Internal Control Questionnaires

Ahmad Tariq Bhatti
FCMA (Pak), ACMA (UK), CGMA, MA (Eco.), BSc

4
Section-wise Contents
# Section Detail
Covered
in
Schedule
Page #
I
Business Planning, Management & Control
Environment
1 - 10 8 - 16
II Effectiveness of Internal Control System 11 - 25 17 - 51
III Human Resources Planning, Control & Management 26 52 - 56
IV Financial Planning, Accounting & Reporting 27 57 - 63
V Management of Contracted Services 28 64 - 67
VI Management Information System – Overall 29 68 - 72
VII Management Information System – Detailed 30 73 - 91
VIII Change Management 31 92 - 95
IX Business Continuity Management 32 96 - 99

5
Contents
1 Mission............................................................................................................................................8
2 Planning Business Goals.............................................................................................................8
3 Control Environment.....................................................................................................................9
4 Monitoring Overall Performance...............................................................................................11
5 Effectiveness of Processes........................................................................................................12
6 Efficiency of Processes ..............................................................................................................13
7 Allocation of Resources..............................................................................................................13
8 Optimal Use of Resources.........................................................................................................14
9 Operating Environment: Compliance with Laws & Regulations...........................................14
10 Operating Environment: Compatibility with External Environment......................................15
11 Budgetary Controls & Follow up Reviews ...............................................................................18
12 Cash & Cheques Receipts.........................................................................................................20
13 Payments......................................................................................................................................26
14 Cash Management & Use of Company Credit Cards............................................................27
15 Deposits to Company Treasury ................................................................................................29
16 Cash Funds..................................................................................................................................29
17 Investments..................................................................................................................................30
18 Revenue Enhancement, Market Trends & Updates..............................................................33
19 Cost Recovery: Allocation & Apportionment.........................................................................34
20 Billing to Customers....................................................................................................................34
21 Accounts Receivables ................................................................................................................36
22 Inventory: Goods, Materials & Stores ......................................................................................39
23 Operating Fixed Assets..............................................................................................................42
24 Purchasing & Payables ..............................................................................................................46
25 Payroll ...........................................................................................................................................49
26 Human Resources: Planning, Control & Management ........................................................53
27 Financial Planning, Accounting & Reporting...........................................................................58
28 Services (include both to and by the Co.) ...............................................................................65
29 Information System: Management & Controls - Overall........................................................69
30 Information System: Management & Control - Detailed........................................................74

6
31 Change Management.................................................................................................................93
32 Business Continuity Management............................................................................................97

7
Section I
Business Planning,
Management & Control Environment
Schedule 1-10

8
1 Mission
No. Description Ref. Y/N N/A
1.1 Has the organization adopted a mission statement?
1.2 Is the mission stated clearly, concisely and in easily understood terms?
1.3 Is the mission compatible with the mission of the parent company?
1.4
Is the mission consistent with laws, regulations, and the Company
Law enforceable in UAE?
1.5
Is the mission statement divulged and displayed conspicuously
throughout the organization?
1.6 Has management set operational goals for the organization?
1.7 Are these operational goals congruent with each other?
1.8 Do these operational goals directly support the mission?
1.9 Are these operational goals stated in measurable terms?
1.10 Are the goals further divided into sub-goals for operating units?
1.11
Is a method used to help employees understand how their daily work
contributes to the goals of their departments and to the mission of
the organization?
2 Planning Business Goals
2.1 Has the management developed plans to achieve stated goals?

9
2.2
Do these plans describe clearly objectives to be achieved, the
methods to be used, how resources are organized and time line for
completion?
2.3 Do these plans include financial budgets?
2.4
Does the planning process include input from knowledgeable
operating personnel?
2.5
Are these plans communicated to personnel responsible for
implementing them?
2.6
Are the plans converted into specific tasks that are assigned to
specific employees?
3 Control Environment
 Integrity & Ethical Values
3.1
Are there written policies and internal operating procedures that
have been approved by the governing body or top management?
3.2
Does the company have a code of ethical conduct that has been
made available to all employees?
3.3
Have transactions been executed in accordance with integrity and
ethical values/codes?
3.4
Are procedures documented, kept current and readily available for
use by all employees?
 Commitment to Competence & Excellence
3.5 Are responsibilities clearly defined in writing and communicated?
3.6
Does the management understand knowledge and skills required
to accomplish tasks?
3.7 Does the management get involved in training?

10
 Management’s Philosophy & Operating Style
3.8
Does the management use budget, spending plans, etc. to review
the company’s performance?
3.9
Are accounting records and accounting personnel at all
locations/sites under the supervision of the Accounting
Manager/Financial Controller?
3.10
Does the management actively follow-up on complaints from
customers/clients?
3.11 Are policies and procedures consistent with statutory authority?
3.12 Are the budget system and the planning process integrated?
3.13
Are periodic (monthly, quarterly) reports on the status of actual to
budget performance prepared and reviewed by top management?
3.14 Are unusual variances between budget and actual examined?
3.15
Are operations made in accordance with statutes governing the
company?
3.16
Is the internal control structure supervised and reviewed by
management to determine if it is operating as intended?
3.17
Does the company compare its actual performance with its goals
and objectives on periodic basis?
3.18
Does the company have a functioning internal audit staff to review
its operations?
3.19
Does the internal audit staff report to an official independent of the
operations under review?
 Organizational Structure
3.20
Are there written policies and procedures for all major areas
of the organization?
3.21 Are procedures reviewed annually for possible updating?
3.22
Is there an organization chart clearly defining the lines of the
management authority and responsibility?

11
3.23 Is the organization chart current and accurate?
3.24 Does the organization chart enhance work performance?
3.25 Are all the company’s operations centralized or decentralized?
3.26 If decentralized, is monitoring of the areas adequate?
 Assignment of Authority & Responsibility
3.27
Has the management provided resources to ensure compliance
with the requirements of the UAE Laws?
3.28
Are there sufficient training opportunities to improve competency
and update employees on new policies and procedures available?
3.29
If known areas of knowledge are limited, has help been enlisted
from peers, auditors or outside consultants to identify alternatives
and suggest solutions?
3.30
Have the managers been provided with clear goals and direction
from the governing body or top management?
3.31
Are responsibilities divided so that no single employee controls all
phases of a transaction?
4 Monitoring Overall Performance
4.1
Does the management assess progress toward goal achievement
periodically?
4.2
Does this periodic assessment include comparison of actual
financial data to budgets and explanation of variances?
4.3 Is this assessment based on reliable and objective measurements?
4.4
Is this assessment done timely and at a frequency that allows
timely adjustments?

12
4.5
Are the results of the progress assessment shared with the
personnel responsible for action?
4.6
Are the responsible personnel requested to take action to modify
the goals or adjust the plans and processes?
4.7
Does the management follow up to ensure that the appropriate
action was taken?
4.8
Does an independent body monitor the operations of the
organization on an ongoing basis?
4.9
Has the organization undergone an independent review or audit in
the past five years?
5 Effectiveness of Processes
5.1
Has the management identified the core processes that are used to
carry out the mission of the organization?
5.2 Has the management defined the effectiveness of these processes?
5.3
Does the management have a system in place to measure this
effectiveness?
5.4
Are performance measures for each process obtained timely and at
a frequency that permits timely adjustments?
5.5
Is appropriate action taken as a result of the measurements to
improve effectiveness?
5.6 Are core processes properly documented to facilitate changes?
5.7 Is the documentation kept up-to-date?

13
6 Efficiency of Processes
 Performance Evaluation & Appreciation
6.1
Has the management defined efficiency in terms of performance
and achievement of goals?
6.2
Does the management have a system in place to measure
efficiency?
6.3
Are efficiency measurements compared with industry standards or
other benchmarks?
6.4
Are efficiency measurements obtained timely and at a frequency
that permits timely adjustments?
6.5
Is appropriate action taken as a result of the measurements to
increase efficiency?
7 Allocation of Resources
7.1
Are total available resources identified and assigned to projects or
sites?
7.2 Are under-utilized resources identified for re-deployment?
7.3 Are goals prioritized for purpose of resource allocation?
7.4
Is a consistent method used to allocate resources to achieve an
optimum balance between effectiveness and efficiency? (To
maximize effectiveness as many resources as possible may be
allocated to a goal; to maximize efficiency as few resources as
possible should be used).

14
8 Optimal Use of Resources
8.1
Are there current job descriptions for key personnel which state
clearly the expected contribution to the organizational goals?
8.2
Are instructions available on how to use the non-personnel
resources such as equipment, information systems and available
funds?
8.3
Is the contribution of each key resource to organizational goals
defined?
8.4
Is appropriate action taken to improve performance that falls below
expected levels?
8.5
Is there appropriate recognition to reinforce contributions at or
above expected levels?
8.6
Is there an adequate training program for personnel to maintain
essential skills and abilities?
8.7
Is there an incentive program for personnel to develop other job-
related skills and abilities?
8.8
Are major equipment items subjected to a regular maintenance/ test
schedule to ensure acceptable output level?
8.9
Are information systems evaluated periodically for continued
usefulness?
9 Operating Environment: Compliance with Laws & Regulations
9.1
Are current laws, regulations and standards that significantly
affect operations identified?
9.2
Is a method used to identify all laws, regulations and standards
affecting the organization?
9.3
Is a mechanism used to monitor compliance with these laws,
regulations and standards?

