- Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
- Who in an organization should care more about the collections process – Finance or Sales? Explain
- Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
- You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
Tamekia P. says
1. Who in an organization should care more about the collections process – Finance or Sales? Explain
Finance should care more about the collections process because the sale has already occurred and it is likely that the sales person has moved onto the next client. Finance has a responsibility to ensure that the receivables are collectible and recorded appropriately in the General Ledger.
Tamekia P. says
2. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
The controls of a purely domestic company vs international company, the international company may need to take varying credit terms and invoice rules into consideration, if home country rules are different from other countries.The international company will also need to deal with invoicing/collection in foreign countries. The company should create a reasonableness check to ensure that the invoice includes the appropriate currency. In addition, changes in currency can cause the outstanding receivables to fluctuate.
Xiaozhou Yu says
Hi, Tamekia
I agree with you that rules are different in countries and financial institutions. it will cause various problems when convert invoices and credit terms into internal manner when the organization works with multiple national companies. They may need to prepare multiple invoices in different terms and hard to manage them all together.
Scott Radaszkiewicz says
Tamekia. Great answer Tamekia. I never really thought of currency fluctuations in this example. Now, I think you’re added another thing for me to worry about as I consider the OTC process. That would definitely keep me awake at night. Imagine the stress that was caused when Britain pulled out of the EU. If you’re an international shipper that deals heavily with Britain, you’re now juggling your data on the back end to account for currency changes. Always fun times!
Tamekia P. says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
If I was an outside organization and wanted to cause negative things in the OTC process then I would attack the creation of orders. Given this is the starting point for the OTC process, I would want to perform a function that manipulates sales orders either by deleting them or turning off completeness checks so that they are not completed appropriately.
Akiyah Baugh says
Tamekia,
I like the idea of turning off the completeness check. That would not only allow incomplete order processing, but would also open up the company to further manipulation when receiving new orders (new customer, shipping addresses, payment information).
Tamekia P. says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
The area of most concern for me would be ensuring that there were enough staff to ensure the appropriate segregation of duties between the respective fields. Given the interconnectedness of the customer master data, customer sales, and credit limit maintenance, it is important that these roles remain segregated. If not segregated, the compensating control needs to be precise enough to identify anomalies.
James T. Foggie says
Tamekia,
Yes…and often the person responsible for controls does not have the full power to implement the segregation of duties you describe. When this is the case (lack of power), audits (audit results) are a great tool to utilize to motivate/encourage senior management to change corp structure to adhere to proper segregation of duties.
Tamekia P. says
1. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
The other thing that would concern me about the OTC process is the credit memos. Given that credit memos are a direct outflow and reduces sales, I would be concerned about fraudulent activities that could cause a decline in sales.
Mahugnon B. Sohou says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
If I was an outside organization with the goal to negatively affect an organization’s order to cash process, then I would attack the invoice process. Given that the invoice part is the point where you bill a customers for their order, I would implement some malware into their billing system, which would would mofify the invoice amounts and bill customers for a different amount than what is purchased. This is a lose lose situation for the victim organization, because an invoice with less than the normal amount would cause the organization to lose money and an invoice more than the normal amount will cause anger and outrage from the customers and the organization to lose their trust.
James T. Foggie says
Very good example of how an outside org could negatively impact a company through attacking its invoicing process. I like the way you provided examples in both directions (over and under billing). I would imagine some ‘bad actors’ attack invoicing processes of companies simply to hurt the business reputation of the company. This by itself, could hurt the competitive advantage of any company.
Mahugnon B. Sohou says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
I think Finance should care more about the collections process because it is most likely that sales will be taken care of and the sales man will be moving on to the next customers, leaving the remaining details (billing, payment collection etc…) to the Finance people. The Finance people have the responsibility to accurately record all account receivables and payables information.
Mahugnon B. Sohou says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
Controls of international companies vs domestic may need to take into considerations invoicing rules from other countries if different from home country rules. Therefore the controls of an International companies would also need to account the difference in currencies with foreign countries. Measure to ensure that the invoices contain the appropriate currency and are accurately calculated.
Heiang Cheung says
Accounting for the difference in currencies is really important because sometime currencies could drop a lot sometime 50% in a single year so making sure you price the item correctly can really hinder your business.
Mahugnon B. Sohou says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
If I was responsible for the controls of the Order To Cash process, the area that will be of most concern to me would be segregation of duty. I will be worried about one employee having complete acces to the entire order to cash process. Given that all the customer data are all connected, I would make sure that Different people are responsible for different parts of the process. If segregation of duty cannot be maintained in certain cases, I would implement compensating controls to make sure there is continuous log and activity monitoring.
Pascal Allison says
Mahugnon segregation of duties is an important control to focus on. I could just pin it out. I had to go with something else.
But segregation of duties like you specific here could be a great point to look at. Verifying customer order by different people or department, peer reviews, etc. could save the process.
Mahugnon B. Sohou says
Hi Pascal. Thanks for your comment. indeed I read your post and saw that the point of concern that you mentioned was Pricing and I think it is also a good answer. I think it will also an important point and kind of joins what I said about segragation of duty because I mentioned it thinking that someone who has access to the entire system could mess with the prices on the invoice and both the company and customer could be affected by these erroneous pricing. Both of our Ideas kind of address the same issue. Thanks for your comment. I appreciate it
Scott Radaszkiewicz says
Mahugnon, great response. I never thought about the human resources side of it when I answered this question. As they always say, the employee is the weakest link, and not having enough employees to effectively implement all of your controls surely would have me up late at night!
Pascal Allison says
1. Assume you’re an outside organization with a goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I would attack sale orders. It could be easier to attack from the customers’ end with the possibility of attacking from inside. I could manipulate the customer order as it will difficult for the vendors to determine the manipulation. Once it is not caught, it would easily pass through. One manipulation will be the delivery address.
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
We do not want the sale to be responsible for the collection, but with sale and finance, the sale should have more of the liability of collection compared to finance.
Usually, the sale often has a better view of what is going on in that account than anyone else including finance. Sales often have relationships with the customers that could help smooth the process of reviewing accounts and reaching out to customers.
Should Sale be totally accountable for collection? I think No, sales should have a delegated interest collection. I would create a team (Sales & Finance) to collect. That way, if there were any intentional control lapses on the part of the sales, it will not be covered.
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
All law and regulations are not the same. Domestically, customers and vendor are governed by the same laws. Under international trade, there is some law that is universal while some are specific to that country.
Invoicing: the are some issue for international trade. There could be currency issues, term, and condition (date), timing, etc. For domestic trade, you have the same currency, time, date.
Collection: Collections law are not the same everywhere. For international trade, vendors will have to consider international law and the country law to which the customers are transacting. Domestic trade, the vendors and customers are under the laws. The collection should must easier than international trade.
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g., be your area of most concern)? Explain
I will look at all areas for ensuring controls are in place, but I will spend more time on pricing. There are lots of risks associated with pricing. Both the company and customer could be affected by erroneous pricing. If there was any manipulation of orders, creditworthiness, currencies (foreign exchange), etc. pricing could save the hustle.
Some possibilities could be the negotiation of inadequate pricing for kickback, inaccurate authorization of pricing to a customer, overstating or understating price, etc.
Customers get over charged could lead to default in approved credit and company loss of reputation, decrease in the organization investment, or profit.
A customer could get undercharged; erroneous commission could be applied, etc.
Heiang Cheung says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
Finance should care more about the collection process because that is why most finance departments have an account receivable team. Also, if sales were part of the collection process there would be no segregation of duties because if they could make a sale and collect the money than they almost control the whole process. Having finance be in control of collections helps the process to be more segregated. This would also let the sales department focus on selling.
James T. Foggie says
Heiang,
Good Point on the segregation of duty, with shared responsibilities between the sales and collections teams. Ideally, there should be segregation with a high-level business objective that creates synergy between sales and collections.
Mengqiao Liu says
Thank you for sharing your opinion. I have opposite opinion which I think sales should care more about the collection process. However, look at this problem from your perspective, I do agree that sales and collection should be segregated.
Heiang Cheung says
1. Assume you’re an outside organization with a goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
If I was an outside organization trying to negatively impact an organization order to cash process. I would probably attack the order fulfillment/ shipping process because it seems easier to attack and less likely for anyone to find out quickly. If I’m able to change the order and the shipping location. I would get them to send orders to a location I want. They won’t really notice until the customer complains about their order missing. I would also mess with the collection or account receivable process because I could change how much someone owes to the organization.
