COSO PROCESS QUESTIONNAIRE - TV Worldwide
Instructions: For process area, answer each question based on your evaluation and interviews with process owners. Record process owner name and date evaluation completed. Determine a judgment for each question regarding overall effectiveness. At the end of the attribute section, determine an overall evaluation of the effectiveness of this COSO attribute.
Note: It is acceptable to have an effectiveness ranking on a particular question as non-effective – not critical and still maintain an overall effective ranking of the attribute. Non-effective – not critical would pertain to questions that may not have a significant or material impact on the overall operation of the process.
RISK ASSESSMENT EFFECTIVENESS EVALUATION: EFFECTIVE, NON-EFFECTIVE CRITICAL; NON-EFFECTIVE – NOT CRITICAL
|Question |Owner/ Date |Narrative Evaluation |Effectiveness |
| |Evaluated | | |
|Has the process owner established process | | | |
|objectives that are consistent with the overall| | | |
|objectives established by unit management? | | | |
|Do the process objectives provide clarity and | | | |
|sufficient granularity as to what the process | | | |
|is designed to achieve? | | | |
|Are the objectives consistent (and not in | | | |
|conflict) with the objectives of other | | | |
|processes? | | | |
|Has management been involved in setting the | | | |
|process objectives, particularly those that are| | | |
|critical to the success of the unit? | | | |
|Does the process owner have adequate resources | | | |
|to achieve the stated objectives? | | | |
|Does the process owner have an effective | | | |
|process to: | | | |
|Identify significant risks arising from | | | |
|external and internal sources to the | | | |
|achievement of key process objectives | | | |
|Assess the significance of the risks and | | | |
|likelihood of occurrence | | | |
|Evaluate alternative actions for reducing those| | | |
|risks to an acceptable level? | | | |
|Does the process owner continuously anticipate,| | | |
|identify and react to routine events and | | | |
|changing circumstances and conditions that | | | |
|could affect the achievement of process | | | |
|objectives? | | | |
|Are process activities dependent on the | | | |
|integrity and availability of information | | | |
|identified, captured, processed and reported? | | | |
|If so, has the process owner evaluated the | | | |
|risks related to the security, integrity and | | | |
|availability of that information? | | | |
OVERALL EVALUATION COSO RISK ASSESSMENT ATTRIBUTE
Efective Not Effective
CONTROL ENVIRONMENT
|Question |Process Owner/ Date |Narrative Evaluation |Effectiveness |
| |Evaluated | | |
|Does the process owner have an effective and | | | |
|understandable structure that: | | | |
|Effectively facilitates monitoring | | | |
|Enables the vertical and horizontal | | | |
|communication and information flows necessary | | | |
|to achieve process objectives? | | | |
|Are the process owner’s approaches for | | | |
|articulating and clarifying roles, | | | |
|responsibilities, authorities and | | | |
|accountabilities in accordance with the | | | |
|established policies of the entity or unit? | | | |
|Is there effective communication of appropriate| | | |
|policies, performance expectations and | | | |
|established accountability to each individual | | | |
|responsible for important process activities? | | | |
|Are the process owner’s policies and practices | | | |
|for recruiting and retaining competent people | | | |
|and developing competence clearly defined, in | | | |
|support of process objectives and in accordance| | | |
|with the established human resource policies of| | | |
|the entity or unit? | | | |
|Does the process owner maintain a positive | | | |
|operating style in terms of accepting risks, | | | |
|facilitating interaction among managers and | | | |
|employees, and demonstrating a supportive | | | |
|attitude toward financial reporting consistent | | | |
|with the tone set by senior management? | | | |
|Has the process owner documented and | | | |
|communicated policies and procedures regarding | | | |
|information technology managed by control | | | |
|owners and other employees in areas including | | | |
|the following: | | | |
|Control over access to sensitive and critical | | | |
|applications and data files supporting the | | | |
|process | | | |
|Authorization, documentation, testing and | | | |
|controlled implementation of new applications | | | |
|and application changes affecting the process | | | |
|Appropriate backup and recover procedures for | | | |
|all critical application program and data files| | | |
|supporting the process | | | |
OVERALL EVALUATION – COSO CONTROL ENVIRONMENT ATTRIBUTE
EFFECTIVE NOT EFFECTIVE
INFORMATION/COMMUNICATION
|Question |Process Owner/ Date |Narrative Evaluation |Effectiveness |
| |Evaluated | | |
|Is the process owner committed to the | | | |
|development of the necessary information | | | |
|systems to ensure all pertinent information is | | | |
|captured as close as possible to the source, | | | |
|accurately recorded and processed, and reported| | | |
|in a timely manner for analysis, evaluation and| | | |
|use in financial reporting? | | | |
|Is the process owner able to obtain adequate | | | |
|information from relevant external sources to | | | |
|assess the impact of environmental changes on | | | |
|the process, its performance and the | | | |
|information about that process? (E.g. Is there | | | |
|information about customer needs/wants, the | | | |
|competitive, technological and regulatory | | | |
|environments?) | | | |
|Does the process owner have access to | | | |
|information gathered by the organization on | | | |
|changing conditions and trends affecting the | | | |
|performance of the process? | | | |
|Does the process owner determine that relevant | | | |
|and timely information is provided to control | | | |
|owners and other process personnel in | | | |
|sufficient detail to enable them to effectively| | | |
|discharge their responsibilities? | | | |
|Does the process owner effectively: | | | |
|Communicate process objectives to control | | | |
|owners and other process personnel] | | | |
|Facilitate communication within the process and| | | |
|with personnel representing other entity and | | | |
|unit processes and functions | | | |
|Support a process for control owners and other | | | |
|processes personnel to communicate upward | | | |
|issues regarding process performance and | | | |
|control? | | | |
OVERALL EVALUATION – COSO INFORMATION/COMMUNICATION ATTRIBUTE
EFFECTIVE NOT EFFECTIVE
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- federal financial internal controls and procedures
- teaching auditing students about internal controls
- coso process questionnaire tv worldwide
- each of the 34 cobit control objectives or it processes
- sample risk assessment questionnaires
- case studies fraud fighting
- coso 2013 information and registration
- chapter 1 — introduction american association of
- risk analysis template hud
Related searches
- coso monitoring examples
- coso enterprise risk management pdf
- coso framework 2019 pdf
- 2017 coso erm framework pdf
- new coso framework 2017 pdf
- coso enterprise risk management 2017
- coso enterprise risk management
- coso erm framework pdf
- coso internal control framework icf
- coso erm integrated framework
- coso erm framework 2018
- coso internal control framework 2019