- Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
- Who in an organization should care more about the collections process – Finance or Sales? Explain
- Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
- You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Sean Patrick Walsh says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
Finance should care more about the collections process. The ability of a business to continue operations is its ability to generate revenue, but more importantly to generate profits and positive income out of that revenue. Finance should be the portion of the organization that develops credit, discount, and tiered pricing policies based upon projected profit margins, and those margins’ ability to keep the business profitable. Since Finance should be setting policy such as that, Finance should be the portion concerned with ensuring the collection of accounts receivable because if terms are too lenient and revenues are not being collected timely enough the Finance department will have to be ready to draw on lines of credit to stay in operation, increase liquidity in other ways, and/or draw down spending to stem cash outflows. The Finance department should also be concerned with collections so as to use the data generated to adjust policies regarding credit extension, payment terms, and tiered pricing/discounts to generate faster collection of accounts receivable.
Brou Marie Joelle Alexandra Adje says
you are right Sean. But I can see why “sales” is actually an option here . In fact, sometimes, collection problems are not really collection problems. I mean, customers may not pay their bills because they are not ( yet )satisfied with the execution of their order. In that case the credit department is simply a facilitator in solving customer’s problems so that they achieve their collection goals. So in that case the sale department should also be concerned. Like in order to receive payment, the product sold have to be fixed.
Priya Prasad Pataskar says
Great points Sean. Alexandra, this is not always true but, I think Sales comes into picture when Finance department might need help to understand why the payment is not happening from the customers side. Sales department has a connection with customer. If he relationship is healthy, sales department can also give a friendly call to customer asking if there is any concern and get an idea why payment is not done. However Sales department should not do collection followup if there is a slightest possibility of damaging relationship.
Said Ouedraogo says
I think Sales job is just to make the sale and a little bit of marketing (keep the client happy). Also in the business world you can’t say that you won’t pay your bill for any reason. You just have two choice, keep the product and pay or return it and get an refund.
In general, payment are due immediately, 30 days, 60 days… It depends on your credit score with the company.
Abhay V Kshirsagar says
Great points guys. I do agree that job of the sales team is to bring more business. I think setting up an Account Management team whose job is to manage customer accounts and are responsible for collections should help; maybe they are overseen by a finance manager?
Seunghyun (Daniel) Min says
Good discussion here! Sales teams are absolutely dedicated to bringing more businesses into their company or business. At the same time, I also believe they can become an effective means to collect payments. When I recall that I was working at the grocery store, I had to write a check many times to the sales representatives because some vendors were very small that they didn’t have an automated system, so the sales people had to collect every payment while they were visiting stores.
Mansi Paun says
I second you, Sean. I too am of the opinion that the Finance team should manage collections and not the Sales team.
Apart from the points you mentioned, I’d like to add that the each minute of the sales team’s time should count towards generating sales. Sales team should, in no way, be spending time and effort in chasing customers for collection. If they would, it could have serious repercussions like loss of business aswell. Sales guys are known to be friendly and easy to get along with so they can “sweet-talk” customers into doing business with them. One can’t be friendly one day and be chasing up for collection the next day and again be friendly the third day. It’s bound to affect client relationship and sales if the Sales team is also going to manage collections. Infact, the Sales team can even point out that he may not have control over payment terms as that would fall under Finance but he would try to give him the best possible terms within his control. That would also help in better client relationship.
Deepali Kochhar says
When it comes to segregation of duties for collections, I am inclined towards making this as Finance function. The ability to reduce payments risk is how the efficiency of a Finance department is determined. Aligning credit and collection policies with organizations goals is an important part of the Finance department. Adoption of proactive approach by both Finance and Sales department will help in mitigating customer risks. Sales must act as an data collecting instrument which is analyzed by the Finance department to design policies which can effectively identify at risk customers.
Wenlin Zhou says
Absolutely, the finance is very important in the organization. The Accounts Receivable should be collected, because even a profitable firm can be forced to close by the resulting cash crunch. If the firm has well-designed policies governing its credit, billing and collections procedures and faithfully follows practices that work, AR will not be a problem. Sensible policy and procedures should be in place in your company, and after you decide as individuals to follow them, you will be well on your way towards avoiding a cash crisis. Included in the policy and procedures will be getting credit applications, assessing rick, approving credit or getting retainers in advance, reserving the right to charge interest on late payments, etc.
Binu Anna Eapen says
I agree that Finance team should be responsible for the collection process. But I feel that they may need to check with the Sales team to have all the facts right like the bills, if any discounts were given etc.
Sean Patrick Walsh says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
After going through the OTC process, I would be concerned about the consumer record and the purchase order record. I think separating those two responsibilities is key to prevent fraud in the process. If the same individuals have the ability to create and approve a consumer, and then create purchase orders for those customers, then supplies could be sent to fraudulent customers with no funds ever returning to close the accounts receivables for those orders. This, depending on the value of the product(s) being sold, could bleed a company out over a long or short period of time. I would be worried that even with a strong Separation of Duties controls policy in place in a business that collusion between employees could still be a risk. I would try and geographically separate those personnel as well to mitigate the risk of collusion as well.
Magaly Perez says
Sean,
I agree with your concern area. I think this part of the OTC is very eerie and unsettling. Segregation of duties is a crucial internal control anticipated to minimize the occurrence of errors or fraud by ensuring that no employee has the ability to both perpetrate and conceal errors or fraud. Yet many companies fail to acknowledge its risk. Companies don’t need to create complex role structures or
undertake expensive system, they just need to focus on the transactions that pose the greatest risk to the business.
Brou Marie Joelle Alexandra Adje says
Indeed Laly, by focusing on the transactions that pose the greatest risk to the business, companies
will be able to quickly understand the issues they face and determine, at a level that satisfies management and audit parties, appropriate steps to remedy and mitigate the root causes of the issues.
Deepali Kochhar says
Sean,
In addition to your view, I believe Payments is an important area within the Order to Case process which requires the maximum control. Timely fulfillment of order and collecting payments involves handling of a variety of sensitive data sources including customer and credit information, inventory management and shipping and billing systems. This can be a source of fraud if not controlled properly. Unauthorized access to this information and the rights to update billing details will result in immediate loss to business. Even strong controls applied to customer and order creation steps, may stop this kind of frauds which are directly related to the revenue generation process.
Magaly Perez says
1.Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I would attack the Warehouse Operations; the reasoning behind this attack would be based on targeting the supply chain. The supply chain handles, distributes, manufactures and processes the goods in order to deliver the products to the final costumer. This is a major factor within the OTC Process and with the supply chain being a complex network of interconnected players governed by many make them an easier target. As an attacker I would monitor the supply chain process within the OTC Process and see what process is the weakest. Once finding the vulnerability I would create a cyber-attack/ breech and gain access to their customers’ accounts.
Supply chain attacks are very relevant with today’s ever growing technology advancements. Supply chains possess complex characteristics that make them very difficult to protect and provide the attacker with an advantage.
Brou Marie Joelle Alexandra Adje says
if I were you I would go even further and “mess up with their system” by causing inventory reduction for example, or forwarding good to different addresses than the ones initially given by the original customer. Some companies if not all rely extensively on computer systems to manage inventory. So, monitoring the supply chain process within the OTC Process, while looking for vulnerabilities ,is definitely a good way of thinking as an hacker.
