Audit Checklists PDF

Audit Checklists & Continuous Auditing for Financial Close and Sarbanes-Oxley (SOX) Audit Procedures
December 2006
This document provides a consolidated set of audit checklists typical of those used by internal and external auditors to evaluate the financial close process and test compliance with SarbanesOxley (SOX). These checklists identify all of the typical controls that comprise a typical audit and highlight ways that you can automate many of the tasks by using an independent controls monitoring and audit (CMA) solution.
Table of Contents
Section 1 Financial Close Process ......................................................................................... 3 Section 2 Entity Level Controls - Control Environment ........................................................... 5 Section 3 Entity Level Controls - Information & Communication............................................. 8 Section 4 Entity Level Controls Monitoring ........................................................................ 10 Section 5 Entity Level Controls Risk Assessment ............................................................. 12 Section 6 Expenditure Process Controls .............................................................................. 12 Section 7 Fixed Assets Process Controls ............................................................................. 17 Section 8 Inventory Management Process Controls ............................................................. 19 Section 9 Payroll Process Controls ...................................................................................... 22 Section 10 Revenue Process Controls ................................................................................. 24 Section 11 Treasury Process Controls ................................................................................. 27 Section 12 SOX Checklist..................................................................................................... 30 ABOUT APPROVA .................................................................................................................. 34
Section 1 Financial Close Process

The financial close process is the single largest source of internal controls weaknesses disclosed in SEC filings. Some of the most common challenges include revenue recognition, accruals, capitalization, and inter-company eliminations. For this reason it is typically a major focus of most audits. The following checklist highlights the key controls that auditors test and indicate where there are opportunities to automate processes as part of a continuous audit process.
Checklist #1: Financial Close Process

Business Activity 1 2 Financial Close Financial Close Financial Close Point of Focus/ Control Objective Accounting policies exist, are kept current, and are communicated to the appropriate personnel. Procedures are in place to ensure that all transactions are recorded in accordance with GAAP. Close procedures, including due dates, responsibilities, disclosure updates, and account classifications are defined, communicated, and implemented. Ability to Automate Description of Automation
z z z z z z z z z z z z z z z
Financial Close
The standard corporate reporting format is utilized.
Financial Close Financial Close Financial Close Financial Close Financial Close Financial Close Financial Close Financial Close Financial Close Financial Close Financial Close
Access to accounting and reporting applications is limited to the appropriate individuals.
Journal entry input is restricted to authorized personnel. There is a checklist of the standard closing journal entries made at month-end, quarter-end, and year-end. Pre-numbered vouchers are used to ensure that all non-recurring entries are processed only once in the system. Manual journal entries have adequate supporting documentation and are approved by the appropriate level of management.
Continuous controls monitoring and audit of the financial close process is an integral part of the financial close procedure. CMA solutions can report test results in existing corporate reports or as part of third party reporting packages (e.g. Crystal Reports). CMA solutions provide detailed remediation and monitoring of user access for accounting and reporting applications. CMA solutions monitor unauthorized or irregular journal entries. CMA solutions identify nonstandard journal entries. CMA solutions identify duplicate journal entries. CMA solutions identify manual journal entries that do not have proper approvals.
7 8
10 11
Standardized journal entries are used for recurring journal entries. Journal entries are supported and authorized before being posted. System logic prevents journal entries for which debits do not equal credits. The system will not allow journal entries to be recorded to a closed accounting period. System logic will not allow duplicate journal entry numbers. A procedure detailing the calculation of specific accruals and recording rules exists and is consistently applied.
CMA solutions identify unauthorized journal entries. CMA solutions identify journal entries for which debits do not equal credits. CMA solutions identify journal entries that have been recorded after a closed accounting period. CMA solutions identify duplicate journal entries.
12
13
14 15
16 17 18 19 20
Financial Close Financial Close Financial Close Financial Close Financial Close Financial Close Financial Close Financial Close
Write-offs and reserves are clearly defined, consistently applied, and monitored in accordance with company policy. All account balances are reconciled prior to closing the books, including confirming that balances agree with related parties. Significant variances in reconciliations are investigated and resolved timely. Fluctuation analysis of actual to budget or prior periods is performed. The financial reporting package is reviewed by management before submission to Corporate. Duties are appropriately segregated in the closing process. Access/authorization controls are in place to maintain the integrity of the chart of accounts. Procedure is in place to identify any changes to master data that have significant financial accounting and/or reporting implications to the accounting department A procedure is in place to identify and communicate transactions/events that have significant financial accounting and/or reporting implications to the accounting department.
21
22
23
z z z z z z z z z
CMA solutions identify and remediate segregation of duties violations. CMA solutions monitor all changes to the chart of accounts. CMA solutions monitor all changes to master data. For the operations that CMA solutions monitor, appropriate alerting and reporting is performed to communicate any anomalies in financial close procedures.
24
Financial Close
z = Significant opportunities to implement a controls monitoring and audit (CMA) solution z = Some opportunity to implement a controls monitoring and audit (CMA) solution z = Little or no opportunity to implement a controls monitoring and audit (CMA) solution
Section 2 Entity Level Controls - Control Environment

The control environment helps define the atmosphere in which people conduct their activities and carry out their control responsibilities. It sets the tone of an organization by influencing the control consciousness of its people. It is the foundation for all other components of internal controls and provides discipline and structure. Control environment factors include the integrity, ethical values, and competence of the organizations people; management's philosophy and operating style; the way management assigns authority and responsibility; the way management organizes and develops its people; and the attention and direction provided by the audit committee and board of directors. The objective of the control environment is to establish and promote a collective attitude toward achieving effective internal control over the entity's business. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process.
Checklist #2: Entity Level Controls - Control Environment

