Internal Audit Office
INTERNAL CONTROL QUESTIONNAIRES
|
|
Internal Audit Office |
|
|
INTERNAL CONTROL QUESTIONNAIRES |
| Financial ICQ / Financial Audit Program / Operational ICQ |
| Compliance ICQ / Compliance Audit Program |
Internal Control Questionnaire
Objective: Review of financial transactions to determine adequacy of controls for reliability and accuracy. Review compliance with State and University policies and procedures. Evaluation of operating efficiencies and effectiveness.
1. General
a. Does the organization have a published/distributed statement of mission and objectives?
b. Is there an organizational chart clearly defining lines of authority and responsibility? If not, are such lines clearly established?
c. Does the department follow university policies for related employees?
d. Are current job descriptions on file for each employee in the department including the Director?
e. Is there a current policies and procedures manual in the department covering all phases of operations?
1) Do critical in-house computer systems have current documentation?
2) Has the entire process been flowcharted in detail within the past two years?
f. Are records transferred and/or destroyed in accordance with the Records Retention Manual?
g. Are records properly maintained and identified (i.e., file cabinet, fireproof cabinet)?
h. Are vital documents duplicated and the copies/microfilm maintained offsite?
i. Has a Key Tracking log (including card access, if applicable) been prepared and reviewed?
j. Do you design publications for off-campus circulation or public distribution? If so, is a Publications Review form completed?
k. Are campus events sponsored where alcohol is consumed? If so, is a permit filed with Office of Dean of Students?
2. Federal Compliance
a. Are the department records subject to the Family Educational Rights to Privacy Act (FERPA)? If so, are releases done in accordance with the requirements?
b. Are steps taken to insure departmental policies and services follow university, state and federal nondiscrimination policies and regulations (Title IX, EEO)?
c. Are steps taken to insure persons with disabilities are not discriminated against or denied services?
d. Are employees and supervisors aware of University's compliance with the Drug-Free Workplace Act?
e. Are employees aware of the copyright law and "fair use" guidelines?
3. Management
a. Are long- or short-range plans developed and approved with measurable performance indicators? By whom?
b. Do supervisors meet regularly and informally with management?
c. Are written reports required by management to evaluate system performance?
1) Do reports highlight significant or unusual variations?
d. Is the reporting system periodically evaluated to determine if it is meeting current needs, internally and externally?
1) If not, is an Office of Information Systems Project Request Form/ Business Affairs EDP Project Request Form initiated?
2) Has a Systems Review been performed?
3) Has an external review been performed?
4) Is any external reporting required? How is it prepared and disseminated?
e. Are managers and supervisors required, as part of the evaluation process, to suggest measures to correct weaknesses or inadequacies?
f. Are there effective channels of communication for disseminating information within your department and gathering input to existing problems and solutions?
g. Are department plans communicated to employees so individual work plans and processes are revised to complement the department's objectives?
h. Does the department encourage and provide means for student/user "customer" feedback?
1) Are comments and suggestions periodically reviewed?
4. Budget And Expenditures
a. Has fiscal authority been formally delegated?
1) Who may approve check requests?
2) On-line requisitions?
3) Who has the PO Authorization Password to make central stores orders?
a) Does the department have a procurement card?
b) If so, identify the cardholders and departmental approver. (NOTE: Approver should not also be a cardholder unless other arrangements have been made to authorize purchases.)
c) Have any employee cardholders terminated without surrendering card?
b. Are pink receiving copies returned timely and verified on each line item?
1) Are quantity variances noted on the pink copy, if accepted?
c. Are prepaids monitored for receipt/actual charges to ensure a credit is not due the University?
d. Is the Managerial Report reviewed on a timely basis and errors reported to Accounting for correction?
1)Are recorded errors due to incorrect coding of expenditures/revenues?
2)Does management review immediate, intermediate, and long-term financial status/projection? How often?
3)Are managers accountable for following procedures and for managing fiscal resources?
e. Are all control accounts balanced with details monthly or periodically? If yes, but not monthly, indicate how often.
