SALES Student ASSOCIATE- RAS Handbook / Q0104 Also known as sales workers or salespersons, sales associates sell retail products and goods, such as equipment, clothes, cars or car parts, etc. Sales associates work with customers to find what they want, ensure a smooth sales process and process transactions. Individuals in this position interact with customers to understand and service customer needs with specialization leading to maximization of business in a retail environment. SECTOR: RETAIL SUB-SECTOR: B2B & B2C OCCUPATION: Store Operations REFERENCE ID: RAS / Q0104
Index Chapters Page No. 1. Introduction and Orientation…………………………………………………………..2 2. To process credit applications for purchases…………………………………..............7 3. To help keep the store secure………………………………………………………….19 4. To help maintain health and safety…………………………………………….........…43 5. To demonstrate products to customers………………………………………...........…75 6. To help customers choose right products……………………………………….……..86 7. To provide specialist support to customers facilitating purchases……………...…….112 8. To maximise sales of goods & services……………………………………….........…118 9. To provide personalised sales & post-sales service support………………….…….…129 10. To create a positive image of self & organisation in the customers mind……...........152 11. To resolve customer concerns……………………………………………….….....…165 12. To organise the delivery of reliable service…………………………………….……176 13. To improve customer relationship………………………………………………....…208 14. To monitor and solve service concerns…………………………………………..…..216 15. To promote continuous improvement in service………………………………...…...224 16.Glossary………………………………………………………………….……………237 1
Chapter 1 Introduction and Orientation 1. Introduction Retail has touched every sphere of modern consumers from all over the world. Retail is the sale of goods and services to consumers, in contrast to wholesaling, which is sale to business or institutional customers. A retailer purchases goods in large quantities from manufacturers, directly or through a wholesaler, and then sells in smaller quantities to consumers for a profit. Retailers are the final link in the supply chain from producers to consumers. Shopping generally refers to the act of buying products. Sometimes this is done to obtain final goods, including necessities such as food and clothing; sometimes it takes place as a recreational activity. Recreational shopping often involves window shopping and browsing: it does not always result in a purchase. Retail markets and shops have a very ancient history, dating back to antiquity. Some of the earliest retailers were itinerant peddlers. Over the centuries, retail shops were transformed from little more than \"rude booths\" to the sophisticated shopping malls of the modern era. Market Overview Indian economy, one of the fastest growing economies of the world, is witnessing major shifts in consumer preferences. Increasing disposable income, brand awareness and increasing tech-savvy millennial population are the driving factors of corporatized retail within the country. Overall, Indian retail scenario has shown sustainable long-term growth compared to other developing economies. The Indian retail market was worth Rs 41,66,500 crore (US $641 billion) in 2016 and is expected to reach Rs 1,02,50,500 crore (US $1,576 billion) by 2026, growing at a Compound Annual Growth Rate (CAGR) of 10 per cent. It is envisaged that the current fashion retail market worth Rs 2,97,091 crore (US $46 billion) will grow at a promising CAGR of 9.7 per cent to reach Rs 7,48,398 crore (US $115 billion) by 2026. 2
Retail Formats Retail format is the store ‗package‘ that the retailer presents to the shopper. A format is defined as a type of retail store that includes location, size, merchandise, display, service, price that are used by a set of retailers. Classification on the basis of price of the merchandise offered to the end customer Consumer co-operatives It aims at providing essential commodities at reasonable prices. AS s a national policy, consumer cooperatives have been encouraged and developed as democratic institution owned, managed and controlled by its members for protection of the interested of the common consumers. Off price retailers They buy manufacturers seconds, overrun, off seasons at a deep discount. These outlets are usually seen by a parent company as a means of increasing the business. Discount department stores A hybrid warehouse/superstore with 50,000 plus items and the full range of service departments, featuring high quality perishables and reduced prices. 3
Outlet stores It range from 20,000 sqft to 80,000 sqft are typically the discount arms of major department stores. Warehouse clubs It ranges from 104,000 sqft to 170,000 sqft, offer a variety of goods in bulk, at wholesale prices. Super warehouse store A hybrid warehouse/superstore with 50,000 plus items and the full range of service departments, featuring high quality perishables and reduced prices. CHALLENGES TO RETAIL DEVELOPMENT IN INDIA Organized retail in India is little over a decade old. It is largely an urban phenomenon and the pace of growth is still slow. Some of the reasons for this slow growth are: - RETAIL NOT BEING RECOGNIZED AS AN INDUSTRY IN INDIA Lack of recognition as an industry hampers the availability of finance to the existing and new players. This affects growth and expansion plans. THE HIGH COSTS OF REAL ESTATE Real estate prices in some cities in India are amongst the highest in the world. The lease or rent of property is one of the major areas of expenditure; a high lease rental reduces the profitability of a project. HIGH STAMP DUTIES In addition to the high cost of real estate the sector also faces very high stamp duties on transfer of property, which varies from state to state (12.5% in Gujarat and 8% in Delhi). The problem is compounded by problems of clear titles to ownership, while at the same time land use conversion is time consuming and complex as is the legal process for settling of property disputes. LACK OF ADEQUATE INFRASTRUCTURE Poor roads and the lack of a cold chain infrastructure hampers the development of retail market in India. The existing supermarkets retailers have to invest a substantial amount of money and time in building a cold chain network. TYPES OF RETIAL MARKET-ORGANISED AND UNORGANISED RETAIL Characteristics of organized retail formats Direct interaction with customers. Employment generation. 4
Boosts to exports. Improvement of government revenues. Dominant in food, grocery & apparel. Provide ideal shopping. Expose shoppers. Expanded business opportunities. Impact on Employment and Prices. Importance of organized retailing Price advantage. Merchandise. Dearth of time. Employment opportunities. Better social infrastructure. Benefit to tourism. Better realization of taxes. Advantages of Organized Retail in India Enhanced Welfare Gains for Consumers. Gains for Farmers Link with Manufacturing Boost to Exports Impact on Growth and Productivity. Improvement of Government Revenues. Impact on Employment and Prices. Unorganized retailing Unorganized retailing, on the other hand, refers to the traditional formats of low-cost retailing, for example, the local mom and pop store, owner manned general stores, convenience stores, hand cart and pavement vendors, etc. 5
Characteristics of unorganized retail formats Lack of inventory control & supply chain management. Labor intensity. Family run stores. Lack of standardization. Crowded format. Absence of real competition. Low productivity. Unique operation. ORGANISED v/s UNORGANISED The Indian retail market, over the last decade, has been increasingly leaning towards organized retailing formats. The pattern in domestic retailing is altering in the favor of organized modern retailing, a big change from the traditional plethora of unorganized family-owned businesses. Rapid urbanization, changes in shopping pattern, demographic dividend and pro-active measures by the Government are abetting the growth of the retail sector in India. Driven by the growth of organized retail coupled with changing consumer habits, retail sector in India is set to be more than double to US$ 150 billion by 2025. 6
Chapter 2 To process credit applications for purchases A retail sales associate is essentially the face of a retail outlet. In making a customer's first visit to one continuing for a lifetime, doesn't just lie the magic of the company's products but also the pretty face selling it. How many times have we visited a store and decided to ignore it forever due to the experience we had with the sales guy out there? Or how many of us have a pet retail outlet we love to visit because of the warm hospitality offered by the sales guys. A good retail sales associate's job is very closely related to exceptional customer service and interpersonal skills The Job Role and Responsibilities The primary job roles and responsibilities of a Retail Sales Associate include: Agility in responding to customer‘s requirements and resourcefully attending to his concerns Engaging the customer with details of product Serving multiple customers at one time Representing the store in a professional and mature manner Accurately completing billing transactions Receiving and maintaining store inventory and deliveries. Competencies and Skills Required Excellent communication and interpersonal skills are needed to excel in this profile. Apart from that, work management, ability to handle stress and multiple requests at one time, prompt thinking ability are some other essential characteristics needed for this role. The major skills and competencies required for this role are: Excellent communication skills Excellent customer service skills Ability to handle stress Good listening skills Patience Assessment for the „Right’ Retail Sales Associate The following table illustrates how various skills and personality traits map to assessments required for the Retail Sales Associate role: 7
Retail Sales Associate Profile Skills AMCAT (Aspiring Minds Computer Adaptive Test) Mapping Communication Skills Spoken English: Mid Agreeableness: Mid to High Interpersonal Skills Spoken English: Mid Extraversion: High Openness to Experience: Mid Problem Solving Skills Logical Ability: Mid to High Ability to Work under stress Emotional Stability: High What do retail sales associates do? They're everywhere you shop, assisting you with hard-to-find items, answering questions and ultimately getting you to buy what they're selling. They provide a variety of services, from helping you pick out items to ringing up your purchases. Like cashiers, retail sales associates use cash registers to process transactions and are responsible for keeping track of all the money inside. You might encounter retail sales associates several times a day without realizing it - they work at department stores, grocery stores, cell phone stores and even car dealerships. You've got to have a lot of patience to make it as a retail sales associate because unfortunately, you will run into your fair share of difficult customers. The most successful sales associates are polite, friendly and have a very outgoing personality. If you're not a naturally happy person who likes to work with others, then retail sales is not for you. As a retail sales associate you've got to know what you're talking about; if you sell cars, you'll need to know specifics about each car's features, your dealership's financing policy and warranty services. The same goes for people who sell TVs, mattresses and clothing. Most retail sales associates work indoors - but don't be surprised to find yourself outdoors, sometimes in bad weather, if you decide to sell cars, lumber or gardening equipment. Retail sales associates are on their feet a lot, so comfy shoes are a must. Long hours and weekends are the norm for retail sales associates. Since most retail stores are busiest in November and December, you'll be required to work nights, weekends and holidays during the busy season. 8