COSO Attribute 1 Integrity & Ethical Values Point of Focus/ Control Objective A code of conduct and other policies exist regarding acceptable business practices, conflicts of interest, or expected standards of ethical and moral behavior. There is an established "tone at the top" including explicit guidance about what is right and wrong. This tone is communicated and practiced by executives and management throughout the organization. Employees are aware of what to do when they encounter improper behavior. Management follows ethical guidelines in dealing with employees, suppliers, customers, investors, creditors, insurers, competitors, regulators, and auditors. The importance of high ethics and controls is discussed with newly hired employees through orientations or interviews. Management removes or reduces incentives or temptations that might cause personnel to engage in dishonest or unethical acts. Management takes appropriate disciplinary action in response to departures from approved policies and procedures or violations of the code of conduct. Situations involving pressure to meet unrealistic targets do not exist or are properly controlled - particularly for short-term results. Individual compensation awards are in line with the ethical values of the company, and foster an appropriate ethical tone (e.g., bonuses are not given to those that meet objective, but in the process circumvent established policies, procedures, or controls). Company personnel have the competence and training necessary for their assigned duties. Personnel are cross-trained to understand other functions and the impact of their specific duties on other areas of the company. Management possesses broad functional experience (i.e., management comes from several functional areas rather than just a few, such as production and sales). Ability to Automate Description of Automation
z z z z z z z z z z z
5
Integrity & Ethical Values
Integrity & Ethical Values Integrity & Ethical Values Integrity & Ethical Values Integrity & Ethical Values Integrity & Ethical Values
4 5
Integrity & Ethical Values Commitment to Competence Commitment to Competence Commitment to Competence
9 10
11
12 13 14
Commitment to Competence Commitment to Competence Commitment to Competence Management's Philosophy & Operating Style Management's Philosophy & Operating Style Management's Philosophy & Operating Style Management's Philosophy & Operating Style Management's Philosophy & Operating Style Organizational Structure Organizational Structure
Management provides personnel with access to training programs on relevant topics. Formal job descriptions or other means of defining tasks that comprise particular jobs exist and are effectively used. Adequate staffing levels are maintained to effectively perform required tasks. Management analyzes the risks and potential benefits of ventures. Turnover in management or supervisory personnel is monitored and the reasons for significant turnover are evaluated. Senior management maintains contact with and consistently emphasizes appropriate behavior to operating personnel. Management exemplifies attitudes and actions reflecting a sound control environment and commitment to ethical values. Management adopts accounting policies that best reflect the economic realities of the business. Executives clearly understand their responsibility and authority for business activities and how they relate to the entity as a whole. The entity establishes appropriate lines of reporting, giving consideration to its size and the nature of its activities.
15
16
17
18
19
20 21
z z z z z z z z z z z z z z z z z z z
For the operations that CMA solutions monitor, appropriate alerting and reporting is performed to communicate any anomalies in the control environment CMA solutions identify and remediate segregation of duties (SoD) violations.
22
Organizational Structure
The structure of the entity facilitates the flow of information to appropriate people in a timely manner.
23
Organizational Structure Assignment of Authority & Responsibility Assignment of Authority & Responsibility
Incompatible duties are segregated (e.g., separation of accounting for and access to assets). Employees throughout the entity are assigned authority and responsibility related to their specific job functions. Job descriptions contain specific references to control-related responsibilities.
24
25
26
Assignment of Authority & Responsibility
Employees are empowered, when appropriate, to correct problems or implement improvements.
27
28
29
30
Assignment of Authority & Responsibility Assignment of Authority & Responsibility Human Resources Policies & Procedures Human Resources Policies & Procedures
There is a structure for assigning ownership of information including who is authorized to initiate or change transactions. There are policies and procedures for authorization and approval of transactions. Management establishes and enforces standards for hiring the most qualified individuals, with emphasis on educational background, prior work experience, past accomplishments, and evidence of integrity and ethical behavior. Screening procedures, including background checks, are employed for job applicants, particularly for employees with access to assets susceptible to misappropriation.
CMA solutions are designed so that the business process owner can design, implement and monitor controls and perform remediation of control violations without having to enlist IT resources. CMA solutions include remediation workflow to remediate SOD violations.
31
32
33
34
35
Human Resources Policies & Procedures Human Resources Policies & Procedures Human Resources Policies & Procedures Human Resources Policies & Procedures Human Resources Policies & Procedures
Recruiting practices include formal, in-depth employment interviews and informative, insightful presentations on the entity's history, culture, and operating style. Training policies communicate prospective roles and responsibilities and illustrate expected levels of performance and behavior.
z z z z z
Job performance is periodically evaluated and reviewed with each employee.
Disciplinary actions send a message that violations of expected behavior will not be tolerated.
An ongoing education process enables people to deal effectively with evolving business environments.
1
Section 3 Entity Level Controls - Information & Communication

Information and communication is the component of internal controls that ensures that pertinent information is identified, captured, and communicated in a form and timeframe that enables people to carry out their responsibilities. Information systems produce reports containing operational, financial, and compliance-related information that make it possible to run and control the business. They deal with internally-generated data, as well as with information about external events, activities, and conditions necessary to make informed business decisions and generate reliable external reports. Effective communication must also occur in a broader sense, throughout the organization. The tone at the top must clearly demonstrate to all employees that control responsibilities are to be taken seriously. Individuals must understand their own role in the internal control system, as well as how individual activities relate to the work of others. Individuals must have a means of communicating significant information upwards within the organization. The objective of information and communication audits is to ensure that information relevant to operating the business and the maintenance of internal controls and records is identified, captured, and communicated to the appropriate individuals on a timely basis. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process. Checklist #3: Entity Level Controls - Information & Communication
COSO Attribute 1 Information Availability Point of Focus/ Control Objective Management monitors relevant external information and considers the impact on the entity. Ability to Automate Description of Automation
z z z z z z
Independent CMA solutions can easily integrate with other governance, risk, compliance, and security-related applications such as Identity Management, GRC applications and portals. CMA solutions greatly reduce the time and effort of monitoring information system controls that affect the accuracy of financial statements.
Information Availability
Internal information regarding financial results is generated by the entity's financial information systems and that information is reported regularly.
3 4
Information Availability Information Availability Information Availability
Entity-wide operating results are reviewed and compared against budgets at regular intervals. The adequacy of the information technology structure is considered by senior management. Managers and other personnel have the required information in sufficient detail to carry out their responsibilities and there are mechanisms in place to ensure changing needs are met.
Reliability of IT Systems
Management has a strategic plan for IT systems that are linked to the entity's overall strategies.
Procedures are in place to provide assurance that relevant information is identified, captured, processed and reported by IT systems in an appropriate and timely fashion.
Management adequately staffs and designs the IT department to support the entity's overall business objectives.
Reliability of IT Systems Reliability of IT Systems
There are defined responsibilities for individuals responsible for implementing, documenting, testing, and approving changes to computer programs and systems. There is a regular back-up of application programs and data files.
CMA solutions can continuously monitor SOD, Financial Close, Order to Cash, Procure to Pay, System Configuration, Sensitive Transactions, and custom transactions in financial systems to ensure compliance is met and enforced. CMA solutions significantly reduce the effort of monitoring financial system controls by effectively utilizing existing staff. CMA solutions can assist in change control by monitoring financial application system settings.
10
11
The entity has a disaster recovery plan in place that allows for the timely recovery of information. The disaster recovery plan is tested regularly and is updated as the business changes.
12
Reliability of IT Systems Communication
There is a high level of user satisfaction with the IT systems, including reliability and timeliness of reports. Employee duties and control responsibilities are timely and effectively communicated.
CMA solutions are used by a broad scope of Fortune 1000 organizations.
13
14
Communication
Communication across the organization is adequate, complete and timely to enable people to perform their responsibilities effectively.
For the operations that CMA solutions monitor, appropriate alerting and reporting is performed to communicate any anomalies in the control environment.
15
Communication
There is an established channel of communication for people to report, anonymously when appropriate, suspected improprieties and management encourages employees to utilize such channels when necessary. Reported problems are investigated in a timely manner and disciplinary actions are taken when necessary. There are realistic mechanisms in place for employees to provide recommendations.
16 17
Communication Communication
Section 4 Entity Level Controls Monitoring

