Audit Checlist

Audit Checklists & Continuous Auditing for
Financial Close and Sarbanes-Oxley (SOX)

Audit Procedures
December 2006
This document provides a consolidated set of audit checklists

typical of those used by internal and external auditors to evaluate
the financial close process and test compliance with SarbanesOxley (SOX).
These checklists identify all of the typical controls that comprise a
typical audit and highlight ways that you can automate many of the
tasks by using an independent controls monitoring and audit (CMA)
solution.
Table of Contents
Section 1 Financial Close Process ......................................................................................... 3
Section 2 Entity Level Controls - Control Environment ........................................................... 5
Section 3 Entity Level Controls - Information & Communication............................................. 8
Section 4 Entity Level Controls Monitoring ........................................................................ 10
Section 5 Entity Level Controls Risk Assessment ............................................................. 12
Section 6 Expenditure Process Controls .............................................................................. 12
Section 7 Fixed Assets Process Controls ............................................................................. 17
Section 8 Inventory Management Process Controls ............................................................. 19
Section 9 Payroll Process Controls ...................................................................................... 22
Section 10 Revenue Process Controls ................................................................................. 24
Section 11 Treasury Process Controls ................................................................................. 27
Section 12 SOX Checklist..................................................................................................... 30
ABOUT APPROVA .................................................................................................................. 34
Audit Checklists & Continuous Auditing for Financial Close and Sarbanes-Oxley (SOX) Audit Procedures
Section 1 Financial Close Process

The financial close process is the single largest source of internal controls weaknesses
disclosed in SEC filings.
Some of the most common challenges include revenue recognition, accruals, capitalization,
and inter-company eliminations. For this reason it is typically a major focus of most audits. The
following checklist highlights the key controls that auditors test and indicate where there are
opportunities to automate processes as part of a continuous audit process.
Checklist #1: Financial Close Process

Business
Activity
Point of Focus/ Control Objective
Financial
Close
Accounting policies exist, are kept current, and are communicated

to the appropriate personnel.
Financial
Close
Procedures are in place to ensure that all transactions are

recorded in accordance with GAAP.
Financial
Close
Close procedures, including due dates, responsibilities, disclosure

updates, and account classifications are defined, communicated,
and implemented.
Financial
Close
The standard corporate reporting format is utilized.
Financial
Close
Access to accounting and reporting applications is limited to the

appropriate individuals.
Financial
Close
Journal entry input is restricted to authorized personnel.
Financial
Close
There is a checklist of the standard closing journal entries made at

month-end, quarter-end, and year-end.
Financial
Close
Pre-numbered vouchers are used to ensure that all non-recurring

entries are processed only once in the system.
Financial
Close
Manual journal entries have adequate supporting documentation

and are approved by the appropriate level of management.
10
Financial
Close
Standardized journal entries are used for recurring journal entries.
11
Financial
Close
Journal entries are supported and authorized before being posted.
12
Financial
Close
System logic prevents journal entries for which debits do not equal
credits.
13
Financial
Close
The system will not allow journal entries to be recorded to a closed

accounting period.
14
Financial
Close
System logic will not allow duplicate journal entry numbers.
15
Financial
Close
A procedure detailing the calculation of specific accruals and

recording rules exists and is consistently applied.
Ability to
Automate
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
Description of Automation
Continuous controls monitoring

and audit of the financial close
process is an integral part of the
financial close procedure.
CMA solutions can report test
results in existing corporate
reports or as part of third party
reporting packages (e.g. Crystal
Reports).
CMA solutions provide detailed
remediation and monitoring of
user access for accounting and
reporting applications.
CMA solutions monitor
unauthorized or irregular journal
entries.
CMA solutions identify nonstandard journal entries.
CMA solutions identify duplicate
journal entries.
CMA solutions identify manual
journal entries that do not have
proper approvals.
CMA solutions identify

unauthorized journal entries.
CMA solutions identify journal
entries for which debits do not
equal credits.
CMA solutions identify journal
entries that have been recorded
after a closed accounting period.
CMA solutions identify duplicate
journal entries.
16
Financial
Close
Write-offs and reserves are clearly defined, consistently applied,

and monitored in accordance with company policy.
17
Financial
Close
All account balances are reconciled prior to closing the books,

including confirming that balances agree with related parties.
18
Financial
Close
Significant variances in reconciliations are investigated and

resolved timely.
19
Financial
Close
Fluctuation analysis of actual to budget or prior periods is

performed.
20
Financial
Close
The financial reporting package is reviewed by management before

submission to Corporate.
21
Financial
Close
Duties are appropriately segregated in the closing process.
22
Financial
Close
Access/authorization controls are in place to maintain the integrity

of the chart of accounts.
23
Financial
Close
Procedure is in place to identify any changes to master data that

have significant financial accounting and/or reporting implications
to the accounting department
24
Financial
Close
A procedure is in place to identify and communicate

transactions/events that have significant financial accounting
and/or reporting implications to the accounting department.
z
z
z
z
z
z
z
z
z
CMA solutions identify and

remediate segregation of duties
violations.
CMA solutions monitor all
changes to the chart of
accounts.
CMA solutions monitor all
changes to master data.
For the operations that CMA
solutions monitor, appropriate
alerting and reporting is
performed to communicate any
anomalies in financial close
procedures.
z = Significant opportunities to implement a controls monitoring and audit (CMA) solution

z = Some opportunity to implement a controls monitoring and audit (CMA) solution
z = Little or no opportunity to implement a controls monitoring and audit (CMA) solution
Section 2 Entity Level Controls - Control Environment

The control environment helps define the atmosphere in which people conduct their activities
and carry out their control responsibilities. It sets the tone of an organization by influencing the
control consciousness of its people. It is the foundation for all other components of internal
controls and provides discipline and structure. Control environment factors include the
integrity, ethical values, and competence of the organizations people; management's
philosophy and operating style; the way management assigns authority and responsibility; the
way management organizes and develops its people; and the attention and direction provided
by the audit committee and board of directors.
The objective of the control environment is to establish and promote a collective attitude
toward achieving effective internal control over the entity's business. The following checklist
highlights the key areas of focus, which auditors test and indicates where there are
Checklist #2: Entity Level Controls - Control Environment

COSO
Attribute

A code of conduct and other policies exist regarding acceptable
business practices, conflicts of interest, or expected standards of ethical
and moral behavior.
There is an established "tone at the top" including explicit guidance
about what is right and wrong. This tone is communicated and practiced
by executives and management throughout the organization.
Employees are aware of what to do when they encounter improper
behavior.
Management follows ethical guidelines in dealing with employees,
suppliers, customers, investors, creditors, insurers, competitors,
regulators, and auditors.
Integrity &
Ethical Values
Integrity &
Ethical Values
Integrity &
Ethical Values
Integrity &
Ethical Values
The importance of high ethics and controls is discussed with newly

hired employees through orientations or interviews.
Integrity &
Ethical Values
Management removes or reduces incentives or temptations that might

cause personnel to engage in dishonest or unethical acts.
Integrity &
Ethical Values
Management takes appropriate disciplinary action in response to

departures from approved policies and procedures or violations of the
code of conduct.
Integrity &
Ethical Values
Situations involving pressure to meet unrealistic targets do not exist or