Credit granting procedure A credit review process is needed to ensure that a business does not grant credit to customers who are unable to pay. The credit department handles all credit reviews. The department may receive paper copies of sales orders from the order entry department, documenting each order requested by a customer. In this manual environment, the rece ipt of a sales order triggers a manual review process where the credit staff can block sales orders from reaching the shipping department unless it forwards an approved copy of the sales order to the shipping manager. The order entry procedure for a manual system is outlined below. 1. Receive sales order. The order entry department sends a copy of each sales order to the credit department. If the customer is a new one, the credit manager assigns it to a credit staff person. A sales order from an existing customer will likely be given to the credit person already assigned to that customer. 2. Issue credit application. If the customer is a new one or has not done business with the company for a considerable period of time, send them a credit application and request that it be completed and returned directly to the credit department. This may be done by e-mail to speed the application process. 3. Collect and review credit application. Upon receipt of a completed sales order, examine it to ensure that all fields have been completed, and contact the customer for more information if some fields are incomplete. Then collect a credit report, customer financial statements, bank references, and credit references. 4. Assign credit level. Based on the collected information and the company‘s algorithm for granting credit, determine a credit amount that the company is willing to grant to the customer. It may also be possible to adjust the credit level if a customer is willing to sign a personal guarantee. 5. Hold order (optional). If the sales order is from an existing customer and there is an existing unpaid and unresolved invoice from the customer for more than $___, place a hold on the sales order. Contact the customer and inform them that the order will be kept on hold until such time as the outstanding invoice has been paid. 6. Obtain credit insurance (optional). If the company uses credit insurance, forward the relevant customer information to the insurer to see if it will insure the credit risk. 7. Verify remaining credit (optional). A sales order may have been forwarded from the order entry department for an existing customer who already has been granted 9
credit. In this situation, the credit staff compares the remaining amount of available credit to the amount of the sales order and approves the order if there is sufficient credit for the order. If not, the credit staff considers a one-time increase in the credit level in order to accept the order or contacts the customer to arrange for an alternative payment arrangement. 8. Approve sales order. If the credit staff approves the credit level needed for a sales order, it stamps the sales order as approved, signs the form, and forwards a copy to the shipping department for fulfillment. It also retains a copy. 9. File credit documentation. Create a file for the customer and store all information in it that was collected as part of the credit examination process. Credit Facility What is a 'Credit Facility?' A credit facility is a type of loan made in a business or corporate finance context, including revolving credit, term loans, committed facilities, letters of credit and most retail credit accounts. Companies frequently implement a credit facility in conjunction with closing a round of equity financing or raising money by selling shares of its stock. A key consideration for any company is how it will incorporate debt in its capital structure while considering the parameters of its equity financing. 'Credit Facility' A credit facility lets a company take out an umbrella loan for generating capital over an extended period of time. Flexibility of a Credit Facility A business may use a credit facility rather than reapplying for a loan each time it needs money. The company may take out a credit facility based on collateral that may be sold or substituted without altering the terms of the original contract. The facility may apply to different projects or departments in a business and be distributed at the company‘s discretion. The time period for repaying the loan is flexible. Terms and Structure of a Credit Facility A credit facility agreement details the borrower‘s responsibilities, loan warranties, lending amounts, interest rates, loan duration, default penalties, and repayment terms and conditions. The contract opens with the basic contact information for each of the parties involved, followed by a summary and definition of the credit facility itself. The summary includes a brief discussion of the facility‘s origin, the purpose of the loan and the ways in which funds are distributed. Specific precedents on which the facility rests are included as well. For 10
example, statements of collateral for secured loans or particular borrower responsibilities may be discussed. Repayment Terms of a Credit Facility The terms of interest payments, repayments and loan maturity are detailed. They include the interest rates and date for repayment, if a term loan, or the minimum payment amount and recurring payment dates, if a revolving loan. The agreement details whether interest rates may change and specifies the date on which the loan matures, if applicable. Legal Provisions of a Credit Facility The credit facility agreement addresses the legalities that may arise under specific loan conditions, such as a company defaulting on a loan payment or requesting a cancelation. The section details penalties the borrower faces if defaulting and steps the borrower takes to remedy the default. A choice of law clause itemizes particular laws or jurisdictions consulted in case of future contract disputes. Customer Credit Application Process Many businesses extend credit to customers through a customer credit application process in hopes of helping them purchase big ticket items with the convenience of paying for them over time. When the customer credit application process is complicated, customers are less likely to bother, and there are more chances for mistakes along the way. Paper forms take a long time to fill out, plus they’re prone to loss and errors. If it has been a while since you have reviewed your customer credit application process, perhaps it‘s time for revaluation. You may be able to make significant improvements, making it faster, less error-prone, and more efficient, without a major project or expense. It‘s good to start by knowing where today‘s customers are coming from. What Customers Want Today Customers today are used to doing everything online, and an increasing number of things using mobile technology. Filling out a customer credit application by hand, or phoning a 11
contact centre and relating information for them to put into forms is perceived as antiquated and a hassle. They want to go online, enter their information securely, and get a quick answer as to whether credit will be extended. The old days of turning in paper applications and then waiting for mail or a phone call to arrive with the decision of whether credit would be offered or not are part of the past now, and if you still rely on these methods for providing customer credit, you could be missing out on a lot of applicants and their spending power. Make Your Application Forms Smart Electronic credit application forms are better for multiple reasons. For one, they won‘t get lost (along with any personal information entered on them). They‘re by definition legible, and you can design your electronic forms to ensure inappropriate answers can‘t go through. For example, if a number is required in a particular form field, the form can be made to refuse submission if letters are mistakenly entered. Furthermore, you can design your forms so that information entered one time ―waterfalls‖ into other related forms and fields. When a customer enters his phone number once, it can be used to fill in phone number information in multiple places at once, minimizing the chances of errors and considerably speeding up the process. Faster Approval Means More Enthusiastic Customers When your customer credit application process is both electronic and ―smart,‖ it goes faster. When an application is submitted, recipients can be notified by text or email alert that their input and action is required. This is much more efficient than the paper form that hibernates under a stack of papers on someone‘s desk until they discover it. The more quickly a credit is approved, the sooner a customer can go shopping! A smart customer credit application process means customers find the process less daunting, and they get their answer sooner. The sooner a customer is approved for credit, the sooner he or she can enjoy shopping with you. 12
Simplified Credit Application Draws More Applicants It only makes sense that a simplified credit application process draws more applicants than a drawn-out, complex process. Some businesses set up application kiosks that are convenient for in-store customers and that work similarly to how the process works on your business website. When a customer sees a high-ticket item in your store and knows he or she can get credit approval in a short amount of time, it‘s an easier decision to go ahead and apply. The more customer credit applications your business receives, the more it approves, and the more customers are able to purchase from you. It‘s a win for all parties involved. Purpose of a credit card How credit cards work When you apply for a credit card, you apply to borrow money from the card issuer, usually a bank. The issuer will look at your credit history before it accepts your application – and if you have a low credit score you could be refused credit, or perhaps given a less attractive deal. If all is well, the bank will set a credit limit, which is the maximum amount you can spend on the card. The card company will send you a statement every month, detailing the transactions on the card, plus the amount owing. It will also provide details on the minimum payment you need to make and the payment due date. Borrow money for nothing Most credit cards come with an interest-free period of about 56 days. In other words, as long as you clear the balance in full when you receive your monthly statement, there will be no interest to pay. If you‘re looking to make a big purchase, then a credit card with a 0% interest rate for a specified period is what you need. It‘s possible to get a card where no interest is charged for over two years. Once the interest-free period comes to an end, you will then start paying interest of around 19% or more – although one option would be to transfer the outstanding balance to a new card. Pay more than the minimum If you do not clear the outstanding balance you will be charged interest. At the very least, you must pay the stated minimum each month, but try to pay as much as you can afford. If you make only the minimum monthly payment, it could take many years to clear the debt. 13
