Northwestern State University
Control Self-Assessment Questionnaire
|
INTRODUCTION
This
Control Self-Assessment Questionnaire is a multipurpose tool to be
used by budget unit's in assessing the adequacy of internal
controls within their area. The primary purpose of this tool
is for budget units to perform a self-review in order to identify
potential areas of weaknesses, non-compliance, and/or
unsound business practices.
This
questionnaire is designed so that a "NO" response
indicates an area of potential concern. A "NO"
response suggests that the budget unit may be in non-compliance
with a particular policy or procedure, and/or may have a missing or
non-functioning control.
Budget
units are encouraged to self-assess themselves at regular
intervals, depending on the outcome of the initial
self-assessment. A budget unit with a significant number of
"NO" responses should make needed changes and/or
corrections, then perform a follow-up self-assessment within a few months.
Periodically,
Internal Audit will select budget units to perform a
self-assessment as of a particular time period. The results
of the Control Self-Assessment Questionnaire will be forwarded to
the Internal Auditor for review and random verification of the
responses.
The
Control Self-Assessment is divided into ten categories, as
follows: |
|
Item |
Question |
Yes |
No |
N/A |
| 1 |
Annually,
does the budget unit head request written approval from Business
Affairs to receive cash and cash items (checks, money orders, etc.)?
|
|
|
|
|
2 |
Are
employees responsible for cash handling and deposit preparation
required to become familiar with Section VII of the Fiscal Policy & Procedures
Manual periodically?
|
|
|
|
|
3 |
When
the budget unit receives payments (cash, checks, money orders, credit cards,
etc.) directly from individuals, is a receipt issued (system generated receipt
or official pre-numbered Departmental Cash Receipt)?
[Receipt
books, such as those purchased from office supply stores, should not be used.]
|
|
|
|
|
4 |
Are Departmental Cash Receipt forms used in sequential
order?
|
|
|
|
| 5 |
If
a Department Cash Receipt form is voided, are all copies
turned in to the Cashier's Office?
|
|
|
|
| 6 |
Are
cash and cash items, received in the mail, recorded on a
Departmental Mail Receipts List?
|
|
|
|
| 7 |
Are
checks and money orders restrictively endorsed (i.e.
stamped "For Deposit Only") upon receipt by the budget
unit?
|
|
|
|
| 8 |
Are
deposits made on a daily basis (i.e., in a timely manner) where practical, to the Cashier's
Office? |
|
|
|
| 9 |
Are
daily collections deposited intact to the Cashier's
Office?
[Purchases
should not be made from the collections. The entire amount
collected should be deposited.]
|
|
|
|
| 10 |
Are
daily collections held in a secure manner (e.g. under lock and key) until deposited in the
Cashier's Office?
|
|
|
|
| 11 |
Are
all changes and/or corrections to cash receipting documents
initialed by the preparer?
|
|
|
|
| 12 |
Are
areas where the physical handling of cash and cash items take place
reasonably secure? |
|
|
|
| 13 |
Are
remitter complaints handled by a person independent of the
cashiering function?
|
|
|
|
| 14 |
When
the budget unit receives updates to the Section VII of
the Fiscal Policy & Procedures Manual, is the information disseminated
to and discussed with individuals who have duties and
responsibilities which are
affected by the updates?
|
|
|
|
|
Item |
Question |
Yes |
No |
N/A |
|
1 |
Have
personnel been instructed to become familiar with the policy on
"Unprofessional Conduct and Sexual Harassment" as outlined
in the Staff Handbook and/or Faculty
Handbook?
|
|
|
|
|
2 |
Have
personnel been instructed to become familiar with the rules on
"Nepotism" as outlined in the Staff Handbook and/or
Faculty Handbook?
|
|
|
|
|
3 |
Have
personnel been instructed to become familiar with the rules on "Gifts and
Favors" as outlined in the Staff Handbook and/or Faculty
Handbook?
|
|
|
|
|
4 |
Have
personnel been instructed to become familiar with the
"Policy on Use of Facilities, Equipment or Property" as
outlined in the Staff Handbook and/or Faculty
Handbook?
|
|
|
|
|
5 |
Have
personnel been instructed to become familiar with the Family
Educational Rights & Privacy Act?
|
|
|
|
|
6 |
Have
personnel been instructed to become familiar with the policy
on "Prohibited Transactions and Contractual Arrangements"
as outlined in the Staff Handbook and/or Faculty
Handbook?
