internal control questionnaires (icqs)

1.1

Internal Control Questionnaires

Internal Control Questionnaires provide bases for risk assessment which is considered to be the essential part of internal audit

framework. This booklet provides internal control questionnaires for a range of topics from operations to finance. Also includes risk

assessment programs for information systems.

Ahmad Tariq BhattiFCMA, FPA, MA (Economics), BSc

Dubai, United Arab Emirates.

XYZ Co.,Dubai, United Arab Emirates.

Ris

k A

sses

smen

t P

roce

du

res

XYZ Co., Dubai [ ]

2

To my respectable teachers.

XYZ Co., Dubai [ ]

Contents

1 Mission..........................................................................................................................................4

2 Planning........................................................................................................................................4

3 Control Environment....................................................................................................................5

4 Monitoring Overall Performance................................................................................................7

5 Effectiveness of Processes........................................................................................................8

6 Efficiency of Processes...............................................................................................................9

7 Allocation of Resources..............................................................................................................9

8 Use of Resources......................................................................................................................10

9 Operating Environment: Compliance with Laws & Regulations..........................................10

10 Operating Environment: Compatibility with External Environment......................................11

11 Budgetary Controls & Follow up Reviews..............................................................................14

12 Cash & Cheque Receipts..........................................................................................................16

13 Payments....................................................................................................................................22

14 Cash on Hand & in Banks.........................................................................................................23

15 Deposits to Company Treasury...............................................................................................24

16 Cash Funds................................................................................................................................24

17 Investments................................................................................................................................25

18 Revenue Enhancement, Market Trends & Updates..............................................................28

19 Cost Recovery: Allocation & Apportionment........................................................................29

20 Billing to Customers...................................................................................................................29

21 Accounts Receivables...............................................................................................................31

22 Inventory: Goods, Materials & Stores.....................................................................................34

23 Operating Fixed Assets.............................................................................................................37

24 Purchasing & Payables.............................................................................................................41

25 Payroll..........................................................................................................................................44

26 Human Resources Planning, Control & Management..........................................................48

27 Financial Planning, Accounting & Reporting..........................................................................53

28 Services (include both to and by the XYZ Co.)......................................................................60

29 Information System: Management & Controls.......................................................................64

3

XYZ Co., Dubai [ ]

Section I

Business Planning, Management & Control Environment

[Covered in Table 1-10]

4

XYZ Co., Dubai [ ]

1 Mission

No. Description Ref. Y/N N/A

1.1 Has the organization adopted a mission statement?

1.2 Is the mission stated clearly, concisely and in easily understood terms?

1.3 Is the mission compatible with the mission of the parent company?

1.4Is the mission consistent with laws, regulations, and the Company Law enforceable in UAE?

1.5Is the mission statement divulged and displayed conspicuously throughout the organization?

1.6 Has management set operational goals for the organization?

1.7 Are these operational goals congruent with each other?

1.8 Do these operational goals directly support the mission?

1.9 Are these operational goals stated in measurable terms?

1.10

Are the goals further divided into sub-goals for operating units?

1.11

Is a method used to help employees understand how their daily work contributes to the goals of their departments and to the mission of the organization?

2 Planning


2.1 Has the management developed plans to achieve stated goals?

5

XYZ Co., Dubai [ ]

2.2Do these plans describe clearly objectives to be achieved, the methods to be used, how resources are organized and time line for completion?

2.3 Do these plans include financial budgets?

2.4Does the planning process include input from knowledgeable operating personnel?

2.5Are these plans communicated to personnel responsible for implementing them?

2.6Are the plans converted into specific tasks that are assigned to specific employees?

3 Control Environment


Integrity & Ethical Values

3.1Are there written policies and internal operating procedures that have been approved by the governing body or top management?

3.2Does the company have a code of ethical conduct that has been made available to all employees?

3.3Have transactions been executed in accordance with integrity and ethical values/codes?

3.4Are procedures documented, kept current and readily available for use by all employees?

Commitment to Competence & Excellence

3.5Are responsibilities clearly defined in writing and communicated?

3.6Does the management understand knowledge and skills required to accomplish tasks?

3.7 Does the management get involved in training?

Management’s Philosophy & Operating Style

6

XYZ Co., Dubai [ ]

3.8Does the management use budget, spending plans, etc. to review the company’s performance?

3.9Are accounting records and accounting personnel at all locations/sites under the supervision of the Accounting Manager/Financial Controller?

3.10Does the management actively follow-up on complaints from customers/clients?

3.11 Are policies and procedures consistent with statutory authority?

3.12 Are the budget system and the planning process integrated?

3.13Are periodic (monthly, quarterly) reports on the status of actual to budget performance prepared and reviewed by top management?

3.14 Are unusual variances between budget and actual examined?

3.15Are operations made in accordance with statutes governing the company?

3.16Is the internal control structure supervised and reviewed by management to determine if it is operating as intended?

3.17Does the company compare its actual performance with its goals and objectives on periodic basis?

3.18Does the company have a functioning internal audit staff to review its operations?

3.19Does the internal audit staff report to an official independent of the operations under review?

Organizational Structure

3.20Are there written policies and procedures for all major areasof the organization?

3.21 Are procedures reviewed annually for possible updating?

3.22Is there an organization chart clearly defining the lines of the management authority and responsibility?

3.23 Is the organization chart current and accurate?

7

XYZ Co., Dubai [ ]

3.24 Does the organization chart enhance work performance?

3.25 Are all the company’s operations centralized or decentralized?

3.26 If decentralized, is monitoring of the areas adequate?

Assignment of Authority & Responsibility

3.27Has the management provided resources to ensure compliance with the requirements of the UAE Laws?

3.28Are there sufficient training opportunities to improve competency and update employees on new policies and procedures available?

3.29 If known areas of knowledge are limited, has help been enlisted from peers, auditors or outside consultants to identify alternatives and suggest solutions?

3.30Have the managers been provided with clear goals and direction from the governing body or top management?

3.31Are responsibilities divided so that no single employee controls all phases of a transaction?

4 Monitoring Overall Performance


4.1Does the management assess progress toward goal achievement periodically?

4.2Does this periodic assessment include comparison of actual financial data to budgets and explanation of variances?

4.3 Is this assessment based on reliable and objective measurements?

4.4Is this assessment done timely and at a frequency that allows timely adjustments?

4.5Are the results of the progress assessment shared with the personnel responsible for action?

8

XYZ Co., Dubai [ ]

4.6Are the responsible personnel requested to take action to modify the goals or adjust the plans and processes?

4.7Does the management follow up to ensure that the appropriate action was taken?

4.8Does an independent body monitor the operations of the organization on an ongoing basis?

4.9Has the organization undergone an independent review or audit in the past five years?

5 Effectiveness of Processes


5.1 Has the management identified the core processes that are used to carry out the mission of the organization?

5.2 Has the management defined the effectiveness of these processes?

5.3 Does the management have a system in place to measure this effectiveness?

5.4Are performance measures for each process obtained timely and at a frequency that permits timely adjustments?

5.5Is appropriate action taken as a result of the measurements to improve effectiveness?

5.6 Are core processes properly documented to facilitate changes?

5.7 Is the documentation kept up-to-date?

6 Efficiency of Processes


Performance Evaluation & Appreciation

9

XYZ Co., Dubai [ ]

6.1Has the management defined efficiency in terms of performance and achievement of goals?

6.2Does the management have a system in place to measure efficiency?

6.3Are efficiency measurements compared with industry standards or other benchmarks?

6.4Are efficiency measurements obtained timely and at a frequency that permits timely adjustments?

6.5Is appropriate action taken as a result of the measurements to increase efficiency?

7 Allocation of Resources


7.1Are total available resources identified and assigned to projects or construction sites?

7.2 Are under-utilized resources identified for re-deployment?

7.3 Are goals prioritized for purpose of resource allocation?

7.4

Is a consistent method used to allocate resources to achieve an optimum balance between effectiveness and efficiency? (To maximize effectiveness as many resources as possible may be allocated to a goal; to maximize efficiency as few resources as possible should be used).

