Surviving Sarbanes-Oxley
Online Sidebar: Questions CIOs Need To Answer
 |
|
|
|
|
1. How are off-balance-sheet transactions and commitments tracked and reported?
2. Are payments to the external auditing firm monitored through the transactional flags on purchase orders, check requests, or other means within the system?
3. Are rolling forecasts deployed throughout the business (business unit, product line, functional levels)?
4. How many tools are used in the forecasting process? The budgeting process?
5. Do the reporting systems trace back to the general ledgers?
6. Is cash flow from operations and generally accepted accounting principles (GAAP) automatically calculated?
7. Are key measures (drivers of financial results) delivered to operational managers' desktops daily, weekly, monthly?
8. Are tax-reporting systems integrated with the company's consolidation system?
9. Are consolidation and reporting activities performed on spreadsheets?
10. Do transactional reporting systems have agent-based alerts?
11. How are manual entries identified and approved?
12. How much time is spent compiling data and financial statements versus analyzing the data?
13. How many top-level adjustments are made in the consolidation process?
14. Are reporting activities performed on spreadsheets?
15. How often is control documentation updated for new changes to the internal controls (transactional and financial statements)?
16. Are controls in place to ensure that any off-balance-sheet items are properly approved?
17. Do reporting systems flag reserves and other estimated accounts?
18. Have the systems been updated to identify new responsibilities under the Sarbanes-Oxley Act?
19. Are earnings forecasts tied to predictive models?
20. Do you forecast your business on cash-flow drivers?
21. Are variances between the forecast and actual results reviewed and causes identified?
22. How long does it take to develop forecasts? Budgets?
23. Is there a significant difference between financial statements depending on timing, function, or system?
24. Are standard charts of accounts used across the company?
25. How long does it take to get the results of operations?
26. What procedures are in place to detect and prevent fraud?
27. Have you identified high-risk areas where fraud may occur and developed controls to prevent it?
28. Are the following categories of nonfinancial drivers measured: leadership, communication, brand equity, reputation, networks/alliances, technology, human capital, culture, innovation, intellectual capital, or adaptability?
29. Do sales systems flag quarter-end sales volumes over selected limits?
30. How long does it take to develop ad hoc reports?
31. Do you model the sensitivity of your off-balance-sheet commitments (swap agreements, foreign-exchange risk, purchase commitments, etc.)? How often?
32. Are you able to determine your profitability using "what if" scenarios?
33. Have financial models been created for all high-risk operations, programs, etc.?
34. How long does it take to create the management package?
35. Does each operating unit have a financial model for the key drivers of its business?
36. Are documents backed up periodically to ensure that important reports and information are maintained?
37. Does the company have a retention policy for electronic information?
38. Are internal-control reviews incorporated into all new system implementations (financial and nonfinancial)?
39. How often do you back up your data?
40. What controls are in place for record retention to avoid tampering with the data?
41. What best describes your IT capabilities related to financial-transaction processing in your company?
42. How many changes have there been to financial-statement controls (including the authorization of transactions, safeguarding assets, maintaining records, and the reconciliation process) in the past year?
43. How many different systems are involved in the financial-statement development process?
44. Are IRS and other data-retention requirements being met?
45. Are GAAP-audited financial statements the starting point for your tax returns?
46. Are alerts in place to inform key resources of specific transactions taking place in the company?
47. Does the company review its transactions for unusual entries?
48. What controls are in place to detect wire or mail fraud?
|