15
10 Operating Environment: Compatibility with External Environment
 Change Management
10.1
Are all external factors that can have a material effect on
operations in the future identified (Trends in industry, economy,
technology, demography, regulations)?
10.2
Are the future effects of these external factors evaluated and
planned for?
10.3
Is there a formal and written Change Management process
whereby system changes are requested, approved, documented
and approved for installation?

16
Section I: Audit Results
Responding Person:
Name: ____________________________________________________________
Designation & Department: __________________________________________
Date of Audit: ______________________________________________________
Summary of Observations & Findings
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________
I hereby undertake, the foregoing observations and findings are accurate to
the best of my knowledge, understanding and comprehension taken from the
staff described here-in-above.
Completed by: ______________________________ Date: __________________
Reviewed by: _______________________________ Date: __________________

17
Section II
Design of Internal Control System
Schedule 11-25

18
11 Budgetary Controls & Follow up Reviews
 Budgeting Preliminaries
11.1
Is a budget developed for all funds that require an approved
budget by law or by Board policy?
11.2
Is there a formal organizational chart defining responsibilities for
preparing, approving, changing and submitting the budget to the
Office of Budget Management?
11.3
Are budgetary increases or decreases (as they relate to Programs
or Contracts or Sub-contracts), that are mandated by the
management communicated to operating departments? Is this
done in a timely manner?
11.4
Are initial budget submission developed and prepared by major
departments and activity centers?
11.5
Are budget revisions approved by an authorized person before
being entered into the accounting system?
11.6
Are the management's goals and objectives integrated into budget
submissions?
11.7
Are expenditure and revenue transactions reviewed to determine
that coding is consistent with budget classifications?
11.8
Are budget reports distributed, (or available on-line), to operating
departments as a management tool?
 Segregation of Duties
11.9
Are the following duties generally performed by different people:
 Preparation and approval of the budget submitted to the
management?
 Implementation and approval of the budget submitted to
the management, including budget revisions?
 Recording budget revisions in the General Ledger and the
approval or implementation functions?

19
 Preparation & Approval
11.10
Are budgets prepared in sufficient detail (i.e. at operational
responsibility level) to provide a meaningful tool to monitor
subsequent performance?
11.11 Are instructions from the company Budget Office followed?
11.12
Are budget estimates based on prior actual results and reasonable
forecast of future events?
11.13
Are budget estimates supported by detailed worksheets that show
how the estimates were calculated and the assumptions made?
11.14
Is the budget preparation assigned to a competent and
experienced staff?
11.15
Does the department head review the estimates and worksheets
before submission?
11.16
Are the budgets reviewed and approved by the Board on annual
basis?
11.17
Are the budgets flexed according to the activity levels achieved
on periodic basis?
11.18 Are there any rolling over of monthly or quarterly budgets?
11.19
Are the funds used only for the budgeted purchase of goods or
services that support the annual budgets?
11.20
Is there a procedure to ensure that there are sufficient budgeted
funds to cover major expenditures before they are incurred?
 Monitoring of Budgets
11.21
Are there any follow up reviews in place of monthly and annual
budgets flexed to the activity levels achieved?
11.22
Are over expenditures or under realized revenues discussed with
departmental personnel and are there explanations for significant
variation from budgeted amounts?
11.23
Is there a procedure to follow up on major unrealized revenue
items?

20
11.24
Does the management review actual results against the monthly
budgets?
11.25
Does the management initiate prompt action to correct
anticipated budget variances?
11.26
Are all significant projected budget variances explained in the
follow up review reports?
11.27
Are revised budget estimates submitted to the Board promptly for
action?
11.28
Does the management compare budget estimates with actual
results at year end to identify errors or changes in trends?
11.29
Does the management take prompt action to address budget
variances?
11.30
Are significant budget variances and corrective action reported
timely to the Chief Financial Officer or the Board for appropriate
action?
11.31
Are performance data collected to evaluate the effect of
allocation of resources?
11.32
Are budgeted resources and performance data appropriately
summarized on the Annual Report to the Board?
12 Cash & Cheques Receipts
 System
12.1
Are the following duties distributed among at least two
individuals:
 Authorize cash receipts?
 Record cash receipts?
 Deposit cash receipts?
 Reconcile cash receipts?
12.2
Are there guidelines for accepting remittances that do not agree
to amounts owed to the company?

21
12.3
Is there a formal organizational chart defining responsibilities
for processing and recording cash transactions?
12.4 Are cheques identified by maker and amount on the deposit slip?
12.5
Are there procedures in place to establish a proper cut-off of
cash receipts at the end of the fiscal year?
12.6 Is a mail receipts log maintained for mail receipts?
12.7
Is the mail receipts log reconciled to:
 The cash receipts journal?
 Validation certification of deposit/deposit slips?
12.8
If payments are made in person (seminars, workshops, etc.), are
receipts for payment used and accounted for and balanced to
deposits?
12.9
Do control procedures exist regarding the collection, timely
deposit, and recording of collections in the accounting records
at each collection location?
12.10
Are pre-numbered receipts issued for all cash collections and are
numbers of all receipts accounted for?
12.11 Are logs of receipt book issuances maintained?
 Petty Cash Management
12.12 Are petty cash/ change funds at the minimum effective amount?
12.13 Are all petty cash funds maintained on an imprest basis?
12.14
Are unauthorized advances from petty cash funds to employees
prohibited?
12.15 Are all petty cash cheques cashed promptly at the banks?

22
12.16
Are petty cash vouchers or bills required for all petty cash
disbursements and are they pre-numbered?
 Are they signed by persons receiving cash?
 Are they approved in writing by department head or other
responsible official?
 Are they properly supported by vendor receipts?
 Are they type-written or written in ink to preclude alterations?
12.17
Is petty cash kept in a locked place, where only the custodian
has access?
12.18 Are petty cash funds segregated from other cash?
12.19
Are letters accompanying gifts, grants, donations, etc., retained
as part of the permanent records?
12.20 Are the authorization records of the depository banks up to date?
12.21
Are receipts deposited as often as required by the company
policy?
12.22
Are the following duties generally performed by different
people:
 Custodian of the fund, reconciliation of the fund and access
to cash receipts?
 Filling out the disbursement receipts, disbursement, and
reconciliation?
 Making a deposit, billing, making General Ledger entries and
collecting?
 Collecting cash, placing a restrictive endorsement on the
Cheques, balancing cash, closing cash registers, making a
deposit, maintaining Accounts Receivable records and
making General Ledger entries?
 Collecting of licenses, fines, and inspections and making
General Ledger entries?
 Collecting cash and reconciling the bank account?
 Closing Cash Registers daily by a person not involved in cash
collection?

23
 Security
12.23
Is there adequate physical security surrounding cashiering
areas?
12.24
Are employees prohibited from cashing personal Cheques at
cashiering areas?
12.25 Is cash receiving centralized to the maximum extent possible?
12.26 Are all employees handling cash receipts adequately bonded?
12.27 Are "audit tapes" retained for cash registers?
12.28
Is a restrictive endorsement placed on incoming cheques as soon
as received?
12.29
Are petty cash vouchers effectively canceled at the time of
reimbursement to the fund by an individual other than the
custodian?
12.30
Is a system of pre-numbered receipts with adequately controlled
copies in use wherever practicable?
12.31 Are cash receipts controlled at the earliest point of receipt?
12.32
When funds cannot be deposited daily, are the funds transported
to a centralized location at the end of the workday and secured
overnight?
12.33
Are unidentified cash remittances immediately returned to the
payers or deposited into a suspense account for further research?
12.34
Is supporting documentation required to indicate the purpose of
the remittance to the company?
 Receipts through Cheques
12.35 Is cashing of personal cheques against collections prohibited?
12.36
Are the cheques recorded immediately upon receipt in the Bank
Book?
12.37 Are currency and cheques accounted for separately?
12.38
Are cheques reviewed for accuracy and authenticity before
acceptance?

24
12.39
Are cheques that show suspicious alterations immediately
returned to payers?
12.40 Is a Board-approved fee charged for all returned cheques?
12.41
Are all cheques promptly restrictively endorsed “for deposit
only” to the company upon receipt?
 Cash Collections
12.42
Are cash collections recorded immediately upon receipt in the
cash registers or cash receipt book?
12.43
Does the information recorded include: date, payer, amount,
method of payment, purpose of payment, cashier's name?
12.44 Is a receipt issued for every remittance made in currency?
12.45 Are receipt forms pre-numbered and periodically accounted for?
12.46
Are these pre-numbered printed receipts have any linkage to the
System generated Receipt Vouchers?
12.47 Are cash collections balanced to receipts daily?
12.48 Is cash shortage for each cashier documented and investigated?
12.49
Are cash shortages made up from a cash difference fund rather
than being offset against overages?
12.50
Are there procedures to establish accountability for cash and
related items (Cheques, Credit Cards, Receipts, etc.)?
12.51
Are cash and related items (Cheques, Credit Cards, and
Receipts) physically safeguarded against theft and loss?
12.52
Are cash shortages identified, analyzed, recorded, and reported
immediately?
12.53
Are all the cash collections deposited within one business day
of receipt?
12.54 Is someone independent of the cash receiving process,
reviewing and approving void and refund transactions?
12.55
Are security personnel or anybody held responsible or
accountable for mail used to transport deposits to the cash
officer or to the local bank?