8 Use of Resources


8.1Are there current job descriptions for key personnel which state clearly the expected contribution to the organizational goals?

10

XYZ Co., Dubai [ ]

8.2Are instructions available on how to use the non-personnel resources such as equipment, information systems and available funds?

8.3Is the contribution of each key resource to organizational goals defined?

8.4Is appropriate action taken to improve performance that falls below expected levels?

8.5Is there appropriate recognition to reinforce contributions at or above expected levels?

8.6Is there an adequate training program for personnel to maintain essential skills and abilities?

8.7Is there an incentive program for personnel to develop other job-related skills and abilities?

8.8Are major equipment items subjected to a regular maintenance/ test schedule to ensure acceptable output level?

8.9Are information systems evaluated periodically for continued usefulness?

9 Operating Environment: Compliance with Laws & Regulations


9.1Are current laws, regulations and standards that significantly affect operations identified?

9.2Is a method used to identify all laws, regulations and standards affecting the organization?

9.3Is a mechanism used to monitor compliance with these laws, regulations and standards?

10 Operating Environment: Compatibility with External Environment

Description Ref. Y/N N/A

Change Management

11

XYZ Co., Dubai [ ]

10.1Are all external factors that can have a material effect on operations in the future identified (Trends in industry, economy, technology, demography, regulations)?

10.2Are the future effects of these external factors evaluated and planned for?

10.3Is there a formal and written Change Management process whereby system changes are requested, approved, documented and approved for installation?

12

XYZ Co., Dubai [ ]

Section I: Summary of Results

Responding Person:

Name: ____________________________________________________________

Designation: _______________________________________________________

Summary of Results

1: ________________________________________________________________

__________________________________________________________________________

2: ________________________________________________________________________

__________________________________________________________________________

3: ________________________________________________________________________

__________________________________________________________________________

4: ________________________________________________________________________

__________________________________________________________________________

5: ________________________________________________________________________

__________________________________________________________________________

6: ________________________________________________________________________

__________________________________________________________________________

I certify that the foregoing responses are accurate to the best of my knowledge, understanding and comprehension taken from the company management.

Completed by: ______________________________ Date: __________________

Reviewed by: _______________________________ Date: __________________

13

XYZ Co., Dubai [ ]

Section II

Design of Internal Controls System

[Covered in Table 11-25]

14

XYZ Co., Dubai [ ]

11 Budgetary Controls & Follow up Reviews


Budgeting Preliminaries

11.1Is a budget developed for all funds that require an approved budget by law or by Board policy?

11.2Is there a formal organizational chart defining responsibilities for preparing, approving, changing and submitting the budget to the Office of Budget Management?

11.3

Are budgetary increases or decreases (as they relate to Programs or Contracts or Sub-contracts), that are mandated by the management communicated to operating departments? Is this done in a timely manner?

11.4Are initial budget submission developed and prepared by major departments and activity centers?

11.5Are budget revisions approved by an authorized person before being entered into the accounting system?

11.6Are the management's goals and objectives integrated into budget submissions?

11.7Are expenditure and revenue transactions reviewed to determine that coding is consistent with budget classifications?

11.8Are budget reports distributed, (or available on-line), to operating departments as a management tool?

Segregation of Duties

11.9

Are the following duties generally performed by different people:

Preparation and approval of the budget submitted to the management?

Implementation and approval of the budget submitted to the management, including budget revisions?

Recording budget revisions in the General Ledger and the approval or implementation functions?

15

XYZ Co., Dubai [ ]

Preparation & Approval

11.10Are budgets prepared in sufficient detail (i.e. at operational responsibility level) to provide a meaningful tool to monitor subsequent performance?

11.11 Are instructions from the company Budget Office followed?

11.12Are budget estimates based on prior actual results and reasonable forecast of future events?

11.13Are budget estimates supported by detailed worksheets that show how the estimates were calculated and the assumptions made?

11.14Is the budget preparation assigned to a competent and experienced staff?

11.15Does the department head review the estimates and worksheets before submission?

11.16Are the budgets reviewed and approved by the Board on annual basis?

11.17Are the budgets flexed according to the activity levels achieved on periodic basis?

11.18 Are there any rolling over of monthly or quarterly budgets?

11.19Are the funds used only for the budgeted purchase of goods or services that support the annual budgets?

11.20Is there a procedure to ensure that there are sufficient budgeted funds to cover major expenditures before they are incurred?

Monitoring of Budgets

11.21Are there any follow up reviews in place of monthly and annual budgets flexed to the activity levels achieved?

11.22Are over expenditures or under realized revenues discussed with departmental personnel and are there explanations for significant variation from budgeted amounts?

11.23Is there a procedure to follow up on major unrealized revenue items?

16

XYZ Co., Dubai [ ]

11.24Does the management review actual results against the monthly budgets?

11.25Does the management initiate prompt action to correct anticipated budget variances?

11.26Are all significant projected budget variances explained in the follow up review reports?

11.27Are revised budget estimates submitted to the Board promptly for action?

11.28Does the management compare budget estimates with actual results at year end to identify errors or changes in trends?

11.29Does the management take prompt action to address budget variances?

11.30Are significant budget variances and corrective action reported timely to the Chief Financial Officer or the Board for appropriate action?

11.31Are performance data collected to evaluate the effect of allocation of resources?

11.32Are budgeted resources and performance data appropriately summarized on the Annual Report to the Board?

12 Cash & Cheque Receipts


System

12.1

Are the following duties distributed among at least two individuals:

Authorize cash receipts? Record cash receipts? Deposit cash receipts? Reconcile cash receipts?

12.2Are there guidelines for accepting remittances that do not agree to amounts owed to the company?

17

XYZ Co., Dubai [ ]

12.3Is there a formal organizational chart defining responsibilities for processing and recording cash transactions?

12.4Are cheques identified by maker and amount on the deposit slip?

12.5Are there procedures in place to establish a proper cut-off of cash receipts at the end of the fiscal year?

12.6 Is a mail receipts log maintained for mail receipts?

12.7

Is the mail receipts log reconciled to:

The cash receipts journal? Validation certification of deposit/deposit slips?

12.8If payments are made in person (seminars, workshops, etc.), are receipts for payment used and accounted for and balanced to deposits?

12.9Do control procedures exist regarding the collection, timely deposit, and recording of collections in the accounting records at each collection location?

12.10Are pre-numbered receipts issued for all cash collections and are numbers of all receipts accounted for?

12.11 Are logs of receipt book issuances maintained?

Petty Cash Management

12.12 Are petty cash/ change funds at the minimum effective amount?

12.13 Are all petty cash funds maintained on an imprest basis?

12.14Are unauthorized advances from petty cash funds to employees prohibited?

12.15 Are all petty cash cheques cashed promptly at the banks?

18

XYZ Co., Dubai [ ]

12.16

Are petty cash vouchers or bills required for all petty cash disbursements and are they pre-numbered?

Are they signed by persons receiving cash? Are they approved in writing by department head or other

responsible official? Are they properly supported by vendor receipts? Are they type-written or written in ink to preclude

alterations?

12.17Is petty cash kept in a locked place, where only the custodian has access?

12.18 Are petty cash funds segregated from other cash?

12.19Are letters accompanying gifts, grants, donations, etc., retained as part of the permanent records?

12.20Are the authorization records of the depository banks up to date?

12.21Are receipts deposited as often as required by the company policy?


12.22


Custodian of the fund, reconciliation of the fund and access to cash receipts?

Filling out the disbursement receipts, disbursement, and reconciliation?

Making a deposit, billing, making General Ledger entries and collecting?

Collecting cash, placing a restrictive endorsement on the Cheques, balancing cash, closing cash registers, making a deposit, maintaining Accounts Receivable records and making General Ledger entries?

Collecting of licenses, fines, and inspections and making General Ledger entries?

Collecting cash and reconciling the bank account? Closing Cash Registers daily by a person not involved in cash

collection?