Folake Stella Alabede says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
Finance should care more. Collections deals more with debt, which means sales has already occurred, and the organization needs to balance accounts and receive payments for the sales already made. So, I believe finance should care more.
Folake Stella Alabede says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
I think invoicing and Payment would keep me up at night. Especially with credit notes. Invoicing and accepting payment before delivery should be the norm, but there are lots of exceptional cases where a credit line is allowed, and payment is made “after” delivery.
If a customer has a credit line for a very large amount, even if the customer has been vetted, has good credit ratings etc., I would think, what if the customer goes bankrupt? what if they don’t pay on time as agreed? What if…….…
Controls must be in place to ensure that sales orders processes within xyz time, and ensure that cash or collections is received as soon as possible
Also, i would think about segregation of duties. Controls around SOD must be well defined and enforced. All it takes is for one person to have access to at least any 2 steps of the OTC process, and a very real risk might arise from that
Heiang Cheung says
Hi Stella,
That’s a good point about customers with large credit lines I didn’t even think of that. If the customer has a large credit line and they default on it than it would be a problem. I would think that to protect yourself from people defaulting you would have insurance on your account receivable depending if it’s worth it not.
Anonymous says
Great point Stella about the customers with large credit lines and whether or not they would be able to pay. This also an excellent point that I definitely did not think of in my post. If the customer defaults on on their large credit line this could be quite worrisome.
Mahugnon B. Sohou says
Great point Stella about the customers with large credit lines and whether or not they would be able to pay. This also an excellent point that I definitely did not think of in my post. If the customer defaults on on their large credit line this could be quite worrisome.
Anonymous says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I would attack the invoice process. Creating manual invoices takes time, as does send the bill by courier or post. This delays the payment process and increases the possibilities of errors. Once the product has been shipped and delivered, or the service has been fulfilled, the most important stage of the cycle begins with cash management. The invoice is created and sent to the customer for payment. If the fraudulence or theft happens in creating invoices process, there would be a lot of impacts. The quantity and the total amount mismatch, which creates additional work for the accounting department, the clients are unhappy with the mistake the organization made, which would impact the reputation and future business.
Mengqiao Liu says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I would attack the invoice process. Creating manual invoices takes time, as does send the bill by courier or post. This delays the payment process and increases the possibilities of errors. Once the product has been shipped and delivered, or the service has been fulfilled, the most important stage of the cycle begins with cash management. The invoice is created and sent to the customer for payment. If the fraudulence or theft happens in creating invoices process, there would be a lot of impacts. The quantity and the total amount mismatch, which creates additional work for the accounting department, the clients are unhappy with the mistake the organization made, which would impact the reputation and future business.
Mengqiao Liu says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
Collections process is to follow up on payments and receive payments. I think Sales department should care more about the collections process. The first defense against payment collection backlogs is to have reps document payments received within a specific timeframe. Organizations encounter issues when payments delivered by customers have not been processed in the ordering system and accounts still show as unpaid. This can cause friction when customers are asked for payment that has already been remitted. It can also lead to inaccurate cash estimates, which causes finance teams to incorrectly forecast higher cash deficits.
Mengqiao Liu says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
As is the case with anything related to credit management and accounts receivable, invoicing delays and inaccuracies can snowball and lead to cash problems that disrupt the entire organization. When accurate invoices are sent out on a reliable timetable, staff in Finance can effectively forecast cash inflows and plan for expenses accordingly. Research compiled by Aberdeen Group reveals that companies that excel at O2C performance require manual input for only 16.2 percent of invoices, compared with nearly 80 percent for companies that scored in the bottom tier.
When an invoice does officially lapse into the overdue period, the customer’s account must be flagged, and their credit put on hold. When they try to place another order, the automated system should alert the customer that payment needs to be sent before they can complete their next purchase. Accounts receivable personnel should immediately begin contacting customers with overdue invoices and outlining the collection procedures and potential penalties going forward. Accounting and finance leaders must also review all overdue accounts on a regular basis to keep an updated bad debt forecast and determine next steps.
Reference: https://www.salesforce.com/products/quote-to-cash/resources/what-to-know-about-order-to-cash-process/
Mengqiao Liu says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
Technology plays a crucial role in every step of the order-to-cash process. There is not a single action in the following section that can’t be improved through the use of innovative technology and interconnected systems.