Our handy credit card calculator will help you work out how long it will take to pay off your balance based on your current payments. You can also find out how your payments will change should you want to clear your balance by a set date. Beware penalty charges Anyone who misses a payment or misses the payment deadline will normally have to pay a penalty charge. There is also a penalty if you exceed your credit limit. So it‘s important to be in control of your credit card and monitor your statements. And if you are running into problems, contact the card issuer immediately. Don‟t withdraw cash You can use your credit card to withdraw cash from an ATM, but it‘s best to resist the temptation. There is usually a fee for cash withdrawals and the rate of interest is typically higher than the standard rate on the card. Plus, there is usually no interest-free period, so the cash withdrawal will start to rack up interest immediately. Card protection Some people prefer credit cards to cash as they can be more secure. If your card is lost or stolen, you can simply report the incident to the bank and cancel the card. Credit cards also offer protection on purchases over £100 and below £30,000, so for example you booked a holiday and the travel firm goes out of business you should be able to claim the money back from your credit card provider. For more information on how your credit card protects you read our guide. How to find the best credit card you don‘t have to approach your own bank for a credit card; you can apply to any issuer on the market. But the very best deals are usually reserved for customers with a sound credit record. If you‘re looking to make a big purchase then a credit card with a 0% interest rate is what you need. It‘s also worth bearing in mind that you might not be offered the advertised rate. The rules state that only 51% of successful applicants must pay the advertised rate, which means that almost half could be paying a much higher rate of interest. If you are unsure which type of credit card best suits your needs, our helpful credit card decision treewill ask you a set of questions which will help identify which card might be right for you. How to find out the likelihood of getting accepted for a credit card Even if you have the best credit score you might still get rejected for a card or not get the advertised deal. Lenders have their own specifications that they are looking for in customers, making it difficult to predict if you‘ll get accepted. 14
Advantages & Disadvantages of Credit Card Advantages Disadvantages Convenience--Credit cards can save you time Overuse--Revolving credit makes it easy to and trouble--no searching for an ATM or spend beyond your means. keeping cash on-hand. Record keeping--Credit card statements can Paperwork--You'll need to save your receipts help you track your expenses. Some cards and check them against your statement each even provide year-end summaries that really month. This is a good way to ensure that you help out at tax time. haven't been overcharged. Low-cost loans--You can use revolving credit High-cost fees--Your purchase will suddenly to save today (e.g., at a one-day sale), when become much more expensive if you carry a available cash is a week away. balance or miss a payment. Instant cash--Cash advances are quick and Unexpected fees--Typically, you'll pay between convenient, putting cash in your hand when 2 and 4 percent just to get the cash advance; also you need it. cash advances usually carry high interest rates. Perks--From frequent flier miles to discounts No free lunch--The high interest rates and on automobiles, there is a program out there annual fees associated with credit cards often for everyone. Many credit card companies outweigh the benefits received. Savings offered offer incentive programs based on the amount by credit cards can often be obtained elsewhere. of purchases you make. Build positive credit--Controlled use of a Deepening your debt--Consumers are using credit card can help you establish credit for credit more than ever before. If you charge the first time or rebuild credit if you've had freely, you may quickly find yourself in over problems in the past--as long as you stay your head--as your balance increases, so do your within your means and pay your bills on time. monthly minimum payments. 15
Purchase protection--Most credit card Homework--It's up to you to make sure you companies will handle disputes for you. If a receive proper credit for incorrect or fraudulent merchant won't take back a defective product, charges. check with your credit card company. Balance surfing--Many credit card Teaser rates--Low introductory rates may be an companies offer low introductory interest attractive option, but they last only for a limited rates. These offers allow you to move time. When the teaser rate expires, the interest balances to lower-rate cards. rate charged on your balance can jump dramatically. Creditworthiness Creditworthiness is a valuation performed by lenders that determines the possibility a borrower may default on his debt obligations. It considers factors, such as repayment history and credit score. Lending institutions also consider the amount of available assets and the amount of liabilities to determine the probability of a customer's default. 'Creditworthiness' Several businesses have established credit rating systems to determine the creditworthiness of an individual or company. It is essential for every person to keep track of his credit score because this is the primary factor that financial institutions use to decide if the person is eligible for an advantageous interest rate. Payment history or credit history depicts how a person meets debt obligations, which establishes creditworthiness or the financial character of a person. Payment history counts for 35% of a person‘s credit score. Creditworthiness is depicted as a credit score. A high credit score provides high creditworthiness. In addition, creditworthiness considers other factors such as age, income, financial obligations, employment status, total debt owed, types of accounts, length of payment history and the ability to repay debt. It determines the interest rate, fees and terms and conditions of a credit card or loan. It also affects employment eligibility, insurance premiums, business funding and professional certifications or licenses. The three prominent credit reporting agencies that measure creditworthiness are Experian, TransUnion and Equifax. Lenders pay the credit reporting agencies to access credit data on 16
potential or existing customers in addition to using their own credit scoring systems to grant approval for credit. How to Improve There are several ways an individual can improve his credit score to establish creditworthiness. The main way to increase creditworthiness is to pay bills on time. Get current on any late payments or set up payment plans to pay off past due debt. Pay more than the minimum monthly payment to pay down debt faster and reduce the assessment of late fees. Order a free copy of your TransUnion, Experian and Equifax credit reports. Review all the information for accuracy and dispute any errors. Provide supporting documentation to substantiate your dispute claim. In addition, you can dispute inaccurate information with the company reporting the error. Keep credit card balances at 20% or less of the credit limit; 10% is ideal. Verify your debt-to- income (DTI) ratio. An acceptable DTI is 35%, but 28% is ideal. DTI can be calculated by dividing your total monthly debt by your total gross monthly income. Lenders use DTI when assessing an individual‘s creditworthiness. Creditworthiness is difficult to restore once it is lost; individuals must work diligently to retain their creditworthiness. Use of Credit Card Used responsibly, a credit card can be a very helpful financial tool. Making consistent, on- time payments can help boost your credit rating, and some cards offer rewards for purchases or even a 0% interest rate for a short period of time on any money transferred to that account. But if your credit spending gets out of control, monthly payments and accumulated interest can become a problem. Follow these credit card tips to avoid common problems: 1. Pay off your balance every month. Avoid paying interest on your credit card purchases by paying the full balance each month.1Resist the temptation to spend more 17
than you can pay for any given month, and you‘ll enjoy the benefits of using a credit card without interest charges. 2. Use the card for needs, not wants. A credit card should be used carefully. Frivolous purchases can lead to debt. Credit cards can be used in emergency situations, such as a mobile phone bill that‘s due before your next payday. Use the credit card as a temporary loan to yourself, and then pay back the amount as soon you can to avoid interest charges. 3. Never skip a payment. Pay your bill every month, even if the minimum payment is all you can afford. Missing a payment could result in a late fee, a higher interest rate and a negative mark on your credit score. 4. Use the credit card as a budgeting tool. If you‘re confident you can use a credit card responsibly and pay off the balance every month, try using it as a budgeting tool. By making all of your purchases with your credit card, you can see exactly how much you‘ve spent at the end of the month. Of course, you should only do this if you know you can pay off the balance each month. To make sure your credit card spending doesn‘t get out of hand, never charge more to your card than you have in your bank account. 5. Use a rewards card. If you‘re using a credit card for most or all of your purchases, it makes sense to use a card that offers rewards. Not only can you avoid paying interest, but you‘ll also earn rewards such as cash, airline miles or retail points. 6. Stay under 30% of your total credit limit. One way to keep your credit score healthy is to keep your credit utilization ratio under 30%. This credit utilization ratio is the percentage of total available credit that you‘re using. For example, if your credit card limit is $1,000 you should keep your balance under $300. But the ratio applies to the sum all of your cards – so if one credit card has a $3,000 limit and a $3,000 balance, and a second card has a limit of $7,000 with no balance, you‘re right at the 30% mark ($3,000 of an available $10,000) which is where you want to be. 7. Protect yourself from credit card fraud. While there is no foolproof way to prevent all instances of credit card fraud and theft, understanding and adopting a few best practices can help reduce your risk. 18
Chapter 3 To help keep the store secure Types of security risk The types of security risk you face are specific to your business and its objectives. To effectively manage risk, you should prepare for internal and external scenarios that may directly affect your business. Direct security risks to your business Some common security risk categories are: Natural disasters, such as floods, storms, bushfires and drought Pandemic, such as human influenza, swine flu or bird flu Legal, such as insurance issues, resolving disputes, contractual breaches, non- compliance with regulations, and liabilities Global events, such as pandemics and interruptions to air traffic Technology, such as computer network failures and problems associated with using outdated equipment Regulatory and government policy changes, such as water restrictions, quarantine restrictions, carbon emission restrictions and tax Environmental, such as climate change, chemical spills and pollution Work health and safety, such as accidents caused by materials, equipment, or location of your work Property and equipment, such as damage from natural disasters, burst water pipes, robbery and vandalism Security, such as theft, fraud, loss of intellectual property, terrorism, extortion and online security and fraud Economic and financial, such as global financial events, interest rate increases, cash flow shortages, customers not paying, rapid growth and rising costs Staffing, such as industrial relations issues, human error, conflict management and difficulty filling vacancies Suppliers, such as issues within their business or industry resulting in failure or interruptions to the supply chain of products or raw materials Market, such as changes in consumer preference and increased competition 19