|
|
|
|
|
Item |
Question |
Yes |
No |
N/A |
|
1 |
Are
transactions periodically reviewed online in the Financial Records
Systems?
|
|
|
|
|
2 |
Does
the budget unit forward all original invoices received directly from
vendors to Business Affairs - Accounts Payable Section?
|
|
|
|
|
3 |
Have
employees been instructed to become familiar with state
travel regulations?
|
|
|
|
|
4 |
Have
employees been instructed to become familiar with Section VIII of the Fiscal Policy and
Procedures Manual? |
|
|
|
|
5 |
When
the budget unit receives updates to Section VIII of
the Fiscal Policy & Procedures Manual, is the information disseminated
to and discussed with individuals who have duties and
responsibilities which are
affected by the updates?
|
|
|
|
|
6 |
Are
monthly telephone statements reviewed for accuracy and personal
calls?
|
|
|
|
|
7 |
Have
employees been made aware that it is against University policy to
make personal long-distance calls?
|
|
|
|
|
Item |
Question
|
Yes
|
No
|
N/A
|
| 1 |
Does
the budget unit have a copy of NSU's Fiscal Policy and Procedures
Manual?
|
|
|
|
| 2 |
Has
the budget unit created, maintained, and made available to its
faculty/staff a departmental policy and procedures manual?
|
|
|
|
| 3 |
Does
the budget unit have an up-to-date copy of the Staff Handbook?
|
|
|
|
| 4 |
Does
the budget unit have an up-to-date copy of or Intranet access to the Faculty Handbook?
|
|
|
|
| 5 |
Does
your budget unit maintain a Key Control Log?
[The
Key Control Log should list all keys issued by the budget unit, date
of issuance, key/room number, date returned, etc. Keys should
be collected from employees when they transfer from the budget unit
or leave the University.]
|
|
|
|
| 6 |
Are
quarterly safety meetings held within your budget unit?
Is
documentation of such meetings forwarded to Environmental Health
& Safety Officer?
Forwarded
in a timely manner?
|
|
|
|
| 7 |
Are all
year-end close procedures and/or deadlines followed, as indicated by
the appropriate university personnel?
|
|
|
|
|
8 |
When
the budget unit receives updates to the Fiscal Policy &
Procedures Manual, is the information disseminated to and discussed
with individuals who have duties which are affected by the updates?
|
|
|
|
|
9 |
Is
the organizational structure within the budget unit clearly defined?
|
|
|
|
|
10 |
Are
the number of requests to approve exceptions to established policy
kept to a minimum?
Are
such approvals always documented?
|
|
|
|
|
11 |
Have
budget unit or departmental objectives been established?
|
|
|
|
|
12 |
Have
risks or obstacles to achieving those objectives been identified?
Were
external risk factors (technology changes, economic conditions,
etc.) considered?
Were
internal risk factors (employee turnover, morale, etc.)
considered?
|
|
|
|
|
13 |
Have
the specific assignments necessary to implement those objectives
been identified and communicated to the responsible employees?
|
|
|
|
|
14 |
Does
the budget unit receive relevant information regarding new and/or
proposed legislation, regulatory developments, or similar external
factors that may affect the budget unit and/or the University as a
whole?
[Audit
Alert 2002-004 has information regarding how budget units and
departments may stay abreast of relevant information.]
|
|
|
|
|
15 |
Are
student complaints taken seriously, investigated, and acted upon
when necessary?
Is
there follow-up communications with the individual making the
complaint?
Is
supervisory personnel in the budget unit aware of the nature and
volume of complaints?
|
|
|
|
|
16 |
Is
the overall effectiveness of the internal control system routinely
evaluated?
[If
you are not familiar with the internal control system, please click here.]
|
|
|
|
|
17 |
Does
the budget unit head periodically spot-check transactions, records,
and reconciliations to ensure they meet his/her expectations?
|
|
|
|
|
Item |
Question |
Yes |
No |
N/A |
|
1 |
Is
the budget unit current in conducting quarterly safety meetings?
|
|
|
|
|
2 |
Is
the budget unit current in forwarding required documentation to the
Environmental Health & Safety Officer regarding quarterly safety
meetings?
|
|
|
|
|
3 |
Have
personnel been instructed to become familiar with the policy on "Policy on
Smoking in University Buildings" as outlined in the Staff
Handbook and/or Faculty
Handbook?
|
|
|
|
|
4 |
Have
personnel been instructed to become familiar with the policy on "Medical
Emergencies" as outlined in the Staff Handbook and/or Faculty
Handbook?
