This page contains many of the policies & procedures that are available on KnowledgeLeader. These policies & procedures are all provided in downloadable versions so they can be repurposed for use in your organization.
Select one of the areas below to view summaries of these policies & procedures, or click to view the full list by Date, Title, or by Topic.
Sarbanes-Oxley Section 404 Compliance Project Work Paper Standards and Guidelines – Policy
The purpose of this document is to establish basic guidelines and standards for the preparation and review of work papers relating to the Sarbanes-Oxley Act Section 404 compliance project. These work paper standards will be used to document the results of testing key control activities for all critical business processes identified by the project team.
Allowance for Doubtful Accounts Policy
This policy specifies guidelines that ensure uniform accounting for Allowances for Doubtful Accounts across an organization. This is a valuation account used to adjust the total of the customer accounts and notes receivable to anticipated net realizable values.
Account Reconciliation Policy (Sample 2)
This policy establishes standards and procedures for ensuring that a company performs account reconciliations in compliance with management’s objectives.
Employee Termination Policy
The purpose of this policy is to document an organization’s internal disclosure certification process. These steps are designed to assist executive management responsible for signing external disclosure certifications related to the company’s internal controls over financial reporting.Employee Termination Policy
The following policy outlines steps related to the employment termination process.
Check Distribution Policy
This policy provides guidelines for authorizing, processing and distributing checks. It is important that proper internal controls are in place to ensure the check processing and authorizing approvals are appropriate.
Internal Disclosure Certification Policy (Sample 2)
The purpose of this policy is to document an organization’s internal disclosure certification process. These steps are designed to assist executive management responsible for signing external disclosure certifications related to the company’s internal controls over financial reporting.
Sustainability Policy
The purpose of this policy is to ensure that principles of sustainability are incorporated into actions carried out by the company. Sustainability refers to both sustainable development and sustainable systems that meet present needs without compromising the future.
Energy Conservation Policy
The purpose of this policy is to ensure, encourage and enable the reduction of energy use by the company and its customers. The corresponding overview document provides suggested energy conservation methods related to heating and cooling, lighting, and equipment and appliances.
Credit Card Information Handling Policy
Use this policy to ensure that credit and debit card information and other personal financial data is accessible by a limited number of authorized team members and maintained in accordance with applicable law.
Control Transition Policy
The purpose of this policy is to set forth the procedures for ensuring the continued integrity of a company’s system of internal controls. Steps in this policy focus on the timely transition of internal control responsibilities when needed; the continued and ongoing execution of key controls; and that internal control documentation is maintained throughout the year to reflect actual controls in place and responsible individuals.
Environmental Protection Policy
This policy focuses on ensuring all controlled and identified materials used in operations are properly managed to comply with laws and regulations and to minimize harmful effects on the environment.
Encryption Key Management Policy
The following sample outlines the procedures taken to create, rotate, and purge encryption keys used for securing credit card data within software applications.
Credit Card Data Purge Policy
The following sample outlines a set of procedures for the credit card data purge process including specific purge procedures, a purge schedule, and related definitions.
External Complaints Management and Dispute Resolution Policy
This policy is based on the ISO Standards for handling complaints, with some sections on negotiation, mediation and arbitration resolution techniques that are used before litigation. The author of this policy asserts that complaints management is an integral part of Enterprise Risk Management.
Corporate Image and Communication Standards Policy & Procedures
The purpose of this policy is to ensure that all internal and external corporate communication incorporate consistent standards to maintain and reinforce the corporate image.
Data Backup and Retention Policy
The following sample outlines a set of policies and procedures for data backup and retention including network server backups, tape backups and job scheduling.
General Password Policy
The following sample outlines a policy for ensuring secure use of network passwords. This policy provides guidance regarding initial password setup, complexity, sharing, storage, and many other topics.
Corporate Website Policy
The purpose of this policy is to ensure that the company website reflects a consistent corporate image that preserves and builds the value of the corporate brand.
Do Not Call Registry Policy
The purpose of this statement of policy is to ensure that a “do not call” list will be maintained and consumers on that list will not be contacted by outbound telemarketing representatives. Also, to ensure that nothing is done to impair the brand and image of the organization.
Technology Change Management Policy
This document provides the structure for ensuring that technological changes are consistently and properly recorded, assessed, authorized, tested, and released efficiently while effectively mitigating the risks to system availability, integrity of data, and the interoperability of the organization’s information resources.
Accounts Receivable Bad Debt Policy
The purpose of this policy is to establish consistent methods for determining the bad debt reserve amount, referring appropriate accounts receivable to an outside collection agency, and charging off amounts to the bad debt reserve.
Record Management Policy
This document outlines a set of policies and procedures to retain records as appropriate to meet legal and regulatory requirements and business needs.
Enterprise Assessment and Monitoring Procedures
The purpose of this document is to develop a consistent process for scheduling and managing IT security assessment processes. The general steps outlined provide a process for conducting various types of assessments, as well as guidelines for monitoring of security compliance within the computer system and network environments.
Firewall Administration Policy
The purpose of this document is to establish procedures and requirements to ensure the appropriate protection and continuous operation of a company’s firewall infrastructure. Given the sensitive roles firewalls play in a network infrastructure, the manner in which they are administered and maintained is critical to business operations.
