Internal Control Questionnaires by at.bhatty

VIEWS: 49 PAGES: 69

									 1.1




                                                          Risk Assessment Procedures
            XYZ Co.,
       Dubai, United Arab Emirates.




INTERNAL CONTROL
 QUESTIONNAIRES
    Internal Control Questionnaires provide bases for
       risk assessment which is considered to be the
     essential part of internal audit framework. This
   booklet provides internal control questionnaires for
    a range of topics from operations to finance. Also
   includes risk assessment programs for information
                          systems.
XYZ Co., Dubai   [Internal Control Questionnaires]




 To my respectable teachers.




                                                     2
       XYZ Co., Dubai                                                    [Internal Control Questionnaires]


Contents
1    Mission ............................................................................................................................................ 5
2    Planning .......................................................................................................................................... 5
3    Control Environment ..................................................................................................................... 6
4    Monitoring Overall Performance ................................................................................................. 8
5    Effectiveness of Processes.......................................................................................................... 9
6    Efficiency of Processes .............................................................................................................. 10
7    Allocation of Resources.............................................................................................................. 10
8    Use of Resources ........................................................................................................................ 11
9    Operating Environment: Compliance with Laws & Regulations........................................... 11
10   Operating Environment: Compatibility with External Environment ...................................... 12
11   Budgetary Controls & Follow up Reviews ............................................................................... 15
12   Cash & Cheque Receipts........................................................................................................... 17
13   Payments ...................................................................................................................................... 23
14   Cash on Hand & in Banks .......................................................................................................... 24
15   Deposits to Company Treasury ................................................................................................ 25
16   Cash Funds .................................................................................................................................. 25
17   Investments .................................................................................................................................. 26
18   Revenue Enhancement, Market Trends & Updates .............................................................. 29
19   Cost Recovery: Allocation & Apportionment ......................................................................... 30
20   Billing to Customers .................................................................................................................... 30
21   Accounts Receivables ................................................................................................................ 32
22   Inventory: Goods, Materials & Stores ...................................................................................... 35
23   Operating Fixed Assets .............................................................................................................. 38
24   Purchasing & Payables .............................................................................................................. 42
25   Payroll ........................................................................................................................................... 45
26   Human Resources Planning, Control & Management........................................................... 49
27   Financial Planning, Accounting & Reporting ........................................................................... 54
28   Services (include both to and by the XYZ Co.)....................................................................... 61
29   Information System: Management & Controls ........................................................................ 65


                                                                                                                                                 3
XYZ Co., Dubai       [Internal Control Questionnaires]




                 Section I

Business Planning, Management &
      Control Environment


         [Covered in Table 1-10]




                                                         4
           XYZ Co., Dubai                             [Internal Control Questionnaires]

1         Mission


    No.   Description                                                                Ref.   Y/N   N/A



    1.1   Has the organization adopted a mission statement?


    1.2   Is the mission stated clearly, concisely and in easily understood terms?


    1.3   Is the mission compatible with the mission of the parent company?

          Is the mission consistent with laws, regulations, and the Company Law
    1.4
          enforceable in UAE?

          Is the mission statement divulged and displayed conspicuously
    1.5
          throughout the organization?

    1.6   Has management set operational goals for the organization?

    1.7   Are these operational goals congruent with each other?

    1.8   Do these operational goals directly support the mission?

    1.9   Are these operational goals stated in measurable terms?

1.10      Are the goals further divided into sub-goals for operating units?

          Is a method used to help employees understand how their daily work
1.11      contributes to the goals of their departments and to the mission of the
          organization?


2         Planning


    No.   Description                                                                Ref.   Y/N   N/A



    2.1    Has the management developed plans to achieve stated goals?




                                                                                                  5
          XYZ Co., Dubai                               [Internal Control Questionnaires]



           Do these plans describe clearly objectives to be achieved, the methods
    2.2
           to be used, how resources are organized and time line for completion?


    2.3    Do these plans include financial budgets?

           Does the planning process include input from knowledgeable operating
    2.4
           personnel?

           Are these plans communicated           to personnel responsible       for
    2.5
           implementing them?

           Are the plans converted into specific tasks that are assigned to specific
    2.6
           employees?


3         Control Environment


    No.   Description                                                                  Ref.   Y/N   N/A


       Integrity & Ethical Values
           Are there written policies and internal operating procedures that have
    3.1
           been approved by the governing body or top management?

           Does the companyhave a code of ethical conduct that has been made
    3.2
           available to all employees?

           Have transactions been executed in accordance with integrity and
    3.3
           ethical values/codes?

           Are procedures documented, kept current and readily available for use
    3.4
           by all employees?

       Commitment to Competence& Excellence

    3.5    Are responsibilities clearly defined in writing and communicated?


           Does the management understand knowledge and skills required to
    3.6
           accomplish tasks?

    3.7    Does the management get involved in training?



                                                                                                    6
       XYZ Co., Dubai                             [Internal Control Questionnaires]


    Management’s Philosophy & Operating Style

       Does the management use budget, spending plans, etc. to review the
3.8
       company’s performance?


       Are accounting records and accounting personnel at all locations/sites
3.9
       under the supervision of the Accounting Manager/Financial Controller?


       Does the management actively follow-up on complaints from
3.10
       customers/clients?

3.11   Are policies and procedures consistent with statutory authority?


3.12   Are the budget system and the planning process integrated?


       Are periodic (monthly, quarterly) reports on the status of actual to
3.13
       budget performance prepared and reviewed by top management?


3.14   Are unusual variances between budget and actual examined?

       Are operations made in accordance with statutes governing the
3.15
       company?

       Is the internal control structure supervised and reviewed by
3.16
       management to determine if it is operating as intended?

       Does the company compare its actual performance with its goals and
3.17
       objectives on periodic basis?

       Does the companyhave a functioning internal audit staff to review its
3.18
       operations?

       Does the internal audit staff report to an official independent of the
3.19
       operations under review?

    Organizational Structure

       Are there written policies and procedures for all major areas
3.20
       of the organization?

3.21   Are procedures reviewed annually for possible updating?




                                                                                      7
           XYZ Co., Dubai                              [Internal Control Questionnaires]


            Is there an organization chart clearly defining the lines ofthe
    3.22
            management authority and responsibility?

    3.23    Is the organization chart current and accurate?

    3.24    Does the organization chart enhance work performance?

    3.25    Are all the company’s operations centralized ordecentralized?

    3.26    If decentralized, is monitoring of the areas adequate?

        Assignment of Authority & Responsibility

            Has the management provided resources to ensure compliance with the
    3.27
            requirements of the UAE Laws?
    3.28
            Are there sufficient training opportunities to improve competency and
            update employees on new policies and procedures available?

    3.29
            If known areas of knowledge are limited, has help been enlisted from
            peers, auditors or outside consultants to identify alternatives and
            suggest solutions?
    3.30
            Have the managers been provided with clear goals and direction from
            the governing body or top management?

            Are responsibilities divided so that no single employee controls all
    3.31
            phases of a transaction?


4          Monitoring Overall Performance


    No.    Description                                                              Ref.   Y/N   N/A


            Does the management assess progress toward goal achievement
    4.1
            periodically?

            Does this periodic assessment include comparison of actual financial
    4.2
            data to budgets and explanation of variances?

    4.3     Is this assessment based on reliable and objective measurements?




                                                                                                 8
           XYZ Co., Dubai                           [Internal Control Questionnaires]


           Is this assessment done timely and at a frequency that allows timely
    4.4
           adjustments?

           Are the results of the progress assessment shared with the
    4.5
           personnelresponsible for action?

           Are the responsible personnel requested to take action to modify the
    4.6
           goals or adjust the plans and processes?

           Does the management follow up to ensure that the appropriate action
    4.7
           was taken?

           Does an independent body monitor the operations of the organization
    4.8
           on an ongoing basis?

           Has the organization undergone an independent review or audit in the
    4.9
           past five years?


5         Effectiveness of Processes


    No.   Description                                                                Ref.   Y/N   N/A


    5.1
           Has the management identified the core processes that are used to carry
           out the mission of the organization?


    5.2    Has the management defined the effectiveness of these processes?

    5.3
           Does the management have a system in place to measure this
           effectiveness?
    5.4
           Are performance measures for each process obtained timely and at a
           frequency that permits timely adjustments?

    5.5
           Is appropriate action taken as a result of the measurements to improve
           effectiveness?

    5.6    Are core processes properly documented to facilitate changes?

    5.7    Is the documentation kept up-to-date?




                                                                                                  9
            XYZ Co., Dubai                              [Internal Control Questionnaires]

6          Efficiency of Processes


    No.     Description                                                                Ref.   Y/N   N/A


           Performance Evaluation & Appreciation

             Has the management defined efficiency in terms of performance and
    6.1
             achievement of goals?


    6.2      Does the management have a system in place to measure efficiency?

             Are efficiency measurements compared with industry standards or
    6.3
             otherbenchmarks?

             Are efficiency measurements obtained timely and at a frequency
    6.4
             thatpermits timely adjustments?

             Is appropriate action taken as a result of the measurements to
    6.5
             increaseefficiency?


7          Allocation of Resources


    No.     Description                                                                Ref.   Y/N   N/A


             Are total available resources identified and assigned to projects or
    7.1
             construction sites?

