Testing Strategy 2011

8/2/2019 Testing Strategy 2011

1/330

Millicom - 2011 Summary of Testing Strategy - Overall risk assessmentP# Process

(Backbone Procedures v 3.1)

Total

controls

per cycle

SC IC Related

Accounts -

Inherent

Controls /

Process

Complexity

CLCs PY

Errors

PY Control

Deficiencies

PY Overall

Risk

assessment

Overall Level

of Risk

assessment

P01 Payroll 13 3 10 Low Low Indirect No None Low Low

P1b Payroll Outsourced 14 3 11 Low Low Indirect No None Low Low

P02 Inventory Management 21 10 11 High Med Indirect No Limited Low Low

P03 Purchasing and Assets Management 33 22 11 Low High Indirect Yes Limited High HighNo ma

Overa

P04 Cash Management 18 9 9 Hi h Low Indirect No Limited Med Hi h No de

P05 Debt Management 6 2 4 High Low Indirect No None High Med MistatP06 Prepayment 2 1 1 Low Low Indirect No None Low LowP07 Taxes 10 3 7 High Med Indirect Yes Limited High High

P08 Assets Impairment 1 1 - Med High Indirect No None High MedSignif

HQ.

P09 Bad debts 4 4 - Low Low Indirect No None Low Low

P10 Contract Management 4 1 3 High Low Indirect No None Low Low

P11 Commitment and Contingencies 7 7 - High Med Indirect No None Med Med

P12 Financial Statements Close 12 12 - Hi h Med Indirect Yes Limited Hi h Hi h

High r

Adjus

Coun

P13 IT General Controls Procedure 46 31 15 High Med Indirect No Multiple High High Defici

P14 Network General Controls Procedure 34 23 11 High High Indirect No Multiple High High Defici

P15 Bill and Collect for Interconnect/other operators 14 9 5 High Med Indirect No None High High

P16 Bill and Collect for Sales (Roaming) 28 19 9 High Med Indirect No None Med LowP17 Bill and Collect for Sales (Postpaid) 32 16 16 Low Med Indirect No Limited Med Med Defici

P18 Bill and Collect for Sales (Prepaid) 34 20 14 High High Indirect No Multiple High High Defici

P19 Bill and Collect for Sales (wireless) 17 6 11 Med Med Indirect No None Med Low

P20 Adjustments 8 3 5 Hi h Med Indirect No None Med Med

P21 Recording of Subscribers Numbers 4 - 4 Low Low Indirect No None Low Low

P22 Intercompany 3 1 2 Med Low Indirect No None Low Low

P23 Accounting for Financial Assets other than pledge deposits 2 1 1 Low Med Indirect No None Low Low

P24 Indefeasible Rights of Use (IRU) 9 9 - Med Med Indirect No None Med Low

P25 Managing Programming Costs 6 5 1 Med Med Indirect No None Med Med

P26 Bill and Collect for Sales (Cable TV) 22 11 11 Med Med Indirect No Limited Med Med

P27 Hedging - - - Med Med Indirect No Limited 2011

P28 Tower Lease Back - - - Med Med Indirect No Limited 2011

P29 Technology General Controls Procedure 15 - 15 High Med Indirect No Multiple High High Repla

Total Controls (TLC) 404 232 187

Average (Critical) Controls per Cycle 17 10 8

The testing strategy was taylored based on the risk assessment and the maturity of control environmen in each operation.

We have defined 3 buckets for which a different testing approach was defined.

Bucket 1 represents mature countries which demonstrated an history of ICFR low number of deficiencies, strong CSA Peer review team and low level of exposure for remaining deficiencies.

Bucket 2 represents improving countries which demonstrated an history of ICFR reasonable number of deficiencies, strong CSA Peer review team and reasonable level of exposure for remaining deficiencies.

Bucket 3 re resents develo in countries which demonstrated an histor of ICFR inconsistent number of deficiencies, ood CSA Peer review team and some level of ex osure for remainin deficiencies.

Bucket 1 Bucket 2 Bucket 3

Bolivia Colombia Amnet o erations

Para ua Guatemala Honduras

El Salvador Tanzania Sene al

Ghana DRC Chad

Testing (color scheme used in sheet "Test Strategy"):

Independent testing - PwC to independently test control based on testing strategy defined in worksheet "Test Strategy"Re erformance of mana ement testin - PwC to obtain mana ement's testin su ort for mana ement's sam le and re erform test of controlRely / Observation/Walkthrough - PwC to independently observe if the control is being performed with the Control Owner, and to confirm the result

Criteria used for:Low risk: Not Pervasive; Routine; Low degree of judgement involved; ok for objective testing; low potential for mgt overrideMedium/High risk: More complex IT Application Controls (ITACs); Higher risk; highly judgemental or complex controls; potential for mgt overrideSoX controls are allocated in 3 buckets (High, Medium, Low) depending on risk rating. !!! change !!! compared to 2010: Controls risk rating has been aligned with overall risk assessment by process.

PY SoX resultsTest Results 06:

Significant deficiencies were noted in the controls surrounding taxes/deferred taxation, fixed assets/CWIP and the Financial Statement Preparation (IFRS) process.No material weaknesses were identified. No SUD or SAAD items identifed.

Test Results 07:No significant deficiencies or material weaknesses were identified. No SUD or SAAD items identifed.

Test Results 08:No significant deficiencies or material weaknesses were identified. No SUD item identifed. 1 SAAD item recorded (Tax accrual in Tanzania).

Test Results 09:Two significant deficiencies, Consolidation Close process at the HQ and Prepaid revenue in Chad

Test Results 10:No significant deficiencies or materlal weaknesses were identified. No SUM item identifed. 4 SAM items recorded.

Group environment:Backbone V3.1: rationalisation of controls based on local management comments. Mainly clarification of controls responsible and testing procedures.Management testing will use V3.1 as from Q1_2011.=> Assessment of Management testing to erform based on Q2_2011 CSA Peer review results.


2/330

In Scope

Locations High Med. Low Indep. Reperf.

2010 12 63 116 41 62 77

29% 53% 19% 28% 35%

2011 - Bucket 3 5 52 113 98 55 10622% 49% 42% 24% 46%

Variance -11 -3 57 -7 29

-6% -4% 24% -4% 11%

2011 - Bucket 2 4 52 113 98 43 83

22% 49% 42% 19% 36%

Variance -11 -3 57 -19 6

-6% -4% 24% -10% 1%

2011- Bucket 1 3 52 113 98 34 84

22% 49% 42% 15% 36%

Variance -11 -3 57 -28 7

-6% -4% 24% -14% 1%

2010 Total 756 1392 492 744 924

29% 53% 19% 28% 35%

2011 Total 624 1356 1176 549 1114

20% 43% 37% 17% 35%

Variance -132 -36 684 -195 190

-9% -10% 19% -11% 0%

Risk Assessment @ SoX control levelSummary of T

SC *


3/330

IC *

Rely Walkthr. Indep. Reperf. Rely Indep. Reperf. Rely Reperf.

81 168 50 13 0 12 60 44 4

37% 79% 21% 0% 10% 52% 38% 10%

102 187 37 12 3 18 61 34 3344% 71% 23% 6% 16% 54% 30% 34%

21 -13 -1 3 6 1 -10 29

7% -8% 2% 6% 6% 2% -8% 24%

137 187 29 16 7 14 46 53 21

59% 56% 31% 13% 12% 41% 47% 21%

56 -21 3 7 2 -14 9 17

22% -24% 10% 13% 2% -11% 9% 12%

145 187 24 19 9 10 48 55 17

63% 46% 37% 17% 9% 42% 49% 17%

64 -26 6 9 -2 -12 11 13

26% -33% 16% 17% -1% -9% 11% 8%

972 600 156 0 144 720 528 48

37% 79% 21% 0% 10% 52% 38% 10%

1493 373 181 70 176 633 547 300

47% 60% 29% 11% 13% 47% 40% 26%

521 -227 25 70 32 -87 19 252

10% -20% 8% 11% 3% -5% 2% 16%

sting Strategy SC

High Med. L


4/330

IC

non-key

Rely Walkthr.