Utilities and services, such as failures or interruptions to the delivery of your power, water, transport and telecommunications. You should use this list as a starting point for thinking broadly about the types of risks that could impact your business. You may discover that you need to consider other important areas of risk that are not listed here. Indirect risks to your business People often make the mistake of overlooking things that don't directly impact their business and are therefore unprepared to deal with change. For example, while your business might not be directly affected by a natural disaster, you may still suffer if it affects your suppliers, customers or general location. Consider how these scenarios could affect your business: If your suppliers are affected, you may run out of the products you sell, or the materials you need to make products. If your customers are personally affected their priorities may change and you could experience a reduced demand for your products or services. If your general location is affected, you and your customers may not be able to access your premises, or your utilities could be affected. For example, you could lose power, which could mean you: o will not be able to operate your business o May need to throw out any perishable goods and replace them, which can be costly. Managing security risk in your business The process of identifying risks, assessing risks and developing strategies to manage risks is known as risk management. A risk management plan is an essential part of any business as it helps you to understand potential risks to your business and identify ways to minimize them or recover from their impacts. Balancing Risks and Controls Risk Assessment To properly manage their operations, managers need to determine the level of financial and compliance risk they are willing to assume. Risk assessment is one of management's responsibilities and enables management to act pro-actively in reducing unwanted surprises. Failure to consciously manage these risks can result in a lack of confidence that financial and compliance goals will be achieved. With management team members, ask the following questions: 20
What can go wrong? Where are we most vulnerable? Where is our greatest exposure? What types of transactions in our area provide the most risk? Do we have \"liquid\" assets or assets which have alternative uses? How can someone bypass the internal controls? What potential risk areas could cause adverse publicity? Benchmark with others in similar situations. Are there risks in their areas that could occur in your area? Analyze financial data. (Where is the high volume or large dollars?) Below are some types of transactions that may pose higher risks to departments/colleges: Assets with Alternative Uses (i. e., computers) Cash Receipts (continuing education programs, gifts, endowments, special events, bookstore, athletic programs, performances, etc). Consultant Payments and Other Payments for Services Travel Expenditures Scholarships Payments to Non-Vendors Equipment Delivered Directly to Department Purchase Exemptions (sole source) Payroll (rates, changes, terminations) Equipment on Location Software Licensing Issues Intellectual Property Confidential Information Grants (meeting terms, not overspending) These are transaction types that deserve a conscious risk review. In evaluating the potential impact of risk, both quantitative and qualitative costs need to be addressed. Quantitative costs include the cost of property, equipment, or inventory; cash dollar loss; damage and repair costs, cost of defending a lawsuit, etc. Qualitative costs can have wide-ranging implications to a university. These costs may include: Loss of public trust 21
Loss of future grants, gifts and donations Injury to the school's reputation Increased legislation Violation of laws Default on a project Bad publicity Decreased enrolment Internal Control Tools After assessing and prioritizing the financial and compliance risks, the next step of the process is to identify the appropriate controls to manage the risks. Managers need to focus on their high risk, high priority areas. The next section will present the tools managers can use to design their internal control systems. Think of internal control as a map that helps managers to get to their destination. Obviously, just because managers have a \"map\", there is no \"guarantee\" that they will get there, but it does provide \"reasonable assurance\". Internal controls help keep a company on course to achieve goals, carry out management directives, reduce surprises, increase reliability of information, promote effectiveness and efficiency, safeguard assets, and comply with rules and regulations. In the same way that managers are primarily responsible for identifying the financial and compliance risks for their operations, they also have line responsibility for designing, implementing and monitoring their internal control system. Internal Audit and the Accounting and Financial Services are available to provide advice and expertise. Managers are encouraged to consult with these offices when evaluating internal controls, especially with regard to areas deemed to be high risk. Trust is a key component in managers' interactions in the academic and medical environments. Employing honest, trustworthy personnel is critical; however, trusting employees is not a replacement for an internal control system. An internal control system does not rely solely on trust, but is an \"objective\" set of procedures to help ensure that goals are met. Any override of controls provides an \"opportunity\" for someone to take advantage of the system which management is responsible for. The following internal control tools will be discussed in this section: Creation of a Control-Conscious Environment Separation of Duties Authorization/Approval 22
Reviews Reconciliations Asset Security Information and Communication Monitoring Controls can be either preventive or detective. The intent of these control types is different. Preventive controls attempt to deter or prevent undesirable acts from occurring. They are proactive controls that help to prevent a loss. Examples of preventive controls are separation of duties, proper authorization, adequate documentation, and physical control over assets. Detective controls, on the other hand, attempt to detect undesirable acts. They provide evidence that a loss has occurred but do not prevent a loss from occurring. Examples of detective controls are reviews, analyses, variance analyses, reconciliations, physical inventories, and audits. Both types of controls are essential to an effective internal control system. From a quality standpoint, preventive controls are essential because they are proactive and emphasize quality. However, detective controls play a critical role providing evidence that the preventive controls are functioning and preventing losses. Control Conscious Environment The control environment is the control consciousness of an organization; it is the atmosphere in which people conduct their activities and carry out their control responsibilities. An effective control environment is an environment where competent people understand their responsibilities, the limits to their authority, and are knowledgeable, mindful, and committed to doing what is right and doing it the right way. They are committed to following an organization's policies and procedures and its ethical and behavioral standards. The control environment encompasses technical competence and ethical commitment; it is an intangible factor that is essential to effective internal control. Corporation members and management enhance an organization's control environment when they establish and effectively communicate written policies and procedures, a code of ethics, and standards of conduct. Moreover, corporation members and management enhance the control environment when they behave in an ethical manner - creating a positive \"tone at the top\" - and when they require that same standard of conduct from everyone in the organization. Effective human resource policies and procedures enhance an organization's control environment. These policies and procedures should address hiring, orientation, training, 23
evaluations, counseling, promotions, compensation, and disciplinary actions. In the event that an employee does not comply with an organization'' policies and procedures or behavioral standards, an organization must take appropriate disciplinary action to maintain an effective control environment. The control environment is greatly influenced by the extent to which individuals recognize that they will be held accountable. Management is responsible for \"setting the tone\" for their organization. Management should foster a control environment which encourages: The highest levels of integrity and personal and professional leadership A leadership philosophy and operating style which promote internal control throughout the organization; An assignment of authority and responsibility which ensures the highest possible level of accountability. The following action steps will help to encourage ethical behavior: Communicate to employees that fraud (embezzlements, stealing, etc.) and conflicts of interest will not be tolerated. Communicate that University policies and procedures are important and will be followed. Make employees fully aware of their responsibilities (including internal controls). Document key department/college/school policies and procedures. Send employees to ethics and internal control training. Evaluate personnel based on performance related to internal controls. Take disciplinary or other actions for non-performance. Monitor the internal control system on an on-going basis. Segregation of Duties No one person should: Initiate transaction Approve transaction Record transaction Reconcile balances Handle assets Review reports Segregation of duties is critical to effective internal control; it reduces the risk of both erroneous and inappropriate actions. In general, the approval function, the accounting/reconciling function, and the asset custody function should be separated among 24
employees. When these functions cannot be separated, a detailed supervisory review of related activities is required as a compensating control activity. Segregation of duties is a deterrent to fraud because it requires collusion with another person to perpetrate a fraudulent act. Specific examples of segregation of duties are as follows: The person who requisitions the purchase of goods or services should not be the person who approves the purchase. The person who approves the purchase of goods or services should not be the person who reconciles the monthly financial reports. The person who approves the purchase of goods or services should not be able to obtain custody of checks. The person who maintains and reconciles the accounting records should not be able to obtain custody of checks. The person who opens the mail and prepares a listing of checks received should not be the person who makes the deposit. The person who opens the mail and prepares a listing of checks received should not be the person who maintains the accounts receivable accounting records. Authorizations/Approvals An important control activity is authorization/approval. Authorization is the delegation of authority; it may be general or specific. Giving a department permission to expend funds from an approved budget is an example of general authorization. Specific authorization relates to individual transactions; it requires the signature or electronic approval of a transaction by a person with approval authority. Approval of a transaction means that the approver has reviewed the supporting documentation and is satisfied that the transaction is appropriate, accurate and complies with applicable laws, regulations, policies, and procedures. Approvers should review supporting documentation, question unusual items, and make sure that necessary information is present to justify the transaction - before they sign it. Signing blank forms should not be done. Approval authority may be linked to specific dollar levels. Transactions that exceed the specified dollar level would require approval at a higher level. Under no circumstances should an approver tell someone that they could sign the approver's name on behalf of the approver. Similarly, under no circumstance should an approver with electronic approval authority share his password with another person. To ensure proper segregation of duties, the person initiating a transaction should not be the person who approves the transaction. A 25
