Checklists & Questionnaires available on KnowledgeLeader

This page contains many of the sample checklists & questionnaires that are available on KnowledgeLeader. These checklists & questionnaires are all provided in downloadable versions so they can be repurposed for use in your organization.

Select one of the areas below to view summaries of these checklists & questionnaires, or click to view the full list by Date, Title, or by Topic.

Human Resources Internal Control Questionnaire
This questionnaire is to be utilized as a checklist of the basic controls for Sections 302 and 404 of the Sarbanes-Oxley Act. This document focuses on the Human Resources function and its associated internal control structure.

Segregation of Duties in Significant Cash Receipts Applications Questionnaire
This form has been designed to highlight potentially conflicting duties performed by one individual which could impact the effectiveness of controls over a cash receipts application.

COSO ERM Diagnostic Questionnaire
The tool can be used in assessing the effectiveness of a company’s ERM process. This tool is organized by the eight components of the COSO ERM Framework and users are prompted to assess senior management’s effectiveness in performing the key elements the eight components and whether or not the activities are integrated into a continuous process.

Segregation of Duties in Significant Cash Disbursement Applications Questionnaire
The following document outlines a set of steps to be followed when reviewing segregation of duties in significant cash disbursement applications.

Global Privacy Analysis Application Questionnaire - System Information Garnering
This questionnaire helps determine whether new technologies, information systems and initiatives or proposed programs and policies meet basic privacy requirements. The purpose of such an initiative is to provide documented assurance that privacy issues have been appropriately identified, adequately addressed or communicated to more senior management for further direction.

Disclosure Committee Questionnaire
The purpose of this questionnaire is to ensure that all necessary quarterly financial reporting disclosures are addressed, and any changes to these disclosures are explained by management.

IT Process Questionnaire – Change Management
The purpose of this IT process questionnaire is to ensure that all changes to IT resources and infrastructure configurations are carried out in a planned and authorized manner. It involves distinct processes both for managing change requests and also for deploying those changes throughout the enterprise.

Data Conversion Compliance Questionnaire
This questionnaire provides an outline for reviewing documentation associated with a data conversion. Sections of the questionnaire include template review observations, documentation review observations, compliance recommendations, and compliance rating.

IT General Controls Questionnaire
IT general controls are critical and central to business processes. This excel-based template provides a number of COBIT areas and the related control objectives for each IT general control. You can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. This questionnaire has been updated with areas defined in COBIT 4.1.

Reporting and Wrap-Up – Project Checklist
The purpose of this checklist is to assist a project team in ensuring that the administrative elements of wrapping-up an audit project are completed in accordance with company requirements. This checklist covers topics such as holding a closing meeting, drafting the report, and obtaining sign-off on the audit report.

Audit Planning – Project Checklist
The purpose of this checklist is to assist a project team in ensuring that the administrative elements of an audit project are completed in accordance with company requirements. This checklist covers topics such as scope of project, setting project expectations with auditee, and determining which audit tools to use on the project.

Audit Fieldwork – Project Checklist
The purpose of this checklist is to assist a project team in completing the administrative elements of a project in accordance with company requirements. This checklist covers topics such as workpaper requirements, communication protocol, and scheduling the closing meeting.

IT General Controls Scoping Questionnaire
This questionnaire has been designed to facilitate an assessment of existing controls to determine if they align with the IT Governance Institute (ITGI) control objectives. This questionnaire will allow the reviewer to determine which control objectives and illustrative controls are in-scope, and document which control objectives and illustrative controls are currently addressed with existing controls.

Healthcare Industry IT Risk Assessment Questionnaire
The purpose of this tool is to help a healthcare company perform an IT risk assessment. The risk assessment worksheets document IT components, IT processes and IT projects, and provide business process definitions. The assessment also allows the user to configure options, and rank all identified risks automatically.

Sales Order Entry Questionnaire
The purpose of this questionnaire is to document a review of the sales order entry process. This process focuses on evidence of an arrangement, delivery, price and fees, international requirements, and collections.

