Control Self Assessment framework, resources, tools and materials designed to help you apply control self assessment techniques to internal audit and risk management are available with a subscription to KnowledgeLeader.
Self assessment or risk self assessment is a tool for acquiring information about business process risks, while empowering the process owners to take responsibility for identifying and mitigating those risks.
As a subscriber you have access to the following:
Accounts Payable – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an accounts payable audit. It is intended to help the internal audit department understand existing accounts payable business processes and management's view of the internal control environment.
Audit Committee Self-Assessment Questionnaire
The self-assessment process is an important exercise for audit committees to complete as they are responsible for important activities such as the quality and integrity of a company’s accounting practices and controls and compliance with legal and regulatory requirements. This is a sample self-assessment questionnaire for audit committees to use when evaluating their current involvement in a company’s control environment.
Billing, Accounts Receivable, Credit, and Collections – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit of the billing, accounts receivable, credit, and collections process. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment.
Business Self Assessment methodology
Business Self-Assessment is Protiviti's dynamic self-assessment approach that leverages organizational knowledge to improve business performance at the entity or process level. Utilizing risk as its foundation, BSA uniquely integrates the assessment of strategic objectives, risks, controls and process-improvement opportunities.
Close The Books – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment.
Control Self-Assessment Questionnaire
In complying with the Sarbanes-Oxley Act, it is management’s responsibility to design, adhere to and monitor the significant operating and financial controls of the organization. This short self-assessment questionnaire has been designed to obtain management’s input in order to establish a common understanding of the level of control of an organization or department.
Financial Reporting and General Ledger Control Self Assessment Questionnaire
This is an example of a self assessment questionnaire that can be presented to managers or process owners before conducting an audit. It is intended to help the Internal Audit department understand existing controls around financial reporting and general ledger processes.
Fixed Assets – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting a fixed asset audit. It is intended to help the internal audit department understand existing business processes involving fixed assets and management's view of the internal control environment. This document has been updated with items such as: fixed asset system change management, capital expense policy, and periodic review of depreciation expense.
Framework for Facilitated Self Assessment Meetings
This tool provides a detailed framework for internal auditors and others who are planning to conduct a facilitated self-assessment session. This framework is intended to introduce and describe a common facilitation framework to help deliver the highest-quality results. Each phase described includes a checklist of key issues to address throughout the self-assessment process.
General IT Controls Review: Password Questionnaire
Consider the best practice items in this questionnaire when assessing your user password standards.
Healthcare Industry IT Risk Assessment Questionnaire
The purpose of this tool is to help a healthcare company perform an IT risk assessment. The risk assessment worksheets document IT components, IT processes and IT projects, and provide business process definitions. The assessment also allows the user to configure options, and rank all identified risks automatically.
Information Technology General Controls - Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an information technology general controls (ITGC) audit. It is intended to help the internal audit department understand existing business processes involving ITGC and management's view of the internal control environment.
Payroll – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting a payroll audit. It is intended to help the internal audit department understand the existing business processes and management's view of the internal control environment.
Purchasing and Inventory Management – Preliminary Controls Assessment Questionnaire
This is an example of a preliminary assessment questionnaire that can be presented to managers or process owners before conducting an audit of Purchasing and Inventory Management. It is intended to help the internal audit department understand existing business processes and management's view of the internal control environment.
Risk Assessment and Control Activities Worksheet – Sample
This worksheet can be used as a template for documenting and linking business risks, process objectives, related controls, and an auditor's evaluation. It is based on the COSO framework.
Risk Assessment Checklist
The questions in the checklist can be considered prior to process reviews or operational internal audits. They can be used in facilitated self-assessment sessions, risk assessment workshops or questionnaires, basic auditing work programs, and auditing interviews.
Risk Assessment Map – Sample
This risk assessment map helps to identify and document critical business processes. Combined with facilitated management meetings, this approach can help gain company-wide consensus by including key process owners in risk and controls analyses.
