Control environment

By Ricardo Harrison,2014-08-09 11:47
9 views 0
Control environment

Control Environment and Organizational Structure

    The term control environment refers to an entity’s “corporate culture”, showing how much the entity’s leaders value ethical behavior and internal control. The key element in a favorable control environment is management’s attitude, as demonstrated through its actions and example. The

    control environment is the foundation of the COSO internal control framework. It provides discipline and structure while encompassing both technical competence and ethical commitment. Management’s “tone at the top” sets the standard for the entire entity since even the best policies and procedures can not overcome the force of a bad example. A favorable control environment requires that management communicate the importance of internal controls to staff at all levels.

     Control Objectives:

    1. Management emphasizes the importance of internal control through its attitude, actions,

    and values, and communicates this tone to all employees.

    2. Management adheres to a code of conduct and other policies regarding acceptable

    business practices, conflicts of interest, or expected standards of ethical and moral

    behavior, and communicates these policies to all employees.

    3. Management takes appropriate disciplinary action in response to departures from

    approved policies and procedures or violations of the code of conduct.

    4. A strategic plan and mission statement are in place to provide guidance and assistance

    to management.

    5. Financial polices and procedures for authorization and approval of transactions are in

    place and communicated to all applicable employees.

    6. Organizational structure is clearly defined and up-to-date, with the appropriate reporting

    relationships established and communicated to all employees.

    7. Appropriate controls are in place to monitor and review operations and programs.

    8. Qualified and properly trained personnel are hired to help ensure control procedures are

    followed and resources are used efficiently.

    9. Current job descriptions are established detailing the responsibilities and qualifications for

    each position.


Questionnaire Objective: To obtain sufficient knowledge of the entity’s control environment to

    understand management's and the governing body's attitude, awareness and actions concerning the following factors of the control environment:

A. Integrity and Ethical Values

    B. Commitment to Competence

    C. Governing Body/Audit Committee

    D. Management Philosophy and Operating Style

    E. Organizational Structure

    F. Methods of Assigning Authority and Responsibility

    G. Personnel Policies and Practices

A. Integrity and Ethical Values: Yes No N/A Comments

     1. Does previous experience with the entity indicate

    financial integrity among management and personnel?

     2. Has a code of conduct been adopted that addresses

    acceptable business practices?

     3. Does the code of conduct address policy for potential

    conflicts of interest?

    Page 1 of 5


    Control Environment and Organizational Structure

    A. Integrity and Ethical Values: Yes No N/A Comments

     4. Are these policies adequately communicated to employees?

     5. Do management and staff comply with the department's policies and procedures?

     6. Does management discuss internal controls at

    management and other staff meetings?

     7. Does the entity have an updated internal control plan?

     8. Is the internal control plan communicated to applicable personnel?

     9. Does management reward employees for following good internal control practices?

     10. Is there a procedure in place for employees to report suspected violations of policies?

     11. Does management take appropriate disciplinary action when necessary to enforce the code of conduct?

     12. Is the entity aware of applicable federal or state grant

    provisions and requirements?

     13. Does the entity know to follow the applicable federal

    grant guidelines if they are more stringent than the entity’s normal policies and procedures?

     14. Do significant pressures exist to not exceed budgeted

    amounts because of taxpayer initiatives, election promises, or similar political considerations?

     B. Commitment to Competence: Yes No N/A Comments

     1. Does previous experience with the entity indicate competence among management and key personnel?

     2. Does the entity define the tasks that make up a particular job?

     3. Does the entity analyze and document the knowledge

    and skills needed to perform jobs?

     4. Does the entity provide for applicable training of its employees?

     5. Are the personnel responsible for ensuring compliance with federal and state laws, knowledgeable and experienced in administering these programs?

     6. Do accounting personnel have the background, education and experience appropriate for their duties?

     7. Do accounting personnel appear to understand the duties and procedures applicable to their jobs?

     8. Do accounting personnel appear to have sufficient expertise in selecting and applying applicable accounting principles?

     9. Do accounting supervisors appear to have sufficient expertise to review accounting transactions for accuracy and compliance with rules and regulations?

     10 Do accounting supervisors frequently prepare reports or reconciliations to verify the accuracy of financial

    transactions processed?

    Page 2 of 5


Control Environment and Organizational Structure

    C. Governing Body/Audit Committee: Yes No N/A Comments

     1. Does a governing body exist? If yes: (Answer A-C)

     A) Are there regular meetings of the governing

    body to set policies and objectives and review

    the entity’s performance?

