To assist managers in assessing the quality and effectiveness of their internal controls, many organizations have adopted a process called Control Self-Assessment or CSA. The CSA questionnaire that follows provides a tool to assist in assessing the risks and the quality of internal controls within your unit. The questions can be answered by a simple "yes" or "no" response. A "no" response to any question may indicate a weakness that merits management attention, i.e., an "action plan."
Note: Before completing the questionnaire, please refer to the definition of internal control: Internal Control Definition
1. Do you have reasonable assurance that the University's principles of integrity and ethical values are shared and practiced by all employees in your College or Department?
2. Are employees familiar with University Policies 4-26 and 4-41, "Conflict of Interest and Ethical Conduct?"
3. Are all financial transactions supported by appropriate source documents?
4. Are University monthly budget account statements reviewed in sufficient detail to provide reasonable assurance that significant errors or irregularities would be detected in a timely fashion?
5. Do the College's or Department's internal controls provide reasonable assurance that:
6. Is the performance of financial accounting activities divided among different individuals so that no one person has complete control over a financial transaction?
7. If the answer to question 6 is "no," are those transactions reviewed in sufficient detail by a non-subordinate?
8. Do supervisory personnel review the functioning of controls to ensure their adequacy and integrity?
9. Do employees have a good understanding of what they are accountable for and of the limits of their authority and responsibility?
10. Do employees receive appropriate training to effectively carry out their administrative responsibilities?
11. Do employees understand what to do if they encounter unacceptable behavior?
12. Is there timely follow-up action resulting from communications received from employees, students, parents, alumni, vendors, regulators, and other internal and external parties?
13. Is appropriate timely action taken when exceptions to policies, procedures, laws and regulations are identified?
14. Are computers being used in compliance with the University's Policy for Responsible Computing?