INTERNAL CONTROL INSTITUTE BRASIL
2020
Certified Internal Control Specialist (CICS) Intensive Course
Skill Seven – Check lists Eduardo Person Pardini
C R O S S O V E R C O N S U L T I N G & A U D I T I N G
Curso EAD
1
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
INDICE
1.1 Checklist 1 – Intent for corporate accounting and reporting practices..........................03
1.2 Checklist 2 – Intent to making corporate officer more accountable for their acts….06
1.3 Checklist 3 – Intent to enhancing the system of control and disclosure weakness...08
1.4 Checklist 4 – Intent to encouraging and supporting whistleblowers………………………10
1.5 Checklist 5 – Intent to ensuring need evidence is retained………………………………........11
1.6 Checklist 6 – Intent to increasing the oversight responsibility of the board…………..12
1.7 Checklist 7 – Intent to enhancing the independence of the external auditor.............14
1.8 Figure 9 – Template for summarizing results for 7 compliance checklist………............16
EDIÇÃO 1 – SÃO PAULO – BRASIL - 2020
PUBLICAÇÃO: Crossover Consulting & Auditing
Resumo traduzido do CBOK Edição IIIv1
É permitida a reprodução total ou parcial desta obra, por qualquer meio eletrônico, inclusive por processos
xerográficos desde que seja indicada a fonte e o autor. Na dúvida consulte-nos através do e-mail:
2
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Skill Category 7
7.0 Internal Control Measurement and reporting
Resumo Versão em Português
7.0 Controles internos – Medição e Relatórios
Modelos de Questionários para avaliação da conformidade com a Lei Sarabanes-
Oxley – Complemento da categoria de conhecimento 7
Neste anexo encontram-se questionários (check-List) para auxiliar na avaliação da
conformidade da empresa com a Lei Sarbanes-Oxley.
Observem que estes questionários devem ser revisados e ajustados para a aplicação em
sua corporação, pois são somente uma sugestão para aplicação.
3
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Work Checklist 1 – Compliance Checklist for Meeting the Sarbanes – Oxley
Intent for Corporate Accounting and Reporting Practices
Checklist #
Number Item Response Yes No
Comments Number
1
Has the corporation prepared for regular
and more detailed reviews of its filings with the
SEC?
2
Does a knowledgeable group, such as internal
audit, review the filling to the SEC for erroneous omissions?
3 Is there a process in place to ensure timely and
accurate disclosure of information designated by
the SEC to be disclosed, on a timely and accurate
basis?
4 Is there a process in place, such as one operated
by internal audit or the organization's legal
counsel, to assure that none of the company’s
accountants are practicing in violation of any SEC
order?
5 Is there a process in place to monitor when
securities analyst recommends the corporation’s
stock that there is no conflict of interest on the part
of the security analyst in making that
recommendation?
6 Are the senior corporate officers and the board of
directors aware of the increased criminal penalties
for serious fraud incorporated into the Sarbanes –
Oxley Act?
7 If there has been significant volatility in the
corporation’s stock price, can the corporation
explain that volatility to the SEC?
8 Does someone review the proforma financial
information to assure that it does not contain any
un-true statements, or state a fact that may cause
misunderstanding of the financial information
contained in the proforma statements?
9 Has the company reconciled all proforma reports
to the results of corporate performance as
calculated under general accepted accounting
principles
10 Has the company reconciled all proforma reports
to the results of corporate performance as
calculated under general accepted accounting
principles?
11 Are all financial reports prepared in accordance
with general accepted accounting principles?
4
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Number Item Response Yes No
Comments Number
12
Has any material variance in financial reports
from general accepted accounting principles been identified for disclosure?
13
Do the corporation’s financial reports disclose all
adjustments proposed by the independent
auditors, and indicate which have been
incorporated, and which have
not been incorporated?
14
Do all annual and quarterly reports disclose all
material off balance sheet transactions,
arrangements, obligations, (including intention
obligations), and other relationships that may
have a material effect on the company?