Optimal management of the OTC process requires many different parties to have access to accurate, real-time information at any moment. Beyond interconnected data, there are tools such as automation, digital invoicing, and digital shipping management that should be incorporated appropriately. In the end, getting ideal results from your OTC process requires a fusion of technology, process management, and interdepartmental collaboration.
Heiang Cheung says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
The difference in control of a purely domestic vs an international company would a couple of things. You would have to make sure the exchange rate is correct when invoicing the different countries. Also, you would have to make sure the tariffs are reflected in the price of the product for each country. Collections could be different depending on the regulations in the country. The culture might be different, so collection might have to be done in a different way.
Heiang Cheung says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
If I was responsible for the controls of this process, there are a lot of things that would keep me up at night. If the business was an online company like Amazon I would be concern If the site goes down and if it does how long would it take for the system to be put back in place. If it goes down then I’m losing business so I would say the order part would be my most concern.
Nathan A. Van Cleave says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
If the organization my group is targeting is a retail company, there are a number of vulnerabilities I would want to exploit. Payment card processing or customer databases would be high value, high impact areas to attack given the sensitive nature of both financial records (Credit Card info) and personally identifiable information (PII). The damage would go beyond the financial as the company’s reputation would likely suffer if a breach was made public.
Additionally, I could exploit vulnerabilities within the supply chain through its warehouse and distribution networks. Whether it be penetrating the W&D system itself and re-rerouting product or maliciously adjusting inventory to cause over ordering, the impacts could be significant financially (internally) or, again, reputation (if publicly discovered).
Nathan A. Van Cleave says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
Finance would be more concerned about collections as this group determines the distribution of assets across the organization. Collections should be considered liabilities and there affect the overall profitability of the company. I would think the affect on sales would be negligible (if at all) as any accounts that were to fall into collections, presumably, would already have had sales associated.
Nathan A. Van Cleave says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
For an international company, invoicing and collections would invariably need to include various import/export taxes, currency exchange calculations or any variations of the home/foreign country’s laws and regulations.
For a purely domestic company, there may be specific interstate commerce regulations or state/local laws that govern the method, frequency, etc a company can seek collections.
Nathan A. Van Cleave says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
In reviewing the OTC process and general IT controls, I believe the insider threat is the thing that would keep me up most at night. The common focus of IT security/Cyber security is the Advanced Persistent Threat (APT) and reducing or shoring up the vulnerabilities a company has. Though it is the insider threat, the disgruntled employee (or non-malicious employee) that can easily and often times, discretely, exfiltrate critical or sensitive information. They can cause date integrity issues (again, either maliciously or non) or take down an entire system.
Once the focus shifts internally, then a very fine line between intrusively defensive measures (privacy concerns) and detective/response measures can develop.
Akiyah Baugh says
Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I believe an organization’s fulfillment process is the best place to attack. The order has already been placed by a legitimate customer and most likely verified. Also, You can delete customer data from the purchase order, inflate/deflate quantities, enter fictitious delivery addresses, and duplicate orders this will affect inventory and the ability to fill more orders These actions will affect invoicing, inventory, shipping delays (trucks being sent to incorrect addresses, and customers not receiving inventory quantities ordered and possibly be overcharged.
Anonymous says
Akiyah, I agree, from a cyber hacking view, attacking this vector would make great sense. simply changing a delivery address is all it will take to have goods being shipped to wrong addresses, never to be seen again. It’s scary to think what could happen if a hacker could gain access to this type of data. Controls to ensure shipping labels match is crucial!
James T. Foggie says
1 .Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
As a ‘bad actor’ in the cyber universe, I would focus on the ‘customer payment’ sub-process within the Order to Cash process. The payment process provides several avenues for fraud. If there are weaknesses in controls associated with the customer payment process, risks can materialize. For example, if IT security controls are weak, customer sensitive data could be exposed in a breach. This customer data could then be used to commit fraud against both the company and the customer directly.
Another example of potential fraud in the customer payment process is weak controls that lead to submission of erroneous payments to my outside organization. The customer payment process is a likely area for fraud simply because of the volume of funds handled within this process.
