Coso Process Questionnaire

Coso Process Questionnaire

COSO PROCESS QUESTIONNAIRE

PROCESS:

Instructions: For process area, answer each question based on your evaluation and interviews with process owners. Record process owner name and date evaluation completed. Determine a judgment for each question regarding overall effectiveness. At the end of the attribute section, determine an overall evaluation of the effectiveness of this COSO attribute.

Note: It is acceptable to have an effectiveness ranking on a particular question as non-effective – not critical and still maintain an overall effective ranking of the attribute. Non-effective – not critical would pertain to questions that may not have a significant or material impact on the overall operation of the process.

RISK ASSESSMENTEFFECTIVENESS EVALUATION: EFFECTIVE, NON-EFFECTIVE CRITICAL; NON-EFFECTIVE – NOT CRITICAL

Question / Owner/ Date Evaluated / Narrative Evaluation / Effectiveness
Has the process owner established process objectives that are consistent with the overall objectives established by unit management?
Do the process objectives provide clarity and sufficient granularity as to what the process is designed to achieve?
Are the objectives consistent (and not in conflict) with the objectives of other processes?
Has management been involved in setting the process objectives, particularly those that are critical to the success of the unit?
Does the process owner have adequate resources to achieve the stated objectives?
Does the process owner have an effective process to:
  • Identify significant risks arising from external and internal sources to the achievement of key process objectives
  • Assess the significance of the risks and likelihood of occurrence
  • Evaluate alternative actions for reducing those risks to an acceptable level?

Does the process owner continuously anticipate, identify and react to routine events and changing circumstances and conditions that could affect the achievement of process objectives?
Are process activities dependent on the integrity and availability of information identified, captured, processed and reported? If so, has the process owner evaluated the risks related to the security, integrity and availability of that information?

OVERALL EVALUATION COSO RISK ASSESSMENT ATTRIBUTE

EfectiveNot Effective

COSO PROCESS QUESTIONNAIRE

PROCESS:

CONTROL ENVIRONMENT

Question / Process Owner/ Date Evaluated / Narrative Evaluation / Effectiveness
Does the process owner have an effective and understandable structure that:
  • Effectively facilitates monitoring
  • Enables the vertical and horizontal communication and information flows necessary to achieve process objectives?

Are the process owner’s approaches for articulating and clarifying roles, responsibilities, authorities and accountabilities in accordance with the established policies of the entity or unit?
Is there effective communication of appropriate policies, performance expectations and established accountability to each individual responsible for important process activities?
Are the process owner’s policies and practices for recruiting and retaining competent people and developing competence clearly defined, in support of process objectives and in accordance with the established human resource policies of the entity or unit?
Does the process owner maintain a positive operating style in terms of accepting risks, facilitating interaction among managers and employees, and demonstrating a supportive attitude toward financial reporting consistent with the tone set by senior management?
Has the process owner documented and communicated policies and procedures regarding information technology managed by control owners and other employees in areas including the following:
  • Control over access to sensitive and critical applications and data files supporting the process
  • Authorization, documentation, testing and controlled implementation of new applications and application changes affecting the process
  • Appropriate backup and recover procedures for all critical application program and data files supporting the process

OVERALL EVALUATION – COSO CONTROL ENVIRONMENT ATTRIBUTE

EFFECTIVENOT EFFECTIVE

INFORMATION/COMMUNICATION

Question / Process Owner/ Date Evaluated / Narrative Evaluation / Effectiveness
Is the process owner committed to the development of the necessary information systems to ensure all pertinent information is captured as close as possible to the source, accurately recorded and processed, and reported in a timely manner for analysis, evaluation and use in financial reporting?
Is the process owner able to obtain adequate information from relevant external sources to assess the impact of environmental changes on the process, its performance and the information about that process? (E.g. Is there information about customer needs/wants, the competitive, technological and regulatory environments?)
Does the process owner have access to information gathered by the organization on changing conditions and trends affecting the performance of the process?
Does the process owner determine that relevant and timely information is provided to control owners and other process personnel in sufficient detail to enable them to effectively discharge their responsibilities?
Does the process owner effectively:
  • Communicate process objectives to control owners and other process personnel]
  • Facilitate communication within the process and with personnel representing other entity and unit processes and functions
  • Support a process for control owners and other processes personnel to communicate upward issues regarding process performance and control?

OVERALL EVALUATION – COSO INFORMATION/COMMUNICATION ATTRIBUTE

EFFECTIVENOT EFFECTIVE

Top View