15 Are the financial reports of the company written
in a manner that they are readily understandable
by an individual without financial expertise?
16
Do the internal auditors believe that all financial
information and statements issued by the
corporation present fairly the financial condition
of the corporation?
5
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
7.4.3 Questionário de avaliação para a lei Sarbanes-Oxley
O primeiro questionário que você irá encontrar no anexo não versão em inglês é o que
endereça a avaliação para os objetivos de intenção da lei SOX quanto à contabilidade
corporativa e práticas de relatório. Ele contém dois tipos de itens, o primeiro relacionado
com a atividade da lei considerando sua condição binária, e a segunda relacionada em
atender a intenção da lei.
Para alcançar uma resposta “sim” com relação aos itens da lei, este deve ser objetivamente
atendido. Exemplo: se algum documento deve ser retido por sete anos, a resposta sim
deve representar que o documento está ou estará retido por este tempo de forma
objetiva.
Para receber a resposta sim na avaliação dos objetivos de intenção da lei, o processo de
retenção ou guarda do documento deve existir, através de um processo formal de
identificação do documento, sem que esta função fique a cargo de uma pessoa lembrar se
deve ser guardado ou não.
Geralmente uma resposta “sim” no questionário requer que o processo tenha atendido os
seguintes critérios:
• O processo deve ser documentado
• O processo deve ser entendido e disseminado por todas as pessoas responsáveis
para executar o processo
• O processo tem que ser executado como documentado
• O resultado do processo deve ser visto como correto atendimento da intenção da
lei
• Existe um espaço no questionário para que se necessário, fazer alguns comentários
para esclarecer as respostas, principalmente as respostas negativas, ou aquelas que
mereceram uma investigação.
6
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Checklist 2 - Compliance Checklist for meeting the Sarbanes-Oxley intent of
making corporate officers more accountable for their acts
Number Item Response
Yes No Comment Number
1
Do the officers and directors of the corporation
know that if they take any action to fraudulently
influence, coerce, manipulate, or mislead the
auditors they are in violation of the Sarbanes –
Oxley Act?
2
Is there a process in place to ensure that
executive’s bonuses and profit sharing must be
restated if the financial statements of the
organization are restated?
3
Is there a process in place to prohibit the
purchase or sale of corporate stock by officers
and directors during pension plan blackout
periods?
4
Is the process adequate that the CEO and CFO
use to assure the completeness and fairness of
the annual and quarterly financial reports of the
corporation?
5
Is there a process to provide sufficient
information to the CEO and CFO to certify the
adequacy of the corporation system of internal
controls?
6
Is there a process in place to monitor financial
operations to ensure that all material exceptions
are identified and disclosed?
7 Is there a process in place to ensure that all
material exceptions are identified and
disclosed?
8 Do the internal auditors maintain records of
frauds involving management or other
employees?
9
If so, are those frauds disclosed to the
independent auditors, and audit committee of
the board?
10
Do the internal auditors maintain a log of
significant changes to the corporation’s system
of internal controls?
7
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Number Item Response Yes No
Comment Number
11
If so, are those changes disclosed to the
independent auditors and the audit committee of
the board of directors?
12
Does the corporation have a code of ethics
governing the ethics of the corporation’s senior officers?
13
If so, is there a process that assures
compliance, and if compliance is not met,
discloses noncompliance?
14
Does the CEO sign the corporation’s tax returns,
so that if there are a securities or corporate fraud,
the CEO will be held accountable under the
rules of the internal revenue service?
15
Does the corporation have a policy and process
that prohibits loans to senior corporate officers and directors?
TOTAL NUMBER OF RESPONSES
PERCENT OF YES RESPONSES
8
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Checklist 3 – Compliance Checklist for meeting the Sarbanes-Oxley Act intent of enhancing the
system of internal controls and disclosing weaknesses
Number Item Response Yes – No
Comments Number
1
Does the corporation have a single definition
of their “system of internal control” and if
so, is it used through the corporation?
