10 1h Unstructured
Interview
Gap Analysis Internal Audit Specialist
13/10 30 min Unstructured
Interview
Review of Third Line
of Assurance Inquiry
Coordinator of Continuous
Auditing team
14/10 2h Meeting Project’s Presentation
and Plan Validation
Director of Internal Auditing;
Coordinator of Continuous
Auditing team; Coordinators of
Compliance and Process auditing
(Sonae SR and Sonae MC team);
Director of Information Systems
Audi; Director of Food Safety
Audit and Coordinator of
Procedures team
23/10 30 min Unstructured
Interview
Identifying Internal
Controls for Zippy
Internal Audit Specialist
28/10 30 min Unstructured
Interview
Identifying Internal
Controls for Zippy
Coordinators of Compliance and
Process auditing (Sonae MC team)
30/10 1h Unstructured
Interview
Review of Inquiries for
the First and Second
Line of Defences
Coordinators of Compliance and
Process auditing (Sonae MC and
SR team)
11
12/11 30 min Unstructured
Interview
Review of
Questionnaire for the
Third Line of Defence
(Procedures team)
Coordinators of Compliance and
Process auditing (Sonae MC);
Coordinator of Procedures team
20/11 1h Meeting Project’s Presentation –
DC Casa, Bazar e
Têxtil
Director of Internal Audit;
Coordinators of Compliance and
Process auditing (Sonae MC and
Sonae SR); Director of DC Bazar,
Director of DC Casa e Têxtil;
Director of stock management
26/11 30 min Semi-
Structured
Interview
Assessing Assurance
Level for the First Line
of Defence
Director of DC Bazar; Coordinators
of Compliance and Process auditing
(Sonae SR)
27/11 30 min Semi-
Structured
Interview
Assessing Assurance
Level for the First Line
of Defence
Director of DC Casa e Têxtil;
Coordinators of Compliance and
Process auditing (Sonae MC)
2/12 30 min Semi-
Structured
Interview
Assessing Assurance
Level for the Second
Line of Defence - DGR
Director of DGR; Coordinators of
Compliance and Process auditing
(Sonae MC)
7/12 45 min Semi-
Structured
Assessing Assurance
Level for the First Line
Manager of Zippy; Coordinators of
Compliance and Process auditing
12
Interview of Defence – Zippy (Sonae SR)
7/12 30 min Semi-
Structured
Interview
Assessing Assurance
Level for the Second
Line of Defence - DSA
Manager of DSA; Coordinator of
Continuous Audit
7/12 1 hour Meeting Validation of the new
list of processes
Director of Internal Auditing;
Coordinator of Continuous
Auditing; Coordinators of
Compliance and Process auditing
(Sonae SR and Sonae MC);
Director of Information Systems
Audit; Director of Food Safety
Audit; Director of Procedures and
Coordinator of Procedures
10/12 30 min Semi-
Structured
Interview
Assessing Assurance
Level for the Second
Line of Defence – DQI
Director and Manager of DQI
18/12 30 min Semi-
Structured
Interview
Assessing Assurance
Level for the Second
Line of Defence - DL
Manager of Legal Department;
Coordinators of Compliance and
Process auditing (Sonae SR)
13
Appendix F – Structure of Sonae Group
*Participation held through Sonaecom.
Adapted from: Sonae, 2014b
Efanor
Sonae Capital
(63%) Sonae
(53%)
Core Businesses
Sonae MC
(100%)
Sonae SR
(100%)
Related Businesses
Sonae RP
(100%)
Sonae IM
(16 to 89.9%)
Core Partnerships
Sonae Sierra
(50%)
NOS *
(24.4%)
Sonae Indústria
(69%)
14
Appendix G – List of business units of Sonae’s core businesses
Adapted from: Sonae, 2014a
Sonae MC
Continente
(Hipermarkets)
Continente Bom Dia
(Convenience Supermarkets)
Continente Modelo
(Supermarkets)
Bom Bocado and Bagga
(Coffee Shops)
Meu Super
(Proximity stores)
Note!
(Bookshops and stationer)
Well's
(Health care)
Pet & Plants and ZU
(Garden and Domestic animals)
Sonae SR
Zippy
(Clothing and footwear for babies and children)
MO
(Clothing, footwear and accessories)
Sport Zone
(Sports clothing and equipment)
Worten
(Electronics and entertainment)
Worten Mobile
(Mobile Telecommunications)
15
Appendix H – DAGP Organization Chart
Source: Adapted from internal documents.