Yulun Song says
Good point Magaly! many small sized companies have weak supply chain problems, allowing cyber attackers to attack. And those companies don’t care about the threats until their warehouses are being attacked! So protecting supply chain in advance becomes very important!
Magaly Perez says
Yes, smaller companies are most definitely easier targets due their lack of resources whether it be their knowledge, size and etc. I don’t think that they don’t care about cyber security but they might not have a big enough budget to allocate towards it. However, from a business stand point I would hope that they would know the ever increasing threat of cyber-attacks and would be more likely to implement controls that could mitigate those risk because it could be extremely detrimental to their business and could lead to the end of their startup.
Seunghyun (Daniel) Min says
Laly,
Great thoughts! I also agree that many small businesses don’t have enough budgets to support their cyber security. The cyber security budgets are an expense cost and those small companies just don’t even want to be bothered to spend their money on things not directly related to their profit increase. And even if some companies are willing to purchase cyber security tools such as firewalls, they don’t know how to implement those tool in a right way. They just simply think that those tools will do the rest of the protecting jobs if they buy them.
Priya Prasad Pataskar says
Good point Magaly. I would also think a vendor or a person who visits warehouse to load and unload the materials, as a outsider to the organization. In addition to cyber attacks an outsider can get physical access to the confidential areas of the company if access levels are not controlled. Having physical security measures like CCTV cameras, door ajar alarms, area access point, swipe in cards and monitoring of all these controls is equally important.
Magaly Perez says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
The Finance organization should care more about the collections process. The collection process entails many invoices and usually those being overdue invoices. Within this process the Finance Dept. has the ability to resolve payment issues and generate revenue. The main focal point of the Finance organization is dealing with the revenue of the business by making improvement of the operations by measuring and reporting regularly on key numbers crucial to the success of the organization. The Finance should care more about the collections process sine they are the organization within the business that develops discounts, prices, polices and credits; they are in charge of making sure the business is hitting their projected profit margins and overall profitability of the organization. The collection process should in fact be huge concern to the Finance Dept. due to ensuring their accounts are up-to-date, paid, collected (Ex: accounts receivable).
Sean Patrick Walsh says
I agree with your choice of which department would be more concerned, and your synopsis of why. Something I also thought about after I had already submitted my response to this question was balancing the General Ledger account. Finance would be responsible for balancing out the ledger and the balance sheet, and to do so correctly and on time for required financial reports for publicly traded companies. I also thought that Finance would be more concerned about, and have the authority and prerogative, of cutting off credit or any additional orders placed from a customer who has collections in arrears. Since Finance would be concerned about these topics it would allow Sales to focus its energies and resources solely on increasing sales, building relationships with existing and new customers, and reaching new markets.
Magaly Perez says
Great addition, I didn’t even think of the general ledger right away. The finance dept. indeed focuses on the collection process as a whole and depends on it as a functionally of their dept. They are in charge of the balancing out the ledger and making sure what is due is paid. As for the sales, like you stated they are concerned with generating revenue by pushing the products and developing rapport with the customers. Thanks for bringing up the general ledger especially since they pay a major role with in finance.
Vu Do says
Nice point Magaly, I chose Sales instead but agreed with all the points you made about Finance being the most important. I can see why you chose it and it made a lot of sense. Finance makes sure the process of collecting the money goes through correctly whether it be using their money, or credit cards. The process has to go through so the finance can make sure the company is receiving their revenue. Like you said, the finance department has to ensure all their accounts are up to date and paid for. mpany processing the sale.
Magaly Perez says
4.You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
Upon learning the entire Order to Cash (OTC) Process, the part of the process that concerns me the most is segregation of duties. Within the OTC Process fraud could occur and that fraud being someone inappropriately creating/ changing sales documents and eventually, generating corresponding billing documents. That is a really concerning aspect within the OTC Process; someone would be able to physically take from a company throughout the life-span of their career and overall, hurt the company undetected. Segregation of duties is a huge aspect within the OTC Process and that risk would most definitely be a major concern of mine.
Brou Marie Joelle Alexandra Adje says
Good point Laly.
For any organization processing a large number of customer transactions, having proper accounting practices and safeguards in place is critical to ensuring the integrity of the operation. Of course, one person cannot and should not take care of every important decision in the order to cash process. That’s why segregation of duties is crucial. It not only reduce the risk of fraud, but also remove persistent annual negative external audit findings for example.
For instance, those responsible for an organization’s customer master file ensure that the company’s customer information is accurate, up to date and accessible. I can’t imagine the same folks having direct oversight in areas that process customer invoices for example. Why? because this can increase the risk of unauthorized charges made against the customer master file resulting in phantom invoices, and even fraudulent payments.
Magaly Perez says
Yes, segregation of duties plays a crucial role within the order to cash process. It is necessary for companies to make sure oversight isn’t given to people whom have interest in other sections of the company that intersect. It is sort of creating the “perfect storm” environment where fraud could occur and run rampant without notice. I think some companies don’t think their employees would have those malicious intents to hurt their company because, as an employer you believe you hire based on the integrity of the individual as well as the qualification. Excellent addition Alex, thanks.
Sean Patrick Walsh says
I totally agree! It’s interesting to think about a small startup though in this scenario. A new business, and a small one just starting out, would have a very limited staff to carry out its entire operation. With that said, I wonder what controls the business would implement, or even honestly could implement, with so few knowledgeable staff members to implement a segregation of duties policy. It could get even trickier if all the staff are actually owners/partners because any fraud could possibly be easily rationalized as money that belongs to them anyway.
Joshua Tarlow says
Definitely a significant risk for start ups since they have fewer employees. Also seems to be a trend with technology startups that later grow into big companies have relatively few employees compared to there companies of their valuation. Remember when WhatsApp was acquired by Facebook for over $20 billion but had relatively few employees for a company with that size acquisition. Relatively fast growth to that size from its initial start so I imagine Segregation of duties must have been difficult for them to implement properly.
Brou Marie Joelle Alexandra Adje says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
I’d be worried about the billing area because increasing cash flow is imperative to not just business success, but to making payroll and meeting expenses as well.. For instance, late payments can be damaging partly due to the unpredictability of cash flow. Similarly, delays in invoicing directly lead to delayed revenue recognition and in case of errors in invoices, a loss of revenues as well, which is against business objectives.
Yulun Song says
Agreed! Billing is the most important part for a company cuz a company needs to generate revenues and profits. if the billing system is attached by cyber-hackers, the whole company will be messed up! based on what you said, unexpected payments (delays, bad accounts, damaged) would also be a big concern of a company, cuz people there are waiting for salaries to be fed, and influence company’s normal operations (cash).
Priya Prasad Pataskar says
I agree guys. A company cannot do much if a buyer is fraudulent, Generally a company would take following steps to resolve collection
1. Talk to buyer
2. Register Complaint internally and follow up
3. If problem isn’t resolved they would take help of the law
That is what ebay’s collection policy says “We don’t provide mediation, collect payment, or force a member to complete a transaction. We will, however, review reports of attempts to purchase items using fraudulent funds and take appropriate action in accordance with our policies.”
Wenlin Zhou says
I strongly agree with you. the accounts receivable( billing) is very important. Company should be collected the amounts. If the company keep the healthy relationship with customers, the sales can provide a friendly call for the customers asking if there is any concern and get an idea why payment is not done.
