Client Name: ABC Bangladesh Limited Period: 31 December 2021

Subject: Entity level control

1. Control environment
A. Organizational structure and assignment of authority and responsibility

The responsibility for strategic management and setting the overall direction for the entity resides with the
Executive Committee. The Executive Committee meets on a monthly basis. They are required to sign-off
on all significant decisions. These meetings generally cover:
Monitoring the strategies and capabilities of the Company’s major competitors, suppliers and distributors.
 Looking at the external environment the Company faces
 Allocation and / disposal of resources (people, assets, unities, projects etc.).
 Discussion on new investments, projects, arrangements /agreements etc.
 Discussion on the operation and growth of the business
 Discussion of government regulatory matters, current issues etc.
The directors meet at least on quarterly basis and discuss achievement of and changes in the entity’s
strategies. Copies of the agenda of Executive Management meetings are sent to the directors.
Monitoring the Company’s performance: This is done with reference to the management accounts,
budget/forecast and others, which are important to the achievement of financial reporting objectives and
other goals of the company.

Page 1 of 15
The Chairman, MD, the ED- Financial & Planning, and the other functional heads have each been in the
business for quite a long time and have a good understanding in all sectors. There has been no
significant change in the top management and all the divisional heads have a long experience of working
in XYZ.
The Directors too have been associated with the business for a long time. This cumulative experience
helps the BOD to form an opinion, both in respect of the financials and non-financial. The reviews are
documented in the Board of Directors’ minutes. If any exceptions /errors are noted, and action is
required, then it is documented as an action point in the meeting minutes, and responsibility is assigned
to one of the directors.
Annual budget is prepared by the F&A with information from respective divisions. The MD submits the
company’s business plan to the Board of Directors. BOD of XYZ approves the budget.
Most of the significant payments, fixed asset additions, disposals etc. requires approval of Executive
Management members. Expenditure authorisation limits for senior members of management are as
folows:
Limit Signatories
Upto Tk. 50,000 Signed by any one of the signatories from Group A or B
Above Tk. 50,000 but Signed by any one of the signatories from Group A or jointly by any two
upto Tk. 200,000 of the authorized signatories from Group B
Above Tk. 200,000 Jointly by two signatories, one of whom must be from amongst the
signatories from Group A

Page 2 of 15
Group-A:
Mr. M A- Chairman
Dr. A- Managing Director
Mrs. N -Director
Dr. F H -Director
Mr. M- Executive Director, Financial & Planning
Group-B
Mrs. S- Director, Corporate Affairs
Mr. T-Director, Business Development
Mr. P- Financial Controller
Mr. M- Corporate Finance Manager.
Mr. Abdul, Factory Manager

Assignment of responsibility and accountability to key personnel

Formal job descriptions are in place to define all management roles. They contain specific reference to
responsibilities and accountabilities. A summary of the roles of people in XYZ is given below :
MD - Overall development, growth and responsibility of XYZ, member of the board and Executive
Members, etc.
ED-Financial & Planning- is responsible for the following key functions:
 Financial & Planning
 Procurement
 Logistics Taxation
FC is responsible for the following key functions:
 Human resource development
 Administration
 Corporate affairs
All bonus plans, overtime are approved by the head of Human Resource and the EM.
Changes to the reporting and approval responsibilities are communicated via internal regulations / memo
with approval from EM.
Understanding of Company objectives
XYZ Ltd is a public limited company which was incorporated as XYZ Bangladesh Manufacturers Ltd. The
principal activities of the company are to manufacture pharmaceutical, consumer brands, public health
and animal health products and to market them along with agrochemicals and other consumer brand
items.

Page 3 of 15
They are trusted partners to the communities in which they live and work. The company provides
enduring value (Quality, Customer Focus, Fairness, Transparency and continious development) and
constancy through the jobs the company creates, its active social involvement in each local community
and its stewardship of the enviroment and sustainable resources for future generations
The company provide foundations for people’s growth through its commitment to developing the full
potential of our employees and partners.
The company regards its stakeholders, especially its customers, distributors and suppliers within the
pharmaceuticals, consumer brand as well as in trading industry, as partners and endeavors to integrate
them in its decision making process- working colloaboratively to develop innovative professional
solutions.
The goal of the company is to continually set the highest standards of customer satisfaction in the
industry-through innovative products and services.
All employees of the company are provided with a copy of the company’s mission statement at the time of
their induction into the company.