Sensitive Data Handling Policy and Procedure
The purpose of this policy is to ensure that all sensitively classified data is properly handled whether being transmitted within the organization or to a trusted third party. This document provides detailed guidance on how to handle sensitive corporate data including the physical security of information, and the distribution of classified information both internally and externally.
Confidentiality and Privacy Policy
This policy outlines the steps a company and its employees should take to maintain a level of confidentiality over all appropriate business information and personnel information. This document also contains an appendix: “10 Principles for the Protection of Personal Information.”
Enterprise Information Security Policy
This document establishes the basis of information security policies, related documents that establish criteria for access to, through, or from an organization’s communication networks. This policy is intended to establish the information security criteria, means, methods, and measures to protect the confidentiality, integrity, and availability of information assets and communication networks.
Relationship with External Auditors Policy
This policy outlines the relationship between a company and its external auditors. This document also discusses the importance of providing external auditors adequate information and other related company responsibilities.
Governance in Not-for-Profit Organizations Policy
This policy provides additional policy guidance for not-for-profit organizations in the areas of mandate, roles of volunteer boards and executive directors, special board committees and their roles, and volunteer principles. The scope in this policy applies to the Board of Directors, the executive director, and all other employees and volunteers.
Corporate Governance: Relationship with Internal Auditors
The purpose of this policy is to establish reporting relationships for the internal auditors of the company. Both internal and external auditors, by the nature of their work, have a special relationship with the board of directors. This policy spells out particular reporting relationships to ensure that appropriate governance can be applied.
Corporate Governance: Board Committees
The purpose of this policy is to set standards for board committee structures and protocols. To be most effective, board committees require formal terms of reference that clarify the committees’ mandates, composition and limitations.
Corporate Governance: Shareholders Meetings
The purpose of this policy is to simplify and clarify the essential elements of shareholders meetings. The policy applies to shareholders, the Board of Directors and all staff working on shareholder relations.
Accounts Receivable - Freight Claims
This sample outlines a set of policies and procedures for processing freight claims for shipments where the carrier lost and/or damaged goods during shipment, or where there is a shortage in the delivered goods.
Accounts Receivable - Debit Notes
This sample outlines a set of policies and procedures for receiving debit notes raised by customers in situations where goods are returned or rejected.
Accounts Receivable - Credit Holds
This sample outlines a set of policies and procedures for correctly dealing with withholding or delaying an order as a result of the belief that a company may not be paid.
Accounts Receivable - Cash Receipts
This sample outlines a set of policies and procedures for correctly dealing with and recording receipts of cash.
Accounts Receivable - Cash Collections
This sample outlines a set of policies and procedures for collecting on accounts that have gone more than a specified number of days past their due dates without having been paid.
Accounts Receivable - Write-Offs
This sample policy provides guidance on procedures to be followed when dealing with issues resulting from the bankruptcy of a customer in the US, and/or the writing-off of bad debts.
Accounts Receivable Policies and Procedures - Returns
This sample policy provides guidance on the procedures to be followed when merchandise (damaged or otherwise) is returned by mail or shipment.
Disclosing PHI to Avert Serious Threat to Health and Safety
Covered entities are permitted, consistent with applicable law and standards of ethical conduct, to disclose protected health information based on a good faith belief that the disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. This policy provides guidance to ensure full compliance with all laws when using or disclosing protected health information to prevent or lessen a threat to the health or safety of a person or the public.
Authorization for the Use and Disclosure of Individually Identifiable Health Information with Conditions
This form authorizes the use or disclosure of individually identifiable health information as described. The information may be re-disclosed and no longer protected by federal privacy regulations. The form can be used by organizations that are developing policies and procedures for compliance with the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA).
End User Computing (EUC) Tools Policy
This sample outlines a set of policies and procedures for dealing with the security and use of end-user computing (EUC) tools such as spreadsheets, databases and report writers.
Revenue Recognition Policy
This sample outlines a set of policies and procedures for revenue recognition in a company that derives revenue principally from the sale of electronic equipment built to customer specifications as well as from repair and design services.
Patient Admission Policy
This sample outlines a set of policies and procedures for providing a consistent, standardized, and proficient method for the admission of patients, and applies to standards and/or requirements prior to, or immediately following, admission of patients for in-patient treatment.
Business Continuity Management Policy
This sample outlines a set of policies and procedures for formalizing a Business Continuity program, and provides guidelines for developing, maintaining and exercising Business Continuity Plans (BCPs). Such plans will ensure independence of crisis location, crisis duration and availability of any specific person or group of people.
Charge Description Master Policy
The following sample outlines a set of policies and procedures for ensuring that the Charge Description Master (CDM) provides a comprehensive listing of items that could be billed to a patient, payer or healthcare provider. The CDM is a file that contains a list of a U.S. healthcare provider’s chargeable services.
Systems Development Life Cycle (SDLC) and Change Management Policy
This sample outlines a set of policies and procedures designed to provide an orderly process in which changes to a company's IT infrastructure are requested and approved prior to the installation or implementation of a change.