37 168

90%

65 18766%

28

-24%

77 187

79%

40

-12%

81 187

83%

44

-8%

444

90%

876

74%

432

-16%

w


5/330

Millicom - 2011 Summary of Testing Strategy - Improving countries (Bucket 1)

IC *

P# Process


Total

controls

per cycle

SC IC High Med. Low Indep. Reperf. Rely Walkthr. Indep. Reperf. R

P01 Payroll 13 3 10 - 1 2 - 1 2 10 P1 - -

P1b Payroll Outsourced 14 3 11 - 1 2 - 1 2 11 P1b - - P02 Inventory Management 21 10 11 - 4 6 - 2 8 11 P2 - -

P03 Purchasing and Assets Management 33 22 11 7 10 5 6 4 12 11 P3 3 2

P04 Cash Management 18 9 9 3 4 2 2 2 5 9 P4 2 1

P05 Debt Management 6 2 4 - 2 - 1 1 - 4 P5 - -

P06 Prepayment 2 1 1 - - 1 - - 1 1 P6 - - P07 Taxes 10 3 7 2 1 - 2 1 - 7 P7 2 -

P08 Assets Impairment 1 1 - - 1 - - 1 - - P8 - -

P09 Bad debts 4 4 - - 1 3 - 1 3 - P9 - -

P10 Contract Management 4 1 3 - 1 - - 1 - 3 P10 - -

P11 Commitment and Contingencies 7 7 - - 4 3 1 1 5 - P11 - -

P12 Financial Statements Close 12 12 - 7 3 2 3 4 5 - P12 2 3

P13 IT General Controls Procedure 46 31 15 9 14 8 4 13 14 15 P13 4 4

P14 Network General Controls Procedure 34 23 11 7 10 6 2 10 11 11 P14 2 2

P15 Bill and Collect for Interconnect/other operators 14 9 5 2 3 4 1 2 6 5 P15 1 1

P16 Bill and Collect for Sales (Roaming) 28 19 9 - 8 11 - 5 14 9 P16 - -

P17 Bill and Collect for Sales (Postpaid) 32 16 16 - 8 8 1 5 10 16 P17 - -

P18 Bill and Collect for Sales (Prepaid) 34 20 14 6 9 5 5 8 7 14 P18 4 2 P19 Bill and Collect for Sales (wireless) 17 6 11 - 1 5 - - 6 11 P19 - -

P20 Adjustments 8 3 5 - 1 2 - 2 1 5 P20 - -

P21 Recording of Subscribers Numbers 4 - 4 - - - - - - 4 P21 - -

P22 Intercompany 3 1 2 - 1 - - 1 - 2 P22 - -

P23 Accounting for Financial Assets other than pledge deposits 2 1 1 - - 1 - 1 - 1 P23 - -

P24 Indefeasible Rights of Use (IRU) 9 9 - - 4 5 - 1 8 - P24 - -

P25 Managing Programming Costs 6 5 1 - 4 1 1 1 3 1 P25 - -

P26 Bill and Collect for Sales (Cable TV) 22 11 11 - 3 8 1 2 8 11 P26 - -

P27 Hedging - - - - - - - - - - P27 - -

P28 Tower Lease Back - - - - - - - - - - P28 - -

P29 Technology General Controls Procedure 46 31 15 9 14 8 4 13 14 15 P29 4 4

Total Controls (TLC) 404 263 187 52 113 98 34 84 145 187 24 19

Average (Critical) Controls er Cycle 17 11 8 15% 38% 66%

This testing strategy is applicable for ICFR developing countries: SoX coverage: 46% 37%

Bolivia PY: 63 116 41 62 77 81

Paraguay 11- 3- 57 28- 7 64 CoveEl Salvador Cove

Cove


Inde endent testin - PwC to inde endentl test control based on testin strate defined in worksheet "Test Strate "Reperformance of management testing - PwC to obtain management's testing support for management's sample and reperform test of controlRely / Observation/Walkthrough - PwC to independently observe if the control is being performed with the Control Owner, and to confirm the result

Criteria used for:

Low risk: Not Pervasive; Routine; Low de ree of ud ement involved; ok for ob ective testin ; low otential for m t overrideMedium/High risk: More complex IT Application Controls (ITACs); Higher risk; highly judgemental or complex controls; potential for mgt overrideSoX controls are allocated in 3 buckets (High, Medium, Low) depending on risk rating. !!! change !!! compared to 2010: Controls risk rating has been aligned with overall risk assessment by process.






Test Results 10:No si nificant deficiencies or materlal weaknesses were identified. No SUM item identifed. 4 SAM items recorded.

Group environment:Backbone V3.1: rationalisation of controls based on local mana ement comments. Mainl clarification of controls res onsible and testin rocedures.Management testing will use V3.1 as from Q1_2011.=> Assessment of Management testing to erform based on Q2_2011 CSA Peer review results.

1

Risk Assessment @ SoX

control levelSummary of Testing Strategy

SC * High


6/330

Controls Description

P# Procedure C# Control Name Control Description Responsible Type Categor

P10 Contract Management IC01 Contract details reviewed Contract is reviewed by legal department in order to ensure

adequacy of the general terms and conditions.

Legal Responsible (GM-2) Manual Preventive

P10 Contract Management IC02 Contract signature reviewed Signed contract is reviewed by the legal team in order to

ensure that the contract has been signed by the other party

and according to the authorized signatory as per the

approved authority matrix.


P10 Contract Management IC03 Contract summary form

reviewed

Contract summary form is prepared by the requesting

department and reviewed by Legal Responsible who

includes a sequential contract reference number.


P10 Contract Management

Accounting Treatment

Complying management

Significant agreements

Dealers comission

Renting

Contact Center service

Contracts

SC04 Calculation sheet reviewed Based on the contract and contract summary form, the

accounting team determines the appropriate accounting

treatment (as per MIC Accounting Policy Manual) and

details any required calculation (pre-requisites for the

journal entries booking). Final analysis is reviewed by

Accounting Responsible (CFO-1).

Accounting Responsible

(CFO-1)

Manual Preventive


7/330

Test Procedure Sample size according to

PCAOB standards (over one

ear

Sample size for Peer

Reviews (over a quarter)

Test Method (R/Ins/

- Based on the samples selected for IC2, determine the contracts that include the MIC purchasing general terms

and conditions and ensure that those terms and conditions were reviewed and formally approved.

- For the contracts which does not include the MIC purchasing general terms and conditions, verify that those

terms and conditions were reviewed and formally approved by the legal responsible.

- If estimated yearly population > 50

--> select 10% of available

population, up to 25

- If estimated yearly population < 50

--> select all population available,

up to 5

- If estimated yearly population

> 50 --> select 10% of available



< 50 --> select all population

available, up to 5

Inspection

- From the contracts database, obtain the list of all new contracts / agreements issued during the period under

review.

- Select in this list the samples to be tested and obtain the related contracts.

- Verify for each sample selected that the legal responsible has ensured that the contract was properly signed

by both parties.

- In particular, ensure that the contract was signed according to the company approved authority matrix.






up to 5






available, up to 5

Inspection and Reper

- Based on the samples selected for IC2, obtain the approved contract summary form.

- Reconcile the information contained in the contract summary form with the contract to ensure data accuracy.

- Verify that it has been reviewed and formally approved by the legal department.

- Ensure it is sequentially numbered.






up to 5






available, up to 5


- Based on the samples selected for IC2, obtain the approved "calculation sheet".

- Reconcile the information contained in the calculation sheet with the contract summary form and the contract

to ensure data accuracy.