2
Does the corporation’s internal auditing
function have a responsibility to review the
adequacy of the system of internal controls?
3
Does the corporation have a policy or
statement defining management’s
responsibility for establishing and
maintaining internal controls and
procedures for financial reporting?
4
Does executive management have a process
that they follow to determine whether or not
the system of internal controls is effective?
(I.e. the process management uses to
evaluate the financial reporting controls and
procedures).
5
Does the corporation's firm of independent
auditors attest to and report on,
management’s evaluation of the internal
controls and procedures for financial
reporting?
6
Is executive management’s attestation
regarding the effectiveness of the
corporation’s internal control and
procedures for financial reporting
consistent with the assessments and
conclusions drawn by the internal auditing
function?
7
Does executive management have a process
for identifying, reporting, and disclosing
weaknesses in the corporation’s system of
internal control?
8
Does executive management have a process
for identifying and disclosing any
significant changes in the system of internal
controls?
9
Does executive management receive from
both the internal auditors and independent
auditors any material weakness they believe
exist in the system of internal controls?
10
Does executive management have a
measure that they use for determining when
a weakness in the system of internal
controls is considered material?
9
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
11
Does executive management have a measure
for determining when any change to the
system of internal controls is a material
change to the
system?
12
Does the internal auditing function believe
that management has made all of the
disclosures required under the Sarbanes-
Oxley Act?
13
Does the corporation maintain the
necessary procedures for gathering,
analyzing and disclosing all information
that is required to be disclosed by the
Sarbanes-Oxley Act?
14
Does the corporation compare its internal
control framework against the COSO
internal control framework and identify
differences for potential disclosure and
internal control improvements?
15
If the corporation desires to be ISO 9001 or
14001 compliant, do they coordinate the
control assessment required to be ISO
compliant with procedures used to assess the
effectiveness of the organizations system of
internal controls?
TOTAL NUMBER OF RESPONSES
PERCENT OF YES RESPONSES
10
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Checklist 4 – Sarbanes-Oxley Checklist on encouraging and supporting whistleblowers
Number Item Response
Yes/No Comments Number
1 Does the corporation have a
policy regarding whistleblowers?
2
Has the corporation assigned a single
individual or group responsibility for
assuring compliance to the whistle
blowing provisions of the Sarbanes –
Oxley Act?
3
Does the corporation have a process for
recording whistleblowers complaints /
charges against the organization?
4
Has the organization legal counsel
provided guidance on how to
differentiate disgruntled employees,
from employees who have a legitimate
concern about the organizations
operations?
5
Is there a process to ensure that
whistleblowers will be tracked and
monitored to ensure that they are not
discriminated against?
6 Is there a process to ensure that
contactors, suppliers, agents, and so
forth will be tracked and monitored to
ensure that they are not discriminated
against?
7 Does the organization have a process,
which will reward employees for whistle
blowing if the reported violations turn out
to be true?
8 Does whistle blowing include
information reported to shareholders and
the financial community that may be
misleading investors and stockholders?
9 Does whistle blowing include calling to
the attention of management accounting
and financial reporting errors?
10 Does whistle blowing include reporting
pressure placed on management to
withhold information from independent
auditors?
11 Has someone in the organization
developed a formal system for recording
and monitoring
whistleblower complaints?
TOTAL NUMBER OF RESPONSES
PERCENT OF YES RESPONSES
11
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Checklist 5 - Sarbanes-Oxley assessment checklist on ensuring needed evidence is retained.
Number
Item Response Yes/No
Comments
1
Have the independent auditors stated that they will retain audit
workpapers in accordance with the provision of the Sarbanes – Oxley Act?
2
Will the internal audit function retain working papers in accordance with
the provisions of the Sarbanes – Oxley Act?
3
Do corporate workpapers that might record, document the intent to
impede, obstruct, or influence any existing or contemplated federal
investigation be retained in accordance with the provision of the
Sarbanes – Oxley Act?