Security

19

XYZ Co., Dubai [ ]

12.23Is there adequate physical security surrounding cashiering areas?

12.24Are employees prohibited from cashing personal Cheques at cashiering areas?

12.25 Is cash receiving centralized to the maximum extent possible?

12.26 Are all employees handling cash receipts adequately bonded?

12.27 Are "audit tapes" retained for cash registers?

12.28Is a restrictive endorsement placed on incoming cheques as soon as received?

12.29Are petty cash vouchers effectively canceled at the time of reimbursement to the fund by an individual other than the custodian?

12.30Is a system of pre-numbered receipts with adequately controlled copies in use wherever practicable?

12.31 Are cash receipts controlled at the earliest point of receipt?

12.32When funds cannot be deposited daily, are the funds transported to a centralized location at the end of the workday and secured overnight?

12.33Are unidentified cash remittances immediately returned to the payers or deposited into a suspense account for further research?

12.34Is supporting documentation required to indicate the purpose of the remittance to the company?

Receipts through Cheques

12.35 Is cashing of personal cheques against collections prohibited?

12.36Are the cheques recorded immediately upon receipt in the Bank Book?

12.37 Are currency and cheques accounted for separately?

12.38Are cheques reviewed for accuracy and authenticity before acceptance?

12.39Are cheques that show suspicious alterations immediately returned to payers?

20

XYZ Co., Dubai [ ]

12.40 Is a Board-approved fee charged for all returned cheques?

12.41Are all cheques promptly restrictively endorsed “for deposit only” to the company upon receipt?

Cash Collections

12.42Are cash collections recorded immediately upon receipt in the cash registers or cash receipt book?

12.43Does the information recorded include: date, payer, amount, method of payment, purpose of payment, cashier's name?

12.44 Is a receipt issued for every remittance made in currency?

12.45 Are receipt forms pre-numbered and periodically accounted for?

12.46Are these pre-numbered printed receipts have any linkage to the System generated Receipt Vouchers?

12.47 Are cash collections balanced to receipts daily?

12.48 Is cash shortage for each cashier documented and investigated?

12.49Are cash shortages made up from a cash difference fund rather than being offset against overages?

12.50Are there procedures to establish accountability for cash and related items (Cheques, Credit Cards, Receipts, etc.)

12.51Are cash and related items (Cheques, Credit Cards, Receipts) physically safeguarded against theft and loss?

12.52Are cash shortages identified, analyzed, recorded, and reported immediately?

12.53Are all the cash collections deposited within one business day of receipt?

12.54 Is someone independent of the cash receiving process, reviewing and approving void and refund transactions?

12.55Are security personnel or anybody held responsible or accountable for mail used to transport deposits to the cash officer or to the local bank?

Electronic Transfers

12.56 Is there a written policy for Electronic Payments?

21

XYZ Co., Dubai [ ]

12.57Is the staff aware of the policy for accepting Electronic Payments?

12.58 Is there a proper record for bounced cheques?

12.59 Is there a separate record-keeping for Electronic Payments?

12.60Are Electronic Transfers matched with written confirmation from the sender?

Monitoring

12.61Does the company have an approved Cash Management Plan on file?

12.62 Does the company have an approved Delegation of Disbursing Authority on file?

12.63Is an effective control maintained over receipts of gifts, grants, donations, etc. and is a follow-up made by a responsible official to see that they have been classified and recorded properly?

12.64Are funds periodically counted by a person other than the custodian at unannounced times?

12.65 Does management approve or spot cheque reconciliations?

12.66Are policies documented for changes in a new system or method for accounting for cash?

12.67 Are timely corrective actions taken in cash discrepancies?

13 Payments


22

XYZ Co., Dubai [ ]

13.1

Are the following duties distributed among at least two individuals:

Authorize payments? Have custody of cash? Record payments? Reconcile cash payments?

13.2 Is there a policy that clearly defines authorized payments?

13.3Is the business purpose clearly documented on all invoices and other claims submitted for payment approval?

13.4Are all approved payments supported by proper documentation such as original vendor invoices?

13.5Are approved vendor invoices and other approved claims promptly entered into General Ledger for payment?

13.6 Are payments made only against budgeted accounts?

13.7Are cash advances prohibited unless specifically authorized by Board policy or the Auditor or the Financial Controller?

13.8Are blank cheques, warrants and signature plates safeguarded in physically secure areas?

13.9 Do only authorized personnel sign cheques and claims?

13.10Are changes in the list of authorized signatories promptly reported to the Auditor, Financial Controller’s office, and the banks?

13.11Do these authorized signatories review supporting documentation before signing?

13.12Are signed warrants and cheques immediately mailed out by someone who did not prepare them?

13.13Does the Auditor/Financial Controller specifically authorize all Electronic Transfers of funds?

13.14Is each electronic payment confirmed in writing or e-mail with the intended recipient?

13.15

Are there procedures to ensure that the individuals performing the monthly review of company’s disbursements for all purposes is not the same individual who approves requisitions of travel and for other purposes?

23

XYZ Co., Dubai [ ]

13.16Has the company developed and implemented written procedures regarding the initiation, review, and approval of all non-payroll expenditures?

13.17

Are all expenditure transactions and related vouchers independently reviewed for completeness, accuracy, and compliance with company policies and in agreement with supporting documentation before being approved for payment?

14 Cash on Hand & in Banks


14.1 Is cash on hand safeguarded in a physically secure area?

14.2 Are cash receipts in process properly secured?

14.3Are cash receipts deposited promptly into the company treasury or bank accounts as appropriate?

14.4Are bank accounts authorized by laws, the Board of Directors, the Auditor and Financial Controller or the Treasurer, as appropriate?

14.5Are bank accounts established in the names of authorized company officials?

14.6 Are cash balances reconciled monthly with bank statements?

14.7Are bank reconciliations reviewed by a senior officer for proper disposition of reconciling items?

14.8Are all bank account balances reported to the Auditor and Financial Controller at the end of the fiscal year?

15 Deposits to Company Treasury


24

XYZ Co., Dubai [ ]

15.1Are collections transmitted from site/branch offices to head office through secure means within a reasonable time?

15.2Is the money transmitted verified at both ends of the transmission?

15.3Is the money collected deposited intact and promptly (at least weekly) into the Company Treasury?

15.4 Are deposit records reconciled to cash receipt records?

16 Cash Funds


16.1Are cash funds established only pursuant to Code, Board resolution or Auditor or Financial Controller’s authorization?

16.2Does the department Finance Officer maintain an inventory of all cash funds, showing location, amount and custodian?

16.3

Are procedures for use of cash funds clearly established and do they include:

Clear definition of authorized uses? Prior approval of expenditures? Restrictions on amount and type of purchase? Requirement for receipt? Cancellation of receipt upon reimbursements?

16.4 Is an authorized chart of accounts used to code disbursements?

16.5 Are replenishment requests based on actual expenditures?

16.6Are cash funds periodically counted and verified by supervisors?

16.7Is the level of usage monitored to detect and close inactive funds?

16.8Is only Chief Accountant authorized to transact business on the company’s bank accounts?

17 Investments


25

XYZ Co., Dubai [ ]

17.1Whether the Rules and Regulations governing the Company Permit for investments by the company?

17.2Are there any restrictions or limitations for any of such investments?

17.3Do flowcharts exist that document investment processing and identify control procedures?

17.4Are there written policies and procedures that document the flow of investment processing and identify control procedures?

17.5Are there policies and procedures established to ensure investment certificates are received or appropriately reflected in the custodial accounts?

17.6Are investment purchases recorded in the general ledger on the date traded?

17.7Does the documentation easily accessible to all persons needing it to perform their job?

17.8Are policies and procedures established to ensure the acquisition and disposal of investments are properly recorded?

17.9Are the policies and procedures established to ensure the investment income received is recorded properly?

17.10 Does investment income earned get recorded on a timely basis?

17.11 Are investment earnings credited to the proper fund?

17.12Is the acquisition and disposal of investments authorized by a person with approval authority?

17.13Are investment guidelines formally established and periodically reviewed?

17.14Have authority and responsibility been established for investment opportunity evaluation and purchase?

17.15Has the level and nature of approval required to purchase or sell an investment been established?

26

XYZ Co., Dubai [ ]

17.16


Cash flow management, investment transactions, safeguarding the investments, responsibility for them and

recording them? Record-keeping functions for securities and income separate

from those having access to physical securities, those authorizing security transactions, and those having duties in the cash area?

Initiating, evaluating, and approving transactions segregated from those for detail accounting, general ledger?

Monitoring investment market values and performance from those for investment acquisition?

Maintaining detail accounting records segregated from those for general ledger entries?

Custodial responsibilities for securities or for other documents evidencing ownership or other rights assigned to an official who has no accounting duties?

17.17Does a governing body or statute restrict investments by type and/or amount? Can officials override these restrictions with proper authorization?

17.18Are investment certificates and interest coupons sufficiently safeguarded?

17.19Are securities released from the vault only upon authorization of a person responsible for cash flow and for investment transactions?

17.20Is it necessary for more than one person to authorize the release of a security from safekeeping, or to have access to the safe deposit box or vault?

17.21 Are individuals with access to securities bonded?

17.22 Are securities transported by armored truck?

17.23Are all securities held or registered in the name of the company or the Treasurer if applicable?

27

XYZ Co., Dubai [ ]

17.24

Are detail records maintained that include the following information, if applicable, on each evidence of ownership:

Date of acquisition, identification and purchase amount or cost?

Physical location of item, i.e., safe deposit box, etc.? Interest dividend, or income rates and accrual or receipt

dates? Ownership by fund?

17.25Do procedures exist for reconciling the detail accounting records with the General Ledger control?

17.26Do specific procedures exist for tracking maturing investments and interest payments?

17.27Is the investment program integrated with the cash management program and expenditure requirements?

17.28Is cash in excess of operating needs invested in accordance with laws and regulations?

17.29For invested funds, is an approved investment policy followed to ensure a prudent and average return on capital?

17.30Are investment results monitored for compliance with laws and policies?

17.31 Are investment managed by expert personnel?

Monitoring

17.32Is the classification of investments in the General Ledger periodically reviewed? Are these classifications properly documented by management?

17.33Does a responsible official determine that the income earned is credited to the proper fund?

17.34Is the performance of the investment portfolio periodically evaluated by persons independent of investment portfolio management activities?

17.35Are appropriate personnel authorized to release securities from safekeeping authorized by the governing body?

28

XYZ Co., Dubai [ ]

17.36

Are securities or legal documents or agreements evidencing ownership or other rights kept in a vault with limited access, or preferable, protected in a safe deposit box, on deposit with a corporate trustee, or broker?

17.37Does the management periodically count securities and reconciled them to the records?

17.38Are periodic surprise counts of evidence of ownership made and reconciled to detail records and other controls?

17.39Are securities periodically inspected or confirmed from safe-keeping agents?

17.40Are periodic comparisons made between income received and the terms of the security or publicly available investment information?

18 Revenue Enhancement, Market Trends & Updates


18.1 Is staff encouraged to find ways to enhance existing revenues?

18.2Is there a procedure to continuously identify new revenue sources, including new projects, programs and contracting out excess capacity?

18.3Are new revenue sources evaluated to identify all associated burdens including match and earmarking requirements?

18.4Are new revenue sources applied for or explored only upon executive management or Board approval?

29

XYZ Co., Dubai [ ]

19 Cost Recovery: Allocation & Apportionment


19.1Are the costs of services provided or goods supplied computed or estimated?

19.2Are the types and extent of costs that are recoverable from external sources determined?

19.3Are all allowable costs including indirect costs included in the computation?

19.4Are billing rates and service fees reviewed periodically to ensure that costs are recovered to the fullest extent allowable?

19.5

With the full recovery of costs, is there any excess charge for margin of profit in case of:

Services provided? Materials supplied? Tender & other quotes?

20 Billing to Customers

No. DescriptionRef

.Y/N N/A

20.1

Are the following duties segregated among at least two people:

Approve billings? Prepare billings? Posting revenue & receivable records? Accepting payments? Reconciling billings & receivable records?

20.2Does the company have a Works Billing Manual defining the procedures to be undertaken for Billing Works done under varied category of Construction works?

30

XYZ Co., Dubai [ ]

20.3Are the billings done as per the Contractual Terms with the Client?

20.4 Are all the claimable costs identified and billed timely?

20.5Is there a procedure to ensure that all completed work orders are billed?

20.6Are the items claimed in the bills verified by the Senior official situated in the Head Office?

20.7Are cost claims prepared and submitted in accordance with reimbursement requirements?

20.8Are internal billings done timely to allow for timely billings to external parties?

20.9

Do billings include all relevant detail:

Details of the Project? Relevant Payment Application number? Billing date? Valuation Period? Name & address of Client, Consultant & Owner? Revised break-up of Contract Value? Project commencement date? Original & revised completion date of Project? Value & Percentage of Performance Bond? Value & Percentage of Advance Payment Bond? Retention Percentage?

20.10 Are billings checked for accuracy before mailing?

20.11Are billings promptly recorded in the ledgers for follow up purposes?

31

XYZ Co., Dubai [ ]

21 Accounts Receivables


21.1

Is there a formal organizational chart defining responsibilities of preparing bills, follow-up for certification, receipt of payment certificates, recording the payment certificates, collecting the accounts receivable on due date of payment certificates and follow up of accounts not paid?

21.2Is follow-up done for converting Billings into certified receivables?

21.3Are the items of Certified Works & Claims compared with the corresponding items of Billed Works & Claims?

21.4Does the analysis statement is produced before the Management to acknowledge for major variances?

21.5Are the clarifications sought from the Client for any such variances?

21.6 Is follow-up done for converting certified receivables into cash?

21.7

Does the company have written credit and collection policies that meet the requirements of contractual terms, the Accounts Receivable program and other policies and procedures established by the management and the legal advisor?

21.8Have procedures been documented to collect monies due within the contractual payment terms?

21.9Have procedures been adopted to notify the legal advisor’s office and follow through the collection after reasonable period of delay in payment?

21.10Are remittance advices and billings retained to support entries to accounts receivable records?

21.11Do procedures exist to prevent the interception or alteration by unauthorized persons of billings or statements after preparation but before they are mailed?

32

XYZ Co., Dubai [ ]

21.12Does the company have established policies and procedures concerning refunds of overpayments, issuance of billing adjustments?

21.13Are subsidiary accounts receivable and notes receivable records maintained?

21.14Are subsidiary accounts reconciled at least monthly with the General Ledger control account?

21.15Are individual receivable records posted only from authorized documents?

21.16Are data bases and where appropriate usage records accurately maintained to ensure that amounts due are billed correctly?

21.17Are statements of account balances mailed at least once a month?

Writing-off Receivable Balances

21.18Has an allowance account been established for doubtful accounts to reflect the amount of the company’s receivables that the management estimates will be uncollectible?

21.19Does there any Accounting Policy for writing-off accounts receivable after certain period of its overdue position?

21.20Does any such write-offs are brought to the notice of the Management and Board for their prior approval?

21.21Are accounts written-off the Company’s financial accounting records when all collection procedures have been exhausted without success?

21.22 Are reasons for writing-off an account adequately documented?

21.23After write-off, does the company continue to follow up for recovery of written-off dues?

Collection of Receivables

21.24Is the accounting department notified directly and in a timely manner of billings, certifications and collection?

33

XYZ Co., Dubai [ ]

21.25


Billing, collecting, and cash application of accounts receivable funds?

Maintaining detail accounts receivable records, collecting, and General Ledger posting?

Writing-off or adjusting to accounts receivable and the maintenance of accounts receivable records?

Investigating disputes with billing & certified amounts and the maintenance of accounts receivable records?

Reconciling, investigating reconciling items and posting detail accounts receivable records?