    7.2      Are under-utilized resources identified for re-deployment?

    7.3      Are goals prioritized for purpose of resource allocation?


             Is a consistent method used to allocate resources to achieve an optimum
             balance between effectiveness and efficiency? (To maximize
    7.4
             effectiveness as many resources as possible may be allocated to a goal;
             to maximize efficiency as few resources as possible should be used).




                                                                                                    10
           XYZ Co., Dubai                              [Internal Control Questionnaires]

8          Use of Resources


     No.      Description                                                                Ref.   Y/N   N/A


            Are there current job descriptions for key personnel which state clearly
    8.1
            the expected contribution to the organizational goals?

            Are instructions available on how to use the non-personnel resources
    8.2
            such as equipment, information systems and available funds?


    8.3     Is the contribution of each key resource to organizational goals defined?

            Is appropriate action taken to improve performance that falls below
    8.4
            expected levels?

            Is there appropriate recognition to reinforce contributions at or above
    8.5
            expected levels?

            Is there an adequate training program for personnel to maintain essential
    8.6
            skills and abilities?

            Is there an incentive program for personnel to develop other job-related
    8.7
            skills and abilities?

            Are major equipment items subjected to a regular maintenance/ test
    8.8
            schedule to ensure acceptable output level?

            Are information systems        evaluated   periodically for    continued
    8.9
            usefulness?


9          Operating Environment: Compliance with Laws & Regulations


    No.    Description                                                                   Ref.   Y/N   N/A


            Are current laws, regulations and standards that significantly affect
    9.1
            operations identified?
            Is a method used to identify all laws, regulations and standards affecting
    9.2
            the organization?

            Is a mechanism used to monitor compliance with these laws, regulations
    9.3
            and standards?


                                                                                                      11
         XYZ Co., Dubai                             [Internal Control Questionnaires]

10      Operating Environment: Compatibility with External Environment


        Description                                                                  Ref.   Y/N   N/A


      Change Management

         Are all external factors that can have a material effect on operations in
 10.1    the future identified (Trends in industry, economy, technology,
         demography, regulations)?


         Are the future effects of these external factors evaluated and planned
 10.2
         for?


         Is there a formal and written Change Management process whereby
 10.3    system changes are requested, approved, documented and approved
         for installation?




                                                                                                  12
    XYZ Co., Dubai                 [Internal Control Questionnaires]




               Section I: Summary of Results
Responding Person:
Name: ____________________________________________________________
Designation: _______________________________________________________


                        Summary of Results
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________


I certify that the foregoing responses are accurate to the best of my
knowledge, understanding and comprehension taken from the company
management.


Completed by: ______________________________ Date: __________________


Reviewed by: _______________________________ Date: __________________




                                                                       13
XYZ Co., Dubai       [Internal Control Questionnaires]




                 Section II

Design of Internal Controls System


        [Covered in Table 11-25]




                                                         14
        XYZ Co., Dubai                            [Internal Control Questionnaires]

11      Budgetary Controls & Follow up Reviews


 No.     Description                                                               Ref.   Y/N   N/A


      Budgeting Preliminaries

          Is a budget developed for all funds that require an approved budget by
 11.1
          law or by Board policy?


          Is there a formal organizational chart defining responsibilities for
 11.2     preparing, approving, changing and submitting the budget to the
          Office of Budget Management?

          Are budgetary increases or decreases (as they relate to Programs or
          Contracts or Sub-contracts), that are mandated by the management
 11.3
          communicated to operating departments? Is this done in a timely
          manner?

          Are initial budget submission developed and prepared by major
 11.4
          departments and activity centers?

          Are budget revisions approved by an authorized person before being
 11.5
          entered into the accounting system?

          Are the management's goals and objectives integrated into budget
 11.6
          submissions?

          Are expenditure and revenue transactions reviewed to determine that
 11.7
          coding is consistent with budget classifications?


          Are budget reports distributed, (or available on-line), to operating
 11.8
          departments as a management tool?

      Segregation of Duties


          Are the following duties generally performed by different people:
                Preparation and approval of the budget submitted to the
                 management?
 11.9           Implementation and approval of the budget submitted to the
                 management, including budget revisions?
                Recording budget revisions in the General Ledger and the
                 approval or implementation functions?


                                                                                                15
        XYZ Co., Dubai                            [Internal Control Questionnaires]


   Preparation & Approval

         Are budgets prepared in sufficient detail (i.e. at operational
11.10    responsibility level) to provide a meaningful tool to monitor
         subsequent performance?

11.11    Are instructions from the company Budget Office followed?

         Are budget estimates based on prior actual results and reasonable
11.12
         forecast of future events?

         Are budget estimates supported by detailed worksheets that show how
11.13
         the estimates were calculated and the assumptions made?

         Is the budget preparation assigned to a competentand experienced
11.14
         staff?

         Does the department head review the estimates and worksheets before
11.15
         submission?

         Are the budgets reviewed and approved by the Board on annual
11.16
         basis?

         Are the budgets flexed according to the activity levels achieved on
11.17
         periodic basis?

11.18    Are there any rolling over of monthly or quarterly budgets?

         Are the funds used only for the budgeted purchase of goods or
11.19
         services that support the annual budgets?

         Is there a procedure to ensure that there are sufficient budgeted funds
11.20
         to cover major expenditures before they are incurred?


   Monitoring of Budgets

         Are there any follow up reviews in place of monthly and annual
11.21
         budgets flexed to the activity levels achieved?

         Are over expenditures or under realized revenues discussed with
11.22    departmental personnel and are there explanations for significant
         variation from budgeted amounts?


11.23    Is there a procedure to follow up on major unrealized revenue items?


                                                                                      16
         XYZ Co., Dubai                            [Internal Control Questionnaires]


           Does the management review actual results against the monthly
 11.24
           budgets?

           Does the management initiate prompt action to correct anticipated
 11.25
           budget variances?

           Are all significant projected budget variances explained in the follow
 11.26
           up review reports?

           Are revised budget estimates submitted to the Board promptly for
 11.27
           action?

           Does the management compare budget estimates with actual results at
 11.28
           year end to identify errors or changes in trends?

           Does the management take prompt action to address budget
 11.29
           variances?

           Are significant budget variances and corrective action reported timely
 11.30
           to the Chief Financial Officer or the Board for appropriate action?

           Are performance data collected to evaluate the effect of allocation of
 11.31
           resources?

           Are budgeted resources and performance data appropriately
 11.32
           summarized on the Annual Report to the Board?


12       Cash & ChequeReceipts


 No.      Description                                                               Ref.   Y/N   N/A


      System

          Are the following duties distributed among at least two individuals:
                Authorize cash receipts?
 12.1           Record cash receipts?
                Deposit cash receipts?
                Reconcile cash receipts?

          Are there guidelines for accepting remittances that do not agree to
 12.2
          amountsowed to the company?



                                                                                                 17
        XYZ Co., Dubai                             [Internal Control Questionnaires]


         Is there a formal organizational chart defining responsibilities for
12.3
         processing and recording cash transactions?


12.4     Are cheques identified by maker and amount on the deposit slip?

         Are there procedures in place to establish a proper cut-off of cash
12.5
         receipts at the end of the fiscal year?

12.6     Is a mail receipts log maintained for mail receipts?

         Is the mail receipts log reconciled to:
12.7           The cash receipts journal?
               Validation certification of deposit/deposit slips?

         If payments are made in person (seminars, workshops, etc.), are
12.8
         receipts for payment used and accounted for and balanced to deposits?


         Do control procedures exist regarding the collection, timely deposit,
12.9     and recording of collections in the accounting records at each
         collection location?

         Are pre-numbered receipts issued for all cash collections and are
12.10
         numbers of all receipts accounted for?

12.11    Are logs of receipt book issuances maintained?

    Petty Cash Management

12.12    Are petty cash/change funds at the minimum effective amount?


12.13    Are all petty cash funds maintained on an imprest basis?

         Are unauthorized advances from petty cash funds to employees
12.14
         prohibited?

12.15    Are all petty cash cheques cashed promptly at the banks?




                                                                                       18
        XYZ Co., Dubai                              [Internal Control Questionnaires]



         Are petty cash vouchers or bills required for all petty cash
         disbursements and are they pre-numbered?
          Are they signed by persons receiving cash?
12.16     Are they approved in writing by department head or other
           responsible official?
          Are they properly supported by vendor receipts?
          Are they type-written or written in ink to preclude alterations?



         Is petty cash kept in a locked place, where only the custodian has
12.17
         access?

12.18    Are petty cash funds segregated from other cash?

         Are letters accompanying gifts, grants, donations, etc., retained as part
12.19
         of the permanent records?

12.20    Are the authorization records of the depository banks up to date?


12.21    Are receipts deposited as often as required by the company policy?


    Segregation of Duties



         Are the following duties generally performed by different people:
          Custodian of the fund, reconciliation of the fund and access to cash
             receipts?
          Filling     out the disbursement receipts, disbursement, and
             reconciliation?
            Making a deposit, billing, making General Ledger entries and
             collecting?
12.22       Collecting cash, placing a restrictive endorsement on the Cheques,
             balancing cash, closing cash registers, making a deposit,
             maintaining Accounts Receivable records and making General
             Ledger entries?
            Collecting of licenses, fines, and inspections and making General
             Ledger entries?
            Collecting cash and reconciling the bank account?
            Closing Cash Registers daily by a person not involved in cash
             collection?