Monitoring is a process that assesses the quality of the entity's internal control performance over time. Effective monitoring is accomplished through ongoing monitoring activities, separate evaluations, or a combination of the two. Ongoing monitoring occurs in the course of operations and includes regular management and supervisory activities, and other actions personnel take in the performance of their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported throughout the organization with serious matters reported to top management and the board. The objective of monitoring is to detect and remediate control deficiencies throughout the entire system of internal control. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process. Checklist #4: Entity Level Controls Monitoring
COSO Attribute Point of Focus/ Control Objective Ability to Automate Description of Automation CMA solutions can continuously monitor SOD, Financial Close, Order to Cash, Procure to Pay, System Configuration, Sensitive Transactions, and custom transactions in financial systems to ensure compliance is met and enforced. CMA solutions can continuously monitor SOD, Financial Close, Order to Cash, Procure to Pay, System Configuration, Sensitive Transactions, and custom transactions in financial systems to ensure compliance is met and enforced. CMA solutions include remediation workflow to remediate SOD violations. This remediation includes applying compensating controls for exceptions.
Ongoing Monitoring
Management monitors relevant external and internal information and considers the impact on the control structure.
z z z z z z z z
Ongoing Monitoring
Procedures are in place to monitor when controls are overridden and to determine if the override was appropriate.
Ongoing Monitoring Ongoing Monitoring Ongoing Monitoring
Management takes appropriate action on exceptions to policies and procedures. Management responds timely to comments identified in management letters from the external auditor. Internal audit has the authority to review any aspect of the entity's operations.
CMA solutions enable audit to monitor 100% of financial system controls on a daily or weekly basis rather than a 5% sample performed on a quarterly basis. For the systems that CMA solutions support, control design, deployment and monitoring is designed to be operated by the business process owner (without IT intervention) which facilitates better controls as the same person who is responsible for the control owns the controls. Independent CMA solutions that are not sold by financial applications vendors provide independent verification of controls effectiveness.
Ongoing Monitoring
Controls are reviewed to ensure that they are being applied as expected.
Ongoing Monitoring Ongoing Monitoring
Internal audit is independent of the activities they audit.
Internal auditors are prohibited from having an operating role in the activities they monitor.
10
Ongoing Monitoring Reporting Deficiencies Reporting Deficiencies
Management is required to respond in a timely manner to the internal audit department's findings and recommendations. Internal and/or external audit comments and management responses are provided to the audit committee or board of directors. Complaints of improper financial matters by external parties such as suppliers or regulators are fully investigated and documented.
10
11
12
Reporting Deficiencies
Discrepancies that have been identified by customers are investigated and resolved.
z z z z z z z z
CMA solutions can not only identify discrepancies in financial applications but they can also identify the root cause of the discrepancy to enable a faster remediation of the issue.
13
Reporting Deficiencies Separate Evaluations
Controls that should have prevented or detected problems are reassessed when problems occur. Personnel with the requisite skills conduct evaluations of appropriate portions of the internal control system.
14
CMA solutions can automate the control testing for financial applications reducing the need for highly skilled personnel to manually conduct control testing. CMA solutions enable audit to monitor 100% of financial system controls on a daily or weekly basis rather than a 5% sample performed on a quarterly basis. CMA solutions enable audit to monitor 100% of financial system controls on a daily or weekly basis rather than a 5% sample performed on a quarterly basis.
15
Separate Evaluations
The frequency and scope of supervision and monitoring activities are appropriate to the size and nature of the entity.
16
Separate Evaluations
Supervisory personnel perform various random and structured reviews over the functioning of control procedures.
11
Section 5 Entity Level Controls Risk Assessment

Risk assessment is the component of the entitys internal controls that involve identifying and analyzing risks (both internal and external) relevant to achieving business objectives and objectives related to the preparation of reliable financial statements. The objective of the entity's risk assessment process is to establish and maintain an effective process to identify, analyze, and manage risks relevant to achieving business objectives and/or the preparation of reliable financial statements. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process.
Checklist #5: Entity Level Controls Risk Assessment

COSO Attribute 1 Entity-Wide Objectives Entity-Wide Objectives Entity-Wide Objectives Entity-Wide Objectives Activity-Level Objectives Activity-Level Objectives Risk Identification & Management Risk Identification & Management Risk Identification & Management Risk Identification & Management Risk Identification & Management Risk Identification & Management Risk Identification & Management Point of Focus/ Control Objective Management has a business planning process in place that examines existing objectives and establishes new objectives when necessary. Management establishes business plans and budgets with realistic goals, and incentives for achievement of plans are balanced. Objectives are communicated at the appropriate levels and are understood and adopted by the responsible parties. Management has established a process to periodically review and update entity-wide strategic plans and objectives. Activity-level objectives are linked with entity-wide objectives and strategic plans. Activity-level objectives are consistent with each other (e.g., objectives for the sales organization are consistent with the manufacturing organization). Management identifies risks related to each of the established objectives. Management has mechanisms in place to identify business risks resulting from entering new markets or lines of business or from offering new products and services. Management identifies financial reporting risks that result from operations or compliance with laws and regulations. Management identifies fraud risk factors, including management override of controls. Identifying risks includes estimating the significance of the risks identified, assessing the likelihood of the risks occurring, and determining the need for action. Risks are evaluated as part of the business planning process. Senior management develops plans to mitigate significant identified risks. Ability to Automate Description of Automation
z z z z z z z z z z z z z
12
10
11
12
13
14
Risk Identification & Management
The responsibilities and expectations for the entity's business activities and the entity's philosophy about identification and acceptance of business risk are clearly communicated to the executives in charge of separate functions.
z z z z z z z z
15
Risk Identification & Management Manage Change
Risks are reviewed periodically with the appropriate corporate governance functions (e.g., executive management, disclosure committee, audit committee, and legal). The business planning process includes a broad spectrum of personnel with collective knowledge of all areas of the entity.
16
17
Manage Change
The business planning process includes consideration of changes in the business environment, including the industry, competitors, the regulatory environment, and customers.
18 19
Manage Change Manage Change Manage Change Manage Change
Changes in risks are identified in a timely manner. Changes are appropriately communicated to the proper level of management (depending on the significance). Management has identified the resources needed to achieve the objectives and has plans to acquire the necessary resources. Budgets and forecasts are updated throughout the year to reflect changing conditions.
20
21
13
Section 6 Expenditure Process Controls

