Back

Review transaction files for compliance with the supply chain audit standard.


CONTROL ID
08864
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain supply chain due diligence standards., CC ID: 08846

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The auditor will assess the tin/tungsten/tantalum procurement policy against the audit protocol. (Auditee must provide the following for the audit period: (2), Conflict-Free Smelter (CFS) Program Audit Procedure for Tin, Tantalum, and Tungsten, 21 December 2012)
  • The auditor must conduct a total tin/tungsten/tantalum material balance (+/- 10%) to determine if everything is in general agreement. (Auditee must provide the following for the audit period: (4), Conflict-Free Smelter (CFS) Program Audit Procedure for Tin, Tantalum, and Tungsten, 21 December 2012)
  • The auditor must review documentation for 100% of the receipts or purchases of tin/tungsten/tantalum ore, intermediates, concentrate, and partially processed and byproduct materials for compliance with the audit standard. (Auditor must provide the following for the audit period: (6), Conflict-Free Smelter (CFS) Program Audit Procedure for Tin, Tantalum, and Tungsten, 21 December 2012)
  • The auditor must review the documentation for 100% of the existing inventory of tin/tungsten/tantalum ore, intermediates, concentrate, and partially processed and byproduct materials for compliance with the audit standard. (Auditor must provide the following for the audit period: (7), Conflict-Free Smelter (CFS) Program Audit Procedure for Tin, Tantalum, and Tungsten, 21 December 2012)
  • The auditor must review the information shared with downstream customers and the publications of the smelter's due diligence process. (Auditor must provide the following for the audit period: (9), Conflict-Free Smelter (CFS) Program Audit Procedure for Tin, Tantalum, and Tungsten, 21 December 2012)
  • The auditor must review the refinery's policy related to gold-bearing materials against the requirements in section b(i) of this standard. (§ C(2), EICC and GeSI Gold Supply Chain Transparency: Smelter Audit, Jule 12, 2012)
  • The auditor must review samples of transaction documentation for mining materials to determine compliance with this standard. The percentage or minimum number of transactions to review is in accordance with the standard industry audit procedures. (§ C(6)(a), EICC and GeSI Gold Supply Chain Transparency: Smelter Audit, Jule 12, 2012)
  • The auditor must review samples of transaction documentation for recyclable materials to determine compliance with this standard. The percentage or minimum number of transactions to review is in accordance with the standard industry audit procedures. (§ C(6)(b), EICC and GeSI Gold Supply Chain Transparency: Smelter Audit, Jule 12, 2012)
  • The auditor must determine if the transaction document creates a reasonable doubt about the authenticity of the material's origin or confirm the material's origin is conflict-free. (§ C(6) ¶ 2, EICC and GeSI Gold Supply Chain Transparency: Smelter Audit, Jule 12, 2012)
  • The auditor must visually check recyclable material samples and review documentation to verify it meets the definitions in this standard. (§ C(7), EICC and GeSI Gold Supply Chain Transparency: Smelter Audit, Jule 12, 2012)
  • The auditor must review the refiner's assessment for key components when the materials originate from a level 3 country. (§ C(8), EICC and GeSI Gold Supply Chain Transparency: Smelter Audit, Jule 12, 2012)
  • The auditor must confirm that the highest ranking employee at the manufacturing site has signed for receipt of the material. (§ C(8), EICC and GeSI Gold Supply Chain Transparency: Smelter Audit, Jule 12, 2012)
  • Reviewing and reconciling output reports (¶ 2.53 Bullet 2, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • Reviewing and reconciling output reports (¶ 2.61 Bullet 2, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • Determine whether the ODFI has established ACH exposure limits for originators. Determine whether: (App A Tier 2 Objectives and Procedures H.3, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Assess the adequacy of logs maintained for ACH payments received from, and delivered to, each customer. (App A Tier 2 Objectives and Procedures I.1, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • For third-party service providers contracted to process outgoing ACH transactions, determine whether there are procedures to monitor ACH activity and ensure that funds are collected (collected balances, prefunding, credit lines) before the institution settles with the ACH operator. (App A Tier 2 Objectives and Procedures J.2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Determine whether the institution has a process in place for monitoring and acting on returned items, that includes third-party vendors, where applicable.. (App A Tier 1 Objectives and Procedures Objective 8:12, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)