James T. Foggie says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
I believe the correct answer is… it depends on the dynamics of the corporation. In a well-run corporation who’s executives realize the power of synergy within business units, corporate business objectives would be created to ensure the collection process is the concern of all organizations. For example, a corporate business objective could be ‘to increase annual revenue by 10% while keeping outstanding receivables
at 2% at any given time during the fiscal year’. In support of this business objective, the performance agreements of the finance and sales teams could be the following: (1) Finance team: Ensure the accounts receivable remain under 2% throughout the year (2) Sales team: Maintain a customer default rate of >= .005. Ideally the performance agreements are worded and documented in a manner that clearing display their ‘roll up’ to the aforementioned corporate business objective.
James T. Foggie says
3. Controls are important in all the OTC processes including invoicing and collections.
What would be different in the controls of a purely domestic US company vs. an international
company? Give 1 – 2 specific examples.
For international companies, additional controls will needed to be implemented to ensure adherence to the various global rules and regulations that may differ from those that exist domestically. For example, when invoicing and/or collecting payments globally, companies need controls to ensure (1) the proper taxation methods/processes for each international country in which you are doing business; (2) strict compliance (via monitoring) to the aforementioned tax rules; and (3) adherence to data protection regulations such as (European Union – General Data Protection Regulation).
These are some of many of the control areas that need to be considered when venturing out to the global market place.
Scott Radaszkiewicz says
Data protection regulations is a huge one now. I’m sure that the GPDR had many companies executives staying up late at night trying to figure out how to account for this new regulation. It would seem that, with the ever changing digital landscape, companies must be prepared to be very fluid with their processes and controls.
Akiyah Baugh says
Who in an organization should care more about the collections process – Finance or Sales? Explain
I believe both departments should care about the collections process. The Sales department is where the purchase was placed thus where the problem potentially originated. Sales is also where a block can be placed to prevent future sales if the account is not paid up-to-date. The Finance department should care about the collections process as well because this is where the money comes in thus affecting the company’s revenue if not received. Ultimately it is Finance’s job to collect.
James T. Foggie says
4. You’ve now seen the entire Order to Cash (OTC) Process.
If you were responsible for the controls of this process – what would keep you up at night (e.g. be your
area of most concern)? Explain
Of all of the sub-processes of the OTC Process, the Goods Issue process would probably give me the most concern for one main reasons. As a leader responsible for OTC controls one of my main focus areas would be to ensure accuracy in our financial reporting. The Good Issue process entails updating inventory, and posting to the general ledger. It would be one of my performance objectives to ensure the accuracy in these two areas. By focusing on monitoring the Goods Issue process, I can ensure compliance with respect to any Sarbanes-Oxley (SOX) control requirements.
Xiaozhou Yu says
Hi, James
Thanks for sharing your idea.
I agree goods are important, as they are the key business driver. And there are many aspects involved related to goods issues, like finance and inventory. And I also think orders is important in terms of accuracy, also orders link to finance and inventory as well as invoices.
SOX is a good resources for such compliance!
Akiyah Baugh says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
If I were responsible for the controls of a company’s OTC process, system failure would keep me up most at night. Companies/people are overly reliant on technology today. If the system was to be comprised or fail (server go offline) it would cause a number of issues such as:
1. Customer data being compromised – loss of business and a bad reputation
2. A halt in the business process – finding and resolving the issue
3. Loss of revenue – companies need inventory and if your system is down they can go elsewhere
Xiaozhou Yu says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
I would attack on payment process, which I think is the most vulnerable. Also, the issue with payment will affect the organization, the customer and bank/credit card company. Payment is one of the last phases within OTC, and whenever payment goes wrong, the whole process failed. The way to do so is more like a credit card fraud.
Xiaozhou Yu says
2. Who in an organization should care more about the collections process – Finance or Sales? Explain
Finance should care more about the collections process. Sales people work mainly on first couple phases within OTC ie. Order creation, invoicing etc. Finance people are responsible for managing all accounts and receiving payments.
Xiaozhou Yu says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
Doing the business with domestic customer would be easier to apply controls, as well as less controls, since all actor involved are local based, standard and uniform controls can apply over the whole process, and easy to maintain and monitor.
While international companies also need to deal with exchange rate, tariffs there controls over the OTC process is impacted by government policies and global economy status.