For most large organizations the procurement process generates thousands of transactions a day. Controllers and purchasing managers carry a serious responsibility to oversee these transactions and ensure that only legitimate payments are made. Sarbanes-Oxley has only increased the scrutiny with which auditors look at procurement related controls. Auditors demand evidence of strong controls when they test an organizations expenditure process controls. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process.
Checklist #6: Expenditure Process Controls

Business Activity 1 Purchasing Point of Focus/ Control Objective Purchase orders are placed only for approved requisitions. Ability to Automate Description of Automation CMA solutions can monitor purchase orders for appropriate approvals. CMA solutions can monitor master data and other key fields in purchase orders.
Purchasing
Purchase orders are entered accurately.
Purchasing
All purchase orders issued are input and processed. Purchasing has established and follows policies and procedures to qualify and evaluate vendors prior to becoming approved vendors. There is an approved/preferred vendor list that is maintained by the purchasing department. A threshold has been established for obtaining competitive bids and quotations for expenditures. After-the-fact POs are identified, tracked, and followed-up on regularly. Vendor performance (price, product quality, delivery, etc.) is monitored periodically. Purchase price variances are monitored to evaluate the effectiveness of the purchasing department. Justification for using sole source vendors is documented and approved by management. There is a contingency plan for alternative sources of supply with respect to sole source vendors. Unused/open purchase orders are reviewed periodically and investigated by individuals independent of the purchasing and receiving functions. Contents of incoming shipments, as listed on the packing slip or bill of lading, are compared to the physical product(s) received. Approved purchase orders are required for all receipts.
Purchasing
5 6
Purchasing Purchasing
Purchasing
8 9 10 11
Purchasing Purchasing Purchasing Purchasing
12
Purchasing
13
Receiving
14
Receiving
z z z z z z z z z z z z z z
CMA solutions can ensure that vendor policies such as credit limits are not violated.
CMA solutions can identify purchase orders that are issued after goods are received.
CMA solutions can identify open purchase orders independent of purchasing and receiving departments.
CMA solutions can identify goods received without purchase order.
14
15 16
Receiving Receiving
A sequentially numbered receiving report is generated for all items received. All receipts are physically processed and recorded timely in the relevant systems. The receiving department maintains a permanent record of original receiving documents (packing slips, bills of lading, and receiving reports). Written procedures exist identifying which inbound goods require inspection before being released to production. Rejected goods are clearly marked and segregated to prevent use. Rejected goods are promptly returned to the vendor for credit. There are procedures in place to ensure adequate cut-off of receipts at period end. Amounts posted to accounts payable represent goods or services received. Only original invoices are processed for payment.
17
Receiving
18
Receiving
19 20 21
Receiving Receiving Receiving Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable
22
23
24
Prices and extensions on invoices are checked for accuracy. Vendor discounts are taken in accordance with current cash management guidelines. Invoices processed for payment are marked/perforated to prevent duplicate processing/payment. System logic prevents duplicate invoices from being processed. Accounts payable amounts are accurately calculated and recorded. All amounts for goods or services received are input and processed to accounts payable in the appropriate period. Credit notes and other adjustments are accurately calculated and recorded. All valid credit notes and other adjustments related to accounts payable are input and processed in the appropriate period. Vendor invoices are matched to purchase order receiving information prior to payment. Disbursements are only made for goods and services received. Disbursements are distributed to the appropriate suppliers.
25
26
27
28
29
30
31
32
33
34
35
Disbursements are accurately calculated and recorded. All disbursements are recorded in the period in which they are issued.
36
z z z z z z z z z z z z z z z z z z z z z z
CMA solutions can identify goods returned pending credit.
CMA solutions can identify anomalies in accounts payable vs. goods received. CMA solutions can monitor changes to master data and identify duplicate payment of invoices.
CMA solutions can monitor master data information including vendor discounts.
CMA solutions can identify duplicate payments. CMA solutions can identify anomalies in accounts payable vs. goods received.
CMA solutions can perform 3-way matching to ensure that payments are not disbursed to invoices without matching purchase orders. CMA solutions can identify disbursements made without goods or services received. CMA solutions monitor master data so that appropriate supplier information is correct.
CMA solutions can identify disbursements made outside of the period they were issued.
15
37
38
Processing Accounts Payable Processing Accounts Payable Processing Accounts Payable Maintaining Vendor Master File Maintaining Vendor Master File Maintaining Vendor Master File Maintaining Vendor Master File Maintaining Vendor Master File Maintaining Vendor Master File
Accounts payable sub-ledger is reconciled to the general ledger at least monthly. Debit balances in the accounts payable subsidiary ledger are promptly investigated and, if necessary, refunds are obtained from vendors. All necessary accruals (received not vouchered) are computed and recorded at period end.
39
40
Only valid changes are made to the supplier master file. All valid changes to the supplier master file are input and processed. Changes to the supplier master file are accurate and are processed in a timely manner. Supplier master file data remains pertinent. Access to the vendor master file is limited to appropriate individuals. The functions to create vendor master file, prepare an invoice for payment, create the check run, sign and distribute checks are segregated.
41
42
43
44
z z z z z z z z z
CMA solutions monitor master data so that appropriate supplier information is correct. CMA solutions monitor master data so that appropriate supplier information is correct.
CMA solutions monitor access to vendor master file. CMA solutions monitor segregation of duty access controls to ensure changes to vendor master file, prepare invoice for payment, and distribution of checks are segregated.
45
16
Section 7 Fixed Assets Process Controls

For organizations in most industries the fixed assets represent one of the largest items on the balance sheet. Auditors require that companies have well controlled processes for recording, managing and retiring fixed assets. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process.
Checklist #7: Fixed Assets Process Controls