Oracle eBusiness Suite Policy
This sample outlines a set of policies and procedures for controlling access to and use of the Oracle eBusiness Suite and database. This includes user access management, change control, problem, incident, and patch management, as well as backup and recovery.
Revenue Capture Policy
The following sample outlines a set of policies and procedures for ensuring that charges for healthcare supplies and/or services administered are recorded and posted to a patient account in the patient accounting system.
Accounting: Earnings per Share Policy
This policy outlines the correct calculation of earnings-per-share (EPS), as governed by U.S. Statements of Financial Accounting Standards (SFAS) 123R. Basic EPS is computed by dividing reported earnings available to common stockholders by weighted average shares outstanding.
Security and Access Policy and Procedures
This sample outlines a set of policies and procedures to provide a company with a single reference for governance pertaining to matters of security for personnel, facilities, assets, information, and business operations. In addition, this policy allows the development of more specific policies, standards, processes, and procedures as required. This policy should be periodically reviewed and updated, where necessary, to reflect changes in the technology environment.
Cash and Cash Equivalents Policy
This sample outlines a set of policies and procedures for the use of cash and cash equivalents that preserves principal, meets liquidity needs, and delivers a suitable return in relationship to these policies and market conditions.
Computing Operations and Support: Service Levels Policy
The purpose of this Statement of Policy and Procedure is to ensure that there are defined and documented IT services, service times, and user-agreed metrics for objective evaluation of the services provided; that IT staff apply appropriate focus on problem areas with declining service-level measurements; and that user expectations are set for IT system availability, performance, and problem handling.
Data Management Policy
This sample outlines a set of policies and procedures to assist an Information Technology Group in backing up server-based data, with details of the required backup tapes, devices, and software. In addition, this policy addresses the file restoration process.
Claim Resolution/Payment Verification Policy
This sample outlines a set of policies and procedures for ensuring that claims submitted to third parties for services administered are estimated accurately and resolved in a timely manner. Note: This example includes some information specific to Texas, but is otherwise generally applicable.
Accounting: Asset-Backed Securitization and Factoring of Receivables Policy
This sample policy outlines a set of policies and procedures for asset-backed securitization and factoring of receivables.
Data Management: Records Retention Policy
The purpose of policy is to ensure that legal statutes regarding data retention and industrial and business requirements regarding data retention are observed; and data which has survived its retention period is destroyed promptly to avoid legal and litigation exposures.
Risk Management Framework Policy
The following sample outlines a set of policies and procedures for structuring risk management activities to ensure that risks are identified, assessed, managed, monitored and reported in a uniform manner. The aim of risk management is to provide reasonable assurance that companies understand the risks associated with achieving business objectives, and that they are responding appropriately to these risks at all levels within the organization.
Data Management: Data Backup and Storage Policy
The purpose of this policy is to specify the procedures to backup and allow for recovery of important data in the event of accidental or intentional corruption, loss, or destruction of the data. For data critical to the ongoing operation of the business, offsite storage will facilitate keeping the business operational in the event of a physical disaster at the original site.
Conflict of Interest Policy
This sample outlines a set of policies and procedures to help a company and each of its direct and indirect subsidiaries, and each of it’s senior officers and directors, identify and properly address potential conflicts of interest.
Fixed Assets Policy and Procedures
This sample outlines a set of policies and procedures for establishing the standards and procedures for ensuring that Company accounts for capital assets and depreciation are in compliance with management’s objectives and generally accepted accounting principles.
Risk Management Policy
This policy sets out the risk management objectives and requirements for a company's business units. Management is expected to conduct structured risk management in accordance with this policy. The policy is applicable to all business units and divisions. It is also applicable at group level and for group staff functions including Financial, Human Resources, Tax and Legal.
Systems Management: Downloading Policy
The purpose of this policy is to ensure that downloading of large data files does not degrade company network response unnecessarily; planning for increased company network bandwidth is not skewed adversely by unnecessary large download activity; and the company is protected against copyright infringement action.
Signature Authorities Policy
This sample outlines a set of policies and procedures for committing the Company to legal obligations, financial commitments, and in conducting financial transactions.
Academic Conflict of Financial Interest Certification Policy
This sample outlines a set of policies and procedures for avoiding any possible conflict of interest in the conduct of grant or contract activities for academic institutions, to prevent employees or consultants from using their positions for purposes that are, or give the appearance of being, motivated by a desire for private gain for themselves or others, such as those with whom they have family, business or other ties.
Acquisition Policy
The purpose of this policy is to detail the acquisitions/new business development process for a company, including subsidiaries. This applies to the initiation, due diligence, execution, and purchase accounting and integration of all acquisitions.
Information Technology: Role-Based User Management
The purpose of this policy is to ensure that there are controls in place to detect errors by limiting opportunities for employee fraud or theft, to increase the probability of detection when fraud or misappropriation of assets is attempted, and to safeguard company computers and networks against inadvertent exposure to external threats.
Software Acquisition, Implementation and Maintenance: Application Development and Implementation Policy
The purpose of this policy is to control application development and to ensure that it is efficient, cost-effective, and aligned with the IT strategic plan.
Disclosing PHI for Public Health Purposes
This sample outlines a set of policies and procedures to provide guidance and to ensure full compliance with all applicable laws (e.g. HIPAA) related to the use and disclosure of protected health information for public health release purposes. Covered entities are permitted to disclose protected health information to public health authorities for a full range of public health activities.
Customer Master File Maintenance Policy
The purpose of this policy is to establish the guidelines for setting up new customers and modifying existing customer information in company systems. This document outlines steps to follow for new customer set-up requests, rush set-up requests, and customer information changes.
Employment: Workplace Violence Policy
The purpose of this policy is to establish procedures to minimize and/or prevent violence and unacceptable behavior in the workplace and to foster the safety and security of company employees, customers, and visitors to our work sites.
Order Receipt and Fulfillment Policy
This sample outlines guidelines for receiving and entering customer orders to ensure the timely and accurate fulfillment of those orders
Employment: Dispute Resolution Policy
The purpose of this policy is to provide an effective problem-solving and dispute resolution process which every employee can utilize without concern for reprisal or recrimination. Employees need and deserve a process through which they can air grievances, complaints, etc. Informal resolution of disputes is the preferred method of dealing with issues. In unionized organizations the grievance procedure is usually one of the first clauses of a Collective Agreement to be negotiated.
Invoicing Policy
This sample outlines a set of policies and procedures for invoicing customers and issuing invoice corrections.
Employment: Conflicts of Interest Policy
The purpose of this policy is to communicate a company’s position on what matters could constitute a conflict of interest to employees, and to establish a protocol for disclosing and dealing with such conflicts of interest. Many conflicts of interest may not be obvious to an employee. The policy clarifies the employer’s perspective on what constitutes a conflict of interest and what the consequences may be if the employee if found to be in a conflict of interest.
Price Administration Policy
This sample outlines a set of policies and procedures for establishing guidelines related to price administration, including price set-up, price maintenance and review, and the timely update of prices.
Storage and Delivery: Delivery Policy
The purpose of this policy is to ensure that product and materials shipped to customers arrives correctly with quality uncompromised, and that any product damaged during transit is addressed.
Disclosing PHI for Law Enforcement Purposes
This sample outlines a set of policies and procedures governing the disclosure of protected health information (PHI) for law enforcement purposes to a law enforcement official. PHI may be disclosed for law enforcement purposes without the written consent or authorization of the individual, or the opportunity for the individual to agree or object.
Storage and Delivery: Packaging Policy
The purpose of this policy is to ensure that packaging methods are undertaken to prevent damage and/or deterioration. In addition, packaging shall be used to ensure lot integrity, prevent contamination and ensure product traceability.
Customer Credit Policy
The purpose of this policy is to establish guidelines for establishing customer credit limits, the credit hold and release process, and the ongoing credit review of customer accounts, in order to maximize profitability by minimizing credit risk and potential collections issues.
Storage and Delivery: Handling Policy
The purpose of this policy is to ensure that methods are instituted to prevent damage and/or deterioration when handling product and materials. The procedure applies to product and material from initial receipt until final shipping and delivery.
Customer Concerns Handling Policy
The purpose of this policy is to establish guidelines for resolving customer concerns and initiating the Customer Concern Report. Customer concerns may provide constructive ideas for improving products or business processes efficiency by alerting management to issues that need prompt attention and correction, and may indicate long-range opportunities for product innovation and problem prevention.
Storage and Delivery: Storage Policy
The purpose of this policy is to ensure that stored product and materials are not damaged or altered prior to use or delivery. Storage procedures apply to product and material from initial receipt until final shipping and delivery.
Credit and Debit Memo Policy
The following sample outlines a set of policies and procedures for issuing credit and debit memos, including product and container deposit returns and head-office billings, and applies to all employees responsible for the initiation, recording, and authorization of all types of customer account credits and debits.
Storage and Delivery: Inspection and Testing Policy
The purpose of this policy is to ensure that materials and products are inspected and tested for conformance or non-conformance before a product is released, used or installed.
Building and Data Center Physical Security Policy
This sample outlines a set of policies and procedures for governing access to company buildings and data centers, to ensure that Company X buildings and data centers remain physically secure.
Storage and Delivery: Receiving Policy
The purpose of this policy is to ensure that all incoming materials and products are inspected and received in a consistent manner prior to processing.
Credit and Collections Policy (Sample 2)
The purpose of this policy is to establish guidelines related to credit and payment collection activities, including use of the Payment Discrepancy Tracker system for tracking payment discrepancies, and all authorizations required to adjust accounts receivable.
Records Management Policy
This sample outlines a set of policies and procedures for managing company records in an appropriate, systematic and timely manner.
IT Data Management Policy
This sample outlines policies and procedures for data management (back-up and recovery).
IT Change Management Policy
The objective of this document is to provide policy and procedure guidance for implementation of change management within the company’s network/infrastructure.
Warranties and Guarantees Policy
The purpose of this policy is to provide guidance to employees on the appropriate accounting for warranties and the principles associated with providing quality products to its customers.
Records Storage and Retrieval Policy
The purpose of this document is to outline the process departments are required to follow in order to store and retrieve their respective records, and to document how the records will be maintained.
Sales Contracts Policy
The purpose of this policy is to outline basic contract content and authorization requirements for sales contracts.
