Control Self Assessment framework, resources, tools and materials designed to help you apply control self assessment techniques to internal audit and risk management are available with a subscription to KnowledgeLeader.
Self assessment or risk self assessment is a tool for acquiring information about business process risks, while empowering the process owners to take responsibility for identifying and mitigating those risks.
As a subscriber you have access to the following:
Accounts Payable – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an accounts payable audit. It is intended to help the internal audit department understand existing accounts payable business processes and management's view of the internal control environment.
Audit Committee Self-Assessment Questionnaire
The self-assessment process is an important exercise for audit committees to complete as they are responsible for important activities such as the quality and integrity of a company’s accounting practices and controls and compliance with legal and regulatory requirements. This is a sample self-assessment questionnaire for audit committees to use when evaluating their current involvement in a company’s control environment.
Billing, Accounts Receivable, Credit, and Collections – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit of the billing, accounts receivable, credit, and collections process. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment.
Business Self Assessment Methodology
Business Self-Assessment is Protiviti's dynamic self-assessment approach that leverages organizational knowledge to improve business performance at the entity or process level. Utilizing risk as its foundation, BSA uniquely integrates the assessment of strategic objectives, risks, controls and process-improvement opportunities.
Close The Books – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment.
Control Monitoring Quality Assessment Memo - Sample
This is an example of an internal audit quarterly assessment of ongoing controls monitoring processes. This review encompassed processes in place during the quarter and remediation actions taken on identified control deficiencies. This memo provides an overview of the work performed and corresponding audit findings.
Control Transition Policy
The purpose of this policy is to set forth the procedures for ensuring the continued integrity of a company’s system of internal controls. Steps in this policy focus on the timely transition of internal control responsibilities when needed; the continued and ongoing execution of key controls; and that internal control documentation is maintained throughout the year to reflect actual controls in place and responsible individuals.
Control Self-Assessment Questionnaire
In complying with the Sarbanes-Oxley Act, it is management’s responsibility to design, adhere to and monitor the significant operating and financial controls of the organization. This short self-assessment questionnaire has been designed to obtain management’s input in order to establish a common understanding of the level of control of an organization or department.
Financial Reporting and General Ledger Control Self Assessment Questionnaire
This is an example of a self assessment questionnaire that can be presented to managers or process owners before conducting an audit. It is intended to help the Internal Audit department understand existing controls around financial reporting and general ledger processes.
Fixed Assets – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting a fixed asset audit. It is intended to help the internal audit department understand existing business processes involving fixed assets and management's view of the internal control environment. This document has been updated with items such as: fixed asset system change management, capital expense policy, and periodic review of depreciation expense.
Framework for Facilitated Self Assessment Meetings
This tool provides a detailed framework for internal auditors and others who are planning to conduct a facilitated self-assessment session. This framework is intended to introduce and describe a common facilitation framework to help deliver the highest-quality results. Each phase described includes a checklist of key issues to address throughout the self-assessment process.
General IT Controls Review: Password Questionnaire
Consider the best practice items in this questionnaire when assessing your user password standards.
Healthcare Industry IT Risk Assessment Questionnaire
The purpose of this tool is to help a healthcare company perform an IT risk assessment. The risk assessment worksheets document IT components, IT processes and IT projects, and provide business process definitions. The assessment also allows the user to configure options, and rank all identified risks automatically.
Information Technology General Controls - Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an information technology general controls (ITGC) audit. It is intended to help the internal audit department understand existing business processes involving ITGC and management's view of the internal control environment.
Payroll – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting a payroll audit. It is intended to help the internal audit department understand the existing business processes and management's view of the internal control environment.
Purchasing and Inventory Management – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit of Purchasing and Inventory Management. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment.
Quarterly Control Assessment Questionnaire
The purpose of this assessment questionnaire is to monitor the company's internal control structure and processes on a quarterly basis.
Risk Assessment Checklist
The questions in the checklist can be considered prior to process reviews or operational internal audits. They can be used in facilitated self-assessment sessions, risk assessment workshops or questionnaires, basic auditing work programs, and auditing interviews.
Risk Assessment Process - Facilitation Tips
This guide provides tips and tricks to be used when facilitating a risk assessment workshop. These tips are organized to guide you through the high-level phases of a risk assessment discussion and provide insight into the facilitator’s role for this process.
Self Assessment Agenda Guide: Why+What+How+When
All self assessment meetings have four common elements. This tool describes these elements and how they can be combined to create an effective agenda for a self assessment meeting.
Self-assessments are intended to help the internal audit department understand existing business processes and understand management's view of the internal control environment. This is a sample checklist to follow when issuing self-assessment questionnaires to managers or process owners. Items in the checklist include self-assessment set-up processes, issuing the self-assessment, compiling the results, and reporting to management.
Self-Assessment on Internal Controls Report - Sample
An internal audit department led a self-assessment initiative to evaluate the effectiveness of the design of internal controls for their company’s operations and budget process. This report describes the approach, the results, and the recommendations that resulted from the initiative.
Self Assessment: Sample Session
The following is taken from an actual self assessment session, investigating possible process improvements for the Foreign Exchange process.
Self Assessment: Three Levels of Activities
Self Assessments are performed by company personnel/process owners who are held accountable for executing, monitoring and improving the business process in question.
Self Assessment Questionnaires: Guide to Development
This guide provides a framework for developing a self assessment questionnaire.
SOX Self-Assessment and Self-Testing Instructions
This guide provides instructions to companies performing a self-assessment and self-testing for Sarbanes-Oxley compliance. Topics include mapping global risks, reporting results, and managing the project timeline.
Treasury and Cash Management Audit Program (Sample 2)
This work program lays out audit procedures for treasury and cash management. Specific areas of review include: cash disbursements, cash receipts, timely identification and resolution of exceptions, bank account analysis, investing/borrowing, capital management, foreign exchange exposure management, cash flow forecasting, IT assessment and derivatives.
50 Small Tips That Could Add Up to Big Improvements in Audit Efficiency
The internal audit team lead is not only responsible for conducting high-risk, value-added audits but also for the effective and efficient management of an audit process that maximizes resources and stays within budget. Accomplishing this is often no easy task. The team lead needs to ensure that people and processes are used as efficiently as possible. With that in mind, this article focuses on 50 project management tips that can help make the most of internal audit’s productivity.
Building an internal audit function at Cadence Design Systems
Cadence Design Systems, Inc. is the world's leading electronic design automation technologies and engineering services company. In this profile, John Springer, director of internal audit and compliance at Cadence, discusses how the internal audit group was formed in response to the emergence of Sarbanes-Oxley regulations, and how it was internal audit’s role to program Sarbanes-Oxley compliance processes throughout the business. Springer also describes the cultural shift within the organization around accepting and understanding the presence of an internal audit function.
Control Self-Assessment: A Sarbanes-Oxley and Enterprise Risk Management Tool
Control Self Assessment (CSA) techniques can play a major role in Sarbanes-Oxley compliance initiatives, enterprise risk management, and internal audit planning. This article describes how CSA can be applied to these pressing initiatives to facilitate decision making and a greater understanding of controls.
Control Self-Assessment Showing Its Versatility
Control self-assessment (CSA) is a process that allows key stakeholders in a company to look at the risks they face, examine the controls in place to deal with those risks and assess their adequacy. What follows are examples from two companies using self-assessment in two very different ways. Their experiences illustrate the use of various CSA tools and the benefits to be derived from a CSA approach.
Control Self Assessment – The Future of Store Audits in Retail Firms
Whether it’s reducing shrink or complying with Sarbanes-Oxley, a rigorous store-level compliance process is key in protecting and substantiating company assets and reporting processes. This article describes the key ways in which this can be achieved through store self-assessment.
Exception Management Explained
The growing need for “exception management” capabilities among organizations of all sizes stems from a steady flow of new regulatory compliance and risk management requirements in recent years. These requirements force process owners to incorporate more rigorous compliance and risk-monitoring into their activities. This need, combined with the evolution of business analysis requirements, has given rise to continuous auditing and continuous monitoring, particularly at companies committed to getting the most valuable bang for their internal audit buck.
How to Audit Compliance in the Financial Services Industry: A Primer
Anyone who has been involved in compliance management for the financial services industry over the last decade or more has seen expectations regarding the role and responsibilities of the Compliance function continue to evolve with increased responsibility. As the requirements and expectations for compliance management have changed, so too have the expectations for how Compliance should be audited. Any discussion about how to audit Compliance should begin with the premise that Compliance is, or should be, an auditable area.
Proactive Risk Management with SAP BusinessObjects – Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions
“What is the totality of our enterprise risk?” That’s a question being raised more often in today’s boardrooms as organizational leadership comes to realize that effective enterprise risk management (ERM) entails more than just the monitoring of financial risk. While financial risk is still an ongoing concern, enterprises also must be vigilant about identifying and being prepared to respond proactively to a wide range of risk, such as: strategic risk; environmental- or health-related risk; political/geopolitical risk; operational risk; and legal and compliance risk.
Role of Management
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on the role of management. Topics covered are: What is the role of the disclosure committee, Section 404 compliance project sponsor, Section 404 compliance project steering committee, and other executives? Who signs off on internal control over financial reporting? And, can management rely solely on self-assessments of process owners for purposes of their evaluation of design and operating effectiveness?
The Self-Assessment Process: Management’s Tool for Reinforcing Process Owner Accountability
The Bulletin, Volume 2, Issue 1 - One of the cornerstones of ongoing compliance with the Sarbanes-Oxley Act of 2002 is having an effective self-assessment program. This Bulletin discusses the self-assessment process and how you can implement one to reinforce process owner accountability or, if you already have a process in place, how you can improve it and make it more effective. Learn why and how to accomplish self-assessment and review some best practices to consider.
Wanted: A Cost-Effective Approach to Validating Performance of the Internal Control Structure This issue of The Bulletin discusses the implementation of a cost-effective Section 404 compliance process. It addresses the importance of integrating self-assessment, entity-level monitoring and independent tests of controls into a coordinated approach to build the body of evidence supporting management’s assertion in the annual internal control report. The Bulletin asserts that companies need to think more broadly than testing when planning a cost-effective approach to validating internal controls.
External Self Assessment Resources
AuditNet Control Self Assessment Resources - A collection of links to Control Self Assessment resources on the Web.
CCSA - Certification in Control Self Assessment
The Certification in Control Self Assessment (CCSA) is The IIA's first specialty certification and the second certification to be offered by the Board of Regents in the history of the Institute of Internal Auditors. The CCSA certification program identifies the skill sets needed by successful practitioners of CSA, measures understanding of CSA, and provides guidance for CSA initiatives.