     B) Are the minutes of such meetings prepared and

    signed on a timely basis?

     C) Has the governing body been informed about

    and approved all of the federal and state grants

    the entity is to or has received?

     2. Does an audit committee exist? If yes: (Answer A-D)

     A) Does the audit committee represent an

    informed, vigilant and effective overseer of the

    financial reporting process and the entity's

    internals control structure?

     B) Has the governing body written a charter for the

    audit committee, outlining its duties and


     C) Does the audit committee assist the governing

    body in maintaining a direct line of

    communication with the entity's internal and

    external auditors?

     D) Does the audit committee have resources and

    authority to discharge their responsibilities?

    D. Management Philosophy and Operating Style: Yes No N/A Comments

     1. Does the entity have a mission statement, objectives

    and goals?

     2. Is this information communicated to applicable


     3. Are management and operating decisions determined at

    appropriate levels?

     4. Does management ask employees for their suggestions

    on how to improve processes?

     5. Has management given a high priority to its internal

    control structure?

     6. Does management emphasize meeting the budget

    and/or other financial and operating goals?

     7. Does management take an active role in the financial

    reporting of the entity?

     8. Is the entity meeting its financial obligations?

     9. Does management review audit recommendations and

     take appropriate corrective action?

     10. Is management willing to adjust the financial statements

    for misstatements that approach a material amount?

     11. Is there a plan for the future development of new

    information systems and acquisition of hardware?

     12. Is this plan reviewed and approved by senior

     management within the office, division or department?

     13. Does management review audit recommendations and

     take appropriate corrective action?

    Page 3 of 5


    Control Environment and Organizational Structure

    E. Organizational Structure: Yes No N/A Comments

     1. Is there an organization chart clearly defining the lines of management authority and responsibility?

     2. Is the organization chart current and accurate?

     3. Is the organizational structure appropriate for the size

    and complexity of the entity?

     4. Are there formalized policies and procedures for all major operations of the entity?

     5. Are policies and procedures for authorizations established at a reasonably high level?

     6. Does the governing body and management stress

    adherence to such policies and procedures?

     7. Have specific line of authority and responsibility been established to ensure compliance with federal and state laws and regulations?

    F. Methods of Assigning Authority and Responsibility: Yes No N/A Comments

     1. Is there a clear assignment of responsibility and delegation of authority to deal with such matters as organizational goals and objective, operating functions and regulatory requirements?

     2. Is management actively involved in supervision of the various functions?

     3. Are channels of communications (from top down and from bottom up) being utilized?

     4. Has fiscal authority been formally delegated to specific management personnel?

     5. Does management understand the concept and

    importance of internal controls, including the division of responsibility?

     6. Has management clearly communicated the scope of the authority and responsibility to deal with information system management?

     7. Has the entity identified an individual that is responsible for coordinating the various federal and state programs within the entity?

     8. Do you perform periodic audits of sub recipient financial

     operations in compliance with OMB Circulars A-110 or

    A-133 regulations?

     9. If independent audits of sub recipients are performed,

    do you require their submission for your review?

    G. Personnel Policies and Practices: Yes No N/A Comments

     1. Does management check credentials and references of

    new employees?

     2. Are confidentiality agreements required for employees who come in contact with confidential information?

     3. Does the workload of the accounting employees facilitate the preparation of reliable accounting records?

     4. Is turnover of key fiscal personnel relatively low?

     5. Are vacations mandatory for financial personnel?

     6. Are duties rotated when employees are on vacation?

    Page 4 of 5


    Control Environment and Organizational Structure

    G. Personnel Policies and Practices: Yes No N/A Comments

     7. Are policies regarding personal use of computer equipment and software clearly stated?

     8. Does the entity have an information security officer?

     9. Does the entity have a formal information systems security policy?

     10. Are information system policies and expectations clearly communicated to all employees?

     11. Does the workload permit information system personnel to perform their internal control responsibilities?

     12. Is the information system work force relatively stable (low turnover)?

     13. Is there a policy regarding ownership of in-house

    developed software and data?

     14. Do the information system personnel practices include policies to maintain security upon termination of employment?

     15. Are there written job descriptions for each employee (including information system personnel) delineating specific duties, reporting relationships, and constraints?

     16. Does management ensure compliance with the department’s personnel policies and procedures concerning hiring, training, promoting, and compensating employees?

     17. Are sufficient training opportunities available to improve competency and update employees on new policies and procedures?

     18. Are employees cross-trained to ensure the uninterrupted performance of personnel functions?

    Page 5 of 5


Report this document

For any questions or suggestions please email