are properly controlled - particularly for short-term results.
Integrity &
Ethical Values
Individual compensation awards are in line with the ethical values of the
company, and foster an appropriate ethical tone (e.g., bonuses are not
given to those that meet objective, but in the process circumvent
established policies, procedures, or controls).
Commitment to
Competence
Company personnel have the competence and training necessary for

their assigned duties.
10
Commitment to
Competence
Personnel are cross-trained to understand other functions and the

impact of their specific duties on other areas of the company.
11
Commitment to
Competence
Management possesses broad functional experience (i.e., management

comes from several functional areas rather than just a few, such as
production and sales).
Ability to
Automate
z
z
z
z
z
z
z
z
z
z
z
12
Commitment to
Competence
Management provides personnel with access to training programs on

relevant topics.
13
Commitment to
Competence
Formal job descriptions or other means of defining tasks that comprise

particular jobs exist and are effectively used.
14
Commitment to
Competence
Adequate staffing levels are maintained to effectively perform required

tasks.
15
16
17
18
19
Management's
Philosophy &
Operating Style
Management's
Philosophy &
Operating Style
Management's
Philosophy &
Operating Style
Management's
Philosophy &
Operating Style
Management's
Philosophy &
Operating Style
Management analyzes the risks and potential benefits of ventures.

Turnover in management or supervisory personnel is monitored and the
reasons for significant turnover are evaluated.
Senior management maintains contact with and consistently
emphasizes appropriate behavior to operating personnel.
Management exemplifies attitudes and actions reflecting a sound
control environment and commitment to ethical values.
Management adopts accounting policies that best reflect the economic
realities of the business.
20
Organizational
Structure
Executives clearly understand their responsibility and authority for

business activities and how they relate to the entity as a whole.
21
Organizational
Structure
The entity establishes appropriate lines of reporting, giving

consideration to its size and the nature of its activities.
22
Organizational
Structure
The structure of the entity facilitates the flow of information to

appropriate people in a timely manner.
23
Organizational
Structure
Incompatible duties are segregated (e.g., separation of accounting for

and access to assets).
24
25
26
27
28
29
30
Assignment of
Authority &
Responsibility
Assignment of
Authority &
Responsibility
Assignment of
Authority &
Responsibility
Assignment of
Authority &
Responsibility
Assignment of
Authority &
Responsibility
Human
Resources
Policies &
Procedures
Human
Resources
Policies &
Procedures
Employees throughout the entity are assigned authority and

responsibility related to their specific job functions.
Job descriptions contain specific references to control-related
responsibilities.
Employees are empowered, when appropriate, to correct problems or

implement improvements.
There is a structure for assigning ownership of information including

who is authorized to initiate or change transactions.
There are policies and procedures for authorization and approval of
transactions.
Management establishes and enforces standards for hiring the most
qualified individuals, with emphasis on educational background, prior
work experience, past accomplishments, and evidence of integrity and
ethical behavior.
Screening procedures, including background checks, are employed for
job applicants, particularly for employees with access to assets
susceptible to misappropriation.
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z

solutions monitor,
appropriate alerting and
reporting is performed to
communicate any anomalies
in the control environment
CMA solutions identify and
remediate segregation of
duties (SoD) violations.
CMA solutions are designed

so that the business process
owner can design,
implement and monitor
controls and perform
remediation of control
violations without having to
enlist IT resources.
CMA solutions include
remediation workflow to
remediate SOD violations.
31
32
33
34
35
Human
Resources
Policies &
Procedures
Human
Resources
Policies &
Procedures
Human
Resources
Policies &
Procedures
Human
Resources
Policies &
Procedures
Human
Resources
Policies &
Procedures
Recruiting practices include formal, in-depth employment interviews

and informative, insightful presentations on the entity's history, culture,
and operating style.
Training policies communicate prospective roles and responsibilities

and illustrate expected levels of performance and behavior.
Job performance is periodically evaluated and reviewed with each

employee.
Disciplinary actions send a message that violations of expected

behavior will not be tolerated.
An ongoing education process enables people to deal effectively with

evolving business environments.
1
Section 3 Entity Level Controls - Information & Communication

Information and communication is the component of internal controls that ensures that
pertinent information is identified, captured, and communicated in a form and timeframe that
enables people to carry out their responsibilities. Information systems produce reports
containing operational, financial, and compliance-related information that make it possible to
run and control the business. They deal with internally-generated data, as well as with
information about external events, activities, and conditions necessary to make informed
business decisions and generate reliable external reports. Effective communication must also
occur in a broader sense, throughout the organization. The tone at the top must clearly
demonstrate to all employees that control responsibilities are to be taken seriously. Individuals
must understand their own role in the internal control system, as well as how individual
activities relate to the work of others. Individuals must have a means of communicating
significant information upwards within the organization.
The objective of information and communication audits is to ensure that information relevant to
operating the business and the maintenance of internal controls and records is identified,
captured, and communicated to the appropriate individuals on a timely basis. The following
checklist highlights the key areas of focus, which auditors test and indicates where there are
Checklist #3: Entity Level Controls - Information & Communication
COSO
Attribute
Information
Availability
Management monitors relevant external information and considers

the impact on the entity.
Information
Availability
Internal information regarding financial results is generated by the

entity's financial information systems and that information is
reported regularly.
Information
Availability
Entity-wide operating results are reviewed and compared against

budgets at regular intervals.
Information
Availability
The adequacy of the information technology structure is considered

by senior management.
Information
Availability
Managers and other personnel have the required information in

sufficient detail to carry out their responsibilities and there are
mechanisms in place to ensure changing needs are met.
Reliability of IT
Systems
Management has a strategic plan for IT systems that are linked to

the entity's overall strategies.
Ability to
Automate
z
z
CMA solutions greatly reduce

the time and effort of
monitoring information system
controls that affect the
accuracy of financial
statements.
z
z
z
z
Independent CMA solutions

can easily integrate with other
governance, risk, compliance,
and security-related
applications such as Identity
Management, GRC
applications and portals.
Reliability of IT
Systems
Procedures are in place to provide assurance that relevant

information is identified, captured, processed and reported by IT
systems in an appropriate and timely fashion.
Reliability of IT
Systems
Management adequately staffs and designs the IT department to

support the entity's overall business objectives.
Reliability of IT
Systems
There are defined responsibilities for individuals responsible for

implementing, documenting, testing, and approving changes to
computer programs and systems.
10
Reliability of IT
Systems
There is a regular back-up of application programs and data files.
11
Reliability of IT
Systems
The entity has a disaster recovery plan in place that allows for the
timely recovery of information. The disaster recovery plan is tested
regularly and is updated as the business changes.
12
Reliability of IT
Systems
There is a high level of user satisfaction with the IT systems,

including reliability and timeliness of reports.
13
Communication
Employee duties and control responsibilities are timely and

effectively communicated.
14
Communication
Communication across the organization is adequate, complete and

timely to enable people to perform their responsibilities effectively.
15
Communication
There is an established channel of communication for people to

report, anonymously when appropriate, suspected improprieties and
management encourages employees to utilize such channels when
necessary.
16
Communication
Reported problems are investigated in a timely manner and

disciplinary actions are taken when necessary.
17
Communication
There are realistic mechanisms in place for employees to provide

recommendations.
z
z
CMA solutions can

continuously monitor SOD,
Financial Close, Order to
Cash, Procure to Pay, System
Configuration, Sensitive
Transactions, and custom
transactions in financial
systems to ensure compliance
is met and enforced.
CMA solutions significantly
reduce the effort of monitoring
financial system controls by
effectively utilizing existing
staff.
CMA solutions can assist in
change control by monitoring
financial application system
settings.
z
z
z
z
CMA solutions are used by a

broad scope of Fortune 1000
organizations.