Finance Process Improvement Project Plan - Accounts Payable
This sample spreadsheet is used to track details associated with financial process effectiveness for the accounts payable process. Data tracked in this spreadsheet includes activities, effort by level (measured in hours), and milestones.

IT Due Diligence Checklist
This checklist focuses on what risks or controls a small company must assess in order to address their IT due diligence practices. Topics covered in this document include: IT management, personnel, and contractors as well as many more.

Finance Process Improvement Project Plan - General Accounting Questionnaire
This is a sample spreadsheet used to track details associated with improving the general accounting process. Data tracked in this spreadsheet includes activities, effort by level (measured in hours), and milestones.

Manual Journal Entries in the Consolidations System
This questionnaire focuses on the financial close process, specifically manual journal entries in the consolidation system. This document includes a process description, key risks, expected key controls, and key questions to ask during this process review.

SOX Process Walkthrough Questionnaire
The purpose of this template is to provide guidance to business units in the performance of walkthroughs associated with Sarbanes-Oxley Act compliance requirements. It may also be used by management in other matters related to the evaluation of internal controls over financial reporting.

IT General Controls Questionnaire
IT general controls are critical and central to business processes. This excel-based template provides a number of COBIT areas and the related control objectives for each IT general control. You can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. This questionnaire has been updated with topics focused on IT strategic planning; acquire or develop application software; manage changes; and define and manage service levels.

Eliminate Intercompany Transactions and Consolidate Financial Data
This questionnaire focuses on the financial close process, specifically elimination of intercompany transactions and consolidating financial data. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review.

IT Risk Assessment Survey Questionnaire
This questionnaire is for conducting an IT risk assessment. It covers topics appropriate for IT management and IT executive management. These topics include: Educate and train users; Assess and manage IT risks; and IT strategic planning.

Consolidations System Chart of Accounts Maintenance
This questionnaire focuses on the financial close process, specifically consolidation system chart of accounts maintenance. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review.

Data Center General Controls Questionnaire: Continuity of Operations
This is the final section of a thirteen part mainframe data center general controls questionnaire. The questionnaire covers data center continuity of operations.

Fixed Assets Process Controls Questionnaire
Fixed assets are important to a company because of their relative permanence in the company’s operations and their use in operating activities. This excel-based template provides a number of business activities and related control objectives for each activity. This questionnaire has been updated with the following: involvement of the purchasing department, presence of a corporate depreciation policy, and monthly financial close procedures.

Data Center General Controls Questionnaire: Telecommunications
This is the twelfth section of a thirteen part mainframe data center general controls questionnaire. The questionnaire covers the management of telecommunications resources.

Data Center General Controls Questionnaire: Hardware and Software Inventory Management
This is the eleventh section of a thirteen part mainframe data center general controls questionnaire. This section covers systems hardware and software inventory management.

Data Center General Controls Questionnaire: Database Administration
This is the tenth section of a thirteen part mainframe data center general controls questionnaire. This section covers systems database administration.

Data Center General Controls Questionnaire: Vendor Support
This is the ninth section of a thirteen part mainframe data center general controls questionnaire. This section covers systems vendor support.

Data Center General Controls Questionnaire: Systems Software Support
This is the eighth section of a thirteen part mainframe data center general controls questionnaire. This section covers systems software support.

Generate Financial Statements and Disclosures
This questionnaire focuses on the financial close process, specifically generating financial statements and related disclosures. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review.

Data Center General Controls Questionnaire: Application Systems Development and Maintenance
This is the seventh section of a thirteen part mainframe data center general controls questionnaire. This section covers security administration.

Data Center General Controls Questionnaire: Security Administration
This is the sixth section of a thirteen part mainframe data center general controls questionnaire. This section covers security administration.

Analyze Financial Results
This questionnaire focuses the financial close process, specifically reviewing and analyzing consolidated financial information and business segment information. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review.