Risk Assessment Workshop Presentation - Sample
This presentation was created to help facilitate a risk assessment workshop. It explains to workshop participants the objectives and ground rules, how to identify key risks, and how to plot significance and likelihood on a risk map.
Self Assessment Agenda Guide: Why+What+How+When
All self assessment meetings have four common elements. This tool describes these elements and how they can be combined to create an effective agenda for a self assessment meeting.
Self-Assessment Checklist
Self-assessments are intended to help the internal audit department understand existing business processes and understand management's view of the internal control environment. This is a sample checklist to follow when issuing self-assessment questionnaires to managers or process owners. Items in the checklist include self-assessment set-up processes, issuing the self-assessment, compiling the results, and reporting to management.
Self-Assessment on Internal Controls Report - Sample
An internal audit department led a self-assessment initiative to evaluate the effectiveness of the design of internal controls for their company’s operations and budget process. This report describes the approach, the results, and the recommendations that resulted from the initiative.
Self Assessment: Sample Session
The following is taken from an actual self assessment session, investigating possible process improvements for the Foreign Exchange process.
Self Assessment: Three Levels of Activities
Self Assessments are performed by company personnel/process owners who are held accountable for executing, monitoring and improving the business process in question.
Self Assessment Questionnaires: Guide to Development
This guide provides a framework for developing a self assessment questionnaire.
SOX Self-Assessment and Self-Testing Instructions
This guide provides instructions to companies performing a self-assessment and self-testing for Sarbanes-Oxley compliance. Topics include mapping global risks, reporting results, and managing the project timeline.
Tax Process: Objectives and Control Checklist
This self-assessment checklist is intended to be used as a preliminary checklist before an audit. It gives the auditee an opportunity to inform internal audit about controls and processes they employ, and it also gives the auditee ideas about other controls and processes that may be appropriate.
Clock ticking for Standard 1312 compliance
The Institute of Internal Auditors’ Standard 1312 requires an external quality assessment of internal audit activities be conducted once every five years. An assessment must be completed by January 1, 2007 for an audit department to be deemed in conformance with IIA standards. Audit directors have two options for compliance: an external quality assessment or a self-assessment with independent validation. This article discusses the two compliance options, along with their drawbacks and why cost issues are not cut and dry.
Control Self-Assessment Showing Its Versatility
Control self-assessment (CSA) is a process that allows key stakeholders in a company to look at the risks they face, examine the controls in place to deal with those risks and assess their adequacy. What follows are examples from two companies using self-assessment in two very different ways. Their experiences illustrate the use of various CSA tools and the benefits to be derived from a CSA approach.
Control Self Assessment – The Future of Store Audits in Retail Firms
Whether it’s reducing shrink or complying with Sarbanes-Oxley, a rigorous store-level compliance process is key in protecting and substantiating company assets and reporting processes. This article describes the key ways in which this can be achieved through store self-assessment.
Compliance Frameworks
Compliance frameworks connect regulatory mandates and software practices. This article outlines compliance frameworks and best practices in order to help companies perform self assessments. Specifically, this article defines identity standards which allow for better tracking and governance of identity-related information.
Corporate Directors: Charting a Course Through Troubled Times
Successfully guiding a corporation through competitive markets can be a complicated venture in the best of times. But when tight credit and high costs erode an organization’s revenues and customer base, once routine issues can become urgent and problematic. In today’s economy, even well-run organizations can face significant challenges to their fiscal health. This article is the first in a series designed to address some of the issues that corporate directors face as they steer their companies through the “zone of insolvency.”
Importance of Monitoring
Senior management and boards of directors have started asking internal audit departments to help them gain a better understanding of how the organization manages risk, but rarely do they explicitly ask auditors to help them assess how they measure risks that could impair progress toward their objectives. This is an area ripe with opportunity for internal audit shops that are looking for new ways to add value to their organization. This article outlines several key questions auditors need to ask when initiating risk monitoring projects.