solutions monitor, appropriate
alerting and reporting is
performed to communicate any
anomalies in the control
environment.
z
z
z

Section 4 Entity Level Controls Monitoring

Monitoring is a process that assesses the quality of the entity's internal control performance
over time. Effective monitoring is accomplished through ongoing monitoring activities,
separate evaluations, or a combination of the two. Ongoing monitoring occurs in the course of
operations and includes regular management and supervisory activities, and other actions
personnel take in the performance of their duties. The scope and frequency of separate
evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing
monitoring procedures. Internal control deficiencies should be reported throughout the
organization with serious matters reported to top management and the board.
The objective of monitoring is to detect and remediate control deficiencies throughout the
entire system of internal control. The following checklist highlights the key areas of focus,
which auditors test and indicates where there are opportunities to automate processes as part
of a continuous audit process.
Checklist #4: Entity Level Controls Monitoring
COSO
Attribute
Ongoing
Monitoring
Management monitors relevant external and internal

information and considers the impact on the control
structure.
Ongoing
Monitoring
Procedures are in place to monitor when controls are

overridden and to determine if the override was
appropriate.
Ongoing
Monitoring
Management takes appropriate action on exceptions to

policies and procedures.
Ongoing
Monitoring
Management responds timely to comments identified

in management letters from the external auditor.
Ongoing
Monitoring
Internal audit has the authority to review any aspect of

the entity's operations.
Ongoing
Monitoring
Controls are reviewed to ensure that they are being

applied as expected.
Ongoing
Monitoring
Internal audit is independent of the activities they audit.
Ongoing
Monitoring
Internal auditors are prohibited from having an

operating role in the activities they monitor.
Ability to
Automate
z
z
z
z
z
z
z
CMA solutions can continuously monitor
SOD, Financial Close, Order to Cash,
Procure to Pay, System Configuration,
Sensitive Transactions, and custom
transactions in financial systems to ensure
compliance is met and enforced.
CMA solutions can continuously monitor
SOD, Financial Close, Order to Cash,
Procure to Pay, System Configuration,
Sensitive Transactions, and custom
transactions in financial systems to ensure
compliance is met and enforced.
CMA solutions include remediation workflow
to remediate SOD violations. This
remediation includes applying compensating
controls for exceptions.
CMA solutions enable audit to monitor 100%

of financial system controls on a daily or
weekly basis rather than a 5% sample
performed on a quarterly basis.
For the systems that CMA solutions support,
control design, deployment and monitoring is
designed to be operated by the business
process owner (without IT intervention)
which facilitates better controls as the same
person who is responsible for the control
owns the controls.
Independent CMA solutions that are not sold
by financial applications vendors provide
independent verification of controls
effectiveness.
10
Ongoing
Monitoring
Management is required to respond in a timely manner

to the internal audit department's findings and
recommendations.
10
Reporting
Deficiencies
Internal and/or external audit comments and

management responses are provided to the audit
committee or board of directors.
11
Reporting
Deficiencies
Complaints of improper financial matters by external

parties such as suppliers or regulators are fully
investigated and documented.
12
Reporting
Deficiencies
Discrepancies that have been identified by customers

are investigated and resolved.
13
Reporting
Deficiencies
Controls that should have prevented or detected

problems are reassessed when problems occur.
14
Separate
Evaluations
Personnel with the requisite skills conduct evaluations

of appropriate portions of the internal control system.
15
Separate
Evaluations
The frequency and scope of supervision and

monitoring activities are appropriate to the size and
nature of the entity.
16
Separate
Evaluations
Supervisory personnel perform various random and

structured reviews over the functioning of control
procedures.
z
z
z
z
z
z
z
z
CMA solutions can not only identify

discrepancies in financial applications but
they can also identify the root cause of the
discrepancy to enable a faster remediation of
the issue.
CMA solutions can automate the control

testing for financial applications reducing the
need for highly skilled personnel to manually
conduct control testing.

11
Section 5 Entity Level Controls Risk Assessment

Risk assessment is the component of the entitys internal controls that involve identifying and
analyzing risks (both internal and external) relevant to achieving business objectives and
objectives related to the preparation of reliable financial statements.
The objective of the entity's risk assessment process is to establish and maintain an effective
process to identify, analyze, and manage risks relevant to achieving business objectives
and/or the preparation of reliable financial statements. The following checklist highlights the
key areas of focus, which auditors test and indicates where there are opportunities to automate
processes as part of a continuous audit process.
Checklist #5: Entity Level Controls Risk Assessment

COSO
Attribute
Entity-Wide
Objectives
Management has a business planning process in place that

examines existing objectives and establishes new objectives
when necessary.
Entity-Wide
Objectives
Management establishes business plans and budgets with

realistic goals, and incentives for achievement of plans are
balanced.
Entity-Wide
Objectives
Objectives are communicated at the appropriate levels and

are understood and adopted by the responsible parties.
Entity-Wide
Objectives
Management has established a process to periodically review

and update entity-wide strategic plans and objectives.
Activity-Level
Objectives
Activity-level objectives are linked with entity-wide objectives

and strategic plans.
Activity-Level
Objectives
Activity-level objectives are consistent with each other (e.g.,

objectives for the sales organization are consistent with the
manufacturing organization).
Risk
Identification &
Management
Management identifies risks related to each of the established

objectives.
Risk
Identification &
Management
Management has mechanisms in place to identify business

risks resulting from entering new markets or lines of business
or from offering new products and services.
Risk
Identification &
Management
Management identifies financial reporting risks that result from

operations or compliance with laws and regulations.
10
Risk
Identification &
Management
Management identifies fraud risk factors, including

management override of controls.
11
Risk
Identification &
Management
Identifying risks includes estimating the significance of the

risks identified, assessing the likelihood of the risks occurring,
and determining the need for action.
12
13
Risk
Identification &
Management
Risk
Identification &
Management
Risks are evaluated as part of the business planning process.

Senior management develops plans to mitigate significant
identified risks.
Ability to
Automate
Description of
Automation
z
z
z
z
z
z
z
z
z
z
z
z
z
12
14
Risk
Identification &
Management
The responsibilities and expectations for the entity's business

activities and the entity's philosophy about identification and
acceptance of business risk are clearly communicated to the
executives in charge of separate functions.
15
Risk
Identification &
Management
Risks are reviewed periodically with the appropriate corporate

governance functions (e.g., executive management,
disclosure committee, audit committee, and legal).
16
Manage
Change
The business planning process includes a broad spectrum of

personnel with collective knowledge of all areas of the entity.
17
Manage
Change
The business planning process includes consideration of

changes in the business environment, including the industry,
competitors, the regulatory environment, and customers.
18
Manage
Change
Changes in risks are identified in a timely manner.
19
Manage
Change
Changes are appropriately communicated to the proper level

of management (depending on the significance).
20
Manage
Change
Management has identified the resources needed to achieve

the objectives and has plans to acquire the necessary
resources.
21
Manage
Change
Budgets and forecasts are updated throughout the year to

reflect changing conditions.
z
z
z
z

13
Section 6 Expenditure Process Controls

For most large organizations the procurement process generates thousands of transactions a
day. Controllers and purchasing managers carry a serious responsibility to oversee these
transactions and ensure that only legitimate payments are made. Sarbanes-Oxley has only
increased the scrutiny with which auditors look at procurement related controls. Auditors
demand evidence of strong controls when they test an organizations expenditure process
controls. The following checklist highlights the key areas of focus, which auditors test and
indicates where there are opportunities to automate processes as part of a continuous audit
process.
Checklist #6: Expenditure Process Controls

