ELC - Information and Communication Questionnaire

Document Sample
ELC - Information and Communication Questionnaire Powered By Docstoc
					 ENTITY-LEVEL CONTROLS- Information & Communication

 What is Information and Communication?
 Information and communication is the component of internal control that ensures that pertinent information is identified, captured, and communicated in
 a form and timeframe that enables people to carry out their responsibilities. Information systems produce reports containing operational, financial, and
 compliance-related information that make it possible to run and control the business. They deal with internally-generated data, as well as information
 about external events, activities, and conditions necessary to make informed business decisions and generate reliable external reports. Effective
 communication also must occur in a broader sense, throughout the organization. All personnel must receive a clear message from top management
 that control responsibilities must be taken seriously. Individuals must understand their own role in the internal control system, as well as how individual
 activities relate to the work of others. Individuals must have a means of communicating significant information upwards within the organization.



 What is the objective of Information and Communication?
 The objective of information and communication is to ensure that information relevant to operating the business and the maintenance of internal controls
 and records is identified, captured, and communicated to the appropriate individuals on a timely basis.

                                                                                                                                                                                                                                                                          Type of
                                                                                                                                                                                                                                                                        Deficiency
                                                                                                                                                                Controls                      Controls            Describe the basis for                             (Efficiency, Fin.
                                                                                Does this control   Describe specific activities, programs or controls in       properly                      operating          effectiveness conclusion                               Reporting,       Management Action Plan to
  #    COSO Attribute             Point of Focus/ Control Objective                  exist?                   place that satisfy the objective                 designed?   Test Procedures   effectively?   (including evidence of operation)   Deficiencies Noted     Compliance)         Address Deficiencies
                          Management monitors relevant external
     Information          information and considers the impact on the
   1 Availability         entity.
                          Internal information regarding financial results is
                          generated by the entity's financial information
     Information          systems and that information is reported
   2 Availability         regularly.
     Information          Entity-wide operating results are reviewed and
   3 Availability         compared against budgets at regular intervals.
     Information          The adequacy of the information technology
   4 Availability         structure is considered by senior management.

                          Managers and other personnel have the required
                          information in sufficient detail to carry out their
     Information          responsibilities and there are mechanisms in
   5 Availability         place to ensure changing needs are met.
     Reliability of IT    Management has a strategic plan for IT systems
   6 Systems              that is linked to the entity's overall strategies.
                          Procedures are in place to provide assurance
                          that relevant information is identified, captured,
     Reliability of IT    processed and reported by IT systems in an
   7 Systems              appropriate and timely fashion.
                          Management adequately staffs and designs the
     Reliability of IT    IT department to support the entity's overall
   8 Systems              business objectives.
                          There are defined responsibilities for individuals
                          responsible for implementing, documenting,
     Reliability of IT    testing, and approving changes to computer
   9 Systems              programs and systems.
     Reliability of IT    There is a regular back-up of application
  10 Systems              programs and data files.
                          The entity has a disaster recovery plan in place
                          that allows for the timely recovery of information.
     Reliability of IT    The disaster recovery plan is tested regularly
  11 Systems              and is updated as the business changes.
                          There is a high level of user satisfaction with the
     Reliability of IT    IT systems, including reliability and timeliness of
  12 Systems              reports.
                          Employee duties and control responsibilities are
  13 Communication        timely and effectively communicated.
                          Management performs timely and appropriate
                          follow-up regarding communications received
                          from customers, vendors, regulators and other
  14 Communication        external parties.




Source: www.knowledgeleader.com                                                                                                                                                                                                                                                                                      Page 1
                                                                                                                                                                                                                                                               Type of
                                                                                                                                                                                                                                                             Deficiency
                                                                                                                                                     Controls                      Controls            Describe the basis for                             (Efficiency, Fin.
                                                                        Does this control   Describe specific activities, programs or controls in    properly                      operating          effectiveness conclusion                               Reporting,       Management Action Plan to
  #   COSO Attribute         Point of Focus/ Control Objective               exist?                   place that satisfy the objective              designed?   Test Procedures   effectively?   (including evidence of operation)   Deficiencies Noted     Compliance)         Address Deficiencies

                       Communication across the organization is
                       adequate, complete and timely to enable people
 15 Communication      to perform their responsibilities effectively.
                       There is an established channel of
                       communication for people to report,
                       anonymously when appropriate, suspected
                       improprieties and management encourages
                       employees to utilize such channels when
 16 Communication      necessary.
                       Reported problems are investigated in a timely
                       manner and disciplinary actions are taken when
 17 Communication      necessary.
                       There are realistic mechanisms in place for
 18 Communication      employees to provide recommendations.




Source: www.knowledgeleader.com                                                                                                                                                                                                                                                                           Page 2

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:10/1/2012
language:English
pages:2