21.26Are all collections on accounts receivable posted to individual receivable accounts?

21.27Is access to the accounts receivable accounting system limited only to authorized individuals?

Monitoring

21.28Are corrections and adjustments to cash receipts documented and approved by a senior official?

21.29Are all non-cash credits, such as credit memos, allowances, and bad debts properly authorized?

21.30Is an aging schedule prepared monthly and is it reviewed by a responsible manager?

21.31 Are delinquent accounts followed up?

21.32Are all legal remedies followed to collect write-offs or uncollectible accounts with the legal advisor?

21.33Are accounts periodically reviewed for propriety of transactions and balances by a person independent of cash and accounts receivable accounting?

21.34Are remittances promptly applied against outstanding billings /receivables?

21.35Is there a procedure to follow up on overdue accounts and refer them to the Office of Revenue and Reimbursement or other collection company as appropriate?

21.36 Are follow up and collection activities properly documented?

34

XYZ Co., Dubai [ ]

21.37Are detailed receivable ledgers periodically reconciled to General Ledger?

21.38Are aged receivable listings prepared periodically to identify old unpaid accounts?

21.39Are receivables and collection activities reported to the Auditor/ Financial Controller in the prescribed format?

21.40Are uncollectible accounts identified and submitted to the Board of Directors annually for discharge of accountability?

22 Inventory: Goods, Materials & Stores


22.1Is there a formal organizational chart defining the responsibilities of ordering, accepting, approving, processing and recording of the inventory?

22.2Are the policies established to ensure that inventories are not stockpiled or to prevent over-ordering?

22.3Are the policies established to ensure that obsolete and inactive items in inventory are sent to Scrap Inventory Department?

22.4Is there any Central Stores Room for centralized receipt of goods?

22.5Are the inventories properly maintained in the Store Room to identify them with the associated Project/Contract/Subcontract?

22.6Are steps documented to ensure that goods received are accurately counted and examined to see that they meet quality standards and specifications?

22.7

Is the Inventory Module properly in place to take care of proper accounting of following aspects:

Receipt of Materials? Issue/ Consumption of Materials? Transfer of Materials? Stock of Materials?

35

XYZ Co., Dubai [ ]

22.8Does the company maintain perpetual inventory records and are all inventory items put on the perpetual inventory system?

22.9Are the written instructions given and explained to all personnel involved in the physical count of the inventory?

22.10Is there a proper cut-off of receipts and issues from inventory at year end?

22.11Is the accounting department notified (by issuing a receiving report) immediately upon the receipt of goods?

22.12Are entries to perpetual inventory records made timely upon the receipt of goods?

22.13Are receiving reports or vendor invoices used to record purchases to the perpetual inventory records?

22.14When issuing inventory, is the proper Cost Centre charged in the General Ledger?

22.15Is each Project/Contract site equipped with a duly trained and responsible store keeper to discharge his duties as such?

22.16


Receiving and issuing inventory and the operational duties? Receiving and issuing of inventory and taking the physical

inventory? Receiving and issuing of inventory and the approving of

expenditures, recording transactions in the general ledger, and reconciliation of subsidiary records to control accounts?

22.17 Is a definite responsibility designated for each inventory type?

22.18Are work orders or requisitions required to be approved by appropriately designated officials as a basis of issuing inventories?

22.19Are adjustments to inventory records approved by a properly designated official?

22.20 Is there adequate physical security surrounding inventories?

22.21 Is access to inventory locations limited by physical controls?

36

XYZ Co., Dubai [ ]

22.22 Is there enough insurance for significant inventories obtained?

22.23Are all employees responsible for inventories adequately bonded?

22.24Does the person receiving the goods sign the requisition as evidence of receipt?

22.25 Are the approved and completed requisitions kept on file?

22.26

Are physical inventories:

supervised by someone independent of the custodial or record keeping functions?

made by or tested by employees independent of the department being inventoried?

recorded on permanent inventory count sheets? re-recorded on count sheets signed and dated by the person

supervising the count? planned to provide provisions for cut-off of receipts and

issues? reflected in the perpetual records based on the actual

inventory quantities?

22.27Are pre-numbered tags/codes used during the physical inventories count?

22.28Is access to the perpetual inventory records limited to authorized individuals?

Monitoring

22.29 Is a physical inventory taken at least annually?

22.30Are perpetual inventory balances reconciled against the General Ledger control accounts at least annually?

22.31Does management periodically check inventory reports/ records?

22.32Are deviations of reports followed up by management in a timely manner?

22.33Does management assess inventory policies and procedures periodically?

37

XYZ Co., Dubai [ ]

23 Operating Fixed Assets


General

23.1Is there a formal organizational chart defining the responsibilities of purchasing, receiving, recording, approving and performing the fixed assets?

23.2Are there formal written procedures for performing a physical inventory of fixed assets?

23.3Is a capitalization policy established which is consistent with Purchase and Contract requirements and UAE Government rules and regulations?

23.4If there is any missing asset noted, is the Missing Asset Form filled immediately?

23.5Are assets believed to be stolen or vandalized reported to the Police Department according to UAE law?

23.6Are construction records adequate to accumulate costs associated with constructed fixed assets including force (in-house) labor and materials obtained from inventory?

23.7

Is the individual responsible for fixed assets notified when assets are:

Received? Location changes are made? Transferred to other construction sites? Sold? Stolen, vandalized or missing? Re-assigned to a different organizational entity or to another

group company? Scrapped?

23.8Are gains or losses properly recognized from disposals of fixed assets in proprietary fund types?

23.9Are the fixed asset subsidiary accounts balanced to the fixed asset control accounts on monthly basis?

38

XYZ Co., Dubai [ ]

23.10Are property records reconciled periodically to property accounts?

23.11Are beginning balances, additions, disposals and ending balances properly reflected in the notes to the Financial Statements?

23.12


Custodian of the fixed assets and taking the annual inventory?

Reconciliation of the Fixed Asset System with the control accounts and making entries in the Fixed Asset System?

Custodian of the fixed assets and tagging? Custodian of the fixed assets and investigating the missing

fixed assets? Custodian of the fixed assets, making entries in the Fixed

Asset System and making entries in the General Ledger?

23.13Are all disposals of property approved by a designated person with proper authority?

23.14If other than AED 5,000 capitalization threshold, has the Company management chosen and documented the threshold level in the Internal Policy/Procedure Manual?

23.15 Are all assets tagged/ coded?

23.16Is someone assigned custodial responsibility by location for all assets?

23.17Is access to the perpetual fixed asset records limited to authorized individuals?

Acquisitions/Additions/Procurements

23.18 Are all purchases pre-approved in the budget?

23.19Are all fixed asset purchases and receipts approved by a designated person with proper authority?

23.20Are acquisitions that require a significant investment of time and resources included in the approved capital improvement plan?

39

XYZ Co., Dubai [ ]

23.21

Are all fixed asset additions properly valued:

Is the total purchase price, less discount and any expenditure required to place asset in its intended state of operation the amount capitalized?

Does the recorded asset cost of land purchases include: purchase price, legal and title fees, surveying fees, appraisal and negotiation fees, damage payments, and site preparation costs?

Does the recorded asset cost of building include: purchase price, contract price or job order costs plus any other expenditure necessary to put a building or structure into its intended state of operation, including professional fees, damage claims, cost of fixtures, insurance premiums, interest, and related costs incurred during the period of construction?

Are maintenance costs expensed rather than capitalized?

23.22Are specifications adequately described in the purchase order or contract to ensure high quality and correct product?

23.23Are specifications written by experts who are knowledgeable of the company needs?

23.24 For larger items, is competitive bidding used?

23.25Are purchases and leases made in conformance to the company’s Purchasing Agent guidelines and applicable laws and regulations?

23.26 Are the items properly inspected before acceptance?

23.27 Is acceptance properly documented?

23.28Is there a procedure to check that title is properly vested in the company?

23.29Is payment of the bill made only after acceptance and transfer of title?