department's approval levels should be specified in a departmental policies and procedures manual. Reviews Budget to actual comparison Current or prior period comparison Performance indicators Follow-up on unexpected results or unusual items Reviewing reports, statements, reconciliations, and other information by management is an important control activity; management should review such information for consistency and reasonableness. Reviews of performance provide a basis for detecting problems. Management should compare information about current performance to budgets, forecasts, prior periods, competitors, or other benchmarks to measure the extent to which goals and objectives are being achieved and to identify unexpected results or unusual conditions which require follow- up. Management's review of reports, statements, reconciliations, and other information should be documented as well as the resolution of items noted for follow-up. Reconciliations Broadly defined, reconciliation is a comparison of different sets of data to one another, identifying and investigating differences, and taking corrective action, when necessary, to resolve differences. Reconciling monthly financial reports from the Web Statements to file copies of supporting documentation or departmental accounting records is an example of reconciling one set of data to another. This control activity helps to ensure the accuracy and completeness of transactions which have been charged to a department's accounts. To ensure proper segregation of duties, the person who approves transactions or handles cash receipts should not be the person who performs the reconciliation. A critical element of the reconciliation process is to resolve differences. It does not do any good to note differences and do nothing about it. Differences should be identified, investigated, and explained - corrective action must be taken. If an expenditure is incorrectly charged to a department's accounts, then the approver should post a correcting journal entry; the reconciler should ascertain that the correcting journal entry was posted. Reconciliations should be documented and approved by management. Asset Security Security of physical and intellectual assets Physical safeguards Perpetual records are maintained 26
Periodic counts / physical inventories Compare counts to perpetual records Investigate/correct differences Liquid assets, assets with alternative uses, dangerous assets, vital documents, critical systems, and confidential information must be safeguarded against unauthorized acquisition, use, or disposition. Typically, access controls are the best way to safeguard these assets. Examples of access controls are as follows: locked door, keypad systems, card key system, badge system, biometric system, locked filing cabinet, guard, terminal lock, computer password, menu protection, automatic call-back for remote access, smart card, and data encryption. Departments which have capital assets or significant inventories should establish perpetual inventory control over these items by recording purchases and issuances. Periodically, the items should be physically counted by a person who is independent of the purchased authorization and asset custody functions and the counts should be compared to balances per the perpetual records. Missing items should be investigated, resolved, and analyzed for possible control deficiencies; perpetual records should be adjusted to physical counts if missing items are not located. Information and Communication Information and communication are essential to effecting control; information about an organization's plans, control environment, risks, control activities, and performance must be communicated up, down, and across an organization. Reliable and relevant information from both internal and external sources must be identified, captured, processed, and communicated to the people who need it - in a form and timeframe that is useful. Information systems produce reports containing operational, financial, and compliance-related information that make it possible to run and control an organization. Information and communication systems can be formal or informal. Formal information and communication systems - which range from sophisticated computer technology to simple staff meetings - should provide input and feedback data relative to operations, financial reporting, and compliance objectives; such systems are vital to an organization's success. Just the same, informal conversations with customers, suppliers, regulators, and employees often provide some of the most critical information needed to identify risks and opportunities. When assessing internal control over a significant activity (or process), the key questions to ask about information and communication are as follows: Does our department get the information it needs from internal and external sources - in a form and timeframe that is useful? 27
Does our department get information that alerts it to internal or external risks (e.g., legislative, regulatory, and developments)? Does our department get information which measures its performance - information that tells the department whether it is achieving its operations, financial reporting, and compliance objectives: Does our department identify, capture, process, and communicate the information that others need (e.g., information used by our customers or other departments) in a form and timeframe that is useful? Does our department provide information to others that alerts them to internal or external risks? Does our department communicate effectively - internally and externally? Information and communication are simple concepts. Nevertheless, communicating with people and getting information to people in a form and timeframe that is useful to them is a constant challenge. Monitoring Monitoring is the assessment of internal control performance over time. It is accomplished by ongoing monitoring activities and by separate evaluations of internal control, such as self- assessments, peer reviews, and internal audits. The purpose of monitoring is to determine whether internal controls are adequately designed, properly executed, and effective. Internal control is adequately designed and properly executed if all five internal control components are present and functioning as designed. Internal control is effective if the Corporation Members and management have reasonable assurance that: They understand the extent to which operation objectives are being achieved. Published financial statements are being prepared reliably. Applicable laws and regulations are being complied with. While internal control is a process, its effectiveness is a state of condition of the process at one or more points in time. Just as control activities help to ensure that actions to manage risks are carried out, monitoring helps to ensure that control activities and other planned actions to effect internal control are carried out properly and in a timely manner and that the end result is effective internal control. Ongoing monitoring activities include various management and supervisory activities which either validate or invalidate the design, execution, and effectiveness of internal control. Separate evaluations, on the other hand, such as self-assessments and internal audits, are periodic evaluations of internal control components resulting in a formal 28
report on internal control. Self-assessments are performed by department employees; internal audits are performed by internal auditors who provide an independent appraisal of internal control. Balancing Risks and Controls To achieve goals, management needs to effectively balance risks and controls. By performing this balancing act \"reasonable assurance\" can be attained. As it related to financial and compliance goals, being out of balance causes the following problems: Excessive Risks Excessive Controls Loss of Assets Donors or Grants Increased Bureaucracy Poor Business Decisions Reduced Productivity Noncompliance Increased Complexity Increased Regulations Increased Cycle Time Public Scandals Increase of Nonvalue Activities Internal controls should be proactive, value-added, and cost-effective. In summary, properly balancing risks and controls makes good business sense. Internal Controls A process affected by a university's governing board, administration, faculty and staff designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations. Reliability of financial reporting. Compliance with applicable laws and regulations. Risk The possibility that an organization will NOT: Achieve its goals. Operate effectively and efficiently. Protect itself from loss. 29
Provide reliable financial data (reports). Comply with applicable laws/regulations and defined policies/procedures. The university environment has some unique inherent risks that make the job of managing financial and compliance risks more challenging. Below are some of the inherent risks faced by university managers: Decentralized accounting and reporting system. Rotation of key management positions. Tight budgets. Managers with limited financial background. Intense public and journalistic scrutiny. Reasonable Assurance The objective is to attain a \"reasonable\" level of assurance that the organization's financial and compliance goals will be achieved. Trying to attain an \"absolute\" level of assurance is not possible due to the following reasons: 1. It is cost-prohibitive. The objective is to find an optimal level of controls for an acceptable level of risk. 2. Management can bypass or override the internal controls. 3. Employees may collude with each other. 4. Human error may occur. Note: With a decentralized accounting system, controls cannot, by themselves, provide reasonable assurance that departments/colleges/schools are adequately controlled. Certain of these controls (authorization and approval process), if followed, will reduce the risk of loss. However, these controls are easily circumvented or ignored at the department level when adequate emphasis is not placed on internal controls and/or the controls are not being monitored to see that they are functioning properly. Responsibility Activities, goals, functions, actions, etc. that a person has to account for or be answered for. Part of the areas of responsibility is to provide reasonable assurance that organizational goals will be accomplished. Accountability By definition, if a person is responsible for an action, he/she is therefore also accountable for that action. 30
Responsibility and accountability are linked. In terms of the delegation of duties, management \"can delegate some of the duties they are responsible for but cannot delegate responsibility or accountability\". A much stronger emphasis is currently being placed on responsibility and accountability than was in the past. Duties and responsibilities must be carried out with the full knowledge and understanding of the implications of actions being taken by each employee at all levels within the organization. Health and Safety: Principles, Responsibilities and Practices This manual provides information about policies, procedures, and guidelines related to health and safety at Stanford. Topics covered include responsibilities, services provided by the Department of Environmental Health and Safety (EH&S), a variety of topics related to workplace safety (e.g. asbestos, ergonomics), the management of hazardous materials, and how to prevent and handle emergencies. Principles Safety is a core value at Stanford and the University is committed to continued advancement of an institutional safety culture with strong programs of personal safety, accident and injury prevention, wellness promotion, and compliance with applicable environmental and health and safety laws and regulations. Stanford University makes all reasonable efforts to: Promote occupational and personal safety, health and wellness; Protect the health and safety of Stanford University faculty, staff and students; Provide information to faculty, staff, and students about health and safety hazards; Identify and correct health and safety hazards and encourage faculty, staff, and students to report potential hazards; Conduct activities in a manner protective of the environment, and inform the Stanford community regarding environmental impacts associated with institutional operations; and Maintain a risk-based emergency management program to reduce the impact of emergency events to the Stanford community. Responsibilities Adherence to good health and safety practices and compliance with applicable health and safety regulations are a responsibility of all faculty, staff, and students. Line responsibility for good health and safety practice begins with the supervisor in the workplace, laboratory or classroom and proceeds upward through the levels of management. For detailed guidance on 31
