Control Environment Self-Evaluation Questionnaire

1. Does your management philosophy and style communicate high expectations regarding integrity and ethical values? Are your directives and actions consistent with these expectations?

2. Is the organizational structure in your area clearly defined?

3. Are human resources policies clearly communicated to your personnel?

4. Have all important expectations or “policies” been formalized and communicated to your personnel?

5. Do you reprimand inappropriate behavior in a consistent manner regardless of the individual’s position or status? Is this done in a timely and direct manner?

6. Have you identified your organization’s customers and/or clients? Is your area perceived by these groups as one where there are fair and honest dealings?

7. Do you expect full compliance with laws, regulations and policies?

8. Are the number of requests to approve exceptions to established policy kept to a minimum? Are such approvals always documented?

9. Are realistic performance objectives set for your personnel?

10. Are job descriptions accurate and up to date? Do they include all major expectations?

11. Do your personnel have the knowledge and skills required for their positions?

12. Do you provide adequate training for all categories of personnel?

13. Is employee turnover in your area at an acceptable level? If turnover is excessive, do you know the root causes?

14. Are accounting and budgeting activities an integral part of your decision making processes?

15. Do management reports tell the whole story? Are they timely and do they raise “red flags” where appropriate?

16. Are your employees appropriately empowered and given adequate resources to fulfill their responsibilities?

 

RISK ASSESSMENT

1. Have department or division objectives been established?

2. Have activity-level objectives also been established?

Are there documented objectives for all key activities?
Do they include statements of purpose regarding operations, reporting and compliance?
Are they realistic and consistent with past practices and performance, or with relevant benchmarks?
Are they periodically reviewed and updated?

Do they include measurement criteria?

3. Have the objectives been prioritized?

4. Were all employee levels represented in establishing the objectives?

5. Have risks or obstacles to achieving each objective been identified?

Were risks from external sources (suppliers, technology changes, economic and political conditions, regulations, etc.) adequately considered? Were risks from internal sources (employee turnover, morale and commitment to objectives, performance of information systems, etc.) adequately considered?

6. Have the risks been prioritized?

Was there an evaluation of the likelihood of occurrence?
Has the potential monetary impact been estimated?
Have the risks been categorized as (a) tolerable or (b) requiring action?

7. Were appropriate levels of management involved in analyzing the risks?

8. Have overall strategies for managing important risks been established?

9. Have specific assignments and activities necessary to implement the strategies been identified and communicated to the responsible employees?

 

CONTROL ACTIVITIES

Have you considered necessary control activities for each of your operations? For example:

1. Do you and your employees evaluate performance with regard to established objectives? Are these evaluations based on previously agreed upon standards?

2. Are all new programs or activities formally authorized in advance?

3. Are you currently operating within budget? Did you complete last year within budget?

4. Are important financial and operating reports routinely reviewed and shared with your key personnel?

5. Are key reconciliations prepared and reviewed?

6. Do you or your key managers review and approve all financial transactions?

7. Do you track the location and use of all equipment? Is missing equipment investigated? Are there additional controls for equipment checked out to individuals or taken off campus?

8. Do you provide adequate physical security for cash and other assets subject to theft?

9. Do you provide adequate guidance and training for personnel who have responsibility for cash and similar assets?

10. Are individuals who control assets prohibited from also recording transactions related to those assets? For example, is the cashier not allowed to handle record keeping for accounts receivable?

Please list the primary control activities you rely upon in managing your organization?

 

INFORMATION AND COMMUNICATION

1. Do you receive relevant information regarding legislation, regulatory developments, economic changes, or similar external factors that may affect your organization?

2. Is key information about your organization’s operations identified and regularly reported?

Do managers receive sufficient information to carry out their responsibilities?
Is the information understandable and usable?
Is information available in a timely manner?

3. Is there a means for you to identify emerging information needs?

4. Are plans for the effective use of information technology developed and linked with strategic initiatives? Are the plans consistent with available resources?

5. Are training, meetings, seminars, on-the-job supervision sufficient to communicate to the employees their duties and responsibilities?

6. Is there a way to communicate suspected improprieties upstream through someone other than a direct superior? Is the complainant protected from retaliation?

7. Is trust actively promoted between employees, supervisors and departments?

8. Are employees encouraged to provide recommendations for improvement? Are they recognized or rewarded for suggestions?

9. Have you communicated your organization’s standards and expectations to key outside groups or individuals?

10. Are client complaints taken seriously, investigated, and acted upon?

Is there follow-up communications with the complainant?
Is management aware of the nature and volume of complaints?

 

MONITORING

1. Do you routinely evaluate the overall effectiveness of your internal control system?

2. How do you monitor the control environment?

Do you assess employee attitudes?
Do you review your organization structure for effectiveness?
Do you review and evaluate policies and procedures?

3. Do you periodically evaluate the effectiveness of your risk assessment procedures?

4. Do you regularly monitor the effectiveness of key control activities?

Do you spot-check transactions, records, and reconciliations to ensure they meet your expectations?
Do you randomly compare assets on hand (cash, inventories, etc.) to recorded amounts and investigate discrepancies?

5. Are all information and communication systems periodically evaluated for accuracy, timeliness and relevance?

Do you question financial and management reports that appear unusual or inconsistent?
Does management encourage employees to provide feedback on whether controls operate effectively?
Are there performance evaluations, at least annually, where employees and supervisors discuss expectations, goals and performance?