23.30 Are fixed assets tagged/ coded when procured?

40

XYZ Co., Dubai [ ]

Use

23.31

Are the following duties segregated between at least two individuals:

Authorizing purchase, transfer or disposal of assets? Using the assets? Posting asset records? Adjusting and reconciling records to physical inventory?

23.32Are the proper usage of the assets explained clearly to employees and users?

23.33Is access to valuable or sensitive asset items restricted to authorized users only?

23.34Are authorized users provided with proper training on the correct use of the assets?

Protection

23.35Are procedures in place to safeguard valuable and sensitive assets against theft or damage?

23.36Is there adequate insurance coverage of the very high valued fixed asset items?

23.37 Are items owned by the company specifically identified?

23.38Is responsibility for the safe custody and maintenance of assets assigned to specific individuals?

23.39Is a regular maintenance schedule followed to maintain the functionality and value of assets?

23.40 Is warranty information safeguarded for new property items?

Accounting

23.41Are detailed records of assets maintained showing identification number, classification/grouping, description, location and original cost?

23.42Is the physical existence of the assets annually verified and reconciled to asset records?

41

XYZ Co., Dubai [ ]

23.43Are new asset items promptly reported to the Purchasing Department and the Internal Auditors’ Office?

23.44Are procedures in place to document loss, transfer and retirement of assets?

23.45Are the Fixed Asset System and appropriate accounts reconciled monthly?

23.46Are there procedures in place for writing-off fully depreciated fixed assets?

Monitoring

23.47Are the Physical Inventory Worksheets approved by the Chief Financial Officer/ Financial Controller before the fixed asset officer makes changes to the Fixed Asset System?

23.48 Is such insurance coverage independently reviewed periodically?

23.49Has the Internal Policy/ Procedure Manual been kept up to date with any changes in the company, or company philosophy?

23.50 Is a physical inventory taken at least annually?

23.51Is a physical inventory of capitalized assets and inventoried items taken each time there is a change at a management or supervisory level that has responsibility for the assets?

23.52Are missing items investigated and reasons for them documented?

24 Purchasing & Payables


Requisition

24.1Are materials/ services requisition forms used for any of the requirement from the Site?

24.2Is the need properly assessed, reviewed and approved by a supervisor?

24.3 Does such requisitions addressed to the Central Stores Room?

42

XYZ Co., Dubai [ ]

24.4Is there a procedure to explore all options to satisfy the needs, including options within current resource constraints, before a purchase is authorized?

24.5Are items to be purchased specified in sufficient detail in the requisition to minimize risk of erroneous purchases?

24.6 Are the detailed specifications verified by the requestor?

24.7Does the requisition form refer to the availability of approved budgeted expenditure towards the purchase requirement?

Authorization

24.8Is the requisition authorized by a person designated by the department head on the Authorization Form on file with the Auditor and Financial Controller?

24.9Is the authorizing official certifies the amount available in the Project Budget towards the purchase requirement?

24.10 Is the authorization properly documented?

24.11 Are approval limits on department heads and CAO observed?

24.12Is there a procedure to verify that there is sufficient balance in appropriations to cover this purchase?

Methods of Purchase

24.13Are purchasing guidelines in the Company Policy and Procedures’ Manual followed?

24.14Are the following contractual procedures observed with respect to each of the purchase requirement:

Are copies of all supplier enquiries forwarded to the Central Purchase Department?

Is the list of suppliers to whom the enquiries are forwarded is made available to CPD?

Are quotes received from any additional suppliers as recommended by CPD?

Is comprehensive quotation comparison statement prepared and forwarded to CPD for its comments?

Are the comments from CPD observed before purchase is affected?

Are the signed and approved (by CPD) quotation

43

XYZ Co., Dubai [ ]

comparison statements brought to the notice of Internal Auditor for acknowledgement of adherence to the agreed purchase procedure?

24.15 Are purchase orders used only for goods and not for services?

24.16Is a contract used for purchases of complex items such as computer systems or large equipment, which need special delivery or expert installation?

24.17Is the use of confirming requisitions limited to emergency situations?

24.18 Is competitive bidding used to the extent practicable?

Receiving

24.19Are goods and services inspected upon delivery for conformance with purchase order?

24.20 Are incomplete deliveries promptly followed up?

24.21 Are non-conforming goods promptly returned to vendors?

24.22Are vendors promptly notified in writing of non-conforming services?

24.23 Are goods and services received documented in writing?

Payables

24.24 Are only original invoices accepted for processing?

24.25 Are vendor invoices processed promptly upon receipt?

24.26Are invoices matched with receiving reports or other evidence of receipt?

24.27 Are invoices checked for accuracy?

24.28Is the Exception Form used to request approval by the Auditor and Financial Controller for all exceptions to the company policies and procedures?

24.29 Are paid invoices immediately canceled?

44

XYZ Co., Dubai [ ]

25 Payroll


Time Entry

25.1 Are employees required to maintain attendance records?

25.2 Is the Time Sheet (HRMS) Module is properly in use?

25.3Do attendance records contain sufficient detail on work assignment for labor cost distribution purposes?

25.4Are attendance records in compliance with Labor Code requirements?

25.5Are attendance records approved by supervisors before submission to payroll department with direct knowledge of actual time worked?

25.6Are approved attendance records used to prepare payroll time entry?

25.7Are Time Cards or Sheets signed and submitted by employees at the end of (or the last day of work) the period?

25.8Is all overtime and compensation time recorded on the company’s Payroll System?

25.9Are the overtime payments take care of UAE Labor Law provisions with respect to 1.25 times & 1.5 times of the normal wage payment?

25.10 Are the employees paid for Vacation or Sick Time in advance?

25.11 Are accumulated leave records reviewed at year-end?

Payroll Distribution

25.12Is staff preparing payroll precluded from access to payroll checks and statements?

25.13Are payroll checks and statements distributed by supervisors or managers who know the employees?

25.14Is there a procedure to safeguard payroll checks and statements before it is delivered to the correct recipients?

45

XYZ Co., Dubai [ ]

25.15Is there a procedure to ensure that the payroll checks or statements are delivered timely to the correct employees in their absence?

25.16Are payroll distribution procedures in compliance with Labor Code requirements?

25.17While approving payroll, does anybody review the Payroll Voucher Verification Report at the end of each payroll period?

Payroll Records

25.18Are payroll and employee records safeguarded in compliance with Labor Code requirements?

25.19 Are payroll records retained for at least three years?

25.20Are changes in employee information promptly transmitted to HR Department and the Internal Auditor’s Office?

25.21If employees perform services outside the normal scope of their employment, are they paid in accordance with the Company Policy?

25.22

Are all or most of the following payroll duties performed by the same person?

Preparing and entering the data Approving payroll information Distribution of checks and vouchers

25.23 Is payroll prepared for staff and laborers separately?

46

XYZ Co., Dubai [ ]

Section II: Summary of Results

Responding Person:

Name: ____________________________________________________________

Designation: _______________________________________________________

Summary Results

1: ________________________________________________________________

__________________________________________________________________________

2: ________________________________________________________________________

__________________________________________________________________________

3: ________________________________________________________________________

__________________________________________________________________________

4: ________________________________________________________________________

__________________________________________________________________________

5: ________________________________________________________________________

__________________________________________________________________________

6: ________________________________________________________________________

__________________________________________________________________________



Reviewed by: _______________________________ Date: __________________

47

XYZ Co., Dubai [ ]

Section III

Human Resources Planning, Control & Management

[Covered in Table 26]

48

XYZ Co., Dubai [ ]

26 Human Resources: Planning, Control & Management


Recruitment

26.1Are skills and abilities required for positions clearly defined by the managers responsible for those positions?

26.2 Are the Professional Certifications/Degrees based on actual skills and abilities required for the job?

26.3Does the description of job responsibilities for the position match the responsibilities stipulated for the classification?

26.4Is the compensation package designed to attract and retain qualified candidates?