1)Are variances noted and analyzed?
f. Does the Chart of Accounts allow for classifications of revenues and expenditures which permit you to manage financial activities? If not, explain.
g. Are budget revisions approved at the appropriate level before submitting to the Budget Office?
5. Personnel And Payroll
a. Does management take steps to minimize personnel turnover?
b. Are personnel encouraged to continue their education and/or professional training?
1) Are Staff Development and Training courses/computer workshops utilized?
2) Does the department follow published university guidelines for professional development?
3) Does management support membership in any other professional organizations?
a) If so, please identify.
b) Are any employees active participants, i.e. attend periodic or annual meetings?
c. What is the current number of personnel?
1) Full time
2) Part time
3) Student
d. Are internal personnel files kept for each employee?
e. Are employees periodically evaluated by managers? Are managers periodically evaluated by their superiors?
f. Does management periodically benchmark pay rates and hours worked to assess reasonableness?
g. Does management periodically request classification reviews by Human Resources as position duties and responsibilities change?
h. Do supervisors approve timesheets? Student recap sheets?
i. Are absences reviewed by management, considered to be reasonable and at a minimum?
1) If excessive, are procedures in place within department to restrict personnel?
2) Have any employees worked more than one year without taking annual leave?
j. How does the department account for and manage extra hours worked (comptime, overtime, callback, holidays worked, etc.)?
1) Does the department accrue comptime using the 12-month option? If so, how is it reviewed and monitored?
k. Are terminations processed timely and according to procedure?
l. Upon termination of student/temporary employee or when an employee skips the process, does the department take responsibility for the following:
1) ID cards turned in.
2) Keys retrieved.
3) System access canceled.
4) Final timesheet.
m. Has management had to use the disciplinary policy in the last three years?
6. Travel
a. Does the department use blanket travel authorizations where feasible?
b. Does the department use the American Express Card program?
c. Does the department have gasoline charge cards?
1) Are charges reconciled to travel authorizations?
2) Does the person reconciling charges also handle travel reimbursements to prevent full reimbursements when University provides fuel?
d. Does the department review the Motor Vehicle Record and require the Safe Driver Training Courses for primary drivers of state vehicles?
e. Are employees made aware rental cars are a last resort, must be identified with the State of North Carolina to be insured and to decline insurance, and damage waiver options?
7. Telecommunications
a. Does the department authorize telephone credit cards?
b. Are telephone charges reviewed? By whom?
c. Are cellular telephones in use within the department?
1) If so, note how many and whether proper approval of department head or higher was obtained.
8. Fixed Assets
a. Are assets physically inspected periodically and compared to the fixed asset listing at least annually?
1) Do two persons perform the verification?
2) Are disposal or change of location forms completed where applicable?
3) Is a Portable Equipment Check Out List maintained for any equipment loaned off-campus or for the temporary transfer of computing equipment on campus?
b. Does the department have any personal property or equipment on loan or being loaned to the university?
1) Was a Loan Agreement executed?
c. Have the Campus Police been notified of all stolen or missing equipment?
d. Is insurance adequate to cover departmental equipment or building renovations?
e. Have maintenance contracts been purchased and or considered for applicable equipment?
f. Is shipment of University Equipment for return, repair or replacement always coordinated through Purchasing services or Hardware Support?
g. Have all assets > or = $1,000, meeting University guidelines, been tagged with a University tag number?
h. Are all applicable assets tagged in a manner to avoid confusion during inventory?
i. When non-cash gifts are received, is the Notification of Gift form completed and forwarded to University Advancement prior to acceptance?
j. Is the department aware of the special project and interior design approval processes?
9. Cash Receipting
a. Does the department receive cash for any purpose? If yes:
1) Do you have cash receipting privileges?
2) Who may we contact to complete a cash receipting questionnaire?
3) Do you have a change fund? In what amount?
b. Does the department bill campus departments for sales or services? External agencies?
c. Does the department have accounts receivable?
1) Who is the appropriate contact?
d. Does the department receive any other non-cash gifts or gifts-in-kind?