                                                                                        19
        XYZ Co., Dubai                              [Internal Control Questionnaires]


    Security

12.23    Is there adequate physical security surrounding cashiering areas?

         Are employees prohibited from cashing personal Cheques at
12.24
         cashiering areas?

12.25    Is cash receiving centralized to the maximum extent possible?


12.26    Are all employees handling cash receipts adequately bonded?

12.27    Are "audit tapes" retained for cash registers?

         Is a restrictive endorsement placed on incoming cheques as soon as
12.28
         received?
         Are petty cash vouchers effectively canceled at the time of
12.29
         reimbursement to the fund by an individual other than the custodian?
         Is a system of pre-numbered receipts with adequately controlled
12.30
         copies in use wherever practicable?

12.31    Are cash receipts controlled at the earliest point of receipt?

         When funds cannot be deposited daily, are the funds transported to a
12.32
         centralized location at the end of the workday and secured overnight?


         Are unidentified cash remittances immediately returned to the payers
12.33
         or deposited into a suspense account for further research?

         Is supporting documentation required to indicate the purpose of the
12.34
         remittance to the company?

    Receipts through Cheques

12.35    Is cashing of personal cheques against collections prohibited?

         Are the cheques recorded immediately upon receipt in the Bank
12.36
         Book?

12.37    Are currency and cheques accounted for separately?

         Are cheques reviewed for accuracy and authenticity before
12.38
         acceptance?



                                                                                        20
        XYZ Co., Dubai                              [Internal Control Questionnaires]


         Are cheques that show suspicious alterations immediately returned to
12.39
         payers?

12.40    Is a Board-approved fee charged for all returned cheques?

         Are all cheques promptly restrictively endorsed “for deposit only” to
12.41
         the company upon receipt?

    Cash Collections

         Are cash collections recorded immediately upon receipt in the cash
12.42
         registers or cash receipt book?

         Does the information recorded include: date, payer, amount, method
12.43
         of payment, purpose of payment, cashier's name?

12.44    Is a receipt issued for every remittance made in currency?

12.45    Are receipt forms pre-numbered and periodically accounted for?

         Are these pre-numbered printed receipts have any linkage to the
12.46
         System generated Receipt Vouchers?

12.47    Are cash collections balanced to receipts daily?

12.48    Is cash shortage for each cashier documented and investigated?

         Are cash shortages made up from a cash difference fund rather than
12.49
         being offset against overages?

         Are there procedures to establish accountability for cash and related
12.50
         items (Cheques, Credit Cards, Receipts, etc.)

         Are cash and related items (Cheques, Credit Cards, Receipts)
12.51
         physically safeguarded against theft and loss?

         Are cash shortages identified, analyzed, recorded, and reported
12.52
         immediately?

         Are all the cash collections deposited within one business day of
12.53
         receipt?

12.54    Is someone independent of the cash receiving process, reviewing and
         approving void and refund transactions?
         Are security personnel or anybody held responsible or accountable for
12.55    mail used to transport deposits to the cash officer or to the local bank?



                                                                                        21
        XYZ Co., Dubai                             [Internal Control Questionnaires]


    Electronic Transfers
12.56    Is there a written policy for Electronic Payments?


12.57    Is the staff aware of the policy for accepting Electronic Payments?


12.58    Is there a proper record for bounced cheques?

12.59    Is there a separate record-keeping for Electronic Payments?


         Are Electronic Transfers matched with written confirmation from the
12.60
         sender?

    Monitoring


12.61    Does the company have an approved Cash Management Plan on file?



12.62    Does the company have an approved Delegation of Disbursing
         Authority on file?



         Is an effective control maintained over receipts of gifts, grants,
12.63    donations, etc. and is a follow-up made by a responsible official to see
         that they have been classified and recorded properly?


         Are funds periodically counted by a person other than the custodian at
12.64
         unannounced times?

12.65    Does management approve or spot chequereconciliations?

         Are policies documented for changes in a new system or method for
12.66
         accounting for cash?


12.67    Are timely corrective actions taken in cash discrepancies?




                                                                                       22
           XYZ Co., Dubai                             [Internal Control Questionnaires]

13       Payments


     No.        Description                                                          Ref.   Y/N   N/A



            Are the following duties distributed among at least two individuals:
               Authorize payments?
 13.1          Have custody of cash?
               Record payments?
               Reconcile cash payments?


 13.2       Is there a policy that clearly defines authorized payments?


            Is the business purpose clearly documented on all invoices and other
 13.3
            claims submitted for payment approval?

            Are all approved payments supported by proper documentation such
 13.4
            as original vendor invoices?

            Are approved vendor invoices and other approved claims promptly
 13.5
            entered into General Ledger for payment?

 13.6       Are payments made only against budgeted accounts?

            Are cash advances prohibited unless specifically authorized by Board
 13.7
            policy or the Auditor or the Financial Controller?

            Are blank cheques, warrants and signature plates safeguarded in
 13.8
            physically secure areas?

 13.9       Do only authorized personnel sign cheques and claims?

            Are changes in the list of authorized signatories promptly reported to
 13.10
            the Auditor, Financial Controller’s office,and the banks?

            Do these authorized signatories review supporting documentation
 13.11
            before signing?

            Are signed warrants and cheques immediately mailed out by someone
 13.12
            who did not prepare them?

            Does the Auditor/Financial Controller specifically authorize all
 13.13
            Electronic Transfers of funds?


                                                                                                  23
         XYZ Co., Dubai                             [Internal Control Questionnaires]


           Is each electronic payment confirmed in writing or e-mail with the
 13.14
           intended recipient?

           Are there procedures to ensure that the individuals performing the
           monthly review of company’s disbursements for all purposes is not
 13.15
           the same individual who approves requisitions of travel and for other
           purposes?

           Has the company developed and implemented written procedures
 13.16     regarding the initiation, review, and approval of all non-payroll
           expenditures?


           Are all expenditure transactions and related vouchers independently
           reviewed for completeness, accuracy, and compliance with company
 13.17
           policies and in agreement with supporting documentation before
           being approved for payment?



14       Cash on Hand &in Banks


 No.      Description                                                              Ref.   Y/N   N/A



 14.1      Is cash on hand safeguarded in a physically secure area?

 14.2      Are cash receipts in process properly secured?

           Are cash receipts deposited promptly into the company treasury or
 14.3
           bank accounts as appropriate?

           Are bank accounts authorized by laws, the Board of Directors, the
 14.4
           Auditor and Financial Controller or the Treasurer, as appropriate?

           Are bank accounts established in the names of authorized company
 14.5
           officials?

 14.6      Are cash balances reconciled monthly with bank statements?


           Are bank reconciliations reviewed by a senior officer for proper
 14.7
           disposition of reconciling items?

           Are all bank account balances reported to the Auditor and Financial
 14.8
           Controller at the end of the fiscal year?


                                                                                                24
        XYZ Co., Dubai                              [Internal Control Questionnaires]

15      Deposits to Company Treasury


 No.     Description                                                               Ref.   Y/N   N/A


          Are collections transmitted from site/branch offices to head office
 15.1
          through secure means within a reasonable time?

 15.2     Is the money transmitted verified at both ends of the transmission?

          Is the money collected deposited intact and promptly (at least weekly)
 15.3
          into the Company Treasury?
 15.4     Are deposit records reconciled to cash receipt records?


16      Cash Funds


 No.     Description                                                               Ref.   Y/N   N/A


          Are cash funds established only pursuant to Code, Board resolution
 16.1
          or Auditor or Financial Controller’s authorization?
          Does the department Finance Officer maintain an inventory of all
 16.2
          cash funds, showing location, amount and custodian?

          Are procedures for use of cash funds clearly established and do they
          include:
              Clear definition of authorized uses?
 16.3         Prior approval of expenditures?
              Restrictions on amount and type of purchase?
              Requirement for receipt?
              Cancellation of receipt upon reimbursements?

 16.4     Is an authorized chart of accounts used to code disbursements?

 16.5     Are replenishment requests based on actual expenditures?

 16.6     Are cash funds periodically counted and verified by supervisors?


 16.7     Is the level of usage monitored to detect and close inactive funds?

          Is only Chief Accountant authorized to transact business on the
 16.8
          company’s bank accounts?


                                                                                                25
         XYZ Co., Dubai                              [Internal Control Questionnaires]

17       Investments


  No.     Description                                                              Ref.   Y/N   N/A



          Whether the Rules and Regulations governing the Company Permit for
 17.1
          investments by the company?

 17.2     Are there any restrictions or limitations for any of such investments?

          Do flowcharts exist that document investment processing and identify
 17.3
          control procedures?

          Are there written policies and procedures that document the flow of
 17.4
          investment processing and identify control procedures?

          Are there policies and procedures established to ensure investment
 17.5     certificates are received or appropriately reflected in the custodial
          accounts?

          Are investment purchases recorded in the general ledger on the date
 17.6
          traded?

          Does the documentation easily accessible to all persons needing it to
 17.7
          perform their job?

