Checklists & Questionnaires
The following 265 items are listed by date.
November 16, 2009 Revenue Recognition Questionnaire The purpose of this questionnaire is to document the revenue recognition review completed by the finance department. It evaluates whether persuasive evidence exists to support revenue recognition, the delivery method scheduled, and that established collection procedures exist. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Financial Reporting, Revenue, Sales Process & Marketing, Internal Controls November 9, 2009 Audit Committee Charter Review Checklist This checklist addresses a variety of topics and acts that often fall within the Audit Committee’s responsibilities. It provides a broad framework and a set of activities that can be undertaken by the Audit Committee to achieve appropriate oversight. This document is intended to only be used as a sample guide to understanding and reviewing the current charter. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Audit Committee & Board, Sarbanes-Oxley Act, Best Practices, Entity-Level Control October 12, 2009 Human Resources Internal Control Questionnaire This questionnaire is to be utilized as a checklist of the basic controls for Sections 302 and 404 of the Sarbanes-Oxley Act. This document focuses on the Human Resources function and its associated internal control structure. CONTENT AREA: Checklists & Questionnaires TOPICS: Human Resources, Payroll, Internal Audit, Self-Assessment, Sarbanes-Oxley Act, Internal Controls September 21, 2009 Segregation of Duties in Significant Cash Receipts Applications Questionnaire This form has been designed to highlight potentially conflicting duties performed by one individual which could impact the effectiveness of controls over a cash receipts application. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounts Receivable, Risk Management & Assessment, Internal Controls, Access Control Systems & Methodology, Fraud, Segregation of Duties, GRC September 14, 2009 COSO ERM Diagnostic Questionnaire The tool can be used in assessing the effectiveness of a company’s ERM process. This tool is organized by the eight components of the COSO ERM Framework and users are prompted to assess senior management’s effectiveness in performing the key elements the eight components and whether or not the activities are integrated into a continuous process. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, COSO, Enterprise Risk Management, Internal Controls, Risk Management & Assessment, Self-Assessment, GRC September 7, 2009 Segregation of Duties in Significant Cash Disbursement Applications Questionnaire The following document outlines a set of steps to be followed when reviewing segregation of duties in significant cash disbursement applications. CONTENT AREA: Checklists & Questionnaires TOPICS: Purchasing & Accounts Payable, Risk Management & Assessment, Internal Controls, Access Control Systems & Methodology, Fraud, Segregation of Duties, GRC August 10, 2009 Global Privacy Analysis Application Questionnaire - System Information Garnering This questionnaire helps determine whether new technologies, information systems and initiatives or proposed programs and policies meet basic privacy requirements. The purpose of such an initiative is to provide documented assurance that privacy issues have been appropriately identified, adequately addressed or communicated to more senior management for further direction. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, Security, Security Management Practices, Fraud, Privacy June 15, 2009 Disclosure Committee Questionnaire The purpose of this questionnaire is to ensure that all necessary quarterly financial reporting disclosures are addressed, and any changes to these disclosures are explained by management. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Financial Reporting, Corporate Governance, Audit Committee & Board, Sarbanes-Oxley Act, Internal Audit, Internal Controls, Section 404 - Internal Control Reporting, GRC June 8, 2009 IT Process Questionnaire – Change Management The purpose of this IT process questionnaire is to ensure that all changes to IT resources and infrastructure configurations are carried out in a planned and authorized manner. It involves distinct processes both for managing change requests and also for deploying those changes throughout the enterprise. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Audit, IT Controls, IT Strategy, Security, Application Development Security, Change Management May 25, 2009 Data Conversion Compliance Questionnaire This questionnaire provides an outline for reviewing documentation associated with a data conversion. Sections of the questionnaire include template review observations, documentation review observations, compliance recommendations, and compliance rating. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Audit, IT Controls, IT Infrastructure, IT Strategy, Security, Application Development Security May 18, 2009 IT General Controls Questionnaire IT general controls are critical and central to business processes. This excel-based template provides a number of COBIT areas and the related control objectives for each IT general control. You can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. This questionnaire has been updated with areas defined in COBIT 4.1. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Internal Controls, IT Controls, Change Management, COSO, Entity-Level Control, Internal Audit, Audit Testing, IT Audit, Security, Application Development Security February 2, 2009 Reporting and Wrap-Up – Project Checklist The purpose of this checklist is to assist a project team in ensuring that the administrative elements of wrapping-up an audit project are completed in accordance with company requirements. This checklist covers topics such as holding a closing meeting, drafting the report, and obtaining sign-off on the audit report. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Audit Planning, Audit Reporting, Internal Audit Administration, Project Management January 26, 2009 Audit Planning – Project Checklist The purpose of this checklist is to assist a project team in ensuring that the administrative elements of an audit project are completed in accordance with company requirements. This checklist covers topics such as scope of project, setting project expectations with auditee, and determining which audit tools to use on the project. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Audit Planning, Internal Audit Administration, Project Management January 19, 2009 Audit Fieldwork – Project Checklist The purpose of this checklist is to assist a project team in completing the administrative elements of a project in accordance with company requirements. This checklist covers topics such as workpaper requirements, communication protocol, and scheduling the closing meeting. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Audit Planning, Audit Testing, Internal Audit Administration, Project Management January 19, 2009 IT General Controls Scoping Questionnaire This questionnaire has been designed to facilitate an assessment of existing controls to determine if they align with the IT Governance Institute (ITGI) control objectives. This questionnaire will allow the reviewer to determine which control objectives and illustrative controls are in-scope, and document which control objectives and illustrative controls are currently addressed with existing controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Audit, IT Controls, Sarbanes-Oxley Act, Internal Audit, Internal Controls, Section 404 - Internal Control Reporting November 24, 2008 Healthcare Industry IT Risk Assessment Questionnaire The purpose of this tool is to help a healthcare company perform an IT risk assessment. The risk assessment worksheets document IT components, IT processes and IT projects, and provide business process definitions. The assessment also allows the user to configure options, and rank all identified risks automatically. CONTENT AREA: Checklists & Questionnaires TOPICS: Healthcare & Pharmaceuticals Industry, Technology, IT Audit, IT Controls, Internal Audit, Audit Testing, Risk Management & Assessment, Self-Assessment, GRC October 20, 2008 Sales Order Entry Questionnaire The purpose of this questionnaire is to document a review of the sales order entry process. This process focuses on evidence of an arrangement, delivery, price and fees, international requirements, and collections. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounts Receivable, Revenue, Sales Process & Marketing, Supply Chain October 13, 2008 Finance Process Improvement Project Plan - Accounts Payable This sample spreadsheet is used to track details associated with financial process effectiveness for the accounts payable process. Data tracked in this spreadsheet includes activities, effort by level (measured in hours), and milestones. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Purchasing & Accounts Payable, Internal Audit, Audit Testing, Project Management, Process-Level Control October 6, 2008 IT Due Diligence Checklist This checklist focuses on what risks or controls a small company must assess in order to address their IT due diligence practices. Topics covered in this document include: IT management, personnel, and contractors as well as many more. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, Disaster Recovery, Technology, IT Audit, IT Controls, Internal Audit, Self-Assessment, Change Management, Outsourcing/Co-sourcing/Shared Services September 29, 2008 Finance Process Improvement Project Plan - General Accounting Questionnaire This is a sample spreadsheet used to track details associated with improving the general accounting process. Data tracked in this spreadsheet includes activities, effort by level (measured in hours), and milestones. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Internal Audit, Project Management, Process-Level Control, Close the Books September 22, 2008 Manual Journal Entries in the Consolidations System This questionnaire focuses on the financial close process, specifically manual journal entries in the consolidation system. This document includes a process description, key risks, expected key controls, and key questions to ask during this process review. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Close the Books, Financial Reporting, Internal Controls, Process-Level Control September 22, 2008 SOX Process Walkthrough Questionnaire The purpose of this template is to provide guidance to business units in the performance of walkthroughs associated with Sarbanes-Oxley Act compliance requirements. It may also be used by management in other matters related to the evaluation of internal controls over financial reporting. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Internal Audit, PCAOB, Section 404 - Internal Control Reporting September 1, 2008 Eliminate Intercompany Transactions and Consolidate Financial Data This questionnaire focuses on the financial close process, specifically elimination of intercompany transactions and consolidating financial data. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Close the Books, Financial Reporting, Internal Controls, Process-Level Control August 11, 2008 IT Risk Assessment Survey Questionnaire This questionnaire is for conducting an IT risk assessment. It covers topics appropriate for IT management and IT executive management. These topics include: Educate and train users; Assess and manage IT risks; and IT strategic planning. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Audit, IT Controls, Internal Audit, Audit Committee & Board, Risk Management & Assessment, GRC August 4, 2008 Consolidations System Chart of Accounts Maintenance This questionnaire focuses on the financial close process, specifically consolidation system chart of accounts maintenance. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Financial Reporting, Process-Level Control, Close the Books July 28, 2008 Data Center General Controls Questionnaire: Continuity of Operations This is the final section of a thirteen part mainframe data center general controls questionnaire. The questionnaire covers data center continuity of operations. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, Disaster Recovery, Technology, IT Controls, Internal Audit, IT Audit July 28, 2008 Fixed Assets Process Controls Questionnaire Fixed assets are important to a company because of their relative permanence in the company’s operations and their use in operating activities. This excel-based template provides a number of business activities and related control objectives for each activity. This questionnaire has been updated with the following: involvement of the purchasing department, presence of a corporate depreciation policy, and monthly financial close procedures. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Fixed Assets, Sarbanes-Oxley Act, Internal Controls, Compliance, Process-Level Control, GRC July 21, 2008 Data Center General Controls Questionnaire: Telecommunications This is the twelfth section of a thirteen part mainframe data center general controls questionnaire. The questionnaire covers the management of telecommunications resources. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, IT Infrastructure, Telecommunications, Access Control Systems & Methodology, Physical Security July 14, 2008 Data Center General Controls Questionnaire: Hardware and Software Inventory Management This is the eleventh section of a thirteen part mainframe data center general controls questionnaire. This section covers systems hardware and software inventory management. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Software July 7, 2008 Data Center General Controls Questionnaire: Database Administration This is the tenth section of a thirteen part mainframe data center general controls questionnaire. This section covers systems database administration. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure June 30, 2008 Data Center General Controls Questionnaire: Vendor Support This is the ninth section of a thirteen part mainframe data center general controls questionnaire. This section covers systems vendor support. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Outsourcing/Co-sourcing/Shared Services June 23, 2008 Data Center General Controls Questionnaire: Systems Software Support This is the eighth section of a thirteen part mainframe data center general controls questionnaire. This section covers systems software support. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Software June 23, 2008 Generate Financial Statements and Disclosures This questionnaire focuses on the financial close process, specifically generating financial statements and related disclosures. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Financial Reporting, Internal Audit, Audit Testing, Internal Controls, Process-Level Control June 16, 2008 Data Center General Controls Questionnaire: Application Systems Development and Maintenance This is the seventh section of a thirteen part mainframe data center general controls questionnaire. This section covers security administration. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Software, Application Development Security June 9, 2008 Data Center General Controls Questionnaire: Security Administration This is the sixth section of a thirteen part mainframe data center general controls questionnaire. This section covers security administration. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Security, Security Management Practices June 2, 2008 Analyze Financial Results This questionnaire focuses the financial close process, specifically reviewing and analyzing consolidated financial information and business segment information. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Financial Reporting, Internal Audit, Audit Testing, Internal Controls, Process-Level Control May 26, 2008 Data Center General Controls Questionnaire: Program, Data File, and Transaction Security This is the fifth section of a thirteen part mainframe data center general controls questionnaire. This section covers program, data file and transaction security. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Software, Security, Access Control Systems & Methodology, Application Development Security May 26, 2008 Upload Data from General Ledger to the Consolidations System This questionnaire focuses the financial close process, specifically when data is uploaded the general ledger (G/L) to the consolidations system. This document includes: a process description, key risks, expected key controls, and key questions to ask during this process review. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Financial Reporting, Internal Audit, IT Audit, Risk Management & Assessment, Process-Level Control, GRC May 19, 2008 Data Center General Controls Questionnaire: Environmental Controls This is the fourth section of a thirteen part mainframe data center general controls questionnaire. This section covers environmental controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, IT Infrastructure May 19, 2008 E-Commerce Questionnaire This is a multi-section questionnaire that can be used, for example, during an internal audit of an E-Commerce organization. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, E-Business, IT Controls, IT Infrastructure, Security May 12, 2008 Data Center General Controls Questionnaire: Physical Security This is the third section of a thirteen part mainframe data center general controls questionnaire. This section covers physical security. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Security, Physical Security May 5, 2008 Data Center General Controls Questionnaire: Computer Operations This is the second section of a thirteen part mainframe data center general controls questionnaire. This section covers Computer Operations. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, IT Infrastructure, Internal Controls April 28, 2008 Data Center General Controls Questionnaire: Organization and Management This is the first section of a thirteen part mainframe data center general controls questionnaire. This section covers Organization and Management. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, IT Infrastructure, Internal Controls April 21, 2008 Entity Level Controls - Information and Communication Questionnaire Information and communication is the component of internal control that ensures that pertinent information is identified, captured, and communicated in a form and timeframe that enables people to carry out their responsibilities. This excel-based template provides a number of COSO elements and the related control objectives for entity level controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. The Information Availability, Reliability of IT Systems, and Communications sections have been updated in this questionnaire. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Sarbanes-Oxley Act, Internal Controls, IT Controls, COSO, Entity-Level Control April 7, 2008 Entity Level Controls - Monitoring Questionnaire Monitoring is a process that assesses the quality of the entity's internal control performance over time. This excel-based template provides a number of COSO elements and the related control objectives for entity level controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. The Ongoing Monitoring section has been updated in this questionnaire. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Audit Committee & Board, Internal Audit, Internal Audit Administration, Risk Management & Assessment, COSO, Entity-Level Control, GRC March 31, 2008 Entity Level Controls - Risk Assessment Questionnaire Risk assessment is the component of the entity’s internal control that involves identifying and analyzing risks internally and externally. Risk assessment is relevant to achieving business objectives as well as objectives related to the preparation of reliable financial statements. This excel-based template provides a number of COSO elements and the related control objectives for entity level controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management’s action plan for deficiencies. The Entity-Wide Objectives and Manage Change sections have been updated in this questionnaire. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Risk Management & Assessment, Sarbanes-Oxley Act, Internal Controls, COSO, Enterprise Risk Management, Entity-Level Control, GRC March 24, 2008 Entity Level Controls - Control Environment Questionnaire The control environment provides an atmosphere in which people conduct their activities and carry out their control responsibilities. It is the foundation for all other components of internal control, providing discipline and structure. This excel-based template provides a number of COSO elements and the related control objectives for entity level controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. The following sections have been updated in this questionnaire: Integrity & Ethical Values, Commitment to Competence, Board of Directors or Audit Committee, Organizational Structure, Assignment of Authority & Responsibility. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Audit Committee & Board, Sarbanes-Oxley Act, Internal Controls, Compliance, COSO, Entity-Level Control, GRC January 21, 2008 Fixed Assets – Preliminary Controls Assessment Questionnaire This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting a fixed asset audit. It is intended to help the internal audit department understand existing business processes involving fixed assets and management's view of the internal control environment. This document has been updated with items such as: fixed asset system change management, capital expense policy, and periodic review of depreciation expense. CONTENT AREA: Checklists & Questionnaires TOPICS: Fixed Assets, Internal Audit, Audit Testing, Process-Level Control, Segregation of Duties, Self-Assessment December 10, 2007 Service Level Agreement Controls Interview Questionnaire - IT The purpose of this interview questionnaire is to assess the IT processes associated with a Service Level Agreement (SLA). The questionnaire addresses topics such as identifying critical systems, applications, and services; change services; and continuity planning. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Strategy, Internal Audit, IT Audit, Performance Management/Measurement November 26, 2007 Monthly Financial Close Process Checklist The purpose of this checklist is to document the activities performed as part of the monthly financial close process at a company. For each step covered in this checklist, users are encouraged to document the responsible person, date due, and whether the task has been completed and reviewed. This tool has been updated with additional general financial close procedures and steps related to recording fixed assets. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Accounts Receivable, Cash & Treasury, Financial Reporting, Fixed Assets, Revenue, Close the Books October 15, 2007 Employee Termination Checklist This checklist outlines steps to follow when an employee stops working for a company. These steps should be modified to reflect each organization’s employee termination process. CONTENT AREA: Checklists & Questionnaires TOPICS: Audit Testing, Compensation & Benefits, Human Resources, Internal Audit, Payroll October 8, 2007 Employee New Hire Checklist This checklist outlines steps to follow when a new employee starts working with a company. These steps should be modified to reflect each organization’s new hire orientation process. CONTENT AREA: Checklists & Questionnaires TOPICS: Compensation & Benefits, Human Resources, Payroll October 1, 2007 Employee Expense Reimbursement Process Review Checklist Internal Audit can use this checklist when reviewing whether the employee expense reimbursement process is conducted according to the company’s Travel & Expense Policy. Deviations from the established policy could result in unauthorized reimbursements and/or additional costs for the company. Updates made to this checklist include steps to gain an understanding of the current reimbursement policy and process. CONTENT AREA: Checklists & Questionnaires TOPICS: Expense Reporting, Human Resources, Internal Audit, Internal Audit Administration, Audit Testing September 17, 2007 Due Diligence Checklist – Example 2 The purpose of this document is to provide a list of items to consider when performing due diligence on a potential acquisition. This checklist is intended to be a list of financial items to consider during this process. This list should be customized to fit the nature of the acquisition process. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounts Receivable, Financial Reporting, Fixed Assets, Investments & Foreign Exchange, Purchasing & Accounts Payable, Revenue, Taxation September 3, 2007 Linux Audit Checklist This checklist is to be used to audit a Linux environment. It attempts to provide a generic set of controls to consider when auditing a Linux environment, and does not account for the differences between the different Linux distributions on the market (e.g. Red Hat, Caldera, Mandrake, etc.). CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, IT Infrastructure, IT Audit, Security, Access Control Systems & Methodology September 3, 2007 Oracle Baseline Security Checklist This checklist contains detailed steps to undertake to check the security of systems using Oracle, from checking and installing the latest patches, to ensuring privileges are restricted and access is correctly controlled. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Software, Security, Access Control Systems & Methodology August 27, 2007 Process Integration Checklist The purpose of this checklist is to facilitate the merging of company subsidiary divisions and their duplicate processes. Included are guidelines for this facilitation process and topics to address during scheduled meetings. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Internal Controls, Project Management, Risk Management & Assessment, Process-Level Control, GRC August 27, 2007 Sun Solaris Security Checklist This checklist contains detailed steps to undertake to check the security of systems running the Sun Solaris operating system, from checking and installing the latest patches, to ensuring all permissions are correct and system accounts are protected. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Software, Security, Access Control Systems & Methodology August 13, 2007 Red Hat Linux Security Checklist This checklist contains detailed steps to undertake to check the security of systems running the Red Hat Linux operating system, from checking and installing the latest patches, to ensuring all permissions are correct and system accounts are protected. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Software, Security, Access Control Systems & Methodology August 6, 2007 Audit Planning and Scoping Checklist This checklist should be used when planning the nature, timing and extent of work on an individual audit assignment where the design effectiveness and/or operational effectiveness of any business process is to be examined. It should be used in connection with a planning and scoping memorandum template to prepare detailed instructions for the work. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Audit Administration, Audit Planning July 2, 2007 IBM AIX Security Checklist This IBM AIX security access control checklist includes detailed information on ways to reduce the security exposure so that the specified expected result is obtained. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Infrastructure, Security, Access Control Systems & Methodology, Software Tools May 21, 2007 Service Level Agreement Controls Interview Questionnaire – IT Help Desk The purpose of this interview questionnaire is to assess the IT Help Desk process associated with a Service Level Agreement (SLA). The questionnaire addresses topics such as documentation of IT calls, follow-up communication with end users, and meeting end user needs. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Strategy, Internal Audit, Audit Testing, IT Audit, Performance Management/Measurement May 7, 2007 Acquisition Closing Checklist The purpose of this checklist is to document the activities performed as part of the acquisitions/new business development process by a company. The steps covered in this checklist focus on pre-acquisition activities, performing due diligence, post acquisition activities, and management approval. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Investments & Foreign Exchange, Internal Audit, Internal Audit Administration, Sarbanes-Oxley Act, Internal Controls, Process-Level Control May 7, 2007 Entity-Level, IT, and Business Process Controls Questionnaires Entity-level controls are the foundation for internal control, providing discipline and structure to the organization. IT general controls have a pervasive effect on the reliability, integrity and availability of processing and relevant data. Business process controls provide structure to generate revenue, account for costs incurred, and ultimately report on the financial state of the organization. These excel-based templates provide you the opportunity to document items such as whether these controls exists; whether they are designed properly; related test procedures; and management action plan for deficiencies. These questionnaires are intended to help you comply with corporate governance requirements. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Controls, Process-Level Control, Entity-Level Control April 30, 2007 Entity-Level Controls – Fraud Questionnaire Fraud prevention is essential to set the right tone for an effective internal control framework. This excel-based template links the COSO components to a number of control objectives for entity-level fraud controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and the management action plan for deficiencies. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Audit Committee & Board, Sarbanes-Oxley Act, Internal Controls, COSO, Ethics, Fraud, Entity-Level Control, GRC April 30, 2007 ITIL/COBIT Problem Management Checklist This is the second of two checklists that can be used to ensure that all non-standard operational events (incidents, errors and problems) are identified, recorded, analyzed and resolved through the use of a suitable problem management system. COBIT Delivery Standard 10 – Manage Problems and Incidents, identifies objectives for managing problems and incidents. The specific objectives listed in this checklist can be mapped onto relevant IT Infrastructure Library (ITIL) activities. The second checklist deals with problem management. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls April 23, 2007 ITIL/COBIT Incident Management Checklist This is the first of two checklists that can be used to ensure that all non-standard operational events (incidents, errors and problems) are identified, recorded, analyzed and resolved through the use of a suitable problem management system. COBIT Delivery Standard 10 – Manage Problems and Incidents, identifies objectives for managing problems and incidents. The specific objectives listed in this checklist can be mapped onto relevant IT Infrastructure Library (ITIL) activities. The first checklist deals with incident management. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls April 2, 2007 User Relationship With IT Management: Equipment Acquisition Procedure Assessment Questionnaire An improperly established relationship between IT and users poses the risk that users may lack guidance on acquiring information processing tools. The objective of the questionnaire is to determine whether adequate procedures are in place for acquiring hardware and software. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Materials Management & Inventory, Software Tools March 26, 2007 User Relationship With IT Management: User Group Assessment Questionnaire An improperly established relationship between IT and users poses the risk of ineffective organizational infrastructure. The existence and effectiveness of a user group will determine the level of risk within an organization. This questionnaire helps assess the effectiveness of a user group. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Risk Management & Assessment, GRC March 5, 2007 User Relationship With IT Management: User Computing Standards Assessment Questionnaire An improperly established relationship between IT and users poses the risk that there may be inadequate user computing standards. Users may experience unnecessarily long learning curves because user computing standards and procedures are not adequately enforced. The objective of this questionnaire is to define adequate control procedures and to determine whether those procedures are in place. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, IT Infrastructure February 19, 2007 User Relationship With IT Management: User Security Procedure Assessment Questionnaire An improperly established relationship between IT and users poses the risk that there may be inadequate user security procedures. The objective of the questionnaire is to define adequate control procedures and to determine whether those procedures are in place. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls February 12, 2007 User Relationship With IT Management: Corporate Data Use Assessment Questionnaire An improperly established relationship between IT and users poses the risk that users may make ineffective use of corporate data. Users are either unable to access corporate data or that data is not used effectively. The objective of this questionnaire is to define adequate control procedures and to determine whether those procedures are in place. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Controls, IT Infrastructure February 5, 2007 User Relationship With IT Management: User Satisfaction Assessment Questionnaire An improperly established relationship between IT and users poses the risk that users may be dissatisfied with the central IT function. This questionnaire helps to determine whether users are not getting the type of service desired, and whether communication of this dissatisfaction is inadequate. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, Knowledge Management, Training & Development January 29, 2007 User Relationship With IT Management: User Knowledge Assessment Questionnaire An improperly established relationship between IT and users poses the risk that users may have inadequate knowledge of IT systems. Users may require more technical knowledge to use the available technology efficiently, effectively, and economically. The objective of this questionnaire is to assess whether users have the systems knowledge they need to be effective. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, Knowledge Management, Training & Development January 15, 2007 Information Security Risk Assessment Questionnaire, based on ISO/IEC 27002:2005 This checklist is designed to assist in reviewing and documenting the risk profile of your organization’s information processing activities. The checklist contains ten sections, in accordance with ISO/IEC 27002:2005. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Risk Management & Assessment, Security, IT Infrastructure, Security Management Practices, Segregation of Duties, GRC January 8, 2007 Medical Clinic Operational Processes Questionnaire This sample questionnaire can be used when performing an audit of a medical clinic’s operational processes. It is intended to help an internal audit department complete a baseline compliance review of these activities. Questions focus on topics such as maintenance of patient medical records, patient relations, physician consultation practices, and storage of medical equipment. CONTENT AREA: Checklists & Questionnaires TOPICS: Audit Testing, Compliance, Healthcare & Pharmaceuticals Industry, Internal Audit, Internal Audit Administration, GRC December 18, 2006 Control Design Effectiveness Review Checklist This excel-based template provides an example of how to review control design effectiveness to ensure the control mitigates the associated risk. You would use this review process sheet to document the reviewer’s comments and associated response. The excel form also provides guidance in designing controls to address financial reporting assertions. CONTENT AREA: Checklists & Questionnaires TOPICS: Compliance, Internal Controls, Project Management, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting, Process-Level Control, GRC November 27, 2006 Medical Records Documentation Checklist This sample checklist can be utilized when performing an audit of medical records documentation. It is intended to help an internal audit department understand the existing documentation process related to medical records. Items of review include the filing system used, document retention, and training materials. CONTENT AREA: Checklists & Questionnaires TOPICS: Audit Testing, Compliance, Healthcare & Pharmaceuticals Industry, Internal Audit, Internal Audit Administration, GRC November 20, 2006 Information Technology General Controls - Preliminary Controls Assessment Questionnaire This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an information technology general controls (ITGC) audit. It is intended to help the internal audit department understand existing business processes involving ITGC and management's view of the internal control environment. CONTENT AREA: Checklists & Questionnaires TOPICS: Audit Testing, Technology, Internal Audit, Security, Security Management Practices, Self-Assessment, Process-Level Control, Segregation of Duties, Change Management November 13, 2006 Fixed Assets – Preliminary Controls Assessment Questionnaire (固定资产 – 控制自我评估调查问卷) 本文件是用于对控制进行初步自我评估的调查问卷样本,可以在审计工作开始前交于各经理或流程负责人填写。该调查问卷旨在帮助内审部门了解现有的业务流程及管理层对内部控制环境的认识。 CONTENT AREA: Checklists & Questionnaires TOPICS: Audit Testing, Fixed Assets, Internal Audit, Internal Audit Administration, Self-Assessment, China, Process-Level Control, Segregation of Duties November 6, 2006 Financial Close Process Controls Questionnaire The financial close process is important to a company as it is the function directly related to producing company financial results for each period end. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Compliance, Accounting/Finance, IT Controls, Internal Controls, Process-Level Control, Close the Books, GRC November 6, 2006 Medical Records, Coding, and Billing Processes Compliance Questionnaire This sample questionnaire can be utilized when performing an audit of medical records, coding, and billing compliance processes. It is intended to help an internal audit department understand the existing process related to medical records, coding and billing and assess the compliance of these processes. Questions focus on topics such as policies and procedures, records management, and training in billing techniques. CONTENT AREA: Checklists & Questionnaires TOPICS: Audit Testing, Compliance, Healthcare & Pharmaceuticals Industry, Internal Audit, GRC October 9, 2006 Detailed Medical Record Review Questionnaire This is an example medical record review questionnaire that can be utilized when performing a healthcare audit. It is intended to help an internal audit department understand the existing process related to medical records management and assess the compliance of this process. CONTENT AREA: Checklists & Questionnaires TOPICS: Compliance, Internal Audit, Audit Testing, Internal Audit Administration, Healthcare & Pharmaceuticals Industry, GRC October 2, 2006 Financial Reporting and General Ledger Control Self Assessment Questionnaire This is an example of a self assessment questionnaire that can be presented to managers or process owners before conducting an audit. It is intended to help the Internal Audit department understand existing controls around financial reporting and general ledger processes. CONTENT AREA: Checklists & Questionnaires TOPICS: Financial Reporting, Self-Assessment, Internal Controls, Process-Level Control, Segregation of Duties October 2, 2006 Financial Reporting and General Ledger Control Self Assessment Questionnaire (财务报告及总账 – 控制自我评估调查问卷) 本文件是用于对控制进行自我评估的调查问卷样本,可以在审计工作开始前交于各经理或流程负责人填写。该调查问卷旨在帮助内审部门了解有关于财务报告及总帐流程的现有控制。 CONTENT AREA: Checklists & Questionnaires TOPICS: Financial Reporting, Self-Assessment, Internal Controls, China, Process-Level Control, Segregation of Duties September 8, 2006 SOX Testing Review Checklist This excel-based template provides an example of how to review SOX testing documentation. You would use this review process sheet to document the reviewer’s comments and tester’s response. The excel form allows you to record comments related to the test plan, test execution, and documentation format. CONTENT AREA: Checklists & Questionnaires TOPICS: Financial Reporting, Sarbanes-Oxley Act, Process-Level Control September 4, 2006 Budget – Preliminary Controls Assessment Questionnaire This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit of the budget process. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment. CONTENT AREA: Checklists & Questionnaires TOPICS: Budgeting, Internal Audit, Audit Testing, Segregation of Duties September 4, 2006 Budget – Preliminary Controls Assessment Questionnaire (编制预算 – 控制自我评估调查问卷) 本文件是用于对控制进行初步自我评估的调查问卷样本,可以在审计工作开始前交于各经理或流程负责人填写。该调查问卷旨在帮助内审部门了解现有的业务流程及管理层对内部控制环境的认识。本文件只是一个样本,各企业应根据自身情况进行修改后使用。 CONTENT AREA: Checklists & Questionnaires TOPICS: Budgeting, Internal Audit, Audit Testing, China, Segregation of Duties August 28, 2006 General Threat Questionnaire This risk assessment questionnaire can be used to identify the failure scenarios, likelihood, and severity of over 100 environmental, man-made, business, and IT risks. CONTENT AREA: Checklists & Questionnaires TOPICS: Risk Management & Assessment, Technology, GRC August 21, 2006 Billing, Accounts Receivable, Credit, and Collections – Preliminary Controls Assessment Questionnaire This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit of the billing, accounts receivable, credit, and collections process. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment. CONTENT AREA: Checklists & Questionnaires TOPICS: Credit & Collections, Accounts Receivable, Internal Audit, Audit Testing, Internal Audit Administration, Self-Assessment, Process-Level Control, Segregation of Duties August 14, 2006 Accounts Payable – Preliminary Controls Assessment Questionnaire This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an accounts payable audit. It is intended to help the internal audit department understand existing accounts payable business processes and management's view of the internal control environment. CONTENT AREA: Checklists & Questionnaires TOPICS: Purchasing & Accounts Payable, Self-Assessment, Audit Testing, Internal Audit, Expense Reporting, Process-Level Control, Segregation of Duties August 7, 2006 Enterprise Risk Management Interview Questionnaire The ultimate goal of Enterprise Risk Management (ERM) is to evaluate total returns relative to total risks, leading to more informed business decisions. This questionnaire can be used when assessing an organization’s enterprise risk management strategy. It focuses on the internal environment, objective setting, event identification, risk assessment, risk response, control activities, and information and communication. CONTENT AREA: Checklists & Questionnaires TOPICS: Audit Committee & Board, Corporate Governance, Enterprise Risk Management, Sarbanes-Oxley Act, Internal Controls, GRC July 31, 2006 Payroll – Preliminary Controls Assessment Questionnaire This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting a payroll audit. It is intended to help the internal audit department understand the existing business processes and management's view of the internal control environment. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit Administration, Audit Testing, Human Resources, Payroll, Self-Assessment, Process-Level Control, Segregation of Duties July 31, 2006 Payroll – Preliminary Controls Assessment Questionnaire (薪资 – 控制自我评估调查问卷) 本文件是用于对控制进行初步自我评估的调查问卷样本,可以在审计工作开始前交于各经理或流程负责人填写。该调查问卷旨在帮助内审部门了解现有的薪资流程及管理层对内部控制环境的认识。 CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit Administration, Audit Testing, Human Resources, Payroll, Self-Assessment, China, Process-Level Control, Segregation of Duties July 3, 2006 System Implementation Risk Assessment Questionnaire This questionnaire helps to assess the risks involved in the implementation of any new or updated software application. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Security, Risk Management & Assessment, Software Tools, Application Development Security, GRC June 12, 2006 Control Self-Assessment Questionnaire In complying with the Sarbanes-Oxley Act, it is management’s responsibility to design, adhere to and monitor the significant operating and financial controls of the organization. This short self-assessment questionnaire has been designed to obtain management’s input in order to establish a common understanding of the level of control of an organization or department. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Sarbanes-Oxley Act, Self-Assessment, Audit Committee & Board, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting, Process-Level Control, GRC May 29, 2006 Implementation Review Scoping Checklist This checklist assists with the scoping of an application controls review and/or implementation review that covers both pre- and post-implementation procedures. The primary goal is to identify those areas that Internal Audit will focus on during the implementation. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, IT Audit, IT Controls, Software Tools April 17, 2006 Tax Compliance Process Internal Control Questionnaire The purpose of this questionnaire is to assess the internal controls related to a company’s tax compliance process. This document outlines sample tax compliance controls and assists in identifying if the control is in place. CONTENT AREA: Checklists & Questionnaires TOPICS: Compliance, Sarbanes-Oxley Act, Taxation, Accounting/Finance, Internal Controls, GRC March 20, 2006 IT Application Control Deficiency Decision Process Questionnaire This questionnaire serves as a guide in determining the severity of control application deficiencies cited during the SOX control testing process. The results of this process are used to determine potential significant deficiencies/material weaknesses. Topics in this questionnaire assist management in assessing IT application controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Controls, IT Controls, Project Management, Reporting/Disclosure, Sarbanes-Oxley Act, SAS 70 March 13, 2006 IT Infrastructure Control Deficiency Decision Questionnaire This questionnaire can be used as a guide to determine the severity of any deficiencies cited during the control testing process. A SOX control deficiency assessment can be completed using this information and other information provided by management in reaching its decision. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, IT Controls, IT Infrastructure, Sarbanes-Oxley Act, SAS 70 March 6, 2006 Business Control Deficiency Decision Process Questionnaire This questionnaire serves as a guide in determining the severity of deficiencies cited during the SOX control testing process. The results of this process are used to determine potential significant deficiencies/material weaknesses. Topics in this questionnaire include compensating controls and deficiencies that may be symptomatic of a larger issue or theme. CONTENT AREA: Checklists & Questionnaires TOPICS: Compliance, Corporate Governance, Sarbanes-Oxley Act, Internal Controls, IT Controls, Reporting/Disclosure, GRC February 27, 2006 Chief Audit Executive IT Control Checklist Chief Audit Executives can use this checklist to examine their IT control framework to ensure the organization has addressed all control elements. The checklist can help the CAE understand the issues and plan for full internal audit coverage of the control areas. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Audit Committee & Board, IT Controls November 28, 2005 Audit Committee Self-Assessment Checklist The self-assessment process is an important exercise for audit committees to complete as they are responsible for important activities such as the quality and integrity of a company’s accounting practices and controls and compliance with legal and regulatory requirements. This is a sample self-assessment checklist for audit committees to use when evaluating their current involvement in a company’s control environment. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Self-Assessment, Sarbanes-Oxley Act, Internal Audit, Audit Committee & Board, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting, Audit Planning, GRC October 31, 2005 SOX Policy Evaluation Checklist Policies are an important part of the internal control over financial reporting evaluation process. This is a sample checklist to use when identifying the availability and status of company policies associated with the financial reporting process. This tool also assists with organizing policies by financial statement, area of significance, and financial statement element. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Compliance, Accounting/Finance, Section 404 - Internal Control Reporting, Internal Controls, Project Management, Process-Level Control, GRC September 26, 2005 Treasury Process Controls Questionnaire The treasury process is important to a company because it is the function overseeing the cash flow of the company’s operations and its use related to payments, receipts, and investments. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Compliance, Accounting/Finance, Cash & Treasury, Internal Controls, Process-Level Control, GRC September 19, 2005 End-of-Audit Feedback Survey Questionnaire This questionnaire can be distributed at the end of an internal audit project. It communicates a department’s commitment to providing the highest quality services and helps manage expectations. The feedback can be used to improve service and identify important areas of focus for future internal audit projects. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Customer Satisfaction, Performance Management/Measurement September 12, 2005 Payroll Process Controls Questionnaire The payroll process is important to a company as it is the key to compensating employees for the contributions to the company’s operations and generation of revenues. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Compliance, Compensation & Benefits, Payroll, Internal Controls, Process-Level Control, GRC September 12, 2005 Self-Assessment Checklist Self-assessments are intended to help the internal audit department understand existing business processes and understand management's view of the internal control environment. This is a sample checklist to follow when issuing self-assessment questionnaires to managers or process owners. Items in the checklist include self-assessment set-up processes, issuing the self-assessment, compiling the results, and reporting to management. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Self-Assessment, Audit Testing September 5, 2005 Inventory Management Control Questionnaire Inventory is an important asset for many companies as it is often a large asset on the company’s financial statements and represents a source of revenue in the near future through sales of the goods. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Compliance, Internal Controls, Materials Management & Inventory, Financial Reporting, Process-Level Control, GRC August 29, 2005 Revenue Process Control Questionnaire Revenue process controls are important to financial reporting because this process measures the accomplishments of the operating activities of a company. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Internal Controls, Revenue, Audit Committee & Board, Process-Level Control August 22, 2005 Expenditure Process Control Questionnaire Expenditure process controls are important to financial reporting as this process focuses on costs companies incur while delivering goods, rendering services, or other activities that are central to the company’s operations. This excel-based template provides a number of business activities and related control objectives for each activity. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. CONTENT AREA: Checklists & Questionnaires TOPICS: Compliance, Sarbanes-Oxley Act, Expense Reporting, Purchasing & Accounts Payable, Internal Controls, Process-Level Control, GRC August 15, 2005 Internal Audit Client Satisfaction Questionnaire This questionnaire is intended to be sent to relevant departments upon completion of work performed by internal audit. This tool contains a sample email providing instruction on completing the questionnaire. The questionnaire contains drop-down menus with pre-populated answers to assist in the questionnaire reporting process. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Customer Satisfaction, Internal Audit Administration August 1, 2005 Hazard Assessment Checklist and Corrective Action Report This checklist is to be used when conducting periodic hazard assessments. If any deficiencies are found, the corrections should be recorded using the Corrective Action Report following the checklist. CONTENT AREA: Checklists & Questionnaires TOPICS: Security, Risk Management & Assessment, Physical Security, GRC March 21, 2005 Entity Level Documentation Request Checklist The COSO Internal Control - Integrated Framework requires that risks and controls be assessed at both the entity level and the process level. Entity level controls address the “tone at the top” and include items such as ethics programs, investigation protocols, and IT infrastructure controls. Adequate evidence of the entity level controls should be accumulated to support management’s assertions. One of the ways to gather such evidence is to review the corporate documentation that supports that these entity level controls are in place. This checklist provides a template in which to track the availability and status of such entity level control documentation. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting, Internal Controls, Entity-Level Control, GRC January 31, 2005 Close The Books – Preliminary Controls Assessment Questionnaire This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment. CONTENT AREA: Checklists & Questionnaires TOPICS: Self-Assessment, Internal Audit, Accounting/Finance, Process-Level Control, Close the Books January 24, 2005 Closing Out Year One: SOX Best Practice Checklist This checklist provides a list of SOX considerations for companies gearing up SOX efforts in 2005 and those continuing their second year of compliance. The checklist offers advice on topics such as project management, project details, and committees. Using this type of checklist will facilitate moving SOX compliance efforts towards best practice. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Sarbanes-Oxley Act, Best Practices, IT Controls, Internal Controls, Audit Committee & Board, Project Management, Process-Level Control, GRC January 17, 2005 Audit Work Paper Quality Review Checklist This checklist provides guidance on how to prepare audit work papers to ensure quality and clarity. The checklist identifies organizational tasks, required information, and formatting that should be complete prior to submitting audit work papers for review. Using this type of checklist will facilitate the review process performed by superiors or management. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Audit Testing, Internal Audit Administration January 10, 2005 Tax Process: Objectives and Control Checklist This self-assessment checklist is intended to be used as a preliminary checklist before an audit. It gives the auditee an opportunity to inform internal audit about controls and processes they employ, and it also gives the auditee ideas about other controls and processes that may be appropriate. CONTENT AREA: Checklists & Questionnaires TOPICS: Taxation, Self-Assessment, Internal Audit January 3, 2005 Documentation - 404 Readiness Checklist This checklist can be used to evaluate the adequacy of Section 404 process documentation prior to submitting it to the external auditor for review and prior to creating testing plans. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Corporate Governance, Internal Controls, IT Controls, External Auditor, Section 404 - Internal Control Reporting, Process-Level Control, GRC January 3, 2005 Test Documentation Validation Checklist This checklist provides guidance on how to track documentation related to tests of controls. It focuses on examples of documentation needed to complete tests of controls, a template to record the completeness and accuracy of the documentation received, and areas to track missing required documentation and sampling requests made to the client. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Internal Audit, Sarbanes-Oxley Act, Audit Testing, IT Controls, Internal Controls, Process-Level Control, GRC December 20, 2004 General IT Controls Review: Password Questionnaire Consider the best practice items in this questionnaire when assessing your user password standards. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Controls, Security, Technology, Self-Assessment, Best Practices, IT Infrastructure, Access Control Systems & Methodology, Process-Level Control December 20, 2004 Update Testing – Control Self Assessment Questionnaire This questionnaire has been designed to facilitate an assessment of whether the controls within a business unit are currently operating effectively. To meet the guidelines of Section 404 requiring management attestation as of a company’s fiscal year-end, this questionnaire is used to identify any changes that have occurred or are planned prior to year-end. Questions in this tool focus on verifying that process documentation is complete and accurate, all key internal controls and key information systems have been identified, and all areas within a business unit that are relevant to Sarbanes-Oxley have been identified. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Corporate Governance, IT Controls, Internal Controls, Reporting/Disclosure, Section 404 - Internal Control Reporting, GRC December 13, 2004 Sarbanes-Oxley Walkthrough Checklist The purpose of this checklist is to provide guidance to help a process owner prepare for a process walkthrough. It also includes post-walkthrough questions to help the process owner document any questions or issues raised. CONTENT AREA: Checklists & Questionnaires TOPICS: Sarbanes-Oxley Act, Corporate Governance, Internal Controls, IT Controls, GRC December 6, 2004 General IT Controls Review: Disaster Recovery Questionnaire This questionnaire helps you assess disaster recovery preparation by comparing your plans to best practices. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, Self-Assessment, Best Practices, Internal Controls, Disaster Recovery, Process-Level Control November 1, 2004 IT Security Remediation – Self-Assessment Questionnaire This high-level self-assessment questionnaire is intended to be used to assist with Sarbanes-Oxley Act control remediation efforts. It provides the auditee with an opportunity to inform internal audit about controls and processes they employ, and it also gives the auditee ideas about other controls and processes that may be appropriate. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Sarbanes-Oxley Act, Security, Self-Assessment, Internal Controls, Security Management Practices, IT Controls, Process-Level Control October 4, 2004 Sourcing Root Causes Questionnaire Sourcing the root causes of performance gaps and business risks is vital to business process improvement and establishes the basis for other performance assessment activities. This guide provides several questions that can serve as a starting point for sourcing the root causes of problems or risks. CONTENT AREA: Checklists & Questionnaires TOPICS: Risk Management & Assessment, Best Practices, Performance Management/Measurement, Process-Level Control, GRC August 26, 2004 Purchasing and Inventory Management – Preliminary Controls Assessment Questionnaire This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit of Purchasing and Inventory Management. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Materials Management & Inventory, Purchasing & Accounts Payable, Self-Assessment, Process-Level Control August 6, 2004 Cash Disbursements – Preliminary Controls Assessment Questionnaire This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting a cash disbursement audit. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Cash & Treasury, Purchasing & Accounts Payable, Self-Assessment, Process-Level Control May 28, 2004 Segregation of Duties Questionnaire - Hotel Revenue A fundamental element of internal control is the segregation of certain key duties, in order to ensure that no-one is in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This questionnaire can be used to determine the adequacy of segregation of duties among those responsible for revenue in a hotel or similar establishment. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Controls, Hospitality Industry, Revenue, Segregation of Duties May 28, 2004 Segregation of Duties Questionnaire - Inventory A fundamental element of internal control is the segregation of certain key duties, in order to ensure that no-one is in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This questionnaire can be used to determine the adequacy of segregation of duties among those responsible for inventory. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Controls, Materials Management & Inventory, Segregation of Duties May 20, 2004 Segregation of Duties Questionnaire - Expenditure A fundamental element of internal control is the segregation of certain key duties, in order to ensure that no-one is in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This questionnaire can be used to determine the adequacy of segregation of duties among those responsible for expenditure. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Controls, Purchasing & Accounts Payable, Segregation of Duties May 20, 2004 Segregation of Duties Questionnaire - Fixed Assets A fundamental element of internal control is the segregation of certain key duties, in order to ensure that no-one is in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This questionnaire can be used to determine the adequacy of segregation of duties among those responsible for fixed assets. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Controls, Fixed Assets, Segregation of Duties May 14, 2004 Segregation of Duties Questionnaire - Payroll A fundamental element of internal control is the segregation of certain key duties. This helps ensure that no-one is in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This questionnaire can be used to determine the adequacy of segregation of duties within the payroll process. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Controls, Payroll, Segregation of Duties May 14, 2004 Segregation of Duties Questionnaire - Purchasing and AP A fundamental element of internal control is the segregation of certain key duties. This helps ensure that no-one is in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This questionnaire can be used to determine the adequacy of segregation of duties in the purchasing and accounts payable process. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Controls, Purchasing & Accounts Payable, Segregation of Duties May 14, 2004 Segregation of Duties Questionnaire - Revenue A fundamental element of internal control is the segregation of certain key duties, in order to ensure that no-one is in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This questionnaire can be used to determine the adequacy of segregation of duties among those responsible for revenue. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Controls, Revenue, Segregation of Duties May 14, 2004 Segregation of Duties Questionnaire - Treasury A fundamental element of internal control is the segregation of certain key duties. This helps to ensure that no-one is in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This questionnaire can be used to determine the adequacy of segregation of duties among those responsible for treasury functions. CONTENT AREA: Checklists & Questionnaires TOPICS: Cash & Treasury, Internal Controls, Segregation of Duties May 6, 2004 Payroll Best Business Practice Checklist This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed in the area of payroll. The answers to these questions will help to determine areas for improvement. CONTENT AREA: Checklists & Questionnaires TOPICS: Best Practices, Payroll April 28, 2004 Month-End Close: Best Business Practice Checklist This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed when performing a month-end close. The answers to these questions will help to determine areas for improvement. CONTENT AREA: Checklists & Questionnaires TOPICS: Best Practices, Financial Reporting April 21, 2004 AML Audit Checklist The USA PATRIOT Act requires that all financial institutions maintain an anti-money laundering (AML) program that is tested by independent auditors. This audit checklist is intended to assist financial institutions in preparing for the independent tests of their AML programs. It identifies areas that are generally within the audit scope, and lists the types of information that the auditors will likely request. CONTENT AREA: Checklists & Questionnaires TOPICS: Ethics, Fraud, Compliance, Financial Reporting, Financial Services Industry, GRC April 21, 2004 Cash Receipts/ Collections Best Business Practice Checklist This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed in the areas of Collections and Cash Applications. The answers to these questions will help to determine areas for improvement. CONTENT AREA: Checklists & Questionnaires TOPICS: Best Practices, Accounts Receivable, Credit & Collections April 14, 2004 Billing Best Business Practice Checklist This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed in the area of billing. The answers to these questions will help to determine areas for improvement. CONTENT AREA: Checklists & Questionnaires TOPICS: Best Practices, Revenue April 8, 2004 Accounts Payable Best Business Practice Checklist This checklist contains a set of questions that can be used to determine the extent to which various best business practices are being followed in the area of accounts payable. The answers to these questions will help to determine areas for improvement. CONTENT AREA: Checklists & Questionnaires TOPICS: Best Practices, Purchasing & Accounts Payable March 25, 2004 Internal Audit Department Best Practice Evaluation Worksheet This evaluation worksheet for internal audit departments provides a checklist of best practice suggestion for five components of an internal audit function: roles & structure, people, process, technology, and knowledge. CONTENT AREA: Checklists & Questionnaires TOPICS: Best Practices, Internal Audit, Internal Audit Administration, Audit Planning September 22, 2003 Internal Audit Qualitative Diagnostic Questionnaire This questionnaire helps to evaluate an internal audit department against best practices, particularly during a Quality Assurance Review process. CONTENT AREA: Checklists & Questionnaires TOPICS: Best Practices, Internal Audit, Performance Management/Measurement, Quality Assessment Review September 18, 2003 Quarterly Disclosure Controls Assessment Questionnaire The purpose of this questionnaire is to facilitate the quarterly assessment of controls surrounding the financial reporting process. This questionnaire can be provided to managers or process owners to support efforts to identify any changes in controls, and to help meet the requirements set out by the SEC. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Internal Audit, Sarbanes-Oxley Act, Reporting/Disclosure, Section 302 - Executive Certifications, Self-Assessment, Process-Level Control, GRC August 21, 2003 Financial Disclosure Communication Questionnaire This questionnaire is designed to facilitate communication of items that should be considered for disclosure in SEC filings. It does not include all possible disclosure items, but does include some examples of primary types of items that should be considered. CONTENT AREA: Checklists & Questionnaires TOPICS: Fraud, Internal Controls, Sarbanes-Oxley Act, Financial Reporting, Reporting/Disclosure, Section 302 - Executive Certifications August 13, 2003 E-Business Risks: Capacity/Scalability – Questionnaire for Audit Committees Capacity is the measure of the sufficiency of the IT infrastructure to handle volume within performance objectives. Scalability is the related measure of an IT asset’s ability to rapidly and readily accommodate volume requests. This questionnaire can be used to help assess capacity and scalability risks in eBusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Audit Committee & Board, E-Business, IT Audit, IT Infrastructure August 13, 2003 Procurement and Accounts Payable: Segregation of Duties Questionnaire This is a segregation of duties overview, matrix, and questionnaire for the procurement and accounts payable process. It will assist internal auditors in identifying individuals who may be performing incompatible duties that could lead to a circumvention of internal controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Cost Management, Distribution Industry, Fraud, Internal Audit, Internal Controls, Purchasing & Accounts Payable, Segregation of Duties July 3, 2003 Handheld Devices Checklists These checklists help ensure handheld devices are correctly configured and used, and provide assistance in performing audits of environments containing handheld devices. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Controls, Privacy, Security, Network & Internet Security, Wireless June 19, 2003 General IT Controls Questionnaire This questionnaire assists with the collection of information regarding the control environment of all aspects of an IT department. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, Compliance, Technology, Internal Controls, Security, IT Infrastructure, Operations Security, GRC April 3, 2003 Sarbanes-Oxley Act and Proposed NYSE Listing Standards Compliance Checklist This compliance checklist provides a summary of the Sarbanes-Oxley Act requirements, final and proposed SEC rules, and the corporate governance standards proposed by the New York Stock Exchange. It includes a disclosure-only checklist, which identifies new and proposed SEC disclosure requirements. CONTENT AREA: Checklists & Questionnaires TOPICS: Risk Management & Assessment, Sarbanes-Oxley Act, Accounting/Finance, Corporate Governance, Enterprise Risk Management, Financial Reporting, Reporting/Disclosure, Section 404 - Internal Control Reporting, GRC March 27, 2003 E-Business Risks: Settlement – Questionnaire for Audit Committees Settlement risk is the risk that either the buyer or seller, or both, cannot fulfill their obligations in a transaction. This questionnaire can be used to help assess settlement risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Fraud, Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, Credit & Collections, E-Business, GRC March 20, 2003 E-Business Risks: Transaction Authority - Questionnaire for Audit Committees Transaction authenticity risk is the risk of failure to authenticate a party’s identity, to ensure transactions and contractual agreements are legal and enforceable. This questionnaire can be used to help assess transaction authority risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Security, Audit Committee & Board, E-Business, GRC March 7, 2003 Internal Controls Questionnaire – General Control Structure This questionnaire is designed to help the auditee address the status of their compliance with the company's general control structure, and with specific process level controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Cash & Treasury, Fixed Assets, Revenue, Self-Assessment, Process-Level Control March 6, 2003 E-Business Risks: Affiliations – Questionnaire for Audit Committees Affiliation risk affects any company that has a relationship with another company. This questionnaire can be used to help assess this risk in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Outsourcing/Co-sourcing/Shared Services, Risk Management & Assessment, Audit Committee & Board, E-Business, Supply Chain, GRC February 27, 2003 E-Business Risks: Opportunity Cost – Questionnaire for Audit Committees Opportunity cost risk is the risk that a better opportunity may present itself after an irreversible decision has been made. Opportunity cost risk arises when governments, businesses, or consumers are exposed to economic inefficiencies resulting in lost or foregone economic value. This questionnaire can be used to help assess opportunity cost risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Cost Management, Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, Cash & Treasury, E-Business, GRC February 20, 2003 E-Business Risks: Selection/Integration – Questionnaire for Audit Committees Integration is a process in which separately produced components or subsystems are combined and problems in their interactions are addressed. Proper selection and integration of hardware and software is essential to achieve the desired benefits and mitigate the associated risks. This questionnaire can be used to help assess selection and integration risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Risk Management & Assessment, E-Business, GRC February 13, 2003 E-Business Risks: Process Alignment – Questionnaire for Audit Committees Process alignment risk is the risk that the business processes within a company may not be appropriately aligned with its corporate strategy, resulting in the inability of the organization to meet the demands of its customers efficiently and effectively. This questionnaire can be used to help assess process alignment risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, E-Business, GRC February 6, 2003 E-Business Risks: Financial Instrument – Questionnaire for Audit Committees Financial Instrument risk is the risk of not attaining successful trades due to the properties of the financial instruments used. This questionnaire can be used to help assess currency risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, E-Business, Financial Services Industry, Investments & Foreign Exchange, GRC January 29, 2003 E-Business Risks: Currency – Questionnaire for Audit Committees Currency risk is the risk that business operations or the value of an investment will be affected by changes in exchange rates. This questionnaire can be used to help assess currency risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, Cash & Treasury, E-Business, Financial Services Industry, GRC January 23, 2003 E-Business Risks: Pricing – Questionnaire for Audit Committees In ebusiness, prices are readily available to consumers and competing organizations via the Internet. With vital pricing data readily available, organizations may be forced to reevaluate their pricing methodology and strategy to avoid being significantly undercut, while remaining competitive in their respective markets. This questionnaire can be used to help assess pricing risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, E-Business, Sales Process & Marketing, GRC January 17, 2003 E-Business Risks: Collateral – Questionnaire for Audit Committees Collateral risk is defined as the loss of value or inability to secure control of an asset provided to an organization as security. This questionnaire can be used to help assess collateral risk in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, Cash & Treasury, E-Business, Financial Services Industry, GRC January 9, 2003 E-Business Risks: Organizational Alignment – Questionnaire for Audit Committees Organizational alignment can be defined as systematic coordination and alignment of three interrelated driving forces – organizational strategy, organizational culture, and organizational infrastructure – to contribute as efficiently and effectively as possible to meeting organizational goals and objectives. This questionnaire can be used to help assess organizational alignment risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Audit Committee & Board, E-Business January 9, 2003 IT Organization Self Assessment Questionnaire This high-level self assessment questionnaire can be used by an auditee prior to a review of the IT organization. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, IT Infrastructure, Self-Assessment January 3, 2003 Business Ethics Questionnaire This questionnaire is designed to help risk management professionals to determine how well their companies are addressing risks in this area and bringing awareness to ethics programs. The questionnaire is applicable to all organizations looking to glean creative insights into best practices related to business ethics. CONTENT AREA: Checklists & Questionnaires TOPICS: Best Practices, Corporate Governance, Ethics, Fraud, Internal Audit, Self-Assessment, GRC January 3, 2003 E-Business Risks: Fraud – Questionnaire for Audit Committees Fraud is the intentional perversion of truth in order to induce another to part with something of value or to surrender a legal right. There are numerous frauds within the business world and many have transitioned into the Internet community. This questionnaire can be used to help assess the risk of fraud in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Fraud, Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, E-Business, GRC January 3, 2003 IT Data Management Self Assessment Questionnaire This high-level self assessment questionnaire can be used by an auditee prior to a review of IT data management. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, IT Infrastructure, Self-Assessment, Process-Level Control January 3, 2003 Office Relocation: IT Checklist This checklist can be used by IT and telecom personnel when planning an office relocation. It gives the planner an opportunity to inform internal audit about controls and processes employed to minimize the risk of a move; and also suggests other controls and processes that may be appropriate. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Fixed Assets, IT Infrastructure, Telecommunications, Communications Industry, GRC December 20, 2002 E-Business Risks: Project Management – Questionnaire for Audit Committees Project Management is a decision-making and strategic risk. It is the application of knowledge, skills, tools, and techniques to project activities in order to meet or exceed stakeholder needs and expectations from a project. This questionnaire can be used to help assess project management risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, E-Business, GRC December 20, 2002 IT Operations Management Self Assessment Questionnaire This high-level self assessment questionnaire can be usedby an auditee prior to a review of IT operations management. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, IT Audit, IT Infrastructure, Self-Assessment, Process-Level Control December 13, 2002 E-Business Risks: Sourcing – Questionnaire for Audit Committees Outsourcing takes place when an organization transfers the ownership of a business process to a supplier. This questionnaire can be used to help assess sourcing risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Outsourcing/Co-sourcing/Shared Services, Risk Management & Assessment, Audit Committee & Board, E-Business, GRC December 13, 2002 Security Management Self-Assessment Questionnaire The prime function of this high-level self-assessment questionnaire is to provide an overall check on controls prior to a review of security management. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Security December 5, 2002 Business Continuity Management Self-Assessment Questionnaire This is a high-level self-assessment questionnaire for use in a review of business continuity management. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, Technology, Internal Audit, IT Infrastructure, Self-Assessment December 5, 2002 E-Business Risks: Human Resources Recruiting – Questionnaire for Audit Committees In recruiting, companies must become as concerned with selling themselves to potential employees as they are with selling their products and services to consumers. This questionnaire can be used to help assess online human resources recruiting risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Audit Committee & Board, E-Business, Human Resources, GRC November 27, 2002 E-Business Risks: External Access – Questionnaire for Audit Committees Failure to adequately restrict access to critical business information from outsiders (intruders) may result in unauthorized knowledge and use of confidential information by inappropriate parties. This questionnaire can be used to help assess external access risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Security, Access Control Systems & Methodology, Audit Committee & Board, E-Business, Internet/Intranet, GRC November 27, 2002 IT Application Management Self Assessment Questionnaire This high-level self assessment questionnaire can be used by an auditee prior to a review of IT application management. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, IT Infrastructure, Self-Assessment, Software Tools, Process-Level Control November 21, 2002 E-Business Risks: Intellectual Property – Questionnaire for Audit Committees Copyright pirates, brand impersonators, patent flouters, and trade secret thieves have grown in number and skill along with new business opportunities on the Internet. These and any other original creative works that are protected by law can be categorized as Intellectual Property (IP). This questionnaire can be used to help assess IP risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Customer Satisfaction, Technology, Internal Audit, Intellectual Property, Audit Committee & Board, Customer Fulfillment & Support, E-Business November 14, 2002 E-Business Risks: Customer Service – Questionnaire for Audit Committees Customer Relationship Management is rapidly becoming a requirement in order to remain competitive. Customer Service is an essential but often overlooked aspect of online business. This questionnaire can be used to help assess customer service risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Customer Satisfaction, Technology, Internal Audit, Audit Committee & Board, Customer Fulfillment & Support, E-Business November 8, 2002 E-Business Risks: Design – Questionnaire for Audit Committees In the successful design of any system, quality, timeliness, and cost-effectiveness must be considered and managed effectively. Each of these may be increased or decreased as part of the design process, but only at the expense of the others. This questionnaire can be used to help assess design risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Audit Committee & Board, E-Business November 8, 2002 IT Asset Management Self Assessment Questionnaire This high-level self assessment questionnaire can be used by an auditee prior to a review of IT Asset Management. It gives the auditee an opportunity to inform internal audit about controls and processes they employ, and also gives the auditee ideas about other controls and processes that may be appropriate. CONTENT AREA: Checklists & Questionnaires TOPICS: Asset Management, Technology, Internal Audit, Fixed Assets, IT Infrastructure, Self-Assessment, Process-Level Control October 31, 2002 E-Business Risks: Integrity – Questionnaire for Audit Committees Integrity risk encompasses risks associated with the authorization, completeness and accuracy of e-business transactions. This questionnaire can be used to help assess integrity risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Audit Committee & Board, E-Business October 17, 2002 E-Business Risks: Channel Effectiveness – Questionnaire for Audit Committees Channel effectiveness risk is the risk that poorly performing or positioned supply chains and/ or distribution channels may threaten a firm's capacity to effectively and efficiently interact with suppliers and to access current and potential customers and end users. This questionnaire can be used to help assess channel effectiveness risks in eBusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Audit Committee & Board, Distribution Industry, E-Business, Technology, Internal Audit October 10, 2002 E-Business Risks: Performance – Questionnaire for Audit Committees Performance is defined as the throughput of business transactions compared to user needs, expectations or requirements. This questionnaire can be used to help assess performance risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Performance Management/Measurement, Audit Committee & Board, E-Business October 4, 2002 E-Business Risks: Records Management – Questionnaire for Audit Committees Records management refers to the process of controlling electronic or hard-copy documents over the course of their life cycle. This questionnaire can be used to help assess records management risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Document Retention, Audit Committee & Board, E-Business September 17, 2002 E-Business Risks: Compliance – Questionnaire for Audit Committees Compliance risk can result in failure to conform with laws and regulations that apply to a business process at the international, country, state, and local level. This questionnaire can be used to help assess compliance risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Laws & Regulations, Compliance, Audit Committee & Board, E-Business, GRC September 13, 2002 Business Risk Management Questionnaire This questionnaire can help you analyze your risk management processes. CONTENT AREA: Checklists & Questionnaires TOPICS: Benchmarking, Enterprise Risk Management, Internal Audit, Risk Management & Assessment, Self-Assessment, GRC August 22, 2002 Business Impact Analysis: Disaster Recovery Plan Checklist This checklist allows a Disaster Recovery Plan to be rated. Being able to recover critical systems is important to every organization, but to be successful, an enterprise must establish a method to rank applications and systems and to recover them in a timely manner. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, Technology, Internal Audit, Risk Management & Assessment, Disaster Recovery, Self-Assessment, GRC August 13, 2002 Supply Chain Sell Phase Questionnaire Supply chain activities are made up of five main phases; plan, source, make, deliver, and sell. This questionnaire helps to analyze many attributes of the "sell" phase in a company's total supply chain, and to identify improvement opportunities based on the answers. CONTENT AREA: Checklists & Questionnaires TOPICS: Supply Chain August 9, 2002 Banking Controls: Management Control Structure Evaluation Questionnaire This guide is designed to assist management in analyzing the effectiveness of a company's management control structure MCS over financial reporting. It consists of a guide to the four main components of the MCS and how they work together, and checklists that can be used to evaluate the effectiveness of those components. CONTENT AREA: Checklists & Questionnaires TOPICS: Financial Reporting, Financial Services Industry August 9, 2002 Physical Security Questionnaire The security of the equipment and the buildings used by an organization is as important as the security of a specific platform. This questionnaire is the starting point for a physical security assessment. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Security, Physical Security, Self-Assessment, GRC May 15, 2002 E-Business Risks: Privacy and Data Protection – Questionnaire for Audit Committees This questionnaire can be used to help assess privacy and data protection risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Privacy, Audit Committee & Board, E-Business May 8, 2002 E-Business Risks: Internal Security – Questionnaire for Audit Committees Internal security, as it relates to ebusiness, is the task associated with minimizing the risk of loss of information and system resources, corruption of data, disruption of access to the data, and unauthorized disclosure of information. This questionnaire can be used to help assess internal security risks in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Security, Access Control Systems & Methodology, Audit Committee & Board, E-Business May 1, 2002 E-Business: Availability – Questionnaire for Audit Committees Availability risk is the risk that the people, processes and technology that support critical business functions will not be available for business operations. This questionnaire can be used to help assess availability risk in ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, Technology, Internal Audit, Audit Committee & Board, E-Business February 27, 2002 Internal Audit Corporate Risk Checklist A risk checklist should be reviewed and completed each year as part of the internal audit planning process. This example covers business, financial, operational, and information services risks; and can help internal audit departments to focus their audit work where it can be most beneficial. CONTENT AREA: Checklists & Questionnaires TOPICS: Audit Planning, Internal Audit, Internal Audit Administration, Risk Management & Assessment, Taxation, GRC February 27, 2002 Pre-Audit Self Assessment Questionnaire: Sample 1 This questionnaire is used in or before an audit kick-off meeting to elicit input from the auditee(s) and to help better focus the audit work. The questionnaire covers areas such as policies and procedures, reporting requirements, and control issues. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Audit Administration, Self-Assessment December 19, 2001 SAS 70 Control Objectives: Sample Checklist This checklist can help an organization prepare for a SAS 70. It is also useful for any organization that wants to review controls over organization and administration, computer operation, application development and maintenance, physical security, logical security, system software maintenance and implementation, and telecommunications and networks. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Operations Security, SAS 70, Security November 29, 2001 Data Output Controls Questionnaire Data output controls are used to ensure the integrity of output, and the correct and timely distribution of output produced. This questionnaire helps auditors evaluate the adequacy of output controls to ensure that data processing results are reliable, output control totals are accurate, and reports are distributed in a timely manner. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Controls, IT Audit November 15, 2001 Pre-Audit Self Assessment Questionnaire: Sample 3 Prior to a review, the internal audit department can use this questionnaire to help the auditee address compliance with company control requirements, to let the auditee bring up any issues that need to be known, and to help the auditors gain important pre-audit knowledge. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Audit Administration, Self-Assessment October 17, 2001 Audit Report Writing: Quality Review Checklist This checklist will assist auditors in reviewing a completed audit report. It outlines each section of the report and provides lists of items that should be included to produce a quality report. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Audit Reporting September 7, 2001 IT Organizational Suitability Questionnaire Security policies can be rendered useless if the organization does not support the information technology security program. This questionnaire rates the organizational suitability. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Security, Security Management Practices, Self-Assessment, GRC September 7, 2001 Technical Safeguards Questionnaire Technical safeguards enforce the security policies and procedures throughout the network infrastructure. This self-assessment questionnaire is the starting point for a technical safeguards assessment. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Security, IT Infrastructure, Operations Security, Self-Assessment, GRC August 30, 2001 Security Policy Self Assessment Questionnaire A security policy is the basis of any security effort, and provides a framework with which to assess the rest of the organization. This self assessment questionnaire is, therefore, the starting point for a Security Assessment. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Security, Security Management Practices, Self-Assessment, GRC August 30, 2001 Telecommunications Security Questionnaire Enterprises must take precautions to protect their information when being transmitted via various telecom processes. This questionnaire is the starting point for a telecom security assessment. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Audit, Risk Management & Assessment, Security, Self-Assessment, Network & Internet Security, GRC July 31, 2001 Bank Controls: Information Systems Evaluation Questionnaire This guide can help bank management and internal auditors to analyze the effectiveness of the internal control structure over financial reporting as it relates to information systems. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Internal Controls, Security, Financial Reporting, Financial Services Industry, Operations Security July 20, 2001 Baseline Controls Assessment (Healthcare) Questionnaire This sample workbook can be used by the internal audit department of a healthcare provider to assess the baseline controls at a target company. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Healthcare & Pharmaceuticals Industry April 4, 2001 Disaster Recovery Plan Assessment Checklist for IT This checklist serves as a guide for reviewing a disaster recovery plan. The focus of this review is on information technology continuity, recovery, and restoration. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, Technology, Disaster Recovery, IT Audit February 21, 2001 Benchmarking Analysis: Enterprise Security This questionnaire helps to assess network security at universities. To facilitate the analysis, the questionnaire uses an adaptation of the Carnegie Mellon University Software Engineering Institute’s Process Maturity Model. CONTENT AREA: Checklists & Questionnaires TOPICS: Benchmarking, Technology, Internal Audit, Security, Security Management Practices, Self-Assessment, Network & Internet Security January 11, 2001 Due Diligence Checklist This checklist contains questions to consider in preparation for acquisitions of US businesses. CONTENT AREA: Checklists & Questionnaires TOPICS: Accounting/Finance, Internal Audit, Real Estate Industry, Taxation January 10, 2001 Healthcare Management Planning/Risk Assessment Questionnaire This questionnaire is intended to be sent to managers throughout an organization with the intention of gaining their opinions on a number of predetermined potential audit areas. Although this example is healthcare-specific, it can be customized and modified for other industries. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Risk Management & Assessment, Healthcare & Pharmaceuticals Industry, Self-Assessment, GRC January 10, 2001 Information Technology Infrastructure Questionnaire This questionnaire can be used to gain a high level understanding of an organization's information technology infrastructure. CONTENT AREA: Checklists & Questionnaires TOPICS: Business Continuity Management, Technology, Internal Audit, Disaster Recovery, IT Infrastructure, IT Strategy January 9, 2001 Dismissing an Individual with System Privileges: Actions Checklist This checklist lists the steps to be taken to ensure the security of critical systems and data after an individual with system privileges has been dismissed. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Risk Management & Assessment, Security, Human Resources, Security Management Practices, GRC January 2, 2001 Record Retention Questionnaire Either premature destruction or loss of records or failure to destroy obsolete records can cause serious problems. This questionnaire helps to assure that records are retained in compliance with any regulatory requirements, and with company policy. CONTENT AREA: Checklists & Questionnaires TOPICS: Compliance, Document Retention, Intellectual Property, Internal Controls, Risk Management & Assessment, GRC December 19, 2000 E-business: Business & IT Strategy Risks Checklist This checklist identifies and classifies various types of risks surrounding the practice of ebusiness in the financial services industry - particularly in the UK. It also presents a list of recommended practices surrounding IT for ebusiness. CONTENT AREA: Checklists & Questionnaires TOPICS: Technology, Risk Management & Assessment, E-Business, Financial Services Industry, Internet/Intranet, IT Strategy, United Kingdom, GRC December 15, 2000 Accounts Payable Controls Checklist This checklist can be used to determine the existence of accounts payable controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Purchasing & Accounts Payable December 6, 2000 External Auditor Interview Questionnaire This questionnaire can be used to conduct interviews with the External Auditor to solicit their views and feedback on a company's Internal Audit function. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Customer Satisfaction, Internal Audit, External Auditor, Audit Committee & Board, Internal Audit Administration, GRC December 6, 2000 Internal Audit Customer Interview Questionnaire This questionnaire can be used to solicit feedback from Internal Audit customers (senior management and others) during a quality assurance review process. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Customer Satisfaction, Internal Audit, Quality Assessment Review, GRC December 4, 2000 Cash Funds Controls Checklist This checklist can be used to determine the existence of cash funds controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Cash & Treasury, Self-Assessment December 4, 2000 Notes Receivable Controls Checklist This checklist can be used to determine the existence of notes receivable controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Accounts Receivable, Self-Assessment December 1, 2000 Questionnaire – Considering Outsourcing/Co-Sourcing of Internal Audit The following questions can be used to help decide whether a co-sourcing or outsourcing arrangement would help an organization meet internal audit needs and objectives. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Outsourcing/Co-sourcing/Shared Services, Internal Audit Administration November 30, 2000 International Joint Venture Self Assessment Checklist Establishing an International Joint Venture can be a risky undertaking involving significant central management time and resources sometimes considerably beyond that originally anticipated. This checklist identifies just some of the factors that can result in complications. CONTENT AREA: Checklists & Questionnaires TOPICS: Cross Border & Non-US Issues November 30, 2000 Inventory and Cost of Sales Controls Checklist This checklist can be used to determine the existence of inventory and cost of sales controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Materials Management & Inventory, Self-Assessment November 29, 2000 Accounting Questionnaire: Property Management This questionnaire can be used as a starting point for internal auditors creating a self-assessment form to test accounting controls for property management transactions. More generally, this questionnaire can be used as a template for auditors creating a self-assessment form for any business process or function. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Controls, Accounting/Finance, Fixed Assets, Self-Assessment, Process-Level Control November 29, 2000 Audit Committee Interview Questionnaire This questionnaire can be used to solicit internal audit performance feedback from members of the Audit Committee. The audit department would use this feedback to continually improve their service to the Committee and the company. CONTENT AREA: Checklists & Questionnaires TOPICS: Customer Satisfaction, Internal Audit, Audit Committee & Board November 29, 2000 Auditor Effectiveness: Self Assessment Questionnaire The foundation of an auditor's effectiveness with an audit committee is an objective, yet constructive, mind-set and a very strong understanding of the company, industry and business and related culture, risks and strategies. Additional critical success factors of highly effective auditors are listed here. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Internal Audit, Audit Committee & Board, Internal Audit Administration, Self-Assessment, GRC November 29, 2000 Evaluation of Internal Audit Performance – Audit Committee Questionnaire This questionnaire allows members of the audit committee to review, critique, and evaluate the internal audit function on an annual/periodic basis. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Customer Satisfaction, Internal Audit, Audit Committee & Board, GRC November 29, 2000 Internal Audit Year-End Questionnaire and Sample Results This customer satisfaction survey allows management to review, critique, and evaluate the internal audit function on an annual basis. Part 1 is a questionnaire in the form of a Report Card, and Part 2 is a sample of results obtained using the Card. CONTENT AREA: Checklists & Questionnaires TOPICS: Customer Satisfaction, Internal Audit, Performance Management/Measurement, Audit Committee & Board, Audit Reporting, Internal Audit Administration November 29, 2000 Management Effectiveness Self Assessment Questionnaire A management team that clearly supports and actively creates an environment of quality financial reporting, sound business controls, and ethical behavior is extremely important to audit committee effectiveness. This questionnaire can be used to assess a management team against these ideals. CONTENT AREA: Checklists & Questionnaires TOPICS: Corporate Governance, Ethics, Internal Audit, Audit Committee & Board, Internal Audit Administration, Self-Assessment, GRC November 29, 2000 Pre-Audit Self-Assessment Questionnaire: Treasury This is an example of a preliminary assessment questionnaire which can be presented to managers or process owners prior to conducting an audit. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Cash & Treasury, Self-Assessment, Process-Level Control November 15, 2000 Risk Assessment Checklist The questions in the checklist can be considered prior to process reviews or operational internal audits. They can be used in facilitated self-assessment sessions, risk assessment workshops or questionnaires, basic auditing work programs, and auditing interviews. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Risk Management & Assessment, Self-Assessment, GRC November 14, 2000 Billing Controls Questionnaire This is an example of a preliminary assessment questionnaire which can be presented to managers or process owners prior to conducting an audit. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Accounts Receivable, Self-Assessment, Process-Level Control November 14, 2000 Close the Books and Provide Financial Information: Preliminary Internal Controls Questionnaire This is an example of a self-assessment questionnaire which can be presented to managers or process owners prior to conducting an audit. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Financial Reporting, Self-Assessment, Process-Level Control, Close the Books November 14, 2000 Fixed Assets Questionnaire This is an example of a preliminary assessment questionnaire, to be presented to managers or process owners prior to conducting an audit. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Fixed Assets, Self-Assessment November 14, 2000 General Controls Questionnaire This questionnaire can be used as a starting point for creating a self-assessment form to test controls within the property management function. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Controls, Fixed Assets, Self-Assessment, Process-Level Control November 14, 2000 Meeting Logistics Checklist and Guide This checklist and guide helps to identify items that should be considered and provided for when organizing a meeting. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Audit Administration, Self-Assessment November 14, 2000 Quarterly Control Assessment Questionnaire The purpose of this assessment questionnaire is to monitor the company's internal control structure and processes on a quarterly basis. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Risk Management & Assessment, Self-Assessment, Process-Level Control, GRC November 4, 2000 Internal Audit Planning Meeting Checklist This checklist helps an audit team plan for the first meeting with an auditee for any given project. It prompts the audit team to identify process owners, consider discussion topics, and gather background information in preparation for the meeting. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Audit Administration November 4, 2000 Order Processing Benchmarking Questionnaire This questionnaire can be used to perform a benchmarking survey for order processing. It allows the internal audit department to compare the order processing functions of various divisions within the company, and to assess their effectiveness in comparison with each other. CONTENT AREA: Checklists & Questionnaires TOPICS: Benchmarking, Internal Audit, Revenue, Self-Assessment, Process-Level Control November 4, 2000 Pre-Audit Self Assessment Questionnaire: Sample 2 This questionnaire should be filled out by an auditee prior to the commencement of any audit work in that department. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Controls, Internal Audit Administration, Self-Assessment November 4, 2000 Process Control Questionnaire: Managing Patient Financial Services This workbook demonstrates one way that an internal auditor can creatively use a simple, graphical questionnaire to gain an understanding of the controls around any business process. CONTENT AREA: Checklists & Questionnaires TOPICS: Best Practices, Healthcare & Pharmaceuticals Industry, Internal Audit, Self-Assessment, Process-Level Control, Segregation of Duties October 31, 2000 Marketing and Selling Internal Audit Checklist This checklist was created to help internal auditors market and sell their services better, and to increase internal audit value and productivity. The list includes tips for improving customer satisfaction, communicating value, and making internal audit essential to the success of the business. CONTENT AREA: Checklists & Questionnaires TOPICS: Customer Satisfaction, Internal Audit, Internal Audit Administration, Audit Planning October 31, 2000 Merger and Acquisition Integration Checklist The focus of this guide is the Integration phase of a merger or acquisition. The success or failure of this phase will determine whether the merger or acquisition ultimately meets company business goals. CONTENT AREA: Checklists & Questionnaires TOPICS: Project Management October 30, 2000 Accounts Receivable and Sales Controls Checklist This checklist can be used to determine the existence of accounts receivable and sales controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Accounts Receivable, Sales Process & Marketing, Self-Assessment October 30, 2000 Accrued Liabilities and Other Expenses Controls Checklist This checklist can be used to determine the existence of accrued liabilities and other expenses controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Expense Reporting, Purchasing & Accounts Payable, Self-Assessment October 30, 2000 Cash Disbursements Controls Checklist This checklist can be used to determine the existence of cash disbursement controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Cash & Treasury, Self-Assessment October 30, 2000 Cash Receipts Controls Checklist This checklist can be used to determine the existence of cash receipts controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Cash & Treasury, Self-Assessment October 30, 2000 Fixed Assets Controls Checklist This checklist can be used to determine the existence of fixed assets controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Fixed Assets, Self-Assessment October 30, 2000 General Controls Checklist This checklists identifies good internal controls for general finance-related processes within a company. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Controls, Self-Assessment October 30, 2000 Individual Audit File Review Checklist This checklist is in the form of a template that can be used by a Quality Assurance Review team when reviewing individual audit project work files. Each section of the checklist refers to an Internal Audit Standard. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Audit Administration October 30, 2000 Intangibles Controls Checklist This checklist can be used to identify the existence of intangibles controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Investments & Foreign Exchange, Self-Assessment October 30, 2000 Internal Audit Client Questionnaire This questionnaire provides client feedback at the end of an internal audit. The feedback helps the IA group understand how their work is perceived, how effective they have been, and how they can improve their services. CONTENT AREA: Checklists & Questionnaires TOPICS: Customer Satisfaction, Internal Audit, Performance Management/Measurement, Internal Audit Administration October 30, 2000 Internal Audit Customer Questionnaire This sample questionnaire consists of an introductory letter and a survey that can be used to solicit feedback about Internal Audit performance - in particular during a Quality Assurance Review (QAR). CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Performance Management/Measurement, Quality Assessment Review October 30, 2000 Internal Audit Customer Satisfaction Questionnaire This generic customer satisfaction questionnaire can be used to survey internal audit's performance on an audit or review. CONTENT AREA: Checklists & Questionnaires TOPICS: Customer Satisfaction, Internal Audit, Performance Management/Measurement, Internal Audit Administration October 30, 2000 Internal Audit Director Interview Questionnaire This questionnaire can be used when conducting a quality assurance interview with a Director of Internal Audit. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Performance Management/Measurement, Internal Audit Administration, Quality Assessment Review October 30, 2000 Internal Audit Personnel Interview Questionnaire This questionnaire can be used to solicit feedback during interviews with Internal Audit personnel, particularly as part of a Quality Assurance Review process. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Performance Management/Measurement, Internal Audit Administration, Quality Assessment Review October 30, 2000 Internal Audit Satisfaction Survey: Five Example Questionnaires Satisfaction surveys solicit first-hand feedback from auditees on how well the audit team is meeting expectations. Each of these five example survey questionnaires can help the audit team understand and measure their service performance. CONTENT AREA: Checklists & Questionnaires TOPICS: Customer Satisfaction, Internal Audit, Performance Management/Measurement, Internal Audit Administration October 30, 2000 Investments Controls Checklist This checklist can be used to determine the existence of investments controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Investments & Foreign Exchange, Self-Assessment October 30, 2000 Long-Term Liabilities Controls Checklist This checklist can be used to determine the existence of long-term liabilities controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Purchasing & Accounts Payable, Self-Assessment October 30, 2000 Payroll Controls Checklist This checklist can be used to determine the existence of payroll controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Payroll, Self-Assessment October 30, 2000 Prepaid Expenses and Deferred Charges Controls Checklist This checklist can be used to determine the existence of prepaid expenses and deferred charges controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Expense Reporting, Self-Assessment October 30, 2000 Shareholders' Equity Controls Checklist This checklist can be used to determine the existence of shareholders' equity controls. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Internal Controls, Financial Reporting, Self-Assessment October 28, 2000 Activity Based Management (ABM) Pitfalls Checklist This checklist identifies thirty common situations to avoid when performing an activity-based management project. CONTENT AREA: Checklists & Questionnaires TOPICS: Performance Management/Measurement October 28, 2000 Employee Activity Analysis Questionnaire This questionnaire is used to survey the activities employees perform during a "typical" day, and identify what percentage of their time they spend of each activity. CONTENT AREA: Checklists & Questionnaires TOPICS: Cost Management, Human Resources October 28, 2000 Evaluating Process Efficiency: Questions to Consider This brief checklist contains a useful set of questions to consider to help pinpoint specific problems and sources of inefficiency. Internal auditors should ask themselves these questions as they evaluate the process under review. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Training & Development, Internal Audit Administration October 28, 2000 Facilitated Meetings Checklist Facilitated meetings provide a moderated forum for discussions, ideas, and feedback. This checklist helps set-up and manage such a meeting. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Training & Development, Internal Audit Administration, Self-Assessment October 28, 2000 Internal Audit Productivity Improvement Checklists These checklists were created by the MIS Training Institute as guidelines to help internal auditors determine whether they are adding value to their organization, and how they can improve their usefulness and productivity. CONTENT AREA: Checklists & Questionnaires TOPICS: Internal Audit, Performance Management/Measurement, Training & Development, Internal Audit Administration
|