individual safety responsibilities under Cal/OSHA, refer to the University‘s Illness and Injury Prevention Program (IIPP). In academic areas, supervisors include faculty/principal investigators, laboratory directors, class instructors, or others having direct supervisory and/or oversight authority. Academic levels of management are the department chairperson or Independent Lab director, dean, the Dean of Research, and the Provost. Administrative levels of management include managers, directors, and vice presidents. Final responsibility for health and safety policy and programs rests with the President of the University. The Associate vice Provost for EH&S and the University Committee on Health and Safety are responsible for recommending University-wide health and safety policies to the President. The Associate vice Provost for EH&S is responsible for ensuring overall institutional compliance with applicable policies, statutes, and regulations; monitoring the effectiveness of the safety programs; and providing central health and safety services and support to all areas of the University. A. Supervisory Responsibilities University supervisors, including faculty supervisors and Principal Investigators (PIs), are responsible for protecting the health and safety of employees, students and visitors working under their direction or supervision. This responsibility entails: Being current with and implementing Stanford University health and safety policies, practices and programs; Ensuring that workplaces, including laboratories, and equipment are safe and well maintained; Ensuring that workplaces or laboratories are in compliance with Stanford policies, programs and practices, and Ensuring that employees, students and visitors under their supervision or within their work areas have been provided with appropriate safety training and information and adhere to established safety practices and requirements. B. Managerial Responsibilities University managers, academic and administrative, are responsible for ensuring that: Individuals under their management have the authority to implement appropriate health and safety policies, practices and programs; Areas under their management have adequate resources for health and safety programs, practices, and equipment; and 32
Areas under their management are in compliance with Stanford University health and safety policies, practices and programs. C. Environmental Health and Safety Responsibilities Environmental Health and Safety (EH&S) is responsible for: Reviewing legislation, recommending policies, and monitoring compliance with environmental and health and safety statutes and regulations and University health and safety policies and programs; Developing institutional safety and compliance programs and assisting schools, departments, faculty, and managers with implementation Providing guidance and technical assistance to supervisors and managers in the schools, departments, and other work units in identifying, evaluating, and correcting health and safety hazards; Developing programs for the safe use of hazardous radiological, biological, and chemical substances and lasers; Providing training materials, assistance, and programs in safe work practices; Providing guidance on effective emergency management and business continuity programs, and providing emergency response services for incidents involving hazardous materials; Providing fire prevention, inspection, engineering and systems maintenance services; and Hazardous waste management and disposal services. While EH&S is responsible for developing and recommending relevant health and safety policies, institutional policy approval rests with other University authorities, (e.g., President, Provost, Vice Provost and Dean of Research, Faculty Senate, University Cabinet, University Committee on Health and Safety, Committee on Research, Administrative Panels for Research Oversight, etc.) depending on the content of the proposed policies. D. Faculty, Staff, and Student Responsibilities Faculty, staff and students are responsible for: Keeping themselves informed of conditions affecting their health and safety; Participating in safety training programs as required by Stanford policy and their supervisors and instructors; Adhering to health and safety practices in their workplace, classroom, laboratory and student campus residences; Advising of or reporting to supervisors, instructors or EH&S potentially unsafe practices or serious hazards in the workplace, classroom or laboratory. 33
E. Safety Performance Each individual at Stanford is expected to perform all work safely. Managers and supervisors shall establish and maintain a system of positive reinforcement and escalated discipline to support good health and safety practices. Safety performance shall be a part of every individual‘s role and responsibility as well as performance expectation and evaluation. Providing a Safe Workplace Stanford's program for providing a safe workplace for faculty, staff and students includes: facility design; hazard identification, workplace inspection and corrective action; shutdown of dangerous activities; medical surveillance: and emergency preparedness. In addition to this general institutional health and safety policy, additional hazard specific policies and requirements may apply to different work and learning environments at Stanford and will be found in the Research Policy Handbook and at the EH&S Website. A. Facility Design Facilities will be designed in a manner consistent with health and safety regulations and standards of good design. Those University departments charged with primary responsibility for the design, construction, and/or renovation of facilities, together with EH&S shall ensure that there is appropriate health and safety review of facility concepts, designs, and plans. In case of disagreement between EH&S and the cognizant facilities department, the conflict shall be resolved by the Vice Provost and Dean of Research in consultation with the cognizant vice president or dean and the Provost (or designate). The determination of the Vice Provost and Dean of Research may be stayed by the Associate Vice Provost for EH&S pending a prompt appeal to the President. B. Hazard Identification and Correction Stanford University encourages employees and students to report health and safety hazards to their supervisors, managers, or EH&S. Employees and students shall not be discriminated against in any manner for bona fide reporting of health and safety hazards to Stanford or to appropriate governmental agencies. Supervisors shall inform students and employees of this policy and encourage reporting of workplace hazards. Supervisors, both faculty and staff, shall assure that regular, periodic inspections of workplaces are conducted to identify and evaluate workplace hazards and unsafe work practices. The frequency of inspections should be proportional to the magnitude of risk posed in the particular workplace. 34
Means of correcting discovered hazards and/or protecting individuals from the hazards shall be determined and implemented appropriately. Unsafe conditions which cannot be corrected by the supervisor or manager must be reported to the next higher level of management. Any individual, supervisor or manager who becomes aware of a serious concealed danger to the health or safety of individuals shall report this danger promptly to the Department of EH&S and to the faculty, staff and students who may be affected. C. Shutdown of Dangerous Activities The Associate Vice Provost for EH&S has the authority to curtail or shut down any University activity considered to constitute a clear and imminent danger to health or safety. In the event of such curtailment or shutdown, the cognizant dean, director or vice president and the Provost (or designate) shall be immediately notified. In cases of dispute, an order to curtail or shutdown will remain in effect until the Provost or the Vice Provost and Dean of Research (or their respective designates) determine in writing that the danger has passed or been mitigated or that the order should be rescinded for other reasons. Should the Associate Vice Provost for EH&S disagree with a determination to restore a curtailed or shutdown activity, the Associate Vice Provost for EH&S may promptly appeal the matter to the President. In the event of an appeal, the order to curtail or shutdown shall be in effect until the President determines otherwise. D. Providing Medical Surveillance Stanford University shall evaluate and monitor, through a program of medical surveillance, the health of Stanford University faculty, staff and students who are exposed to certain hazardous materials and situations as defined by law or University policy. Each supervisor is responsible for ensuring that employees and students under their supervision participate in the medical surveillance program as required by University policy. EH&S will monitor medical surveillance program participation. Each University department/school shall administer the program for faculty, staff and students covered by University policy. E. Emergency Response and Preparedness EH&S coordinates overall emergency response planning for the institution and provides guidelines for departmental emergency response plans. Every department shall have an individual emergency response plan and shall develop business continuity and contingency plans and implement appropriate mitigation programs to reduce the impact of emergency events. 35
Schools and departments shall maintain local departmental emergency operations centers and communications capabilities according to guidelines in the campus emergency plan. Multiple departments located within individual buildings will jointly develop comprehensive building- based life safety response plans. Emergency plans shall include evacuation and assembly procedures, posted evacuation maps, reporting and communication practices, training, and drills. Safety Communication and Training Safety and compliance required training shall be communicated in a manner readily understandable to faculty, staff and students, in accordance with the communication policy outlined below. A. Systems of Communication Managers and supervisors, both faculty and staff, shall establish, implement and maintain a system for communicating with employees and students about health and safety matters. Information should be presented in a manner readily understood by the affected employees and students. Due attention must be paid to levels of literacy and language barriers. Verbal communications should be supplemented with written materials or postings if appropriate. Whenever appropriate, statutes and policies affecting employees and students shall be available in the workplaces. B. Communication about Hazards Faculty, staff, and students who may come in contact with hazardous substances or practices either in the workplace or in laboratories shall be provided information concerning the particular hazards which may be posed, and the methods by which they may deal with such hazards in a safe and healthful manner. In areas where hazardous chemicals or physical agents are used, handled, or stored, communication about these hazards shall conform to the Research Policy Handbook EH&S Requirements for laboratory facilities and the Hazard Communication Program for all other campus workplaces. C. Training Supervisors, including faculty, shall be experienced, trained or knowledgeable in the safety and health hazards to which employees and students under their immediate direction and control may be exposed, and shall be knowledgeable of current practices and safety requirements in their field. Faculty, staff and students shall have or be provided the knowledge to protect themselves from hazards in their working and learning environment. Supervisors, both faculty and staff, 36