1) Are they properly coordinated with Advancement Services?
10. Petty Cash
a. Does the department have a petty cash fund, and if so, what is the amount?
1) Who is the custodian?
11. Inventory
a. Does the department have inventory? Defined as:
1) Who is responsible for the control of the inventory?
12. Safety
a. Are employees made aware of the NC State Employees Safety and Health Handbook and are supervisors knowledgeable of the requirements?
b. Are persons in this area designated for the administration of first aid? List employee name(s):
c. Is the UNCW Emergency Checklist easily accessible (preferably by the telephone), the location of the nearest fire alarm and fire extinguisher written in, and known to emplyees?
d. Are hazards communicated to the Safety Office or work order submitted, when applicable?
e. Chemicals
1) Does the department store or use any hazardous chemicals? If so, has a Hazard Communication Self Assessment been completed and submitted to the Safety Department?
2) Does the Department have operations that involve chemicals, heat, tools, rotating machinery, or any operations involving procedures that expose faculty or students to special risks of injury and danger? If so:
a) Are there current written safety procedures and lab manuals which are submitted to the Safety Department annually for review?
b) Has a Department Safety Coordinator been designated? Who?
f. Does the department exercise good housekeeping, no obvious trip hazards or obstructed walkways, and adequate storage? If a concern for poor safety attitude exists, you may refer to the Safety Department.
g. Have there been any worker's compensation claims in the last three years?
Audit Program
1. Establish Objective: To provide assurance internal controls are operating as intended, and evaluate accuracy of recording of financial transactions.
2. Request or obtain necessary documents/files which will be included in the department permanent file.
3. Conduct pre-audit review
a. Conduct interviews and examinations; obtain, prepare, or update permanent file items as necessary for comprehensive preliminary evaluation of operations and controls.
b. Determine if there are any areas management may want reviewed.
c. Update applicable internal control questionnaires/ reviews prior to commencement of audit field work.
d. Determine if EDP systems are involved in the audit, and review audit applications with EDP Auditor as necessary. Consultation should be well in advance of audit. Any EDP audit application should be reviewed and updated each year for program changes.
e. Determine sampling plan, including most appropriate record(s) to be tested. In addition, identify any FOCUS reports to be generated, and where the use of ACL would be beneficial.
4. Prepare audit program
a. Identify areas of audit risk based on number 3 above.
b. Review and evaluate prior audit programs for possible revisions.
c. Determine audit period and program to be used. Indicate proposed revisions, where applicable.
5. Review audit plan/program with Director of Internal Audit and obtain approval of the audit plan and schedule prior to commencement of fieldwork.
6. Field Work
a. Each audit will be conducted on the basis of the account description form and approved audit program(s).
b. Internal control must be reviewed throughout the audit.
c. Adequate working papers must be prepared and properly supported.
1) Summary of audit findings, recommendations and responses, file section # 500, should be prepared when a recommendation is being proposed.
2) Results and conclusions of statistical sampling plan should be written.
3) All recommendations must be supported by adequate documentation. (Note: avoid excessive documentation.)
d. Test compliance with University Administrative Procedures and other operating procedures including federal and state regulations where applicable.
e. Review implementation of prior audit recommendations.
f. Review all areas audited for operational/ procedural recommendations and prepare adequate documentation.
g. Financial reports should be reconciled to fund ledger balances and thoroughly reviewed.
1) Compare gross profit percent with known mark-ups if applicable.
2) Reversion provision of account balance should be in accordance with account description form.
3) Perform ratio analysis, as necessary.
4) Financial viability of the operation should be assessed.
5) A fund ledger comparative statement of revenue and expenditures should be prepared, comparing the period under audit with the prior period.
6) Obtain explanations for fluctuations in revenue/expenditures between years.
h. Assess purpose and relationship of the activity within the University organizational mission and goals.
i. Review any correspondence between Department and Information Systems for updates to sign on passwords for FRS and SIS. Test to determine if request was appropriately processed, particularly if names were deleted. Review available Z-system access reports.