Business
Activity
Purchasing
Purchase orders are placed only for approved requisitions.
Purchasing
Purchase orders are entered accurately.
Purchasing
All purchase orders issued are input and processed.
Purchasing
Purchasing has established and follows policies and

procedures to qualify and evaluate vendors prior to becoming
approved vendors.
Purchasing
There is an approved/preferred vendor list that is maintained

by the purchasing department.
Purchasing
A threshold has been established for obtaining competitive

bids and quotations for expenditures.
Purchasing
After-the-fact POs are identified, tracked, and followed-up on

regularly.
Purchasing
Vendor performance (price, product quality, delivery, etc.) is

monitored periodically.
Purchasing
Purchase price variances are monitored to evaluate the

effectiveness of the purchasing department.
10
Purchasing
Justification for using sole source vendors is documented and

approved by management.
11
Purchasing
There is a contingency plan for alternative sources of supply

with respect to sole source vendors.
12
Purchasing
Unused/open purchase orders are reviewed periodically and

investigated by individuals independent of the purchasing and
receiving functions.
13
Receiving
Contents of incoming shipments, as listed on the packing slip

or bill of lading, are compared to the physical product(s)
received.
14
Receiving
Approved purchase orders are required for all receipts.
Ability to
Automate
z
z
z
z
z
z
z
z
z
z
z
z
z
z
CMA solutions can monitor purchase
orders for appropriate approvals.
CMA solutions can monitor master
data and other key fields in purchase
orders.
CMA solutions can ensure that

vendor policies such as credit limits
are not violated.
CMA solutions can identify purchase

orders that are issued after goods
are received.
CMA solutions can identify open

purchase orders independent of
purchasing and receiving
departments.
CMA solutions can identify goods

received without purchase order.
14
15
Receiving
A sequentially numbered receiving report is generated for all

items received.
16
Receiving
All receipts are physically processed and recorded timely in

the relevant systems.
17
Receiving
The receiving department maintains a permanent record of

original receiving documents (packing slips, bills of lading, and
receiving reports).
18
Receiving
Written procedures exist identifying which inbound goods

require inspection before being released to production.
19
Receiving
Rejected goods are clearly marked and segregated to prevent

use.
20
Receiving
Rejected goods are promptly returned to the vendor for credit.
21
Receiving
There are procedures in place to ensure adequate cut-off of

receipts at period end.
22
23
24
25
26
27
28
Processing
Accounts
Payable
Processing
Accounts
Payable
Processing
Accounts
Payable
Processing
Accounts
Payable
Processing
Accounts
Payable
Processing
Accounts
Payable
Processing
Accounts
Payable
Amounts posted to accounts payable represent goods or

services received.
Only original invoices are processed for payment.
Prices and extensions on invoices are checked for accuracy.

Vendor discounts are taken in accordance with current cash
management guidelines.
Invoices processed for payment are marked/perforated to
prevent duplicate processing/payment.
System logic prevents duplicate invoices from being
processed.
Accounts payable amounts are accurately calculated and
recorded.
29
Processing
Accounts
Payable
All amounts for goods or services received are input and

processed to accounts payable in the appropriate period.
30
Processing
Accounts
Payable
Credit notes and other adjustments are accurately calculated

and recorded.
31
Processing
Accounts
Payable
All valid credit notes and other adjustments related to accounts

payable are input and processed in the appropriate period.
32
Processing
Accounts
Payable
Vendor invoices are matched to purchase order receiving

information prior to payment.
33
34
35
36
Processing
Accounts
Payable
Processing
Accounts
Payable
Processing
Accounts
Payable
Processing
Accounts
Payable
Disbursements are only made for goods and services

received.
Disbursements are distributed to the appropriate suppliers.
Disbursements are accurately calculated and recorded.

All disbursements are recorded in the period in which they are
issued.
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z

returned pending credit.
CMA solutions can identify anomalies

in accounts payable vs. goods
received.
CMA solutions can monitor changes
to master data and identify duplicate
payment of invoices.
CMA solutions can monitor master

data information including vendor
discounts.
CMA solutions can identify duplicate

payments.
CMA solutions can identify anomalies
in accounts payable vs. goods
received.
CMA solutions can perform 3-way

matching to ensure that payments
are not disbursed to invoices without
matching purchase orders.
CMA solutions can identify
disbursements made without goods
or services received.
CMA solutions monitor master data
so that appropriate supplier
information is correct.
CMA solutions can identify

disbursements made outside of the
period they were issued.
15
37
38
39
40
41
42
43
44
45
Processing
Accounts
Payable
Processing
Accounts
Payable
Processing
Accounts
Payable
Maintaining
Vendor
Master File
Maintaining
Vendor
Master File
Maintaining
Vendor
Master File
Maintaining
Vendor
Master File
Maintaining
Vendor
Master File
Maintaining
Vendor
Master File
Accounts payable sub-ledger is reconciled to the general

ledger at least monthly.
Debit balances in the accounts payable subsidiary ledger are
promptly investigated and, if necessary, refunds are obtained
from vendors.
All necessary accruals (received not vouchered) are computed
and recorded at period end.
Only valid changes are made to the supplier master file.

All valid changes to the supplier master file are input and
processed.
Changes to the supplier master file are accurate and are
processed in a timely manner.
Supplier master file data remains pertinent.
Access to the vendor master file is limited to appropriate
individuals.
The functions to create vendor master file, prepare an invoice
for payment, create the check run, sign and distribute checks
are segregated.
z
z
z
z
z
z
z
z
z

CMA solutions monitor access to

vendor master file.
CMA solutions monitor segregation
of duty access controls to ensure
changes to vendor master file,
prepare invoice for payment, and
distribution of checks are segregated.

16
Section 7 Fixed Assets Process Controls

For organizations in most industries the fixed assets represent one of the largest items on the
balance sheet. Auditors require that companies have well controlled processes for recording,
managing and retiring fixed assets. The following checklist highlights the key areas of focus,
Checklist #7: Fixed Assets Process Controls

Business
Activity
Acquiring Fixed
Assets
Recorded fixed asset acquisitions represent fixed

assets acquired by the organization.
Acquiring Fixed
Assets
Prior to the acquisition of any fixed asset, a capital

authorization is obtained.
Acquiring Fixed
Assets
Fixed asset acquisitions are accurately recorded in

the appropriate period.
Acquiring Fixed
Assets
All fixed asset acquisitions are recorded.
Acquiring Fixed
Assets
Capital expenditure overruns are anticipated and

properly approved.
Depreciating
Fixed Assets
Depreciation charges are valid.
Depreciating
Fixed Assets
Depreciation charges are accurately calculated and

recorded.
Depreciating
Fixed Assets
All depreciation charges are recorded in the

appropriate period.
Disposing of
Fixed Assets
Recorded fixed asset disposals represent actual

disposals.
10
Disposing of
Fixed Assets
All fixed asset disposals are recorded.
11
Disposing of
Fixed Assets
Fixed asset disposals (and related gain/loss) are

accurately calculated and recorded.
12
Disposing of
Fixed Assets
Fixed asset disposals (and related gain/loss) are

recorded in the appropriate period.
13
Managing Fixed
Assets
Records of fixed asset maintenance activity are

accurately maintained.
14
Managing Fixed
Assets
Fixed assets are adequately safeguarded.
15
Managing Fixed
Assets
Fixed asset maintenance records are updated timely.
Ability to
Automate
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
CMA solutions monitor the
proper security within the
ERP to reduce unauthorized
changes.