|
|
|
|
|
5 |
Have
personnel been instructed to become familiar with the policy on "Fiscal
Responsibility For Student Organizations, Clubs, Groups and Other
Organizations Affiliated With the University", as outlined in
the Staff Handbook and/or Faculty
Handbook?
|
|
|
|
|
6 |
Have
personnel been instructed to become familiar with the policy on "Reporting
Accidents" as outlined in the Staff Handbook and/or Faculty
Handbook?
|
|
|
|
|
7 |
Have
personnel been instructed to become familiar with the policy on "Policy
Statement Regarding Alcohol and Drugs" as outlined in the Staff
Handbook and/or Faculty
Handbook?
|
|
|
|
|
8 |
Are
budget unit facilities free of obstructions, or other conditions,
which could constitute a danger in the event of fire or other
disaster?
|
|
|
|
|
9 |
Have
all personnel been made aware of the Environmental Officer's name and
provided contact information?
|
|
|
|
|
10 |
Does
the budget unit have a policy of conducting periodic walk-through
inspections of their workspace, to identify and correct any unsafe
or potentially hazardous conditions and work practices? [Any
unsafe or potentially hazardous conditions should be reported to the
Environmental Health & Safety Officer.] |
|
|
|
|
11 |
Some
departments carry out activities which involve bio-hazardous agents,
hazardous chemicals, or radioactive material. If applicable,
answer the following questions:
-
Have
all personnel been notified of potential hazards and trained
recently in appropriate work practices and emergency response
procedures?
-
Are
all required documentation in place and current?
-
Are
inventories of all hazardous materials within the budget unit's
facilities maintained and updated regularly?
-
Are
all potentially hazardous materials properly labeled and stored,
inclusive of compatible storage grouping, secondary containment
for flammable liquids, and radiation warning signs and labels?
-
Is
the disposal of all potentially hazardous material coordinated
through the Environmental Health & Safety Officer?
|
|
|
|
|
Item |
Question |
Yes |
No |
N/A |
|
1 |
Have
employees been made aware of, have access to, and been instructed to
become familiar with the Electronic
Data Systems Policies and Standards Manual, which is online?
|
|
|
|
|
2 |
Are
workstations (computers and servers) and peripheral devices
physically secure? |
|
|
|
|
3 |
Is
there an inventory record of workstations and peripheral devices
maintained in the department? |
|
|
|
|
4 |
Are
surge protectors/suppressors used?
|
|
|
|
|
5 |
Are
workstations and peripheral devices protected from excessive
moisture and/or heat?
|
|
|
|
|
6 |
Are
disks and other storage media stored away from extreme heat and/or
cold?
|
|
|
|
|
7 |
Are
disks and other storage media protected from dust?
|
|
|
|
|
8 |
Are
disks and other storage media protected from sunlight?
|
|
|
|
|
9 |
Are
disks and other storage media protected from magnetic devices?
|
|
|
|
|
10 |
Are
disks and other storage media write protected when not in use?
|
|
|
|
|
11 |
Have
procedures been established for the backup of data files, including
the identification of all critical data files and programs on
workstations and servers?
|
|
|
|
|
12 |
Are
employees trained in backup and recovery procedures?
|
|
|
|
|
13 |
Are
backup copies of appropriate data files actually being made on a regular basis?
|
|
|
|
|
14 |
Are
backup copies stored in a remote, secure location?
|
|
|
|
|
15 |
Has
virus protection software been installed on all workstations and
servers?
|
|
|
|
|
16 |
Is
the installed virus protection software a current or recently
released version?
|
|
|
|
|
17 |
Have
users been made aware of ways to reduce the damage causes by a
virus?
[Virus
damage can be reduced by backing up data and by not copying other's
software (including Public Domain) until it has been checked for
viruses.]
|
|
|
|
|
18 |
Are
users aware of the damages and/or effects of a computer virus?
|
|
|
|
|
19 |
Are
critical or sensitive data files protected from unauthorized access
(e.g. by the use of passwords)?
|
|
|
|
|
20 |
Are
workstations shut off or locked when left unattended?
|
|
|
|
|
21 |
Do
users log off the system when workstations are left unattended?
|
|
|
|
|
22 |
Does
each employee have his/her own username identification and password
to access mainframe applications?
|
|
|
|
|
23 |
Have
employees been instructed to not post their password near
their workstation or terminal?
|
|
|
|
|
24 |
Have
employees been instructed to keep their password confidential?
|
|
|
|
|
25 |
When
an employee transfers to another position and/or department
at the University, is his/her system access reviewed for
compatibility for the new position?