Brou Marie Joelle Alexandra Adje says
I think Finance (if not accounting) should care more about the collection process because it ensures the collection of outstanding accounts receivable and anything related to the revenue of the company. Some activities involved in this step include:
Investigating unapplied receipts
Analyzing / resolving short pay
Forward cash received to the bank,
Determine proper reserve for doubtful
As you can see, there is not so much sale activities here. the finance department deals with the cash flow and the revenue of the company so it would make sense if it is more involved in the collection process, carefully keeping track of numbers
Brou Marie Joelle Alexandra Adje says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain*
Priya Prasad Pataskar says
Who in an organization should care more about the collections process – Finance or Sales? Explain
IT should be the responsibility of the Fiance department to track receivables, highlight in case of issues and ensure the payment is complete. In case the Finance department is getting no response from customer then Sales department can help. The Sales department’s focus is on selling more products and getting more business. They have the fear of ruining the relationship with the client if they get involved in collection. Hence they cannot be solely responsible but they can be asked for help if they feel comfortable to contact the client regarding payment. The job of Finance department is to ensure all transactions have been completed till the very end.
Abhay V Kshirsagar says
I absolutely agree with the point about relationship between sales team and customer you brought up. When customers see someone from the sales team, customers will certainly wonder if the sales person is there to collect money or offer a product. But, a sales person can indeed establish relationships with the customer’s purchasing department and sort of nudge them about the pending balance.
Yulun Song says
Good point Priya! You talked about the IT department should help finance department track payments. that is one of our jobs in the future! and maintaining good relationships is also important cuz finance department may lack the ability to play around with customers, rather than sales people, they are talent to do that!
Joshua Tarlow says
Definitely agree that Finance should care more about the collection process than sales. Have a responsibility oversee collection as well as other financial aspects of an organization. Also helps with segregation of duties if a different person than the one selling is responsible for protection. It might enable fraud for employees in sales if they were also involved with collection. Also, sales employees should be focused on the actual selling of the product, not the logistics of accepting and tracking payments.
Binu Anna Eapen says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How?
If I was an outsider and was to attack the order to cash process of an organization I would attack the payment process.
Today the payment options are more and also the channels to make payment too. For example, the customer can pay directly from the bank, use credit/debit card or use apps like Paypal or have cash on delivery or issue a cheque etc. The most common method of payment transactions today are using digital wallets, smartphones. Most of this information is stored in the database of the organization. Especially with the option to remember the card number for future transaction option, opens the door for an attack.
This data that the organization holds can be misused by the attacker for fraudulent purchases or to withdraw money from the customer’s account. A social engineering attack to get the account information or details.
Credit card pin can be stolen:
The common communication protocols that are used between the card reader and the card: ZVT protocol: Used between point of sale system and card reader ; Poseidon: Card reader and merchant bank and OPI- Open Payment Initiative.
Example for an attack on ZVT protocol:
ZVT protocol originally designed for serial port connection is now used for Ethernet. This protocol has no authentication, which means that man in the middle attack is possible. The attacker can read the magnetic stripe data from the card and request for the PIN. This could be then used to get the card details at a retailer and can be used to clone the card. The attacker can then direct the card reader to perform an unauthenticated PIN less transaction using the magstripe data, leaving both the card holder and retailer unaware of the transaction.
The attack could be on the merchant also. ZVT protocol is also used to configure the card reader. Each card reader has a terminal ID which identifies the merchant and also a port number. The terminal ID and the port number pair are configured by the bank to refer to a specific bank account. ZVT allows both of these to be reconfigured by the attacker on the local network. So now the attacker will be able to divert the money to his own account by changing the terminal ID and port number.
With more options and ways to make payments, it opens more doors for threats. Organization should be well aware of there risks and take necessary actions.
Source: http://arstechnica.com/security/2015/12/common-payment-processing-protocols-found-to-be-full-of-flaws/
Ming Hu says
Thanks for your sharing. As you said, nowadays, the common method of payment transactions is using credit/debit card, digital wallet, in each Order to Pay process, this information will be recorded, and all of this information is sensitively financial information. Once the payment system is hacked, the stolen information may be used for financial fraudulence or crime, it will also damage one company’s reputation cause if that happens, no customers or partners want to have any finance-related connection with you. I think no more negative things rather than this.
Said Ouedraogo says
Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and Ho
It will depend on what I want (goods or money). If I want the goods, I would attack the shipping process. I would find a way to access the company shipping database. The goal would be to redirect all outbound merchandises to where I want. However, if I want the money (or information) I would attach the payment process. If I manage to get into the company payment system I would be able to gather customers information.
In both cases, it would be easier if I know somebody working at the company that I am targeting. The insider would facilitate my attack into the system as he would have access to the company shipping system or payment system.
Sean Patrick Walsh says
You bring up a great point of deciding where to attack based upon whether you want money or goods. I propose there could be even a mixture between the two. Since electronic monetary theft leaves a forensic trail of the attack perpetrated to transfer the money, some attackers use goods as a source of the money. If an attacker wants to avoid taking money electronically, the individual or group can do like you suggested and change the shipping destination for goods. They could even change the goods shipped to more expensive goods or easily marketable goods, and change the quantity of the shipped amounts. Once the goods are received at the changed location they can be converted into cash by selling them at or below market value. Of course this would be more difficult with specialty or niche type products, but than again those types of products may be the kind that are even more valuable to sell once procured. So, in this scenario it may come down to what is easier for the attacker to do to get to the end goal of stealing cash from a business.
Mansi Paun says
Good thinking, Said – knowing what entity is of value to one self and the company, would make it easier to decide which system and phase of the process should be attacked. If you’re after money or , it would make sense to go with stealing the payment info than going for plain customer info. You made a great point about changing the goods shipped to more expensive goods and then selling them to earn profit. It never occurred to me that one can dupe a company that way.
Paul Linkchorst says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
If I were an organization attempting to cause negative things to another organization, I would make an attempt on its ordering and order fulfillment processes. Unlike the procure to pay process, payments are not being sent out by the company and I think that attempting to intercept payments to the organization will be difficult. With that being said, goods are processed and delivered to customers, which might be an easier avenue to steal from.
The reasoning behind focusing on the ordering and order fulfillment process is that if one can somehow circumvent the ordering process without a purchase order being made or accept a purchase order without an actual method of payment, then no payment could be collected. For example, if a sales order was able to “slip” through to the order fulfilment process that had falsified but yet approved methods of payments, then the order fulfillment personnel will ship the product as normal. However, it won’t be until the business goes to collect for its sales that it realized it had a fraudulent order and no payment will be received. Therefore, one can essentially get a free product. How to go about performing such a task, I am not sure. With that being said, a kickback scheme will be much easier.
If one can befriend a member of the sales order process, you can bribe them to provide you with discounts. While this might cost a bit more due to having to pay the person off, if one orders enough products through the business it could provide savings over a larger period of time. Bribing the sales person can come in a number of ways, such as a normal one-time bribe, percentage of sales bribe, or colluding to purchasing the products at a deep discount then selling them personally for a much higher profit. Regardless of which one, deep discounted sales can significant provide negative impacts to a business. While the sales are tracked and the fraudulent employee’s job is on the line, it is an easy method to negatively impact the OTC process.
