Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
132 views2 pages

Internal Control Structure Validation Questionnaire

The document provides a questionnaire for boards and management to evaluate their internal controls validation process required under Sarbanes-Oxley Section 404. For boards, it asks if management has reviewed its plan with the audit committee, considers self-assessment and monitoring, and is cost-effective. For management, it asks if the plan integrates self-assessment, monitoring and testing, is supported by a project management office, focuses on critical controls, and incorporates lessons into next year's budget. The goal is an ongoing, cost-effective internal controls validation process.

Uploaded by

Manna Mahadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
132 views2 pages

Internal Control Structure Validation Questionnaire

The document provides a questionnaire for boards and management to evaluate their internal controls validation process required under Sarbanes-Oxley Section 404. For boards, it asks if management has reviewed its plan with the audit committee, considers self-assessment and monitoring, and is cost-effective. For management, it asks if the plan integrates self-assessment, monitoring and testing, is supported by a project management office, focuses on critical controls, and incorporates lessons into next year's budget. The goal is an ongoing, cost-effective internal controls validation process.

Uploaded by

Manna Mahadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

INTERNAL CONTROL STRUCTURE VALIDATION

QUESTIONNAIRE

From Protiviti’s The Bulletin: Volume 2, Issue 4

Section 404 of the Sarbanes-Oxley Act of 2002 requires public companies to annually assert that internal controls
over financial reporting (ICFR) is designed and operating effectively. How will your company transition its Section
404 compliance activity from an ad hoc, high-cost project to an ongoing, cost-effective process? This
questionnaire focuses on how organizations can implement a cost-effective approach for validating the operating
effectiveness of its ICFR that includes all primary sources of evidence, not just independent tests of controls,
supporting management’s assertion in the annual internal control report. These questions address management’s
assessment process, not the external audit of ICFR.

KEY QUESTIONS FOR BOARD MEMBERS

1. Has management reviewed its plan to validate controls operating effectiveness in the current year with the
audit committee?

¨ Yes ¨ No ¨ NA
Comment:

2. Does the plan consider self-assessment and entity-level monitoring elements so that management is not solely
relying on independent controls testing?

¨ Yes ¨ No ¨ NA
Comment:

3. Is the audit committee satisfied that the plan for validating internal controls performance is cost-effective and
optimizes net audit costs without compromising audit effectiveness?

¨ Yes ¨ No ¨ NA
Comment:

4. Has the audit committee asked the external auditor how he or she plans to improve the cost-effectiveness of
the Section 404 attestation process in the current year?

¨ Yes ¨ No ¨ NA
Comment:

5. Does the auditor’s plan include the integration of audits from the financial statements and ICFR?

¨ Yes ¨ No ¨ NA
Comment:

1 Source: www.knowledgeleader.com
KEY QUESTIONS FOR MANAGEMENT

1. Have you planned for optimizing the efficiency and effectiveness of your Section 404 compliance process
through appropriately integrating process owner self-assessment, entity-level monitoring and independent
testing of controls?

¨ Yes ¨ No ¨ NA
Comment:

2. Is your plan supported by a PMO (or an equivalent function) that monitors its execution?

¨ Yes ¨ No ¨ NA
Comment:

3. Have you thought about how you can improve the effectiveness and efficiency of your business processes to
facilitate cost-effective control monitoring and testing?

¨ Yes ¨ No ¨ NA
Comment:

4. Is your testing plan sufficiently focused on the most critical controls?

¨ Yes ¨ No ¨ NA
Comment:

5. Does the plan spell out the rules of engagement upfront so that evaluators will know what actions to take
should a test indicate that a control is not operating effectively?

¨ Yes ¨ No ¨ NA
Comment:

6. Are you satisfied that control evaluators meet the external auditor’s criteria related to competence and
objectivity?

¨ Yes ¨ No ¨ NA
Comment:

7. Are you thinking about incorporating appropriate action items into next year’s budget cycle to increase the
cost-effectiveness of the compliance process?

¨ Yes ¨ No ¨ NA
Comment:

2 Source: www.knowledgeleader.com

You might also like