          Are policies and procedures established to ensure the acquisition and
 17.8
          disposal of investments are properly recorded?


          Are the policies and procedures established to ensure the investment
 17.9
          income received is recorded properly?


 17.10    Does investment income earned get recorded on a timely basis?


 17.11    Are investment earnings credited to the proper fund?

          Is the acquisition and disposal of investments authorized by a person
 17.12
          with approval authority?

          Are investment guidelines formally established and periodically
 17.13
          reviewed?




                                                                                                26
        XYZ Co., Dubai                             [Internal Control Questionnaires]


        Have authority and responsibility been established for investment
17.14
        opportunity evaluation and purchase?

        Has the level and nature of approval required to purchase or sell an
17.15
        investment been established?



        Are the following duties generally performed by different people:
            Cash flow management, investment transactions,
             safeguarding the investments, responsibility forthem and recording
                            them?
            Record-keeping functions for securities and income separate from
             those having access to physical securities, those authorizing
             security transactions, and those having duties in the cash area?
17.16       Initiating, evaluating, and approving transactions segregated from
             those for detail accounting, general ledger?
            Monitoring investment market values and performance from those
             for investment acquisition?
            Maintaining detail accounting records segregated from those for
             general ledger entries?
            Custodial responsibilities for securities or for other documents
             evidencing ownership or other rights assigned to an official who
             has no accounting duties?



        Does a governing body or statute restrict investments by type and/or
17.17   amount?     Can officials override these restrictions with proper
        authorization?

        Are investment     certificates   and   interest    coupons   sufficiently
17.18
        safeguarded?

        Are securities released from the vault only upon authorization of a
17.19
        person responsible for cash flow and for investment transactions?


        Is it necessary for more than one person to authorize the release of a
17.20   security from safekeeping, or to have access to the safe deposit box or
        vault?

17.21   Are individuals with access to securities bonded?

17.22 Are securities transported by armored truck?

        Are all securities held or registered in the name of the companyor the
17.23
        Treasurer if applicable?



                                                                                       27
        XYZ Co., Dubai                            [Internal Control Questionnaires]



        Are detail records maintained that include the following information, if
        applicable, on each evidence of ownership:

17.24       Date of acquisition, identification and purchase amount or cost?
            Physical location of item, i.e., safe deposit box, etc.?
            Interest dividend, or income rates and accrual or receipt dates?
            Ownership by fund?


        Do procedures exist for reconciling the detail accounting records with
17.25
        the General Ledger control?

        Do specific procedures exist for tracking maturing investments and
17.26
        interest payments?

        Is the investment program integrated with the cash management
17.27
        program and expenditure requirements?

        Is cash in excess of operating needs invested in accordance with laws
17.28
        and regulations?

        For invested funds, is an approved investment policy followed to
17.29
        ensure a prudent and average return on capital?

        Are investment results monitored for compliance with laws and
17.30
        policies?

17.31   Are investment managed by expert personnel?

    Monitoring

         Is the classification of investments in the General Ledger periodically
17.32    reviewed?       Are these classifications properly documented by
         management?

         Does a responsible official determine that the income earned is
17.33
         credited to the proper fund?

         Is the performance of the investment portfolio periodically evaluated
17.34    by persons independent of investment portfolio management
         activities?

         Are appropriate personnel authorized to release securities from
17.35
         safekeeping authorized by the governing body?




                                                                                      28
         XYZ Co., Dubai                              [Internal Control Questionnaires]



           Are securities or legal documents or agreements evidencing
           ownership or other rights kept in a vault with limited access, or
 17.36
           preferable, protected in a safe deposit box, on deposit with a corporate
           trustee, or broker?


           Does the management periodically count securities and reconciled
 17.37
           them to the records?


           Are periodic surprise counts of evidence of ownership made and
 17.38
           reconciled to detail records and other controls?


           Are securities periodically inspected or confirmed from safe-keeping
 17.39
           agents?


           Are periodic comparisons made between income received and the
 17.40
           terms of the security or publicly available investment information?



18       Revenue Enhancement, Market Trends & Updates


 No.      Description                                                                 Ref.   Y/N   N/A



 18.1      Is staff encouraged to find ways to enhance existing revenues?


           Is there a procedure to continuously identify new revenue sources,
 18.2
           including new projects, programs and contracting out excess capacity?


           Are new revenue sources evaluated to identify all associated burdens
 18.3
           including match and earmarking requirements?


           Are new revenue sources applied for or explored only upon executive
 18.4
           management or Board approval?




                                                                                                   29
         XYZ Co., Dubai                               [Internal Control Questionnaires]

19      Cost Recovery: Allocation & Apportionment


 No.    Description                                                                Ref.   Y/N   N/A



         Are the costs of services provided or goods supplied computed or
 19.1
         estimated?

         Are the types and extent of costs that are recoverable from external
 19.2
         sources determined?

         Are all allowable costs including indirect costs included in the
 19.3
         computation?

         Are billing rates and service fees reviewed periodically to ensure that
 19.4
         costs are recovered to the fullest extent allowable?

         With the full recovery of costs, is there any excess charge for margin
         of profit in case of:
 19.5            Services provided?
                 Materials supplied?
                 Tender & other quotes?


20      Billing to Customers


 No.     Description                                                               Ref.   Y/N   N/A




          Are the following duties segregated among at least two people:
                  Approve billings?
 20.1             Prepare billings?
                  Posting revenue & receivable records?
                  Accepting payments?
                  Reconciling billings & receivable records?


          Does the company have a Works Billing Manual defining the
 20.2     procedures to be undertaken for Billing Works done under varied
          category of Construction works?



                                                                                                30
        XYZ Co., Dubai                              [Internal Control Questionnaires]



20.3     Are the billings done as per the Contractual Terms with the Client?



20.4     Are all the claimable costs identified and billed timely?


         Is there a procedure to ensure that all completed work orders are
20.5
         billed?

         Are the items claimed in the bills verified by the Senior official
20.6
         situated in the Head Office?

         Are cost claims prepared and submitted in accordance with
20.7
         reimbursement requirements?

         Are internal billings done timely to allow for timely billings to
20.8
         external parties?



         Do billings include all relevant detail:
             Details of the Project?
             Relevant Payment Application number?
             Billing date?
             Valuation Period?
20.9         Name & address of Client, Consultant & Owner?
             Revised break-up of Contract Value?
             Project commencement date?
             Original & revised completion date of Project?
             Value & Percentage of Performance Bond?
             Value & Percentage of Advance Payment Bond?
             Retention Percentage?



20.10    Are billings checked for accuracy before mailing?



20.11    Are billings promptly recorded in the ledgers for follow up purposes?




                                                                                        31
         XYZ Co., Dubai                              [Internal Control Questionnaires]

21       Accounts Receivables


 No.      Description                                                              Ref.   Y/N   N/A



           Is there a formal organizational chart defining responsibilities of
           preparing bills, follow-up for certification, receipt of payment
 21.1      certificates, recording the payment certificates, collecting the
           accounts receivable on due date of payment certificates and follow up
           of accounts not paid?


 21.2      Is follow-up done for converting Billings into certified receivables?

           Are the items of Certified Works & Claims compared with the
 21.3
           corresponding items of Billed Works & Claims?

           Does the analysis statement is produced before the Management to
 21.4
           acknowledge for major variances?


 21.5      Are the clarifications sought from the Client for any such variances?


 21.6      Is follow-up done for converting certified receivables into cash?


           Does the company have written credit and collection policies that
           meet the requirements of contractual terms, the Accounts Receivable
 21.7
           program and other policies and procedures established by the
           management and the legal advisor?

           Have procedures been documented to collect monies due within the
 21.8
           contractual payment terms?

           Have procedures been adopted to notify the legal advisor’s office and
 21.9      follow through the collection after reasonable period of delay in
           payment?

           Are remittance advices and billings retained to support entries to
 21.10
           accounts receivable records?

           Do procedures exist to prevent the interception or alteration by
 21.11     unauthorized persons of billings or statements after preparation but
           before they are mailed?


                                                                                                32
        XYZ Co., Dubai                           [Internal Control Questionnaires]


         Does the company have established policies and procedures
21.12
         concerning refunds of overpayments, issuance of billing adjustments?

         Are subsidiary accounts receivable and notes receivable records
21.13
         maintained?
         Are subsidiary accounts reconciled at least monthly with the General
21.14
         Ledger control account?

         Are individual receivable records posted only from authorized
21.15
         documents?

         Are data bases and where appropriate usage records accurately
21.16
         maintained to ensure that amounts due are billed correctly?


21.17    Are statements of account balances mailed at least once a month?


    Writing-off Receivable Balances

         Has an allowance account been established for doubtful accounts to
21.18    reflect the amount of the company’s receivables that the management
         estimates will be uncollectible?

         Does there any Accounting Policy for writing-off accounts receivable
21.19
         after certain period of its overdue position?

         Does any such write-offs are brought to the notice of the
21.20
         Management and Board for their prior approval?

         Are accounts written-off the Company’s financial accounting records
21.21
         when all collection procedures have been exhausted without success?


21.22    Are reasons for writing-off an account adequately documented?


         After write-off, does the company continue to follow up for recovery
21.23
         of written-off dues?