changes.

changes.
changes.
17
16
Managing Fixed
Assets
The Fixed asset register is reconciled to the General

Ledger on a regular basis.
17
Managing Fixed
Assets
Management performs regular reviews for impairment

of fixed assets.
18
Managing Fixed
Assets
A physical inventory of fixed assets is taken

periodically and reconciled to the fixed asset register
and general ledger.
19
20
21
22
Maintaining
Fixed Asset
Register and/or
Master File
Maintaining
Fixed Asset
Register and/or
Master File
Maintaining
Fixed Asset
Register and/or
Master File
Maintaining
Fixed Asset
Register and/or
Master File
Only valid changes are made to the fixed asset

register and/or master file.
z
z
z
z
All valid changes to the fixed asset register and/or

master file are input and processed accurately.
Changes to the fixed asset register and/or master file

are processed in a timely manner.
Access to transactions such as depreciation, purging

fixed assets, changing the fixed asset register and
master data should be reviewed on a regular basis

master data files and General
Ledger to ensure only valid
changes are made.
master data files and general
ledger to ensure only valid
changes are made.

sensitive transaction access
control to ensure that the
appropriate people have
access to such transactions.

18
Section 8 Inventory Management Process Controls

Inventory both raw materials and work-in-progress represents a significant asset for most
companies. Auditors demand evidence that inventory on the books is salable and that well
controlled processes exist for accounting for inventory as it moves through the supply chain.
The following checklist highlights the key areas of focus, which auditors test and indicates
where there are opportunities to automate processes as part of a continuous audit process.
Checklist #8: Inventory Management Process Controls

Business Activity
Managing Inventory
Inventory is salable or usable.
Managing Inventory
Inventory is adequately safeguarded.
Managing Inventory
Adjustments to inventory prices or

quantities relate to valid price changes and
physical inventory differences.
Managing Inventory
All adjustments to inventory prices or

quantities are recorded accurately.
Managing Inventory
Adjustments to inventory prices or

quantities are recorded in a timely manner
and in the appropriate period.
Receiving and
Storing Raw
Materials
Raw materials are received and accepted

only if they have valid purchase orders.
Receiving and
Storing Raw
Materials
Raw materials received are recorded

accurately.
Ability to
Automate
z
z
z
11
Requisitioning
Materials
All transfers of raw materials to production

are recorded accurately and in the
appropriate period.
z
z
z
z
z
z
z
z
12
Producing/Costing
Inventory
All recorded production costs are consistent

with actual direct and indirect expenses
associated with production.
13
Producing/Costing
Inventory
14
Producing/Costing
Inventory
All direct and indirect expenses associated

with production are recorded as production
costs.
All direct and indirect expenses associated
with production are recorded accurately and
in the appropriate period.
z
z
10
Receiving and
Storing Raw
Materials
Receiving and
Storing Raw
Materials
Receiving and
Storing Raw
Materials
All raw materials received are recorded.

Receipts of raw materials are recorded
timely and in the appropriate period.
Defective raw materials are returned timely
to suppliers.
CMA solutions monitor access to change

prices ensuring only authorized users can
change prices.
CMA solutions monitor access to change
prices or quantities ensuring only
authorized users can change prices.
CMA solutions monitor access to record

production costs ensuring only authorized
users can perform transactions.
CMA solutions can identify materials

without valid purchase orders.
CMA solutions monitor access to receive
and record materials ensuring only
authorized users can perform
transactions.
19
15
Producing/Costing
Inventory
All transfers of completed units of

production to finished goods inventory are
recorded completely and accurately in the
appropriate period.

transfers of completed units ensuring only
transactions.
16
Producing/Costing
Inventory
All defective products and scrap resulting

from the production process are valid and
appropriate period.

transactions.
17
Handling Finished
Products
Finished goods returned by customers are

appropriate period.
18
Handling Finished
Products
Finished goods received from production

are recorded completely and accurately in
19
Handling Finished
Products
Goods received from production or returned

by customers are only accepted in
accordance with the organizations policies.
20
Shipping Finished
Products
All shipments are recorded accurately.
21
Shipping Finished
Products
Shipments are recorded timely and in the

appropriate period.
22
Shipping Finished
Products
Inventory is relieved only when goods are

shipped with approved customer orders.
23
Shipping Finished
Products
Costs of shipped inventory are transferred

from inventory to cost of sales.
24
Shipping Finished
Products
Costs of shipped inventory are recorded

accurately.
z
z
z
z
z
z
z
z
25
Shipping Finished
Products
Amounts posted to cost of sales represent

those associated with shipped inventory.
26
Shipping Finished
Products
Costs of shipped inventory are transferred

from inventory to cost of sales timely and in
27
28
29
30
31
32
Maintaining
Inventory Master
File
Maintaining
Inventory Master
File
Maintaining
Inventory Master
File
Maintaining
Inventory Master
File
Maintaining
Inventory Master
File
Inventory
Accounting
Only valid changes are made to the

inventory management master file.
All valid changes to the inventory
management master file are input and
processed.
Changes to the inventory management
master file are accurate.
Changes to the inventory management

master file are processed timely.
Inventory management master file remains
pertinent.
Periodic inventory counts are performed to
confirm inventory records. Selection of
items for count is segregated from
performing the count, which is in turn
segregated from recording the count.
System count is reflected on cycle count
worksheets (e.g. Blind counts are
performed).

transactions.
CMA solutions monitor access to goods
received ensuring only authorized users
can perform transactions.
shipping ensuring only authorized users
CMA solutions can identify shipments

without valid customer orders.

z
z
z
z


inventory management master data
ensuring only authorized users can
perform transactions.
CMA solutions can monitor the master file

and identify unauthorized changes.
CMA solutions can monitor the master file
and identify unauthorized changes.
z
z
z
20
33
34
Inventory
Accounting
Inventory
Accounting
Physical counts verify quantities on hand.

Written instructions are used by physical
count personnel that provide guidance on
timing of the count, number and
composition of the count teams, areas of
responsibility, how to perform and record
the physical counts and count sheet control.
Discrepancies between physical counts and
perpetual inventory records are researched
prior to posting any adjustments to the
perpetual and/or accounting records.
Inventory count crews are supervised.
35
Inventory
Accounting
36
Inventory
Accounting
37
Inventory
Accounting
Receiving/shipping during physical counts is

controlled.
38
Inventory
Accounting
Perpetual records are reconciled to physical

counts.
39
Inventory
Accounting
Perpetual/physical is reconciled to the

general ledger.
40
Inventory
Accounting
41
Inventory
Accounting
Procedures are in place to adjust slow

moving, obsolete, or damaged items to their
expected realizable value.
Access to transactions such as inventory
received, recording defective goods,
shipping inventory and master data should
be reviewed on a regular basis
z
z
z
z
z
z
z
z
z
CMA solutions monitor segregation of

duties access controls to ensure changes
to inventory received, recording defective
goods, shipping inventory and master
data are segregated.