Nauman Shah says
You raised a very good point. Government policies, economic status and political situation in certain countries fluctuate so much, it can be a nightmare for international companies to keep up with them. Recently some ships carrying merchandise to China had to return without delivery the goods, since China imposed heavy duties on US’s goods in response to Trump administrations increased tariffs on Chinese goods.
Xiaozhou Yu says
4. You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
If I’m responsible for the controls, I cared more about the internal side. External controls surely face more threats from different sources but are operated by different actors as well, we work together to make sure everything works fine for all of us. But internally, all controls are applied within the organization and monitored by internal employee. If there is internal fraud committed by employees, it will cause huge problem for whole organization and then have impact externally. Also ,such fraud may got covered when multiple employees involved and will not be revealed until it case direct issues ie. Finance related. By that time, it will be hard to cover up losses.
Akiyah Baugh says
. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
Working with domestic and international customers you need to consider the following:
1. Fluctuation in currency – International only
2. cultural differences (collections) International only
3. trade barriers, taxes, and tariffs – domestic companies have to worry about taxes when doing business across state lines.
4. Competitive pricing
Tariffs add the the price of the goods , therefore staying competitive is as much of an international concern as it is a global concern. The company would need to stay competitive with local business while still earning a profit.
Scott Radaszkiewicz says
Question 1: Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
If I was an outside organization looking to cause a negative impact to a company, I think I would target the Sales Order process. If you created a few fictitious companies and were able to obtain sales quotes that turned into orders, than goods could be shipped, and then never paid for. If a company does not have all of its processes in order, it might be possible to get your fake company approved for a credit purchase. Once you get that approval, the process will move down the rest of the line in the OTC process. If goods are shipped to a fictitious company, then nothing will ever be paid on that shipment.
Scott Radaszkiewicz says
Question 2: Who in an organization should care more about the collections process – Finance or Sales? Explain
That’s a tricky question, they should both care equally as much as it will affect the overall bottom line of the company. But, I think sales should have a great interest in the collection process. If the company asserts that a sale is not complete until payment is received, then sales has to ensure collections are made. If you ship 100 units, but only get paid for 90 of the units shipped, then sales could only be 90 units, not 100. Since the sales department is always looking at the goal of increasing sales, collections would be a major area of concern to target to raise sales numbers.
Scott Radaszkiewicz says
Question 4: You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
That’s easy, and I’m sure similar for most. Collections! You can sell as many products and items as you want, but until you have that money in hand, you haven’t profited one bit. You’re putting out money up front on costs, and hoping to recoup that money on your collections when you sell it. You can have the tightest control processes for your organization, but you can’t account for the other guy. You might deal with a company for years, they could be a good solid buyer. You might extend them millions of dollars worth of credit, because they have been a good and loyal customer for years. Well, last night, that company had a scandal, their CFO took off with millions of dollars, and they company is now in bankruptcy. They owe you millions, but you’ll never see a penny of it. What could you have done? Maybe limiting your exposure by have rules on how much product you let out the door on credit, so it won’t bankrupt you too. But let’s face it, at the end of the day, in this situation, you’re out of luck.
Derrick A. Gyamfi says
Scott,
I agree that collections is the most likely the area of concern for most business. This is because it takes the power out of the hands of the seller and places it in the buyer. What if the buyer goes bankrupt? What if the industry environment of the buyer goes bad? What if economic conditions change? Depending on the political climate and socio-economic factors, I definitely think controls need to be in place for collections related issues.
Robert Conard says
1. Attacking any of the processes of OTC can invoke negative consequences depending on the attacks performed. As a separate organization, I assume my intentions for hurting the process are to drive clients away towards my own services. Also, I should aim to complete such attacks as cost effectively as possible.
I would likely choose to interfere with the order management aspect of the process. Interference with any of the processes is likely to take a cyber attack. With that in mind, I would find it most advantageous to chop up details as they enter the company’s databases. In this sense, there would be no ‘originals’ to compare orders with, and the organization will likely have to contact the client again regarding their orders.
This can be achieved by sabotaging the data entry software for retaining client orders. The sabotage can be as simple as relocating the data files around the computer so that the program has an error calling that information. The consequences should be disgruntled clients seeking new services.
Robert Conard says
2. Finance. Sales personnel are responsible for retaining the business and motivating incoming orders. Finance personnel should focus more on the receipt and collection of funds. Not to say that sales associates shouldn’t be concerned about the collection process, but when it comes to the credit process, it is likely that responsibility is left to finance professionals.