26.5

Where the proposed compensation package exceeds AED 350,000/-, is the prior approval of the Board obtained and kept on record? (this clause depend company to company, so shall be changed accordingly.)

26.6Are job openings advertised widely to attract the highly qualified applicants?

26.7Is the selection process designed to hire the best candidates for the positions?

26.8Is the recruitment based on the pre-approved Organization Chart?

Compensation

26.9 Are surveys made periodically to benchmark compensation?

26.10Are adjustments made to bring compensation closer to benchmark?

26.11Are employee salaries based on the salary ordinance adopted annually by the Board of Directors?

26.12Are benefits awarded to employees in accordance with UAE Labor Code?

26.13Do the proper managers authorize changes in classification or compensation?

49

XYZ Co., Dubai [ ]

26.14Are reasons for changes in compensation or classification properly documented in the files?

26.15Are the changes in compensation/classification properly approved by HR analysts?

Job Responsibilities

26.16Is each employee assigned specific job responsibilities in writing?

26.17Is any employee assigned with duties to contribute to the betterment of the parent company or the sister companies?

26.18Does the fixing of Global Duties to any such employee have hindered the effective working of the company?

26.19 Are significant changes in assignment documented in writing?

26.20 Are key job responsibilities approved by the department head?

26.21Do statements of job responsibilities indicate clearly show employees are expected to contribute to the Company goals?

26.22Do all managerial staff exhibit high ethical values, personal and professional integrity and compliance with the company policies and procedures?

Training

26.23Are resources and tools required by employees to carry out their responsibilities identified?

26.24Is the training required by employees to maintain their skills identified?

26.25Are funds budgeted to acquire the required resources, tools and training?

26.26Are personnel cross-trained or have it developed other plans for the replacement or back-up of key personnel?

26.27Is the staff regularly informed on how to report fraud or misconduct?

26.28Have the personnel, who initiate, approve, or review financial transactions, received appropriate training on the various financial systems?

50

XYZ Co., Dubai [ ]

26.29Are the personnel in operations are familiar with the company’s policies and procedures based on most update knowledge of rules and regulations?

Employee Performance

26.30 Are performance standards or expectations clearly established?

26.31Is performance assessed periodically against the standards and documented?

26.32 Are positive results reinforced through recognition or awards?

26.33 Is action taken to improve performance that is below standard?

Communication

26.34Are the company goals and departmental goals spelled out clearly for all employees to see?

26.35Are important instructions such as project/contract assignments given out in writing?

26.36

Do instructions include the following details, at minimum:

Names of responsible persons, Date of completion and Expected results?

26.37 Do employees get feedback on the results achieved?

26.38Is there a way through which employees can freely express their concerns and suggestions to their managers?

26.39Are the managers required to follow up and respond to their employees’ concerns and suggestions?

51

XYZ Co., Dubai [ ]

Section III: Summary of Results

Responding Person:

Name: ____________________________________________________________

Designation: _______________________________________________________

Results Summary1: ________________________________________________________________

__________________________________________________________________________

2: ________________________________________________________________________

__________________________________________________________________________

3: ________________________________________________________________________

__________________________________________________________________________

4: ________________________________________________________________________

__________________________________________________________________________

5: ________________________________________________________________________

__________________________________________________________________________

6: ________________________________________________________________________

__________________________________________________________________________



Reviewed by: _______________________________ Date: __________________

52

XYZ Co., Dubai [ ]

Section IV

Financial Planning, Accounting& Reporting


53

XYZ Co., Dubai [ ]

27 Financial Planning, Accounting & Reporting

No. Description Ref. Y/NN/A

Design of System

27.1Is there annual review of the design of accounting and internal control system for up-dating it according to the changing needs of the company and computer technology?

27.2Is there a formal schedule with target dates for completing tasks associated with closing the General Ledger and preparing Financial Statement worksheets?

27.3Is there a formal plan of organization under which responsibilities for closing the General Ledger and Financial Statement worksheets are clearly defined?

27.4Are policies and procedures established concerning year-end cut-off of accounting transactions?

27.5Does the company maintain documentation of written procedures covering the recording of transactions?

27.6Does this documentation contain a chart of accounts explaining what items are charged to each line account? Do relevant employees have access to this information?

27.7Does the company maintain and follow procedures for record filing, retention, and disposition?

Book-Keeping & Financial Accounting

27.8Are all financial transactions promptly entered into SOFTWARE?

27.9 Are the source documents maintained to provide an audit trail?

27.10If Subsidiary Ledgers are maintained, are they reconciled to SOFTWARE on monthly basis?

27.11Is there record retention policy that satisfies statutory and audit requirements?

27.12 Have the accounting records been audited in the past five years?

27.13Have adequate training been provided to accounting and finance staffs on SOFTWARE?

54

XYZ Co., Dubai [ ]

27.14Are journal entries approved, including a review of supporting documentation?

Financial Reporting

27.15

Is it required that trial balances, adjustments and supporting work papers be maintained to support the process of closing the General Ledger and preparing Financial Statements and Financial Statement worksheets?

27.16Are financial reports prepared only from General Ledger data or accounting data that reconcile with General Ledger?

27.17Are worksheets and schedules attached to journal entry accounting code sheets and are they secured in a safe location?

27.18Is a schedule followed to ensure timely preparation and filing of statutory reports?

27.19Is the usefulness of internal financial reports periodically evaluated?

27.20 Are financial reports submitted timely to requestors or users?

27.21Are Financial Statements (or Financial Statement worksheets) reviewed by the CFO for accuracy and consistency?

Disclosure of Unusual Transactions

27.22Is the certification required from operating contracts and projects that information submitted for the preparation of the Financial Statements is correct and up to date?

27.23

Is informative disclosure required in the Financial Statements and the accompanying notes as requiring the accumulation of information concerning:

Commitments? Contingencies? Related party transactions? Accounting principles? Fund classifications? Subsequent events? Other accounting disclosures?

27.24Are transactions subsequent to the balance sheet date reviewed for proper classification?

55

XYZ Co., Dubai [ ]

Reconciliation of Accounts & Balances

27.25 Are investments reconciled to control accounts at year-end?

27.26 Are intra-company transfers reconciled at year-end?

27.27Are intra-company inter-fund receivables and payables reconciled at year-end?

27.28Are amounts designated for subsequent years' expenditure reconciled to budget authorizations?

27.29Are the beginning fund balances or retained earnings reconciled to amounts reported in prior years?

27.30Are reconciliations of Subsidiary Ledgers to control accounts performed and reviewed by a responsible person?

27.31Are inter-company transfers of goods/equipments/materials/services (all kind of resources) reconciled before the closing of the year?

27.32Are Financial Statements (or Financial Statement worksheets) reconciled to the General Ledger before being transmitted to the Financial Controller/ CFO?

27.33Are bank reconciliation statements prepared on monthly basis and accounts are adjusted accordingly?

27.34 Are bank reconciliations reviewed at each month end?

27.35 Is the bank reconciliation statements’ file maintained separately?


27.36


Preparing and reviewing the Financial Statements? Preparing and reviewing journal entries? Accumulation of accounting information (inventories,

estimates, etc.) and custody of related assets? Preparing and reviewing worksheets and schedules

supporting the accounting information? Performing and reviewing reconciliations?

Review of Accounting Estimates

27.37 Do only authorized persons review departmental budgets?

27.38Are investments earning calculations and accruals reviewed at year-end?

56

XYZ Co., Dubai [ ]

27.39Are revenue accounts reviewed to identify possible deferred revenue?

27.40 Are fixed asset inventory worksheets reviewed at year-end?

27.41Are accrual transactions reviewed to determine that expenditure or revenue recognition was proper?

27.42Are retained earnings or fund balances reviewed for restrictions/reservations at year-end?

27.43 Are fund types reviewed to verify fund classifications?

27.44Does the management review accounting estimates atleast annually (depreciation, allowance for DoubtfulAccounts, etc.)?

Monitoring

27.45

Has the management identified accounts, such as those requiring complex calculations or accounting estimates, which are especially at risk of misstatement and developed policies and procedures to address those risks timely?