- Ensure that all accounting treatments comply with the MIC accounting policy

- Ensure the ar ithmetical accuracy of any calculation

- Verify that the calculation sheet has been reviewed and formally approved by the accounting responsible






up to 5






available, up to 5


Management testing strategy

2010 testing strategy


8/330

Millicom - 2011 Summary of Testing Strategy - Improving countries (Bucket 2)

IC *

P# Process


Total

controls

per cycle

SC IC High Med. Low Indep. Reperf. Rely Walkthr. Indep. Reperf. Re

P01 Payroll 13 3 10 - 1 2 - 1 2 10 P1 - - -

P1b Payroll Outsourced 14 3 11 - 1 2 - 2 1 11 P1b - - -P02 Inventory Management 21 10 11 - 4 6 - 2 8 11 P2 - - -

P03 Purchasing and Assets Management 33 22 11 7 10 5 6 7 9 11 P3 3 3

P04 Cash Management 18 9 9 3 4 2 3 2 4 9 P4 2 1 -

P05 Debt Management 6 2 4 - 2 - 1 1 - 4 P5 - - -

P06 Prepayment 2 1 1 - - 1 - - 1 1 P6 - - -P07 Taxes 10 3 7 2 1 - 2 1 - 7 P7 2 - -

P08 Assets Impairment 1 1 - - 1 - - 1 - - P8 - - -

P09 Bad debts 4 4 - - 1 3 - 1 3 - P9 - - -

P10 Contract Management 4 1 3 - 1 - - 1 - 3 P10 - - -

P11 Commitment and Contingencies 7 7 - - 4 3 1 1 5 - P11 - - -

P12 Financial Statements Close 12 12 - 7 3 2 5 2 5 - P12 4 1

P13 IT General Controls Procedure 46 31 15 9 14 8 4 13 14 15 P13 4 4

P14 Network General Controls Procedure 34 23 11 7 10 6 4 9 10 11 P14 3 2

P15 Bill and Collect for Interconnect/other operators 14 9 5 2 3 4 2 1 6 5 P15 2 - -

P16 Bill and Collect for Sales (Roaming) 28 19 9 - 8 11 - 5 14 9 P16 - - -

P17 Bill and Collect for Sales (Postpaid) 32 16 16 - 8 8 1 7 8 16 P17 - - -

P18 Bill and Collect for Sales (Prepaid) 34 20 14 6 9 5 8 5 7 14 P18 5 1 -P19 Bill and Collect for Sales (wireless) 17 6 11 - 1 5 - - 6 11 P19 - - -

P20 Adjustments 8 3 5 - 1 2 - 2 1 5 P20 - - -

P21 Recording of Subscribers Numbers 4 - 4 - - - - - - 4 P21 - - -

P22 Intercompany 3 1 2 - 1 - - 1 - 2 P22 - - -

P23 Accounting for Financial Assets other than pledge deposits 2 1 1 - - 1 - 1 - 1 P23 - - -

P24 Indefeasible Rights of Use (IRU) 9 9 - - 4 5 - 1 8 - P24 - - -

P25 Managing Programming Costs 6 5 1 - 4 1 1 1 3 1 P25 - - -

P26 Bill and Collect for Sales (Cable TV) 22 11 11 - 3 8 1 2 8 11 P26 - - -

P27 Hedging - - - - - - - - - - P27 - - -

P28 Tower Lease Back - - - - - - - - - - P28 - - -

P29 Technology General Controls Procedure 46 31 15 9 14 8 4 13 14 15 P29 4 4

Total Controls (TLC) 404 263 187 52 113 98 43 83 137 187 29 16

Average (Critical) Controls er Cycle 17 11 8 20% 38% 62%

This testing strategy is applicable for ICFR developing countries: SoX coverage: 56% 31%

Colombia PY: 63 116 41 62 77 81

Guatemala 11- 3- 57 19- 6 56 CoveTanzania CoveGhana Cove


Inde endent testin - PwC to inde endentl test control based on testin strate defined in worksheet "Test Strate "Reperformance of management testing - PwC to obtain management's testing support for management's sample and reperform test of controlRely / Observation/Walkthrough - PwC to independently observe if the control is being performed with the Control Owner, and to confirm the result

Criteria used for:

Low risk: Not Pervasive; Routine; Low de ree of ud ement involved; ok for ob ective testin ; low otential for m t overrideMedium/High risk: More complex IT Application Controls (ITACs); Higher risk; highly judgemental or complex controls; potential for mgt overrideSoX controls are allocated in 3 buckets (High, Medium, Low) depending on risk rating. !!! change !!! compared to 2010: Controls risk rating has been aligned with overall risk assessment by process.






Test Results 10:No si nificant deficiencies or materlal weaknesses were identified. No SUM item identifed. 4 SAM items recorded.

Group environment:Backbone V3.1: rationalisation of controls based on local mana ement comments. Mainl clarification of controls res onsible and testin rocedures.Management testing will use V3.1 as from Q1_2011.=> Assessment of Management testing to erform based on Q2_2011 CSA Peer review results.

1

Risk Assessment @ SoX

control levelSummary of Testing Strategy

SC * High


9/330


10/330


11/330

P03 Purchasing and Assets

Management

SC08 2-way match PO module prevents to record GRN/SDN quantity higher

than the PO.

PO module Automatic Preventive Each good

service deli

P03 Purchasing and AssetsManagement

SC09 CAPEX accruals reviewed Accounting team (preferably the AP Responsible) extractsfrom the accounting system the open CAPEX accrual

transactions and summarizes them by supplier.

Analysis per supplier is then performed to ensure accuracyof data (including existence, review of duplication, and

explanation on aged accruals balances over 6 months etc.)

Accounting Responsible(CFO-2)

Manual Detective Monthly


Management

SC10 Accruals checklist reviewed Accruals checklist is completed by CFO-2 and reviewed. In

particular, CFO-1 reviews the list for completeness,explains reasons for current accruals booked, indicates

whether there was an accrual last month and the total

amount booked in the accounts (for each accrual type).


(CFO-1)



Management

SC12 Advance payments globally

reviewed

Accounting team (best AP Responsible) extracts from the

accounting system the open advances and summarizes

them by supplier.Analysis per supplier is then performed to ensure accuracy

of data (appropriate reversal performed).


(CFO-2)



Management

SC13 Invoices approved Invoices are reviewed and approved by Receiving

Department prior to payment.

Receiving Department

Responsible according to

approved authority matrix

Manual Preventive Each invoic


Management

SC14 3-way match PO module prevents to record invoice quantity and price

higher than the PO and the GRN/SDN.

PO module Automatic Detective Each good

service deli


SC15 All assets separately tagged(final tagging)

FA Responsible ensures that when assets are capitalized,a final tagging is applied which follows the assets coding

communicated by the HQ and at the latest 8 weeks after

the date of transfer from CWIP to FA.

Fixed Assets Responsible(GM-2)

Manual Preventive Each asset


Management

SC16 Turnkey project accounting

treatment validated

Based on the key terms of the contract summarized in a

memorandum, CFO-1 documents the accountingtreatment of transactions linked to the turnkey project and

CFO reviews and approves.

CFO Manual Preventive Each new t


Management

SC18 Timesheets valuation

reviewed

Based on the information received from the CTO, Human

Resource values the time spent by the cell-sitecommissioning team for the construction of sites. This

analysis is signed-off and communicated to Accounting

Department.

Human Resources

Responsible (GM-1)

Manual Preventive Monthly


Management

SC19 Manual CWIP register

completed and reviewed

CWIP register is prepared and includes at minimum assets

identification (can be serial number or any other mean),

date of receipt, PO reference, value, expected date ofcapitalization, location and asset description.

Fixed Assets Responsible reviews the CWIP register forcompleteness and reconciles it to the CWIP accounts in

the Accounting System. Any discrepancy is investigated

and solved.

Fixed Assets Responsible

(GM-2)



SC21 ARO computation reviewed ARO provision calculation is prepared by CFO-1 andreviewed by CFO.

CFO Manual Preventive Each acquidisposal of

ARO


SC22 Assets costing reviewed Costing (including assets, ARO, interests, services, freight,duties, etc.) prepared by Fixed Assets Responsible (CFO-

2) is reviewed by CFO-1. System print-out evidencing the

accounts update is attached and reviewed.


Manual Preventive Each capita


SC23 License Summary Sheetapproved

The License Summary Sheet (Part I) relating to thecapitalization rule is completed (including deferred costs)

by the Accounting Responsible (CFO-1) and reviewed by

CFO.

CFO Manual Preventive When licen


SC24 Depreciation rates comply withMIC Accounting Policy

Based on the FAR, Fixed Assets Responsible (CFO-2)extracts details of all assets. A summary by assets

category is prepared showing depreciation rate used.Those rates are checked against the MIC Accounting

Policy (including assets with no depreciation rate). Any

discrepancy is investigated and correction documentedand booked into the FAR. CFO ensures that the FA

Responsible has properly performed his review.

CFO Manual Detective Quarterly (q


12/330

P04 Cash Management IC05 Vendor balance reviewed

before payment

Before initiating a payment, the vendor balance is reviewed

to ensure that no credit note exists and that previousinvoices were paid.

Treasurer Manual Preventive Each paym

P04 Cash Management IC11 Monitoring of customer and

dealer's complaints

Customer Service Responsible prepares the log of

complains. The log must be maintained and reviewedmonthly by the CFO to ensure appropriate provision has

been booked. The log must include actions taken and

current status of the complaint.

CFO Manual Detective Monthly

P04 Cash Management IC14 Bank reconciliation summary

sheet reviewed

Before the first submission of the monthly financial data, a

bank reconciliation summary sheet is prepared by CFO-1

and includes for all bank accounts the status of thereconciliation and in case of incomplete reconcil iation, the

remaining unexplained amounts and the action plan to

explain / correct those differences. This summary is thenreviewed by CFO.


P04 Cash Management IC15 Supporting documents forpetty cash advances approved

All petty cash advances are authorized. Responsible according toapproved authority matrix

Manual Preventive Each advan

P04 Cash Management IC16 Petty cash voucher approved Petty cash voucher are authorized . Treasury Responsible(CFO-1)

Manual Preventive Each advan

P04 Cash Management IC17 Cash advance uses verifiedand expenses approved The responsible manager reviews the original invoicessupporting the cash expended and ensures that it was

used for legitimate business purpose.

Responsible according toapproved authority matrix Manual Preventive Each advan

P04 Cash Management IC18 Petty cash count performed Petty cash safe content must be counted at least once a

month (using specific form for the reconciliation). Any

discrepancy with the Petty Cash Register maintained by the

Petty Cash Custodian must be investigated and escalated.

CFO-1 or CFO-2 Manual Detective Monthly

P04 Cash Management SC02 Aging balance report reviewed The payable aging balance report is extracted and

reviewed. In particular, all unpaid amounts for more than 6months are analyzed and cleared.

CFO-1 Manual Detective Monthly

P04 Cash Management SC04 Reconciliation of vendorstatements with accounts

payable

a) All vendors should be checked once a year (ongoing

program - at least 1/12 of the supplier database a

month)

b) List of 20 top suppliers is obtained. CFO-3 prepares

circularization letter and sends them to the selected

suppliers. When answers are received from suppliers, areconciliation is performed with the A/P. Differences are

investigated, explained and actions are taken.If no answer is received within the following 2 weeks of the

sent request, a reminder is sent to the supplier and any

action performed to obtain the information is documentedon a summary sheet l isting the 20 suppliers selected.

Finance Responsible(CFO-1)

Manual Detective a) Monthly

b) Quarter

P04 Cash Management SC06 Payment voucher / instructions/ cheque authorized

Payment voucher / instruction / cheque is signed based onapproved supporting documents.

Responsible according toapproved authority matrix

Manual Preventive Each paym

P04 Cash Management SC07 Direct Debit list reviewed CFO reviews the list of authorized direct debit obtainedfrom f inancial institutions and ensures that they were all

approved and valid.

CFO Manual Detective Quarterly

P04 Cash Management SC08 Confirmation from financialinstitution of the cash deposit

and of electronic paymentreconciled with sales report

The treasurer or collection department reconciles the salesreport obtained from the billing system with the cash

received confirmed by the financial institution (cashdeposited and electronic payment confirmed).

Treasurer or CollectionResponsible (GM-3)

Manual Detective Daily

P04 Cash Management SC09 Cash reconciliation betweenbilling and accounting system

Cash report from the billing system is reconciled to theaccounting system. Any discrepancy is investigated,

explained and actions are taken.

Treasurer or CFO-1 Manual Detective Minimum wpractice da

P04 Cash Management SC10 Reconciliation between

banking summary and bankstatements (dealers indirect

sales force)

Upon receipt of the bank statements from the central cash

account, the accounting department must reconcile the

statements to the banking summary reports provided bythe dealers. Any discrepancy must be investigated,

documented and actions taken.


(GM-3)

Manual Detective Weekly

P04 Cash Management SC12 Segregation of free cash vs.blocked deposit reviewed intrial balance

CFO-1 verifies that any blocked deposits are properlyidentified in the accounts (versus cash free ofencumbrance).

CFO-1 Manual Detective Quarterly

P04 Cash Management SC13 Bank reconcil iation reviewed For all cash accounts, a reconcil iation with bank statement

is performed by CFO-2. All reconciled items are

investigated, explained and corrective actions booked ifany.

This analysis includes also:

- the clearing of old outstanding unreconciled items (above2 months).

- the review of zero-balance accounts (account in the

accounting system should be blocked)- the review of uncashed cheques

- the review of unapplied cash accountsAll reconciliation are reviewed by CFO-1.


(CFO-1)

Manual Detective Monthly for

account bu

recommendhigh usage


13/330

P06 Prepayment SC02 Manual recomputation of

monthly prepaymentcompared with accounting

Accounting Responsible (CFO-2) recomputes manually

the monthly prepayment amortization, compares it to theamount automatically recorded in the accounting system

and checks prepayment closing balance. Any

discrepancies are investigated and explained.

This analysis is then reviewed by the AccountingResponsible (CFO-1).

Finance Responsible

(CFO-1)


P07 Taxes IC01 Current and deferred taxesaccruals reviewed

Current and deferred taxes accruals are prepared by theAccounting Responsible (CFO-3) and reviewed by the

CFO-2.


Manual Preventive Monthly

P07 Taxes IC02 Direct tax return reviewed

before filing

CFO reviews and approves tax return prior filling. CFO Manual Preventive Each tax re

P07 Taxes IC05 Comparison between tax

booked and tax provision/assessment reviewed

Tax booked in the accounts is compared to quarterly tax

provision calculation or to tax assessment if any. Thedifference is identified and approved.


(CFO-2)

Manual Preventive Quarterly a

tax assessm

P07 Taxes IC06 Indirect taxes parameters

reviewed before input insystem

Creation or update of tax parameters related to customer /

supplier / product or service are reviewed before input insystem.

Customer Care

Responsible (GM-3) andAccounting Responsible

(CFO -2)

Manual Preventive Each tax pa

change

P07 Taxes IC07 Tax memo listing indirect

taxes modification reviewed

Tax advisor (internal / external) documents in a memo the

current tax status of all taxes applicable to the entity andspecifically notes the recent tax changes. The memo is

then reviewed by the CFO.

CFO Manual Preventive Quarterly a

change in t

P07 Taxes IC08 Change in indirect taxes

parameters reviewed

Customer Care Responsible (up to GM-3) and/or Accounts

Payable/Receivable Responsible review any change made

in the parameters of any customer or supplier, includingsupporting documentation for the change.

Customer Care

Responsible (up to GM-3)

and/or AccountsPayable/Receivable

Responsible (CFO-2)


P07 Taxes IC10 Indirect tax return reviewed

before filing

CFO reviews and approves tax return prior filling. CFO Manual Preventive Each tax re

P07 Taxes SC03 Internal / external tax advisor

review on direct tax approved

Tax advisors (internal / external) performs the following

activities:a) ensures that all direct taxes have been considered by

using a checklist listing all required direct taxes,b) reviews the tax calculation including tax rate,

c) reviews uncertain tax position,

d) reviews the loss carry forward analysis prepared,e) reviews, if any, the tax assessment received from the

Tax Administration.

This analysis is then sent to CFO for review.

CFO Manual Detective a) Quarterly

b) Quarterlyc) Quarterly

d) Annuallye) Ad-hoc

P07 Taxes SC04 Reconciliation betweenaccounting and income tax

base and between statutoryand effective income tax rates

reviewed

Accounting Responsible (CFO-1) prepares thereconciliation between the accounting base and the tax

base and the one between the effective tax rate and thestatutory tax rate. Both reconciliations are reviewed by the

CFO.

CFO Manual Detective Quarterly

P07 Taxes SC09 Internal / external tax advisorreview on indirect tax

approved

Tax advisor (internal / external) performs the followingactivities:

a) ensures that all indirect taxes have been considered by

using a checkl ist listing all required indirect taxes,b) performs a rationalization test per indirect taxes rate for

indirect taxes payable and receivable,

c) reviews, if any, the tax assessment on indirect taxesreceived from the Tax Administration.

In case of discrepancies, adjustment to be booked is

clearly documented. Analysis performed is sent to CFO-1for review.

Finance Responsible(CFO-1)

Manual Detective a) Monthlyb) Monthly

c) Ad-hoc

P08 Assets Impairment SC01 Impairment test conclusions

reviewed

The conclusion of the impairment test and computation of

any impairment loss is reviewed by the CFO and GFC.

CFO and GFC Manual Preventive Quarterly

P09 Bad debts SC01 Aging balance reportautomatically generated

Reports programmed are controlled under IT generalcontrol environment.