Chief Audit Executive
Compliance and Process Audit
Continuous Auditing Team
Retail Audit Team
Food Retail Team
Specialized Retail Team -
Portugal
Specialized Retail Team -
Spain
Sonae Capital Team
Food Safety Audit Team
Information System Audit
Team
Procedures Management
Team
Secretary
16
Appendix I - Brief Description of DAGP’s Areas
Process and Compliance Audit
The main responsibilities of this area include execution of audits to assess the compliance with
legislation and procedures, the execution of process audits to evaluate risks and promote efficient
risk management, helping the organization to achieve its objectives.
Food Safety Audit
The main responsibilities of this area include the execution of audits to assess the food safety
risks and compliance with food safety legislation and procedures; identifying potential food
safety hazards and associated risks to consumer health; and provide internal independent
guidance. Therefore, this area promotes the efficiency of food safety risk management and the
effectiveness of process controls in order to achieve safe food.
Information Systems Audit
This area is focused on providing assurance to the company related with the control and
governance of the information systems that support the business processes of Sonae, by way of a
systematic evaluation, improvement action recommendations and by helping the definition of
control requirements.
Procedures Management
Procedures management area has the mission of implementing procedures for the processes of
Sonae in order to promote standardization and simplification across all the processes of the
company. Moreover, this team is responsible to ensure that procedures are known and easily
available for the collaborators involved.
Source: Adapted from internal documents.
17
Appendix J – Exemplification of the CAE Inquiry
Question 1) Weights of each defence line and department
Instruction: Please indicate the percentage weights that each defence line/ department should have in order to
evaluate the global assurance provided.
Question 2) Involvement of the Second Line of Defence with each Business Process
Instruction: For each business process, please cross (“x”) the departments that should have involvement (i.e.
control, validation, support or planning activities) with that process.1
1The CAE inquiry lists all business process. In this example, only the process of Sourcing Goods is exhibited.
Defence
Lines/
Departments
First
Line of
Defence
Second Line of Defence Third Line of Defence
Global
Assurance
DL
DP
CG
BIT
DA
JG
C
DQ
I
DF
T
DA
F
DP
A
D S
A
DG
R
DA
GP
-
GP
DA
GP
-
AP
C-A
C
DA
GP
-
AP
C-M
C
DA
GP
-
AP
C-S
R
DA
GP
-
AS
I
DA
GP
-
AS
A
Weight
Process
Sub-process
DL DPCG BIT DAJGC DQI DFT DAF DPA D SA
So
urc
ing
of
Go
od
s Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
CAE INQUIRY
The present inquiry is directed to the CAE.
Scope: The present inquiry is part of the Assurance Map, a project developed in DAGP, which aims at
creating a map that reports the assurance of the business processes of the company.
Purpose: Determine weights of each defence line; determine which departments of the second line of
defence should have control over each process.
Inquiry’s duration: 10 to 15 minutes
Please, answer to the following question in the shading spaces.
18
Appendix L – List of Criteria to assess the Assurance Level
First Line of Defence
1. Effectiveness of Internal Controls
2. IT Support Systems
3. Internal procedures, rules and regulation
4. Employee’s knowledge about the process
5. Material losses production breaks and other incidents
Second Line of
Defence ( except DGR
and DAGP-GP)
1. Effectiveness of Internal Controls
2. IT Support Systems
3. Internal procedures, rules and regulation
DGR 1. Existence of a risk analysis
2. Seniority of the analysis
3. Implementation of mitigation actions
DAGP-GP
1. Existence of procedures
2. Seniority of procedure’s revision
3. Need for additional revision
4. Scope of procedure
Third Line of Defence
1. Existence of Audit
2. Seniority of the Audit
3. Scope of the Audit
4. Number of critical findings not yet solved
19
Appendix K – Inquiry for the First Line of Defence2
Respondent
Name
Position
Date
Involvement with the process and sub processes
Please answer if your commercial department as any involvement in each of the following sub-
processes.
Process Sub processes Involvement?
Sourcing of
Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
1. Employee’s Knowledge about the process
Q1.1) Which is the employee’s rotation rate in your department, of the employees who work for the Sourcing of
Goods process?
Q1.2) Which is the rate of people, working for the process Sourcing of Goods, who had specific training for the
process?
(Continued)
2 This inquiry is adapted for the process of Sourcing of Goods.
FIRST LINE OF DEFENCE’S INQUIRY
Scope: The present inquiry is part of the Assurance Map, a project developed in DAGP, which aims at
creating a map that reports the assurance of the business processes of the company.
Purpose: Evaluate the level of assurance provided by the Commercial Department X for the process of
Sourcing of Goods
Inquiry’s duration: 10 to 15 minutes
Please, answer to the following question in the shading spaces.
20
2. IT Support Systems
For each of the following sub processes, please indicate if there is any IT support system or it
the support is done manually.