Disclosing and Requesting Only the Minimum Amount of PHI Necessary
This sample contains procedures to ensure that the appropriate steps are taken to disclose only the minimum amount of protected health information necessary to accomplish the particular use or disclosure, as required under applicable laws and regulations.
Supplier Records and Management Policy
The purpose of this policy is to ensure that the company obtains the best possible combination of quality and price from its suppliers.
Data Center Operations & Problem Management Policy
The objective of this document is to provide policy and procedure guidance for conducting major activities in a company's data centers: help desk support; user access management; system monitoring; problem management, and environmental controls.
Sales Commissions Policy
The purpose of this policy is to establish accountability for setting commission rates and to define the point at which commissions are considered earned.
Authorization for the Use and Disclosure of Individually Identifiable Health Information Without Conditions
This is an example of a form that provides signed authorization for the use or disclosure of individually identifiable protected health information (PHI). This form can be used by organizations that are developing policies and procedures for compliance with the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Financial Spreadsheet Controls Policy
This policy outlines the roles and responsibilities of the IT department as well as the users and developers of spreadsheets and financially significant desktop tools (including Access, Crystal Reports, and Queries) to meet SOX requirements for control over financial reporting.
Supplier Refunds and Discounts Policy
The purpose of this policy is to provide guidance to employees on appropriate record keeping related to supplier refunds or discounts.
Disclosure of PHI in Facility Directories
This sample outlines a set of policies and procedures to give guidance and ensure compliance with all relevant laws and regulations when disclosing protected health information (PHI) in company directories. Health facilities maintain a patient directory for obtaining information regarding patients. Since this directory may sometimes contain personal information, it should be maintained with the utmost security and regard for patient confidentiality.
Recognition of Costs Policy
The purpose of this policy is to provide guidance to the finance department on reflecting costs in asset and liability accounts and when to bring costs into current expense.
Disclosing PHI as Required by Law
This sample outlines a set of policies and procedures to give guidance and ensure compliance with all relevant laws and regulations (e.g. HIPAA) when using or disclosing protected health information (PHI). A covered entity may use or disclose PHI to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law.
Point of Sale Revenues Policy
The purpose of this policy is to minimize risk to the company, and provide guidance to point of sale employees.
Disclosing PHI for Health Oversight Purposes
This sample outlines a set of policies and procedures regarding covered entities obtaining authorization to use or disclose protected health information (PHI) for health oversight purposes authorized by law (e.g. HIPAA), including audits; civil, administrative, or criminal investigations; inspections; licensure or disciplinary actions; civil, administrative, or criminal proceedings; or other oversight activities.
Customer Refunds (Non-Retail Only) Policy
This policy provides guidance to employees in dealing with customers who are unhappy with the products or services they have purchased from the company. If the company is at fault, or has provided defective or unacceptable products or services to a customer, every reasonable step should be taken to correct the situation.
Management Reporting - Purchasing Policy
This sample outlines a set of policies and procedures that address reporting and analysis related to the Purchasing Cycle for purposes of better managing the business.
Authorization to Use or Disclose PHI
This sample outlines a set of policies and procedures regarding covered entities obtaining authorization to use or disclose protected health information (PHI). HIPAA requires a covered entity to obtain authorization to use or disclose protected health information for all purposes not explicitly permitted under the regulations (45 CFR §164.508(b)(4); §164.508(c); §164.508(d)).
Customer Refunds (Retail Only) Policy
This policy provides guidance to employees in dealing with customers who are unhappy with the products or services they have purchased from the company. Products may be returned for any reason within 30 calendar days of purchase. In addition, if the company is at fault, or has provided unacceptable products or services to a customer, every possible step should be taken to correct the situation.
Spreadsheet Controls Policy
To comply with SOX guidelines, it is important to establish appropriate policies that incorporate controls emphasizing the use, storage and modification of spreadsheets and databases used in preparation and reconciliation of the financial reporting process. This policy is intended to ensure that all spreadsheets/databases critical to the financial reporting process or that generate key reports relied upon by management are managed and controlled based on associated risks.
Management Reporting (Revenue) Policy
This policy addresses the regular reporting and analysis requirements relating to the revenue cycle that must to be produced and reviewed to control and manage the organization.
Company Credit Card Policy
This sample outlines a set of policies and procedures to ensure that company credit cards are used for appropriate purposes and that adequate controls are established for day-to-day use.
Expense Advances and Expense Allowances Policy
This sample outlines a set of policies and procedures for dealing with expense advances and expense allowances. The purpose of this policy is to provide guidance to management and employees in situations where a large expense must be undertaken on a cash or cheque basis.
Overdue Accounts and Bad Debts Policy
This sample outlines a set of policies and procedures for dealing with overdue accounts and bad debts.
Production Equipment Security Policy
This sample outlines a set of policies and procedures governing the security of production equipment used in an Internet-facing environment.
Banking/Financial Institution Account Policy
This sample policy establishes guidelines for a company’s activities related to opening, closing and maintaining financial institution accounts. This document discusses topics such as banking relations, qualifications of financial institutions, opening and closing an account, and required account approvals.