Billing Responsible and/orAccounting System

Administrator

Automated Preventive Continuous

P09 Bad debts SC02 Accounts Receivable agingbalance reconciled to thegeneral ledger

Total accounts receivable from the ageing balance isreconciled by the accounting team to the accountreceivables as per the general ledger. Purpose is to

validate the adequacy of the aging balance reporting.

Reconciliation is reviewed by Accounting Responsible(CFO-1).


Manual Detective Quarterly

P09 Bad debts SC03 Individual review of overdue

balance

Interconnect and roaming partners, dealers and overdue

postpaid subscribers (financial stress customers identified

during the dunning process) are reviewed on an individualbasis. For customers or partners facing financial stress, an

additional provision is determined and reviewed by CFO-1.

For balances above 120 days, the absence of a bad

debt provision has to be reviewed and approved by

Head of Region.


(CFO-1) and Head of

Region


P09 B d d bt SC04 B d d bt l l ti i d B d th i b l ( t id b ib l ) th A ti R ibl M l D t ti Q t l


14/330


15/330

P13 IT General Controls Procedure IC36 Events and Incidents Journal

is communicated andapproved

Significant IT events or incidents and failures are reported CIO and GM Manual Detective Monthly

P13 IT General Controls Procedure IC39 The list of authorized softwarepermitted for use by

employees is documented

and communicated

The list of authorized, tolerated and unauthorized softwareis formalized and reviewed

CIO Manual Preventive Bi-annually7 months re

between co

executions)

P13 IT General Controls Procedure IC40 The list of software installed is

reviewed

The list of software installed and used on each computer

and server is reviewed and reacted uponSecurity Officer Manual Detective Quarterly

P13 IT General Controls Procedure IC42 The results of scheduled jobs

executions are communicatedand approved

Summary of the batch jobs executions is communicated

and approved to ensure batch jobs run properly

CIO Manual Detective Monthly

P13 IT General Controls Procedure IC43 The operating procedures arereviewed and approved

Formalized operating procedures are in place anddocumented

CIO Manual Preventive Bi-annually7 months re

between coexecutions)

P13 IT General Controls Procedure IC44 An inventory listing al l

potential suspicious activitiesshould be maintained to allow

the monitoring of unauthorized

activities

An inventory listing all potential suspicious activities for

each system should be maintained to allow the monitoringof unauthorized activities. This list should be updated

based on experience and used to review unauthorized

activities (P13.SC37).

CIO and Security Officer Manual Preventive Bi-annually

7 months rebetween co

executions)

P13 IT General Controls Procedure SC01 Change requests are

authorized

Change request forms are completed, reviewed and

approved

Business Owners and

Stakeholders and CriticalSystems ITResponsible(s)

Manual Preventive When a cha

required

P13 IT General Controls Procedure SC02 Existing controls are identified,

tested and redesigned if

necessary

Existing controls (which may be affected by the design

and implementation of changes) are identified and

reported in the change request.

Testing of the existing controls impacted is

documented as part of the test plans in the change

request.

Change acceptance tests performed by Business Owners

and Stakeholders include the testing of these controls.

Appropriate actions are taken to modify or redesign thesecontrols, if necessary, to retain their integrity

Business Owners and

Stakeholders and Critical

Systems ITResponsible(s)

Manual Preventive Every reque

P13 IT General Controls Procedure SC03 Change requests (includingchanges to critical end-user

computing tools) have a test

plan, a roll-out plan and a roll-back plan developed prior to

implementation

Test plan, roll-out plan and roll-back plan are formalized,reviewed and approved prior to implementation of the

change

Critical Systems ITResponsible(s) and CIO


P13 IT General Controls Procedure SC05 Testing of interfaces between

systems and thecorresponding results are

reviewed

Interface test results are formalized and reviewed to

confirm that data transmissions are complete, accurateand valid and that interfaces are working properly

Critical Systems IT

Responsible(s)

Manual Preventive At least eve

before a neinterface is

production

P13 IT General Controls Procedure SC06a Test results are reviewed andapproved before going l ive

with the change in theproduction environment

Changes are tested, test results are reviewed and decisionto go live in production is approved

Business Owners andStakeholders and Critical

Systems ITResponsible(s)


P13 IT General Controls Procedure SC06b Implementation results arereviewed and approved after

going live with the change in

the production environment

Changes results are reviewed Business Owners Manual Detective Every reque

P13 IT General Controls Procedure SC07a Impact of change on the

documentation and supportservice plans of critical

systems, platforms,

applications and databases isassessed and the

documentation is updated if

necessary

Changes in a critical system, platform application or

database are subject to an impact analysis of the relateddocumentation (user and operation procedures, manuals,

technical documentation, support service plans, trainingmaterials, ) which is updated if necessary

Business Owners and CIO Manual Preventive Every reque

P13 IT General Controls Procedure SC07b Documentation and supportservice plans for critical

systems, platforms,

applications and databases isreviewed

The documentation of critical systems, platforms,applications and databases (user and operation

procedures manuals, technical documentation, supportservice plans, training materials, ) is reviewed to ensure

sufficiency against business needs

Business Owners and CIO Manual Detective Bi-annually7 months re

between co

executions)

P13 IT G l C t l P d SC08 I t f h th Ch t d ti t l bj t t B i O M l P ti E


16/330


17/330

P13 IT General Controls Procedure SC41 The daily job scheduling

checklists and correspondingresults are reviewed

Batch jobs are scheduled and monitored to ensure they

run as needed and to completion

Critical Systems IT

Responsible(s)


P14 Network General Controls

Procedure

IC04 Testing for systems,

platforms, applications and

databases is performed in atesting environment

For all critical systems, platforms, applications and

databases, there is a testing environment:

- separated logically and/or physically from the productionenvironment,

- which allows adequate stress, unit, end-to-end testing

- which reflects as much as possible the live environment(data in kind and quantity),

- which is available for sufficient testing time

CTO Manual Preventive Bi-annually

7 months re


P14 Network General ControlsProcedure

IC09 Users and relevantstakeholders are informed of

change implementation

Implementation of change/project is communicated to allrelevant parties (end-users, stakeholders) to ensure they

are aware of the change and its related impacts

Critical Systems TechnicalResponsible(s)

Manual Preventive Each new pimplemente


Procedure

IC10 Logical Access Management

process is documented and

communicated

The Logical Access Management policy (or security policy)

is reviewed and approved to check that the management

of user accounts for joiners, job changes and jobtermination is part of the policy (for both employees and

contractors, for local and remote access...)


7 months re



Procedure

IC20 Backup execution is reviewed Backup execution results are documented in the backup

journal and validated to ensure that backups are carriedout on critical systems, platforms, applications and

databases at least daily for data and weekly for

configuration setups

Critical Systems Technical

Responsible(s)



IC24 A Disaster Recovery Plan(DRP) is in place and is

formalized

The formalized DRP is reviewed and approvedNote: DRP and BCP plans should be updated whenever

there is a large change implemented.

CTO and GM Manual Preventive Bi-annually7 months re



IC25 The DRP is tested on aregular basis

The test results of the DRP are reviewed and approved CTO and GM Manual Preventive Annually


Procedure

IC26 Incident and Problem

Management process isdocumented and

communicated

The Incident and Problem Management Policy and

Procedures is reviewed to check that non-standard eventsare analyzed and resolved in a timely manner, including

escalation procedures, supplier involvement if appropriate

and a clear description of the process (flowchart forexample)



executions)


IC27 Events and Incidents Journal

is reviewedSignificant NW events or incidents and failures aremonitored, communicated and resolved in a timely manner

Critical Systems TechnicalResponsible(s)

Manual Detective When a sigevent or fai


Procedure

IC28 Events and Incidents Journal

is communicated and

approved

Significant NW events or incidents and failures are

reported

CTO and GM Manual Detective Monthly


Procedure

IC31 The operating procedures are

reviewed and approved

Formalized operating procedures are in place and

documented


7 months re



Procedure

IC32 An inventory l isting al l

potential suspicious activitiesshould be maintained to allow

the monitoring of unauthorized

activities

An inventory listing all potential suspicious activities for

each system should be maintained to allow the monitoringof unauthorized activities. This list should be updated

based on experience and used to review unauthorized

activities (P14.SC29).

CTO and Security Officer Manual Preventive Bi-annually


executions)


Procedure

SC01 Change requests are

authorized

Change request forms are completed, reviewed and

approved

Business Owners and

Stakeholders and Critical

Systems Technical

Responsible(s)

Manual Preventive When a cha

required


Procedure

SC02 Existing controls are identified,

tested and redesigned ifnecessary

Existing controls (which may be affected by the design

and implementation of changes) are identified and

reported in the change request.