Examples of IT support systems: Front Office, Purchases, Sales Price Management, Stock Management.
Examples Manual support:paper, Excel, Word.
Process Sub process Type of Support
Sourcing
of Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
3. Procedures, rules and regulation
For each sub process, please specify if there are procedures and rules established.
Additionally, indicate the rate of people involved in the process of Sourcing of Goods who
knows and apply the procedures.
Process Sub process
Procedures or
Rules?
Rate of people applying
the processes
Sourcing
of Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
4. Internal Controls
In the following table, evaluate, for each sub process, the following internal controls.
Please state the effectiveness rate, the type of control and its frequency3.
Effectiveness rate: Non-existent, elevate, moderate, weak or very weak.
Type of Control: Manual, semi-automatic or automatic.
Frequency: In each transaction, daily, weekly, monthly, trimestral, biannual, annual, greater than annual.
(Continued)
3 This question is repeated for every sub process under analysis.
21
Sub-process Control Effectiveness
Rate
Type of
Control
Frequency
of Control
Procurement
Existence of evidence
justifying the need of
procuring a new supplier.
Search of a minimum of 3
suppliers.
5. General Evaluation
Q5.1) For each sub process, please indicate if the existent controls, procedures, rules and IT
supportive systems are sufficient or insufficient to prevent potential errors or risks
Process Sub-process Answer
Sourcing of
Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
Q5.2) For each sub process, indicate I, in the last year, in your department, have occurred any
material loss, production break or other incident related with the process of Sourcing of Goods.
If your answer is yes, indicate if it was a relevant loss monetarily.
Process Sub process
Losses, breaks or
incidents?
Relevance of the
loss/break /incident
Sourcing
of Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
22
Appendix M – Inquiry for the Second Line of Defence (except DGR and DAGP-GP)4
Respondent
Name
Position
Date
Involvement with the process and sub processes
Please answer if your department as any involvement in each of the following sub-processes of
business unit Y.
Process Sub processes Involvement?
Sourcing of
Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
1. Internal Controls
In the following table write the controls existent in you department, for each sub process of
business unit Y. Then, please state the effectiveness rate, the type of control and its frequency5.
Effectivenss rate: Non-existent, elevate, moderate, weak or very weak.
Type of Control: Manual, semi-automatic or automatic.
Frequency: In each transaction, daily, weekly, monthly, trimestral, biannual, annual, greater than annual.
(Continued)
4 This inquiry is adapted for the process of Sourcing of Goods.
5 This question is repeated for every sub process under analysis.
SECOND LINE OF DEFENCE’S INQUIRY
Scope: The present inquiry is part of the Assurance Map, a project developed in DAGP, which aims at
creating a map that reports the assurance of the business processes of the company.
Purpose: Evaluate the level of assurance provided by the Supportive Department X for the process of
Sourcing of Goods of the business unit Y.
Inquiry’s duration: 10 to 15 minutes
Please, answer to the following question in the shading spaces.
23
Sub-process Control Effectiveness
Rate
Type of
Control
Frequency
of Control
Procurement
2. IT Support Systems
For each of the following sub processes, please indicate if there is any IT support system in your
department or it the support is done manually.
Examples of IT support systems: Front Office, Purchases, Sales Price Management, Stock Management.
Examples Manual support:paper, Excel, Word.
Process Sub process Type of Support
Sourcing
of Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
3. Procedures, rules and regulation
For each sub process, please specify if there are procedures and rules established in your department.
Additionally, indicate the rate of people involved in the process of Sourcing of Goods who knows and apply the procedures.
Process Sub process
Procedures or
Rules?
Rate of people applying
the processes
Sourcing
of Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
4. General Evaluation
For each sub process, please indicate if the existent controls, procedures, rules and IT supportive
systems are sufficient or insufficient to prevent potential errors or risks
Process Sub-process Answer
Sourcing of
Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
24
Appendix N – Inquiry for Second Line of Defence - DGR6
Respondent
Name
Position
Date
Involvement with the process and sub processes
Please answer if your department as any involvement in each of the following sub-processes of
business unit Y.
Process Sub processes Involvement?
Sourcing of
Goods
Procurement
Evaluation and Selection
Negotiation
Contract Management
Revision of Suppliers
Instructions: Please, fulfil the following table, answering to each of the 3 questions, for each of
the sub processes of the process Sourcing of Goods of the business unit Y.
Process Sub process Q1) Was the
risk analysed? Q2) When was the last risk analysis? Answers : “Less than a year” , “Between
1 and 3 years” or “More than3 years”
Q3) Was any mitigation action
implemented? (i.e. Prevent,
Accept, r
Reduce or Transfer Risk)
Sourcing
of
Goods
Procurement
Evaluation
and Selection
Negotiation
Contract
Management
Revision of
Suppliers
6 This inquiry is adapted for the process of Sourcing of Goods.
INQUIRY FOR DGR
Scope: The present inquiry is part of the Assurance Map, a project developed in DAGP, which aims at
creating a map that reports the assurance of the business processes of the company.
