Scribd Logo
Upload

Welcome to Scribd!

  • Internal Control Questionnaire Control Environment

    Uploaded by

    Erika Eludo
    9 views3 pages
    The summaries are: 1) The management of Sheridan Audio Visual Ltd does not focus on honesty, integrity and ethical values or have appropriate written policies. Risks are not adequately monitored and management does not value controls. 2) There is no organizational control or computer department, and duties are not properly segregated. No formal disaster recovery or system development controls exist. 3) Access controls are weak, and processing and files are not adequately reviewed or maintained for recovery. While backups are stored off-site, overall controls need significant improvement.

    Original Description:

    Original Title

    Control Enviroment

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The summaries are: 1) The management of Sheridan Audio Visual Ltd does not focus on honesty, integrity and ethical values or have appropriate written policies. Risks are not adequately monitored and management does not value controls. 2) There is no organizational control or computer department, and duties are not properly segregated. No formal disaster recovery or system development controls exist. 3) Access controls are weak, and processing and files are not adequately reviewed or maintained for recovery. While backups are stored off-site, overall controls need significant improvement.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    9 views3 pages

    Internal Control Questionnaire Control Environment

    Uploaded by

    Erika Eludo
    The summaries are: 1) The management of Sheridan Audio Visual Ltd does not focus on honesty, integrity and ethical values or have appropriate written policies. Risks are not adequately monitored and management does not value controls. 2) There is no organizational control or computer department, and duties are not properly segregated. No formal disaster recovery or system development controls exist. 3) Access controls are weak, and processing and files are not adequately reviewed or maintained for recovery. While backups are stored off-site, overall controls need significant improvement.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    INTERNAL CONTROL QUESTIONNAIRE

    CONTROL ENVIRONMENT

    QUESTION YES, NO, N/A Comments


    Integrity and Ethical Values
    1. Does the management set the “tone at the No The management of Sheridan
    top” by demonstrating a commitment to Audio Visual Ltd does not focus on
    integrity and ethics through both its words honesty, integrity and ethical
    and deeds? values.
    2. Have appropriate entity policies regarding
    acceptable business practices, conflicts of No There were no written policies with
    interest, and codes of conduct been regards to appropriate entity
    established and adequately policies
    communicated?
    3. Have incentives and temptations that might No Even though they have this bonus
    lead to unethical behaviour been reduced scheme for employees, this still
    or eliminated? can’t guarantee that unethical
    behaviour will reduce.
    Board of directors and audit committee
    1. Are there regular meetings of the board Yes Meetings with the board are held
    and are minutes prepared on a timely quarterly.
    basis?
    2. Do board members have sufficient Yes Majority of the company’s board
    knowledge, experience and time to serve members, with the exception of
    effectively? one, have been in the company for
    3. Is there an audit committee composed of No a long period.
    outside directors?
    Management’s philosophy and operating style We found that the management
    1. Are business risks carefully considered and No has a negative opinion of the
    adequately monitored? controls after talking to employees
    2. Is management’s selection of accounting No and managers. Finance isn't
    principles and development of accounting important to the Managing
    estimates consistent with objective and fair Director because he/she doesn't
    reporting? have any involvement, and he/she
    3. Has management demonstrated a No doesn't value it either. Due to this,
    willingness to adjust the financial fraud opportunities and material
    statements for material misstatements? misstatement risks are increased in
    all financial statement balances. A
    higher risk of non-compliance with
    standards, regulations and banking
    covenants increases.
    Human resource policies and practices
    1. Do existing personnel policies and No Rosie and David have an informal
    procedures result in the recruitment or conversation regarding new
    development of competent and recruits but there is no written and
    trustworthy people needed to support an signed agreement.
    effective internal control structure?
    2. Do personnel understand the duties and No It’s unclear what the job entails.
    procedures applicable to the job?
    3. Is the turnover of personnel in key Yes The turnover of personnel in key
    positions at an acceptable level? positions at an acceptable level
    INTERNAL CONTROL QUESTIONNAIRE
    ORGANISATIONAL CONTROLS

    QUESTION YES, NO, N/A Comments


    Organisational controls
    1. Are the following duties segregated within No
    the computer department:
     Systems design?
     Computer programming?
     Computer operations?
     Data entry?
     Custody of systems documentation, It’s all done manually, so there’s no
    programs and files? organizational control or computer
     Data control? department.
    2. Are the following duties performed only
    outside the computer department: No
     Initiation and authorisation of
    transactions?
     Authorisation of changes in systems,
    programs and master files?
     Preparation of source documents?
     Correction of errors in source
    documents?
     Custody of assets?
    Systems development and maintenance controls
    1. Is there adequate participation by users No
    and internal auditors in new systems
    development?
    2. Is proper authorisation, testing and No
    documentation required for system and
    program changes? There is no IT Staff yet.
    3. Is access to systems software restricted to No
    authorised personnel?
    4. Are there adequate controls over data files No
    (both master and transaction files) during
    conversion to prevent unauthorised
    changes?
    Access controls
    1. Is access to computer facilities restricted to Yes All staffs have individual password.
    authorised personnel?
    2. Is access to data files and programs No
    restricted to authorised personnel?
    3. Are computer processing activities No
    reviewed by management?
    Other controls
    1. Is there a disaster contingency plan to No No formal plan exists at Sheridan
    ensure continuity of operations? AV but Rosie is aware and
    2. Is there off-site storage of back-up files and Yes considered threats to the computer
    programs? hardware/software and has
    3. Are sufficient generations of programs, implemented controls. Some of the
    master files and transaction files No areas that are covered by their
    maintained to facilitate recovery and insurance include fire and floods.
    reconstruction of computer processing?
    4. Are there adequate safeguards against fire, Yes Sheridan holds data and programs
    water damage, power failure, power in a secure place in the new
    fluctuations, theft etc? warehouse building since it is away
    from the main office building and
    warehouse; they think that it
    would be much safer.
    As an example, when it comes to
    fire safety, every office is equipped
    with fire alarms and the staffs have
    been trained on what to do in case
    of a disaster.

    You might also like