Paul Linkchorst says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
Overall, I think the accounting department are the ones who should care most about the collection process since they are the one’s involved in the receiving and recording of payments from sales. However, if I had to choose from Sales and Finance (as in financial planning/budgeting), then I would choose Finance. The finance department is responsible for identifying future financials, which is highly dependent on the ability for the company to collect on payments. Therefore, if the collections process is proving to be ineffective, then there could be a potential issue going forward in terms of the company’s ability to fund itself. Likewise, Finance would be more interested in improving their ROI which might make them more interested in the collection process as well. With all this being said, I do think Sales should have some care about the process since it’s not only important to get the sale, but actually receiving payment is half the battle.
Abhay V Kshirsagar says
Paul,
I was under the impression that accounting operation came under financial operation? I maybe wrong. Anyway,
I agree, the finance department should be responsible to track and acquire outstanding payments. The sales department’s job is to bring business. Don’t you think that sales will be wasting time if they start calling customers for outstanding payments?
Paul Linkchorst says
Hi Abhay,
I wasn’t sure if the accounting department would be considered under finance or not for the question. Regardless I still think Finance should be the department more concerned. To answer your question, if a company has a dedicated team, such as Finance, to collecting payments then I would say that sales department would be wasting their time. However, as a salesperson, they should know which customers are good about paying for their purchases or not. Say ABC Company sell goods to XYZ Company and they have not paid on their past 5 orders, then the salesperson for ABC Company probably should not be selling anymore to XYZ Company. Therefore I think that sales should be concerned about the collection process, but not as concerned as finance.
Abhay V Kshirsagar says
Correct. I definitely see your point here. Since we are talking about relationships between sales people with their clients, I guess that the sales team can also use that to give a friendly reminder to the client’s purchasing department about the outstanding payments.
Great, thanks, Paul.
Said Ouedraogo says
Those who work in the Accounting function of a business are concerned with tracking and reporting the financial transactions of a business. In fact, they are responsible for managing the general ledger, cash flow management, collections, recognizing revenue, analyzing profitability, reporting earnings, managing debt, and—of course—paying taxes. However, Accounting is seen as support for the Finance department.
Paul Linkchorst says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
As I have stated before, I think foreign exchange risk will have a different impact on the invoicing and collections portion of the OTC process amongst domestic and international companies. Foreign exchange risk is the risk that the currency exchange rate can have an effect on the value of a transaction or investment. In this case for the order to cash process, a sale for a product can be made, but by the time the payment for the transactions has been received, a loss can be had on that transaction. While there does not seem to be to be much published online about how controls can mitigate foreign exchange risk, a control that could be used is to utilize forward exchange contracts for sales that reach a certain threshold. Essentially a foreign exchange contract is an agreement to which a certain amount of foreign currency will be bought on a specific future date. While this might not mitigate foreign exchange risks on all sales, large sales can mitigate the risks by using these contracts.
Another set of controls that would be different will be the fulfillment of orders by a specific date. In some businesses, when the delivery is made could be just as important as the product itself. In domestic sales, one can reasonably expect a delivery date and make sure that orders are fulfilled at the appropriate time. However, for international sales, delivery is much more complicated. Estimated shipping times naturally range depending on the type of transportation, customs can seize goods and cause delays, natural weather conditions can cause delay in delivery, and even cultural/political issues such as holidays or labor union strikes can all cause unpredicted delays in shipping. Therefore, the controls around shipping a product to meet the customers desired delivery date might be different in that they consider other factors when shipping their products.
Paul Linkchorst says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
For myself, I think the ordering sub process would the area to most keep me up at night. First, none of the other sub processes can start without completion of the ordering process. Therefore, if the ordering process were at any time to become ineffective (example being Amazon’s website not functioning) then a significant amount of sales could be lost. Secondly, I would be afraid of a kickback scheme or other fraudulent behavior among those putting in orders and if they are getting compensated by any customers. Lastly, I would be concerned over the credit management portion of the ordering process. If credit checks are not performed correctly, then later down the road receiving payments could result in a significant number of bad receivables. Since the Order to Cash process is the heart of any retail organization, I would definitely have some concerns that keep me up at night.
Priya Prasad Pataskar says
Great point Paul. If the ordering process is lengthy or complicated or system is down, it will impact the process at a primitive stage. In case of online shopping the volume of traffic the servers can handle must be correctly predicted. The system must be available at all times. If a customer finds that the site is slow, the chances of that customer returning again is less. That we are talking about system unavailability, I would also be worried of DOS or DDOS attacks.
Paul Linkchorst says
Hi Priya,
You bring up a good point about how the ordering process must be efficient and effective from a customer standpoint. I think one of the reasons for Amazon’s success is their initial ability to create a simplified ordering process that customers liked and relied upon. If any confusion for the customer did occur, they might not go through with the order. I have had experiences where I purchased an item from a website, but the way the ordering process worked and the fact that I got no confirmation email or tracking number, made me not purchase anything from them again. I would also agree with your last statement that a DOS would be a big threat to the availability of Amazon’s services.
Deepali Kochhar says
Good point Paul. Credit checks are very important. Also it is important on the making a credit check at the customer’s end. Before processing an order, it is important to check the financial status of the customer as well as their previous payment records specially if it is a bulky order. This will help in avoiding non payment of the order.
Wenlin Zhou says
I agree with you. The credit check is very important. What’s more, the protection of the credit card information is also very important. If data leakage, it will be harmful to company reputation, and cause fraud to customers.
Vu Do says
Good point Paul, sales wouldn’t be able to process if the sub processes weren’t functioning correctly. Meaning customers will get frustrated since they can’t put their order in and the company won’t be making any money since the sale isn’t going through. It’s a huge issue and there must be measures in place to prevent that from happening. One could be to have a backup server in place just in case the main one goes down, that way it allows the customer to continue putting their order in and the company processing the sale.
Abhay V Kshirsagar says
Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How?
Let’s take an example, a company like Amazon Inc. who carries O2C process on a regular basis. If I were to attack, I would target the order management process. Typically, an order is placed by the customer through the amazon web-store (front-end), which is then downloaded into Amazon’s order management system that is probably a back-end enterprise system where all customer orders are downloaded. The data is being transferred and there is possibility of an intervention during the exchange and data being corrupt; it can cause a lot of damage.
For instance, fields like customer name, address, phone number, goods in the cart, etc. can be compromised. Customers can receive products they never ordered, they can receive orders on the wrong addresses. I think a compromised order management system can jeopardize the entire order to cash process.
If the same attack is successful on an important day like Cyber Monday, where Amazon sells on an average 306 products every second, it can get into a serious trouble.
Yulun Song says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
If I were an attacker of an outside organization, I would attack the process of creating delivery, the reason is that in this process, customers provide shipping addresses, I would attack and change the shipping addresses to our client’s secret address or our organization’s secret address to ship to. another attack can be in the process of updating inventory, it would influence the internal inventory control system and lead a difference between the inventory physically and technically. Another attack can be creating invoice; this attack can let the company never create an invoice after shipment. The last can be in the payment process, our organization would change the receiving account to our secret account, allowing their customers to pay to us.
Fangzhou Hou says
Good point in changing the shipping addresses Yulun. Actually, most of OTC systems are well protected by the antivirus software. So I was thinking that as for an attacker from outside organization, attack the PCs or other mobile device of the manager level who has access authority to the OTC system may be easier to get into the system, so that you may change the data.
Yulun Song says
Thank you Fangzhou! That will be easier for attackers to go!
Priya Prasad Pataskar says
Yulun, the attacks you mentioned would fall under cyber security attacks on the software system of the company. The hacker in some way would pose either as a customer or would exploit the customer’s software interface to launch an attack.
