Form Number: 1007/_ _
Audit name: / Year: / 20_ _
Internal Audit Unit name]
- Checklist for Control Environment -
Assessment of the control environment in the organization or process to be audited /1. Integrity and ethical values / Yes / No / Comment
1.1. Does top management a positive example by demonstrating ethical behaviour?
1.2. Has management created risk- and control-aware environment?
1.3. Is there a Code of Ethics for the organisation? If not what is the equivalent?
1.4. Has the staff received realistic objectives from management?
2. Competence / Yes / No / Comment
2.1. Has a job-related skill analysis been performed? Does this analysis take into consideration the objectives of the organisation?
2.2. Does the recruitment process consider these skills to be a prerequisite to get the job?
2.3. Is staff adequately trained?
2.4. Are the staff’s actual qualifications and suitability to their jobs measured and attested?
2.5. Is management able to identify business risks?
3. Audit Committee (AC) / Yes / No / Comment
3.1. Does the audited entity have an AC?
3.2. Is the AC operational?
3.3. Does the AC have sufficient authority?
3.4. Does the AC meet frequently enough?
3.5. Does the AC get enough information in order to take decisions?
3.6. Are the members of AC independent of management?
3.7. Do the auditors have the right to interact directly with AC members?
4. Management philosophy and style / Yes / No / Comment
4.1. Does management have a philosophy of risk avoidance?
4.2. Does management stress the importance of strong control system through their daily activities?
4.3. Does management stress the importance of complying with laws and regulations?
4.4. Is senior management open to the information about risks coming from lower management levels?
4.5. Does the management style enhance the achievement of the objectives of the organisation/unit?
4.6. Does management consider it important to comply with the requirements related to reporting?
5. Organisational structure / Yes / No / Comment
5.1. Has the organisational structure been formalized?
5.2. Have the accountability and reporting lines been defined and communicated throughout the organization?
5.3. Does the organisation structure support the achievement of the organisation’s objectives?
5.4. Does the organisation structure support effective decision-making?
6. Division of rights and responsibilities / Yes / No / Comment
6.1. Are the rights and responsibilities of staff in line with the organisation structure?
6.2. Are the rights and responsibilities for staff in line with the job descriptions?
6.3. Are the position-related rights, obligations and responsibilities described in related documents (job descriptions, employment contracts, procedures)?
6.4. Are employees encouraged or mandated to assist in strengthening the internal control system?
6.5. Are there rules for delegation and authorisations?
6.6. Are the activities of different units of the organisation well coordinated?
6.7. If decision-making has been delegated to lower management levels, is this accompanied with sufficient management supervision?
7. Human capital management principles / Yes / No / Comment
7.1. Does the HR policy cover all of the following areas: planning, recruiting, retention, promotion based on merit, termination for cause, values, training, appraisal, counselling and remuneration?
7.2. Does the recruitment process ensure properly qualified candidates for the positions?
7.3. Are newly recruited staff trained in the values of the organisation and the consequences if those values are ignored?
7.4. Is the remuneration and advancement system motivating?
7.5. Is the staff turnover sufficiently low so as to enable the achievement of organisational objectives?
7.6. Is the proper execution of control functions by staff and their role in helping to increase control effectiveness evaluated at staff appraisal and counselling sessions?
7.7. Does the appraisal system take into consideration the following of ethical norms?
7.8. Does the periodic appraisal system take into consideration the contribution of the staff to risk management?
7.9. Is the staff trained on internal control systems?
7.10. Does the organisation have well-communicated and understandable sanctions for illegal or improper behaviour?
Prepared by:
tor]
date]
Approved by:
IAU]
date]
Njësia Qendrore për Harmonizimin e Auditimit të BrendshëmCentralna Jedinica za Harmonizaciju Unutrašnje Revizije
Central Internal Audit Harmonization Unit / 1