Business Activity Acquiring Fixed Assets Acquiring Fixed Assets Acquiring Fixed Assets Acquiring Fixed Assets Acquiring Fixed Assets Depreciating Fixed Assets Depreciating Fixed Assets Depreciating Fixed Assets Disposing of Fixed Assets Point of Focus/ Control Objective Ability to Automate Description of Automation CMA solutions monitor the proper security within the ERP to reduce unauthorized changes.
Recorded fixed asset acquisitions represent fixed assets acquired by the organization. Prior to the acquisition of any fixed asset, a capital authorization is obtained. Fixed asset acquisitions are accurately recorded in the appropriate period. All fixed asset acquisitions are recorded. Capital expenditure overruns are anticipated and properly approved.
2 3 4 5
Depreciation charges are valid.
7 8
Depreciation charges are accurately calculated and recorded. All depreciation charges are recorded in the appropriate period. Recorded fixed asset disposals represent actual disposals.
z z z z z z z z z z z z z z z
CMA solutions monitor the proper security within the ERP to reduce unauthorized changes.
10
Disposing of Fixed Assets Disposing of Fixed Assets Disposing of Fixed Assets Managing Fixed Assets Managing Fixed Assets Managing Fixed Assets
All fixed asset disposals are recorded.
CMA solutions monitor the proper security within the ERP to reduce unauthorized changes. CMA solutions monitor the proper security within the ERP to reduce unauthorized changes.
11
Fixed asset disposals (and related gain/loss) are accurately calculated and recorded. Fixed asset disposals (and related gain/loss) are recorded in the appropriate period. Records of fixed asset maintenance activity are accurately maintained. Fixed assets are adequately safeguarded. Fixed asset maintenance records are updated timely.
12
13 14 15
17
16 17
Managing Fixed Assets Managing Fixed Assets Managing Fixed Assets Maintaining Fixed Asset Register and/or Master File Maintaining Fixed Asset Register and/or Master File Maintaining Fixed Asset Register and/or Master File Maintaining Fixed Asset Register and/or Master File
The Fixed asset register is reconciled to the General Ledger on a regular basis. Management performs regular reviews for impairment of fixed assets. A physical inventory of fixed assets is taken periodically and reconciled to the fixed asset register and general ledger. Only valid changes are made to the fixed asset register and/or master file.
18
19
z z z z z z z
20
All valid changes to the fixed asset register and/or master file are input and processed accurately.
CMA solutions monitor master data files and General Ledger to ensure only valid changes are made. CMA solutions monitor master data files and general ledger to ensure only valid changes are made.
21
Changes to the fixed asset register and/or master file are processed in a timely manner.
22
Access to transactions such as depreciation, purging fixed assets, changing the fixed asset register and master data should be reviewed on a regular basis
CMA solutions monitor sensitive transaction access control to ensure that the appropriate people have access to such transactions.
18
Section 8 Inventory Management Process Controls

Inventory both raw materials and work-in-progress represents a significant asset for most companies. Auditors demand evidence that inventory on the books is salable and that well controlled processes exist for accounting for inventory as it moves through the supply chain. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process.
Checklist #8: Inventory Management Process Controls

Business Activity 1 2 Managing Inventory Managing Inventory Point of Focus/ Control Objective Inventory is salable or usable. Inventory is adequately safeguarded. Adjustments to inventory prices or quantities relate to valid price changes and physical inventory differences. All adjustments to inventory prices or quantities are recorded accurately. Adjustments to inventory prices or quantities are recorded in a timely manner and in the appropriate period. Raw materials are received and accepted only if they have valid purchase orders. Raw materials received are recorded accurately. Ability to Automate Description of Automation
Managing Inventory
CMA solutions monitor access to change prices ensuring only authorized users can change prices. CMA solutions monitor access to change prices or quantities ensuring only authorized users can change prices.
Managing Inventory
Managing Inventory Receiving and Storing Raw Materials Receiving and Storing Raw Materials Receiving and Storing Raw Materials Receiving and Storing Raw Materials Receiving and Storing Raw Materials Requisitioning Materials
CMA solutions can identify materials without valid purchase orders. CMA solutions monitor access to receive and record materials ensuring only authorized users can perform transactions.
All raw materials received are recorded. Receipts of raw materials are recorded timely and in the appropriate period. Defective raw materials are returned timely to suppliers. All transfers of raw materials to production are recorded accurately and in the appropriate period. All recorded production costs are consistent with actual direct and indirect expenses associated with production. All direct and indirect expenses associated with production are recorded as production costs. All direct and indirect expenses associated with production are recorded accurately and in the appropriate period.
10
11
12
Producing/Costing Inventory
CMA solutions monitor access to record production costs ensuring only authorized users can perform transactions.
13
Producing/Costing Inventory Producing/Costing Inventory
14
19
15
All transfers of completed units of production to finished goods inventory are recorded completely and accurately in the appropriate period. All defective products and scrap resulting from the production process are valid and recorded completely and accurately in the appropriate period. Finished goods returned by customers are recorded completely and accurately in the appropriate period. Finished goods received from production are recorded completely and accurately in the appropriate period. Goods received from production or returned by customers are only accepted in accordance with the organizations policies. All shipments are recorded accurately. Shipments are recorded timely and in the appropriate period. Inventory is relieved only when goods are shipped with approved customer orders. Costs of shipped inventory are transferred from inventory to cost of sales. Costs of shipped inventory are recorded accurately.
z z z z z z z z z z z z z z z z z z
CMA solutions monitor access to record transfers of completed units ensuring only authorized users can perform transactions. CMA solutions monitor access to record transfers of completed units ensuring only authorized users can perform transactions.
16
17
Handling Finished Products Handling Finished Products Handling Finished Products Shipping Finished Products Shipping Finished Products Shipping Finished Products Shipping Finished Products Shipping Finished Products
18
19
20
CMA solutions monitor access to record transfers of completed units ensuring only authorized users can perform transactions. CMA solutions monitor access to goods received ensuring only authorized users can perform transactions. CMA solutions monitor access to shipping ensuring only authorized users can perform transactions.
21 22 23
CMA solutions can identify shipments without valid customer orders.
24
CMA solutions monitor access to shipping ensuring only authorized users can perform transactions. CMA solutions monitor access to shipping ensuring only authorized users can perform transactions.
25
Shipping Finished Products Shipping Finished Products Maintaining Inventory Master File Maintaining Inventory Master File Maintaining Inventory Master File Maintaining Inventory Master File Maintaining Inventory Master File
Amounts posted to cost of sales represent those associated with shipped inventory. Costs of shipped inventory are transferred from inventory to cost of sales timely and in the appropriate period. Only valid changes are made to the inventory management master file. All valid changes to the inventory management master file are input and processed. Changes to the inventory management master file are accurate.
26
27
CMA solutions can monitor the master file and identify unauthorized changes. CMA solutions can monitor the master file and identify unauthorized changes. CMA solutions monitor access to inventory management master data ensuring only authorized users can perform transactions.
28
29
30
Changes to the inventory management master file are processed timely. Inventory management master file remains pertinent. Periodic inventory counts are performed to confirm inventory records. Selection of items for count is segregated from performing the count, which is in turn segregated from recording the count. System count is reflected on cycle count worksheets (e.g. Blind counts are performed).
31
32
Inventory Accounting
20
33
Physical counts verify quantities on hand. Written instructions are used by physical count personnel that provide guidance on timing of the count, number and composition of the count teams, areas of responsibility, how to perform and record the physical counts and count sheet control. Discrepancies between physical counts and perpetual inventory records are researched prior to posting any adjustments to the perpetual and/or accounting records. Inventory count crews are supervised. Receiving/shipping during physical counts is controlled. Perpetual records are reconciled to physical counts. Perpetual/physical is reconciled to the general ledger. Procedures are in place to adjust slow moving, obsolete, or damaged items to their expected realizable value. Access to transactions such as inventory received, recording defective goods, shipping inventory and master data should be reviewed on a regular basis
z z z z z z z z z
CMA solutions monitor segregation of duties access controls to ensure changes to inventory received, recording defective goods, shipping inventory and master data are segregated.
34
35
36 37 38 39 40
Inventory Accounting Inventory Accounting Inventory Accounting Inventory Accounting Inventory Accounting Inventory Accounting
41
21
Section 9 Payroll Process Controls

