Companies face a variety of internal control risks that can threaten the integrity of their financial reporting, operational effectiveness, and compliance with laws and regulations. These risks often stem from inadequate segregation of duties, lack of oversight, insufficient documentation and overreliance on manual processes. Such weaknesses may lead to errors, fraud or misappropriation of assets, potentially resulting in financial losses, regulatory penalties and reputational harm. Changes in business processes, rapid growth or technological advancements can further expose organizations to new or evolving risks if internal controls are not updated accordingly. 

1. Internal Controls Checklist 

Assess your organization’s internal controls for common business processes with the list of items provided in this tool.  

This tool focuses on accounts receivable and sales controls, accounts payable controls, accrued liabilities and other expenses controls, cash disbursement controls, cash funds controls, cash receipts controls, general accounting controls, fixed-assets controls, intangibles controls, and more. 

2. Internal Controls Structure Questionnaire 

Assess your company’s controls and internal processes with this questionnaire focused on internal control structures. 

After completing this questionnaire, you can use the information provided in validation of the internal control environment and development of control areas.  

3. Internal Controls Quarterly Self-Assessment Program Guide 

Implement and continuously improve your organization’s internal control processes with the best practices in this structured guide. 

This program establishes responsibilities for process owners and subsidiary management who are required to escalate any potential disclosable issues or changes at least quarterly. 

4. Accounts Receivable Internal Controls Questionnaire 

Empower your financial management with this comprehensive questionnaire, designed to optimize cash flow, increase compliance and boost operational efficiency. 

The goal of this tool is to provide completed questionnaires for executive management, aiding them in supporting their certifications on the annual report on internal and disclosure controls as required by Sections 302 and 404. 

5. Internal Controls Self-Assessment Report 

Assess and improve your organization’s internal controls using this sample audit report. 

Self-assessment testing involves documenting updates based upon responses to the questions and results of the walk-through process, assessing the overall control objectives and the process area, developing an entity-level controls (ELC) questionnaire based on the Committee of Sponsoring Organizations (COSO) framework, and more. 

6. Internal Controls and Shareholder Value Guide 

Secure your business’s future by understanding why internal controls are important for shareholder value. 

This presentation can be used as a guide for describing what internal controls are, why they are important, and how they relate to shareholder or stakeholder value. 

7. Is Cybersecurity Not Part of Internal Controls for Financial Reporting? 

Examine why cybersecurity measures are essential for maintaining comprehensive internal controls and preventing material weaknesses in financial governance. 

You may remember that back in 2020, SolarWinds Corporation had undetected malicious code “SUNBURST” embedded in its software, which it then unknowingly distributed to approximately 18,000 clients, including many government agencies.  

8. Human Resources Internal Controls Questionnaire 

Improve your Human Resources function and its associated internal control structure using this questionnaire.  

Example self-assessment questions include: Is employee information communicated to Human Resources personnel via a standardized form? Do employee setup forms require the approval of a company officer? Is access to employee files (both electronic and hard copies) restricted to Human Resources personnel?  

9. Importance of Internal Controls for Cybersecurity 

Examine the increase in cybersecurity breaches disclosed by public companies since 2011. 

Due to the proliferation of attacks, accompanied by a variety of challenges associated with implementing effective controls meant to minimize the threats, cybersecurity has emerged as an ongoing corporate governance risk and audit risk. 

10. Procurement Internal Controls Audit Work Program

Organizations can use this sample audit work program to review the internal controls in their procurement process.

Sample questions to consider include: Are purchase orders based on authorized requisitions? Are purchase orders properly coded to identify the cost objective (direct, indirect or inventory)? Are purchase orders serially controlled and accounted for?