27.46Does the management consider the financial reporting impact of changes in computer programs?

27.47Has the management instituted a process to identify and address changes in accounting and reporting procurements?

27.48

Are only authorized persons allowed to alter or interpretan existing accounting principle or establish a newaccounting principle? Have proposed changes beenbrought to the attention of the management?

27.49Does the management spot-check transactions, records,and reconciliation to ensure expectations are met?

27.50Are policies and procedure developed for changes innew systems or new way of doing duties?

27.51Is information (i.e. findings, recommendations, etc.)provided by external auditors considered and acted uponin a timely manner?

27.52Are internal controls subject to a formal and continuousinternal assessment process being instituted?

27.53Does the management periodically evaluate the accuracyand timeliness of its information and communicate it toappropriate personnel?

Application of IFRSs/IASs

57

XYZ Co., Dubai [ ]

27.54Is a knowledgeable individual assigned the responsibilityto supervise the conversion from budget (cash) basis toGAAP basis of accounting?

27.55Have the qualified individuals reviewed recentlypromulgated accounting standards for properimplementation? This would include IFRSs/IASs.

27.56Are Financial Statements prepared in conformity with the applicable IFRSs/IASs?

58

XYZ Co., Dubai [ ]

Section IV: Summary of Results

Responding Person:

Name: ____________________________________________________________

Designation: _______________________________________________________

Results Summary1: ________________________________________________________________

__________________________________________________________________________

2: ________________________________________________________________________

__________________________________________________________________________

3: ________________________________________________________________________

__________________________________________________________________________

4: ________________________________________________________________________

__________________________________________________________________________

5: ________________________________________________________________________

__________________________________________________________________________

6: ________________________________________________________________________

__________________________________________________________________________



Reviewed by: _______________________________ Date: __________________

59

XYZ Co., Dubai [ ]

Section V

Management of Contracted Services


60

XYZ Co., Dubai [ ]

28 Services (include both to and by the XYZ Co.)


Need Assessment

28.1 Are the needs clearly defined prior to the contracting decision?

28.2Are all reasonable options explored before the contracting decision?

28.3Is the description of contracted services in the contract draft reviewed by the contract administrators or the end-users before final approval?

28.4Are on-going contracts periodically reviewed and modified to reflect changes in needs?

Ability Assessment

28.5Is the ability to provide the services contracted determined prior to the decision to contract?

28.6Is the net benefit to the company determined prior to entering into the contract?

28.7Is the ability to provide the services reviewed periodically prior to renewing the contract?

Compliance with the Company Statutes & UAE Labor Code

28.8Are contract drafts reviewed for compliance with statutes, regulations and Board policies before finalizing?

28.9Are terms of contracts reviewed annually for modifications necessitated by changes in laws, regulations or Board policies?

Contract Execution

28.10Are the company responsibilities, as stipulated in the contracts, assigned to specific personnel?

28.11Are the company responsibilities monitored by the management regularly?

61

XYZ Co., Dubai [ ]

28.12Are the counter-party’s responsibilities monitored by the company personnel?

28.13Is the counter-party notified timely of non-compliance with contractual terms?

28.14Are instances of contract non-compliance followed up to ensure proper resolution?

62

XYZ Co., Dubai [ ]

Section V: Summary of Results

Responding Person:

Name: ____________________________________________________________

Designation: _______________________________________________________

Results Summary1: ________________________________________________________________

__________________________________________________________________________

2: ________________________________________________________________________

__________________________________________________________________________

3: ________________________________________________________________________

__________________________________________________________________________

4: ________________________________________________________________________

__________________________________________________________________________

5: ________________________________________________________________________

__________________________________________________________________________

6: ________________________________________________________________________

__________________________________________________________________________



Reviewed by: _______________________________ Date: __________________

63

XYZ Co., Dubai [ ]

Section VI

Management Information System


64

XYZ Co., Dubai [ ]

29 Information System: Management & Controls


Delegation of Responsibilities

29.1

Is there a formal and approved organizational chart which identifies the individuals responsible for the:

Computer Systems? Computer Security?

29.2

Are there responsibilities of persons written in respect to the following:

Data Collection? Data Transmittal? Data Conversion? Data Editing? Error Correction & Control? Processing & Output Control? Data & Report Distribution?

29.3Are responsibilities segregated to assure that no one individual has the ability to input data, process data, and review output data?

Security

29.4 Is the Network Security Policy implemented?

29.5Are policies specific to work units developed to protect equipment?

29.6 Is physical access to equipment limited to authorized personnel?

29.7Are instructions and training provided to new equipment users on regular basis?

29.8 Is equipment breakdown promptly reported and acted on?

29.9 Is equipment subject to regular maintenance schedule?

29.10 Are obsolete items identified and upgraded timely?

65

XYZ Co., Dubai [ ]

29.11Are purchases of equipment coordinated and planned to ensure long-term compatibility?

Protection of Information

29.12Is a person designated as security administrator to ensure the security of information?

29.13Is access to data and program files restricted to authorized personnel?

29.14Are procedures established for the retention and back up of critical computer files?

29.15Have all personnel handling sensitive information been trained in accordance with Security Policy requirements?

29.16

Does the information system require that users use strong password of at least 7 characters (having a combination of alpha, numeric & function keys) in length and change their password on regular basis?

29.17

Does the IT Department have a written password policy and password training materials that are shared with system users on at least an annual basis?

29.18Do accounts exist in the information system environment that are shared by more than one user or do not require a password?

29.19

Does the information system have means of automatically identifying and responding to unauthorized attempts to gain access?

29.20Are the security scans periodically run on information system and results analyzed?

Usefulness of Information

29.21Is the information provided by information systems reliable and timely?

29.22Is the usefulness of output from information systems periodically evaluated?

29.23Are users periodically surveyed as to the usefulness of the information that they receive?

66

XYZ Co., Dubai [ ]

29.24 Are users kept informed of new capabilities of the systems?

Miscellaneous Issues

29.25Does software (ERP) undergo routine operating system and software maintenance?

29.26Does software (ERP) have a means of recording system activity for historical analysis?

29.27Does the company have a written and implementable disaster recovery or business continuity/ resumption plan?

29.28Are some copies of system backups stored in an off-site location (ie in a separate building from the Company Office)?

29.29Are the processes and policies surrounding the administration of software (ERP) documented?

29.30Is the hardware infrastructure underlying software (ERP) protected from unauthorized physical access?

29.31

Are the environmental variables of the location where the company hardware infrastructure resides properly controlled (eg temperature, humidity, uninterruptible/backup/clean electrical power supply)?

29.32Does the system administrator have adequate and applicable experience and training on the technology used in the software?

29.33Is the technology direction of the IT Department regularly reviewed and evaluated both internally and externally?

29.34Have you read and counseled the employees on the company’s IT Policy, Computers Users Privileges and Responsibilities?

29.35Have you considered how someone could be improperly conducting day-to-day operations in the company?

29.36

Are there adequate controls over the process of identifying, correcting, and reprocessing data rejected by the computer system?

29.37Is there a control in place to verify that the computer generated voucher number matches the number printed on the check?

29.38Is there a control in place to verify that the computer generated check number matches the number printed on the check?

67

XYZ Co., Dubai [ ]

Section VI: Summary of Results

Responding Person:

Name: ____________________________________________________________

Designation: _______________________________________________________

Results Summary1: _______________________________________________________________________

__________________________________________________________________________

2: ________________________________________________________________________

__________________________________________________________________________

3: ________________________________________________________________________

__________________________________________________________________________

4: ________________________________________________________________________

__________________________________________________________________________

5: ________________________________________________________________________

__________________________________________________________________________

6: ________________________________________________________________________



Reviewed by: _______________________________ Date: __________________

68

XYZ Co., Dubai [ ]

69

The End.

internal control questionnaires (icqs)

Economy & Finance

control management

management control environment

mission statement

operating environment

mission consistent

mission compatible

external environment

management controls