Payroll is the largest monthly expenditure for most companies, yet few have effective ways to ensure proper business controls are in place and are monitored. Discrepancies resulting from poorly-controlled processes whether mistakes or fraud can have a serious impact on a companys financial statements. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process.
Checklist #9: Payroll Process Controls

Business Activity 1 2 3 4 Hiring Personnel Hiring Personnel Terminating Personnel Terminating Personnel Point of Focus/ Control Objective Additions to the payroll master files represent valid employees. All new employees are added to the payroll master files. Terminated employees are removed in a timely manner from the payroll master files. Employees are only terminated within statutory and/or union requirements. Ability to Automate Description of Automation CMA solutions monitor changes to employee master data.
CMA solutions can check for expired employee status.
Terminating Personnel
Deletions from the payroll master files represent valid terminations.
CMA solutions can monitor access to the master data file and ensure only authorized access which reduces master file data errors.
6 7 8 9 10 11
Recording Time Recording Time Recording Time Calculating Payroll Calculating Payroll Disbursing Payroll Disbursing Payroll Disbursing Payroll Maintaining Payroll Master Files
Time and attendance data recorded reflects actual time worked and is authorized. Time worked is accurately input and processed. Time worked is processed in a timely manner. Payroll is recorded in the appropriate period. Payroll (including compensation and withholdings) is accurately calculated and recorded. Payroll disbursements and recorded payroll expenses relate to actual time worked.
CMA solutions can monitor out postings made out of period.
12
Payroll is disbursed to appropriate employees.
CMA solutions can check for expired employee status to ensure terminated employees are not receiving payroll.
13
Payroll registers are reviewed and approved before payroll is generated.
14
Only valid changes are made to the payroll master files.
22
15
16
17
Maintaining Payroll Master Files Maintaining Payroll Master Files Maintaining Payroll Master Files Maintaining Payroll Master Files Managing Payroll Accounting Managing Payroll Accounting
All valid changes to the payroll master files are input and processed.
z z z z z z
Changes to the payroll master files are accurate.
Changes to the payroll master files are processed timely.
18
Access to the payroll master files is appropriately limited.
19
Payroll related accruals/provisions reflect the existing business circumstances and economic conditions in accordance with the accounting policies being used. All payroll sub-ledgers and payroll-related bank accounts are reconciled to the general ledger at least monthly.
20
23
Section 10 Revenue Process Controls

Managing sales orders, ensuring that orders are taken and delivered on time, payment is collected quickly and revenue recognition conditions are met directly impacts the integrity of a companys financial reports. For large companies this can involve thousands of transactions a day. Last-minute orders, incorrect changes to master data and inappropriate returns can result in thousands of discrepancies. Small mistakes, such as over-extended credit and incorrectly recorded receivables can add up and cause serious concern when it comes time to close the books. In fact, revenue recognition issues are one of the most common reasons for deficiencies in internal controls. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process.
Checklist #10: Revenue Process Controls

Business Activity Managing and Processing Orders Point of Focus/ Control Objective Credit reviews are required prior to entering into customer contracts. In determining the appropriate credit line, the following factors have been considered: the customers purchasing requirements, historical information about the company, credit ratingindications, quantitative (financial) evaluation, and qualitative (non-financial) factors. Credit ratings and line of credits are established utilizing a consistent methodology. Orders are only processed within approved customer credit limits. Orders are approved by management as to prices and terms of sale. There is a policy for handling non-standard terms and conditions including appropriate management approval. Orders and cancellations of orders are input accurately. System logic prevents orders from being processed for invalid customers, customers that are on credit hold, or if the sales order puts the customer's credit balance in excess of their established credit limit. Order entry data is transferred completely and accurately to the shipping and invoicing activities. All, and only, valid orders received from customers are input and processed. The shipping function is properly segregated from the invoicing and accounts receivable functions. Ability to Automate Description of Automation
CMA solutions can check if credit limits for existing customers have been exceeded. CMA solutions can check if appropriate approvals have been attained.
Managing and Processing Orders
Managing and Processing Orders Managing and Processing Orders Managing and Processing Orders Managing and Processing Orders Managing and Processing Orders
CMA solutions can monitor access control to managing and processing orders so that only authorized transactions can be performed which reduces errors. CMA solutions can monitor orders that may be processed for invalid customers, on credit hold or exceeding their credit limit.
Managing and Processing Orders Managing and Processing Orders Managing and Processing Orders Shipping
10
CMA solutions can identify invalid orders. CMA solutions can monitor access control to invoicing and accounts receivable functions to ensure segregation of duties.
11
24
12
Shipping
There are standard policies and procedures and they are followed by personnel. Sequentially numbered shipping documents (BOL, customs forms, ASN, etc.) are prepared for all items shipped. The daily shipping register is reconciled against orders shipped. Shipped orders are transferred for invoicing promptly. Period-end procedures exist and are followed to ensure proper cutoff of shipping activity. Invoices are generated using authorized terms and prices. Invoices are accurately calculated and recorded.
13
Shipping
14 15 16
Shipping Shipping Shipping Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments Invoicing, Sales Returns and Adjustments
17
18
19
All goods shipped are invoiced.
20
Invoices relate to valid shipments.
21
All invoices issued are recorded.
22
Invoices are recorded in the appropriate period.
z z z z z z z z z z z z z z z z z z z z
CMA solutions can identify invoices with terms that fall outside the scope of authorized terms and prices.
CMA solutions can identify goods shipped with no invoice. CMA solutions can identify invoices with no goods shipped.
CMA solutions can identify invoices posted out of period. CMA solutions can monitor access control to credit notes and adjustments to accounts so that only authorized transactions can be performed which reduces errors. CMA solutions can identify credit notes and adjustments with terms that fall outside the scope of authorized credit and adjustments. CMA solutions can identify credit notes with no goods returned.
23
Credit notes and adjustments to accounts receivable are accurately calculated and recorded. Credit notes for all goods returned and adjustments to accounts receivable are issued in accordance with organization policy. All credit notes relate to a return of goods or other valid adjustments. All credit notes issued are recorded. Credit notes issued are recorded in the appropriate period. Accounts Receivable reflects the existing business circumstances and economic conditions in accordance with the accounting policies being used. Sales and Accounts Receivable information is appropriately presented, and all information that is necessary for fair presentation and compliance with professional standards or legal requirements is disclosed. Cash receipts are recorded in the period in which they are received. Cash receipts data are entered for processing completely and accurately.
24
25
26
27
28
29
Invoicing, Sales Returns and Adjustments
CMA solutions can identify exceptions to sales and accounts receivable policies as well as ensure proper segregation of duties for access to sales and accounts receivables systems. CMA solutions can identify cash receipts posted out of period. CMA solutions can monitor access control to cash receipts so that only authorized transactions can be performed which reduces errors.
30
Processing Cash Receipts Processing Cash Receipts
31
25
32 33 34 35 36 37
Processing Cash Receipts Processing Cash Receipts Processing Cash Receipts Processing Cash Receipts Processing Cash Receipts Processing Cash Receipts Managing Accounts Receivable Managing Accounts Receivable Managing Accounts Receivable Managing Accounts Receivable Managing Accounts Receivable Managing Accounts Receivable
Cash receipts data are valid and are entered for processing only once. Checks are manually logged with customer name, date and amount when received. Checks are restrictively endorsed immediately upon receipt. Checks are physically secured until deposited. Cash discounts are accurately calculated and recorded. Unapplied cash receipts are reviewed and resolved promptly. Timely collection of accounts receivable is monitored. All A/R accounts and sub-ledgers are reconciled to the general ledger at least monthly. The A/R aging is reviewed at least monthly for past-due accounts and unusual items and these items are followed up on a timely basis. Bank reconciliations are prepared and reviewed timely. The allowance for doubtful accounts is reviewed and adjusted (if necessary) at least quarterly for potential uncollectible accounts. Write-off policies and procedures have been established and adhered to.
38
39
40
41
42
43
z z z z z z z z z z z z z z z z
CMA solutions can identify duplicate cash receipts.
44
Maintaining Customer Master File
Only valid changes are made to the customer master file.
CMA solutions monitor access and transaction changes to the master file to ensure only appropriate people have access to the file and only appropriate changes are made to the file.
45
46
Maintaining Customer Master File Maintaining Customer Master File
All valid changes to the customer master file are input and processed. Changes to the customer master file are accurate and processed timely.
47
Maintaining Customer Master File
Customer master file data remains pertinent.
CMA solutions monitor access and transaction changes to the master file to ensure only appropriate people have access to the file and only appropriate changes are made to the file.
26
Section 11 Treasury Process Controls