Data Center General Controls Questionnaire: Program, Data File, and Transaction Security
This is the fifth section of a thirteen part mainframe data center general controls questionnaire. This section covers program, data file and transaction security.

Upload Data from General Ledger to the Consolidations System
This questionnaire focuses the financial close process, specifically when data is uploaded the general ledger (G/L) to the consolidations system. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review.

Data Center General Controls Questionnaire: Environmental Controls
This is the fourth section of a thirteen part mainframe data center general controls questionnaire. This section covers environmental controls.

E-Commerce Questionnaire
This is a multi-section questionnaire that can be used, for example, during an internal audit of an E-Commerce organization.

Data Center General Controls Questionnaire: Physical Security
This is the third section of a thirteen part mainframe data center general controls questionnaire. This section covers physical security.

Data Center General Controls Questionnaire: Computer Operations
This is the second section of a thirteen part mainframe data center general controls questionnaire. This section covers Computer Operations.

Data Center General Controls Questionnaire: Organization and Management
This is the first section of a thirteen part mainframe data center general controls questionnaire. This section covers Organization and Management.

Entity Level Controls - Information and Communication Questionnaire
Information and communication is the component of internal control that ensures that pertinent information is identified, captured, and communicated in a form and timeframe that enables people to carry out their responsibilities. This excel-based template provides a number of COSO elements and the related control objectives for entity level controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. The Information Availability, Reliability of IT Systems, and Communications sections have been updated in this questionnaire.

Entity Level Controls - Monitoring Questionnaire
Monitoring is a process that assesses the quality of the entity's internal control performance over time. This excel-based template provides a number of COSO elements and the related control objectives for entity level controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. The Ongoing Monitoring section has been updated in this questionnaire.

Entity Level Controls - Risk Assessment Questionnaire
Risk assessment is the component of the entity’s internal control that involves identifying and analyzing risks internally and externally. Risk assessment is relevant to achieving business objectives as well as objectives related to the preparation of reliable financial statements. This excel-based template provides a number of COSO elements and the related control objectives for entity level controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management’s action plan for deficiencies. The Entity-Wide Objectives and Manage Change sections have been updated in this questionnaire.

Entity Level Controls - Control Environment Questionnaire
The control environment provides an atmosphere in which people conduct their activities and carry out their control responsibilities. It is the foundation for all other components of internal control, providing discipline and structure. This excel-based template provides a number of COSO elements and the related control objectives for entity level controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. The following sections have been updated in this questionnaire: Integrity & Ethical Values, Commitment to Competence, Board of Directors or Audit Committee, Organizational Structure, Assignment of Authority & Responsibility.

Fixed Assets – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting a fixed asset audit. It is intended to help the internal audit department understand existing business processes involving fixed assets and management's view of the internal control environment. This document has been updated with items such as: fixed asset system change management, capital expense policy, and periodic review of depreciation expense.

Service Level Agreement Controls Interview Questionnaire - IT
The purpose of this interview questionnaire is to assess the IT processes associated with a Service Level Agreement (SLA). The questionnaire addresses topics such as identifying critical systems, applications, and services; change services; and continuity planning.

Monthly Financial Close Process Checklist
The purpose of this checklist is to document the activities performed as part of the monthly financial close process at a company. For each step covered in this checklist, users are encouraged to document the responsible person, date due, and whether the task has been completed and reviewed. This tool has been updated with additional general financial close procedures and steps related to recording fixed assets.

Employee Termination Checklist
This checklist outlines steps to follow when an employee stops working for a company. These steps should be modified to reflect each organization’s employee termination process.

Employee New Hire Checklist
This checklist outlines steps to follow when a new employee starts working with a company. These steps should be modified to reflect each organization’s new hire orientation process.

Employee Expense Reimbursement Process Review Checklist
Internal Audit can use this checklist when reviewing whether the employee expense reimbursement process is conducted according to the company’s Travel & Expense Policy. Deviations from the established policy could result in unauthorized reimbursements and/or additional costs for the company. Updates made to this checklist include steps to gain an understanding of the current reimbursement policy and process.

