Control Environment Questionnaire



Similar documents
The Compliance Universe

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 315

How To Audit A Company

International Standard on Auditing (UK and Ireland) 315

Standards for the Professional Practice of Internal Auditing

Fraud Checklist. From the enquiries made and procedures performed in completing Part B of this checklist we consider the risk of irregularities to be

Module 6 Documenting Processes and Controls

SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT

A Risk-Based Audit Strategy November 2006 Internal Audit Department

(Effective as of December 15, 2009) CONTENTS

Internal Control Questionnaire and Assessment

MISSION STATEMENT OBJECTIVES IN ACCOMPLISHING OUR MISSION

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

APES 320 Quality Control for Firms

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

INTERNAL AUDITING POLICIES AND PROCEDURES MANUAL

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Background. Audit Quality and Public Interest vs. Cost

Appendix 15 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION CONTENTS

Audit Phases. Phase 1: Planning and Risk Identification

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS

JAGUAR MINING INC. CORPORATE GOVERNANCE GUIDELINES

Division of Insurance Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014

Module # 2 Management/Key Employee Assessment

Identifying and Assessing. Understanding the Entity

THE CAPITAL MARKETS ACT (Cap. 485A)

Master Document Audit Program. Version 1.8, dated November B-01 Planning Considerations

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

How To Ensure That A Quality Control System Is Working Properly

Final Draft Guidance on Audit Committees

Communicating Internal Control Related Matters Identified in an Audit

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

DRAFT. Informing the audit risk assessment for Cheshire Fire Authority. Year ending 31 March 2013 xx April 2013

Audit, Risk Management and Compliance Committee Charter

Board Governance Principles Amended September 29, 2012 Tyco International Ltd.

INTERNATIONAL STANDARD ON AUDITING 450 EVALUATION OF MISSTATEMENTS IDENTIFIED DURING THE AUDIT

CHARTER OF THE BOARD OF DIRECTORS

Fundamental Principles of Financial Auditing

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

FRAMEWORK FOR THE EVALUATION OF INTERNAL CONTROL SYSTEMS

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE

MERCK & CO., INC. POLICIES OF THE BOARD. Specifically, the Board, as a body or through its committees or members, should

AUDITOR INDEPENDENCE, AUDIT COMMITTEE QUALITY AND INTERNAL CONTROL

Notion VTec Berhad (Company No D) Board Charter

INTERNATIONAL STANDARD ON AUDITING 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

COSO Internal Control Integrated Framework (2013)

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

Mission Statement. Vision. Values. Introduction

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

MINNESOTA MUTUAL COMPANIES, INC. Guidelines of the Audit Committee of the Board of Directors

Antifraud program and controls assessment grid*

FRAMEWORK FOR INTERNAL CONTROL SYSTEMS IN BANKING ORGANISATIONS (September 1998)

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

AMERICAN AIRLINES GROUP INC. AUDIT COMMITTEE CHARTER

CITY OF BURLINGTON COSO FRAMEWORK & COMPLIANCE

CHAPTER 7 PLANNING THE AUDIT: IDENTIFYING AND RESPONDING TO THE RISKS OF MATERIAL MISSTATEMENT

Planning an Audit 255

The Auditor s Communication With Those Charged With Governance

Hunter Hall International Limited

THE COMBINED CODE PRINCIPLES OF GOOD GOVERNANCE AND CODE OF BEST PRACTICE

U & D COAL LIMITED A.C.N BOARD CHARTER

Guide to Internal Control Over Financial Reporting

M-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.

ALLEGIANT TRAVEL COMPANY AUDIT COMMITTEE CHARTER

BOARD CHARTER. Its objectives are to: provide strategic guidance for the Company and effective oversight of management;

CHAPTER 2. Business Ethics and Social Responsibility

Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015

Title 4 - Codification of Board Policy Statements. Chapter 9 NEVADA SYSTEM OF HIGHER EDUCATION INTERNAL AUDIT, FINANCE AND ADMINISTRATION POLICIES

APB ETHICAL STANDARD 1 (REVISED) INTEGRITY, OBJECTIVITY AND INDEPENDENCE

NCR Corporation Board of Directors Corporate Governance Guidelines Revised January 20, 2016

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

CORPORATE GOVERNANCE GUIDELINES

Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE. of the ATTORNEY GENERAL.