7. Count petty cash funds, change funds and undeposited receipts, if any.
a. Petty cash can be counted anytime during the audit.
b. Count in presence of custodian, obtain signature for receipt of funds and prepare in ink.
c. List any employees' or postdated checks and personal checks of custodian, loans or IOU's.
d. Document undeposited receipts.
e. Examine supporting documentation for expenditures not reimbursed, including those said to be in process at Accounts Payable.
f. Ascertain if there is any other cash on hand.
g. Verify cash fund with Cashier's Office.
h. Determine if amount of petty cash and/or change fund is reasonable and necessary.
i. Review physical security related to cash and undeposited receipts.
j. Trace any deposits counted to University deposit receipts.
8. Revenue Test
a. Trace detailed receipt documents for two separate two week periods, from two different months. For these two months prepare summary and reconciliation of receipts to deposits to the fund ledger. (Alternative: Follow your specific approved statistical sampling plan, and specific approved method to verify the frame from which samples are taken by FOCUS report or ACL, as applicable). Review ledgers for balance of audit period for unusual items.
1) Trace receipts from original source documents to a cash journal, if applicable, and subsequently to the fund ledger.
2) If cash journal does not exist, then trace duplicate deposit slips with supporting detail to the fund ledger.
3) Overrings/voids should be initialed by an individual independent of the cashiering function.
4) Schedule overages or shortages for your test period.
5) Funds should be deposited in accordance with the University Administration Procedures.
6) Receipts not recorded on cash register or prenumbered documents should be explained.
7) Determine that appropriate sales tax was collected and deposited. Review appropriate regulations.
b. Review the numerical sequence of forms used and on hand, except where large quantities are involved in which case a sample group should be tested.
c. Interdepartmental Sales: Trace and reconcile detailed receipt documents to interdepartmental invoices on fund ledger for one month. Trace representative sample of IDI's to the account charged. Review/test interdepartmental charges for May/June for the possibility of advance billings.
d. If gifts and grants have been received, see that appropriate gift and grant procedures and forms have been followed.
e. Tickets
1) If tickets are sold, you must account for all tickets either through revenue or as unsold.
2) Tickets ordered can be verified by reference to ticket manifest or invoice vouchers.
3) Obtain a certified copy of the ticket manifest directly from the vendor.
4) Review ticket taking procedures.
5) Review disposition of unused tickets and method of handling complimentary tickets.
6) Review physical protection afforded tickets.
f. If statistical sampling was used, prepare summary and conclusions, including comparison of actual occurrence rate with planned occurrence rate.
g. Pricing Test
1) Compare prices charged with price list, for a sample of invoices. The extent of this test will depend; in part, on whether sale prices are verified in connection with inventories and/or expenditures.
2) Determine date of price lists, i.e., when prices were last changed.
3) Evaluate adequacy of prices, for each category of sales in total.
h. Shipping
1) Determine separation of duties between preparing invoices and handling and shipping of merchandise or services.
2) Trace sample of shipping records to sales invoices and a sample of sales invoices to inventory records.
i. Schedule and explain sources of income.
j. Schedule and support all interfund transfers for the period under audit.
k. Determine that revenue is being reconciled to the fund ledger monthly.
l. If special services are performed for outside parties on an extensive and/or continuing basis, determine if a contract exists and has been signed by appropriate University officer(s). Review the provisions of the contract and compliance thereto.
9. There is a separate program for Accounts Receivable and Merchandise Inventory. These programs must be used when applicable.
10. Fixed Assets/Information Security
a. Determine whether operation under audit has verified the most recent June 30 equipment inventory listing.
b. Trace equipment from the last University listing to the actual equipment and from equipment to the listing.
c. Check disposition of any equipment disposed of during the past year including items salvaged or sold to other departments. See that required forms were properly prepared.
d. Review any substantial disposal items coded "Stolen or Missing". Determine that Campus Police was notified.
e. Review security afforded equipment.
f. Review security afforded information systems, if in-house, critical to the operations of the department and/or key to decision making. Determine:
1) Personal computing equipment is secure.
2) Critical files and programs are identified and have backup procedures.