Effective communication of employees’ duties over financial reporting

Employees’ duties in respect of financial reporting and others are set out in individual job descriptions.
Employees are appraised for their performance in respect of these duties.
Management of employee turnover
Management maintains a database of all employees who have left the company including reasons for
their departure. During the year, 701 employees has joined and 283 has left from company. Management
has “succession plans”for top management. The main aim of the succession plan is to ensure that key
positions do not remain unfilled in case of sudden vacancies.
Adequate segregation of duties in accounting and financial reporting functions
The Financial & Planning department is well resourced. It is headed by an experienced Chartered
Accountant. All the personnel are well experienced. All companies of the group i.e. XYZ and its
subsidiaries share the services of a common Financial & Planning department.
The Company has analysed the relevant function, and has dedicated adequate resources to ensure that
there is adequate segregation of [Link] reporting function is primarily the responsibility of the
Financial Controller- Financial & Planning.
B. Communication and enforcement of integrity and ethical values

Setting of an appropriate ‘tone at the top’ and creation of a positive workplace environment
The Company encourages employees to act ethically, with integrity and in a socially responsibe manner.

Page 4 of 15
Code of conduct
XYZ has a Code of Conduct (values) which is available to all employees in the [Link] aim of the
the Code of Conduct is to establish a common and consistent framework across the entire XYZ group as
a whole that provides direction and clarification to employees in the conduct of their daily business. They
help the company meet ethical and legal challenges. Employees are provided with a copy of the
company’s code of conduct as part of a standard induction package when they are inducted into the
company.
XYZ Code of Conduct is comprehensive. It addresses issues such as quality, customer focus, fairness,
transparency, continious development etc. The company is considering to improved the present code of
conduct (values) by emphasizing the new area such as respect for fair competition principles, bribery and
corruption, insider trading, the use and protection of assets and information,conflicts of interest,,
acceptance and offering of business gifts,the recording of business transactions and compliance with
laws, rules and regulations.

Page 5 of 15
Monitoring activities (c)
The management of XYZ Limited enforces zero tolerance for unethical behaviour. Senior management is
responsible for the enforcement of the Company’s ethical and compliance standards through a ‘Loyalty &
Secrecy agreement’.
Appropriate balance between incentivizing employees and setting unrealistic performance targets
The key personnel are awarded incentive based on the Key Performance Indicators (KPI) and meeting
the budgeted performance.
Policies and guidance in respect of overriding internal controls
Management encourages employees to report attempts to override controls and recognizes this in
appraisals. Disciplinary actions taken as a result of overriding controls are communicated within the
entity. All employees and directors are required to protect the company’s assets, ensure their efficient
use and are used for legitimate business purposes as per the Company’s policies. Any violations are
promptly communicated to the head of Corporate Services, ED (Executive Director) and MD.
All business transactions are to be recorded in a true, fair and timely fashion. The reliability and accuracy
of the accounts, records and reports are ensured in accordance with established procedures, appropriate
accounting system, controls and audits.
Employees are expected to fully disclose any personal or financial interests that may conflict materially
with those of XYZ.

Page 6 of 15
 C. Management’s philosophy and operating style, and commitment to competence

Promotion and enforcement of an appropriate level of acceptance of business risks, control

consciousness, and safeguarding of assets
XYZ policy requires that management only proceeds with a significant decision, such as a new product
line, new contract, new IT systems or new policy after presenting a report to the Board of Directors which
sets out the potential risks and benefits. There is a separate division (Financial & Planning) headed by a
Executive Director for identifying , communicating and chalking out the ways of mitigating business level
risks. Decisions are also reviewed (if necessary) by the company’s tax and legal advisors. Some flowchart
is maintained for controlling of operating style.

Delegation of financial reporting authority and attitude towards financial reporting and the
function, and controls to ensure the appropriate selection of accounting policies
The FC-Financial & Planning is responsible for all financial reporting aspects of the Company, including
monitoring all new financial accounting and reporting standards and assessing their impact on XYZ. A
fellow of the Institute of Chartered Accountants of Bangladesh (ICAB), he is well aware of Bangladesh
Accounting Standards (BAS), subscribes to the profession’s accounting literature, and uses this to ensure
that he is up to date with all new accounting and reporting standards. XYZ complies with all statutory
disclosures.
CFM-Financial & Planning discusses complex transactions and possible new accounting policies with the
auditor as required. The FC-Financial & Planning recommends any change in accounting policy to the
Board of Directors. The Board of Directors is responsible for authorizing any changes in accounting
policy. This is evidenced in the minutes.