25
 Electronic Transfers
12.56 Is there a written policy for Electronic Payments?
12.57
Is the staff aware of the policy for accepting Electronic
Payments?
12.58 Is there a proper record for bounced cheques?
12.59 Is there a separate record-keeping for Electronic Payments?
12.60
Are Electronic Transfers matched with written confirmation
from the sender?
 Monitoring
12.61
Does the company have an approved Cash Management Plan on
file?
12.62 Does the company have an approved Delegation of Disbursing
Authority on file?
12.63
Is an effective control maintained over receipts of gifts, grants,
donations, etc. and is a follow-up made by a responsible official
to see that they have been classified and recorded properly?
12.64
Are funds periodically counted by a person other than the
custodian at unannounced times?
12.65 Does management approve or spot cheques reconciliations?
12.66
Are policies documented for changes in a new system or method
for accounting for cash?
12.67 Are timely corrective actions taken in cash discrepancies?

26
13 Payments
13.1
Are the following duties distributed among at least two
individuals:
 Authorize payments?
 Have custody of cash?
 Record payments?
 Reconcile cash payments?
13.2 Is there a policy that clearly defines authorized payments?
13.3
Is the business purpose clearly documented on all invoices and
other claims submitted for payment approval?
13.4
Are all approved payments supported by proper documentation
such as original vendor invoices?
13.5
Are approved vendor invoices and other approved claims
promptly entered into General Ledger for payment?
13.6 Are payments made only against budgeted accounts?
13.7
Are cash advances prohibited unless specifically authorized by
Board policy or the Auditor or the Financial Controller?
13.8
Are blank cheques, warrants and signature plates safeguarded in
physically secure areas?
13.9 Do only authorized personnel sign cheques and claims?
13.10
Are changes in the list of authorized signatories promptly
reported to the Auditor, Financial Controller’s office, and the
banks?
13.11
Do these authorized signatories review supporting
documentation before signing?
13.12
Are signed warrants and cheques immediately mailed out by
someone who did not prepare them?
13.13
Does the Auditor/Financial Controller specifically authorize all
Electronic Transfers of funds?
13.14
Is each electronic payment confirmed in writing or e-mail with
the intended recipient?

27
13.15
Are there procedures to ensure that the individuals performing
the monthly review of company’s disbursements for all purposes
is not the same individual who approves requisitions of travel
and for other purposes?
13.16
Has the company developed and implemented written
procedures regarding the initiation, review, and approval of all
non-payroll expenditures?
13.17
Are all expenditure transactions and related vouchers
independently reviewed for completeness, accuracy, and
compliance with company policies and in agreement with
supporting documentation before being approved for payment?
14 Cash Management & Use of Company Credit Cards
14.1 Is cash on hand safeguarded in a physically secure area?
14.2 Are cash receipts in process properly secured?
Are balance in bank accounts and cash on hand is agreed on daily
basis before close of the day?
14.3
Are cash receipts deposited promptly into the company treasury
or bank accounts as appropriate?
14.4
Are bank accounts authorized by laws, the Board of Directors,
the Auditor and Financial Controller or the Treasurer, as
appropriate?
14.5
Are bank accounts opened in the names of authorized company
directors?
14.6 Are cash balances reconciled monthly with bank statements?
14.7
Have all reconciling items posted to books of accounts before
closing monthly accounts?
14.8
Are bank reconciliations reviewed by a senior officer for proper
disposition of reconciling items?

28
14.9 Is their fidelity insurance taken against cash operations?
14.10
Are all bank account balances reported to the Auditor and
Financial Controller at the end of the fiscal year?
14.11 Is there a written policy in place for the company credit cards?
14.12
Has the approval from MD/CEO/CFO/ the board (whatever is
applicable) taken before giving credit card to any employee?
14.13
Is each employee who is issued a credit card signing off on the
credit card policy before the card is issued?
14.14
Is each employee who is holding company a credit card have a
limit that is appropriate for their typical expenditure levels?
14.15 Is the type of usage and limit defined for each credit card holder?
14.16
Is there audit on credit card usage for it is used for company
business only?
14.17
Is each employee who is given a company credit card making sure
it is secured in a safe location?
14.18
Is there anybody making sure that company credit are used only
in cases where other mode is not possible?
14.19
Are employees’ monthly credit card bills checked and approved
by their manager or another supervisor?
14.20
Are monthly credit card bills reconciled timely to receipts by the
Finance Office?
14.21
Is the Finance Office following up promptly on any missing
receipts?

29
15 Deposits to Company Treasury
15.1
Are collections transmitted from site/branch offices to head
office through secure means within a reasonable time?
15.2
Is the money transmitted verified at both ends of the
transmission?
15.3
Is the money collected deposited intact and promptly (same day)
into the Company Treasury?
15.4 Are deposit records reconciled to cash receipt records?
16 Cash Funds
16.1
Are cash funds established only pursuant to Code, Board
resolution or Auditor or Financial Controller’s authorization?
16.2
Does the department Finance Officer maintain an inventory of
all cash funds, showing location, amount and custodian?
16.3
Are procedures for use of cash funds clearly established and do
they include:
 Clear definition of authorized uses?
 Prior approval of expenditures?
 Restrictions on amount and type of purchase?
 Requirement for receipt?
 Cancellation of receipt upon reimbursements?
16.4 Is an authorized chart of accounts used to code disbursements?
16.5 Are replenishment requests based on actual expenditures?
16.6 Are cash funds periodically counted and verified by supervisors?
16.7
Is the level of usage monitored to detect and close inactive
funds?
16.8
Is only Chief Accountant authorized to transact business on the
company’s bank accounts?

30
17 Investments
17.1
Whether the Rules and Regulations governing the Company
Permit for investments by the company?
17.2
Are there any restrictions or limitations for any of such
investments?
17.3
Do flowcharts exist that document investment processing and
identify control procedures?
17.4
Are there written policies and procedures that document the flow
of investment processing and identify control procedures?
17.5
Are there policies and procedures established to ensure investment
certificates are received or appropriately reflected in the custodial
accounts?
17.6
Are investment purchases recorded in the general ledger on the
date traded?
17.7
Does the documentation easily accessible to all persons needing it
to perform their job?
17.8
Are policies and procedures established to ensure the acquisition
and disposal of investments are properly recorded?
17.9
Are the policies and procedures established to ensure the
investment income received is recorded properly?
17.10 Does investment income earned get recorded on a timely basis?
17.11 Are investment earnings credited to the proper fund?
17.12
Is the acquisition and disposal of investments authorized by a
person with approval authority?
17.13
Are investment guidelines formally established and periodically
reviewed?
17.14
Have authority and responsibility been established for investment
opportunity evaluation and purchase?

31
17.15
Has the level and nature of approval required to purchase or sell
an investment been established?
17.16
 Cash flow management, investment transactions,
safeguarding the investments, responsibility for them and
recording them?
 Record-keeping functions for securities and income separate
from those having access to physical securities, those
authorizing security transactions, and those having duties in
the cash area?
 Initiating, evaluating, and approving transactions segregated
from those for detail accounting, general ledger?
 Monitoring investment market values and performance from
those for investment acquisition?
 Maintaining detail accounting records segregated from those
for general ledger entries?
 Custodial responsibilities for securities or for other
documents evidencing ownership or other rights assigned to
an official who has no accounting duties?
17.17
Does a governing body or statute restrict investments by type
and/or amount? Can officials override these restrictions with
proper authorization?
17.18
Are investment certificates and interest coupons sufficiently
safeguarded?
17.19
Are securities released from the vault only upon authorization of
a person responsible for cash flow and for investment
transactions?
17.20
Is it necessary for more than one person to authorize the release of
a security from safekeeping, or to have access to the safe deposit
box or vault?
17.21 Are individuals with access to securities bonded?
17.22 Are securities transported by armored truck?
17.23
Are all securities held or registered in the name of the company or
the Treasurer if applicable?

32
17.24
Are detail records maintained that include the following
information, if applicable, on each evidence of ownership:
 Date of acquisition, identification and purchase amount or
cost?
 Physical location of item, i.e., safe deposit box, etc.?
 Interest dividend, or income rates and accrual or receipt
dates?
 Ownership by fund?
17.25
Do procedures exist for reconciling the detail accounting records
with the General Ledger control?
17.26
Do specific procedures exist for tracking maturing investments
and interest payments?
17.27
Is the investment program integrated with the cash management
program and expenditure requirements?
17.28
Is cash in excess of operating needs invested in accordance with
laws and regulations?
17.29
For invested funds, is an approved investment policy followed to
ensure a prudent and average return on capital?
17.30
Are investment results monitored for compliance with laws and
policies?
17.31 Are investment managed by expert personnel?
 Monitoring
17.32
Is the classification of investments in the General Ledger
periodically reviewed? Are these classifications properly
documented by management?
17.33
Does a responsible official determine that the income earned is
credited to the proper fund?
17.34
Is the performance of the investment portfolio periodically
evaluated by persons independent of investment portfolio
management activities?
17.35
Are appropriate personnel authorized to release securities from
safekeeping authorized by the governing body?