I think it is very important for the company to ensure secure software by conducting penetration testing or vulnerability assessment. to safeguard itself from these attacks.
Yulun Song says
Yea Priya! you are correct! I ll change my mind to attack the vulnerable accounts and get the authorization access to different sensitive information and data!
Deepali Kochhar says
Agreed Priya. A very important point made. Although considered as Non-Functional requirements of an application, Security Vulnerability testing is a critical part of any business application. As a person to make negative impact on a business, I would try to find loopholes in the process which can help me access to sensitive data. Once I am successful in accessing this, I can make any changes to either order details, billing & payment information.
Mansi Paun says
Yulun, won’t updating the shipping address as your secret address lead up to you/your company? The address won’t remain secret anymore and you fear getting caught if the original end customer calls customer service to inquire about the order. The company would find out that shipping address has deliberately been falsified. It won’t be long before you / your company would get caught.
Yulun Song says
Haha. for this situation, I will change the addresses each time as the packages are delivered!
Yulun Song says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
Finance department should care more about the collections process. Finance department is focusing on collections, and should contact its client’s finance department, and sales department is focusing on how to increase customers and maintain good relationships, and should contact its client’s sales department. Finance department should use software to track payment status and update it to recently. If there are some sales adjustments, finance department can easily solve the problem from its software whereas sales department has no authorization to do it. This is kind of the separation of duties. We can never sale a product and receive the money by a same person, because it is really easy to modify the products sold and money collected.
Paul Linkchorst says
Hi Yulun,
I think specialization also helps in this situation since Sales can focus on winning new clients or entering new markets while finance can focus on making sure payments are received and utilizing a company’s financial resources efficiently. You bring up a good point though about segregation of duties. Separating out these two functions is a good way to provide checks and balances to the order to cash process. How do you think a small company segregates or controls these duties when they lack enough employees?
Wen Ting Lu says
Hi, Paul
This is a very good question!!
Smaller companies have limited personnel and resources, it can present a challenge for segregation of duties. Something that smaller organization should do are conduct pre-employment screening and implement assignment rotations for personnel and ensure employees are forced to take at least one two-week holiday a year. A mandatory vacation policy is a must, in that time a cover worker might notices irregularities if any in the vacationing person’s work.
Source: http://www.computerweekly.com/tip/Segregation-of-duties-Small-business-best-practices
Yulun Song says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
If I were responsible for the controls of OTC process, third party shipping would keep up at night. During the day time work, I can finish all processes that can be done during the office time, however, third party shipping is my concern because it would involve several problems including products damages, thefts, wrong address deliveries, delivery time delays, international shipments, products returns, etc. these outside works cannot be guaranteed to finish as they promised. If an international customer creates a large bulk of high value products, what if the third party has the problems above? Another concern is about the payment process. International customers will pay for the products in different time zones. If an international customer pays for a large amount of money at night in Philly but that is in the morning during his time, and the payment cannot be done quickly, or even it can be done, nobody checks it immediately and may involve mistakes.
Joshua Tarlow says
Third party shipping is definitely a concern, especially since the actual logistics are external to the companies oversight and internal controls. Remember a few years ago Amazon shipments for Christmas were delivered late because Fed Ex was not able to handle last minute volume of orders from Amazon. As a result many shipments were not delivered prior to the holidays, but rather the following month. Amazon needs customers to trust the reliability of their shipping, especially for the holidays for customers to return. Fed Ex made a real impact with Amazon and they subsequently began to increase their shipping infrastructure to maintain more control over the process and prevent this mistake from happening again.
Yulun Song says
Thank you for your response Josh. I think the problem of Fedex is that it thought it can handle based on its system or schedule for Amazon’s large amounts of orders. however, at that time, maybe Amazon actually worried about the shipping as Fedex promised.
Wen Ting Lu says
I agree with you that Shipping is vulnerable in the OTC process. Everything else we are able to control internally to reduce risks from happening. However, because shipping involve third party so we don’t hold much control of it.
Yulun Song says
Exactly, external controls are hard to control because different companies have different way to solve problems if they can not finish the work as they promised.
Ming Hu says
Thanks for your sharing. Different from the other processes, which is processed by “ourselves”, the third-party shipping is done by “others”, we all have the feeling that if one thing matters to us significantly will be done by others, there’s always a lot of concerns even with the their promise, such as whether they can do it well as I wish? How is it going? What should I do if there’s some problems? And if it really happens like you said above, it will negatively impact customer experience, what’s worse, those customers will switch to your adversaries for a more satisfactory customer experience. So, this is no wonder we care this part closely.
Fangzhou Hou says
1.Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How.
Generally, the Order to Cash (OTC) process requires detail information of the customers’ personal identified information (PII) like name, billing address, or even credit card information. If I’m in the outside organization and wants to do something bad to the OTC, I would try to get the access authority of the company’s OTC system through a cyber-attack. For example, implement the phishing attacks to the employees who can access in the system. If any of those employees download the Trojan from the phishing emails, the Trojan allows me to monitor the information flow in that PC, and obtain the accessibility to the OTC system.
In this case, I can copy the sensitive information from the OTC, or even change them. For instance, if the customers’ addresses were changed, the packages would be shipped to the wrong places, which may significantly affect the shipping dates. From customers’ perspective, it higher the risk of losing those packages; from the company’s perspective, the reputation of company may be damaged, and significant loss in the information assets.
Yulun Song says
Yes Fangzhou! That will be easier to attack. plus attacking key persons in the organization is really good, cuz they hold more sensitive accounts!
Fangzhou Hou says
Exactly, and the upper management may involve in strategic decision making, so they are able to touch the sensitive business information. The damaging level is totally different if the top level manager’s personal mobile device or PCs are attacked, since the information they have are usually more valuable than operation level employees.
Vu Do says
Nice attack Fangzhou, that would be a good way to cause negative impact for the company if you got into the companies OTC process. No one would notice you were in there making changes or copying sensitive information that could potentially harm the company. Customers are important to the company and targeting to corrupt there delivery dates will sure get their attention. No one likes getting late packages so that will cause anger and backlash towards the company which can in turn ruined their reputation.
Fangzhou Hou says
Question 2: Who in an organization should care more about the collections process – Finance or Sales? Explain
Comparing with sales, finance should care more about the collections process, because this process includes posting account receivable, contact accounts to collect past-due balances, prepare account status reports, research and resolve account receivable discrepancies. Actually, from this perspective, the collections process seems more related to the accounting department, since the initial invoices and other invoices created during the OTC process need to be collected so that the accountants can make the journal entries and other financial reports. But all of these collections of financial statements and reports are helpful for the Finance. By analyzing the financial reports, Finance can identify the possible issues and potential risks of the process. Since the most important thing for a company is to create more profit, the profitable analysis is also important for the Finance.
Source: http://www.slideshare.net/sadhiqali/order-to-cash-cycle-1235071
Fangzhou Hou says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
The first different in the controls of a purely domestic US company and an international company is period reconciliation of shipping and invoicing records is more importantly and usually more complex for the international company. For example, for the purely domestic US company, the shipping process usually involved only one shipping company. However, the international company usually required long distance shipping, and more than one shipping companies may be involved. This higher the risk in losing shipments, and also enhance the importance of reconciliation of the shipping records with different companies.