Revenue Recognition (Software) Policy
This sample outlines revenue recognition policies for the sale of software, services, and hardware. The document discusses topics such as order documentation, contingencies, payment terms, and the percentage-of completion method.
Insurance Verification (Healthcare) Policy
This sample policy outlines a set of policies and procedures to ensure patient benefits are verified prior to or immediately following an admission or outpatient procedure. This document discusses topics such as insurance verification, insurance authorization for planned procedure, and uninsured patients.
Manual General Ledger Journal Entries Policy
This sample policy ensures all manual journal entries to the Company’s general ledgers are properly prepared, supported by adequate documentation, reviewed, approved and recorded and that journal records are maintained in accordance with audit requirements.
Contingent Liability Policy
This policy provides guidance regarding the recognition and disclosure of contingent liabilities, to insure that contingencies are recorded and disclosed accurately, completely, timely, and consistently.
Portable Computing Device Security Policy
This sample outlines a set of policies and procedures governing the use of portable computing devices and their connection to accompany network.
Anti-Bribery Compliance Program Policy
This sample outlines a set of policies and procedures to prevent violation of any and all national and international anti-bribery and anti-corruption laws and treaties. All employees, agents of the Company, joint-venture partners, or anyone else doing business in Company X’s name, are required to comply strictly with the FCPA, all other applicable anti-bribery and anti-corruption treaties, and all national laws.
Delegation of Authority Policy
This sample outlines a set of policies and procedures that define the limits of authority designated to specified positions of responsibility within a company, and to establish the types and maximum amount of obligations that may be approved by individuals.
Harassment and Discrimination Policy (Non-US)
The purpose of this document is to increase all employees’ understanding of policies regarding discrimination and harassment in the workplace. This sample is based on the procedures and legislation applicable in Australia, but is generally applicable to many other non-US countries.
Purchasing Policy
This sample policy outlines a set of policies and procedures governing the purchasing process. This document specifically discusses topics such as purchasing requirements, approval levels, placement of orders, and receipt and acceptance.
Complaint Handling Procedures (Non-US)
The following sample outlines a set of policies and procedures governing the handling of complaints regarding harassment, discrimination, and bullying. This sample is based on the procedures applicable in Australia, but is generally applicable to many other countries (except US).
General Ledger Account Reconciliations Policy
This sample policy outlines a set of policies and procedures to reconcile the significant accounts contained in the general ledges of a Company and its subsidiaries to assure their accuracy. This document specifically discusses topics such as responsibility for this process, reconciliation completion and review steps, and disposition of unreconciled items.
Physical Inventory Policy
This sample policy outlines a set of policies and procedures to ensure that one un-audited semi-annual and one audited annual physical inventory should be taken of raw materials, work in process, and finished goods. This document specifically discusses topics such as the annual and periodic physical inventory process, off premise inventories, inventory ownership, and reconciliation of physical and perpetual records.
Policies & Procedures - Other Resources
Links to sample audit policies and procedures on the internet
Revenue Recognition Policy - Sample 2
This sample policy outlines a set of policies and procedures governing the revenue recognition process. This document specifically discusses topics such as sales, deferred sales, freight out, contra accounts to net sales, and applicable external guidance related to this process.
Finance End User Computing Policy
This sample outlines a set of policies and procedures governing the accuracy and reliability of spreadsheets and other similar applications used to produce or support critical financial information, and to mitigate the risk of financial reporting errors caused by end-user computing errors.
Background Checks and Confidentiality Policy - Contractors
This sample outlines a set of policies and procedures extending background checks to temporary personnel. This policy applies to professionals recruited in the future to full time positions and professionals currently or in the future recruited for temporary and independent contractor engagements, as well as any other employees provided by firms working with Company X.
HIPAA PHI Policies and Procedures
This sample outlines a set of policies and procedures governing the handling of Protected Health Information (PHI) in compliance with HIPAA security provisions. This policy must be followed when performing services for a client that is a Covered Entity or a Business Associate of a Covered Entity.
ISO 9000 Certification Policy
The following sample provides an outline of the policies and procedures that an organization must undertake in order to achieve ISO 9000 certification.
Injury and Illness Prevention Policy
The following sample outlines a set of policies and procedures for protecting the safety and health of the employees at a Company. Although these procedures are generally applicable worldwide, some items refer specifically to U.S regulations.
Model Management Control Policy
This sample policy outlines the roles and responsibilities of management, internal audit, and the audit committee related to controls over an organization’s processes. This policy was derived from The IIA Quality Assurance Manual, Fourth Edition.
Internal Company Knowledge Sharing Policy
This sample outlines a set of policies and procedures governing knowledge sharing within a company, using a Knowledge Management (KM) strategy that ties the efforts and information created and used by the various product, industry, and process groups into one cohesive platform for knowledge sharing.
Credit Risk Policy
This sample outlines a set of policies and procedures formalizing the credit risk management process, the goal of which is to: protect against any unwarranted customer or counterparty credit exposures; maintain credit risk at a manageable level; and identify and avoid a material credit failure (of a significant value, which would impact earnings).
Web Internet Use Policy
This sample policy outlines a set of policies and procedures governing the use of the Internet, Web browsers, and other applications with the ability to access or transfer data to or from servers connected to the Internet.