Testing of the existing controls impacted is

documented as part of the test plans in the change

request.

Change acceptance tests performed by Business Owners

and Stakeholders include the testing of these controls.Appropriate actions are taken to modify or redesign these

controls, if necessary, to retain their integrity

Business Owners and

Stakeholders and CriticalSystems Technical

Responsible(s)


P14 N t k G l C t l SC03 Ch t (i l di T t l ll t l d ll b k l f li d C iti l S t T h i l M l P ti E


18/330


Procedure

SC07b Documentation and support

service plans for criticalsystems, platforms,

applications and databases is

reviewed

The documentation of critical systems, platforms,

applications and databases (user and operationprocedures manuals, technical documentation, support

service plans, training materials, ) is reviewed to ensure

sufficiency against business needs

Business Owners and

CTO

Manual Detective Bi-annually


executions)


SC08 Emergency changes arereviewed

Emergency changes are reviewed to assess legitimacyand compliance with change management policies and

procedures

CTO and GM Manual Detective Every emerchanges


SC11 Provisioning / deprovisioningforms are reviewed and

approved to grant users onlythe access they need

The logical access request forms for joiners, job changesand job terminations for employees, contractors, vendors

and non-client personnel are:- prepared and approved by the Head of Department (of

the employee or contracting a third-party),

- reviewed and approved by the Human ResourcesResponsible vs. the job description for legitimacy and

segregation of duties purposes,- processed by the Technical Staff

Head of Department andHuman Resources

Responsible

Manual Preventive For each re


Procedure

SC12 Access rights to systems,

platforms, applications anddatabases that are granted

(through profiles) arereviewed, updated if

necessary and approved

The complete access rights (granted through allocation of

profiles) are reviewed to check that:- access rights are in l ine with employee's position and

responsibilities in the company (job description) and thatthese are still aligned with need-to-have and segregation

of duties principles

- all users of systems, platforms, applications anddatabases receive a unique user ID by which they can be

uniquely identified (any exception to this rule must be well

documented, rationalized and approved)- temporary accounts, generic accounts, applicative

accounts are legitimate and adequately supported by

documentation


Responsible(s) andSecurity Officer



SC13 Privileged access (admin,super users) to systems,

platforms, applications and

databases is reviewed andapproved

The list of usernames (and corresponding persons) withprivileged/powerful access rights to systems, platforms,

applications and databases is reviewed to ensure that

capability to issue powerful commands is limited toappropriate individuals

Security Officer and CTO Manual Detective Quarterly


SC14 Access rights granted tovendors and contractors are

strictly limited in terms of timeand profile (need-to-have

basis)

The access rights granted to providers (including generic,application and maintenance accounts) are reviewed to

assess the need-to-be of active vendors' accounts

Human ResourcesResponsible and Security

Officer and CriticalSystems Technical

Responsible(s)



SC15 Remote access connectioncapability from vendors,

contractors and employees is

adequately limited

The timeframe and business requirements for remoteaccess granted to vendors, contractors and employees is

reviewed

Human ResourcesResponsible and Security

Officer and CTO



Procedure

SC16 Remote access connections

from vendors, contractors and

employees is monitored

Activities on network components performed during remote

access are monitored by the Critical Systems Technical

Responsible through review and documentation of theactivity logs (connection, tasks performed, disconnection)

to ensure they are in line with the planned remote activities.The monitoring of connection/disconnection to the VPNplatform ( if any) is the responsibility of the Critical System

IT Responsible


Responsible(s) and

Critical System ITResponsible(s) (if

applicable)

Manual Detective For each re

connection


Procedure

SC17 The reports on remote

connections arecommunicated and approved

Activities performed on network components during remote

access are reported and reviewed by the Security Officerand the CTO.

Remote connections to the VPN platform (if any) are

reported and reviewed by the Security Officer and the CIO

Security Officer, CTO and

CIO (if applicable)



Procedure

SC18 The set-up for passwords of

each system, platform,

application and database isreviewed

Password controls to critical network and systems,

platforms, applications and databases are in effect and

consider minimum security rules (where technicallyfeasible)

Security Officer and CTO Manual Preventive Bi-annually

7 months re


P14 N k G l C l SC19 S d b k i i l R i i d b k d d fi d CTO d L l M l P i Bi ll


19/330

P15 Bill and Collect for

Interconnect/other operators

IC03 Analyze and resolve rejected

EDRs on billing system

Identify the source of the rejection (if possible) and try to

resolve the problem in order to prevent the event from

happening in the future. Furthermore, the rejected EDRs

are recuperated where possible. This process occurs

continuously and the events that happen the most are

tackled first.

Billing Staff Manual (electronic

evidence)

Detective Daily



IC04 Reconciliation of reference

data (e.g. trunk groups and

gateway transit routes) in the

Switch, Mediation and

interconnect billing system

Reference data (i.e. Trunk and gateway transit routes)

needs to be reconciled between Switch and Interconnect

Billing System per operator. I.e. validating that the operator

trunk code and gateway transit routes are linked to the

correct operator by the interconnect billing system.

The reconciliation should include the mediation in case of

filtration rules defined based on Trunk Groups on

Mediation Device.

Billing Manager Manual Detective Before Bi



IC08 Verification on whether the

invoices are sent out

Check whether all the invoices generated are sent out to

the relevant operators.




SC05 All rejected EDRs are formally

reported during theinterconnect bill run

EDRs not corrected are reviewed by CFO and Local

Revenue Assurance Manager before clearing them fromthe Billing System (based on delegation of authority and

local regulations).

Billing Manager, Local

Revenue AssuranceManager and CFO

Manual (electronic

evidence)

Detective At each b



SC06 Mediation output is reconciled

with Interconnect billing input

and output

Reconciliation of output from the Mediation device with the

input into the Interconnect Billing System and its output (or

support system such as a database or data warehouse) in

number of EDRs and in number of minutes. This is a

standard MIC input / output report.

Billing Manager Manual (electronic

evidence)

Detective Daily



SC07 Detailed interconnect revenue

invoice validation

The monetary values, the minutes and events in the

interconnect revenue invoices are checked for their

accuracy.




SC09 Usage Report (EDRs Count,

Minutes etc) from other

operators are reconciled with

the registered traffic sent to

them

Usage Report ( EDRs Count, Minutes etc) received from

the other operators are reconciled with the output from the

Interconnect Billing system by the Bill ing Manager. If the

figures deviate from a preset tolerance limit (threshold), a

detailed analysis is needed (exchange of EDRs may be

necessary in this case).

Billing Manager Manual Detective Monthly



SC10 Payable invoices from other

operators are reconciled with

the Usage Report

reconciliation

Payable interconnect invoices received from the other

operators by the Interconnect Manager are reconciled with

the Usage Report ( EDRs Count, Minutes etc)

reconciliation done in SC9.

Interconnect Manager Manual Detective Monthly

P15 Bill and Collect forInterconnect/other operators

SC11 All payable invoices that areaccepted are subject to

approval

All payable invoices of interconnect operators that areaccepted are subject to an approval of the Interconnect

Manager and GM.

GM and InterconnectManager




SC12 Validation of prepared

bookings by CFO-1

All the accounting records in relation to interconnection

revenue & cost are verified by the CFO-1 before posting

into the GL.

CFO-1 Manual Preventive Monthly



SC13 Revenue and cost data in the

interconnect billing system(both accruals and invoices) is

reconciled with the accounting

system

Comparison of interconnect revenue & cost booked in the

accounting system with the revenue/cost from theinterconnect billing system & the invoices sent out/received.




SC14 Netting of invoices is reviewed

by the CFO-1

Validation of the invoices netted off and the resulting

values.


P16 Bill and Collect for Sales

(Roaming)

IC01 Formal review and approval of

all roaming agreements

Terms & conditions set out in the roaming agreement must

be reviewed for their technical/financial terms by the

relevant departments.

GM Manual Preventive For each

agreemen


20/330


(Roaming)

IC13a Analyze and resolve rejected

Inbound Roaming EDRs at theBilling System


resolve the problem in order to prevent the event fromhappening in the future. Furthermore, the rejected EDRs

should be recuperated if possible. This process occurs

continuously and the events that happen the most are

tackled first.


evidence)

Detective Daily


(Roaming)

IC13b Analyze and resolve Inbound

Roaming EDRs rejectedduring the MBF and TAP OUT

generation


resolve the problem in order to prevent the event fromhappening in the future. Furthermore, the rejected EDRs

should be recuperated if possible. This process occurscontinuously and the events that happen the most are

tackled first.

