Internal Control Self-Assessment Questionnaire
The purpose of this questionnaire is to help departments self-assess their internal control environment and risks. Internal controls are extremely important, ensuring that resource use is consistent with laws, regulations, and policies; that resources are safeguarded against waste, loss, and misuse; and that reliable data is obtained, maintained, and fairly disclosed in reports. Departments should use this questionnaire as a guide to managing important controls within their units. Please note, while this questionnaire covers several areas, it does not include all possible areas of risk within a department.
This questionnaire is divided into different control processes; some may not be applicable to all departments. A "no" response indicates a potential weakness in the specific internal control referred to in that question. Action should be taken to resolve any weaknesses. If your department has any questions or concerns about internal controls please contact Internal Audit at x22341 or firstname.lastname@example.org
Are there written rules, guidelines, policies, and/or procedures for all transactions and critical activities in this department?
Does the department have copies of all current university policies and procedures manuals?
Do personnel have the knowledge and skills required for their jobs?
Are month end financial reports in Banner reviewed and verified for accuracy on a monthly basis?
Are month end financial reports reconciled to departmental supporting documents on a monthly basis?
Is a member of management reviewing and approving the reconciliation in a timely manner?
Does your department maintain a key and/or door access control log? This log should list all keys or access codes owned/issued by the department, to whom they are issued, locks each key will open, and key numbers.
Does your department have an operating plan that states goals to be accomplished and a timeline for completion of tasks?
Are department goals and tasks prioritized according to importance?
Has management established operating or work standards that can be used to measure (benchmark) department performance?
Cash and Collections
Does the department have any written procedures for cash handling and related controls?
Is a receipt immediately prepared upon collection of funds?
Are checks restrictively endorsed with "For Deposit Only Kent State University" immediately upon receipt?
Are all checks made payable to Kent State University or KSU Foundation?
Do two different individuals verify all deposits prior to making the deposit?
Does someone prepare the deposit other than the person collecting and recording receipts?
Are collections held in a secure manner until deposited (i.e. in a locked location)?
Are safe combinations restricted to a minimum number of employees?
Are safe combinations changed after termination of an employee who previously had access?
Are collections deposited intact (i.e. no expenditures made from collections)?
Are deposits made in a timely manner (i.e. generally the same or next business day)?
Is there segregation of duties among opening mail, processing cash, and account reconciliation?
Cash Register Operations
Are there written procedures for the operation of the cash register?
Does the cashier count the change fund before putting it in the drawer?
Are register readings taken when a cashier's shift ends, when a relief cashier takes over, or other various times throughout the day?
Does someone other than the cashier approve voids?
Does an independent person reconcile cash register closing reports to actual receipts collected?
Is the check suspension list, issued by the Bursar's Office, referred to upon accepting checks?
Is one cashier working from the drawer at any given time, or is there a way to distinguish between cashiers (i.e. ID's)?
Is a record of over/shortages by the cashier maintained?
Is there a ceiling on overages/shortages before corrective action is taken?
Are the individuals who handle money trained in procedures to be followed in the event of a robbery or fire?
Are petty cash funds locked in a secure area?
Is access to petty cash funds limited to the appropriate personnel?
Does someone other than the fund custodian periodically count the fund?
Are petty cash funds used only for appropriate purposes that are supported by receipts?
Does the department have written procedures regarding the initiation, approval, and review of expenditures?
Are purchasing cardholders and other authorized users aware of the policies related to purchasing card purchases and familiar with the purchasing card manual?
Are the duties for authorizing purchases, receiving goods, approval of invoice, and reconciliation separated between two or more employees?
Are there procedures in place to prevent or detect duplicate payments to vendors, or payment for goods not received?
Are vendor invoices checked for accuracy and agreed to purchase orders, contract terms, receiving reports, etc. to ensure proper payment?
Does the department maintain sufficient documentation to support expenditures?
Are invoices submitted to Procurement-Payments for payment in a timely manner?
Are employees aware of the policies and procedures for reimbursement of university business related travel expenses?
Are vendor contracts and agreements signed only by persons authorized to do so as dictated by university policy?
Equipment and Inventoried Assets
Is capitalized equipment (over $2,500 per item) verified at least every two years and are changes in equipment noted and given to Inventory Control to update?
Is Inventory Control notified of capitalized equipment that is scrapped, stolen, sold, traded in, loaned out, or transferred?
Does the department keep a separate internal record of equipment valued under the capitalization amount of $2,500?
Is the departmental record continuously updated to reflect new purchases and dispositions?
Is equipment kept in secured areas?
Conflict of Interest
Are all staff members aware of the Conflict of Interest policy as stated in University Policy #3342-6-23 and how it impacts business and other contractual transactions?
Is the department's computer equipment secured to prevent theft?
Is access to the computer system limited to authorized individuals?
Are passwords used?
Are there up-to-date written procedures that provide guidance on computer security, data integrity, and controls over information?
Are computer data backup and recovery procedures in place and being used?
Are backed up files stored in a secure location?
Are all copies of software used by the department appropriately licensed?
Are virus protection programs used?
In case of an emergency, does a contingency plan exist that would guide the department on how to continue operations?
Are user ID's promptly deleted upon termination of an employee?