Scribd Logo
Upload

Welcome to Scribd!

  • 1K views

    Entity-Level Controls Questionnaire

    Uploaded by

    Juanita Dela Peña Bejarasco
    This document summarizes the auditor's understanding of the client's entity-level controls, including the control environment, risk assessment, information systems, control activities, and monitoring. It describes procedures performed like reviewing prior year workpapers and interviewing management. Tables are included to assess the control environment and risk assessment process. Risks are identified for the information systems and control activities, and the audit response is noted. Monitoring is done through management involvement in operations due to the lack of an internal audit function.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Entity-Level Controls Questionnaire

    Uploaded by

    Juanita Dela Peña Bejarasco
    1K views3 pages
    This document summarizes the auditor's understanding of the client's entity-level controls, including the control environment, risk assessment, information systems, control activities, and monitoring. It describes procedures performed like reviewing prior year workpapers and interviewing management. Tables are included to assess the control environment and risk assessment process. Risks are identified for the information systems and control activities, and the audit response is noted. Monitoring is done through management involvement in operations due to the lack of an internal audit function.

    Original Description:

    Questionaire

    Original Title

    Entity-level Controls Questionnaire

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document summarizes the auditor's understanding of the client's entity-level controls, including the control environment, risk assessment, information systems, control activities, and monitoring. It describes procedures performed like reviewing prior year workpapers and interviewing management. Tables are included to assess the control environment and risk assessment process. Risks are identified for the information systems and control activities, and the audit response is noted. Monitoring is done through management involvement in operations due to the lack of an internal audit function.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    1K views3 pages

    Entity-Level Controls Questionnaire

    Uploaded by

    Juanita Dela Peña Bejarasco
    This document summarizes the auditor's understanding of the client's entity-level controls, including the control environment, risk assessment, information systems, control activities, and monitoring. It describes procedures performed like reviewing prior year workpapers and interviewing management. Tables are included to assess the control environment and risk assessment process. Risks are identified for the information systems and control activities, and the audit response is noted. Monitoring is done through management involvement in operations due to the lack of an internal audit function.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 3

    A.

    Objective

    The objective of this working paper is to document our understanding of the client’s entity-level
    controls, including:

    a. Control Environment;
    b. Risk Assessment;
    c. Information System;
    d. Control Activities; and
    e. Monitoring.

    B. Procedures

     Read the prior year working papers


     Interviewed Mr. Jonathan Furog, Accounting Manager, on October 13, 2015.
     Obtained relevant documents.

    C. Questionnaire

    Control Environment

    The control environment sets the tone of an organization, influencing the control consciousness of
    its people. It is the foundation for effective internal control, providing discipline and structure.

    (Fill out the table when you have already obtained sufficient information)

    Checkbox Checklist Remarks


     Are integrity and ethical values The Company has a vision/mission
    appropriately addressed, communicated statement.
    and reinforced by management?
    See ____________.

     Does management take appropriate action The Company has a policy against
    to remove or reduce incentives and unethical acts.
    temptations toward dishonest, illegal or
    unethical acts? See ____________.

     Does management set an appropriate tone None.


    at the top that promotes integrity and ethical
    values?

     Does management consider competence The Company has a policy on hiring


    levels for particular jobs, and the employees.
    employees possess requisite skills and
    knowledge. See _____________.

     Do those charged with governance have See Company Profile.


    adequate experience and stature?

     Is an adequate process of reviewing No review of internal controls done,


    internal controls in place? although management is closely
    involved in the company’s day to
    day operations.
     Does management’s philosophy and Observed.
    operating style appropriately encompass:
    an approach to taking and monitoring

    1
    Checkbox Checklist Remarks
    business risks, attitudes and actions toward
    financial reporting, conservatism with which
    accounting estimates are developed, and
    attitudes toward information processing
    and accounting functions and personnel?

     Does the organizational structure provide See Organizational Chart.


    for appropriate lines of reporting to key
    areas of authority?

     Do personnel adequately understand the Interviewed one personnel and


    entity’s objective? determined that he understood the
    company’s objectives.

     Do human resource policies and practices See ______________.


    appropriately relate to recruitment,
    orientation, training, evaluating,
    counseling, promoting, compensating, and
    remedial actions?

    Q: Are there any risks to the control environment? None.


    Q: If yes, describe and include overall and specific audit response. N/A.

    Risk Assessment Process

    An entity’s risk assessment process is the process for identifying and responding to business risks
    and the results thereof. For financial reporting purposes, it includes how management identifies
    risks relevant to the preparation of financial statements that are presented fairly in conformity with
    International Financial Reporting Standards.

    Does management assess the following conditions on the entity’s ability to prepare financial
    statements that are free from material misstatement?
     Changes in operating environment.
     New personnel.
     New or revamped information systems.
     Rapid growth.
     New technology.
     New business models, products, or activities.
     Corporate restructurings.
     Expanded foreign operations.
     New accounting pronouncements.
     Changes in economic conditions.

    Remarks:
    Determined upon reading the minutes of the meetings. See _____________.

    Q: Are there any risks to the risk assessment process? None.


    Q: If yes, describe and include overall and specific audit response. N/A.

    Information Systems

    2
    The information system relevant to financial reporting objectives consists of the procedures to
    initiate, authorize, record, process, and report entity transactions (as well as events) and to maintain
    accountability for the related assets, liabilities, and equity.

    See IT Environment Survey Form


    See General IT Controls Memo (If no General Controls Memo, insert understading of IT
    environment here.

    Q: Are there any risks to the information systems? Yes. See GITC Memo
    Q: If yes, describe and include overall and specific audit response. Audit around the box will be the
    adopted approach.

    Control Activities

    Control activities are the policies and procedures that help ensure that management’s directives
    are carried out.

    Refer to test of controls on ____________.

    Q: Are there any risks to the information systems? Yes. See Test of Controls.
    Q: If yes, describe and include overall and specific audit response. Substantive approach will be
    adopted.

    Monitoring

    Monitoring is done to ensure that internal controls continue to operate effectively over time.

    Remarks:
    The company has no internal audit function to help those charged with governance check on the
    internal controls. However, this is compensated by the fact that management, and to some extent,
    those charged with governance are active in the Company’s day to day operations.

    Q: Are there any risks to the information systems? None.


    Q: If yes, describe and include overall and specific audit response. N/A.

    You might also like