Rejections are investigated from two sources:- during MBF files generation;

- during MACH TAP OUT files generation. Rejected EDRs

are listed in MACH COM portal (Rejected, CDR DetailsReport) including the reason of their rejection. These

rejections have to be investigated and corrected if possible

together with Mach support.


evidence)

Detective Daily

P16 Bill and Collect for Sales(Roaming)

IC15 Daily review of the high usagereporting + validation of the

sending of any existing high

usage reports

The Billing Manager verifies that the Bill ing system/Fraudsystem generates and sends out the high usage report for

subscribers visiting your network each day.

In case of NRTRDE f iles are stored on MACH server every4 hours.

Billing Manager Manual Detective Daily


IC24 Roaming tariff changes arecommunicated on time to the

Clearing House

IOT updates and rating information for new roamingpartners are sent to MACH at least 4 weeks before the

agreed start date of application.

Billing Manager Manual Preventive For each neagreement


(Roaming)SC02a Reconciliation of inbound

roaming settings in the Switchand corresponding settings in

the inbound roaming Billing

System and Mediation device(if required)

There is a reconciliation between the inbound roaming

settings (IMSI ranges per operator) on the Switch againstthe corresponding settings in the roaming Billing System

and Mediation Device. The reconciliation report should

include the underlying reasons of discrepancies andcorrective actions.


evidence)

Detective Monthly


SC02b Reconciliation of inboundroaming settings in the Switch

and corresponding settings inthe Mediation device.

There is a reconciliation between the inbound roamingsettings (IMSI ranges per operator) on the Switch against

the corresponding settings in the Mediation device. Thereconciliation report should include the underlying reasons

of discrepancies and corrective actions.

Billing Manager Manual (electronicevidence)

Detective Monthly


(Roaming)

SC06 Duplicate check on Outbound

Roaming EDRs

The TAP IN processor (or the postpaid billing system)

checks for duplicates based on certain fields in a callrecord that are equal.

This is either done based on a report that runs daily or

based on an exception / alarm report that is issued uponoccurrence.


evidence)

Preventive Daily


SC07 Validation of TAP IN filessequence numbering

There is a validation on the sequence number of the TAPIN files.

Billing Manager -1 Manual Detective Daily


(Roaming)

SC08 Reconciliation of rates applied

in the records in the TAP IN

file with rates agreed upon.

There is reconciliation between the rates applied in the

records from the TAP IN files with rates agreed upon. This

reconciliation may be performed on a relevant sample ofTAP IN files if the control is performed completely manual.

It is however preferred to perform the reconciliation on all

TAP IN files.

Billing Manager -1 Manual OR

Manual (electronic

evidence)

Detective Daily


SC11 Validation of currencyconversion rates used to

convert SDR values in local

currency values

The currency conversion from SDR values in the TAP INrecords to local currency is timely updated and performed

by the Billing Manager and reviewed by the CFO-1.

CFO-1 Manual (electronicevidence)

Preventive Monthly


(Roaming)

SC12 Reconciliation of Billing

records contained in TAP INfiles with the Roaming records

in the Billing System or

Prepaid EDRs

There is a reconciliation between the billing records

contained in TAP IN records with the roaming recordsuploaded in the postpaid billing system.

Note: Wherever Prepaid Camel is offered for Out roamers


evidence)

Detective At each bill


21/330


(Roaming)

SC18b The output from the Mediation

is reconciled with the MachTAP creation report

Reconciliation of Mediation output (MBF files or raw CDRs)

with the Mach 'TAP creation report for Revenue Assurance'in number of EDRs and in number of minutes / bytes.


evidence)

Detective Daily


(Roaming)

SC19 Validation with Clearing House

of TAP OUT file sent

Check whether the Clearing House has received the TAP

Out files sent by the MIC subsidiary.

Billing Manager -1 Manual Detective Daily


(Roaming)

SC20 Validation of clearing house

netting results by comparingdifference retrieved TAP IN

and created TAP OUT

Comparison of the Summary report sent by the ClearingHouse against the MIC subsidiarys own Tap IN & Tap OUT

details.



(Roaming)


bookings by CFO -1

All the accounting records in relation to roaming revenue &

cost are verified by the CFO -1 before posting into the GL.

CFO-1 Manual Preventive Monthly


SC22 Accounting journal entries arereconciled with MACH reports

The CFO reviews and validates the proposed Roamingrevenue and cost bookings in the accounting system with

the MACH reports.



(Roaming)

SC23 Tariff complies with roaming

agreements (AA14)

Tariffs applied to TAP OUT are reviewed against those of

the signed agreement (AA14) with all roaming partners. Allagreements have to be reviewed once a year, with 25% of

roaming partners being reviewed quarterly on a rol ling

basis.

Billing Manager -1 Manual (electronic

evidence)

Detective Quarterly


(Postpaid)

IC01 A formal credit check is

performed for each postpaid

subscriber before provisioning

For each new postpaid subscriber recommended by the

Go-to-Market Department, a formal credit check is

performed based on the approved Commercial policy toreview and assess the credit status and reputation of the

subscriber.

Credit and Collection

Manager -1

Manual Preventive For each ne


(Postpaid)

IC02 A specific exception form

exists on the acceptance ofsubscribers that do not comply

with the Commercial policy /

credit check limits

A specific exception form (prepared and justified by the

Sales department) exists on the acceptance of postpaidsubscribers that do not comply with the Commercial policy.


Manager


subscriber

P17 Bill and Collect for Sales(Postpaid)

IC03 A specific exception form

exists on the acceptance of

exceptional discounts that

do not comply with the

Commercial policy

A specific exception form (prepared and justified by

the Sales department) exists on the acceptance of

exceptional discounts that do not comply with the

Commercial Policy.

Credit and CollectionManager

Manual Preventive For each neallocated an

discount


IC05 Review the credit limit setup A formal verification is made to ensure that all credit limitsreported are implemented in accordance with the

Commercial policy.

Credit and CollectionManager

Manual (electronicevidence)

Preventive Daily


(Postpaid)

IC06 All manually provisioned

changes to critical subscriber

data are automaticallyreported and reviewed

All manually provisioned changes to critical subscriber data

(in the Switch and Billing environment) are automatically

reported (based on a predefined query) and reviewed. Thereview verifies whether the reported provisioned changes

equal the approved subscriber data change requests.

Critical subscriber data is (but not limited to): name,address, services and status.

Consumer Manager Manual (electronic

evidence)

Detective Daily


(Postpaid)

IC08 A standard report with all tariff

changes is generated andsigned off on a daily basis

A standard (predefined query) report with all tariff changes

is generated and signed off on a daily basis. This is eitherdone based on a report that runs daily or based on an

exception / alarm report that is issued upon occurrence.

When the control is based on an alarm: the approval must

be attached to the exception report.

Category Manager Manual Detective Daily


22/330


(Postpaid)

IC20 High Usage Monitoring Monitoring of high usage looks at value, but also at minutes

and transactions (and must cover both prepaid as well aspostpaid). Specific thresholds are applied (based on

approved high usage policy & procedures) and subscribers

surpassing the thresholds are followed up. Appropriate

actions are taken, such as contacting the subscriber for anexplanation or even barring the subscriber.

This is either done based on a report that runs daily or

based on an exception / alarm report that is issued upon

occurrence.


Manager -1

Manual (electronic

evidence)

Detective Daily


(Postpaid)

IC21 Test SIM usage monitoring Usage of test SIMs is monitored and evaluated to detect

any misuse.This is either done based on a report that runs daily or

based on an exception / alarm report that is issued uponoccurrence.

Revenue Assurance Manual (electronic

evidence)

Detective Monthly


(Postpaid)

IC22 Sample testing pre and post

bill run (testing completenessand calculation of invoice)

The accuracy of the invoices is verified on a sample basis.

The sample should represent a variety of billing scenarios.A log should be maintained for any errors identified.

Billing Manager Manual Detective At each bill


(Postpaid)S0C4 Review the discount report All discounts (not part of a discount plan) are reported in a

specific exception report on a daily basis. This report mustbe based on a predefined query.

