Professional Documents
Culture Documents
Ask management about the process-specific critical systems and software used by the department. Document
these applications below and perform testing of controls indicated in this section. Note: Depending on the
nature of the application, not all the controls below may need to be tested for the application.
1 Source: www.knowledgeleader.com
Risk Mitigating Results/
No. Issue/Risk Testing Controls Ref.
Rank* Control** Recommendations
2 Source: www.knowledgeleader.com
Risk Mitigating Results/
No. Issue/Risk Testing Controls Ref.
Rank* Control** Recommendations
3 Source: www.knowledgeleader.com
Risk Mitigating Results/
No. Issue/Risk Testing Controls Ref.
Rank* Control** Recommendations
4 Source: www.knowledgeleader.com
Risk Mitigating Results/
No. Issue/Risk Testing Controls Ref.
Rank* Control** Recommendations
*Risk ratings should be “High” or “Medium.” This risk rating can help guide staff on how much time/how much
effort to concentrate on a specific risk.
**Consider the following control categories (defined below) when documenting the controls.
5 Source: www.knowledgeleader.com
EXISTENCE
Controls exist to ensure that only valid assets and liabilities are recorded, assets are appropriately safeguarded,
and periodic accountability is maintained.
COMPLETENESS
Controls exist to ensure that actual transactions are not omitted from the records, all transactions (not duplicate or
fictitious) are reflected in the proper accounting period, transactions are recorded in the correct amounts, and
supporting records and ledgers agree to the general ledger (GL).
APPROVAL
Approval points and levels are identified for procedures in each process. Are approval points communicated
properly? System access levels support approval points and levels based on business needs only.
SEGREGATION
Conflicting tasks are not assigned to the same person/job description. System access levels support appropriate
segregation.
RELIABILITY
Transaction inputs and outputs are accurate and have operating integrity. Documentation exists and is available
to support transactions. Are validity points built into each step?
TIMELINESS
Transactions are recorded in a timely manner. Information is made available on a timely basis. When bottlenecks
are identified, appropriate resources are acquired or shared to handle workload increases.
MONITORING
Transactions outputs are monitored regularly. Workflow is incorporated into processes, and the appropriate
resources review data. System reports are available to adequately display management information. Key
Performance Indicators are identified, implemented and reviewed.
6 Source: www.knowledgeleader.com