Analyses the necessary knowledge and skills for each function

Management has formally analyzed the tasks, which make up the roles within each function, and has
determined the qualifications and competencies required to perform the tasks. This has formed the basis
of the managerial job descriptions.

Job descriptions
Formal job descriptions are in place to define all management roles. They set out the responsibilities
specific to those functions and set out the necessary skills and competencies

Translating competence into knowledge and skills

When developing performance measurement criteria, an appropriate balance between short term and
long term goals is developed, this includes attending training courses to improve knowledge and skills.

Participation of those charged with governance

Page 7 of 15
The Board of Directors approves all new directors. The Board consists of the following members:
1. Mr. M (Chairman)
2. Dr. A (Managing Director)
3. Mr. S
4. Mr. Z Khondker
5. Mr. R Khan
6. Mrs. Na
7. Ms. S Salam
8. Mr. W
9. Ms. Rahman
10. Mr. Wa
There is a formal audit committee.
The directors’ fees and emoluments are the only compensation that the directors receive from the
company.
The responsibilities of the directors are set out in their terms of appointment. They are appointed by
Board of Directors. The remuneration of the directors will be separately disclosed in the local statutory
accounts as per the Companies Act 1994.
Interaction with independent auditor
Auditors is invited to attend the AGM every year. The engagement partner also meets the MD and the
ED-Financial & Planning on a formal, ad hoc basis. The partner confirmed that he takes an active role in
the meetings.
The statutory auditor is selected by the Board at the AGM of the company.
Involvement with senior financial management and internal auditors
The MD sits with the ED- Financial & Planning and the internal auditor on an informal basis. Divisional
heads are also requested to sit (sometimes give presentations) with ED-Financial & Planning and internal
auditor on monthly basis. Matters arising out of such matters are routinely communicated to the board of
directors by the MD.
Supply of information
Monthly management accounts are prepared for each month by the Financial & Planning division and
submitted to Managing Director and head of businesses. There is a defined deadline, set by the ED-
Financial & Planning, after the end of each month to close the accounts. Generally, the statutory accounts
are submitted to auditors after 10-12 days from the end of February and the consolidated accounts are
submitted after 20-25 days from the end of March.
Understanding of the critical accounting policies and judgmental accounting estimates
The FC-Financial & Planning is generally involved in accounting for significant transactions, along with the
AM-Financial & Planning. Important accounting issues are communicated to the board of directors by the
FC via the MD.
The board of directors is responsible for the overall presentation of the company’s financial statements,
assesses, and approves decisions regarding management’s adoption/revision of important accounting
policies. The directors have many years of financial experience. They also sometimes take formal and
informal advice from RRH before making critical accounting treatment.

Page 8 of 15
Management override of controls
The Executive Management is considered the top management level of the company. They are also
responsible to board and to group. Hence, the risk and chance of overriding controls by the management
is very minimal.
Effective management oversight in the area of risk
The Financial & Planning department is formally responsible for the assessment of business risks.
Financial & Planning’s risk assessments are considered when formulating the company’s yearly business
plans which are presented to the board of directors.
Human resource policies and practices

Recruitment and retention of the right people

There is a standard procedure for recruitment and termination/resignation followed by XYZ.
Selection normally starts with a personnel requisition form. Authorization and approval to fill a vacancy
within the Company has to be obtained from HR Department. The initial search for candidates is confined
to the company’s internal pool of employees. If the vacancy cannot be filled internally, external
advertisements are placed online at [Link].
All employees must fill out a standard application form, which includes two references. Human resources
are responsible for obtaining these.
Candidate assessment procedures involve a four stage evaluation process:
An initial interview conducted by a panel from the division concerned
Psychometric and practical tests administered by a qualified person
A reference checking process using a Reference Checking Form to assess the candidate’s working
history.
A final short list interview by the immediate superior of the vacant position or by a panel comprising,
among others, from advertisement in the newspaper. All employment contracts are reviewed / approved
by the appropriate management level to ensure that they are reasonable and adhere to prescribed
policies and procedures. Human Resources ensure that each new employee has the appropriate
paperwork required by local laws and regulations.
Formal job descriptions exist for all positions.
A performance evaluation is done at the end of every year by respective division.
Approved policies and procedures
Comprehensive Human Resource policies have been implemented, with standards for hiring, training,
promoting, compensating and terminating of employees.
Training is given to all new recruits to ensure that they have the necessary knowledge and skills. Every
new permanent/probationary recruit is sent on an induction course. The course includes an overview of
the business, the Code of Conduct (values), and Health and Safety. Other training needs are noted as
part of the appraisal process, on the individual’s form. The head of corporate services ensures
compliance with human resouce related laws, rules, and regulations. Only HR can recruit individuals.
Compliance is monitored by internal audit, but not always.
Advice from external legal counsel is sought in questionable matters or instances where violations occur
(if any).