Due Diligence Checklist – Example 2
The purpose of this document is to provide a list of items to consider when performing due diligence on a potential acquisition. This checklist is intended to be a list of financial items to consider during this process. This list should be customized to fit the nature of the acquisition process.

Linux Audit Checklist
This checklist is to be used to audit a Linux environment. It attempts to provide a generic set of controls to consider when auditing a Linux environment, and does not account for the differences between the different Linux distributions on the market (e.g. Red Hat, Caldera, Mandrake, etc.).

Oracle Baseline Security Checklist
This checklist contains detailed steps to undertake to check the security of systems using Oracle, from checking and installing the latest patches, to ensuring privileges are restricted and access is correctly controlled.

Process Integration Checklist
The purpose of this checklist is to facilitate the merging of company subsidiary divisions and their duplicate processes. Included are guidelines for this facilitation process and topics to address during scheduled meetings.

Sun Solaris Security Checklist
This checklist contains detailed steps to undertake to check the security of systems running the Sun Solaris operating system, from checking and installing the latest patches, to ensuring all permissions are correct and system accounts are protected.

Red Hat Linux Security Checklist
This checklist contains detailed steps to undertake to check the security of systems running the Red Hat Linux operating system, from checking and installing the latest patches, to ensuring all permissions are correct and system accounts are protected.

Audit Planning and Scoping Checklist
This checklist should be used when planning the nature, timing and extent of work on an individual audit assignment where the design effectiveness and/or operational effectiveness of any business process is to be examined. It should be used in connection with a planning and scoping memorandum template to prepare detailed instructions for the work.

IBM AIX Security Checklist
This IBM AIX security access control checklist includes detailed information on ways to reduce the security exposure so that the specified expected result is obtained.

Service Level Agreement Controls Interview Questionnaire – IT Help Desk
The purpose of this interview questionnaire is to assess the IT Help Desk process associated with a Service Level Agreement (SLA). The questionnaire addresses topics such as documentation of IT calls, follow-up communication with end users, and meeting end user needs.

Acquisition Closing Checklist
The purpose of this checklist is to document the activities performed as part of the acquisitions/new business development process by a company. The steps covered in this checklist focus on pre-acquisition activities, performing due diligence, post acquisition activities, and management approval.

Entity-Level, IT, and Business Process Controls Questionnaires
Entity-level controls are the foundation for internal control, providing discipline and structure to the organization. IT general controls have a pervasive effect on the reliability, integrity and availability of processing and relevant data. Business process controls provide structure to generate revenue, account for costs incurred, and ultimately report on the financial state of the organization. These excel-based templates provide you the opportunity to document items such as whether these controls exists; whether they are designed properly; related test procedures; and management action plan for deficiencies. These questionnaires are intended to help you comply with corporate governance requirements.

Entity-Level Controls – Fraud Questionnaire
Fraud prevention is essential to set the right tone for an effective internal control framework. This excel-based template links the COSO components to a number of control objectives for entity-level fraud controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and the management action plan for deficiencies.

ITIL/COBIT Problem Management Checklist
This is the second of two checklists that can be used to ensure that all non-standard operational events (incidents, errors and problems) are identified, recorded, analyzed and resolved through the use of a suitable problem management system. COBIT Delivery Standard 10 – Manage Problems and Incidents, identifies objectives for managing problems and incidents. The specific objectives listed in this checklist can be mapped onto relevant IT Infrastructure Library (ITIL) activities. The second checklist deals with problem management.

ITIL/COBIT Incident Management Checklist
This is the first of two checklists that can be used to ensure that all non-standard operational events (incidents, errors and problems) are identified, recorded, analyzed and resolved through the use of a suitable problem management system. COBIT Delivery Standard 10 – Manage Problems and Incidents, identifies objectives for managing problems and incidents. The specific objectives listed in this checklist can be mapped onto relevant IT Infrastructure Library (ITIL) activities. The first checklist deals with incident management.