shall ensure that employees and students have received appropriate training and information regarding: General health and safety practices of the workplace or laboratory, including emergency procedures; Job-specific health and safety practices and hazards; Recognition and assessment of health and safety risks; and, How to minimize risks through sound safety practices and use of protective equipment; and, Awareness of appropriate practices to protect the environment. Training shall occur when: An employee is hired or student is new to the laboratory; An employee or student is given a new assignment for which training has not previously been received; and New hazards are introduced by new substances, processes or equipment. Faculty, staff and students should, periodically, be retrained or demonstrate an understanding of current standard safety practices and requirements for their areas. Documentation and Recordkeeping Documentation and records as required by regulation shall be kept to demonstrate compliance with applicable statutes, regulations and policies. Requirements and procedures for such recordkeeping can be found in the Research Policy Handbook and at the EH&S website. Reporting security incidents If you believe that sensitive government information or assets have been accessed without permission, you are required to report the incident to the Contract Security Program. Find out how, when and where to report security incidents. Security incidents A security incident is an alert that a breach of security may be taking place or may have taken place. It is an act, event or omission that could result in the compromise of information, assets or services. This may include: leaving a protected file out on a desk unattended misplacing a laptop computer that contains secure information suspicious contact from someone who may be trying to gain sensitive information from you Organizations must establish procedures to ensure that suspected or confirmed security incidents are immediately identified, investigated and reported to the program. 37
How to report a security incident Security incidents must be reported to the company security officer. The company security officer will conduct a preliminary inquiry, keep a written record and report incidents to the Contract Security Program. Complete the security incident report for company security officers and alternate company security officers The preliminary inquiry will answer the following questions: -where and when did the incident occur? -who reported it, to whom, and when? -what information or asset was involved? -what was the security marking and description of the information or asset involved? -who was the originator of the information or asset? -for how long and to whom was the information or asset vulnerable to unauthorized access? -what actions were taken to secure the information or asset and limit the damage? -is any information or asset lost or unaccounted for? -what are the recommendations to prevent the incident from reoccurring? Do not submit protected and classified information with your report or by email. When submitting either your security incident report or email, clearly indicate in your message whether you must submit sensitive information as part of the incident reporting. The investigator assigned to the file will then contact you to make the necessary arrangements to obtain these documents. If you suspect a criminal act has been committed, contact your local police service. Security breaches A security incident that leads to a confirmed compromise of information and assets is considered a security breach. A breach is an act, event or omission that results in the compromise of sensitive information or assets. This means that there has been unauthorized access, disclosure, destruction, removal, modification, use or interruption of protected and classified information and assets. How to report a security breach In the event of a security breach, the company security officer must take the following steps, document them in a security incident report and forward it to the program: Report breaches immediately to the program Complete the security incident report for company security officers and alternate company security officers complete an investigation 38
of the incident by determining the cause of the incident take corrective measures and implement controls to prevent or minimize the possibility of future similar incidents Security contacts A security contact happens when the representative of a group communicates with you to access national security information for which they do not have a need-to-know. A security contact can occur during official or social circumstances, in or outside of Canada. A security contact may come from: a foreign country of interest an extremist or subversive group a criminal group a political, commercial or issues-motivated group or individual, including the media These groups or individuals use considerable resources to obtain access to national and defence information, weapons or other military assets. Their efforts could involve targeting a person or their family and friends. Awareness is vital: If you have regular contact with representatives of foreign or other groups in or outside of Canada, then you are required to report this to your company security officer or alternate company security officer. Why you may be targeted Employees of organizations registered with the program could hold information that is highly sought after by foreign representatives. Information collected by these people and groups could be a threat to you, your organization and our national security. You must report a suspicious contact so it can be assessed to: allow early identification of the threatening activity determine the extent of the threat alert the authorities responsible for the development of appropriate countermeasures When to report a contact Your organization must report suspicious contacts as soon as they happen to allow prompt assessment and appropriate action. Consider the following questions: was the encounter with a foreign national? did you feel uncomfortable with the line of questioning? was the questioning persistent? did anything happen that appeared suspicious or caused you concern? 39
If the answer to any of the above questions is yes, then you should immediately report the suspicious contact to: the program through your company security officer or alternate company security officer local police Canadian Security Intelligence Service Third party reporting Third party reporting is a vital assistance to the federal government in identifying inappropriate contacts. The company security officer must ensure that incidents of this nature are reported to the program. They may also need to contact other parties, depending on the severity of the concern. The program treats third party reports in the strictest confidence. Secure Retail Store Running a retail store is a risky proposition in more ways than one. On the one hand one has to invest perhaps thousands of dollars to set up a decent and small sized outlet. Then managing the risk associated with competition is another great challenge. Additionally, ensuring the safety of the retail outlet is also a big task. Amongst the various things, installing the right surveillance system is no longer just a choice but is becoming a necessity. Towards this objective, opting for the right security cameras without any doubt is vital to say the least. Additionally, there are some proven and time-tested tips which should be followed for enhancing security of the retail store. Here are a few such tips which could be useful. Increasing Visibility Could Help Increasing the visibility of the merchandise will help you keep an eye on the stock and inventory which is up from sale. Having mirrors and avoiding blind corners could help a lot in reducing the instances of theft and burglary. Understanding the benefit of keeping taller display closer to the perimeter and shorter displays near the cash register can help a lot in 40
better monitoring the store. It also makes sense to keep your shop tidy and neat. This will help employees find out if something is amiss and they can identify any lost items easily. Importance of Security Systems Though many small retailers may desist from it, having a suitable security and surveillance system is of paramount importance. The need for security cameras is no longer a choice which you can do without. It helps a lot in totally protecting the retail outlet from burglars though it might cost you initially. This should be considered as an investment to protect your shop rather than being considered as revenue expenditure. The best thing about security cameras is that it could help real time monitoring even when the outlet is closed. It also will help employees to be on their toes. Visiting sites like Ancestors could provide you the right ideas about the various types of cameras which you could install. Be Clear with Your Shoplifting Policy You must spend some money and ensure that your shoplifting policy is splashed across the shop in unambiguous terms. You must warn them of strict action under the law and that you will not hesitate in prosecuting the wrongdoers. It certainly works well and acts as a strong deterrent to those who have intentions to rob your shop. Locking Up Merchandise Can Help While merchandise is for the purpose of customers to see, it may not be advisable to keep everything open. While small lots can be kept in the open, it would be perhaps advisable to keep a major portion of merchandise in closed doors, using transparent material like glass or plastic. This can help a lot in keeping a majority of stock and inventory safe from burglars and also from accidental breakage and damage. Being Alert and Aware The need to be aware and alert at all points of time could ensure that the store remains safe and secure at all points of time. A bit of training might be needed for this. Especially when you are opening and closing the shop you should be doubly careful. Further when new stocks 41
arrive then too you should advise your employees to be careful. Be careful not to stock small and expensive merchandise which shoplifters can easily hide and walk away with. Learn How to Spot a Shoplifter While there is no doubt that installing the right kind of electronic devices including security cameras can make a difference to safety and security of the retail store, you must understand the importance of finding out how to identify and isolate a shoplifter. There are certain behavioral trends which could certainly help your employees become alert and agile. You could see some customers are tensed up, nervous and somebody who loiter around aimlessly and also stare at customers and employers. They also try and be present in areas which difficult to monitor. They go out and return after some time. Be Present with the Customer You must also train your employees to be with the customers without making them feel suffocated or uneasy. You must ensure that your employees are there to genuinely help your customers. This will help keep at bay the unwanted people who are not genuine customers but might be looking for something to rob and burgle items from your store. Tailing customers without their being aware of it is an art which must be mastered by your employees. Bag Check Policy is a Must You must, as a matter of policy, not allow entry of bags and backpacks. You must mention it clearly that they are not allowed. If customers still insist on carrying it, you must ensure that the bags are thoroughly checked when they move out of the shop. This might look a bit unprofessional but it has been found that good customers will not mind. Tally Purchases with Invoice Once the purchases are made and the bill has been generated by the cash register, you must be sure that the invoices and the products match. You must instruct your employees to double check the merchandise sold so that mistakes can be avoided. It could also help in preventing customers to slip an extra product or two especially when the retail outlet is crowded. 42