33
17.36
Are securities or legal documents or agreements evidencing
ownership or other rights kept in a vault with limited access, or
preferable, protected in a safe deposit box, on deposit with a
corporate trustee, or broker?
17.37
Does the management periodically count securities and
reconciled them to the records?
17.38
Are periodic surprise counts of evidence of ownership made and
reconciled to detail records and other controls?
17.39
Are securities periodically inspected or confirmed from safe-
keeping agents?
17.40
Are periodic comparisons made between income received and the
terms of the security or publicly available investment
information?
18 Revenue Enhancement, Market Trends & Updates
18.1 Is staff encouraged to find ways to enhance existing revenues?
18.2
Is there a procedure to continuously identify new revenue
sources, including new projects, programs and contracting out
excess capacity?
18.3
Are new revenue sources evaluated to identify all associated
burdens including match and earmarking requirements?
18.4
Are new revenue sources applied for or explored only upon
executive management or Board approval?

34
19 Cost Recovery: Allocation & Apportionment
19.1
Are the costs of services provided or goods supplied computed or
estimated?
19.2
Are the types and extent of costs that are recoverable from
external sources determined?
19.3
Are all allowable costs including indirect costs included in the
computation?
19.4
Are billing rates and service fees reviewed periodically to ensure
that costs are recovered to the fullest extent allowable?
19.5
With the full recovery of costs, is there any excess charge for
margin of profit in case of:
 Services provided?
 Materials supplied?
 Tender & other quotes?
20 Billing to Customers
20.1
Are the following duties segregated among at least two people:
 Approve billings?
 Prepare billings?
 Posting revenue & receivable records?
 Accepting payments?
 Reconciling billings & receivable records?
20.2
Does the company have a Works Billing Manual defining the
procedures to be hereby undertaken for Billing Works done
under varied category of Construction works?

35
20.3
Are the billings done as per the Contractual Terms with the
Client?
20.4 Are all the claimable costs identified and billed timely?
20.5
Is there a procedure to ensure that all completed work orders are
billed?
20.6
Are the items claimed in the bills verified by the Senior official
situated in the Head Office?
20.7
Are cost claims prepared and submitted in accordance with
reimbursement requirements?
20.8
Are internal billings done timely to allow for timely billings to
external parties?
20.9
Do billings include all relevant detail:
 Details of the Project?
 Relevant Payment Application number?
 Billing date?
 Valuation Period?
 Name & address of Client, Consultant & Owner?
 Revised break-up of Contract Value?
 Project commencement date?
 Original & revised completion date of Project?
 Value & Percentage of Performance Bond?
 Value & Percentage of Advance Payment Bond?
 Retention Percentage?
20.10 Are billings checked for accuracy before mailing?
20.11
Are billings promptly recorded in the ledgers for follow up
purposes?

36
21 Accounts Receivables
21.1
Is there a formal organizational chart defining responsibilities
of preparing bills, follow-up for certification, receipt of
payment certificates, recording the payment certificates,
collecting the accounts receivable on due date of payment
certificates and follow up of accounts not paid?
21.2
Is follow-up done for converting Billings into certified
receivables?
21.3
Are the items of Certified Works & Claims compared with the
corresponding items of Billed Works & Claims?
21.4
Does the analysis statement is produced before the Management
to acknowledge for major variances?
21.5
Are the clarifications sought from the Client for any such
variances?
21.6 Is follow-up done for converting certified receivables into cash?
21.7
Does the company have written credit and collection policies
that meet the requirements of contractual terms, the Accounts
Receivable program and other policies and procedures
established by the management and the legal advisor?
21.8
Have procedures been documented to collect monies due within
the contractual payment terms?
21.9
Have procedures been adopted to notify the legal advisor’s
office and follow through the collection after reasonable period
of delay in payment?
21.10
Are remittance advices and billings retained to support entries
to accounts receivable records?
21.11
Do procedures exist to prevent the interception or alteration by
unauthorized persons of billings or statements after preparation
but before they are mailed?

37
21.12
Does the company have established policies and procedures
concerning refunds of overpayments, issuance of billing
adjustments?
21.13
Are subsidiary accounts receivable and notes receivable records
maintained?
21.14
Are subsidiary accounts reconciled at least monthly with the
General Ledger control account?
21.15
Are individual receivable records posted only from authorized
documents?
21.16
Are data bases and where appropriate usage records accurately
maintained to ensure that amounts due are billed correctly?
21.17
Are statements of account balances mailed at least once a
month?
 Writing-off Receivable Balances
21.18
Has an allowance account been established for doubtful
accounts to reflect the amount of the company’s receivables that
the management estimates will be uncollectible?
21.19
Does there any Accounting Policy for writing-off accounts
receivable after certain period of its overdue position?
21.20
Does any such write-offs are brought to the notice of the
Management and Board for their prior approval?
21.21
Are accounts written-off the Company’s financial accounting
records when all collection procedures have been exhausted
without success?
21.22 Are reasons for writing-off an account adequately documented?
21.23
After write-off, does the company continue to follow up for
recovery of written-off dues?
 Collection of Receivables
21.24
Is the accounting department notified directly and in a timely
manner of billings, certifications and collection?

38
21.25
people:
 Billing, collecting, and cash application of accounts
receivable funds?
 Maintaining detail accounts receivable records, collecting,
and General Ledger posting?
 Writing-off or adjusting to accounts receivable and the
maintenance of accounts receivable records?
 Investigating disputes with billing & certified amounts and
the maintenance of accounts receivable records?
 Reconciling, investigating reconciling items and posting
detail accounts receivable records?
21.26
Are all collections on accounts receivable posted to individual
receivable accounts?
21.27
Is access to the accounts receivable accounting system limited
only to authorized individuals?
 Monitoring
21.28
Are corrections and adjustments to cash receipts documented
and approved by a senior official?
21.29
Are all non-cash credits, such as credit memos, allowances, and
bad debts properly authorized?
21.30
Is an aging schedule prepared monthly and is it reviewed by a
responsible manager?
21.31 Are delinquent accounts followed up?
21.32
Are all legal remedies followed to collect write-offs or
uncollectible accounts with the legal advisor?
21.33
Are accounts periodically reviewed for propriety of transactions
and balances by a person independent of cash and accounts
receivable accounting?
21.34
Are remittances promptly applied against outstanding billings
/receivables?
21.35
Is there a procedure to follow up on overdue accounts and refer
them to the Office of Revenue and Reimbursement or other
collection company as appropriate?
21.36 Are follow up and collection activities properly documented?

39
21.37
Are detailed receivable ledgers periodically reconciled to
General Ledger?
21.38
Are aged receivable listings prepared periodically to identify
old unpaid accounts?
21.39
Are receivables and collection activities reported to the Auditor/
Financial Controller in the prescribed format?
21.40
Are uncollectible accounts identified and submitted to the
Board of Directors annually for discharge of accountability?
22 Inventory: Goods, Materials & Stores
22.1
Is there a formal organizational chart defining the
responsibilities of ordering, accepting, approving, processing
and recording of the inventory?
22.2
Are the policies established to ensure that inventories are not
stockpiled or to prevent over-ordering?
22.3
Are the policies established to ensure that obsolete and inactive
items in inventory are sent to Scrap Inventory Department?
22.4
Is there any Central Stores Room for centralized receipt of
goods?
22.5
Are the inventories properly maintained in the Store Room to
identify them with the associated Project/Contract/Subcontract?
22.6
Are steps documented to ensure that goods received are
accurately counted and examined to see that they meet quality
standards and specifications?
22.7
Is the Inventory Module properly in place to take care of proper
accounting of following aspects:
 Receipt of Materials?
 Issue/ Consumption of Materials?
 Transfer of Materials?
 Stock of Materials?

40
22.8
Does the company maintain perpetual inventory records and are
all inventory items put on the perpetual inventory system?
22.9
Are the written instructions given and explained to all personnel
involved in the physical count of the inventory?
22.10
Is there a proper cut-off of receipts and issues from inventory at
year end?
22.11
Is the accounting department notified (by issuing a receiving
report) immediately upon the receipt of goods?
22.12
Are entries to perpetual inventory records made timely upon the
receipt of goods?
22.13
Are receiving reports or vendor invoices used to record
purchases to the perpetual inventory records?
22.14
When issuing inventory, is the proper Cost Centre charged in
the General Ledger?
22.15
Is each Project/Contract site equipped with a duly trained and
responsible store keeper to discharge his duties as such?
22.16
people:
 Receiving and issuing inventory and the operational duties?
 Receiving and issuing of inventory and taking the physical
inventory?
 Receiving and issuing of inventory and the approving of
expenditures, recording transactions in the general ledger,
and reconciliation of subsidiary records to control accounts?
22.17 Is a definite responsibility designated for each inventory type?
22.18
Are work orders or requisitions required to be approved by
appropriately designated officials as a basis of issuing
inventories?
22.19
Are adjustments to inventory records approved by a properly
designated official?
22.20 Is there adequate physical security surrounding inventories?