    Collection of Receivables

         Is the accounting department notified directly and in a timely manner
21.24
         of billings, certifications and collection?




                                                                                     33
        XYZ Co., Dubai                            [Internal Control Questionnaires]



         Are the following duties generally performed by different people:
            Billing, collecting, and cash application of accounts receivable
             funds?
            Maintaining detail accounts receivable records, collecting, and
             General Ledger posting?
21.25       Writing-off or adjusting to accounts receivable and the
             maintenance of accounts receivable records?
            Investigating disputes with billing & certified amounts and the
             maintenance of accounts receivable records?
            Reconciling, investigating reconciling items and posting detail
             accounts receivable records?


         Are all collections on accounts receivable posted to individual
21.26
         receivable accounts?

         Is access to the accounts receivable accounting system limited only to
21.27
         authorized individuals?

    Monitoring

         Are corrections and adjustments to cash receipts documented and
21.28
         approved by a senior official?

         Are all non-cash credits, such as credit memos, allowances, and bad
21.29
         debts properly authorized?

         Is an aging schedule prepared monthly and is it reviewed by a
21.30
         responsible manager?

21.31    Are delinquent accounts followed up?

         Are all legal remedies followed to collect write-offs or uncollectible
21.32
         accounts with the legal advisor?
         Are accounts periodically reviewed for propriety of transactions and
21.33    balances by a person independent of cash and accounts receivable
         accounting?
         Are remittances promptly applied against outstanding billings
21.34
         /receivables?

         Is there a procedure to follow up on overdue accounts and refer them
21.35    to the Office of Revenue and Reimbursement or other collection
         company as appropriate?

21.36    Are follow up and collection activities properly documented?


                                                                                      34
          XYZ Co., Dubai                             [Internal Control Questionnaires]


           Are detailed receivable ledgers periodically reconciled to General
 21.37
           Ledger?

           Are aged receivable listings prepared periodically to identify old
 21.38
           unpaid accounts?

           Are receivables and collection activities reported to the Auditor/
 21.39
           Financial Controller in the prescribed format?

           Are uncollectible accounts identified and submitted to the Board of
 21.40
           Directors annually for discharge of accountability?


22       Inventory: Goods, Materials & Stores


 No.      Description                                                                Ref.   Y/N   N/A


           Is there a formal organizational chart defining the responsibilities of
 22.1      ordering, accepting, approving, processing and recording of the
           inventory?

           Are the policies established to ensure that inventories are not
 22.2
           stockpiled or to prevent over-ordering?

           Are the policies established to ensure that obsolete and inactiveitems
 22.3
           in inventory are sent to Scrap Inventory Department?


 22.4      Is there any Central Stores Room for centralized receipt of goods?


           Are the inventories properly maintained in the Store Room to identify
 22.5
           them with the associated Project/Contract/Subcontract?


           Are steps documented to ensure that goods received are accurately
 22.6      counted and examined to see that they meet quality standardsand
           specifications?

           Is the Inventory Module properly in place to take care of proper
           accounting of following aspects:

 22.7         Receipt of Materials?
              Issue/ Consumption of Materials?
              Transfer of Materials?
              Stock of Materials?


                                                                                                  35
        XYZ Co., Dubai                             [Internal Control Questionnaires]


         Does the company maintain perpetual inventory records and are all
22.8
         inventory items put on the perpetual inventory system?

         Are the written instructions given and explained to all personnel
22.9
         involved in the physical count of the inventory?

         Is there a proper cut-off of receipts and issues from inventory at year
22.10
         end?

         Is the accounting department notified (by issuing a receiving report)
22.11
         immediately upon the receipt of goods?

         Are entries to perpetual inventory records made timely upon the
22.12
         receipt of goods?

         Are receiving reports or vendor invoices used to record purchases to
22.13
         the perpetual inventory records?

         When issuing inventory, is the proper Cost Centre charged in the
22.14
         General Ledger?

         Is each Project/Contract site equipped with a duly trained and
22.15
         responsible store keeper to discharge his duties as such?



         Are the following duties generally performed by different people:
             Receiving and issuing inventory and the operational duties?
             Receiving and issuing of inventory and taking the physical
22.16         inventory?
             Receiving and issuing of inventory and the approving of
              expenditures, recording transactions in the general ledger, and
              reconciliation of subsidiary records to control accounts?




22.17    Is a definite responsibility designated for each inventory type?


         Are work orders or requisitions required to be approved by
22.18
         appropriately designated officials as a basis of issuing inventories?

         Are adjustments to inventory records approved by a properly
22.19
         designated official?

22.20    Is there adequate physical security surrounding inventories?



                                                                                       36
        XYZ Co., Dubai                             [Internal Control Questionnaires]


22.21    Is access to inventory locations limited by physical controls?

22.22    Is there enough insurance for significant inventories obtained?

22.23    Are all employees responsible for inventories adequately bonded?

         Does the person receiving the goods sign the requisition as evidence
22.24
         of receipt?

22.25    Are the approved and completed requisitions kept on file?


         Are physical inventories:
             supervised by someone independent of the custodial or record
              keeping functions?
             made by or tested by employees independent of the department
              being inventoried?
22.26        recorded on permanent inventory count sheets?
             re-recorded on count sheets signed and dated by the person
              supervising the count?
             planned to provide provisions for cut-off of receipts and issues?
             reflected in the perpetual records based on the actual inventory
              quantities?


         Are pre-numbered tags/codes used during the physical inventories
22.27
         count?

         Is access to the perpetual inventory records limited to authorized
22.28
         individuals?

    Monitoring

22.29    Is a physical inventory taken at least annually?

         Are perpetual inventory balances reconciled against the General
22.30
         Ledger control accounts at least annually?


22.31    Does management periodically check inventory reports/ records?


         Are deviations of reports followed up by management in a timely
22.32
         manner?

         Does management assess inventory policies and procedures
22.33
         periodically?

                                                                                       37
        XYZ Co., Dubai                               [Internal Control Questionnaires]

23      Operating Fixed Assets


 No.     Description                                                                 Ref.   Y/N   N/A


      General
          Is there a formal organizational chart defining the responsibilities of
 23.1     purchasing, receiving, recording, approving and performing the fixed
          assets?

          Are there formal written procedures for performing a physical
 23.2
          inventory of fixedassets?

          Is a capitalization policy established which is consistent with
 23.3     Purchase and Contract requirements and UAE Government rules and
          regulations?

          If thereis any missing asset noted, is the Missing Asset Formfilled
 23.4
          immediately?

          Are assets believed to be stolen or vandalized reported to the Police
 23.5
          Department according to UAE law?

          Are construction records adequate to accumulate costs associated
 23.6     with constructed fixed assets including force (in-house) labor and
          materials obtained from inventory?



          Is the individual responsible for fixed assets notified when assets are:
              Received?
              Location changes are made?
              Transferred to other construction sites?
 23.7         Sold?
              Stolen, vandalized or missing?
              Re-assigned to a different organizational entity or to another
               group company?
              Scrapped?



          Are gains or losses properly recognized from disposals of fixed assets
 23.8
          in proprietary fund types?

          Are the fixed asset subsidiary accounts balanced to the fixed asset
 23.9
          control accounts on monthly basis?


                                                                                                  38
        XYZ Co., Dubai                            [Internal Control Questionnaires]



23.10    Are property records reconciled periodically to property accounts?


         Are beginning balances, additions, disposals and ending balances
23.11
         properly reflected in the notes to the Financial Statements?




         Are the following duties generally performed by different people:
            Custodian of the fixed assets and taking the annual inventory?
            Reconciliation of the Fixed Asset System with the control
             accounts and making entries in the Fixed Asset System?
23.12       Custodian of the fixed assets and tagging?
            Custodian of the fixed assets and investigating the missing fixed
             assets?
            Custodian of the fixed assets, making entries in the Fixed Asset
             System and making entries in the General Ledger?




         Are all disposals of property approved by a designated person with
23.13
         proper authority?

         If other than AED 5,000 capitalization threshold, has the Company
23.14    management chosen and documented the threshold level in the
         Internal Policy/Procedure Manual?

23.15    Are all assets tagged/coded?

         Is someone assigned custodial responsibility by location for all
23.16
         assets?

         Is access to the perpetual fixed asset records limited to authorized
23.17
         individuals?

    Acquisitions/Additions/Procurements

23.18    Are all purchases pre-approved in the budget?

         Are all fixed asset purchases and receipts approved by a designated
23.19
         person with proper authority?

         Are acquisitions that require a significant investment of time and
23.20
         resources included in the approved capital improvement plan?


                                                                                      39
        XYZ Co., Dubai                             [Internal Control Questionnaires]




         Are all fixed asset additions properly valued:
             Is the total purchase price, less discount and any expenditure
              required to place asset in its intended state of operation the
              amount capitalized?

             Does the recorded asset cost of land purchases include: purchase
              price, legal and title fees, surveying fees, appraisal and
              negotiation fees, damage payments, and site preparation costs?
23.21
             Does the recorded asset cost of building include: purchase price,
              contract price or job order costs plus any other expenditure
              necessary to put a building or structure into its intended state of
              operation, including professional fees, damage claims, cost of
              fixtures, insurance premiums, interest, and related costs incurred
              during the period of construction?