2. Entity-wide risk assessment process

Page 9 of 15
Communication of entity-wide objectives and strategies
The responsibility for setting entity-wide objectives and strategies, including any changes, resides with the
Executive Management, subject to approval from the board of directors. XYZ Bangladesh has adapted
these targets after giving due consideration to the local market conditions facing it.
The setting of entity-wide objectives and strategies is a collaborative effort carried out by the MD in
conjunction with the functional heads at the monthly Executive Management meetings.
Operating budgets are set on an annual basis. Authorization of the annual budget by the board of
directors is evidenced in the board of directors minutes. Management does ensure however that the
budgets are consistent with entity-wide objectives. The FC-Financial & Planning provides a summary of
actual versus budget / forecast at the end of each month, along with a commentary in respect of key
variances.
The budgetary process allocates resources, including capital, people and facilities needed in each
business. Draft budgets are prepared annually (on a month by month basis) by each of the heads of
department in conjunction with the functional managers. Capital spending and expense budgets are
based on management’s analysis of the relative importance of objectives.
Risk assessment process
The company has formal processes in place for the assessment of risks. Risks are divided into business
(external) risks and process (internal) risks. Assessing and communicating business level risks is officially
the responsibility of the Corporate Finance Manager-Financial & Planning even though, in practice, risk
assessment is a collaborative process involving interaction between the Corporate Finance Manager-
Financial & Planning, the various functional heads and the Managing Director.
The identification of process risks is the responsibility of finance department and respective business.
Compliance with laws and regulations
The Manager-Estate & Legal affairs is responsible for all regulatory reporting requirements and, General
Manager-Corporate Services is ultimately responsible for ensuring compliance with corporate laws and
regulations with labor laws. Whereas the compliance of the laws & regulations relating to income tax &
VAT rest with the Financial Controller. The company also has a checklist to ensure compliance with
existing laws and regulations.

Going concern
No formal going concern report is prepared. However, each year the company prepares a detailed
business plan for the next 12 months along with a [Link] a result, an assessment of the going
concern assumption is automatically conducted

In addition, the FC-Financial & Planning prepares many analyses including month wise change in balance
sheet amounts and analysis of significant profitability, liquidity and efficiency ratios as part of monthly
management reports.

Fraudulent activity
In XYZ, there is no formal department or person assigned for detecting fraudulent activity. However, the
internal audit (IA) department is primarily responsible for dealing with matters relating to fraud.
Management does not, however, have formal procedures (SOPs) in place for dealing with actual, alleged,
or suspected instances of fraud such as procedures for reporting any case of violation of the XYZ Code of
Conduct (values) or the introduction of whistle blowing channels.

3. Information systems relevant to financial reporting and communication

Page 10 of 15
Key IT applications:

Significant accounts
and disclosures Underlying infrastructure/architecture
Application name affected (database, operating system, hardware)

Sales Invoicing Program Revenue Database-SQL

Operating system- DOS
Hardware- IBM

Accounting Mirror General Ledger Database-MS Access

Operating system- Windows 98/2000
Hardware- IBM

MS Excel Inventory Database-

Operating system- Windows 98/2000
Hardware- IBM

Spare Parts System Inventories–Stores and Database- MS Access

(SPS) spares
Operating system- Windows 98/2000
Hardware- previously Dell; currently IBM

Significant changes to information systems:

Application name Accounts affected Significant changes and potential risks

There were no significant

changes in the
information systems

Responsiveness of IT system to achieving objectives and controls over information, recording

and processing
The IT system consists of several separate function- specific software programs used by the different
departments. Excel and FoxPro is used by the Financial & Planning department for reporting purposes
(e.g. inventory management) while the sales department uses sales invoicing program for recording of
sales. These systems are not linked to each other and they are used by separate user groups. As a