3) Capability exists to recreate lost data through proper retention of source documents.
4) Passwords or other controls exist to protect program and sensitive data files.
5) Data entry is authorized (i.e., signatures on sources documents) and accuracy of input is verified.
6) Applications are well-documented, including all systems changes/updates.
g. Review all critical writable screens and who has write access to them.
11. Expenditures and Transfers
a. Indicate in audit memo what control is maintained to ensure that goods/services listed on paid invoices have actually been received. Determine names, positions, and duties of the following:
1) Person(s) authorized to sign requisitions and open order releases.
2) Person(s) certifying receipt of goods/services.
3) Person(s) approving vendor invoices and invoice confirmations.
b. Select a representative sample of purchase order invoices from the departmental fund ledgers, and test as follows (use of FOCUS reports and ACL as applicable).
1) Locate supporting documents in departmental files: purchase order requisition, purchase order Store delivery slip, vendor invoice and invoice confirmation.
2) Determine that authorization and procedures were in accordance with (A) above.
c. Test interdepartmental charges and review supporting detail.
d. Review one month's phone bill, noting any unusual calls by time or duration. Obtain explanation if needed. Reference the following website: http://www.teldir.com/
e. Indicate in an audit memo what control is maintained over payroll charges and payroll checks to ensure that services were received for amounts paid. Indicate the persons and their positions involved in payroll processing.
1) Trace charges from original time documents to the payroll distribution summary for a test month.
2) Review personnel charged to the account for reasonableness and appropriate cost-center accounting.
f. Select and list a representative sample of all other expenditures for review. (use of FOCUS reports as applicable)
1) Audit at least two petty cash vouchers.
2) Review travel expense reports for supporting detail on file in Accounting.
3) Determine that purchase order requisition system is not being by-passed, except as authorized. Also, determine that properly approved contracts exist for special major/continuing service arrangements not covered by a purchase order.
4) Test documentation for departmental open orders. Determine that unit value limitations and other restrictions are followed.
5) Test refunds where applicable by examination of supporting detail.
g. Note unusual preference for particular vendors, for possible follow-up in Purchasing.
h. Budgeted Accounts
1) These accounts should be audited in connection with your regular audit if they are related to the accounts under audit.
2) Determine the basis of charging salaries and other costs between clearing and budgeted funds.
i. Where applicable, review the expenses to ensure that costs are properly allocated/recharged.
j. Explain major transfers of expenditures to/from other accounts.
k. Determine that amounts appearing in transfer column have been properly approved.
1) All interfund transfers should be authorized by the department chairperson, and/or the Budget Office.
2) Any transfer of budgeted funds should agree with budget authorization by the Budget Office.
l. Determine if fund ledger entries are being verified against appropriate documentation monthly.
12. Completion of Audit
a. Submit workpapers and summary of findings for review.
b. Clear review items and draft comprehensive audit memo indicating tests performed, with audit report of findings and recommendations attached.
c. Exit with department and obtain their responses along with any necessary revisions.
d. Incorporate responses into report for final distribution to department and senior/executive management.
e. Update file for any changes to/or additional reports necessary for performance of next audit.
f. Determine that all permanent file documents are returned to the file after completion of the audit.
g. Audit follow-up should be completed within a three- to six-month period, if required.
Internal Control Questionnaire
1. Management
a. What are significant functional areas of responsibility?
b. Rate resources provided to you to accomplish these tasks.
1) Personnel
2) Facilities
3) Equipment
4) Operating Budget
c. Please discuss briefly who performs these functions, process used and time allotted?
d. What would be your overall objective ( to provide a required service, assist another department, increase revenues, etc.) for each of these functions?
e. Do you provide and/or require periodic status or follow-up reports on these activities?
f. What new service or level of service are you currently striving to attain?
g. What service or process do you have within your department that you would suggest other universities use as a model for their operations?
h. What service or process would you share with other offices on campus which might enhance their operations or assist the university in accomplishing its mission?
i. If all the necessary resources could be provided to you, what institution would you like to model your department after and why?
j. What would be the effect of this change upon:
1) The university?