User Relationship With IT Management: Equipment Acquisition Procedure Assessment Questionnaire
An improperly established relationship between IT and users poses the risk that users may lack guidance on acquiring information processing tools. The objective of the questionnaire is to determine whether adequate procedures are in place for acquiring hardware and software.

User Relationship With IT Management: User Group Assessment Questionnaire
An improperly established relationship between IT and users poses the risk of ineffective organizational infrastructure. The existence and effectiveness of a user group will determine the level of risk within an organization. This questionnaire helps assess the effectiveness of a user group.

User Relationship With IT Management: User Computing Standards Assessment Questionnaire
An improperly established relationship between IT and users poses the risk that there may be inadequate user computing standards. Users may experience unnecessarily long learning curves because user computing standards and procedures are not adequately enforced. The objective of this questionnaire is to define adequate control procedures and to determine whether those procedures are in place.

User Relationship With IT Management: User Security Procedure Assessment Questionnaire
An improperly established relationship between IT and users poses the risk that there may be inadequate user security procedures. The objective of the questionnaire is to define adequate control procedures and to determine whether those procedures are in place.

User Relationship With IT Management: Corporate Data Use Assessment Questionnaire
An improperly established relationship between IT and users poses the risk that users may make ineffective use of corporate data. Users are either unable to access corporate data or that data is not used effectively. The objective of this questionnaire is to define adequate control procedures and to determine whether those procedures are in place.

User Relationship With IT Management: User Satisfaction Assessment Questionnaire
An improperly established relationship between IT and users poses the risk that users may be dissatisfied with the central IT function. This questionnaire helps to determine whether users are not getting the type of service desired, and whether communication of this dissatisfaction is inadequate.

User Relationship With IT Management: User Knowledge Assessment Questionnaire
An improperly established relationship between IT and users poses the risk that users may have inadequate knowledge of IT systems. Users may require more technical knowledge to use the available technology efficiently, effectively, and economically. The objective of this questionnaire is to assess whether users have the systems knowledge they need to be effective.

Information Security Risk Assessment Questionnaire, based on ISO/IEC 27002:2005
This checklist is designed to assist in reviewing and documenting the risk profile of your organization’s information processing activities. The checklist contains ten sections, in accordance with ISO/IEC 27002:2005.

Medical Clinic Operational Processes Questionnaire
This sample questionnaire can be used when performing an audit of a medical clinic’s operational processes. It is intended to help an internal audit department complete a baseline compliance review of these activities. Questions focus on topics such as maintenance of patient medical records, patient relations, physician consultation practices, and storage of medical equipment.

Control Design Effectiveness Review Checklist
This excel-based template provides an example of how to review control design effectiveness to ensure the control mitigates the associated risk. You would use this review process sheet to document the reviewer’s comments and associated response. The excel form also provides guidance in designing controls to address financial reporting assertions.

Medical Records Documentation Checklist
This sample checklist can be utilized when performing an audit of medical records documentation. It is intended to help an internal audit department understand the existing documentation process related to medical records. Items of review include the filing system used, document retention, and training materials.

Information Technology General Controls - Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an information technology general controls (ITGC) audit. It is intended to help the internal audit department understand existing business processes involving ITGC and management's view of the internal control environment.

Financial Close Process Controls Questionnaire
The financial close process is important to a company as it is the function directly related to producing company financial results for each period end. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies.

Medical Records, Coding, and Billing Processes Compliance Questionnaire
This sample questionnaire can be utilized when performing an audit of medical records, coding, and billing compliance processes. It is intended to help an internal audit department understand the existing process related to medical records, coding and billing and assess the compliance of these processes. Questions focus on topics such as policies and procedures, records management, and training in billing techniques.

Detailed Medical Record Review Questionnaire
This is an example medical record review questionnaire that can be utilized when performing a healthcare audit. It is intended to help an internal audit department understand the existing process related to medical records management and assess the compliance of this process.