21
Section 9 Payroll Process Controls

Payroll is the largest monthly expenditure for most companies, yet few have effective ways to
ensure proper business controls are in place and are monitored. Discrepancies resulting from
poorly-controlled processes whether mistakes or fraud can have a serious impact on a
companys financial statements. The following checklist highlights the key areas of focus,
Checklist #9: Payroll Process Controls

Business
Activity
Hiring
Personnel
Additions to the payroll master files represent valid

employees.
Hiring
Personnel
All new employees are added to the payroll master files.
Terminating
Personnel
Terminated employees are removed in a timely manner

from the payroll master files.
Terminating
Personnel
Employees are only terminated within statutory and/or union

requirements.
Terminating
Personnel
Deletions from the payroll master files represent valid

terminations.
Recording
Time
Time and attendance data recorded reflects actual time

worked and is authorized.
Recording
Time
Time worked is accurately input and processed.
Recording
Time
Time worked is processed in a timely manner.
Calculating
Payroll
Payroll is recorded in the appropriate period.
10
Calculating
Payroll
Payroll (including compensation and withholdings) is

accurately calculated and recorded.
11
Disbursing
Payroll
Payroll disbursements and recorded payroll expenses relate

to actual time worked.
12
Disbursing
Payroll
Payroll is disbursed to appropriate employees.
13
Disbursing
Payroll
Payroll registers are reviewed and approved before payroll

is generated.
14
Maintaining
Payroll
Master
Files
Only valid changes are made to the payroll master files.
Ability to
Automate
z
z
z
z
z
z
z
z
z
z
z
z
z
z
CMA solutions monitor changes
to employee master data.
CMA solutions can check for

expired employee status.
CMA solutions can monitor

access to the master data file
and ensure only authorized
access which reduces master file
data errors.
CMA solutions can monitor out

postings made out of period.
CMA solutions can check for

expired employee status to
ensure terminated employees
are not receiving payroll.

data errors.
22
15
16
17
Maintaining
Payroll
Master
Files
Maintaining
Payroll
Master
Files
Maintaining
Payroll
Master
Files
All valid changes to the payroll master files are input and
processed.
Changes to the payroll master files are accurate.
Changes to the payroll master files are processed timely.
18
Maintaining
Payroll
Master
Files
Access to the payroll master files is appropriately limited.
19
Managing
Payroll
Accounting
Payroll related accruals/provisions reflect the existing

business circumstances and economic conditions in
accordance with the accounting policies being used.
20
Managing
Payroll
Accounting
All payroll sub-ledgers and payroll-related bank accounts

are reconciled to the general ledger at least monthly.

data errors.
z
z

23
Section 10 Revenue Process Controls

Managing sales orders, ensuring that orders are taken and delivered on time, payment is
collected quickly and revenue recognition conditions are met directly impacts the integrity of a
companys financial reports. For large companies this can involve thousands of transactions a
day. Last-minute orders, incorrect changes to master data and inappropriate returns can result
in thousands of discrepancies. Small mistakes, such as over-extended credit and incorrectly
recorded receivables can add up and cause serious concern when it comes time to close the
books. In fact, revenue recognition issues are one of the most common reasons for
deficiencies in internal controls. The following checklist highlights the key areas of focus, which
auditors test and indicates where there are opportunities to automate processes as part of a
continuous audit process.
Checklist #10: Revenue Process Controls
Business
Activity
Managing and
Processing
Orders
Managing and
Processing
Orders
Managing and
Processing
Orders
Managing and
Processing
Orders
Managing and
Processing
Orders
Managing and
Processing
Orders
Managing and
Processing
Orders
Managing and
Processing
Orders
10
11
Managing and
Processing
Orders
Managing and
Processing
Orders
Shipping
Ability to
Automate
Credit reviews are required prior to entering into

customer contracts.
In determining the appropriate credit line, the

following factors have been considered: the
customers purchasing requirements, historical
information about the company, credit ratingindications, quantitative (financial) evaluation,
and qualitative (non-financial) factors.
Credit ratings and line of credits are established

utilizing a consistent methodology.
Orders are only processed within approved
customer credit limits.
Orders are approved by management as to
prices and terms of sale.
There is a policy for handling non-standard
terms and conditions including appropriate
management approval.
Orders and cancellations of orders are input
accurately.
System logic prevents orders from being
processed for invalid customers, customers that
are on credit hold, or if the sales order puts the
customer's credit balance in excess of their
established credit limit.
Order entry data is transferred completely and
accurately to the shipping and invoicing
activities.
All, and only, valid orders received from
customers are input and processed.
The shipping function is properly segregated
from the invoicing and accounts receivable
functions.
z
z
z
z
CMA solutions can check if credit limits

for existing customers have been
exceeded.
CMA solutions can check if appropriate
approvals have been attained.
CMA solutions can monitor access

control to managing and processing
orders so that only authorized
transactions can be performed which
reduces errors.
CMA solutions can monitor orders that

may be processed for invalid customers,
on credit hold or exceeding their credit
limit.
z
z
z
CMA solutions can identify invalid

orders.
control to invoicing and accounts
receivable functions to ensure
segregation of duties.
24
12
Shipping
There are standard policies and procedures and

they are followed by personnel.
13
Shipping
Sequentially numbered shipping documents

(BOL, customs forms, ASN, etc.) are prepared
for all items shipped.
14
Shipping
The daily shipping register is reconciled against

orders shipped.
15
Shipping
Shipped orders are transferred for invoicing

promptly.
16
Shipping
Period-end procedures exist and are followed to

ensure proper cutoff of shipping activity.
17
Invoicing, Sales
Returns and
Adjustments
Invoices are generated using authorized terms

and prices.
18
19
20
21
22
Invoicing, Sales
Returns and
Adjustments
Invoicing, Sales
Returns and
Adjustments
Invoicing, Sales
Returns and
Adjustments
Invoicing, Sales
Returns and
Adjustments
Invoicing, Sales
Returns and
Adjustments
Invoices are accurately calculated and recorded.
All goods shipped are invoiced.
Invoices relate to valid shipments.
All invoices issued are recorded.
Invoices are recorded in the appropriate period.
z
z
z
z
z
z
z
z
z
z
z
23
Invoicing, Sales
Returns and
Adjustments
Credit notes and adjustments to accounts

receivable are accurately calculated and
recorded.
24
Invoicing, Sales
Returns and
Adjustments
Credit notes for all goods returned and

adjustments to accounts receivable are issued
in accordance with organization policy.
z
z
z
z
z
25
26
27
Invoicing, Sales
Returns and
Adjustments
Invoicing, Sales
Returns and
Adjustments
Invoicing, Sales
Returns and
Adjustments
All credit notes relate to a return of goods or

other valid adjustments.
All credit notes issued are recorded.
Credit notes issued are recorded in the
appropriate period.
28
Invoicing, Sales
Returns and
Adjustments
Accounts Receivable reflects the existing

business circumstances and economic
conditions in accordance with the accounting
policies being used.
29
Invoicing, Sales
Returns and
Adjustments
Sales and Accounts Receivable information is

appropriately presented, and all information that
is necessary for fair presentation and
compliance with professional standards or legal
requirements is disclosed.
30
Processing
Cash Receipts
Cash receipts are recorded in the period in

which they are received.
31
Processing
Cash Receipts
Cash receipts data are entered for processing

completely and accurately.
z
z
z
CMA solutions can identify invoices with

terms that fall outside the scope of
authorized terms and prices.

