Disclosure and internal controls seem to be commanding the headlines these days, with an emphasis on complying with Sections 302 and 404 of the Sarbanes-Oxley Act (SOX). This sample questionnaire can be used by management and board members to help determine where controls over information technology (IT) fit into the picture, why IT is so important, and why management and executives should care.
Sample questions include: Should the CIO report to the audit committee on the state of the IT internal control environment? What do the internal and external auditors think about our IT controls? If the auditors have given us recommendations to improve the company’s IT controls, how concerned should we be?