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Internal Control Requirements December 11, 2002

How quality assurance reviews can strengthen the strategic value of internal auditing*

Guidance for audit committees. The internal audit function

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS. Purpose

CCAD Management Employee Performance Review

JSE Accredited to Audit JSE Listed Companies

BROWN & BROWN, INC. CORPORATE GOVERNANCE PRINCIPLES. The Board believes that a majority of the members of the Board should be independent.

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

INTERNAL AUDIT FRAMEWORK

INTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS

ISA 620, Using the Work of an Auditor s Expert. Proposed ISA 500 (Redrafted), Considering the Relevance and Reliability of Audit Evidence

AUDIT COMMITTEE BEST PRACTICES CHECKLIST

Internal Control - Integrated Framework

the role of the head of internal audit in public service organisations 2010

Transcription:

Control Environment Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks INTEGRITY AND ETHICAL VALUES Management must convey the message that integrity and ethical values cannot be compromised, and employees must receive and understand that message. Management must continually demonstrate, through words and actions, a commitment to high ethical standards. 1. Have appropriate entity policies regarding such matters as acceptable business practices, conflicts of interest, and codes of conduct been established and are they adequately communicated? 2. Does management demonstrate the appropriate tone at the top, including explicit moral guidance about what is right and wrong and is this communicated in both words and deeds? 3. Are everyday dealings with employees, suppliers, citizens, bondholders, students, and auditors based on honesty and fairness? 4. Are appropriate remedial actions taken in response to departures from approved policies and procedures or the code of conduct, and are the actions communicated or otherwise made known throughout the university? 5. Are management overrides of established controls appropriately documented and explained and are deviations from such controls investigated? 6. Is management under pressure to meet unrealistic performance goals particularly for short term results (i.e. Grant $, Student #)? 7. Does previous experience with the entity indicate sufficient integrity on the part of entity personnel?

COMMITMENT TO COMPETENCE Management must specify the level of competence for particular jobs and translate the desired levels of competence into requisite knowledge and skills. 1. Have employee job descriptions, including specific duties, reporting responsibilities, and constraints been clearly established and effectively communicated to employees? 2. Has management determined to an adequate extent the knowledge and skills needed to perform a particular job and is this information used in the hiring process? 3. Does it appear that management, accounting, and information technology personnel are sufficiently competent to perform their assigned responsibilities? 4. Does the department adequately compensate employees in order to attract qualified individuals? 5. Are there clear criteria for hiring and promoting? 6. Have employee performance evaluation techniques been implemented to identify incompetent or ineffective employees? GOVERNING BOARD OR AUDIT COMMITTEE An active and effective governing board, or committees thereof, provides an important oversight function and, because of management s ability to override system controls, the board plays an important role in ensuring effective internal control. 1. Does the university have a governing board or audit committee that is appropriate for the size and nature of the entity? 2. Are members of the governing board or audit committee independent from the university s management? 3. Do governing board or audit committee members have sufficient knowledge, industry experience, and time to serve effectively?

4. Does governing board composition provide sufficiently broad experience in legal, financial, and other functional areas important to the university operations (governing boards that lack expertise in a particular area can compensate by engaging consultants)? 5. Does the governing board constructively challenge management s planned decisions (e.g., strategic initiatives and major transactions) and probe for explanations of past results (e.g., budget variances)? 6. Does the governing board or audit committee meet regularly to set policies and objectives, review the entity s performance, and take appropriate actions, and are minutes of such meetings prepared and signed on a timely basis? 7. Do members of the governing board or audit committee regularly receive the information they need to monitor management s objectives and strategies? 8. Does the governing board or audit committee review the scope and activities of the internal and external auditors? 9. Does the governing board or audit committee meet privately with the chief financial/ and or accounting officers, internal auditors, and external auditors to discuss the reasonableness of the financial reporting process, the system of internal control, significant comments or recommendations, and management s performance? 10. Does the governing board take steps to ensure an appropriate tone at the top? 11. Does the governing board or audit committee take action (e.g., issue directives to management) as a result of its findings?