Effective controls for managing cash receipts, disbursements and loans is critical to the integrity of a companys financial reporting. The following checklist highlights the key areas of focus, which auditors test and indicates where there are opportunities to automate processes as part of a continuous audit process. Checklist #11: Treasury Process Controls
Business Activity 1 2 3 4 5 6 7 8 9 Borrowing Borrowing Borrowing Borrowing Borrowing Borrowing Borrowing Borrowing Borrowing Managing Cash and Investments Managing Cash and Investments Managing Cash and Investments Managing Cash and Investments Managing Cash and Investments Point of Focus/ Control Objective Recorded debt represents a valid liability of the organization. Borrowings are recorded accurately as to amounts and terms. All borrowings are recorded in the appropriate period. All interest is accurately calculated and recorded in the appropriate period. Recorded loan repayments are valid. Loan repayments are accurately recorded. All loan repayments are recorded in the appropriate period. Loans are repaid in accordance with the terms of the loan. The organization complies with loan covenants. Ability to Automate Description of Automation
10
Cash receipts are reconciled to general ledger postings daily.
11
Recorded investments represent assets of the organization.
12
Investment purchases, sales, and maturities are accurately recorded.
13
All investment transactions are recorded in the appropriate period.
14
All investment income is accurately calculated and recorded in the appropriate period.
27
15
Managing Cash and Investments Managing Derivative Transactions Managing Derivative Transactions Managing Derivative Transactions Managing Derivative Transactions Managing Derivative Transactions Managing Derivative Transactions Managing Derivative Transactions Managing Derivative Transactions Managing Derivative Transactions Managing Derivative Transactions Managing Derivative Transactions Cash Accounting Cash Accounting Cash Accounting Cash Accounting
Bank reconciliations are prepared and reviewed in a timely manner.
16
Senior management has an understanding of the organization's derivative activities. Recorded derivative transactions represent assets or liabilities of the organization. Disclosed off-balance sheet derivative transactions represent valid transactions.
17
18
19
Derivative transactions are accurately recorded.
20
Disclosed off-balance sheet derivative transactions are properly presented.
21
All derivative transactions are recorded in the financial statements.
22
All off-balance sheet derivative transactions are disclosed in the financial statements.
23
Derivative transactions are recorded in the appropriate period.
24
Off-balance sheet derivative transactions are recorded in the financial statements in the appropriate period. All investment income on derivative transactions is accurately calculated and recorded in the appropriate period. All interest expense on derivative transactions is accurately calculated and recorded in the appropriate period. Reconciliations of all cash and investment accounts are performed monthly. Appropriate segregation of duties is established for the input, release and reconciliation of wire transfers and daily cash activity. All bank accounts have been authorized by Corporate treasury. Appropriate procedures are established to ensure signers on bank accounts are properly removed from termination.
25
26
27
28
29
30
z z z z z z z z z z z z z z z z
28
31
Cash Accounting Cash Accounting Cash Accounting Cash Accounting Cash Accounting
Policy has been established which defines appropriate Petty Cash amounts, usage, required approvals and replenishment procedures. Petty cash accounts are reconciled to the general ledger at least monthly. Only miscellaneous items less than a pre-defined amount are paid through petty cash. All payments are supported with appropriate documentation and are reviewed for reasonableness. The cash balances in the petty cash funds are reconciled and reviewed by an independent person monthly
32 33 34
35
z z z z z
29
Section 12 SOX Checklist

