1

CHECKLISTFOREVALUATINGINTERNALCONTROLS

Checklist for Evaluating Internal Controls

Amanda Smith
ACC/544
September 14, 2015
Gary Godfrey

CHECKLISTFOREVALUATINGINTERNALCONTROLS
2
Checklist for Evaluating Internal Controls
Internal control is a process effected by an entitys board of directors, management, and
other personnel, designed to provide reasonable assurance regarding the achievement of
objectives in three categories: 1) reliability of financial reporting, 2) effectiveness and efficiency of
operations, and 3) compliance with applicable laws and regulations (Louwers, Ramsay, Sinason,
& Strawser, 2007, p.149). There are five components of internal control that should be
considered when evaluating a companys financial reporting controls, and in addition will provide
the bases for the auditors assessment of control risk as it relates to financial statements.
According to Louwers, Ramsay, Sinason, & Strawser, 2007, the five components are: 1) control
environment, 2) risk assessment, 3) control procedures, 4) information and communication, and
5) monitoring. To efficiently perform an accurate review of an organizations internal controls, the
auditor uses a comprehensive checklist. This provides a basis for planning the audit and useful
information to meet legal standards.
Control Environment
The control environment sets the tone of the organization and is the foundation for all
components of internal control (Louwers, Ramsay, Sinason, & Strawser, 2007, p. 151). The
control environment refers to the organizations Corporate culture and is the foundation for all
components for internal control. To have a favorable control environment management must
value and demonstrate ethical behavior. An organization should also have a plan and mission
statement in place to provide guidance and assistance. Other elements include a company
organizational structure, methods of assigning authority and responsibility, and human resource
policies and practices.

CHECKLISTFOREVALUATINGINTERNALCONTROLS
3

Risk Assessment
Management should take steps to identify risks, estimate their significance and likelihood,
and consider how to manage the risks (Louwers, Ramsay, Sinason, & Strawser, 2007, p. 153).
It is important to identify and manage any risks that could prevent the organization from achieving
business objectives. Because economic, industry, regulatory, and operating conditions will
continue to change, mechanisms are needed to identify and deal with the special risks associated
with change (COSO, n.d.). Management should seek to avoid these risks but in the event the
risks cannot be avoided, management can decide to accept the risk or reduce the risk.
Control Procedures
Control procedures are specific actions taken by a clients management and employees to
help ensure that management directives are carried out (Louwers, Ramsay, Sinason, & Strawser,
2007, p. 154). After the risks have been identified the internal control procedures will need to be
established. Control activities include segregation of duties, performance reviews, physical
controls, and information processing. These procedures help to prevent, detect, and correct
errors that could occur in the financial statement.
Information and Communication
To accurately achieve managements objectives, the information and communication
component is essential. Managers must have access to effective communication with external
parties, events, and activities to make informed business decisions. Pertinent information must
be identified, captured, and communicate in a form and time frame that enable people to carry out
their responsibilities (COSO, n.d.).
Monitoring

CHECKLISTFOREVALUATINGINTERNALCONTROLS
4
Internal control systems should be monitored on a regular basis. Monitoring of controls
assesses the effectiveness of the internal control performance through monitoring activities and
evaluations. The monitoring process should be performed through a combination of ongoing and
separate evaluations. These evaluations determine whether components of internal control are
functioning as designed and as intended. If controls remain unmonitored, they will deteriorate
over time, but proper monitoring can lead to organizational efficiency and reduced costs.
Conclusion
The internal control system is implemented to evaluate policies and procedures and
enables management to achieve company goals and objectives. A successful internal control
system will also help the company stay prepared for upcoming audits, safeguard assets, and
ensure compliance. The checklist will ensure that each of the five components is properly
evaluated, and internal controls are functioning properly. The checklist is designed to help gain a
better understanding of company needs and allow management to make improvements if needed.

CHECKLISTFOREVALUATINGINTERNALCONTROLS
5

Checklist for Evaluating Internal Controls

Control Environment
Yes/No
Are employees familiar with the organizations
policy and procedures?
Are employees familiar with the organizations
compliance requirements?
Does management demonstrate integrity and
ethical values?
Are internal procedures updated appropriately?
Does management abide to an open door policy?

Risk Assessment
Yes/No
How many employees are responsible for cash
and check handling
Are cash deposits segregated between
employees?
Is mail received and handled by two or more
employees?
How does management assess risks?
How does management develop strategies and
objectives?

CHECKLISTFOREVALUATINGINTERNALCONTROLS
6

Control Procedures
Yes/No
Does the organization have written policies and
procedures?
Does the organization audit its procedures?
Is management involved in the process?
Is quality assurance enforced?
Are processes reviewed by management?

Communication and Information

Yes/No
Does the organization get information from
internal and external sources?
Does the department identify, capture, process,
and communicate the information that others
need in a form and timeframe that is useful?
Does the department communicate effectively?
Internally? Externally?
Does the department get information to alert it to
internal or external risks?

Monitoring
Yes/No
Are accounting policies defined and effectively
communicated in writing?

CHECKLISTFOREVALUATINGINTERNALCONTROLS
7
Does management periodically evaluate accuracy,
timeliness, and relevance of its information and
communication systems?
Are internal control subject to a formal and
continuous internal assessment process?
Does management assess controls and report
results of the assessment along with required
corrective actions?
Is the monitoring process performed through
both ongoing evaluations and separate
evaluations?

CHECKLISTFOREVALUATINGINTERNALCONTROLS
8

References
This is a hanging indent. To keep the hanging indent format, triple click your mouse on this line of
text and replace the information with your reference entry. You can use the Reference and
Citation Examples (Center for Writing Excellence>Tutorials and Guides>Reference and
Citation Examples) to help format your source information into a reference entry.
The reference page always begins on the top of the next page after the conclusion.