Financial Reporting and General Ledger Control Self Assessment Questionnaire
This is an example of a self assessment questionnaire that can be presented to managers or process owners before conducting an audit. It is intended to help the Internal Audit department understand existing controls around financial reporting and general ledger processes.

SOX Testing Review Checklist
This excel-based template provides an example of how to review SOX testing documentation. You would use this review process sheet to document the reviewer’s comments and tester’s response. The excel form allows you to record comments related to the test plan, test execution, and documentation format.

Budget – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit of the budget process. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment.

General Threat Questionnaire
This risk assessment questionnaire can be used to identify the failure scenarios, likelihood, and severity of over 100 environmental, man-made, business, and IT risks.

Billing, Accounts Receivable, Credit, and Collections – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit of the billing, accounts receivable, credit, and collections process. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment.

Accounts Payable – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an accounts payable audit. It is intended to help the internal audit department understand existing accounts payable business processes and management's view of the internal control environment.

Enterprise Risk Management Interview Questionnaire
The ultimate goal of Enterprise Risk Management (ERM) is to evaluate total returns relative to total risks, leading to more informed business decisions. This questionnaire can be used when assessing an organization’s enterprise risk management strategy. It focuses on the internal environment, objective setting, event identification, risk assessment, risk response, control activities, and information and communication.

Payroll – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting a payroll audit. It is intended to help the internal audit department understand the existing business processes and management's view of the internal control environment.

System Implementation Risk Assessment Questionnaire
This questionnaire helps to assess the risks involved in the implementation of any new or updated software application.

Control Self-Assessment Questionnaire
In complying with the Sarbanes-Oxley Act, it is management’s responsibility to design, adhere to and monitor the significant operating and financial controls of the organization. This short self-assessment questionnaire has been designed to obtain management’s input in order to establish a common understanding of the level of control of an organization or department.

Implementation Review Scoping Checklist
This checklist assists with the scoping of an application controls review and/or implementation review that covers both pre- and post-implementation procedures. The primary goal is to identify those areas that Internal Audit will focus on during the implementation.

Tax Compliance Process Internal Control Questionnaire
The purpose of this questionnaire is to assess the internal controls related to a company’s tax compliance process. This document outlines sample tax compliance controls and assists in identifying if the control is in place.

IT Application Control Deficiency Decision Process Questionnaire
This questionnaire serves as a guide in determining the severity of control application deficiencies cited during the SOX control testing process. The results of this process are used to determine potential significant deficiencies/material weaknesses. Topics in this questionnaire assist management in assessing IT application controls.

IT Infrastructure Control Deficiency Decision Questionnaire
This questionnaire can be used as a guide to determine the severity of any deficiencies cited during the control testing process. A SOX control deficiency assessment can be completed using this information and other information provided by management in reaching its decision.

Business Control Deficiency Decision Process Questionnaire
This questionnaire serves as a guide in determining the severity of deficiencies cited during the SOX control testing process. The results of this process are used to determine potential significant deficiencies/material weaknesses. Topics in this questionnaire include compensating controls and deficiencies that may be symptomatic of a larger issue or theme.

Chief Audit Executive IT Control Checklist
Chief Audit Executives can use this checklist to examine their IT control framework to ensure the organization has addressed all control elements. The checklist can help the CAE understand the issues and plan for full internal audit coverage of the control areas.

Audit Committee Self-Assessment Checklist
The self-assessment process is an important exercise for audit committees to complete as they are responsible for important activities such as the quality and integrity of a company’s accounting practices and controls and compliance with legal and regulatory requirements. This is a sample self-assessment checklist for audit committees to use when evaluating their current involvement in a company’s control environment.

SOX Policy Evaluation Checklist
Policies are an important part of the internal control over financial reporting evaluation process. This is a sample checklist to use when identifying the availability and status of company policies associated with the financial reporting process. This tool also assists with organizing policies by financial statement, area of significance, and financial statement element.