Checklist #12 - SOX Policy Evaluation Checklist
Financial Statement Balance Sheet Assets Cash & Cash Equivalents Cash receipts Bank account reconciliations Banking policy and relationships Cash disbursements/manual checks Check signing requirements Outstanding checks General cash Petty cash Deposits Investment responsibility Foreign currency translation Fair value of financial instruments Derivatives policy Investments in associated companies Functional currency Hedging guidelines Investment portfolio composition General accounts receivable Credit memos Allowance for doubtful accounts/credit risk Credit risk Credit balances Customer deposits Records maintenance Invoice billings AFE's Acquisitions and dispositions Assets of discontinued operations Disposals Asset retirement obligations Reconciliations Physical asset security General property and equipment Inventory Inventory accounting Physical inventory procedures Multi-client library Goodwill and intangible assets Other long-lived assets Other current assets (pre-paid expenses, inventory, spares, deferred costs, advances) Software costs General other assets Area of Significance Financial Statement Element Policy
Investments/ Foreign Exchange
Accounts Receivable
Property and Equipment
Other Assets
30
Liabilities Accounts Payable Accounts payable Competitive bids Request for proposal Purchase requisitions Purchase orders Contracts Purchasing procedures Vendor selections Vendor file maintenance Equipment rentals General Accrued expenses (employee benefits, debt restrictions, vessel operations, interest, severance, advances) Deferred revenue Allowance for bad debts Bank overdrafts Income taxes Accrued employee compensation Deferred taxes Warranties General Long-term debt (Approval, debt issuance cost, accounting for current maturities) Subsidiaries with separate debt Operating and capital lease obligations Short-term debt Capital stock Stock transactions Revenue recognition Revenue reporting Cost of sales Third party reimbursable expenses Payroll Operating income (expense) Capitalization Depreciation and amortization Research and development Selling, general and administrative costs Travel and entertainment Impairment of long-lived assets Steaming and mobilization Income (loss) from associated companies Interest expense/income Minority expense Results of discontinued operations Insurance Other expenses Fiscal adjustments
Other Liabilities
Debt
Stockholders' Equity Income Statement Revenues Expenses
31
General Financial Management Chart of accounts Consolidation Segment reporting and disclosures Reporting packages Business combinations Period-end financial reporting Month-end closing procedures Reconciliations Inter-company allocations Variable interest entities Commitments and contingencies Related parties Disclosures Process change control Unusual transactions Budgeting and forecasts Release of financial/ confidential information Journal entry Employment (hiring, promotion) policies Employee benefits Compensation / Payroll Termination Performance appraisals Executive compensation Incentive compensation Employee handbook Attendance, holidays, vacation, sick leave Relocation payments Internal transfers Family & medical leave Americans with Disabilities Act Share-based compensation plans Fair employment practices Orientation and training Employment verifications / background check Equal opportunity Sexual harassment / other harassment New employee processing Hiring of consultants / contractors Personnel files and records Information security Systems change policy Software licensing Electronic information (e-mail) systems Trade shows Workplace rules, safety and health Disaster management / business resumption Corporate credit cards Use of company vehicles Magazine subscriptions
Human Resources
Information Technology
Other
32
Corporate Governance
General
Board of Directors
Internal Audit
Record retention, storage and disposal Ethics hotline and policy on handling of complaints US Antitrust Law Compliance Delegation of authority Code of Conduct Entertainment and gifts Insider trading Related party transactions Conflict of interest Foreign corrupt practices act Personal loans to directors and executive officers Corporate governance guidelines Audit committee charter Remuneration committee charter Internal audit charter Pre-approval of audit and non-audit services
33
ABOUT APPROVA
Approva Corporation is the industry-leading provider of continuous controls monitoring and audit software. We enable business, finance, IT and audit professionals to automate the ondemand testing, closed-loop remediation and continuous, exception-based monitoring of controls within and across their business systems. Using our solutions, customers are able to significantly increase visibility into their controls, streamline the audit process, cost-effectively sustain their compliance initiatives and reduce exposure to mistakes, fraud and inefficiencies for business processes such as procurement, sales and delivery, payroll and financial close. In addition, our automated solutions act as key preventative and detective controls, further strengthening our customers financial and operational control environments. Global companies such as Campbell Soup Company, Colgate-Palmolive, the Commonwealth of Pennsylvania, DirecTV, Discovery Communications, McCormick & Company, P&G, Pratt & Whitney, Siemens and Wyndham Hotels & Resorts rely on Approva BizRights Platform and Enterprise Controls Suite to reduce compliance risk, increase operational efficiency and flag exceptions to their business controls. For more information: Website: www.approva.net Information: info@approva.net Sales: sales@approva.net
34

Audit Checklists PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Audit Checklists PDF

Uploaded by

Copyright:

Available Formats

Audit Checklists & Continuous Auditing for Financial Close and Sarbanes-Oxley (SOX) Audit Procedures

Section 1 Financial Close Process

Checklist #1: Financial Close Process

The standard corporate reporting format is utilized.

Access to accounting and reporting applications is limited to the appropriate individuals.

Section 2 Entity Level Controls - Control Environment

Checklist #2: Entity Level Controls - Control Environment

Integrity & Ethical Values

Assignment of Authority & Responsibility

Employees are empowered, when appropriate, to correct problems or implement improvements.

Job performance is periodically evaluated and reviewed with each employee.

Section 3 Entity Level Controls - Information & Communication

Information Availability Information Availability Information Availability

Reliability of IT Systems Reliability of IT Systems

Reliability of IT Systems Communication

CMA solutions are used by a broad scope of Fortune 1000 organizations.

Section 4 Entity Level Controls Monitoring

Ongoing Monitoring Ongoing Monitoring Ongoing Monitoring

Ongoing Monitoring Ongoing Monitoring

Internal audit is independent of the activities they audit.

Ongoing Monitoring Reporting Deficiencies Reporting Deficiencies

Reporting Deficiencies Separate Evaluations

Section 5 Entity Level Controls Risk Assessment

Checklist #5: Entity Level Controls Risk Assessment

Risk Identification & Management

Risk Identification & Management Manage Change

Manage Change Manage Change Manage Change Manage Change

Section 6 Expenditure Process Controls

Checklist #6: Expenditure Process Controls

Purchase orders are entered accurately.

Purchasing Purchasing Purchasing Purchasing

CMA solutions can identify goods received without purchase order.

CMA solutions can identify goods returned pending credit.

Section 7 Fixed Assets Process Controls

Checklist #7: Fixed Assets Process Controls

Depreciation charges are valid.

All fixed asset disposals are recorded.

Section 8 Inventory Management Process Controls

Checklist #8: Inventory Management Process Controls

Producing/Costing Inventory Producing/Costing Inventory

CMA solutions can identify shipments without valid customer orders.

Section 9 Payroll Process Controls

Checklist #9: Payroll Process Controls

CMA solutions can check for expired employee status.

Deletions from the payroll master files represent valid terminations.

CMA solutions can monitor out postings made out of period.

Payroll is disbursed to appropriate employees.

Payroll registers are reviewed and approved before payroll is generated.

Only valid changes are made to the payroll master files.

Changes to the payroll master files are accurate.

Changes to the payroll master files are processed timely.

Access to the payroll master files is appropriately limited.

Section 10 Revenue Process Controls

Checklist #10: Revenue Process Controls

Managing and Processing Orders

All goods shipped are invoiced.

Invoices relate to valid shipments.

All invoices issued are recorded.

Invoices are recorded in the appropriate period.

Invoicing, Sales Returns and Adjustments

Processing Cash Receipts Processing Cash Receipts

CMA solutions can identify duplicate cash receipts.

Maintaining Customer Master File