Purpose: Evaluate the level of assurance provided by DGR for the process of Sourcing of Goods of the
business unit Y.
Inquiry’s duration: 10 to 15 minutes
Please, answer to the following question in the shading spaces.
25
Appendix O – Inquiry for Second Line of Defence – DAGP-GP7
Respondent
Name
Position
Date
1. Procedures, rules and regulation
Q1.1) Please indicate if there is any procedure, rule or regulation for each sub process of business
unit Y. If your answer is yes, please indicate the date of last revision and scope of the procedure.
Process Sub processes Procedures, rules, regulation? Date of last
Revision
Scope of
the
procedure
Sourcing of
Goods
Procurement
Evaluation and
Selection
Negotiation
Contract Management
Revision of Suppliers
Q1.2) Please indicate, for each procedure identified in the table above, if a new revision of it is
required.
Process Sub processes Need of new revision?
Sourcing of
Goods
Procurement
Evaluation and
Selection
Negotiation
Contract Management
Revision of Suppliers
7 This inquiry is adapted for the process of Sourcing of Goods.
INQUIRY FOR DAGP - GP
Scope: The present inquiry is part of the Assurance Map, a project developed in DAGP, which aims at
creating a map that reports the assurance of the business processes of the company.
Purpose: Evaluate the level of assurance provided by DAGP -GP for the process of Sourcing of Goods
of the business unit Y.
Inquiry’s duration: 10 to 15 minutes
Please, answer to the following question in the shading spaces.
26
Appendix P – Inquiry for Third Line of Defence8
Respondent
Name
Position
Date
1. Procedures, rules and regulation
Q1.1) Please indicate, for each sub process of business unit Y, if it was audited
If your answer is yes, please indicate the date and scope of the audit.
Process Sub processes Was it audited? Date of audit Scope of
audit
Sourcing of
Goods
Procurement
Evaluation and
Selection
Negotiation
Contract Management
Revision of Suppliers
Q1.2) Please indicate, for each sub process audited, the number of critical findings not yet solved.
Process Sub processes Critical Findings not solved
Sourcing of
Goods
Procurement
Evaluation and
Selection
Negotiation
Contract Management
Revision of Suppliers
8 This inquiry is adapted for the process of Sourcing of Goods.
INQUIRY FOR DAGP - GP
Scope: The present inquiry is part of the Assurance Map, a project developed in DAGP, which aims at
creating a map that reports the assurance of the business processes of the company.
Purpose: Evaluate the level of assurance provided by DAGP -GP for the process of Sourcing of Goods
of the business unit Y.
Inquiry’s duration: 10 to 15 minutes
Please, answer to the following question in the shading spaces.
Appendix Q – Assurance Map’s excel template
Legend
Level of Assurance Assurance Value
Adequate 𝑥 > 0,75
Moderated 0,5 < 𝑥 ≤ 0,75
Reduced 0,25 < 𝑥 ≤ 0,5
Inadequate 𝑥 ≤ 0,25
Non applicable
Assurance Map Zippy PT
DL DQI D SA DGR DAGP-GPDAGP-
APC-AC
DAGP-
APC- SR
DAGP-
ASI
DAGP-
ASA
Purchases Goods Purchase Sourcing Procurement
Purchases Goods Purchase Sourcing Evaluation and Selection
Purchases Goods Purchase Sourcing Negotiation
Purchases Goods Purchase Sourcing Contract Manager
Purchases Goods Purchase Sourcing Revision of Suppliers
1st Line
of
Defence
2nd Line of Defence 3rd Line of DefenceGlobal
Assurance
Value Chain
Category
Group of
ProcesseProcess Activity
28
Appendix R – List of Internal Controls
Sub-process Internal Control
Procurement
Existence of documentation justifying the need to search
for a new supplier.
Search of a minimum of three suppliers in the market.
Suppliers that are unique in the market are properly
approved.
Evaluation and Selection
Definition of criteria for the choice of suppliers.
Preparation of evaluation report for potential suppliers.
Preparation of risk report for potential suppliers.
Approval of the selected supplier by the Commercial
Director or Business Unit Director.
Negotiation Existence of evidence of adjudication to the supplier.
Contract Management
The contract is sign for both the supplier and Sonae.
The filing of contracts and related documents is safe and
restrict.
The creation and revision of contracts is restricted.
Revision of Suppliers Existence of evidence of revision and maintenance of
current suppliers.
Recommended