Another different is that the international company require an effective regulatory audit of tax collections. Different from the purely domestic US company, an international company holds multiple oversea investment and assets in different countries. Most of the countries have different tax policies in the import tariff, which may significantly affect international company’s strategic decision making.
Sean Patrick Walsh says
You bring up two very good points about the differences between a US domestic business and a multi-national organization. I know some countries mandate that earnings taken in those countries be kept within the borders of those countries for a specific time period, and reinvested there potentially, before they are allowed to be repatriated back to the home country of the business. I wonder if that would impact the sales process in any way, or if it would primarily impact the finance department of a business.
Said Ouedraogo says
Sean,
Good point. Some countries force foreign companies to reinvest in the country. However, those companies always find a way to transfer profit to their home country. Doing business on an international level is really difficult to the extent that laws and regulations differ across countries.
Fangzhou Hou says
Yes, you are absolutely right Said. International business in the most cases is really difficult to the company, since every country wants to ensure their own business benefit, and protect the local industries by setting the import tariff.
Seunghyun (Daniel) Min says
Said and Fangzhou,
Rightly said! Expanding a business into other countries is very difficult and requires a lot of effort to do so. However, in today’s world, it is also important to do multi-country or global business. The reason is very obvious because there are definitely far more opportunities out there. Pursuing international business is highly recommended these days for any industry or any type of businesses.
Wenlin Zhou says
Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it?
The ability to enable risk based collections management depends on access to many different data elements, and mechanisms to generate scoring of those elements. The data elements and mechanisms in the example are detailed here:
Internal data elements – invoices to calculate delinquencies, other elements for credit review,
External data elements – to enable objective credit reviews,
A means to segregate customers for both scoring and strategy manipulation,
Scoring engines to generate delinquencies from AR transactions, risk classifications from credit reviews, scoring of customers for strategies,
Source: http://www.caliber-services.com/content/view/79/111/
Mansi Paun says
Assuming I’m an outside organization with the goal to cause negative impact to a company’s Order to cash process, below are the ways in which I can cause harm to the sub-processes. The thought process for causing negative impact to each of the sub-processes in the O2C process is as below :
1. Quotation/order entry
=Stealing customer master data or hampering it’s integrity – however, that may or may not be of a lot of value depending on my intentions – if I’m a competitor, the customer data might be of value to me as I could devise a strategy such that customers would prefer to buy goods or services from me and not the company who’s O2C process I’m trying to harm. This could be achieved by giving attractive offers to the customers for buying from my company.
2. Provision of goods or services
=Here I might not have much control over how the company delivers it’s goods or services. At the same time, it might require more effort or funds to make any substantial adverse impact to this area of the process. I could probably bribe the company’s employees or vendors to create problems and delays in the process. But it could also backfire and my intentions could be exposed.
3. Billing (invoicing)
=Any harm that I could cause in this area of the order to cash process won’t really be long term harm. At most, there could be temporary failure in invoicing which could lead to slight chaos and delayed invoicing. In the bigger scheme of things, this might not be the best idea unless I can completely mess up the system so much so that the invoicing is all done inaccurately. Wrong invoicing would make customers irate and affect payments but even then, the impact would probably be only for a short duration and to only a smaller percentage of the customers.
4. Incoming payment
=Attacking the payment system – This would be the best way to harm the O2C process for a company. The payment system would contain Customer payment info. If I can get my hands on it, and the company cannot detect it, I could use it for financial gains for a long time. If however the company detects it, and lets their customers know of the theft of payment info, the company’s reputation will get impacted which could be beneficial to me if I am a competitor.
Attacking the payment system would be the best choice as it would have the greatest impact to failure of the O2C process aswell as the company’s reputation and customer loyalty. This would certainly shake up the company’s customer base and even share prices possibly.
Such an incident would be a huge blow to the company and have long-lasting effect too.
Deepali Kochhar says
Q 1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
Being an outsider, I would attack as a fictitious customer to an organization’s order to cash process.
This creates a risk of fraud orders, nonpayment of the order leading to monetary loss for the organization. For example, as a fictitious customer, I place an order and I am not a potential customer to pay for my order. In this way I will harm the integrity of the OTC process leading to monetary loss as I will not be paying for my order. So such an attempt to falsify the ordering system request without making the payment can be lead to financial loss specially if it is a big order.
In this way customer order system will be used to make a fraud order. Such frauds generally occur when customer choose cash on delivery. Fraud customers make orders which cost a big amount to the organization for production and delivery of the order. Once the order reaches the door for the delivery they either refuse to collect it or there is no such person available at the address who made the order. This leads to loss as it cost a good amount to produce and deliver such a big order and the invoice amount remains unpaid. Above that sometimes the order is so big that it becomes difficult for the organization to sell it and it expires
Mansi Paun says
You make a good point about being a “fictitious” and fraudulent customer as it is a very real-world situation. Personally, I feel that if the order is not accepted upon delivery, and is sent back to the company, the loss due to effort spent in delivering etc. might be a very small amount. However, I do agree that COD orders can be used in causing big losses to a seller. I’d read about that sort of fraud occurring with one of the Indian ecommerce websites. The customer would order expensive items and repackage the delivered container with stones, papers, cheap phones, etc. then call customer service and have his money refunded. The company would think that there was an issue with their own supply chain and willingly refund the customers money. Over a period of 6-8 months, the company had lost a few thousand dollars
Wen Ting Lu says
Hi, Mansi
It’s interesting that you brought up that customers repackage with stones, papers, cheap phones and send back for refund, etc. I think it’s important to satisfy customer’s needs, however at the same time customer service must determine whether the request is reasonable. For example, if a customer ordered a cellphone, it’s very unlikely they will receive a package that with stones in the box. In this case, customer service should not approve the refund to the customer.
Deepali Kochhar says
1. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
The difference in the controls of purely domestic US company vs. an international company would be:
A domestic company will not need any foreign exchange controls as there is no foreign currency involved whereas an international company would need controls to manage foreign currency as the order involves different countries having different currencies. So here the first task is to manage the currency difference and the second is to manage the Foreign exchange (FX) risk. FX is the risk of loss from depreciation of a currency in which cash is held. It is important to ensure clarity about the base currency for risk measurement and the relative importance of cash flow and accounting risk. Also a centralized credit limit should be enforced on international accounts. It can be managed by multi-currency cash pooling where the system converts all the account balance into a common base currency which can help in easy payment.
Another important control which an international company would need on their system can be to manage the time zone difference. It is very important to keep track of the difference in date and time during an international order so that there is no confusion on order delivery schedule. Managing a delay in delivery is very important to avoid any kind of monetary loss.
Priya Prasad Pataskar says
Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
As a fraudulent customer, one can try to wreck the order process
1. Providing incorrect details on purpose – address, bank account details
2. Deliberate return of goods even if goods are not damaged
3. Not completing the payment process
4. Giving bulk orders and cancelling or returning them
As a hacker or cyber attacker, one can exploit the software system that the company is using to attack the order to cash process
1.Attacks on the customers who are using the OTC process – ex. phishing attacks by sending email to other customers
2. Cyber attacks to payment module of the company – ex. SQL injection, CSRF attacks
With social engineering one can get access to the organization data. It could be via tailgating into the company facility or by getting access to the confidential information via posing a person in authority to the employees.