Making Section 404 Compliance Cost-Effective While Improving Quality and Sustainability
As companies take stock of their focus on "pass/fail" compliance with Section 404 of the Sarbanes-Oxley Act, it is time to reflect on the objectives and costs of the effort. While the SEC's new guidance to management and the PCAOB's revamping of AS2 will help improve the cost-effectiveness, senior management has a more important opportunity to focus on quality and sustainability. This article asserts that every organization should take a step back to evaluate how to transition from the narrow focus on pass/fail compliance to a cost effective, sustainable and value-added process.
Quality Assurance Standard 1312: Which option is best for you?
The clock is ticking to comply with the IIA quality assessment standard (Standard 1312). As the timeline shortens, companies are evaluating which quality assessment option best fits their company: an external assessment or a self-assessment with independent validation. In this article, the vice presidents of internal audit at Chiquita Brands International and Experian each discuss the quality assessment option they selected and why.
Ranking Risks: Rare to Certain, Negligible to Catastrophic
Risks that your project or business are exposed to may be worth reviewing now more than ever before to explore which ones need more attention than others. Since risk is directly correlated to loss, it is important to implement a self-assessment process in one's business and to address them. Read this article to learn how inattention to risks can affect a company, and see what you can do to protect your bottom line.
Strength in Numbers: How Creditors’ Committees Maximize Results in Chapter 11 Cases
While the financial meltdown of mortgage lenders and investment banks has riveted the attention of citizens and governments worldwide, many mainstream businesses are finding that “business as usual” is more difficult than ever. This article is the second in a series that addresses some of the difficulties that arise when businesses become insolvent. It focuses on how companies can use official creditors’ committees to protect their interests when important clients reorganize under Chapter 11 of the Bankruptcy Code.
The Retail Store Audit: Using Technology to Optimize the Audit Process
The traditional method of conducting store audits would benefit from an innovative use of technology, but is an automated solution really worth your investment? This article provides details of three key benefits: enhanced audit productivity, increased operational effectiveness, and improved reporting capabilities.
The Self-Assessment Process: Management’s Tool for Reinforcing Process Owner Accountability
The Bulletin, Volume 2, Issue 1 - One of the cornerstones of ongoing compliance with the Sarbanes-Oxley Act of 2002 is having an effective self-assessment program. This Bulletin discusses the self-assessment process and how you can implement one to reinforce process owner accountability or, if you already have a process in place, how you can improve it and make it more effective. Learn why and how to accomplish self-assessment and review some best practices to consider.
Wanted: A Cost-Effective Approach to Validating Performance of the Internal Control Structure This issue of The Bulletin discusses the implementation of a cost-effective Section 404 compliance process. It addresses the importance of integrating self-assessment, entity-level monitoring and independent tests of controls into a coordinated approach to build the body of evidence supporting management’s assertion in the annual internal control report. The Bulletin asserts that companies need to think more broadly than testing when planning a cost-effective approach to validating internal controls.
AuditNet Control Self Assessment Resources - A collection of links to Control Self Assessment resources on the Web.
CCSA - Certification in Control Self Assessment
The Certification in Control Self Assessment (CCSA) is The IIA's first specialty certification and the second certification to be offered by the Board of Regents in the history of the Institute of Internal Auditors. The CCSA certification program identifies the skill sets needed by successful practitioners of CSA, measures understanding of CSA, and provides guidance for CSA initiatives.
University of Texas Control Self Assessment Workshop
This Control Self Assessment Workshop is designed to facilitate a department’s self assessment of its internal control over operations, financial reporting, and compliance activities. The workshop is divided into two sessions. The first session explains how to self-assess internal control over a department’s significant activities and processes. The second session, held a few weeks later, is a series of Risk/Control Worksheet presentations by the department’s employees.
>> Sign up now for a
30-day free trial or an
annual subscription.
Find out more about our
subscription prices and group discounts.
If you have any questions please
Contact Us.