Existence of Formal Job Descriptions

Document Sample
Existence of Formal Job Descriptions Powered By Docstoc
					                                                                                R000 - Audit Of (Department)                                                          W/P B-80
                                                                                Preliminary Survey Information                                           Auditor: xxx Date: xx/xx/xx
                                                                                Ratings of COSO Elements                                                 Review: xxx Date: xx/xx/xx
                                                                                FY (Insert Year)

                                COSO Element                                     Rating                                                Comments

Control Environment

 Integrity and Ethical Values
 1. Awareness of University & State Policies
 2. Management's Attitude Toward Policies & Controls
 3. Pressure To Meet Performance Targets

 Commitment to Competence
 1. Existence of Formal Job Descriptions/Reviewed/Updated

 Management's Philosophy
 1. Management Attitude Toward Business Risks
 2. Excessive Turnover

 Organizational Structure
 1. Organization Has Adequate and Functional Organizational Structure

 Assignment of Authority and Responsibility

 1. Authority and Responsibility Appropriately Assigned

 Total Control Environment Rating                                                   0                                                    0-LOW

Risk Assessment

 Organization-Wide Objectives

 1. Management Established Organization-Wide Objectives
 2. Objectives Disseminated To Employees

 Activity Level Objectives

 1. Objectives Established For Each Significant Activity
 2. Activity Level Objectives Linked To Organization Objectives


 1. Thoroughness and Relevance Of Organization Risk Analysis Process

 Managing Change

 1. Mechanism To React To Routine Events That May Affect Objectives
 2. Mechanism To React To Changes (Environment, Personnel, Etc.)

 Total Risk Assessment Rating                                                       0                                                    0-LOW

Control Activities

 Controls and Policies

 1. Organization Policies and Procedures In Place As Necessary
 2. Supervisory Personnel Review Of The Functioning Of Controls

 Total Control Activities Rating                                                    0                                                    0-LOW

Information and Communication


 1. Mechanisms To Obtain Information Relative To Performance
 2. Managers Within Organization Receiving Information Necessary
 3. Long-Range Information Technology Plan Linked To Objectives


 1. Effectiveness Of Organizational Communication
 2. Feedback Mechanism From Customers

 Total Information and Communications Rating                                        0                                                    0-LOW


 1. Extent To Which Organization Evaluates Functioning Of Controls
 2. Mechanism To Capture And Report Identified Control Deficiencies                 0

 Total Monitoring Rating                                                            0                                                    0-LOW

 Total COSO Rating                                                                  0                                                    0-LOW

Instructions: Based on your work in the audit, rate the auditee on each of the COSO
            elements listed in the preliminary survey program. Ratings are on a scale of 1 to 5,
            with 1 representing that the auditee is very strong in this area (low risk) and 5
            that the auditee is very weak in this area (high risk). The averages and total rating from
            COSO elements is calculated automatically.

               The best possible overall score is 24; the worst is 120. Low risk is defined as 24-48;
               low to moderate risk is 49-66; moderate to high risk is 67-84; and high risk is 85-120.

               For the five individual elements of control, the possible ranges are as follows:
                Control Environment - 8 to 16 or avg of 1-2 (Low); 17to 22 or avg of 2-2.75 (Low-Moderate); 23 to 28 average of 2.75 to 3.5 (Moderate-High);
                                         29 to 40 or avg of 3.5 to 5 (High).
                Risk Assessment -          7 to 14 of avg of 1-2 (Low); 15 to 19 or avg of 2-2.7 (Low-Moderate); 20-25 or avg of 2.7 to 3.6 (Moderate-High);
                                        26-35 of avg of 3.6 to 5 (High).
                Control Activities - 2 to 4 or avg of 1-2 (Low); 5 to 6 or avg of 2-3 (Low-Moderate); 7 to 8 of avg of 3 to 4 (Moderate-High);
                                        9 to 10 or avg of 4-5 (High).
                Information & Communication - 5 to 10 or avg of 1-2 (Low); 11 to 14 or avg of 2-2.8 (Low-Moderate); 15 to 18 or avg of 2.8-3.6
                                                    (Moderate-High); 19 to 25 or avg of 3.6 to 5 (High).
                Monitoring -              2 to 4 of avg of 1-2 (Low); 5 to 6 of avg of 2-3 (Low-Moderate); 7 to 8 or avg of 3-4 (Moderate-High);
                                         9 to 10 or avg of 4-5 (High).

Shared By: