《【毕马威经典材料】内部审计指南.docx》由会员分享,可在线阅读,更多相关《【毕马威经典材料】内部审计指南.docx(17页珍藏版)》请在淘文阁 - 分享文档赚钱的网站上搜索。
1、毕马威的内部审计指南(第一局部 会计与报告)Internal Audit - Full question list(parti accounting&reporting)内部审计一问题一览表(第一局部 会计与报告)序号Question Type 可题所属业务循环QuestionCategory 问题风险等级Question 控制点M缺失风险Best Practice / Policy 皎优方法/对策KSAT Self自我评估完Current status 现行具体状1Accounting & Reporting 会计与报告high 高Is the latest version of the G
2、roup Accounting Policy Manual held and distributed to all relevant staff with appropriate training provided as necessary?是否所有相关人员都已经对公司最新的 会计政策进行了必需的培训?Inadequate central guidance may lead to errors in the accounting records, and inaccurate financial data may be provided.不充足的内部导引会导致错误的会计记 录,从而产生不准确的
3、财务数据 Group Accounting Policy Manual should be available to al 1 relevant staff and should be jeriodically updated.公司的会计政策应当定期升级和完善,并及时提供 给各有关人员。2Account i ng & Reporting 会计与报告medium 中)oes the general ledger have a lierarchical password system, allowing accounts clerks to only access those parts of t
4、he ledger for which they are responsible? 是否公司各类帐簿进行r分等级的密码 控制和适当授权,以保证各有关人员只 能进入其负资的帐簿Unauthorised entries and changes nay be made to the accounting records & integrity of data may be compromised.会计记录可能会被未经授权的人录入和 更改,数据的真实性和完整性被损坏Change access to the accounting records is 1imited to those authorise
5、d to input. 只有那些被授权的人才能进入被授权进行操作。3Account i ng & Reporting 会计与报告high 高Is written approval required by rinance Department senior management for opening and closing general lodger accounts?是否总帐科目的设立和注销都有财务部 管理人员的书面同意?Misuse of general ledger accounts to concealfrauduleent/irregular/inappropriate trans
6、actions.滥用总帐科目可能会用来隐藏欺诈/违规 /错误的交易All general ledger accounts should be used for a speci fic purpose and management approval should be required for opening and closing accounts.每一个总帐科目都明确的使用目的,所有帐簿的开 立和注销都必须有管理人员的同意4Accounting & Reporting 会计与报告medium 中Is there a Group policy on journal entries which
7、is fol lowed at al 1 times?是否有统一的会计录入原那么并一直被遵 守Processing of journal entries*ithout sufficient management review or acceptance wi11 lead to the integrity of data being compromised.会计录入程序没有足够的熨核和检查程 序,会影响数据的正确性A Group policy on journal entries should be icld and procedures in place to ensure that it
8、is followed at all times应当有明确的会计录入政策,并保证时刻被遵守38Jisasler Recovery Planning灾难恢且计划ngh高las an integrated Business IT co itinuity plan been developed, wh ich includes both the Wide Area Stwork and HQ processing enviro nment?是否建立有综合的IT持续经营规 划,包括广域网和总部经营环境?Continuity plans enable bus in css to continue ope
9、rating in the event of a disaster (howe ver defined). Minor disaster s may also result in unnecess iry costs and unacceptable do wntime being incurred. 持续经营规划可以使公司万一在 发生灾难(不管怎样界定)的时 候继续经营卜去,(没有完甦的 持续经营规划,小的灾难也可能 是公司付出不必要的损失和引起 不必要的停工损失。Recovery and resumption pl ans are based on formal im pact analy
10、sis and are regu larly tested and updated. Plans are fully integrated with business needs. Resp onsibility for recovery pl anning activities is alloc ated to specific persons w ithin the company.恢更和重建计划是以影响的分 析、规律的检测和不断的更新 为基础的,计划应当同公司的 需耍相结合。重建计划分析的 贡任应当指定给公司内部的特 定人员。39Disaster Recovery Planning灾难恢
11、复计划iigh 高)ocs a contract exist with a Bus iness Continuity Plan / Disaster Recovery prov i der and are arran gements in place to retender for this service in advance of expi ry of the contract?是否同提供商签署持续经营规划和灾 难恢第计划方面的合同,并且保证及 时在合同到期前续签?Continuity plans enable bus in ess to continue operating in the
12、 event of a disaster (howo ver defined). Minor disaster s may also result in unnecess iry costs and unacceptable do wntime being incurred. 持续经营规划可以使公司万在 发生灾难(不管怎样界定)的时 候继续经营下去。(没有完整的 持续经营规划,小的灾难也可能 是公司付出不必要的损失和引起 不必要的停工损失。A contract should bo in pl ace wi th a BCP/DR provider with adequate time left
13、 f or re-tendering when the c ontract expires.保证同提供商签署关于持续经 营规划和灾难恢更汁划方面的 合同,并保证在合同到期前有 充足的时间续签10)isaster Recovery Planni ng灾难恢匏计划iigh 高las the overall Business Continu ity Plan / Disaster Recovery pro cess been communicated to all si aff?是否公司所有的持续经营规划和灾难 恢且计划向所有的员工传达?Inability to recover business p
14、rocesses in the event of an incident.(如果没有及时向所有员工传 达)可能会导致在灾难发生时, 无法按照计划进行恢更工作Ml staff should be fully aware of their responsibi1 ities in the event of an i ncident. This should incl ude advice to staff not re quired immediately that th ey shou1d remain in regula r contact with DR co-ordin ators.所有的
15、员;都r解对自己在灾 难发生时的责任,包括建议员 工应当同灾难恢且人员的参与 人员保持联系41Disaster Recovery Planning灾难恢复计划nedium 中las all information / data not c urrently required been archived offsite?是否所有信息和数据都按要求在工作 现场以外的场所仃档保管?Inabi1ity to access key infor mation, contacts etc and ther efore inability to carry out ey processes.可能会导致无法取得
16、重要的信 息、合同等资料.因而无法开展 重要的工作Jse of offsite storage who rever possible尽可能的使用工作现场以外的 场所保管档案42)isaster Recovery Planni ng灾难恢豆汁划nedium 中Is there a process for updat ing departmental plans and the assoc iatod IT solutions?是否认期更新部门的规划,并取得相 应的IT解决方案?Out of date departmental plan s will make effective recover
17、v difficult to achieve. 过时的部门规划会严重影响恢且 工作的效率tocedures should be in pl ace to continually update plans as soon as e. g. pers onnel changes take place. 规划应当保持不断的更新,例 如在人员发生变动的时候43)isaster Recovery Planning灾难恢且计划nedium 中las the Business Continuity Plan / Disaster Recovery plan been t osted? Have outcom
18、es of such tes ts been documented and act ion pl ans created where necessary?是否对持续经营规划和灾难恢复计划 做过测试?测试的结果是否书面记 录,必要时是否做过补充行动方案?Regular testing highlights th e gaps in the continuity plan s caused by changing elements of the business over time.If these changes are not high 1ighted, the efficiency and
19、e ffectiveness of the plan is r educed until it no longer pro vides adequate protection. 定期的检测会凸现出由于公司情 况变化所引发的持续经营规划中 的缺陷。如果这些缺陷没有被发 现,规划的效率和效力就会减 少,甚至不再起到充分的保障作 用。The business continuity pl an is tested against a wcl 1 defined set of disaster scenarios. The tests shou Id include at least one fu 11
20、, live test per year, th c scenario chosen being ro tated each year.公司的持续经营规划应当在一 整套事先确定好的方案上进行 测试,应当包括每年至少一次 的全面的现场的测试,测试的 方案应当逐年轮换。44)isaster Recovery Planning灾难恢更计划nedium 中lave copies of key contracts bee n copied and these held offsite? 是否关键合同都己经被究印,并且保 存在现场之外?Inability to access key infor matio
21、n, contacts etc and ther efore inability to carry out ey processes.可能会导致无法取得重要的信 息、合同等资料,因而无法开展 重要的工作Use of off site storage wh erever possible尽可能的使用工作现场以外的 场所保管档案45)isaster Recovery Planni ng灾难恢曳计划nedium 中lave battieboxes been created wh ere required and stored offsile? 是否创立必须的“应急箱”并保存在 现场之外?Inabi1
22、ity to access key infor mat ion, contacts etc and ther efore inability to carry out ey processes.可能会导致无法取得重要的信 息、合同等资料,因而无法开展 重要的工作Use of off site storage wh erever possible尽可能的使用工作现场以外的 场所保管档案16Jisaster Recovery Planning灾难恢豆计划low低Do staff in each department know whether they wi11 be expected t o tr
23、ansfer to the Disaster Recov ery site?是否每一个部门的员工都清楚,他们 是否需要到达灾难恢匆现场?Confusion amongst staff and r csulting inability to respond effectively to an incident.可能会导致员工的混乱,从而导 致无法Tf效的处理事故DR plans should include na ned individuals who are re quired to attend the recov ery site and instructions to those tha
24、t are not immo diately required.灾难恢灯计划应当明确到个人 是否需要到达灾难恢复现场,47Disaster Recovery Planni ng 灾难恢豆计划low低)o all staff know the location o f Disaster Recovery site and hav e a map as to how to get there?是否所有员工都知道灾难恢匆现场的 地点,并且有明确的图示如何到达现 场?Confusion amongst staff and r esulting inability to respond effectiv
25、ely to an incident.可能会导致员工的混乱,从而导 致无法布-效的处理事故Ml relevant staff should be provided adequate maps/ directions to locate the r ccovcry site.向所有相关人员提供图示/指 导,使之充分了解如何到达灾 难恢更现场48disaster Recovery Planning灾难恢复计划low低For staff expected to work from lome in a Disaster Recovery situ ation has access to the IT
26、envir onment been planned?在应急侦案启用的情况下,被期望在 家中工作的员工能否按计划进入IT 环境?ey business processes not be ing carried out.可能会导致关键程序没有被实施Laptops should be provided to key staff along with r emote access to the IT env ironment and training on h ow to use it.应当对关键员工提供手提电脑 以便远程进入rr环境,并提 供相应的培训49)isaster Recovery Plan
27、ning灾难恢复计划low低Do al 1 staff working from home k now how to access remotely the 1 T environment?是否所有不在现场的员工都了解如何 远程进入IT环境?(ey business processes wi11 n ot being carried out.可能会导致关键程序没5Accounting & Reporting 会计与报告nedium 中Do suspense accounts exist only where necessary for specific documented purposes?
28、能否保证,只有出现文件规定的特殊情 况,才使用暂计帐户??cvcnucs/costs not being correctly coded thus reducing the usefulness sf the accounts to management.Inappropriate journals or other entries not being brought to the attention of management.会计科目编码的不正确性会降低其使用 效率,不正确的帐簿和录入也会降低使 用者的关注度Suspense accounts shou1d exist only where
29、 )ecessary, be used for specific purposes and should be reviewed monthly to ensure that i Lems are cleared by the end of the month following entry or adequate explanations orovided where this is not possible. Action jlans should be documented to explain any further work that is required to clear any
30、 outstanding items.暂计帐户只要在特殊情况下才允许存在,并按月检 查:在月底通常应当结清衍计帐户,如未结清,应 当提供充足的理由。对于未达帐顶,需要有书面材 料证明其存在的原因及解决的工作计划.6Accounting & Reporting 会计与报告nedium 中Are suspense accounts reviewed on a monthly basis to ensure that items are cleared by the end of the month following entry or adequate explanations provided
31、where this is not possible with action plans documented to explain any further work that is required to clear outstanding items?是否对哲计帐户按月检查,并保证除充 足理由以外,暂计帐户按月结清:对于 未达帐项是否提供书面解释及下一步的 解决安排?evenues/cosls not being correctly coded thus reducing the usefulness of the accounts to management.Inappropriate
32、journals or other entries not being brought to the attent ion of management.会计科H编码的不正确性会降低其使用 效率,不正确的帐簿和录入也会降低使 用者的关注度Suspense accounts should be reviewed monthly to ensure that i toms arc cleared by the end of the month following entry or adequate explanations provided where this is not possible. A
33、ction plans should be documented to explain any further work that is required to clear any outstanding i tems.暂计帐户应当 1按月检行,并在月底结清:如未结 清,应当提供充足的理由。对于未达帐项,需要有 书面材料证明其存在的原因及解决的工作计划。7Accounting & Reporting 会计与报告ligh 高Is a list maintained indicating who is responsible for maintaining, reconciling and rev
34、iewing reconciliations for each account? 是否存在书面清单,明确每一个帐户的 录入人员、调核人员和调核的复核人 员?Accounts may not be managed and reconciled. This may lead to discrepancies not being identified and fol lowed up. Reconci 1iat ion may lot be performed in a timely nanner.可能会导致帐户未被管理和训核。错误 未被发现和追踪;如何不设置调核的复 核人员,可能会导致调核工作未被
35、及时 完成4 control 1ist should be maintained which details who is responsible for performing and reviewing each account reconci1iation and should be updated each month to confirm that this has been done.控制清单应节被维护,清单应当清楚的明确备个帐 户的操作人员和复核人员,同时按月进行钩稽可以 确保工作按时进行8Accounting & Reporting 会计与报告ngh高Is a control l
36、ist maintained which details who is responsible for performing and reviewing each account reconciliation and which is updated each month to confirm that the reconciliations have been performed and independently reviewed?Account reconciliations may not be aerformed in a titnely manner which nay lead