2) The division?
3) The department?
4) The users of your department?
k. What necessary resources are required for you to make this change?
2. Accountability
a. What types of reports do you provide on results of operations and to whom?
b. Do you have committees which have oversight responsibilities and have you found their input helpful?
c. To what degree must your department interact with other departments on campus?
d. Are these relationships fairly well established and problem free?
e. Do you feel the lines of responsibility are clearly defined in these interdepartmental relations?
f. Does a position description exist which defines the responsibilities/duties of each employee in the department including the Director?
g. Which functional area requires the most of your time because of volume, difficulty or risks associated with the activity?
h. What types of functional questions/problems must you have resolved by your supervisor and how frequently do these arise?
i. When these questions/problems occur, what steps are taken to prevent a reoccurrence or need for supervisory intervention? Please give two recent examples
3. Planning
a. What input into planning is received from sources within and external to the department?
b. Are long or short range plans developed and if so by whom?
c. Are they approved and what further action is taken on the plan when completed/approved?
d. What changes do you see forthcoming for your department and what has been done in anticipation of these changes?
e. Are department plans communicated to employees so individual work plans and processes are revised to complement the department's objectives?
f. Are you included in a divisional retreat or workshop where goals or solutions to existing problems are discussed with your peers?
g. If so, do you feel your input or consideration of your suggestions was considered adequately?
h. How do you anticipate your employees' response to this question if it were rephrased to include the department level?
i. If divisional (departmental) workshops are not conducted, how do you think goals and directives for your department are formulated?
j. Are you included in your supervisor's regular staff meetings?
k. Do you feel these meetings are well organized and provide you the opportunity to receive and give information to you, your employees, your division and the university?
l. Describe all mechanisms used to disseminate information within your department including frequency?
4. Personnel
a. Is employee turnover kept to a minimum?
b. Does the performance measurement system follow general university guidelines and is it performed by supervisor or department head?
c. Does the Director have regular performance evaluations?
d. Is the staff given an opportunity to evaluate the supervisor's performance?
e. Are there national organizations with which you are affiliated?
f. Are there standards for operations, average salary information, etc., available for your profession?
g. Describe training provided to you and your staff. Include whether such training is required to meet minimum job requirements or professional development of employee.
h. Is there an opportunity for promotion within the department or university?
i. Are employees provided with recognition for personal and professional accomplishments? Please describe.
j. In your opinion for how long and how effectively could this department function during unforeseeable extended absences of the Director or other key employees?
k. What provisions have been made or are needed to minimize the effect of such an event on university operations?
l. In your opinion is employee morale conducive to a reasonable level of productivity?
m. What measures have been taken or will be taken to improve employee morale?
Internal Control Questionnaire
1. Agency/Regulation:
a. Who in the department is primarily responsible for compliance?
b. Please provide a current copy of the agency requirements or regulations.
c. Are other departments responsible for compliance?
d. If so how do they receive new information?
e. Are there procedures for monitoring compliance?
f. Are employees/departments aware of where to go with questions?
g. Are there workshops held on the subject and have employees attended?
h. What do you feel is (are) the most significant risk area(s) for the university?
i. How is (are) the risk(s) minimized?
j. How and when are reports forwarded to senior management for their information, approval or action?
k. Any problem you wish to discuss?
Audit Program
Objective: Determine department has sufficient control, within department or through others, to assure compliance with major requirements of law or agency
1. Agency or Regulation
a. Memo to responsible department head to schedule internal control questionnaire.
b. Entrance conducted and questionnaire reviewed.
c. Obtain current copy of regulation or agency guidelines and summarize key requirements.
d. Select judgmental sample of agency requirements and determine department's ability to comply with significant requirements.
e. Determine web site information is current and complies with web content accessibility guidelines.
f. If other departments are involved, test communication and reporting for accuracy and timeliness.
g. Report results to department with any recommendations.
h. Include response in report to senior management and schedule follow up.
| Last revision August 2005 |
| Email us at harrisc@uncw.edu |