41
22.21 Is access to inventory locations limited by physical controls?
22.22 Is there enough insurance for significant inventories obtained?
22.23
Are all employees responsible for inventories adequately
bonded?
22.24
Does the person receiving the goods sign the requisition as
evidence of receipt?
22.25 Are the approved and completed requisitions kept on file?
22.26
Are physical inventories:
 Supervised by someone independent of the custodial or
record keeping functions?
 Made by or tested by employees independent of the
department being inventoried?
 Recorded on permanent inventory count sheets?
 Re-recorded on count sheets signed and dated by the person
supervising the count?
 Planned to provide provisions for cut-off of receipts and
issues?
 Reflected in the perpetual records based on the actual
inventory quantities?
22.27
Are pre-numbered tags/codes used during the physical
inventories count?
22.28
Is access to the perpetual inventory records limited to
authorized individuals?
 Monitoring
22.29 Is a physical inventory taken at least annually?
22.30
Are perpetual inventory balances reconciled against the General
Ledger control accounts at least annually?
22.31
Does management periodically check inventory reports/
records?
22.32
Are deviations of reports followed up by management in a
timely manner?
22.33
Does management assess inventory policies and procedures
periodically?

42
23 Operating Fixed Assets
 General
23.1
Is there a formal organizational chart defining the
responsibilities of purchasing, receiving, recording, approving
and performing the fixed assets?
23.2
Are there formal written procedures for performing a physical
inventory of fixed assets?
23.3
Is a capitalization policy established which is consistent with
Purchase and Contract requirements and UAE Government
rules and regulations?
23.4
If there is any missing asset noted, is the Missing Asset Form
filled immediately?
23.5
Are assets believed to be stolen or vandalized reported to the
Police Department according to UAE law?
23.6
Are construction records adequate to accumulate costs
associated with constructed fixed assets including force (in-
house) labor and materials obtained from inventory?
23.7
Is the individual responsible for fixed assets notified when
assets are:
 Received?
 Location changes are made?
 Transferred to other construction sites?
 Sold?
 Stolen, vandalized or missing?
 Re-assigned to a different organizational entity or to another
group company?
 Scrapped?
23.8
Are gains or losses properly recognized from disposals of fixed
assets in proprietary fund types?
23.9
Are the fixed asset subsidiary accounts balanced to the fixed
asset control accounts on monthly basis?

43
23.10
Are property records reconciled periodically to property
accounts?
23.11
Are beginning balances, additions, disposals and ending
balances properly reflected in the notes to the Financial
Statements?
23.12
people:
 Custodian of the fixed assets and taking the annual
inventory?
 Reconciliation of the Fixed Asset System with the control
accounts and making entries in the Fixed Asset System?
 Custodian of the fixed assets and tagging?
 Custodian of the fixed assets and investigating the missing
fixed assets?
 Custodian of the fixed assets, making entries in the Fixed
Asset System and making entries in the General Ledger?
23.13
Are all disposals of property approved by a designated person
with proper authority?
23.14
If other than AED 5,000 capitalization threshold, has the Staff
described here-in-above. chosen and documented the threshold
level in the Internal Policy/Procedure Manual?
23.15 Are all assets tagged/ coded?
23.16
Is someone assigned custodial responsibility by location for all
assets?
23.17
Is access to the perpetual fixed asset records limited to
authorized individuals?
 Acquisitions/Additions/Procurements
23.18 Are all purchases pre-approved in the budget?
23.19
Are all fixed asset purchases and receipts approved by a
designated person with proper authority?
23.20
Are acquisitions that require a significant investment of time
and resources included in the approved capital improvement
plan?

44
23.21
Are all fixed asset additions properly valued:
 Is the total purchase price, less discount and any expenditure
required to place asset in its intended state of operation the
amount capitalized?
 Does the recorded asset cost of land purchases include:
purchase price, legal and title fees, surveying fees, appraisal
and negotiation fees, damage payments, and site preparation
costs?
 Does the recorded asset cost of building include: purchase
price, contract price or job order costs plus any other
expenditure necessary to put a building or structure into its
intended state of operation, including professional fees,
damage claims, cost of fixtures, insurance premiums,
interest, and related costs incurred during the period of
construction?
 Are maintenance costs expensed rather than capitalized?
23.22
Are specifications adequately described in the purchase order or
contract to ensure high quality and correct product?
23.23
Are specifications written by experts who are knowledgeable of
the company needs?
23.24 For larger items, is competitive bidding used?
23.25
Are purchases and leases made in conformance to the
company’s Purchasing Agent guidelines and applicable laws
and regulations?
23.26 Are the items properly inspected before acceptance?
23.27 Is acceptance properly documented?
23.28
Is there a procedure to check that title is properly vested in the
company?
23.29
Is payment of the bill made only after acceptance and transfer
of title?
23.30 Are fixed assets tagged/ coded when procured?

45
 Use
23.31
Are the following duties segregated between at least two
individuals:
 Authorizing purchase, transfer or disposal of assets?
 Using the assets?
 Posting asset records?
 Adjusting and reconciling records to physical inventory?
23.32
Are the proper usage of the assets explained clearly to
employees and users?
23.33
Is access to valuable or sensitive asset items restricted to
authorized users only?
23.34
Are authorized users provided with proper training on the
correct use of the assets?
 Protection
23.35
Are procedures in place to safeguard valuable and sensitive
assets against theft or damage?
23.36
Is there adequate insurance coverage of the very high valued
fixed asset items?
23.37 Are items owned by the company specifically identified?
23.38
Is responsibility for the safe custody and maintenance of assets
assigned to specific individuals?
23.39
Is a regular maintenance schedule followed to maintain the
functionality and value of assets?
23.40 Is warranty information safeguarded for new property items?
 Accounting
23.41
Are detailed records of assets maintained showing identification
number, classification/grouping, description, location and
original cost?
23.42
Is the physical existence of the assets annually verified and
reconciled to asset records?

46
23.43
Are new asset items promptly reported to the Purchasing
Department and the Internal Auditors’ Office?
23.44
Are procedures in place to document loss, transfer and
retirement of assets?
23.45
Are the Fixed Asset System and appropriate accounts
reconciled monthly?
23.46
Are there procedures in place for writing-off fully depreciated
fixed assets?
 Monitoring
23.47
Are the Physical Inventory Worksheets approved by the Chief
Financial Officer/ Financial Controller before the fixed asset
officer makes changes to the Fixed Asset System?
23.48 Is such insurance coverage independently reviewed periodically?
23.49
Has the Internal Policy/ Procedure Manual been kept up to date
with any changes in the company, or company philosophy?
23.50 Is a physical inventory taken at least annually?
23.51
Is a physical inventory of capitalized assets and inventoried items
taken each time there is a change at a management or supervisory
level that has responsibility for the assets?
23.52
Are missing items investigated and reasons for them
documented?
24 Purchasing & Payables
 Requisition
24.1
Are materials/ services requisition forms used for any of the
requirement from the Site?
24.2
Is the need properly assessed, reviewed and approved by a
supervisor?
24.3 Does such requisitions addressed to the Central Stores Room?

47
24.4
Is there a procedure to explore all options to satisfy the needs,
including options within current resource constraints, before a
purchase is authorized?
24.5
Are items to be purchased specified in sufficient detail in the
requisition to minimize risk of erroneous purchases?
24.6 Are the detailed specifications verified by the requestor?
24.7
Does the requisition form refer to the availability of approved
budgeted expenditure towards the purchase requirement?
 Authorization
24.8
Is the requisition authorized by a person designated by the
department head on the Authorization Form on file with the
Auditor and Financial Controller?
24.9
Is the authorizing official certifies the amount available in the
Project Budget towards the purchase requirement?
24.10 Is the authorization properly documented?
24.11 Are approval limits on department heads and CAO observed?
24.12
Is there a procedure to verify that there is sufficient balance in
appropriations to cover this purchase?
 Methods of Purchase
24.13
Are purchasing guidelines in the Company Policy and
Procedures’ Manual followed?
24.14
Are the following contractual procedures observed with respect
to each of the purchase requirement:
 Are copies of all supplier enquiries forwarded to the Central
Purchase Department?
 Is the list of suppliers to whom the enquiries are forwarded
is made available to CPD?
 Are quotes received from any additional suppliers as
recommended by CPD?
 Is comprehensive quotation comparison statement prepared
and forwarded to CPD for its comments?
 Are the comments from CPD observed before purchase is
affected?