             Are maintenance costs expensed rather than capitalized?




         Are specifications adequately described in the purchase order or
23.22
         contract to ensure high quality and correct product?

         Are specifications written by experts who are knowledgeable of the
23.23
         company needs?

23.24    For larger items, is competitive bidding used?


         Are purchases and leases made in conformance to the company’s
23.25
         Purchasing Agent guidelines and applicable laws and regulations?


23.26    Are the items properly inspected before acceptance?

23.27    Is acceptance properly documented?

         Is there a procedure to check that title is properly vested in the
23.28
         company?

23.29    Is payment of the bill made only after acceptance and transfer of title?


23.30    Are fixed assets tagged/coded when procured?


                                                                                       40
        XYZ Co., Dubai                             [Internal Control Questionnaires]


    Use


         Are the following duties segregated between at least two individuals:
             Authorizing purchase, transfer or disposal of assets?
23.31        Using the assets?
             Posting asset records?
             Adjusting and reconciling records to physical inventory?


         Are the proper usage of the assets explained clearly to employees and
23.32
         users?

         Is access to valuable or sensitive asset items restricted to authorized
23.33
         users only?

         Are authorized users provided with proper training on the correct use
23.34
         of the assets?

    Protection

         Are procedures in place to safeguard valuable and sensitive assets
23.35
         against theft or damage?

         Is there adequate insurance coverage of the very high valued fixed
23.36
         asset items?

23.37    Are items owned by the company specifically identified?

         Is responsibility for the safe custody and maintenance of assets
23.38
         assigned to specific individuals?
         Is a regular maintenance schedule followed to maintain the
23.39
         functionality and value of assets?


23.40    Is warranty information safeguarded for new property items?


    Accounting

         Are detailed records of assets maintained showing identification
23.41    number, classification/grouping, description, location and original
         cost?

         Is the physical existence of the assets annually verified and reconciled
23.42
         to asset records?


                                                                                       41
         XYZ Co., Dubai                              [Internal Control Questionnaires]


           Are new asset items promptly reported to the Purchasing Department
 23.43
           and the Internal Auditors’ Office?

           Are procedures in place to document loss, transfer and retirement of
 23.44
           assets?

           Are the Fixed Asset System and appropriate accounts reconciled
 23.45
           monthly?

           Are there procedures in place for writing-off fully depreciated fixed
 23.46
           assets?

      Monitoring

           Are the Physical Inventory Worksheets approved by the Chief
 23.47     Financial Officer/ Financial Controller before the fixed asset officer
           makes changes to the Fixed Asset System?

 23.48     Is such insurance coverage independently reviewed periodically?

           Has the Internal Policy/Procedure Manual been kept up to date with
 23.49
           any changes in the company, or company philosophy?

 23.50     Is a physical inventory taken at least annually?

           Is a physical inventory of capitalized assets and inventoried items taken
 23.51     each time there is a change at a management or supervisory level that
           has responsibility for the assets?


 23.52     Are missing items investigated and reasons for them documented?



24       Purchasing & Payables


 No.      Description                                                                  Ref.   Y/N   N/A


      Requisition
           Are materials/ services requisition forms used for any of the
 24.1
           requirement from the Site?

 24.2      Is the need properly assessed, reviewed and approved by a supervisor?

 24.3      Does such requisitions addressed to the Central Stores Room?


                                                                                                    42
        XYZ Co., Dubai                             [Internal Control Questionnaires]


         Is there a procedure to explore all options to satisfy the needs,
24.4     including options within current resource constraints, before a
         purchase is authorized?

         Are items to be purchased specified in sufficient detail in the
24.5
         requisition to minimize risk of erroneous purchases?

24.6     Are the detailed specifications verified by the requestor?

         Does the requisition form refer to the availability of approved
24.7
         budgeted expenditure towards the purchase requirement?

    Authorization

         Is the requisition authorized by a person designated by the department
24.8     head on the Authorization Form on file with the Auditor and Financial
         Controller?

         Is the authorizing official certifies the amount available in the Project
24.9
         Budget towards the purchase requirement?

24.10    Is the authorization properly documented?

24.11    Are approval limits on department heads and CAO observed?

         Is there a procedure to verify that there is sufficient balance
24.12
         inappropriations to cover this purchase?

    Methods of Purchase

         Are purchasing guidelines in the Company Policy and Procedures’
24.13
         Manual followed?


         Are the following contractual proceduresobserved with respect to
         each of the purchase requirement:
             Are copies of all supplier enquiries forwarded to the Central
              Purchase Department?
             Is the list of suppliers to whom the enquiries are forwarded is
              made available to CPD?
24.14        Are quotes received fromany additional suppliers as
              recommended by CPD?
             Is comprehensive quotation comparison statement prepared and
              forwarded to CPD for its comments?
             Are the comments from CPD observed before purchase is
              affected?

             Are the signed and approved (by CPD) quotation comparison

                                                                                       43
        XYZ Co., Dubai                             [Internal Control Questionnaires]

             statements brought to the notice of Internal Auditor for
             acknowledgement of adherence to the agreed purchase procedure?




24.15    Are purchase orders used only for goods and not for services?

         Is a contract used for purchases of complex items such as computer
24.16    systems or large equipment, which need special delivery or expert
         installation?


24.17    Is the use of confirming requisitions limited to emergency situations?

24.18    Is competitive bidding used to the extent practicable?

    Receiving

         Are goods and services inspected upon delivery for conformance with
24.19
         purchase order?

24.20    Are incomplete deliveries promptly followed up?

24.21    Are non-conforming goods promptly returned to vendors?


24.22    Are vendors promptly notified in writing of non-conforming services?


24.23    Are goods and services received documented in writing?

    Payables

24.24    Are only original invoices accepted for processing?

24.25    Are vendor invoices processed promptly upon receipt?

         Are invoices matched with receiving reports or other evidence of
24.26    receipt?

24.27    Are invoices checked for accuracy?

         Is the Exception Form used to request approval by the Auditor and
24.28    Financial Controller for all exceptions to the company policies and
         procedures?

24.29    Are paid invoices immediately canceled?


                                                                                       44
          XYZ Co., Dubai                            [Internal Control Questionnaires]

25       Payroll


 No.      Description                                                               Ref.   Y/N   N/A


      Time Entry

 25.1      Are employees required to maintain attendance records?

 25.2      Is the Time Sheet (HRMS) Module is properly in use?

           Do attendance records contain sufficient detail on work assignment
 25.3
           for labor cost distribution purposes?

 25.4      Are attendance records in compliance with Labor Code requirements?


           Are attendance records approved by supervisors before submission to
 25.5
           payroll department with direct knowledge of actual time worked?


 25.6      Are approved attendance records used to prepare payroll time entry?

           Are Time Cards or Sheets signed and submitted by employees at the
 25.7
           end of (or the last day of work) the period?

           Is all overtime and compensation time recorded on the company’s
 25.8
           Payroll System?
           Are the overtime payments take care of UAE Labor Law provisions
 25.9
           with respect to 1.25 times & 1.5 times of the normal wage payment?

 25.10     Are the employees paid for Vacation or Sick Time in advance?


 25.11     Are accumulated leave records reviewed at year-end?

      Payroll Distribution
           Is staff preparing payroll precluded from access to payroll checks and
 25.12
           statements?

           Are payroll checks and statements distributed by supervisors or
 25.13
           managers who know the employees?

           Is there a procedure to safeguard payroll checks and statements before
 25.14
           it is delivered to the correct recipients?




                                                                                                 45
        XYZ Co., Dubai                              [Internal Control Questionnaires]



         Is there a procedure to ensure that the payroll checks or statements are
25.15
         delivered timely to the correct employees in their absence?


         Are payroll distribution procedures in compliance with Labor Code
25.16
         requirements?


         While approving payroll, does anybody review the Payroll Voucher
25.17
         Verification Report at the end of each payroll period?


    Payroll Records

         Are payroll and employee records safeguarded in compliance with
25.18
         Labor Code requirements?

25.19    Are payroll records retained for at least three years?

         Are changes in employee information promptly transmitted to HR
25.20
         Department and the Internal Auditor’s Office?

         If employees perform services outside the normal scope of their
25.21
         employment, are they paid in accordance with the Company Policy?


         Are all or most of the following payroll duties performed by the same
         person?
25.22        Preparing and entering the data
             Approving payroll information
             Distribution of checks and vouchers

25.23    Is payroll prepared for staff and laborers separately?




                                                                                        46
    XYZ Co., Dubai                 [Internal Control Questionnaires]




               Section II: Summary of Results
Responding Person:
Name: ____________________________________________________________
Designation: _______________________________________________________


                        Summary Results
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________


I certify that the foregoing responses are accurate to the best of my
knowledge, understanding and comprehension taken from the company
management.


Completed by: ______________________________ Date: __________________


Reviewed by: _______________________________ Date: __________________




                                                                       47
XYZ Co., Dubai        [Internal Control Questionnaires]




                 Section III

    Human Resources Planning,
      Control& Management

           [Covered in Table 26]




                                                          48
        XYZ Co., Dubai                               [Internal Control Questionnaires]

26      Human Resources: Planning, Control& Management


 No.     Description                                                               Ref.   Y/N   N/A


      Recruitment
         Are skills and abilities required for positions clearly defined by the
 26.1
         managers responsible for those positions?
 26.2    Are the Professional Certifications/Degrees based on actual skills and
         abilities required for the job?