Abhay V Kshirsagar says
Priya,
I think in a scenario where Flipkart and Amazon are providing COD service to their customers in India. An attacker can just get an access of someone’s phone and completely compromise the COD service by entering OTPs as they come in. Probably order a lot of goods, as you mentioned, in bulk and the company will be left with delivering goods to a wrong customer; shipping & handling costs, etc.
Joshua Tarlow says
You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
There are definitely a lot of controls would concern me, but the internal controls for cash would probably worry me most. It is easier for an employee to commit fraud with cash because it is a liquid asset. Cash is a much more attractive target for this reason than other assets accessible during the OTC process. An employee could steel inventory or supplies which is still an asset to the company, but it is a less attractive target. Segregation of duties is probably the most effective preventative control for cash because one person would not be able to independently commit fraud. Other important cash controls would be bank reconciliatory, proper authorization, and performance checks. It would worry me that the segregation of duties is not constructed as well as it could be, or its continued implementation is not where it should be. If the company is smaller, it is harder to properly segregate duties and create additional space between each one. Larger companies should conceptually be better able to segregate duties, so the smaller the company the more that I would worry.
Paul Linkchorst says
Hi Josh,
Good point about physical cash in the Order to Cash process. When these questions are raised I usually think of huge multinational businesses. However, companies as small as restaurants (could be franchises too) should be concerned with the controls over cash handling. As you said, cash is so desirable since it can easily be stolen and the value remains the same. Likewise, one theft isn’t likely to cause significant amounts of damage to the company, but thefts of small amounts over a long period of time can prove harmful. Therefore this makes it a high risk. I suppose one control that a small business can perform is by performing a reconciliation of cash at the end of the night against what is recorded on the cash register. I am sure that larger organizations have their own controls to make sure that physical cash handling is properly controlled.
Fred Zajac says
Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I am going to take this from one of my favorite movies. The movie is called, Office Space.
I would attack the financial accounting department payment / Credit Card process, and have a small portion of the customer’s payment deposited into an account overseas. The transactions would be minimal and may fly under the radar.
I would do this by establishing a tax / fees expense account, and setting up automatic payments to deliver the payments to an overseas account. End up riding it out until the payments stop. They may never notice the $.05 “new tax” per transaction.
Here is another fraud story I heard about. Sometimes, a company would send a fake invoice to an old customers accounts payable department, when the account was inactive for over 6 months. In some circumstances, AP would pay the invoice because it was for less than $500, you are an approved vendor, and haven’t been invoiced in a while.
Said Ouedraogo says
Fred,
This is ingenious. Don’t get me wrong, I do not encourage this type of behavior. I just think that it is clever. Doing so will not raise any red flag. If people were using this creativity to do good the world would be a better place.
Fred Zajac says
Who in an organization should care more about the collections process – Finance or Sales? Explain
This is a great question.
Finance
It is there job to manage the accounts payable and receivable. This is what they get paid to do. They should “care” more about fulfilling the duties of the job.
However…
If the sales people are working on commissions that are paid when the company gets paid, the sales department will care more.
This is when segregation of duties should factor in. Don’t allow the Sales department to perform collection duties. The conversations between the sales agent and the customer may not end in roses.
Jaspreet K. Badesha says
This is very well put. I believe both functions should be responsible.
Fred Zajac says
Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
Shipping Controls:
I would have tighter shipping controls if my suppliers or customers where located outside of the United States. The Service Level Agreement would only permit the international company to use approved shipping companies.
I would have stricter controls on sales to international companies. The quantity and cost would be capped until a relationship was established. Multi-level credit checks and approvals would be need for international companies where U.S. laws didn’t apply.
Fred Zajac says
You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
My biggest fear would be the shipping and available to promise. As a business owner and account manager, making the customer happy is our number 1 priority. There are too many things that are out of our control. The pre-sales, sales, billing, and payment portion of the O2C are controlled internally. The shipping is controlled externally. We are at the mercy of the shipping company. We can make corrections quickly in the pre-sales, sales, billing, and payment sections, but if the shipping company loses our package, we can’t track down the package and deliver it ourselves. Giving up control would keep me up at night.
Binu Anna Eapen says
I agree with you about not being able to deliver the product in time would infact be nerve racking for me tooI have worked for customer service and had to face customers when we were not able to deliver the service in time. It is difficult to explain as you know for a fact that it was your mistake.
Probably informing the user earlier of the delay can keep the customer less anticipating and so giving you more time to appease the customer.
Wenlin Zhou says
Who in an organization should care more about the collections process – Finance or Sales? Explain
I think Both should be concerned. Finance should own the process of tracking receivables and flagging any potential issues. However once a problem has been surfaced by accounting, sales usually has a responsibility to take action to collect, unless there is a separate customer Account Management department.
If the account is difficult to collect on and Sales can assist especially if they see the customer on a regular basis, then Sales should assist.
Jaspreet K. Badesha says
I agree. This is a great point. Finance is approving the sale by saying the client is good (in the sense of their credit rating). However, sales should follow through with their customers. They are not simply making sales but handling their clients and contributing to the business, which includes seeing their sales through.
Wenlin Zhou says
Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
The answer lies in the differences across borders. Nation-states generally have unique government systems, laws and regulations, currencies, taxes and duties, and so on, as well as different cultures and practices. An individual traveling from his home country to a foreign country needs to have the proper documents, to carry foreign currency, to be able to communicate in the foreign country, to be dressed appropriately, and so on. Doing business in a foreign country involves similar issues and is thus more complex than doing business at home.
Resource: http://www.referenceforbusiness.com/management/Gr-Int/International-Business.html#ixzz4MVxV4x00
Vu Do says
1. Who in an organization should care more about the collections process – Finance or Sales? Explain
In my opinion, Sales should care more about the collection process since them receiving the money is crucial to the numbers. They do not get credit for it if the sale does not go though. For example, if a customer uses a credit card that was expire and it went through but then later decline since the card is invalid for the expiration date then the sale did not process and no transaction for that sale took place. So that collection process did not finalize due to the customer card information. The collection process must process correctly in order for the sale to count. Finance are more concern about the company revenues and expenses. The collection process is important to them too since it generates revenue but Sales is ultimately more important since sale gets credit only if its process successfully.
Binu Anna Eapen says
I think the sales teams main goal would be to market and sell their products rather than maintaining the transaction records about the payment. I think accounting team should be responsible for that.
Seunghyun (Daniel) Min says
Binu,
I agree with you that Finance should focus more on to collect payments; however, Sales team’s duty is not only limited to market or sell their products, but they can also play a role of bridge to help Finance to collect their payments from the customers on time and in right process.
Tiesha Christian says
Vu Do – I don’t know if I agree with you. Sales is usually responsible for their numbers and productivity. That normally transfers to finance, and accounting who report the numbers to stake holders, and publish on annual reports etc. When I think of collections, I automatically think of billing (accounting & finance).
Vu Do says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I would attack the system that controls the customer’s order. The customers are the most important thing to the company so getting them to turn on the company will cause a negativity impact. So I would hack into their database system that is responsible for shipping customers order and have them all get push back or even cancel. That way, customers will wonder what happen with their order when it was suppose to get deliver at this date but never came and get frustrated after they realize it was cancel. Nothing is like that anger you get when you expect something you really need to come but does not. That will enrage the customer and thus cause a negative impact to the customer since I will be targeting all their customers, not just one.
Binu Anna Eapen says
I guess your motive for this would be ensure bad reputation for the company. I guess in competitive environment,the competitors try this type of attack to improve their sales and to defame the other company so that the customer base shifts to using their products.