37、to discrepancies not being identified and followed up.调核丁 作未按时完成可能会导致错误未 被及时发现和解决A control 1ist should be maintained which details who is responsible for performing and reviewing each account reconci 1iation and should be updated each month to confirm that this has been done.份控制清单可以清楚的明确各个帐户的操作人员 和复
38、核人员,同时按月进行钩格可以确保工作按时 进行是否维护清单以明确各帐户的操作人员 和调核人员,是否对这份名单按月钩稽 以保证调核工作和调和的复核匚作按时 独立完成?9Accounting & Reporting 会计与报告iigh 高Are the sub-ledgers reconciled to the general ledger on a monthly basis for all key accounts? (including payroll control account/tax control accounts/ sales and purchasing sub-account
39、s/ fixed asset regi ster/insurance) 是否所有关键科目的明细帐同总账至少 每月进行调核一次(包括工资类、税收 类、购销类、固定资产登记类、保险类 科目)Integrity of data is compromised. )iscrepancies may not be identified and followed up. Financial statements may bo misstated, inconsistent, and/or not in accordance with management f s policies, GAAP and app
40、licable laws and regulations 数据的完整性会受到影响,错误未被及 时发现和追踪,从而导致财务报表错 误,不一致,甚至违反了公司的政策、 会计准那么和相应的法律法规。Sub-ledgers should be reconciled to the general ledger on a monthly basis. 明细帐同总账至少每月核对次10Accounting & Reporting 会计4报告】igh高Are al 1 agency and licensee accounts prepared and reviewed on a nonthly basis?是否
41、所有的分销点和代理处的科II都及 时准备并每月至少检查一次?financial statements may be nisstated or inconsistent. Debts nay be difficult to recover and incorrect payments may be made. 财务报表可能会错误和不一致,负债可 能会难以准确归还,并产生付款错误All agency and 1icensee accounts should be jrepared and reviewed on a monthly basis. Reconciling iterns should
42、be promptly resolved.所有的分销点和代理处的科目都及时准备并每月至 少检杳一次,调核项H应当及时解决11Accounting & Reporting 会计马报告iigh 高Are al 1 intercompany accounts prepared, reviewed and agreed on a nonthly basis?是否所有内部往来、交易科目都及时准 备、检查并至少每月核对一次?financial statements may be nisstated or inconsistent. Debts nay be difficult lo recover and
43、 incorrect payments may be made. 财务报表可能会错误和不一致,负债可 能会难以准确归还,并产生付款错误Ml intercompany accounts should be prepared and reviewed on a monthly basis. Reconciling items shou1d be promptly resolved.是否所有公司内部科目都及时准备、检查并至少每 月核对一次,调和工程应当实际解决12Accounting & Reporting 会计与报告ligh 高Are al 1 reconciling items fol lowe
44、d up and resolved by the end of the fol lowing month wi th explanations provided where this has not been possible? Have action plans been documented to explain any further work that is required to clear any outstanding items?是否所有的调核工程都被及时的追踪, 并在下一个月得到解决?如未解决,是 否有书面的材料对未解决的理由以及对 其解决的方法进行明确?Misstateme
45、nt of account balances and concealment of irregularities. 可能会导致会计科目余额的错误表述, 以及隐法操作的隐藏Reconciling iterns should be promptly followed jp. Independent review of the reconci 1iat ion provides additional assurance over the process.调核工程应当及时被追踪,对于调核工程的独立复 牍会对整个过程提供更大的保证13Accounting &Reporting 会计与报告nedium 中
46、Is a month end check!ist in place to ensure that Group reporting requirements are complied with, including a tible for providing commentaries, KPI results and supplementary reporting packages? 是否存在月结核查表,以确保公司的报 告要求都得以遵守,包括提供附注 关 键业绩指标和辅助报告说明的时间表?Untimely reporting reduces the effectiveness of the fi
47、nancial information provided to group nanagement.不及时地报告会降低财务报表的有效性The group tible should be complied with.The accounts should provide segmental profitability to the level required by management.公司的时间表必须要严格执行:必须按照管理层要 求的提供分部或分区的盈利水平14Accounting & Reporting 会计与报告iigh 高Are al 1 monthly actual figures reported to Group reconci led to local accounts and any variances clearly documented and explained? 是否每月报向公司的的实际数据都同本 部门进行调核,所方的差异都被洁楚的 书面证明并解稗?Fhe figures received by group not accurately reflecting the financial position of the local entity. 报向公司的数据不准确会影响各部门/各 地区的财务状况Re