Is
compatibility reviewed in a timely manner?
[Employee
access to data and data files should be a business need only basis.]
|
|
|
|
|
26 |
When
an employee leaves the University, is his/her access to the
system terminated?
Is
access terminated in a timely manner?
|
|
|
|
|
27 |
Have
employees been instructed to dispose of
confidential output (e.g. printouts containing grades, social
security numbers, etc.) in a responsible manner (e.g. shredding)?
|
|
|
|
|
28 |
Have
employees been made aware that the copying of software is generally unlawful?
|
|
|
|
|
29 |
Are
warranty registration cards completed and returned to the vendor?
|
|
|
|
|
30 |
Are
Security Reports periodically reviewed to ensure that users of the
system have access to data limited to a business-need-only basis?
|
|
|
|
|
Item |
Question |
Yes |
No |
N/A |
|
1 |
Have
employees been instructed to become familiar with Section X of the Fiscal Policy and
Procedures Manual?
|
|
|
|
|
2 |
When
the budget unit receives updates to the Section X of
the Fiscal Policy & Procedures Manual, is the information disseminated
to and discussed with individuals who have duties and
responsibilities which are
affected by the updates?
|
|
|
|
|
3 |
Does
supervisory personnel's management philosophy and style communicate
high expectations regarding integrity and ethical values?
Are
those individuals' directives and actions consistent with such
high expectations?
|
|
|
|
|
4 |
Are
human resource policies clearly communicated to the budget unit's
personnel?
|
|
|
|
|
5 |
Is
inappropriate behavior dealt with in a consistent manner?
Is
such behavior dealt with in a timely manner?
|
|
|
|
|
6 |
Are
job descriptions accurate and up-to-date?
Are
major expectations included in the job description?
|
|
|
|
|
7 |
Is
adequate training provided to all personnel within the budget
unit?
|
|
|
|
|
8 |
Are
NSU Daily Attendance and Leave Reports (timesheets) reviewed and/or
recalculated for accuracy and agreed to supervisory records?
|
|
|
|
|
9 |
For
emergency / unplanned leave, are employees required to complete a Request for
Leave form upon their return to duty?
|
|
|
|
|
10 |
Do
employees obtain prior approval for overtime work?
|
|
|
|
|
11 |
Do
employees obtain prior approval for compensatory leave earned?
|
|
|
|
|
12 |
Have
employees been instructed to become familiar with the policy on "Seeking & Holding
Public Office" as outlined in the Staff Handbook and/or Faculty
Handbook?
|
|
|
|
|
13 |
Are
employees required to take appropriate leave when absent from work?
|
|
|
|
|
14 |
Are
"prospective" employees prohibited from beginning work, prior to
completion of required documentation, inclusive of signatory
approvals?
|
|
|
|
|
15 |
Are
employees that handle cash, cash items, and other valuable assets
bonded?
|
|
|
|
|
16 |
Have
classified employees been instructed to become familiar with the
policy on "Prohibited
Activities - Classified Employees" as outlined in Section X-23
in the Fiscal Policy & Procedures Manual?
|
|
|
|
|
17 |
If
the budget unit has related employees, have the duties and
responsibilities of the involved parties been coordinated in a manner which minimizes the
opportunity for collusion?
|
|
|
|
|
18 |
Is
the projection of time worked prohibited?
|
|
|
|
|
19 |
Are
all changes and/or corrections to payroll documents (e.g.
timesheets, leave forms, etc.) initialed?
|
|
|
|
|
20 |
Does
the budget maintain a daily log of hours worked by wages of labor
and student employees?
|
|
|
|
|
21 |
Is
access to
NSU Daily Attendance and Leave Reports (timesheets) restricted from
employees after approval by the supervisor?
|
|
|
|
|
22 |
Have
employees been instructed to complete NSU Daily Attendance and Leave Reports (timesheets)
in ink, with the single exception of darkening in the
mark-sensed circles in pencil?
|
|
|
|
|
23 |
Have
personnel been instructed to become familiar with the policy on "Employment
Outside the University Setting" as outlined in the Fiscal
Policy & Procedures Manual?
|
|
|
|
|
24 |
Have
personnel been instructed to become familiar with the policy on "Volunteer
Services Agreement" as outlined in the Fiscal
Policy & Procedures Manual?
|
|
|
|
|
| |