User Password Policy
This sample outlines a set of policies and procedures governing the creation and use of user passwords to protect company computer systems.
Acceptable Use Policy
The following sample outlines a set of policies and procedures governing the acceptable use of technology resources. Inappropriate use of technology resources can expose companies to risks including virus attacks, compromise of network systems and services, and legal issues.
User Authentication and Authorization Policy
The following sample policy outlines a set of policies and procedures governing user authentication and authorization and other access rules that help protect computer systems.
Production System Access Policy
This sample outlines a set of policies and procedures governing access to production systems and applications, and the documentation of changes to these systems and applications.
Exceptions and Non-Conformance Policy
This sample outlines a set of policies and procedures governing action to be taken when special circumstances prevent compliance with an established policy, procedure, standard, or guideline, or a federal or state regulation. This policy addresses how exceptions and non-conformance to existing Information Security Services policies, procedures, standards, and guidelines are handled.
Network Security Policy
The purpose of this security policy is to protect user accounts, corporate data, and intellectual property owned by an organization.
System, Database and Application Administrator Policy
The purpose of this policy is to define the roles, activities, and responsibilities of administrators with regard to access rights to applications running on a company’s computer resources. The policy includes all system, database and application administrators (including third-party vendors) who have access to technology resources, either locally or remotely.
Internal Lab Security Policy
The purpose of this policy is to ensure that company confidential information and technologies are not compromised. This policy also establishes requirements for internal labs so that production services and other company interests are protected from lab activities.
Delegated Approval Authorization Policy
This policy provides an example of how to communicate signature requirements necessary for daily business transactions in a company. This policy indicates to whom delegations have been assigned and applicable dollar limits. It covers topics such as types of authorization, temporary delegations, and organizational changes.
Change of Access Status Policy
The following sample outlines a set of policies and procedures governing all changes to the access granted to a user of Company X’s computing systems. This defines the conditions for creating, terminating, or altering the status of a user’s access to Company X technology resources.
Email Policy (Sample 2)
The following sample outlines a set of policies and procedures for the use of company email systems. The purpose of this policy is to define rules for the protection of company confidential information distributed by email and to document the acceptable and unacceptable use of email.
Capital Projects – Allocating Contract Cost Policy
This policy outlines procedures to ensure that costs associated with company capital projects are accounted for according to Generally Accepted Accounting Principals (GAAP). The policy focuses on how recognition of contract costs can be affected by back-billing, claims, change orders and revised estimates. It also discusses methods such as estimated costs to complete, percentage-of-completion, and completed-contract.
Fraud Policy
This policy describes a broad range of actions that constitute fraud and that must be reported. The conditions of this policy apply to any irregularity, or suspected irregularity, involving not only employees but also shareholders, vendors and outside agencies. This policy addresses investigation responsibility, confidentiality, and reporting procedure.
User Malicious Software Policy
The purpose of this security policy is to outline and define the user’s responsibilities in ensuring updates and maintenance of anti-virus software on his or her Company X computer.
Contract and Project Approval Policy
This policy outlines procedures for evaluating, negotiating, and executing significant contracts and internal and external projects with legal and/or financial implications. This policy also focuses on tracking the intake of new contracts or internal projects, conducting a review and approval, and having contracts serve as a historical record for the Company’s significant transactions.
Third Party Access Policy
The purpose of this policy is to define security policies that apply to temporaries, contractors, consultants, and third parties, when such connectivity is necessary for business purposes. This policy covers both the physical and administrative requirements needed to manage secure network connectivity between an organization and any third party requiring access to the organization’s computing resources.
Information Security Overview Policy
This sample provides an overview of Information Security Services (ISS) policies, procedures, standards, and guidelines. These policies are an important aspect of information security and are written to protect user accounts, corporate data, and intellectual property owned by a company.
Instant Messaging Policy
This sample outlines a set of policies and procedures for the use of Instant Messaging, and are designed to protect Company X from technology abuse or misconduct. Inappropriate use of IM exposes Company X to risks including virus attacks, compromise of network systems and services, and potential legal issues.
Policies and Procedures For Preparing Analyses And Notes To Financial Statements
The following sample outlines policies and procedures to be used to manage financial reporting information to ensure accurate disclosure in the financial statements.
Consolidated Financial Statement Reporting and Disclosures Policy
The following sample outlines policies and procedures to be used to ensure the completeness and accuracy of disclosures made in quarterly and annual public filings with the SEC.
Internal Disclosure Certification Process Policy
This sample outlines policies and procedures to be used to ensure the fair presentation and disclosure of financial results, and is designed to ensure comfort to those Company X executives responsible for signing the external disclosure certification submitted to the SEC in accordance with SEC rules and regulations as required by the Sarbanes-Oxley Act of 2002.
Record Disposal & Retention Policy (Sample 2)
This sample document retention policy provides disposal and notification guidelines and includes an example schedule of retention periods for many types of records including communications, contracts, facilities, finance and HR documents.
Controls Over the Implementation and Application of New Accounting Standards Policy
The following sample outlines policies and procedures to be used when new accounting standards have been issued and require implementation.
