Page 290 - COSO Guidance Book
P. 290

Internal control questionnaires



            Internal control questionnaires (ICQs) have been used by auditors for decades to document the presence
            or absence of controls. The traditional format is a Yes, No, or Not Available checklist approach. ICQs
            typically document the presence or absence of a procedure and the personnel who perform the
            procedure.

            Exhibit 8-1 contains an abbreviated ICQ for processing sales transactions. Many websites have sample
            ICQs; for example, the Office of the Comptroller of Currency has an ICQ that covers various transaction-
            processing systems and other internal control components at https://www.occ.gov/publications-and-
            resources/publications/comptrollers-handbook/index-comptrollers-handbook.html.

            There are different methods for completing an ICQ. These include completing the questionnaire after

              discussion with appropriate personnel about a particular system or component of internal control,
              observation and walk-through of the system by the auditor,
              performance of system tests by the auditor, and
              circulation of the ICQ to various personnel and their completion of it.

            If the auditors discuss a particular system with appropriate personnel, then there might be a bias for the
            respondent to answer Yes to all questions. This accomplishes two objectives on the part of the
            respondent. The respondent tells the auditor what the auditor wants to hear and the respondent spends
            less time with the auditor. The respondent can then perform other assigned tasks. It is very important
            that senior management communicate to employees the importance of cooperating with auditors and
            taking the time to consider each question and provide reliable responses.
            Another method to complete an ICQ is to circulate the questionnaire to many personnel. This method is
            suggested when there is a large, pervasive system where standard procedures are followed by a
            significant number of personnel. This approach allows the auditor to assess if standard company-level
            procedures are being followed and understood organization-wide. This method would not be appropriate
            for systems that are narrow in scope and involve a smaller number of personnel, such as a general ledger
            system. A weakness in this approach is that the respondent might not understand a particular question.
            The questionnaire should provide for a path of communication to the auditor so that the respondent can
            have access to clarification if needed.

            The method to complete an ICQ based on observation of a process and a walk-through of the system
                                                                                                  1
            allows the auditor to complete the questionnaire after having performed audit procedures.  The
            weakness in this approach is that employees might follow procedures when they know they are being
            observed and then not follow procedures when they are not being observed.






            1
              In a walk-through, the auditor obtains an understanding of the major classes of transactions by taking a
            transaction and following the processing from the transaction origination to its ultimate posting on the general
            ledger.


            © 2020 Association of International Certified Professional Accountants. All rights reserved.    8-2
   285   286   287   288   289   290   291   292   293   294   295