48
 Are the signed and approved (by CPD) quotation
comparison statements brought to the notice of Internal
Auditor for acknowledgement of adherence to the agreed
purchase procedure?
24.15 Are purchase orders used only for goods and not for services?
24.16
Is a contract used for purchases of complex items such as
computer systems or large equipment, which need special
delivery or expert installation?
24.17
Is the use of confirming requisitions limited to emergency
situations?
24.18 Is competitive bidding used to the extent practicable?
 Receiving
24.19
Are goods and services inspected upon delivery for
conformance with purchase order?
24.20 Are incomplete deliveries promptly followed up?
24.21 Are non-conforming goods promptly returned to vendors?
24.22
Are vendors promptly notified in writing of non-conforming
services?
24.23 Are goods and services received documented in writing?
 Payables
24.24 Are only original invoices accepted for processing?
24.25 Are vendor invoices processed promptly upon receipt?
24.26
Are invoices matched with receiving reports or other evidence of
receipt?
24.27 Are invoices checked for accuracy?
24.28
Is the Exception Form used to request approval by the Auditor
and Financial Controller for all exceptions to the company
policies and procedures?
24.29 Are paid invoices immediately canceled?

49
25 Payroll
 Time Entry
25.1 Are employees required to maintain attendance records?
25.2 Is the Time Sheet (HRMS) Module is properly in use?
25.3
Do attendance records contain sufficient detail on work
assignment for labor cost distribution purposes?
25.4
Are attendance records in compliance with Labor Code
requirements?
25.5
Are attendance records approved by supervisors before
submission to payroll department with direct knowledge of
actual time worked?
25.6
Are approved attendance records used to prepare payroll time
entry?
25.7
Are Time Cards or Sheets signed and submitted by employees
at the end of (or the last day of work) the period?
25.8
Is all overtime and compensation time recorded on the
company’s Payroll System?
25.9
Are the overtime payments take care of UAE Labor Law
provisions with respect to 1.25 times & 1.5 times of the normal
wage payment?
25.10 Are the employees paid for Vacation or Sick Time in advance?
25.11 Are accumulated leave records reviewed at year-end?
 Payroll Distribution
25.12
Is staff preparing payroll precluded from access to payroll
checks and statements?
25.13
Are payroll checks and statements distributed by supervisors or
managers who know the employees?

50
25.14
Is there a procedure to safeguard payroll checks and statements
before it is delivered to the correct recipients?
25.15
Is there a procedure to ensure that the payroll checks or
statements are delivered timely to the correct employees in
their absence?
25.16
Are payroll distribution procedures in compliance with Labor
Code requirements?
25.17
While approving payroll, does anybody review the Payroll
Voucher Verification Report at the end of each payroll period?
 Payroll Records
25.18
Are payroll and employee records safeguarded in compliance
with Labor Code requirements?
25.19 Are payroll records retained for at least three years?
25.20
Are changes in employee information promptly transmitted to
HR Department and the Internal Auditor’s Office?
25.21
If employees perform services outside the normal scope of
their employment, are they paid in accordance with the
Company Policy?
25.22
Are all or most of the following payroll duties performed by
the same person?
 Preparing and entering the data
 Approving payroll information
 Distribution of checks and vouchers
25.23 Is payroll prepared for staff and laborers separately?

51
Section II: Audit Results
Responding Person:
Name: ____________________________________________________________
Date of Audit: ______________________________________________________
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________
Reviewed by: _______________________________ Date: __________________

52
Section III
Human Resources Planning, Control
& Management
Schedule 26

53
26 Human Resources: Planning, Control & Management
 Recruitment
26.1
Are skills and abilities required for positions clearly defined by
the managers responsible for those positions?
26.2 Are the Professional Certifications/Degrees based on actual
skills and abilities required for the job?
26.3
Does the description of job responsibilities for the position
match the responsibilities stipulated for the classification?
26.4
Is the compensation package designed to attract and retain
qualified candidates?
26.5
Where the proposed compensation package exceeds AED
350,000/-, is the prior approval of the Board obtained and kept
on record? (This clause depend company to company, so shall
be changed accordingly.)
26.6
Are job openings advertised widely to attract the highly
qualified applicants?
26.7
Is the selection process designed to hire the best candidates for
the positions?
26.8
Is the recruitment based on the pre-approved Organization
Chart?
 Compensation
26.9 Are surveys made periodically to benchmark compensation?
26.10
Are adjustments made to bring compensation closer to
benchmark?
26.11
Are employee salaries based on the salary ordinance adopted
annually by the Board of Directors?
26.12
Are benefits awarded to employees in accordance with UAE
Labor Code?
26.13
Do the proper managers authorize changes in classification or
compensation?

54
26.14
Are reasons for changes in compensation or classification
properly documented in the files?
26.15
Are the changes in compensation/classification properly
approved by HR analysts?
 Job Responsibilities
26.16
Is each employee assigned specific job responsibilities in
writing?
26.17
Is any employee assigned with duties to contribute to the
betterment of the parent company or the sister companies?
26.18
Does the fixing of Global Duties to any such employee have
hindered the effective working of the company?
26.19 Are significant changes in assignment documented in writing?
26.20 Are key job responsibilities approved by the department head?
26.21
Do statements of job responsibilities indicate clearly show
employees are expected to contribute to the Company goals?
26.22
Do all managerial staff exhibit high ethical values, personal and
professional integrity and compliance with the company policies
and procedures?
 Training
26.23
Are resources and tools required by employees to carry out their
responsibilities identified?
26.24
Is the training required by employees to maintain their skills
identified?
26.25
Are funds budgeted to acquire the required resources, tools and
training?
26.26
Are personnel cross-trained or have it developed other plans for
the replacement or back-up of key personnel?
26.27
Is the staff regularly informed on how to report fraud or
misconduct?
26.28
Have the personnel, who initiate, approve, or review financial
transactions, received appropriate training on the various
financial systems?

55
26.29
Are the personnel in operations are familiar with the company’s
policies and procedures based on most update knowledge of
rules and regulations?
 Employee Performance
26.30 Are performance standards or expectations clearly established?
26.31
Is performance assessed periodically against the standards and
documented?
26.32 Are positive results reinforced through recognition or awards?
26.33 Is action taken to improve performance that is below standard?
 Communication
26.34
Are the company goals and departmental goals spelled out
clearly for all employees to see?
26.35
Are important instructions such as project/contract assignments
given out in writing?
26.36
Do instructions include the following details, at minimum:
 Names of responsible persons,
 Date of completion and
 Expected results?
26.37 Do employees get feedback on the results achieved?
26.38
Is there a way through which employees can freely express their
concerns and suggestions to their managers?
26.39
Are the managers required to follow up and respond to their
employees’ concerns and suggestions?

56
Section III: Audit Results
Responding Person:
Name: ____________________________________________________________
Date of Audit: ______________________________________________________
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________
Reviewed by: _______________________________ Date: __________________

57
Section IV
Financial Planning,
Accounting & Reporting
Schedule 27

58
27 Financial Planning, Accounting & Reporting
 Design of System
27.1
Is there annual review of the design of accounting and internal
control system for up-dating it according to the changing needs of
the company and computer technology?
27.2
Is there a formal schedule with target dates for completing tasks
associated with closing the General Ledger and preparing
Financial Statement worksheets?
27.3
Is there a formal plan of organization under which responsibilities
for closing the General Ledger and Financial Statement
worksheets are clearly defined?
27.4
Are policies and procedures established concerning year-end cut-
off of accounting transactions?
27.5
Does the company maintain documentation of written procedures
covering the recording of transactions?
27.6
Does this documentation contain a chart of accounts explaining
what items are charged to each line account? Do relevant
employees have access to this information?
27.7
Does the company maintain and follow procedures for record
filing, retention, and disposition?
 Book-Keeping & Financial Accounting
27.8 Are all financial transactions promptly entered into record-books?
27.9 Are the source documents maintained to provide an audit trail?
27.10
If Subsidiary Ledgers are maintained, are they reconciled to
accounting system on monthly basis?
27.11
Is there record retention policy that satisfies statutory and audit
requirements?
27.12 Have the accounting records been audited in the past five years?
27.13
Have adequate training been provided to accounting and finance
staffs on accounting system?

59
27.14
Are journal entries approved, including a review of supporting
documentation?
 Financial Reporting
27.15
Is it required that trial balances, adjustments and supporting work
papers be maintained to support the process of closing the General
Ledger and preparing Financial Statements and Financial
Statement worksheets?
27.16
Are financial reports prepared only from General Ledger data or
accounting data that reconcile with General Ledger?
27.17
Are worksheets and schedules attached to journal entry accounting
code sheets and are they secured in a safe location?
27.18
Is a schedule followed to ensure timely preparation and filing of
statutory reports?
27.19
Is the usefulness of internal financial reports periodically
evaluated?
27.20 Are financial reports submitted timely to requestors or users?
27.21
Are Financial Statements (or Financial Statement worksheets)
reviewed by the CFO for accuracy and consistency?
 Disclosure of Unusual Transactions
27.22
Is the certification required from operating contracts and projects
that information submitted for the preparation of the Financial
Statements is correct and up to date?
27.23
Is informative disclosure required in the Financial Statements and
the accompanying notes as requiring the accumulation of
information concerning:
 Commitments?
 Contingencies?
 Related party transactions?
 Accounting principles?
 Fund classifications?
 Subsequent events?
 Other accounting disclosures?
27.24
Are transactions subsequent to the balance sheet date reviewed for
proper classification?