4 Have the internal auditors asked the corporate legal counsel to review
their work paper retention policy to get a legal opinion if they are in
compliance with provision of the Sarbanes – Oxley Act?
5 Does the internal audit function have a program to instruct its audit staff
regarding the retention of interim and final working papers?
6 Does the auditor in charge of reviewing work papers also review to ensure
the retention of work papers needed under the provision of the Sarbanes – Oxley Act?
7 Does the internal audit director believe that the corporation has retained
all of the evidence that might be needed by federal prosecutors to
prosecute for security fraud?
8 If so, in cases where security fraud has been discovered, are those
working papers retained in accordance with the extended statute of
limitations for securities fraud provided under the Sarbanes-Oxley Act?
(I.e. two years after the violation was discovered, or five years after the
violation whichever occurs first).
9 Does the internal legal counsel have a policy to ensure that attorneys will
report evidence of a material violation of the securities law or breach of
judiciary duty to a higher authority?
10 Has the corporation external legal counsel certified that they intend to
follow section 307 of the Sarbanes – Oxley Act?
11 Does the corporations legal counsel have a definition of what they
believe is a material violation of the securities law or breach of fiduciary
duty sufficient for an attorney to report it to a higher level?
12 Does internal auditing monitor the pronouncements of the Public
Company Accounting Oversight Board to determine if they have adopted
or amended audit standards?
13 If so, is internal auditing in compliance with the standards adopted or
amended by the board?
Total Number of Responses
Percent of Yes Responses
12
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Checklist 6 – Sarbanes-Oxley Checklist for increasing the oversight responsibility of the Board of
Directors and the Audit Committee
Number Item Response Yes/No
Comments Number
1
Is the CEO, controller, CFO, or any person serving
in the equivalent position been employed by the
independent accounting firm conducting the
corporate audit within a 1-year period prior to the
start of the audit?
2
If so, has that information been provided to the audit
committee so that it can take the appropriate action?
Does the audit committee hire the independent
public accountants?
Does the audit committee determine or agree to the
compensation to be paid to the independent auditors?
Does the audit committee have an oversight process
to ensure the independent auditors do the work as
specified in the engagement letter?
Is the chairperson of the audit committee an
independent director?
Is the audit committee comprised of all independent
directors?
Are the members of the audit committee precluded
from accepting any consulting, advisory, or other
compensation from the corporation other than
director’s fees?
Are all the members of the audit committee prohibited
from being affiliated with any of the subsidiaries of
the corporation?
Are members of the audit committee prohibited from
being affiliated with major suppliers to the
corporation?
Does the audit committee have a process for
receiving, maintaining a log of, and resolving
complaints regarding the corporations accounting,
internal accounting controls, or auditing matters?
If so, does the audit committee have a policy of
assuring that submission of those complaints by
employees will be assured adequate protection?
Does the corporation have a policy that prohibits the
corporation from extending credit or making loans to
any director or executive officers?
Does the corporation have a policy that requires
directors and officers the file notice of designated
transaction of any class of equity securities if they
are the owner of more than 10% of that class of
equity security?
Does the audit committee have at least one financial
expert on the committee?
13
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
If so, does that individual understand generally
accepted accounting principles and financial
statements?
If so, does that individual have experience in the
preparation or auditing of financial statements of
comparable companies, and the applications of such
principles in connection with the accounting for
estimates, accruals, and reserves?
If so, does that individual have experience with
internal accounting controls?
If so, does that individual have an understanding of audit committee functions?
Does the company investigate whether members of
the board of directors’ immediate family have any
financial relationship with the corporation? (Does
the corporation define who immediate family
members of a director are?)
Does the corporation have guidelines for
determining which types of relationships directors or
their immediate family members may have with a
corporation that are both acceptable and prohibited?
Does the corporation have guidelines regarding
investments made by a director’s primary business
affiliation in transactions in which the corporation is
involved as a principle or sponsor?