Robert Conard says
3. Number one difference would be compliance. Certain differences in disclosure of information may lead the discrepancies in controls around how a US vs an international company operates. Specifically, in the reporting process, companies may operate by GAAP standards or IFRS. There can be significant differences in reporting pertaining to the OTC process.
Robert Conard says
4. My biggest area of concern would be around the security of clients credit information. Compromising the payment info of a company can easily become publicly known leading to a major hit in reputation, not to mention the likely immediate loss in business with that client. These would be a major area to focus controls around to secure the safe use of clients payment information.
Nauman Shah says
1. Type of cyber attack always depends on the motives of the hacker. In a hypothetical situation, if I am competing with another business for similar products, I would want to outsell them. If I have to achieve that goal by tampering with their Order to Cash process, I would want to attack the first part of the process, which is placing the order. I would inject a malware into their system, that would redirect their orders to my company’s portal. Since, the customer would end up ordering the product from my portal, this would increase my revenue and decrease the revenue of my competitor.
Nauman Shah says
2. Collection process should always be handled by the Accounting department, which is usually a sub-function of Finance. The responsibility of Sales department is to convince the customer to buy their product. Once the sales happen, it’s Finance/Accounting’s responsibility to chase the customer to collect the Account Receivables.
Derrick A. Gyamfi says
Nauman,
I agree with your comment regarding the collection process being handled by the accounting department. However, I believe if this responsibility was shared and extended to the sales department the collection process will run smoother and be more efficient. This is because there will be a more of an understanding on both sides on the roles each side plays in the collection process.
Nauman Shah says
3. If the international company stores customers data in their database, and it is highly likely that they do, since most bigger organizations would have a CRM system, where some of the customer’s master data is stored. International companies that process transactions of customers that are EU citizens, cannot ignore a new EU privacy regulation called the General Data Protection Regulation (GDPR). GDPR imposes strict requirements on the way businesses collect, store and manage personal data, therefore these companies would have to make sure they comply with GDPR data protection policies.
Nauman Shah says
4. The part of the Order to Cash process that I would be most concerned about would be Accounts Receivables. Every company that enters into a credit agreement with an another party has to make sure the other party will be able to pay back. Controls can be placed around this process, which includes performing credit checks on beneficiaries of the credit, but credit checks is a point in time validation of the financial position of an individual/company, which can change over time.
Folake Stella Alabede says
3. Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
Some difference in the controls of a purely domestic US company vs. an international company involving invoicing and collections would be in currency exchange and time differences. The control design has to take into consideration that international companies are sometimes in different time zones. E.g, 12pm in India is 12am in New York EST. For collections that are time sensitive, not factoring the time zone difference might be a constraint.
Also, controls around currency changes must be effective, as changes/fluctuations in currency can affect companys that have international business if controls are not properly managed
Folake Stella Alabede says
1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
As an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process, I would attack Shipping and Delivery. This is because I know how upset I get when I factor that I’ve been assured that I’ll receive an item on a Tuesday, if I don’t get it on Wednesday (which is the next day). How much more for an organization whose survival might depend on a shipment which is delayed for days. Also, imagine a customer expecting delivery for rocks and receiving sand instead.
Derrick A. Gyamfi says
If I was an outside organization with a goal to cause negative things to happen to an organization’s Order to Cash (OTC) process I would attack the collection/billing portion of the process. This is because without the ability to receive payment for products/services rendered the organization can not be sustained. I will do this by targeting the manager in charge of billing. In doing this I will send him/her phishing email or reach out to him and utilize social engineering in using his administrator credentials to delete all customer order, shipping, and data from the application.
Derrick A. Gyamfi says
I think the collections process should be the responsibility of both the sales and finance department. I think the responsibility initially bears on the sales team; this is because the sales team identifies customers and should assess the credit worthiness of customers prior to make a sale. However, the finance department plays an important role in making consistent attempts in recovering uncollectible debt. If these shared efforts are not taken cared the collection process becomes extremely inefficient.
Derrick A. Gyamfi says
Differences in controls between a purely domestic company verses an international company includes:
– A domestic company will more likely have less in assets and will need less controls in place to function and meet regulatory requirements; on the other hand, an international company will have more assets, and regulatory requirements to follow.