60
 Reconciliation of Accounts & Balances
27.25 Are investments reconciled to control accounts at year-end?
27.26 Are intra-company transfers reconciled at year-end?
27.27
Are intra-company inter-fund receivables and payables
reconciled at year-end?
27.28
Are amounts designated for subsequent years' expenditure
reconciled to budget authorizations?
27.29
Are the beginning fund balances or retained earnings reconciled
to amounts reported in prior years?
27.30
Are reconciliations of Subsidiary Ledgers to control accounts
performed and reviewed by a responsible person?
27.31
Are inter-company transfers of
goods/equipment/materials/services (all kind of resources)
reconciled before the closing of the year?
27.32
Are Financial Statements (or Financial Statement worksheets)
reconciled to the General Ledger before being transmitted to the
Financial Controller/ CFO?
27.33
Are bank reconciliation statements prepared on monthly basis
and accounts are adjusted accordingly?
27.34 Are bank reconciliations reviewed at each month end?
27.35 Is the bank reconciliation statements’ file maintained separately?
27.36
 Preparing and reviewing the Financial Statements?
 Preparing and reviewing journal entries?
 Accumulation of accounting information (inventories,
estimates, etc.) and custody of related assets?
 Preparing and reviewing worksheets and schedules
supporting the accounting information?
 Performing and reviewing reconciliations?
 Review of Accounting Estimates
27.37 Do only authorized persons review departmental budgets?
27.38
Are investments earning calculations and accruals reviewed at
year-end?

61
27.39
Are revenue accounts reviewed to identify possible deferred
revenue?
27.40 Are fixed asset inventory worksheets reviewed at year-end?
27.41
Are accrual transactions reviewed to determine that expenditure or
revenue recognition was proper?
27.42
Are retained earnings or fund balances reviewed for
restrictions/reservations at year-end?
27.43 Are fund types reviewed to verify fund classifications?
27.44
Does the management review accounting estimates at
least annually (depreciation, allowance for Doubtful
Accounts, etc.)?
 Monitoring
27.45
Has the management identified accounts, such as those requiring
complex calculations or accounting estimates, which are
especially at risk of misstatement and developed policies and
procedures to address those risks timely?
27.46
Does the management consider the financial reporting impact of
changes in computer programs?
27.47
Has the management instituted a process to identify and address
changes in accounting and reporting procurements?
27.48
Are only authorized persons allowed to alter or interpret
an existing accounting principle or establish a new
accounting principle? Have proposed changes been
brought to the attention of the management?
27.49
Does the management spot-check transactions, records,
and reconciliation to ensure expectations are met?
27.50
Are policies and procedure developed for changes in
new systems or new way of doing duties?
27.51
Is information (i.e. findings, recommendations, etc?)
provided by external auditors considered and acted upon
in a timely manner?
27.52
Are internal controls subject to a formal and continuous
internal assessment process being instituted?
27.53
Does the management periodically evaluate the accuracy
and timeliness of its information and communicate it to
appropriate personnel?

62
 Application of IFRSs/IASs
27.54
Is a knowledgeable individual assigned the responsibility
to supervise the conversion from budget (cash) basis to
GAAP basis of accounting?
27.55
Have the qualified individuals reviewed recently
promulgated accounting standards for proper
implementation? This would include IFRSs/IASs.
27.56
Are Financial Statements prepared in conformity with the
applicable IFRSs/IASs?

63
Section IV: Audit Results
Responding Person:
Name: ____________________________________________________________
Date of Audit: _____________________________________________________
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________
Reviewed by: _______________________________ Date: __________________

64
Section V
Management of Contracted Services
Schedule 28

65
28 Services (include both to and by the Co.)
 Need Assessment
28.1 Are the needs clearly defined prior to the contracting decision?
28.2
Are all reasonable options explored before the contracting
decision?
28.3
Is the description of contracted services in the contract draft
reviewed by the contract administrators or the end-users before
final approval?
28.4
Are on-going contracts periodically reviewed and modified to
reflect changes in needs?
 Ability Assessment
28.5
Is the ability to provide the services contracted determined prior
to the decision to contract?
28.6
Is the net benefit to the company determined prior to entering into
the contract?
28.7
Is the ability to provide the services reviewed periodically prior
to renewing the contract?
 Compliance with the Company Statutes & UAE Labor Code
28.8
Are contract drafts reviewed for compliance with statutes,
regulations and Board policies before finalizing?
28.9
Are terms of contracts reviewed annually for modifications
necessitated by changes in laws, regulations or Board policies?
 Contract Execution
28.10
Are the company responsibilities, as stipulated in the contracts,
assigned to specific personnel?
28.11
Are the company responsibilities monitored by the management
regularly?

66
28.12
Are the counter-party’s responsibilities monitored by the
company personnel?
28.13
Is the counter-party notified timely of non-compliance with
contractual terms?
28.14
Are instances of contract non-compliance followed up to ensure
proper resolution?

67
Section V: Audit Results
Responding Person:
Name: ____________________________________________________________
Date of Audit: ______________________________________________________
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________
Reviewed by: _______________________________ Date: __________________

68
Section VI
Management Information System
Schedule 29

69
29 Information System: Management & Controls - Overall
 Delegation of Responsibilities
29.1
Is there a formal and approved organizational chart which
identifies the individuals responsible for the:
 Computer Systems?
 Computer Security?
29.2
Are there responsibilities of persons written in respect to the
following:
 Data Collection?
 Data Transmittal?
 Data Conversion?
 Data Editing?
 Error Correction & Control?
 Processing & Output Control?
 Data & Report Distribution?
29.3
Are responsibilities segregated to assure that no one individual has
the ability to input data, process data, and review output data?
 Security
29.4 Is the Network Security Policy implemented?
29.5
Are policies specific to work units developed to protect
equipment?
29.6 Is physical access to equipment limited to authorized personnel?
29.7
Are instructions and training provided to new equipment users on
regular basis?
29.8 Is equipment breakdown promptly reported and acted on?
29.9 Is equipment subject to regular maintenance schedule?
29.10 Are obsolete items identified and upgraded timely?
29.11
Are purchases of equipment coordinated and planned to ensure
long-term compatibility?

70
 Protection of Information
29.12
Is a person designated as security administrator to ensure the
security of information?
29.13
Is access to data and program files restricted to authorized
personnel?
29.14
Are procedures established for the retention and back up of critical
computer files?
29.15
Have all personnel handling sensitive information been trained in
accordance with Security Policy requirements?
29.16
Does the information system require that users use strong
password of at least 7 characters (having a combination of alpha,
numeric & function keys) in length and change their password on
regular basis?
29.17
Does the IT Department have a written password policy and
password training materials that are shared with system users on at
least an annual basis?
29.18
Do accounts exist in the information system environment that are
shared by more than one user or do not require a password?
29.19
Does the information system have means of automatically
identifying and responding to unauthorized attempts to gain
access?
29.20
Are the security scans periodically run on information system and
results analyzed?
 Usefulness of Information
29.21
Is the information provided by information systems reliable and
timely?
29.22
Is the usefulness of output from information systems periodically
evaluated?
29.23
Are users periodically surveyed as to the usefulness of the
information that they receive?
29.24 Are users kept informed of new capabilities of the systems?
 Miscellaneous Issues

71
29.25
Does software (ERP) undergo routine operating system and
software maintenance?
29.26
Does software (ERP) have a means of recording system activity
for historical analysis?
29.27
Does the company have a written and implementable disaster
recovery or business continuity/ resumption plan?
29.28
Are some copies of system backups stored in an off-site location
(i.e. in a separate building from the Company Office)?
29.29
Are the processes and policies surrounding the administration of
software (ERP) documented?
29.30
Is the hardware infrastructure underlying software (ERP) protected
from unauthorized physical access?
29.31
Are the environmental variables of the location where the company
hardware infrastructure resides properly controlled (e.g.
temperature, humidity, uninterruptible/backup/clean electrical
power supply)?
29.32
Does the system administrator have adequate and applicable
experience and training on the technology used in the software?
29.33
Is the technology direction of the IT Department regularly
reviewed and evaluated both internally and externally?
29.34
Have you read and counseled the employees on the company’s IT
Policy, Computers Users Privileges and Responsibilities?
29.35
Have you considered how someone could be improperly
conducting day-to-day operations in the company?
29.36
Are there adequate controls over the process of identifying,
correcting, and reprocessing data rejected by the computer system?
29.37
Is there a control in place to verify that the computer generated
voucher number matches the number printed on the check?
29.38
Is there a control in place to verify that the computer generated
check number matches the number printed on the check?