         Does the description of job responsibilities for the position match the
 26.3
         responsibilities stipulated for the classification?

         Is the compensation package designed to attract and retain qualified
 26.4
         candidates?


         Where the proposed compensation package exceeds AED 350,000/-, is
 26.5    the prior approval of the Board obtained and kept on record? (this
         clause depend company to company, so shall be changed accordingly.)

         Are job openings advertised widely to attract the highly qualified
 26.6
         applicants?
         Is the selection process designed to hire the best candidates for the
 26.7
         positions?

 26.8    Is the recruitment based on the pre-approved Organization Chart?


      Compensation

 26.9    Are surveys made periodically to benchmark compensation?


26.10    Are adjustments made to bring compensation closer to benchmark?

         Are employee salaries based on the salary ordinance adopted annually
26.11
         by the Board of Directors?

         Are benefits awarded to employees in accordance with UAE Labor
26.12
         Code?

         Do the proper managers authorize changes in classification
26.13
         orcompensation?


                                                                                                49
        XYZ Co., Dubai                            [Internal Control Questionnaires]


        Are reasons for changes in compensation or classification properly
26.14
        documented in the files?

        Are the changes in compensation/classification properly approved by
26.15
        HR analysts?

    Job Responsibilities

26.16   Is each employee assigned specific job responsibilities in writing?

        Is any employee assigned with duties to contribute to the betterment of
26.17
        the parent company or the sister companies?

        Does the fixing of Global Duties to any such employee have hindered
26.18
        the effective working of the company?

26.19   Are significant changes in assignment documented in writing?


26.20   Are key job responsibilities approved by the department head?

        Do statements of job responsibilities indicate clearly show employees
26.21
        are expected to contribute to the Company goals?

        Do all managerial staff exhibit high ethical values, personal and
26.22   professional integrity and compliance with the company policies and
        procedures?

    Training

        Are resources and tools required by employees to carry out
26.23
        theirresponsibilities identified?

        Is the training required by employees to maintain their skills
26.24
        identified?

        Are funds budgeted to acquire the required resources, tools and
26.25
        training?

        Are personnel cross-trained or have it developed other plans for the
26.26
        replacement or back-up of key personnel?

26.27   Is the staff regularly informed on how to report fraud or misconduct?

        Have the personnel, who initiate, approve, or review financial
26.28   transactions, received appropriate training on the various financial
        systems?

                                                                                      50
        XYZ Co., Dubai                           [Internal Control Questionnaires]


        Are the personnel in operations are familiar with the company’s
26.29   policies and procedures based on most update knowledge of rules and
        regulations?

    Employee Performance

26.30   Are performance standards or expectations clearly established?

        Is performance     assessed    periodically   against   the   standards
26.31
        anddocumented?

26.32   Are positive results reinforced through recognition or awards?


26.33   Is action taken to improve performance that is below standard?

    Communication
        Are the company goals and departmental goals spelled out clearly for
26.34
        all employees to see?

        Are important instructions such as project/contract assignments given
26.35
        out in writing?

        Do instructions include the following details, at minimum:

26.36       Names of responsible persons,
            Date of completion and
            Expected results?

26.37   Do employees get feedback on the results achieved?

        Is there a way through which employees can freely express their
26.38
        concerns and suggestions to their managers?

        Are the managers required to follow up and respond to their
26.39
        employees’ concerns and suggestions?




                                                                                     51
    XYZ Co., Dubai                 [Internal Control Questionnaires]




              Section III: Summary of Results
Responding Person:
Name: ____________________________________________________________
Designation: _______________________________________________________


                        Results Summary
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________


I certify that the foregoing responses are accurate to the best of my
knowledge, understanding and comprehension taken from the company
management.


Completed by: ______________________________ Date: __________________


Reviewed by: _______________________________ Date: __________________




                                                                       52
XYZ Co., Dubai       [Internal Control Questionnaires]




                 Section IV

  Financial Planning, Accounting
            &Reporting


           [Covered in Table 27]




                                                         53
        XYZ Co., Dubai                             [Internal Control Questionnaires]

27      Financial Planning, Accounting &Reporting


 No.    Description                                                                Ref.   Y/N   N/A


      Design of System

         Is there annual review of the design of accounting and internal control
 27.1    system for up-dating it according to the changing needs of the
         company and computer technology?

         Is there a formal schedule with target dates for completing tasks
 27.2    associated with closing the General Ledger and preparing Financial
         Statement worksheets?

         Is there a formal plan of organization under which responsibilities for
 27.3    closing the General Ledger and Financial Statement worksheets are
         clearly defined?

         Are policies and procedures established concerning year-end cut-off of
 27.4
         accounting transactions?

         Does the company maintain documentation of written procedures
 27.5
         covering the recording of transactions?

         Does this documentation contain a chart of accounts explaining what
 27.6    items are charged to each line account? Do relevant employees have
         access to this information?

         Does the company maintain and follow procedures for record filing,
 27.7
         retention, and disposition?

      Book-Keeping & Financial Accounting

 27.8    Are all financial transactions promptly entered into SOFTWARE?

 27.9    Are the source documents maintained to provide an audit trail?

         If Subsidiary Ledgers are maintained, are they reconciled to
27.10
         SOFTWARE on monthly basis?

         Is there record retention policy that satisfies statutory and audit
27.11
         requirements?

27.12    Have the accounting records been audited in the past five years?

         Have adequate training been provided to accounting and finance staffs
27.13
         on SOFTWARE?

                                                                                                54
        XYZ Co., Dubai                              [Internal Control Questionnaires]


        Are journal entries approved, including a review of supporting
27.14
        documentation?

    Financial Reporting

        Is it required that trial balances, adjustments and supporting work
        papers be maintained to support the process of closing the General
27.15
        Ledger and preparing Financial Statements and Financial Statement
        worksheets?

        Are financial reports prepared only from General Ledger data or
27.16
        accounting data that reconcile with General Ledger?

        Are worksheets and schedules attached to journal entry accounting
27.17
        code sheets and are they secured in a safe location?

        Is a schedule followed to ensure timely preparation and filing of
27.18
        statutory reports?

27.19   Is the usefulness of internal financial reports periodically evaluated?

27.20   Are financial reports submitted timely to requestors or users?
        Are Financial Statements (or Financial Statement worksheets)
27.21
        reviewed by the CFO for accuracy and consistency?

    Disclosure of Unusual Transactions

        Is the certification required from operating contracts and projects that
27.22   information submitted for the preparation of the Financial Statements
        is correct and up to date?


        Is informative disclosure required in the Financial Statements and the
        accompanying notes as requiring the accumulation of information
        concerning:
            Commitments?
27.23       Contingencies?
            Related party transactions?
            Accounting principles?
            Fund classifications?
            Subsequent events?
            Otheraccounting disclosures?


        Are transactions subsequent to the balance sheet date reviewed for
27.24
        proper classification?


                                                                                        55
        XYZ Co., Dubai                             [Internal Control Questionnaires]


    Reconciliation of Accounts & Balances
27.25   Are investments reconciled to control accounts at year-end?

27.26   Are intra-company transfers reconciled at year-end?

        Are intra-company inter-fund receivables and payables reconciled at
27.27
        year-end?

        Are amounts designated for subsequent years' expenditure reconciled
27.28
        to budget authorizations?

        Are the beginning fund balances or retained earnings reconciled to
27.29
        amounts reported in prior years?

        Are reconciliations of Subsidiary Ledgers to control accounts
27.30
        performed and reviewed by a responsible person?

        Are inter-company transfers of goods/equipments/materials/services
27.31
        (all kind of resources) reconciled before the closing of the year?

        Are Financial Statements (or Financial Statement worksheets)
27.32   reconciled to the General Ledger before being transmitted to the
        Financial Controller/CFO?

        Are bank reconciliation statements prepared on monthly basis and
27.33
        accounts are adjusted accordingly?

27.34   Are bank reconciliations reviewed at each month end?

27.35   Is the bank reconciliation statements’ file maintained separately?

    Segregation of Duties

        Are the following duties generally performed by different people:
            Preparing and reviewing the Financial Statements?
            Preparing and reviewing journal entries?
27.36       Accumulation of accounting information (inventories, estimates,
             etc.) and custody of related assets?
            Preparing and reviewing worksheets and schedules supporting the
             accounting information?
            Performing and reviewing reconciliations?

    Review of Accounting Estimates
27.37   Do only authorized persons review departmental budgets?
        Are investments earning calculations and accruals reviewed at year-
27.38
        end?

                                                                                       56
        XYZ Co., Dubai                            [Internal Control Questionnaires]


27.39   Are revenue accounts reviewed to identify possible deferred revenue?


27.40   Are fixed asset inventory worksheets reviewed at year-end?

        Are accrual transactions reviewed to determine that expenditure or
27.41
        revenue recognition was proper?

        Are retained earnings or fund               balances      reviewed   for
27.42
        restrictions/reservations at year-end?