Take Contact Numbers of Customers While taking contact numbers of customers could be useful as a means of cross selling, it could also help a lot in avoiding moving out of goods and wares by mistake. Further it could also act as a dampener for those who come to the store with the main objective of stealing or burgling something. Chapter 4 To help maintain health and safety Accident & Emergency: Policy & Procedures Introduction During outdoor fitness sessions, it is recognized that in spite of all reasonable precautions accidents can still occur during activities. As such, the following policy and procedures are designed to: Provide fast, safe and effective help to all concerned; To supply The Company with the specific information it needs; and To protect: The individual(s) concerned; The fitness instructor; and The Company. Instructors must recognize that the reporting of all Near Miss occurrences is also vital for the future safety of all individuals; as such information helps others to plan and prepare in order to avoid possible dangers. Instructors must also be aware of the legal obligation to record all injuries or accidents. 43
Finally, instructors must recognize that in serious circumstances unofficial statements and apparently innocent comments may affect any subsequent legal proceedings and may lead to relatives being contacted by the media rather than the police. Procedure Description 44
If any person is injured during training the instructor, as a qualified first aider, will be the first to assess the injury/incident and warn others of continuing dangers, if these exist. Attend to the injured person immediately, keeping only the minimum number of persons to assist as necessary. Ensure that one accident does not produce more; withdraw the remainder of the group to a safe place as conditions may be dangerous or may deteriorate. The instructor will normally handle such an incident after assessing the casualty and taking the necessary action that befits the situation; o Minor injury will be dealt with and the casualty will probably be able to return to training. 1o Injuries that prevent the casualty from continuing training will be re- assessed and treated within the clinical ability of the instructor (as first aider). o If the injury is beyond the capability of the instructor or it is deemed the casualty requires hospitalization then 999 will be called for the Emergency Services to attend and transport the casualty to hospital. Discontinuing the session will be a judgment call after an assessment of the incident and action required. If in any doubt call the Emergency Services to deal with the situation and make the casualty as comfortable as possible. The instructor will ensure that they do not discuss the situation with anyone other than the emergency services and The Company. Fill in the Accident & Emergency Report Form (Appendix A). In the event of an incident at another organization/establishment, the instructor 2 will follow instructions from an official representative of that organization/establishment. 45
In the event of an incident that may warrant the use of any of the emergency services the instructor will ensure the following: That any intervention/assistance does not jeopardize the safety of other members of the group, instructors or members of the public; That the treatment of casualties is only administered by those who are qualified to do so, except in cases where the casualty has already stopped breathing. The instructor will also specifically designate another individual to call 911 via mobile phone or landline and include the following information: 3 Tell the Emergency Service the location of the accident: venue name and location within venue (e.g. North side rather than South side); Communicate what happened, the condition of the casualty and what care is being given; Let the Emergency Service know that staff trained in first aid are on the scene; Listen and let the Emergency Service ask questions for the remaining information; Wait for the Emergency Service to hang up before you hang up; and Ensure an individual goes to meet the Emergency Services and lead them to the casualty. In the event of a death or serious/life threatening injury the following procedure will be adopted: The instructor will contact the appropriate emergency service, and provide them with any personal details, including next of kin. In the event of a death, the instructor will contact the police, who will advise the next of kin of the fatality. The instructor will ensure that no member of the group advises the next of kin of the fatality. The instructor will contact The Company: 000-0000-0000 (24 hours) and provide 4 the casualty‘s name, details of the incident and details of the hospital to which the casualty has been taken. The instructor will also provide a telephone number where s/he can be contacted. The instructor will ensure that they do not discuss the situation with anyone other than the emergency services and The Company. Any media enquiries are referred to The Company, and that no statements are made to the media. 46
Whilst attending one of our classes/events clients are our responsibility. Accidents and injuries should be minimized by carrying out standard company procedures by ensuring that you: Have a lesson plan: enjoyable and flexible, but most importantly safe; Teach and ensure correct exercise techniques; Carry out regular risk assessments and act on those assessments by informing the clients or moving away from the risk; Ensure your own first aid training is ‗in-date‘; and Always carry a first aid kit, water and a mobile phone. Procedures In the event of any accident or injury the following procedures should be carried out and the Accident & Emergency Reporting Form (Appendix A) completed, signed, witnessed and returned to The Company as soon as reasonably practicable. Incident Reporting It is important that all accidents, injuries or dangerous occurrences are reported, by the quickest practicable means (this usually means by telephone, alternatively email). A factual report, including any statements taken, should be forwarded to The Company using the Accident & Emergency Report Form (Appendix A) no later than 24 hours after the incident (or when you return from an event). A supply of Accident & Emergency Report Forms should be held by instructors in the event of an accident. An example of an Accident & Emergency Report Form is given below. 47
Reporting accidents, incidents and diseases The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) require employers, or in certain circumstance others who control or manage the premises, to report to the relevant enforcing authority and keep records of: work-related deaths work-related accidents which cause certain specified serious injuries to workers, or which result in a worker being incapacitated for more than seven consecutive days (see the RIDDOR site) cases of those industrial diseases listed in RIDDOR certain ‗dangerous occurrences‘ (near-miss accidents) injuries to a person who is not at work, such as a member of the public, which are caused by an accident at work and which result in the person being taken to hospital from the site for treatment Reports to the enforcing authority of all of the above categories, except over-seven-day injuries, must be made immediately by the quickest practicable means and followed up by a written notification within 10 days. Reports of over-seven-day injuries must be sent to the enforcing authority within 15 days. In addition, records must be kept of all of ‗over-three-day injuries‘, which are those where a person who is injured at work is incapacitated for more than three consecutive days. Over- three-day injuries do not, however, have to be reported to the enforcing authority. If you are an employer who must keep an accident book under the Social Security (Claims and Payments) Regulations 1979, an entry about an over-three-day injury is a sufficient record for the purposes of RIDDOR. A person is incapacitated if they are unable to carry out the activities they would reasonably be expected to do as part of their normal work. The period of time for an over-three-day injury or an over-seven-day injury does not include the day of the accident, but it does include any weekends or rest days. WHY REPORT AND RECORD? Reporting and recording are legal requirements. The report tells the enforcing authorities for occupational health and safety (HSE and local authorities) about serious incidents and cases of disease. This means they can identify where and how risks arise and whether they need to be investigated. It also allows HSE and local authorities to target their work and provide advice on how to avoid work-related deaths, injuries, ill health and accidental loss. 48
Information on accidents, incidents and ill health can be used as an aid to risk assessment, helping to develop solutions to potential risks. Records also help to prevent injuries and ill health, and control costs from accidental loss. You must keep a record of: any reportable death, injury, occupational disease or dangerous occurrence all work-related injuries that result in a worker being away from work or unable to do their full range of normal duties for more than three consecutive days (not counting the day of the accident but including any weekends or other rest days) Procedure for Accident Reporting and Investigation Numbers and types of accidents and work-related illnesses are one means of monitoring the success of health and safety procedures. They are also an indicator of areas where more effort may be required to reduce the number of injuries. It is therefore vital that all injuries, however small, are reported and inquiries made to identify means of avoiding a repetition. Administration Accidents and incidents of work-related ill-health must be recorded in the official site accident book B1510. Accidents and incidents of ill health which result in an absence from work of more than three days must be reported on form F2508 or F2508A (all obtainable from The Stationery Office). These documents are held in the company office or by the senior company representative on site who may designate a responsible person to receive accident reports and make the necessary entries. Staff must be made aware of the requirement to report all accidents at induction. Where the company are sub-contractors all accidents must be reported to the principal contractor and recorded in his official accident book. The senior representative should make this report on site. Procedure 1. Injured person or the first-aider to report accident to designated person giving all relevant details. 2. Designated person to enter the detail in the accident book taking care to ascertain exactly what occurred. 3. Injuries which require the first aider to refer the injured person to hospital or to their doctor should be immediately notified to the senior company representative on site and notified to the company office by telephone. 49
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