72
Section VI: Audit Results
Responding Person:
Name: ____________________________________________________________
Designation & Department: _________________________________________
Date of Audit: ______________________________________________________
1: _______________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
Reviewed by: _______________________________ Date: __________________

73
Section VII
Information System - Detailed
Schedule 30

74
30 Information System: Management & Control - Detailed
# Description Yes No N/A
30.1 ORGANISATION AND ADMINISTRATION
-
Audit Objective
Does the organization of data processing provide for adequate
segregation of duties?
-
Audit Procedures
Review the company organization chart, and the data processing
department organization chart.
30.1.1 Is there a separate EDP department within the company?
30.1.2
Is there a steering committee where the duties and responsibilities for
managing MIS are clearly defined?
30.1.3
Has the company developed an IT strategy linked with the long and
medium term plans?
30.1.4
Is the EDP Department independent of the user department and in
particular the accounting department?
30.1.5
Are there written job descriptions for all jobs within EDP
department and these job descriptions are communicated to
designated employees?
30.1.6
Are EDP personnel prohibited from having incompatible
responsibilities or duties in user departments and vice versa?
30.1.7 Are there written specifications for all jobs in the EDP Department?
30.1.8
Are the following functions within the EDP Department performed
by separate sections:
 System design?
 Application programming?
 Computer operations?
 Database administration?
 Systems programming?
 Data entry and control?
30.1.9
Are the data processing personnel prohibited from duties relating
to:
 Initiating transactions?

75
 Recording of transactions?
 Master file changes?
 Correction of errors?
30.1.10
Are all processing pre-scheduled and authorized by appropriate
personnel?
30.1.11
Are there procedures to evaluate and establish who has access to the
data in the database?
30.1.12 Are the EDP personnel adequately trained?
30.1.13
Are systems analysts programmers denied access to the computer
room and limited in their operation of the computer?
30.1.14
Are operators barred from making changes to programs and from
creating or amending data before, during, or after processing?
30.1.15
Is the custody of assets restricted to personnel outside the EDP
department?
30.1.16
Is strategic data processing plan developed by the company for the
achievement of long-term business plan?
30.1.17
Are there any key personnel within IT department whose absence
can leave the company within limited expertise?
30.1.18 Are there any key personnel who are being over-relied?
30.1.19
Is EDP audit being carried by internal audit or an external
consultant to ensure compliance of policies and controls established
by management?
30.2
PROGRAM MAINTENANCE AND SYSTEM
DEVELOPMENT
-
Audit Objective
Development and changes to programs are authorized, tested, and
approved, prior to being placed in production.
Program Maintenance Audit - Procedures
-
Review details of the program library structure, and note controls
which allow only authorized individuals to access each library.
- Note the procedures used to amend programs.
-
Obtain an understanding of any program library management
software used.

76
30.2.1 Are there written standards for program maintenance?
30.2.2 Are these standards adhered to and enforced?
30.2.3 Are these standards reviewed regularly and approved?
30.2.4
Are there procedures to ensure that all programs required for
maintenance are kept in a separate program test library?
30.2.5
Are programmers denied access to all libraries other than the test
library?
30.2.6
Are changes to programs initiated by written request from user
department and approved?
30.2.7
Are changes initiated by Data Processing Department
communicated to users and approved by them?
30.2.8
Are there adequate controls over the transfer of programs from
production into the programmer's test library?
30.2.9
Are all systems developed or changes to existing system tested
according to user approved test plans and standards?
30.2.10
Are tests performed for system acceptance and test data
documented?
30.2.11
Are transfers from the development library to the production library
carried out by persons independent of the programmers?
30.2.12
Do procedures ensure that no such transfer can take place without
the change having been properly tested and approved?
30.2.13
Is a report of program transfers into production reviewed on a
daily basis by a senior official to ensure only authorized transfers
have been made?
30.2.14 Are all program changes properly documented?
30.2.15 Are all changed programs immediately backed up?
30.2.16
Is a copy of the previous version of the program retained (for use
in the event of problems arising with the amended version)?
30.2.17
Are there standards for emergency changes to be made to
application programs?
30.2.18 Are there adequate controls over program recompilation?
30.2.19 Are all major amendments notified to Internal audit for comment?
30.2.20
Are there adequate controls over authorization, implementation,
approval and documentation of changes to operating systems?

77
30.3 SYSTEM DEVELOPMENT
30.3.1
Are there formalized standards for system development life cycle
procedure?
30.3.2
Do they require authorization at the various stages of development
– feasibility study, system specification, testing, parallel running,
post implementation review, etc.?
30.3.3
Do the standards provide a framework for the
development of controlled applications?
30.3.4 Are standards regularly reviewed and updated?
30.3.5 Do the adequate system documentation exist for:
 Programmers to maintain and modify programs?
 Users to satisfactorily operate the system?
30.3.6
Have the internal audit department been involved in the design
stage to ensure adequate controls exist?
30.3.7 Testing of programs - see Program Maintenance.
30.3.8
Procedures for authorizing new applications to production - see
Program Maintenance.
30.3.9
Are user and data processing personnel adequately trained to use
the new applications?
30.3.10
Is system implementation properly planned and implemented by
either parallel run or pilot run?
30.3.11
Are any differences and deficiencies during the implementation
phase noted and properly resolved?
30.3.12
Are there adequate controls over the setting up of the standing data
and opening balances?
30.3.13 Is a post implementation review carried out?
30.3.14
Are user manuals prepared for all new systems developed and
revised for subsequent changes?
30.3.15
Is there a Quality Assurance Function to verify the integrity and
acceptance of applications developed?
30.4 PURCHASED SOFTWARE

78
30.4.1
Are there procedures addressing controls over selection, testing and
acceptance of packaged softwares?
30.4.2 Is adequate documentation maintained for all softwares purchased?
30.4.3 Are vendor warranties (if any) still in force?
30.4.4 Is the software purchased, held in escrow?
30.4.5 Are backup copies of user/operations manual kept off-site?
30.5 ACCESS TO DATA FILES
-
Audit Objective
Is access to data files restricted to authorized users and programs?
- Access to Data
30.5.1
Is there any formal written data security policy? Consider whether
the policy addresses data ownership, confidentiality of information,
and use of password.
30.5.2
Is the security policy communicated to individuals in the
organization?
30.5.3 Is physical access to off-line data files controlled in:
 Computer room?
 On-site library?
 Off-site library?
30.5.4
Does the company employ a full-time librarian who is independent
of the operators and programmers?
30.5.5 Are libraries locked during the absence of the librarian?
30.5.6 Are requests for on-line access to off line files approved?
30.5.7
Are requests checked with the actual files issued and initialed by
the librarian?
30.5.8
Are sensitive applications e.g. payroll, maintained on machines in
physically restricted areas?
30.5.9
Are encryption techniques used to protect against unauthorized
disclosure or undetected modification of sensitive data?

79
30.5.10
Are returns followed up and non-returns investigated and
adequately documented?
30.6 COMPUTER PROCESSING
30.6.1 Does a scheduled system exist for the execution of programs?
30.6.2 Are non-scheduled jobs approved prior to being run?
30.6.3
Is the use of utility programs controlled (in particular those that can
change executable code or data)?
30.6.4 Are program tests restricted to copies of live files?
30.6.5
Is access to computer room restricted to only authorized
personnel?
30.6.6 Are internal and external labels used on files?
30.6.7 Are overrides of system checks by operators controlled?
30.6.8
Are exception reports for such overrides pointed and reviewed by
appropriate personnel?
30.6.9
Are sufficient operating instructions exist covering procedures to
be followed at operation?
30.6.10 If so, are these independently reviewed?
30.6.11
Is integrity checking programs run periodically for checking the
accuracy and correctness of linkages between records?
30.7
ACCESS
CONTROLS
30.7.1
Is there any proper password syntax in-force i.e. minimum 5 and
maximum 8 characters and include alphanumeric characters?
30.7.2
Are there satisfactory procedures for reissuing passwords to users
who have forgotten theirs?
30.7.3
Are procedures in place to ensure the compliance of removal of
terminated employee passwords?
30.7.4
Are system access compatibilities properly changed with regard to
personnel status change?
30.7.5
Are individual job responsibilities considered when granting users
access privileges?

80
30.7.6 Is each user allocated a unique password and user account?
30.7.7
Are there procedures in place to ensure forced change of password
after every 30 days?
30.7.8 Is application level security violations logged?
30.7.9
Do standards and procedures exist for follow up of security
violations?
30.7.10
Do formal and documented procedures exist for use and monitoring
of dial up access facility?
30.7.11 Is use made of passwords to restrict access to specific files?
30.7.12 Do terminals automatically log off after a set period of time?
30.7.13
Is there a limit of the number of invalid passwords before the
terminal closes down?
30.7.14
Are there any administrative regulations limiting physical access to
terminals?
30.7.15
Are invalid password attempts reported to user department
managers?
30.7.16
Are restrictions placed on which applications terminals can
access?
30.7.17
Are keys, locks, cards or other physical devises used to restrict
access to only authorized user?
30.8 APPLICATION CONTROLS - INPUT
-
Audit Objective
Do controls provide reasonable assurance that for each transaction
type, input is authorized, complete and accurate, and that errors are
promptly corrected?
30.8.1
Are all transactions properly authorized before being processed by
computers?
30.8.2 Are all batches of transactions authorized?
30.8.3
Do controls ensure unauthorized batches or transactions are
prevented from being accepted i.e. they are detected?
30.8.4 Is significant standing data input verified against the master file?

Internal Control Questionnaires

Internal Control Questionnaires

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Internal Control Questionnaires

Similar to Internal Control Questionnaires (20)

More from Ahmad Tariq Bhatti

More from Ahmad Tariq Bhatti (20)

Recently uploaded

Recently uploaded (20)

Internal Control Questionnaires