shipped with no invoice.
CMA solutions can identify invoices with
no goods shipped.
CMA solutions can identify invoices

posted out of period.
control to credit notes and adjustments
to accounts so that only authorized
transactions can be performed which
reduces errors.
CMA solutions can identify credit notes
and adjustments with terms that fall
outside the scope of authorized credit
and adjustments.
CMA solutions can identify credit notes
with no goods returned.
CMA solutions can identify exceptions to

sales and accounts receivable policies
as well as ensure proper segregation of
duties for access to sales and accounts
receivables systems.
CMA solutions can identify cash receipts
posted out of period.
control to cash receipts so that only
authorized transactions can be
performed which reduces errors.
25
32
Processing
Cash Receipts
Cash receipts data are valid and are entered for

processing only once.
33
Processing
Cash Receipts
Checks are manually logged with customer

name, date and amount when received.
34
Processing
Cash Receipts
Checks are restrictively endorsed immediately

upon receipt.
35
Processing
Cash Receipts
Checks are physically secured until deposited.
36
Processing
Cash Receipts
Cash discounts are accurately calculated and

recorded.
37
Processing
Cash Receipts
Unapplied cash receipts are reviewed and

resolved promptly.
38
39
Managing
Accounts
Receivable
Managing
Accounts
Receivable
Timely collection of accounts receivable is

monitored.
All A/R accounts and sub-ledgers are reconciled
to the general ledger at least monthly.
40
Managing
Accounts
Receivable
The A/R aging is reviewed at least monthly for

past-due accounts and unusual items and these
items are followed up on a timely basis.
41
Managing
Accounts
Receivable
Bank reconciliations are prepared and reviewed

timely.
42
Managing
Accounts
Receivable
The allowance for doubtful accounts is reviewed

and adjusted (if necessary) at least quarterly for
potential uncollectible accounts.
43
Managing
Accounts
Receivable
Write-off policies and procedures have been

established and adhered to.
44
Maintaining
Customer
Master File
45
46
47
Maintaining
Customer
Master File
Maintaining
Customer
Master File
Maintaining
Customer
Master File
Only valid changes are made to the customer

master file.
All valid changes to the customer master file are

input and processed.
Changes to the customer master file are
accurate and processed timely.
Customer master file data remains pertinent.
z
z
z
z
z
z
z
z
z
z
z
z
z
CMA solutions can identify duplicate

cash receipts.
CMA solutions monitor access and

transaction changes to the master file to
ensure only appropriate people have
access to the file and only appropriate
changes are made to the file.
z
z
z
CMA solutions monitor access and

transaction changes to the master file to
ensure only appropriate people have
access to the file and only appropriate
changes are made to the file.

26
Section 11 Treasury Process Controls

Effective controls for managing cash receipts, disbursements and loans is critical to the
integrity of a companys financial reporting. The following checklist highlights the key areas of
focus, which auditors test and indicates where there are opportunities to automate processes
as part of a continuous audit process.
Checklist #11: Treasury Process Controls
Business
Activity
Borrowing
Recorded debt represents a valid liability of the organization.
Borrowing
Borrowings are recorded accurately as to amounts and terms.
Borrowing
All borrowings are recorded in the appropriate period.
Borrowing
All interest is accurately calculated and recorded in the appropriate

period.
Borrowing
Recorded loan repayments are valid.
Borrowing
Loan repayments are accurately recorded.
Borrowing
All loan repayments are recorded in the appropriate period.
Borrowing
Loans are repaid in accordance with the terms of the loan.
Borrowing
The organization complies with loan covenants.
10
Managing
Cash and
Investments
Cash receipts are reconciled to general ledger postings daily.
11
Managing
Cash and
Investments
Recorded investments represent assets of the organization.
12
Managing
Cash and
Investments
Investment purchases, sales, and maturities are accurately recorded.
13
Managing
Cash and
Investments
All investment transactions are recorded in the appropriate period.
14
Managing
Cash and
Investments
All investment income is accurately calculated and recorded in the

appropriate period.
Ability to
Automate
Description of
Automation
z
z
z
z
z
z
z
z
z
z
z
z
z
z
27
15
Managing
Cash and
Investments
Bank reconciliations are prepared and reviewed in a timely manner.
16
Managing
Derivative
Transactions
Senior management has an understanding of the organization's

derivative activities.
17
Managing
Derivative
Transactions
Recorded derivative transactions represent assets or liabilities of the

organization.
18
Managing
Derivative
Transactions
Disclosed off-balance sheet derivative transactions represent valid

transactions.
19
Managing
Derivative
Transactions
Derivative transactions are accurately recorded.
20
Managing
Derivative
Transactions
Disclosed off-balance sheet derivative transactions are properly

presented.
21
Managing
Derivative
Transactions
All derivative transactions are recorded in the financial statements.
22
Managing
Derivative
Transactions
All off-balance sheet derivative transactions are disclosed in the

financial statements.
23
Managing
Derivative
Transactions
Derivative transactions are recorded in the appropriate period.
24
Managing
Derivative
Transactions
Off-balance sheet derivative transactions are recorded in the financial

statements in the appropriate period.
25
Managing
Derivative
Transactions
All investment income on derivative transactions is accurately

calculated and recorded in the appropriate period.
26
Managing
Derivative
Transactions
All interest expense on derivative transactions is accurately calculated

and recorded in the appropriate period.
27
Cash
Accounting
Reconciliations of all cash and investment accounts are performed

monthly.
28
Cash
Accounting
Appropriate segregation of duties is established for the input, release

and reconciliation of wire transfers and daily cash activity.
29
Cash
Accounting
All bank accounts have been authorized by Corporate treasury.
30
Cash
Accounting
Appropriate procedures are established to ensure signers on bank

accounts are properly removed from termination.
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
28
31
Cash
Accounting
Policy has been established which defines appropriate Petty Cash

amounts, usage, required approvals and replenishment procedures.
32
Cash
Accounting
Petty cash accounts are reconciled to the general ledger at least

monthly.
33
Cash
Accounting
Only miscellaneous items less than a pre-defined amount are paid

through petty cash.
34
Cash
Accounting
All payments are supported with appropriate documentation and are

reviewed for reasonableness.
35
Cash
Accounting
The cash balances in the petty cash funds are reconciled and reviewed
by an independent person monthly
z
z
z
z
z

