The summaries are:
1) The management of Sheridan Audio Visual Ltd does not focus on honesty, integrity and ethical values or have appropriate written policies. Risks are not adequately monitored and management does not value controls.
2) There is no organizational control or computer department, and duties are not properly segregated. No formal disaster recovery or system development controls exist.
3) Access controls are weak, and processing and files are not adequately reviewed or maintained for recovery. While backups are stored off-site, overall controls need significant improvement.
The summaries are:
1) The management of Sheridan Audio Visual Ltd does not focus on honesty, integrity and ethical values or have appropriate written policies. Risks are not adequately monitored and management does not value controls.
2) There is no organizational control or computer department, and duties are not properly segregated. No formal disaster recovery or system development controls exist.
3) Access controls are weak, and processing and files are not adequately reviewed or maintained for recovery. While backups are stored off-site, overall controls need significant improvement.
The summaries are:
1) The management of Sheridan Audio Visual Ltd does not focus on honesty, integrity and ethical values or have appropriate written policies. Risks are not adequately monitored and management does not value controls.
2) There is no organizational control or computer department, and duties are not properly segregated. No formal disaster recovery or system development controls exist.
3) Access controls are weak, and processing and files are not adequately reviewed or maintained for recovery. While backups are stored off-site, overall controls need significant improvement.
Integrity and Ethical Values 1. Does the management set the “tone at the No The management of Sheridan top” by demonstrating a commitment to Audio Visual Ltd does not focus on integrity and ethics through both its words honesty, integrity and ethical and deeds? values. 2. Have appropriate entity policies regarding acceptable business practices, conflicts of No There were no written policies with interest, and codes of conduct been regards to appropriate entity established and adequately policies communicated? 3. Have incentives and temptations that might No Even though they have this bonus lead to unethical behaviour been reduced scheme for employees, this still or eliminated? can’t guarantee that unethical behaviour will reduce. Board of directors and audit committee 1. Are there regular meetings of the board Yes Meetings with the board are held and are minutes prepared on a timely quarterly. basis? 2. Do board members have sufficient Yes Majority of the company’s board knowledge, experience and time to serve members, with the exception of effectively? one, have been in the company for 3. Is there an audit committee composed of No a long period. outside directors? Management’s philosophy and operating style We found that the management 1. Are business risks carefully considered and No has a negative opinion of the adequately monitored? controls after talking to employees 2. Is management’s selection of accounting No and managers. Finance isn't principles and development of accounting important to the Managing estimates consistent with objective and fair Director because he/she doesn't reporting? have any involvement, and he/she 3. Has management demonstrated a No doesn't value it either. Due to this, willingness to adjust the financial fraud opportunities and material statements for material misstatements? misstatement risks are increased in all financial statement balances. A higher risk of non-compliance with standards, regulations and banking covenants increases. Human resource policies and practices 1. Do existing personnel policies and No Rosie and David have an informal procedures result in the recruitment or conversation regarding new development of competent and recruits but there is no written and trustworthy people needed to support an signed agreement. effective internal control structure? 2. Do personnel understand the duties and No It’s unclear what the job entails. procedures applicable to the job? 3. Is the turnover of personnel in key Yes The turnover of personnel in key positions at an acceptable level? positions at an acceptable level INTERNAL CONTROL QUESTIONNAIRE ORGANISATIONAL CONTROLS
QUESTION YES, NO, N/A Comments
Organisational controls 1. Are the following duties segregated within No the computer department: Systems design? Computer programming? Computer operations? Data entry? Custody of systems documentation, It’s all done manually, so there’s no programs and files? organizational control or computer Data control? department. 2. Are the following duties performed only outside the computer department: No Initiation and authorisation of transactions? Authorisation of changes in systems, programs and master files? Preparation of source documents? Correction of errors in source documents? Custody of assets? Systems development and maintenance controls 1. Is there adequate participation by users No and internal auditors in new systems development? 2. Is proper authorisation, testing and No documentation required for system and program changes? There is no IT Staff yet. 3. Is access to systems software restricted to No authorised personnel? 4. Are there adequate controls over data files No (both master and transaction files) during conversion to prevent unauthorised changes? Access controls 1. Is access to computer facilities restricted to Yes All staffs have individual password. authorised personnel? 2. Is access to data files and programs No restricted to authorised personnel? 3. Are computer processing activities No reviewed by management? Other controls 1. Is there a disaster contingency plan to No No formal plan exists at Sheridan ensure continuity of operations? AV but Rosie is aware and 2. Is there off-site storage of back-up files and Yes considered threats to the computer programs? hardware/software and has 3. Are sufficient generations of programs, implemented controls. Some of the master files and transaction files No areas that are covered by their maintained to facilitate recovery and insurance include fire and floods. reconstruction of computer processing? 4. Are there adequate safeguards against fire, Yes Sheridan holds data and programs water damage, power failure, power in a secure place in the new fluctuations, theft etc? warehouse building since it is away from the main office building and warehouse; they think that it would be much safer. As an example, when it comes to fire safety, every office is equipped with fire alarms and the staffs have been trained on what to do in case of a disaster.