Document Access Controls For Analyses and Notes to the Financial Statements Policy
This policy documents the controls and procedures designed to ensure limited access to, and control of financial reporting documents used for the preparation and updating of quarterly and annual public filings with the US Securities and Exchange Commission.
Overall Financial Reporting Document and Disclosure Controls Policy
This policy documents the overall controls and procedures designed to ensure the quality and accuracy of disclosures made in quarterly and annual public filings with the US Securities and Exchange Commission.
Deduction and Rebate Payment Verification Policy
The following sample outlines a set of policies and procedures for the verification of customer deductions and rebates in a retail environment. All trade deductions and rebates should be tested on a periodic, sample basis according to these procedures.
Related Party Transactions Policy
This policy defines related party transactions, identifies the significance of related party accounting implications, and provides guidance regarding approval and reporting of related party transactions.
Rebate Payments Policy
This policy establishes the procedures for identifying rebate payments to be made, and for calculating the appropriate payment value
Signature and Authorization Policy
This policy documents the signature approval and authorization requirements necessary to commit company funds or assets, related to Trade Promotion and Pricing.
Invoice Deductions Policy
The following sample outlines a set of policies and procedures for dealing with invoice deductions in a retail environment.
Duplicate Deductions Policy
This sample outlines a set of policies and procedures for identifying and correcting duplicate deductions and/or rebate payments in a retail environment. All duplicate trade and non-trade deductions are to be investigated according to the procedures below.
Data Backup Policy
This policy is intended to provide a standardized means of backing-up and maintaining computer files within an organization. The backup and maintenance of files is critical to the viability and operations of a company, and it is essential that certain basic standard practices be followed to ensure that data files are backed up on a regular basis.
Retainage Policy
This policy is intended to provide a standardized means of identifying and accounting for the retainage of funds.
Record Retention Policy
This policy is intended provide guidance about the retention and access of corporate documents by employees.
Early Identification Of New Disclosure Items For SEC Reporting Policy
This policy is intended to facilitate the early detection and disclosure of reportable items to the SEC and to improve the efficiency and effectiveness of compliance efforts. The policy applies to all corporate and subsidiary locations, with particular emphasis on parties responsible for financial reporting and disclosure of related events.
Policies & Procedures: Internet and Email Acceptable Use Policy
The following sample outlines a set of policies and procedures that provides rules and guidelines for Internet and email use within a company. It is intended as a sample for other companies who are in the process of creating or re-evaluating their policy.
Payroll Policy (Sample 2)
The following sample outlines a set of policies and procedures for the Payroll function.
Inventory Policy
This policy provides guidelines and sets forth the appropriate accounting policies to prevent losses or shortages, and to ensure that all inventory items including raw materials/parts, work in progress, and finished goods and consigned inventory, are properly controlled and costed.
Intangibles Policy
This sample outlines a set of policies and procedures to provide a standardized means of identifying and accounting for the acquisition of intangibles and their amortization while utilized by the U.S. offices and subsidiaries of Company X, for transactions in excess of $1,000 U.S. dollars.
Inter-Company Accounting/Reporting Policy (Sample 2)
The purpose of inter-company accounting is to allocate assets, liabilities, revenues, and expenses to the appropriate legal entity in relation to the economic benefits and obligations associated with the operational activity incurred. Accounting for inter-company transactions requires constant attention and reconciliation to prevent the loss of time and resources. This policy is designed to ensure that inter-company transactions are processed correctly at the time the transaction occurs.
Financial Reporting Package Policy
This sample outlines a set of policies and procedures to provide a consistent format for reporting required financial information for management and statutory reporting requirements.
Accrued Liabilities Policy
The following sample outlines a set of policies and procedures for accrued liabilities. It is intended to provide guidance with regard to the definition of and responsibility for items included in the Accrued Liabilities-Other account.
Credit and Collections Policy
The following sample outlines a set of policies and procedures to provide for the credit and collection of accounts receivable in a nondiscriminatory manner, and to maximize the company’s profitability by maintaining a moderate level of investment in accounts receivable and minimizing write-offs of bad debt and maximize sales.
Cash Policy
The following sample outlines a set of policies and procedures to provide a standardized means of managing and accounting for Company X.’s cash funds.
Overall Requirements for Information Security Policies
The following sample provides an outline for the creation of a set of policies and procedures for the overall security of information and a framework for subsequent specific policies.
Whistleblower Policy and Procedures
This policy establishes the standards and procedures to ensure that accounting and audit related complaints handling complies with management’s and the audit committee’s objectives.
Accounts Receivable Policy
This accounts receivable policy sample establishes guidelines relating to receivable management, in particular how and when to reserve a receivable, write-off a receivable, and recover a receivable. The objective of this policy is to ensure consistency in a company’s accounting treatment of receivables.
Accounts Payable Policy
This policy is for invoices paid by Accounts Payable primarily for operating invoices (including SG&A), employee advances, expense reports, casual labor/subcontractors and fixed assets. This policy can be reviewed and downloaded for comparison with your company policy.
Wireless Communication Policy
This sample policy defines the conditions under which wireless devices may be used for communication with a company’s private network.
>> Sign up now for a 30-day free trial or an annual subscription.
Find out more about our subscription prices and group discounts.
If you have any questions please contact us.