29
Section 12 SOX Checklist

Checklist #12 - SOX Policy Evaluation Checklist
Financial Statement
Area of Significance
Financial Statement
Element
Policy
Balance Sheet
Assets
Cash & Cash Equivalents
Investments/
Foreign Exchange
Accounts Receivable
Property and Equipment
Other Assets
Cash receipts
Bank account reconciliations
Banking policy and relationships
Cash disbursements/manual checks
Check signing requirements
Outstanding checks
General cash
Petty cash
Deposits
Investment responsibility
Foreign currency translation
Fair value of financial instruments
Derivatives policy
Investments in associated companies
Functional currency
Hedging guidelines
Investment portfolio composition
General accounts receivable
Credit memos
Allowance for doubtful accounts/credit risk
Credit risk
Credit balances
Customer deposits
Records maintenance
Invoice billings
AFE's
Acquisitions and dispositions
Assets of discontinued operations
Disposals
Asset retirement obligations
Reconciliations
Physical asset security
General property and equipment
Inventory
Inventory accounting
Physical inventory procedures
Multi-client library
Goodwill and intangible assets
Other long-lived assets
Other current assets (pre-paid expenses,
inventory, spares, deferred costs, advances)
Software costs
General other assets
30
Liabilities
Accounts Payable
Other Liabilities
Debt
Stockholders' Equity
Accounts payable
Competitive bids
Request for proposal
Purchase requisitions
Purchase orders
Contracts
Purchasing procedures
Vendor selections
Vendor file maintenance
Equipment rentals
General
Accrued expenses (employee benefits, debt
restrictions, vessel operations, interest,
severance, advances)
Deferred revenue
Allowance for bad debts
Bank overdrafts
Income taxes
Accrued employee compensation
Deferred taxes
Warranties
General
Long-term debt (Approval, debt issuance cost,
accounting for current maturities)
Subsidiaries with separate debt
Operating and capital lease obligations
Short-term debt
Capital stock
Stock transactions
Income Statement
Revenues
Expenses
Revenue recognition
Revenue reporting
Cost of sales
Third party reimbursable expenses
Payroll
Operating income (expense)
Capitalization
Depreciation and amortization
Research and development
Selling, general and administrative costs
Travel and entertainment
Impairment of long-lived assets
Steaming and mobilization
Income (loss) from associated companies
Interest expense/income
Minority expense
Results of discontinued operations
Insurance
Other expenses
Fiscal adjustments
31
General
Financial Management
Human Resources
Information Technology
Other
Chart of accounts
Consolidation
Segment reporting and disclosures
Reporting packages
Business combinations
Period-end financial reporting
Month-end closing procedures
Reconciliations
Inter-company allocations
Variable interest entities
Commitments and contingencies
Related parties
Disclosures
Process change control
Unusual transactions
Budgeting and forecasts
Release of financial/ confidential information
Journal entry
Employment (hiring, promotion) policies
Employee benefits
Compensation / Payroll
Termination
Performance appraisals
Executive compensation
Incentive compensation
Employee handbook
Attendance, holidays, vacation, sick leave
Relocation payments
Internal transfers
Family & medical leave
Americans with Disabilities Act
Share-based compensation plans
Fair employment practices
Orientation and training
Employment verifications / background check
Equal opportunity
Sexual harassment / other harassment
New employee processing
Hiring of consultants / contractors
Personnel files and records
Information security
Systems change policy
Software licensing
Electronic information (e-mail) systems
Trade shows
Workplace rules, safety and health
Disaster management / business resumption
Corporate credit cards
Use of company vehicles
Magazine subscriptions
32
Corporate
Governance
General
Board of Directors
Internal Audit
Record retention, storage and disposal

Ethics hotline and policy on handling of
complaints
US Antitrust Law Compliance
Delegation of authority
Code of Conduct
Entertainment and gifts
Insider trading
Related party transactions
Conflict of interest
Foreign corrupt practices act
Personal loans to directors and executive
officers
Corporate governance guidelines
Audit committee charter
Remuneration committee charter
Internal audit charter
Pre-approval of audit and non-audit services
33
ABOUT APPROVA
Approva Corporation is the industry-leading provider of continuous controls monitoring and
audit software. We enable business, finance, IT and audit professionals to automate the ondemand testing, closed-loop remediation and continuous, exception-based monitoring of
controls within and across their business systems. Using our solutions, customers are able to
significantly increase visibility into their controls, streamline the audit process, cost-effectively
sustain their compliance initiatives and reduce exposure to mistakes, fraud and inefficiencies
for business processes such as procurement, sales and delivery, payroll and financial close.
In addition, our automated solutions act as key preventative and detective controls, further
strengthening our customers financial and operational control environments. Global
companies such as Campbell Soup Company, Colgate-Palmolive, the Commonwealth of
Pennsylvania, DirecTV, Discovery Communications, McCormick & Company, P&G, Pratt &
Whitney, Siemens and Wyndham Hotels & Resorts rely on Approva BizRights Platform and
Enterprise Controls Suite to reduce compliance risk, increase operational efficiency and flag
exceptions to their business controls.
For more information:
Website: www.approva.net
Information: info@approva.net
Sales: sales@approva.net
34

Audit Checlist

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Audit Checlist

Uploaded by

Copyright:

Available Formats

Audit Checklists & Continuous Auditing for

Financial Close and Sarbanes-Oxley (SOX)

This document provides a consolidated set of audit checklists

Section 1 Financial Close Process

Checklist #1: Financial Close Process

Point of Focus/ Control Objective

Accounting policies exist, are kept current, and are communicated

Procedures are in place to ensure that all transactions are

Close procedures, including due dates, responsibilities, disclosure

The standard corporate reporting format is utilized.

Access to accounting and reporting applications is limited to the

Journal entry input is restricted to authorized personnel.

There is a checklist of the standard closing journal entries made at

Pre-numbered vouchers are used to ensure that all non-recurring

Manual journal entries have adequate supporting documentation

Standardized journal entries are used for recurring journal entries.

Journal entries are supported and authorized before being posted.

The system will not allow journal entries to be recorded to a closed

System logic will not allow duplicate journal entry numbers.

A procedure detailing the calculation of specific accruals and

Continuous controls monitoring

CMA solutions identify

Write-offs and reserves are clearly defined, consistently applied,

All account balances are reconciled prior to closing the books,

Significant variances in reconciliations are investigated and

Fluctuation analysis of actual to budget or prior periods is

The financial reporting package is reviewed by management before

Duties are appropriately segregated in the closing process.

Access/authorization controls are in place to maintain the integrity

Procedure is in place to identify any changes to master data that

A procedure is in place to identify and communicate

CMA solutions identify and

z = Significant opportunities to implement a controls monitoring and audit (CMA) solution

Section 2 Entity Level Controls - Control Environment

Checklist #2: Entity Level Controls - Control Environment

Point of Focus/ Control Objective

The importance of high ethics and controls is discussed with newly

Management removes or reduces incentives or temptations that might

Management takes appropriate disciplinary action in response to

Situations involving pressure to meet unrealistic targets do not exist or

Company personnel have the competence and training necessary for

Personnel are cross-trained to understand other functions and the

Management possesses broad functional experience (i.e., management

Management provides personnel with access to training programs on

Formal job descriptions or other means of defining tasks that comprise

Adequate staffing levels are maintained to effectively perform required

Management analyzes the risks and potential benefits of ventures.

Executives clearly understand their responsibility and authority for

The entity establishes appropriate lines of reporting, giving

The structure of the entity facilitates the flow of information to

Incompatible duties are segregated (e.g., separation of accounting for

Employees throughout the entity are assigned authority and

Employees are empowered, when appropriate, to correct problems or

There is a structure for assigning ownership of information including

For the operations that CMA

CMA solutions are designed

Recruiting practices include formal, in-depth employment interviews

Training policies communicate prospective roles and responsibilities

Job performance is periodically evaluated and reviewed with each

Disciplinary actions send a message that violations of expected

An ongoing education process enables people to deal effectively with

Section 3 Entity Level Controls - Information & Communication

Point of Focus/ Control Objective

Management monitors relevant external information and considers