Page 11 of 15
result, there is an automatic check by the manager regarding sales quantity who keeps the recording of
inventory.
Information systems relevant to financial reporting
The monthly management accounts are prepared by the finance team. The information is sufficient to
calculate the KPIs. These are set out in the planning document.
The management accounts include the following KPIs, which enable management to assess their
achievement against entity-wide and activity level objectives.
Controls over information
Policies and procedures exist to ensure that both internal and external information is provided on a timely
basis to allow effective monitoring of events and activities.
The financial controller is responsible for providing management accounts on a monthly basis. The
opening column represents the budgeted amount, and the closing column represents estimated amount.
Text boxes are used to explain the adjustments, and the numbers are linked to the source documents.
The FC reviews the management accounts and authorizes this by signing the form. This is maintained on
the month end file.
Once the management account has been reviewed by the Executive Director and the FC, they are
circulated to the main Board of Directors and the divisional heads. They are reviewed at the monthly
Board of Directors meeting. The FC attends at meeting and is responsible for responding any follow up
points. These action points are noted in the respective minutes.
Recording of transactions
Details of each retail sales transaction is maintained within Sales Invoicing Program including transaction
value, tax, time and date, cashier and method of payment. This information is then uploaded into the
general ledger system on a nightly basis. Wholesale sales and all purchases are posted to the sales
ledger / purchase ledger, and details counterparty name, transaction value, tax, time and date, cashier,
method of payment, and order / purchase order number.
Management has ensured that system capability has been updated to handle the increased volumes of
activity, which have arisen because of the recent expansion.

Communication

Communication of financial reporting roles and responsibilities

The individual roles and responsibilities in respect of internal controls and the financial reporting
responsibilities are set out in job descriptions and employment contract.
The ED-Financial & Planning interacts with all of the divisions on a regular basis. This gives the divisional
personnel an opportunity to communicate significant information and reporting exceptions. He is a
member of the Executive Committee (Executive Management) and attends its meetings regularly, was
invited to the divisional monthly meetings and is now involved in major transactions at an early stage.
Communication between management and those charged with governance and external communications
The BOD reviews the financial statements and other financial information prior to external distribution.
The review is evidenced in the meeting minutes.

4. Monitoring Control

Page 12 of 15
Monitoring of results
The budget is the primary yardstick for the measurement of the entity’s performance. Monitoring at senior
management level occurs at monthly intervals.
The following reports are prepared by the FC-Financial & Planning each month:
 Monthly Variance Analyses (Actual versus budgeted figures)
 Monthly Volume Chart
 Analyses of significant ratios
Self-assessment and internal audit activities
Internal audit produces an annual internal audit plan, which is presented at the Executive Management
meeting and approved by the Executive Management. The audit plan details which areas / divisions are
to be visited and on which dates. It is the responsibility of the EM to ensure that there are sufficient
resources and skills to undertake the plan.
The activities of internal audit include process-based risk analysis, assessment of risks, recommended
actions and follow up of compliance.

The Managing Director examines the reports prepared by the internal audit department along with
divisional heads. These are circulated once finalized with the departments, and discussed at the monthly
meetings.

Reconciliation of accounting system with physical assets

Inventories of finished stock, raw materials and work-in-progress as well as stock levels for spare parts
and stores recorded in the Spare Parts System are counted on a yearly basis in the presence of RRH
representatives and compared with existing records. Any short/excess for inventories at the time of
physical verification is adjusted in the financial statements. However, the software used for spare parts
allows for stock levels to be ascertained easily. The company has fixed assets register and has carried
out any fixed assets verification.
Effectiveness of internal controls
The responsibility for monitoring the effectiveness of internal controls resides with Internal Audit. Internal
Audit performs reviews of different processes and recommends improvements if felt necessary.
Reliability of information
Internal audit performs division wise audit and follow up to ensure compliance with entity policies and
procedures. They also actively involved in implementing internal regulation of the company.
Identification, evaluation and accounting for litigation and claims
As soon as an XYZ employee becomes aware of a potential claim, he/she is responsible for informing the
Accounting Managing (AM). It is in turn the responsibility of the AM to contact the insurance

Internal audit activity

The head of internal audit submits his reports directly to the Audit Committee.

Page 13 of 15
Page 14 of 15
Disclaimer: Dummy audit working files have been prepared and published to improve the quality
of audit documentation of member firms providing audit services in Bangladesh. Member firms
providing audit services should not assume these dummy working files as absolute benchmark
for the purpose of preparing and keeping audit documentation. Every audit client has unique
characteristics and risks. International Standards on Auditing (ISA) also requires to exercise
engagement partner’s judgment on a number of areas in conducting the audit of an entity.
Therefore, member firms should use their professional knowledge, skill, experiences along with
these dummy working files to keep adequate and appropriate working papers for each audit
engagement. The preparers do not assume any liability for drawing an inappropriate audit opinion
based on the working papers prepared on the basis of these dummy working files.

Page 15 of 15