MANAGEMENT S PHILOSOPHY AND OPERATING STYLE Management s philosophy and operating style have a significant influence on the control environment particularly when management is dominated by one or few individuals. Management s philosophy and operating style should create a positive atmosphere in which the risk of misstatement is reduced and that is conducive to the effective operation of internal control. 1. Has a significant or unexpected change in management recently occurred or are such changes likely to occur during the next year? 2. Has there been excessive turnover of management or supervisory personnel? 3. Are management and operating decisions dominated by one or a few individuals? 4. Does management move carefully, proceeding only after carefully analyzing the risks and potential benefits of a venture? (A high risk venture for government might include undertaking new programs prior to approval of funding sources, using riskier investment types, issuing significant amounts of debt that approach or exceed the legal debt limit, etc.) 5. Does management set university-wide objectives that include broad statements of what the entity desires to achieve that are supported by related strategic plans? 6. Does management have mechanisms to anticipate, identify and react to events or activities that affect achieving university objectives? 7. Is there reason to be concerned about management s overall commitment to accurate financial reporting? a. Does the university use controversial accounting policies? b. Does management tend to interpret accounting and reporting standards aggressively?

c. Has management been reluctant to adjust the financial statements for material misstatements? d. Has management been reluctant to adjust the SEFA for material misstatements? e. Has management failed to adequately consult with the external auditors on accounting issues? 8. Is there reason to be concerned about management s commitment to designing and maintaining reliable accounting systems or effective internal control? a. Does management appear unconcerned about maintaining effective internal control to permit the preparation of reliable financial statements and federal reports? b. Does management appear unconcerned about maintaining accountability and safeguarding funds, property, and other assets against loss from unauthorized use or disposition? c. Has management s responsiveness to prior audit findings, control recommendations, and questioned costs been negative? d. Has the university failed to establish procedures relative to the prevention of illegal acts, including the use of directives? e. Has management failed to provide periodic representations concerning compliance with laws and regulations? f. Has management failed to respect and adhere to program compliance requirements? g. Does the accounting or information technology department appear to be inadequately staffed? h. Do resources to assist personnel to perform their duties appear to be unavailable or inadequate?

ORGANIZATIONAL STRUCTURE A university s organizational structure provides the overall framework for planning, directing, and controlling operations. The organizational structure should not be so simple that it cannot adequately monitor the entity s activities or so complex that it inhibits the flow of necessary information. As organizational structures vary, a university s controls should also vary to fit its needs and circumstances. 1. Is the organization of the university clearly defined in terms of lines of authority and responsibility? 2. Are controls for authorization of transactions established at an adequately high level? 3. Are such controls adequately adhered to? 4. Is there adequate supervision and monitoring of decentralized operations? 5. Is the organizational structure appropriate for the size and complexity of the entity? 6. Has management established policies for developing and modifying accounting systems and control activities? 7. Is management actively involved in supervising the accounting and information technology departments? 8. Is there sufficient communication between management of the accounting and information technology departments? 9. Are accounting and information technology departments centralized? 10. Is there sufficient supervision and monitoring of information technology operations, especially decentralized information technology operations?

ASSIGNMENT OF AUTHORITY AND RESPONSIBILITY The methods of assigning authority and responsibility should result in a clear understanding of reporting relationships and responsibilities established within the university. 1. Is there a clear assignment of responsibility and delegation of authority to deal with such matters as organizational goals and objectives, operating functions, and regulatory requirements? 2. Are employee job responsibilities, including specific duties, reporting relationships, and constraints clearly established and communicated to employees? 3. Has management clearly communicated the scope of authority and responsibility to information technology and accounting personnel? 4. Does the level of communication between the managers of the accounting and information technology departments appear to be sufficient? 5. Is the documentation of information technology policies and procedures adequate? HUMAN RESOURCE POLICIES AND PRACTICES The university s human resource policies and practices should have a positive influence on the university s ability to employ sufficiently competent personnel to accomplish its goals and objectives. In considering the effect of personnel policies and procedures on the audit, they may affect the organization as a whole or particular aspects of the organization (e.g., information technology) or accounting systems (e.g., payroll vs. purchases and acquisitions). Where appropriate, identify accounts or transaction cycles that may be specifically affected by personnel issues, such as high turnover of personnel. 1. Do personnel, including key managers, possess adequate knowledge and experience to discharge their responsibilities?

2. Do university/departmental personnel understand the duties and procedures applicable to their jobs? 3. Is the turnover of key personnel relatively low? 4. Does the workload of departmental personnel appear to permit them to be mindful of controlling the quality of their work? 5. Does previous experience with the department indicate sufficient competence on the part of departmental personnel? 6. Has management shown a commitment to competence and ensured that personnel receive adequate training to perform their duties? CONTROL ENVIRONMENT EVALUATION Conclude on the overall sufficiency of the control environment. Any risk factors identified that could result in errors, fraud, irregularities and/or illegal acts should be considered when analyzing the department s operations, and the completed questionnaire should be forwarded to Financial Controls.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information