Consumer Manager Manual (electronic

evidence)

Detective Daily


(Postpaid)

SC07 Record all future movement of

revenues (e.g. connectionfees) based on the MIC Policy

Future movements of revenues (e.g. connections fees) are

computed and reported in a schedule, which is used forrecognizing and booking the corresponding entries basedon the MIC accounting policy.



(Postpaid)

SC09 Identify missing EDR

sequence

The Switches (and other EDR generating nodes) must

number their call records sequentially. A control is

performed by the mediation device to verify whether thesequence is respected (completeness of EDRs).

This is either done based on a report that runs daily orbased on an exception / alarm report that is issued upon

occurrence.


evidence)

Detective Daily


(Postpaid)

SC10 Automated check for duplicate

EDRs

The database of the billing system (or mediation) is

checked for duplicate EDRs based on certain fields in acall record that are equal.

This is either done based on a report that runs daily orbased on an exception / alarm report that is issued upon

occurrence.

Billing staff Manual (electronic

evidence)

Detective Daily


(Postpaid)

SC15 Reconcile Mediation Input Vs

Mediation Output

Reconcile the input of mediation device against the output

by EDR category. This reconciliation is common for al l typeof Traffic ( i.e. Postpaid, Interconnect and Roaming). Thisreconciliations is the standard MIC input / output report,

must occur both in numbers of EDRs, minutes and (kilo)bytes where applicable.


evidence)

Detective Daily


(Postpaid)

SC19 All rejected EDRs at on billing

Platform should be formallyreported before bill run

EDRs not corrected are reviewed by CFO and Local

Revenue Assurance Manager before clearing them fromthe Billing System (based on delegation of authority and

local regulations).

Billing Manager, Local

Revenue AssuranceManager and CFO

Manual Detective At each bill


SC23 Check all the revenuemovements in the Billing cycle

is captured

Ensure that all the revenue movements in the Billing cycleare captured and that all the pending subscription fees (e.f.

flat fee services and packages) are included in the

settlement invoice.




(Postpaid)

SC24 Check that all subscribers are

included in a billing cycle

Reconciliation of subscribers in the subscriber database

against the subscribers covered by the bill runs in order to

verify whether all subscribers are assigned to at least oneof the bill runs.


evidence)



(Postpaid)

SC25 Reconciliation provisioning

prepaid platform with billsgenerated by the billing

system for fixed bills

Validate fixed bills generated for fixed bill subscribers in the

prepaid billing system to ensure that the reload (top-up) atthe beginning of the month reconciles to the invoices

generated at the end of the month.


evidence)



23/330


(Postpaid)


bookings by CFO-1

All bookings should be first prepared in draft and then

approved by the CFO-1 before being booked in the G/L(this should be performed in both cases where there is an

interface between the Postpaid system and the accounting

system or if this is a manual booking into the accounting

system).

CFO-1 Manual Preventive At each bill


(Postpaid)

SC31 Revenue data in the Billing

System is reconciled with theAccounting System (both

accruals and invoices)

The relevant bookings in the G/L are reconciled with their

source, i.e. the billing system and the invoices and accrualsgenerated by it. This reconciliation must also reconcile the

classification of revenue in both systems.

CFO Manual Detective At each bill


(Postpaid)

SC32 Reconcile Switch Output Vs

Mediation Input

Reconcile the output of Switch against input of mediation

device by EDR category. This reconciliation is common forall type of Traffic ( i.e. Postpaid, Interconnect and

Roaming). This reconciliations is the standard MIC input /output report, must occur both in numbers of EDRs,

minutes and (kilo) bytes where applicable.

CTO-1 Manual (electronic

evidence)

Detective Daily


(Prepaid)

IC02 Determine commercial

feasibility of tariff changes/add

All new / changed tariffs are subject to a profitability impact

analysis by Go-To-Market. The analysis must be reviewedand approved.

Category Manager Manual Preventive For each ne

tariff


(Prepaid)

IC04 Formal approval of tariff

changes

Prior to being set up all tariff/pricing changes need to be

approved.

In accordance with the

approved Pricing Policy


tariff

P18 Bill and Collect for Sales(Prepaid)

IC07 Review and approval ofmanually initiated changes to

prepaid subscriber balances

All manually initiated changes to subscriber balancesrequire prior approval of the Customer Support.

Manual changes are all changes that are not part of thenormal automated logic of using and uploading balances.

This covers adjustments and initiating batches for

promotions and discount corrections.

Note: The approval has to be in l ine with the MIC Policy

No.B4.3.2. based on the thresholds set.

Customer Support Manual Preventive For every rechange to b


(Prepaid)

IC10 Exception Report on prepaid

rating

Prepaid traffic which can not be rated, and for whichdefault rated cant be applied is reported.

Billing Manager Manual Detective Monthly


(Prepaid)

IC14 Test transaction matrix The test transaction matrix consists out of a relevant

sample of events scenarios (as well as other types of

transactions e.g. Voice, SMS, MMS, GPRS, rechargevouchers, e-pin) that is executed each month, which are

followed up from switch up to the Prepaid platform (orindependent comparison of test call records from matrix

with IN system and in case of any missing records, trace

back on Switch or Mediation). The test transaction matrixcontains the scenarios that represent at least 90% of all

transactions.

Billing Manager -1 Manual Detective Monthly + A

changes to

equipment


IC15 Check the forfeiture is takingplace as per card expiry

The billing manager ensures the forfeiture is taking placeas per card expiry.


Detective Monthly


IC20 All PIN/HRN generationrequests are subject to a

formal approval.

Before generating new PINs and registering these on the

network, the Category Manager should approve this action.Category Manager Manual Preventive For each P

generation


IC24 Take approval for PINsactivation (prior to the actual

activation)

There is a proper management approval for activation ofPINs in the prepaid platform. The Warehouse Manager is

responsible for informing the Billing Manager.

Warehouse Manager Manual Preventive Before PIN

P18 Bill d C ll f S l IC26 A d C i l P li A f l i l li i d f d d d Thi G M l P i B


24/330


(Prepaid)SC01 Reconciliation of MSISDNs,

subscribers profile and status

in Switch subscriber db and

prepaid and postpaid billing

platform

The MSISDNs, subscriber's profiles and status

(Active/Inactive) in the switch subscriber DB (HLR) andprepaid/postpaid Billing platform are reconciled by the

billing manager. The Billing manager should review

exceptions and propose corrective actions to IT and

Network. Any corrective actions should be formerlydocumented

Note: Ring Back Tone should also be reconciled (between

RBT server, IN, Billing System and the Switch). For

practical reasons the profile and MSISDNS reconciliationfor prepaid and postpaid should be done at the same time.


evidence)

Detective Daily


(Prepaid)

SC03 Determine accounting impact

of tariff changes/add

Changed or new tariff (plans) may have an impact on the

way revenue is recorded. As such, Finance needs, as perthe MIC accounting policy manual, to assess the impact of

a tariff change.

CFO Manual Preventive For each ne

tariff


(Prepaid)

SC05 Changed / added tariffs report A standard (predefined query) report with all tariff changes

(including interconnect, roaming, prepaid, postpaid andwireless) is generated and signed off. This is either done

based on a report that runs daily or based on an exception

/ alarm report that is issued upon occurrence.

Category Manager Manual Detective Daily


SC06 Reconciliation between EDRsgenerated by the prepaid

platform and the ones

generated by the Switch /SMSC / MMSC / GPRS

(depending upon networkarchitecture)

A reconciliation between EDRs generated by the prepaidplatform and the ones generated by the Switch (or other

EDR generating nodes on the network, e.g. SMSC, MMSC,

GPRS Nodes, etc) should be performed in order to ensureintegrity of transfer between both systems. The

reconciliation should occur both in numbers of EDRs aswell as in number of minutes and (kilo) bytes where

applicable.

Wherever it is applicable for content, there should be areconciliation of SMS_MT with the Switch and IN EDRs.


Detective Daily


SC08 Validation of all manualchanges to subscriberbalances

A predefined query reports all manual changes tosubscriber balances. Issued report is reviewed andvalidated.

Consumer Manager andCFO

Manual (electronicEvidence)

Detective Daily


(Prepaid)

SC09 Review reasons for all

subscriber with negativebalance (or subscribers

credited to 0 balance) and

obtain validation byappropriate level of

management

All negative balances for prepaid subscribers should be

reviewed on a regular base. This includes also theinstances where subscribers wou

Testing Strategy 2011

Documents

Transcript of Testing Strategy 2011