Treasury Process Controls Questionnaire
The treasury process is important to a company because it is the function overseeing the cash flow of the company’s operations and its use related to payments, receipts, and investments. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies.

End-of-Audit Feedback Survey Questionnaire
This questionnaire can be distributed at the end of an internal audit project. It communicates a department’s commitment to providing the highest quality services and helps manage expectations. The feedback can be used to improve service and identify important areas of focus for future internal audit projects.

Payroll Process Controls Questionnaire
The payroll process is important to a company as it is the key to compensating employees for the contributions to the company’s operations and generation of revenues. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies.

Self-Assessment Checklist
Self-assessments are intended to help the internal audit department understand existing business processes and understand management's view of the internal control environment. This is a sample checklist to follow when issuing self-assessment questionnaires to managers or process owners. Items in the checklist include self-assessment set-up processes, issuing the self-assessment, compiling the results, and reporting to management.

Inventory Management Control Questionnaire
Inventory is an important asset for many companies as it is often a large asset on the company’s financial statements and represents a source of revenue in the near future through sales of the goods. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies.

Revenue Process Control Questionnaire
Revenue process controls are important to financial reporting because this process measures the accomplishments of the operating activities of a company. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies.

Expenditure Process Control Questionnaire
Expenditure process controls are important to financial reporting as this process focuses on costs companies incur while delivering goods, rendering services, or other activities that are central to the company’s operations. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies.

Internal Audit Client Satisfaction Questionnaire
This questionnaire is intended to be sent to relevant departments upon completion of work performed by internal audit. This tool contains a sample email providing instruction on completing the questionnaire. The questionnaire contains drop-down menus with pre-populated answers to assist in the questionnaire reporting process.

Hazard Assessment Checklist and Corrective Action Report
This checklist is to be used when conducting periodic hazard assessments. If any deficiencies are found, the corrections should be recorded using the Corrective Action Report following the checklist.

Entity Level Documentation Request Checklist
The COSO Internal Control - Integrated Framework requires that risks and controls be assessed at both the entity level and the process level. Entity level controls address the “tone at the top” and include items such as ethics programs, investigation protocols, and IT infrastructure controls. Adequate evidence of the entity level controls should be accumulated to support management’s assertions. One of the ways to gather such evidence is to review the corporate documentation that supports that these entity level controls are in place. This checklist provides a template in which to track the availability and status of such entity level control documentation.

Close The Books – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment.

Closing Out Year One: SOX Best Practice Checklist
This checklist provides a list of SOX considerations for companies gearing up SOX efforts in 2005 and those continuing their second year of compliance. The checklist offers advice on topics such as project management, project details, and committees. Using this type of checklist will facilitate moving SOX compliance efforts towards best practice.

Audit Work Paper Quality Review Checklist
This checklist provides guidance on how to prepare audit work papers to ensure quality and clarity. The checklist identifies organizational tasks, required information, and formatting that should be complete prior to submitting audit work papers for review. Using this type of checklist will facilitate the review process performed by superiors or management.

Tax Process: Objectives and Control Checklist
This self-assessment checklist is intended to be used as a preliminary checklist before an audit. It gives the auditee an opportunity to inform internal audit about controls and processes they employ, and it also gives the auditee ideas about other controls and processes that may be appropriate.

Documentation - 404 Readiness Checklist
This checklist can be used to evaluate the adequacy of Section 404 process documentation prior to submitting it to the external auditor for review and prior to creating testing plans.

Test Documentation Validation Checklist
This checklist provides guidance on how to track documentation related to tests of controls. It focuses on examples of documentation needed to complete tests of controls, a template to record the completeness and accuracy of the documentation received, and areas to track missing required documentation and sampling requests made to the client.

General IT Controls Review: Password Questionnaire
Consider the best practice items in this questionnaire when assessing your user password standards.

Update Testing – Control Self Assessment Questionnaire
This questionnaire has been designed to facilitate an assessment of whether the controls within a business unit are currently operating effectively. To meet the guidelines of Section 404 requiring management attestation as of a company’s fiscal year-end, this questionnaire is used to identify any changes that have occurred or are planned prior to year-end. Questions in this tool focus on verifying that process documentation is complete and accurate, all key internal controls and key information systems have been identified, and all areas within a business unit that are relevant to Sarbanes-Oxley have been identified.

Sarbanes-Oxley Walkthrough Checklist
The purpose of this checklist is to provide guidance to help a process owner prepare for a process walkthrough. It also includes post-walkthrough questions to help the process owner document any questions or issues raised.

Payroll Best Business Practice Checklist
This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed in the area of payroll. The answers to these questions will help to determine areas for improvement.

Month-End Close: Best Business Practice Checklist
This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed when performing a month-end close. The answers to these questions will help to determine areas for improvement.

AML Audit Checklist
The USA PATRIOT Act requires that all financial institutions maintain an anti-money laundering (AML) program that is tested by independent auditors. This audit checklist is intended to assist financial institutions in preparing for the independent tests of their AML programs. It identifies areas that are generally within the audit scope, and lists the types of information that the auditors will likely request.

Cash Receipts/ Collections Best Business Practice Checklist
This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed in the areas of Collections and Cash Applications. The answers to these questions will help to determine areas for improvement.

Billing Best Business Practice Checklist
This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed in the area of billing. The answers to these questions will help to determine areas for improvement.

Accounts Payable Best Business Practice Checklist
This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed in the area of accounts payable. The answers to these questions will help to determine areas for improvement.

Internal Audit Department Best Practice Evaluation Worksheet
This evaluation worksheet for internal audit departments provides a checklist of best practice suggestion for five components of an internal audit function: roles & structure, people, process, technology, and knowledge.

Handheld Devices Checklists
These checklists help ensure handheld devices are correctly configured and used, and provide assistance in performing audits of environments containing handheld devices.

Sarbanes-Oxley Act and Proposed NYSE Listing Standards Compliance Checklist
This compliance checklist provides a summary of the Sarbanes-Oxley Act requirements, final and proposed SEC rules, and the corporate governance standards proposed by the New York Stock Exchange. It includes a disclosure-only checklist, which identifies new and proposed SEC disclosure requirements.

Office Relocation: IT Checklist
This checklist can be used by IT and telecom personnel when planning an office relocation. It gives the planner an opportunity to inform internal audit about controls and processes employed to minimize the risk of a move; and also suggests other controls and processes that may be appropriate.

>> Sign up now for a 30-day free trial or an annual subscription.

Find out more about our subscription prices and group discounts.

If you have any questions please contact us.

SIGN UP FOR A 30-DAY FREE TRIAL

We invite you to use the tools and resources within KnowledgeLeader for free for 30 days so you can discover for yourself how this service will improve your internal audit and risk management capabilities.

Your free trial will expire automatically. There is no obligation to purchase a subscription.

Audit Committee & Board

Control Self Assessment

Corporate Governance

COSO

Enterprise Risk Management

Financial & Credit Risk

Fraud & Ethics

IFRS

Internal Audit

Sarbanes-Oxley

Security Risk

Technology Risk

All Topics

Work Programs

Audit Reports

Charters

Checklists & Questionnaires

Guides

Job Descriptions

Methodologies & Models

Policies & Procedures

Process Flows

Samples

All Tools

Checklists & Questionnaires available on KnowledgeLeader

SIGN UP FOR A 30-DAY FREE TRIAL

LEARN MORE

Prices and Ordering

KnowledgeLeader Value Proposition

KnowledgeLeader Content

About KLplus

Take a Tour

What Our Customers Say

KnowledgeLeader University Program

About Protiviti

	Access Agreement \| Privacy Policy	Join Our Community:
	© 2009 Protiviti Inc. EOE All Rights Reserved