Wen Ting Lu says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
My most concern area will be when order is shipped to customer or service is performed. I think shipping or delivering service is the most vulnerable part of the OTC process. First, I want to share one of my experience at work as an accountant. There was one client that we provide monthly book keeping service for her company, and we will send her the profit and loss statement up to date before the 15th of each month. Last month, our accounting firm was overwhelmed by the business tax return extension which must be filed on the 15th. Therefore, we didn’t send the PL statement to that client on time. Obviously, the client got upset and she refused to pay for last month’s book keeping service fee because we didn’t get the work done on the date as we promised. What I am trying to emphasis here is it’s very important to make sure we did everything we can to satisfy with customer’s needs. In this case, we must make sure our service is delivered not only accurately, but on time.
As Fred mentioned in his post, Shipping and delivery is not something that we hold much control of because usually third party such as UPS, USPS, FedEx will be responsible for deliver the products to the customers. Therefore, I believe shipping is one of the steps in OTC process that would keep me up at night.
Jianhui Chen says
Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
If I am outside the organization, I think I will focus on the vulnerability of shipping process as it is the easiest. Physically, I just hired some people intentional damage, misplace, even steal the package. Technically, hack into customer’s account and change the delivery method or destination.
Jaspreet K. Badesha says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain.
I believe since services should only be supplied to customers who have a good credit rating and if finance approves the supplier and allows the transaction to still go through it is their liability. They should be responsible to ensure that the customers they are approving are actually in good standing and the risk is minimal. They are responsible for that supplier from the moment they approve until the account is actually paid for. They will decide if the supplier gets to purchase more However, sales should follow up with their orders until they are fully paid for.
Jaspreet K. Badesha says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I would hack their customer information and change shipping addresses for all companies as well as steal and overcharge their customers. This would make customers not want to do business with this organization as they are misusing their information. This would attack both the order processing and pricing sections of their OTC process. For example if this was done to a company at large no one would receive the orders they placed and cause a lot of chaos within the company.
Jaspreet K. Badesha says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
1. Payment processing – To ensure that the global policies and payment processes are being followed.
2. Shipping processes – To ensure that all of the global processes for shipping are being followed. So items are not stopped at customs.
These controls would need to be tighter since you are working with international customers and most likely cannot send them to collections and effect their credit since that is an American system. In fact, I would ensure the international customer cleared their bill before shipping any items to them to ensure payments are made. Only after they have done this several time would I extend them credit.
Wen Ting Lu says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
I think finance department should care more about the collections process because finance department is responsible for paying vendors or suppliers (accounts payable), accepting payment from customers (accounts receivable), The primary focus of finance department are allocating assets, reducing liabilities and managing cash flow. However, I believe there should be collaboration between the sales and finance department. In order to collect the correct amount of money, communication is needed between the sales department and finance department. For example, if there is a sale event going on, finance department should be notified.
Jaspreet K. Badesha says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
Availability of products (inventory controls) to ship out and shipping out on time. These are the largest items that would keep me up at night since as a consumer these are the two most important items to me when placing an order. If the availability is not their and my inventory is not accurately recorded and I tell a customer after they placed the order that it is not there and will not be shipped on time they will most likely not want to do business with me again. Losing customers is essentially what will keep me up at night.
Tiesha Christian says
Jaspreet K. Badesha – You make a valid point. I know these are things that are important to me. I do most of my shopping online. These two items are important. It is a bummer when I have my heart set on an item, and it is on back order or out of stock. These are things that can cause a consumer not to patronize your business.
Wen Ting Lu says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
One example I can think of is the control of money collections due to foreign exchange rate. For international company there is foreign exchange risks occurs because currency’s exchanges rate fluctuates. It’s very important to have a defined date that the money should be collected and both parties agreed with the foreign exchange rate.
Also, when doing the business with international company tariffs and quotas needed to be taking into consideration. They can have a huge impact on the profits of an organization because it might either cuts revenues from the result of tax on those products we are shipping overseas or restricts the amount of revenues that can be earned. Therefore, doing research and have a good control on custom is important.
Ming Hu says
You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
If I were responsible for the controls of OTC Process, one area I concern mostly must be payment process. This link contains a lot of sensitively financial information, such as credit card information, once disclosed may lead to huge financial loss, or reputation damage to the company, you will pay a fat price with even small mistake. So, I have make sure that the payment system is enough secure, the involved personnel are totally reliable, the human errors are properly controlled to the minimum, the recovery plan is in place to cope with emergence situations. Besides, a higher demand is put up by the fast-changing business environment to address any potential risks.
Wen Ting Lu says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I would attack the payment process if I am an outside organization with goal to cause negative things to happen to an organization’s OTC process. The reason is because payment process contains all customer’s PII such as name, address, bank information, etc. After I obtain those information, I can basically do whatever I want to. I am able to change the shipping address, charge more than the amount I am supposed to from the customers, etc.
First, I would find out who are those people have the access to the system. Then, I would cyber-attack the company’s OTC system by phishing attacks to my targets. Employee is vulnerable to the organization because they might lack of the awareness of secure company’s asset. If one of these employees download the Trojan from the phishing emails then I am able to obtain the access to the OTC system.
Tiesha Christian says
Wen Ting Lu – I agree with you. I would probavly attack the payment process as well. It just seems to be the most vulnerable process in the order to cash process. It is also the most commonly attacked process in the order to cash process. Attacking this process gives the attacker a platform to access many many consumers.
Ming Hu says
Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
Different from domestic company, an international company need to manage foreign-exchange risk,that’s a kind of risks refers to the potential for loss from exposure to foreign exchange rate fluctuations, that an asset or investment denominated in a foreign currency will lose value as a result of unfavorable exchange rate fluctuations between the foreign currency and domestic currency.
International companies face foreign-exchange risk, because this type of companies makes interest and principal payments in a foreign currency. For example, let’s assume XYZ Company is a Canadian company and pays interest and principal on a $1,000 bond with a 10% coupon rate in Canadian dollars (CAD). If the exchange rate at the time of purchase is $1 CAD: $1 USD, then the 10% coupon payment is equal to $100 Canadian, and because of the exchange rate, it is also equal to US $100. Now let’s assume a year from now the exchange rate is 1:0.85. Now the bond’s 10% coupon payment, which is still $100 Canadian, is worth only US $85. Despite the other side’s ability to pay, the company has suffered financial loss because of the fluctuation of the exchange rate.
Source: http://www.investinganswers.com/financial-dictionary/forex/foreign-exchange-risk-3181
Seunghyun (Daniel) Min says
Q2: Who in an organization should care more about the collections process – Finance or Sales? Explain
Finance should care more about the collections process. This is because the Finance department is the direct entity to collect money and report those processes into the system. If any payment is unpaid or not collected, it is mainly the Finance department duty to complete those. For example, when I was working at the grocery store, I had to receive invoices and scan them into our procurement system. And sometimes, if I miss an invoice to scan into the system, I always got a phone call from our finance department to complete scanning. So from my experience, Finance should care more about the collections process than Sales.
Tiesha Christian says
Who in an organization should care more about the collections process – Finance or Sales? Explain
I think that Finance should be more concerned with the collections process. My reason for this is because Finance works really closely with accounting in perfoming analysis work and reporting to close out the books by specific periods. From the perspective of balancing the books and reporting I think Finance should care more about the collections process.