INTERNAL CONTROL QUESTIONNAIRE

CONTROL ENVIRONMENT

QUESTION YES, NO, N/A Comments

Integrity and Ethical Values
1. Does the management set the “tone at the
top” by demonstrating a commitment to
integrity and ethics through both its words
and deeds?
2. Have appropriate entity policies regarding
acceptable business practices, conflicts of
interest, and codes of conduct been
established and adequately
communicated?
3. Have incentives and temptations that might
lead to unethical behaviour been reduced
or eliminated?
Board of directors and audit committee
1. Are there regular meetings of the board
and are minutes prepared on a timely
basis?
2. Do board members have sufficient
knowledge, experience and time to serve
effectively?
3. Is there an audit committee composed of
outside directors?
Management’s philosophy and operating style
1. Are business risks carefully considered and
adequately monitored?
2. Is management’s selection of accounting
principles and development of accounting
estimates consistent with objective and fair
reporting?
3. Has management demonstrated a
willingness to adjust the financial
statements for material misstatements?
Human resource policies and practices
1. Do existing personnel policies and
procedures result in the recruitment or
development of competent and
trustworthy people needed to support an
effective internal control structure?
2. Do personnel understand the duties and
procedures applicable to the job?
3. Is the turnover of personnel in key positions
at an acceptable level?
 INTERNAL CONTROL QUESTIONNAIRE
ORGANISATIONAL CONTROLS

QUESTION YES, NO, N/A Comments

Organisational controls
1. Are the following duties segregated within
the computer department:
 Systems design?
 Computer programming?
 Computer operations?
 Data entry?
 Custody of systems documentation,
programs and files?
 Data control?
2. Are the following duties performed only
outside the computer department:
 Initiation and authorisation of
transactions?
 Authorisation of changes in systems,
programs and master files?
 Preparation of source documents?
 Correction of errors in source
documents?
 Custody of assets?
Systems development and maintenance controls
1. Is there adequate participation by users
and internal auditors in new systems
development?
2. Is proper authorisation, testing and
documentation required for system and
program changes?
3. Is access to systems software restricted to
authorised personnel?
4. Are there adequate controls over data files
(both master and transaction files) during
conversion to prevent unauthorised
changes?
Access controls
1. Is access to computer facilities restricted to
authorised personnel?
2. Is access to data files and programs
restricted to authorised personnel?
3. Are computer processing activities
reviewed by management?
Other controls
1. Is there a disaster contingency plan to
ensure continuity of operations?
2. Is there off-site storage of back-up files and
programs?
3. Are sufficient generations of programs,
master files and transaction files
maintained to facilitate recovery and
reconstruction of computer processing?
4. Are there adequate safeguards against fire,
water damage, power failure, power
fluctuations, theft etc?