27.43   Are fund types reviewed to verify fund classifications?

        Does the management review accounting estimates at
27.44   leastannually (depreciation, allowance for Doubtful
        Accounts, etc.)?

    Monitoring

        Has the management identified accounts, such as those requiring
        complex calculations or accounting estimates, which are especially at
27.45
        risk of misstatement and developed policies and procedures to address
        those risks timely?

        Does the management consider the financial reporting impact of
27.46
        changes in computer programs?

        Has the management instituted a process to identify and address
27.47
        changes in accounting and reporting procurements?

        Are only authorized persons allowed to alter or interpret
        an existing accounting principle or establish a new
27.48
        accounting principle? Have proposed changes been
        brought to the attention of the management?
        Does the management spot-check transactions, records,
27.49
        and reconciliation to ensure expectations are met?
        Are policies and procedure developed for changes in
27.50
        new systems or new way of doing duties?
        Is information (i.e. findings, recommendations, etc.)
27.51   provided by external auditors considered and acted upon
        in a timely manner?
        Are internal controls subject to a formal and continuous
27.52
        internal assessment process being instituted?
        Does the management periodically evaluate the accuracy
27.53   and timeliness of its information and communicate it to
        appropriate personnel?


                                                                                      57
        XYZ Co., Dubai                        [Internal Control Questionnaires]


    Application of IFRSs/IASs

        Is a knowledgeable individual assigned the responsibility
27.54   to supervise the conversion from budget (cash) basis to
        GAAP basis of accounting?

        Have the qualified individuals reviewed recently
27.55   promulgated accounting standards for proper
        implementation? This would include IFRSs/IASs.

        Are Financial Statements prepared in conformity with
27.56
        theapplicable IFRSs/IASs?




                                                                                  58
    XYZ Co., Dubai                 [Internal Control Questionnaires]




              Section IV: Summary of Results
Responding Person:
Name: ____________________________________________________________
Designation: _______________________________________________________


                        Results Summary
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________


I certify that the foregoing responses are accurate to the best of my
knowledge, understanding and comprehension taken from the company
management.


Completed by: ______________________________ Date: __________________


Reviewed by: _______________________________ Date: __________________




                                                                       59
 XYZ Co., Dubai       [Internal Control Questionnaires]




                  Section V


Management of Contracted Services


            [Covered in Table 28]




                                                          60
          XYZ Co., Dubai                             [Internal Control Questionnaires]

28       Services (include both to and by the XYZ Co.)


 No.      Description                                                                  Ref.   Y/N   N/A


      Need Assessment

 28.1      Are the needs clearly defined prior to the contracting decision?


 28.2      Are all reasonable options explored before the contracting decision?


           Is the description of contracted services in the contract draft reviewed
 28.3
           by the contract administrators or the end-users before final approval?


           Are on-going contracts periodically reviewed and modified to reflect
 28.4
           changes in needs?

      Ability Assessment

           Is the ability to provide the services contracted determined prior to the
 28.5
           decision to contract?

           Is the net benefit to the company determined prior to entering into the
 28.6
           contract?

           Is the ability to provide the services reviewed periodically prior to
 28.7
           renewing the contract?

      Compliance with the Company Statutes & UAE Labor Code

           Are contract drafts reviewed for compliance with statutes, regulations
 28.8
           and Board policies before finalizing?

           Are terms of contracts reviewed annually for modifications
 28.9
           necessitated by changes in laws, regulations or Board policies?

      Contract Execution

           Are the company responsibilities, as stipulated in the contracts,
 28.10
           assigned to specific personnel?

           Are the company responsibilities monitored by the management
 28.11
           regularly?


                                                                                                    61
        XYZ Co., Dubai                           [Internal Control Questionnaires]


        Are the counter-party’s responsibilities monitored by the company
28.12
        personnel?

        Is the counter-party notified timely of non-compliance with contractual
28.13
        terms?

        Are instances of contract non-compliance followed up to ensure proper
28.14
        resolution?




                                                                                     62
    XYZ Co., Dubai                 [Internal Control Questionnaires]




               Section V: Summary of Results
Responding Person:
Name: ____________________________________________________________
Designation: _______________________________________________________


                        Results Summary
1: ________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________
__________________________________________________________________________


I certify that the foregoing responses are accurate to the best of my
knowledge, understanding and comprehension taken from the company
management.


Completed by: ______________________________ Date: __________________


Reviewed by: _______________________________ Date: __________________




                                                                       63
XYZ Co., Dubai       [Internal Control Questionnaires]




                 Section VI


Management Information System


         [Covered in Table 29]




                                                         64
        XYZ Co., Dubai                               [Internal Control Questionnaires]

29      Information System: Management & Controls


 No.    Description                                                                  Ref.   Y/N   N/A


      Delegation of Responsibilities

        Is there a formal and approved organizational chart which identifies the
        individuals responsible for the:
29.1
            Computer Systems?
            Computer Security?


        Are there responsibilities of persons written in respect to the following:
            Data Collection?
            Data Transmittal?
29.2        Data Conversion?
            Data Editing?
            Error Correction & Control?
            Processing & Output Control?
            Data& Report Distribution?


        Are responsibilities segregated to assure that no one individual has the
29.3
        ability to input data, process data, and review output data?

      Security

 29.4   Is the Network Security Policy implemented?

 29.5   Are policies specific to work units developed to protect equipment?

 29.6   Is physical access to equipment limited to authorized personnel?

        Are instructions and training provided to new equipment users on
 29.7
        regular basis?

 29.8   Is equipment breakdown promptly reported and acted on?

 29.9   Is equipment subject to regular maintenance schedule?

29.10   Are obsolete items identified and upgraded timely?

        Are purchases of equipment coordinated and planned to ensure long-
29.11
        term compatibility?

                                                                                                  65
        XYZ Co., Dubai                               [Internal Control Questionnaires]


     Protection of Information

        Is a person designated as security administrator to ensure the security of
29.12
        information?


29.13   Is access to data and program files restricted to authorized personnel?


        Are procedures established for the retention and back up of critical
29.14
        computer files?

        Have all personnel handling sensitive information been trained in
29.15
        accordance with Security Policy requirements?


        Does the information system require that users use strong password of
29.16   at least 7 characters (having a combination of alpha, numeric&
        functionkeys) in length and change their password on regular basis?


        Does the IT Department have a written password policy and password
29.17   training materials that are shared with system users on at least an
        annual basis?

        Do accounts exist in the information system environment that are
29.18
        shared by more than one user or do not require a password?

        Does the information system have means of automatically identifying
29.19
        and responding to unauthorized attempts to gain access?

        Are the security scans periodically run on information system and
29.20
        results analyzed?

     Usefulness of Information

29.21   Is the information provided by information systems reliable and timely?

        Is the usefulness of output from information systems periodically
29.22
        evaluated?

        Are users periodically surveyed as to the usefulness of the information
29.23
        that they receive?

29.24   Are users kept informed of new capabilities of the systems?



                                                                                         66
        XYZ Co., Dubai                              [Internal Control Questionnaires]


     Miscellaneous Issues

        Does software (ERP) undergo routine operating system and software
29.25
        maintenance?

        Does software (ERP) have a means of recording system activity for
29.26
        historical analysis?

        Does the company have a written and implementable disaster recovery
29.27
        or business continuity/resumption plan?

        Are some copies of system backups stored in an off-site location (ie in
29.28
        a separate building from the Company Office)?

        Are the processes and policies surrounding the administration of
29.29
        software (ERP) documented?

        Is the hardware infrastructure underlying software (ERP) protected
29.30
        from unauthorized physical access?

        Are the environmental variables of the location where the
        companyhardware infrastructure resides properly controlled(eg
29.31
        temperature, humidity, uninterruptible/backup/clean electrical power
        supply)?

        Does the system administrator have adequate and applicable experience
29.32
        and training on the technology used in the software?

        Is the technology direction of the IT Department regularly reviewed
29.33
        and evaluated both internally and externally?

        Have you read and counseled the employees on the company’s IT
29.34
        Policy, Computers Users Privileges and Responsibilities?

        Have you considered how someone could be improperly conducting
29.35
        day-to-day operations in the company?

        Are there adequate controls over the process of identifying, correcting,
29.36
        and reprocessing data rejected by the computer system?

        Is there a control in place to verify that the computer generated voucher
29.37
        number matches the number printed on the check?

        Is there a control in place to verify that the computer generated check
29.38
        number matches the number printed on the check?




                                                                                        67
    XYZ Co., Dubai                 [Internal Control Questionnaires]




            Section VI: Summary of Results

Responding Person:
Name: ____________________________________________________________
Designation: _______________________________________________________


                        Results Summary
1: _______________________________________________________________________
__________________________________________________________________________
2: ________________________________________________________________________
__________________________________________________________________________
3: ________________________________________________________________________
__________________________________________________________________________
4: ________________________________________________________________________
__________________________________________________________________________
5: ________________________________________________________________________
__________________________________________________________________________
6: ________________________________________________________________________


I certify that the foregoing responses are accurate to the best of my
knowledge, understanding and comprehension taken from the company
management.


Completed by: ______________________________ Date: __________________


Reviewed by: _______________________________ Date: __________________




                                                                       68
XYZ Co., Dubai   [Internal Control Questionnaires]




 The End.



                                                     69

								
To top