TOTAL NUMBER OF RESPONSES
PERCENT OF YES RESPONSES
14
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Checklist 7 – Sarbanes-Oxley Checklist on enhancing the independence of independent auditors
Number Item Response Yes/No
Comments Number
1 Is the independent audit firm doing the audit registered
with the oversight board?
2
If any part of the audit is being performed by a non-U.S.
independent auditing firm; is that firm registered with the oversight board?
3
Is the audit committee aware of the Sarbanes – Oxley
provisions regarding the independent auditors workpapers;
second partner review and approval of audit reports; and
internal control assessment rules?
4
If so, does the audit committee formally ask the
independent auditors to confirm that those procedures
were followed?
5 Does the audit committee engage the firm of independent
auditors?
6
Does the audit committee have a process for providing
oversight of the work performed by the independent
auditors?
7 Does the audit committee specify the formula for
compensating the firm of independent auditors?
8 If so, does someone assure that they are compensated in
accordance with that formula?
9 Are the independent auditors prohibited from performing
all of the following non-audit services: a) expert services
unrelated to the audit b) accounting services such as
preparation of financial statements, c) appraisal or
evaluation services, d) internal audit outsourcing services,
e) actuarial services, f) legal services, g) investment
advice, h) investment banking services, I) performing or
assisting in performing management functions? (There is
an exception that allows independent auditors to do non-
audit services if they account for less than 5% of the fees
paid by the corporation to the independent
auditors.
10 If the independent auditors engage in allowable non-audit
services such as tax preparation, have those services been
approved in advance by the audit committee?
11 Is there a process for assuring that the independent auditors
do not perform prohibited non-audit services?
12 Is there a process to assure that the independent auditor’s
partner in charge will be rotated off the audit after
performing the audit 5 consecutive years?
13 If the audit committee pre-approves non-audit services, do
they disclose that decision to investors in periodic reports?
15
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
14 Does the independent audit firm have a policy that prohibits
assigning staff to the corporation’s audit if that staff member
or immediate family has a vested interest in the ongoing
success of the corporation?
15 If employees of the independent auditors are hired by the
corporation, are they prohibited from participating in the
decision to select an independent audit firm for at least 1
year after they are hired?
16 Is there a list or inventory maintained of individuals who are
recognized as outstanding performers?
17 If so, are those measures of exceptional performance (e.g.
meeting sales quotas, rapid increases in profit, and so
forth) investigated to assure they are not manipulating
financial records for their own benefit?
TOTAL NUMBER OF RESPONSES
PERCENT OF YES RESPONSES
7.5 Resumo dos resultados da avaliação de conformidade das intenções Sarbanes-Oxley
Uma análise rápida da Avaliação de conformidade das intenções Sarbanes-Oxley pode ser
facilmente preparada executando as três etapas a seguir:
• Etapa 1) Totalize o número de respostas "sim" em cada lista de verificação Sarbanes-
Oxley (ou seja, sete listas de verificação).
• Etapa 2) Calcule a porcentagem de respostas sim em relação ao total de itens nas sete
listas de verificação.
• Etapa 3) Poste porcentagens nos documentos de avaliação de conformidade da Lei
Sarbanes - Oxley, resumindo os resultados da avaliação.
Quando os três itens acima estiverem completos, o documento de trabalho terá sete barras
mostrando a porcentagem de respostas sim. Com base no objetivo de intenção descrito nesta
seção, qualquer uma ou todas as análises a seguir podem ser feitas.
• Objetivo com a maior conformidade.
• Objetivo com o mínimo de conformidade.
• Um programa de melhoria pode ser desenvolvido para se concentrar no objetivo
pretendido com o mínimo de conformidade, usando os itens "sem resposta" como
base para a melhoria.
16
2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing
Figure 9 - Sarbanes – Oxley Act Compliance Assessment Work Paper
Summarizing the Results from the Seven Compliance Checklists
100%
75%
50%
25%
0%
Percent of
“yes”
responses to
Public
Trust in
Accounting
Corporate
Executive
Accountability
Internal
Control
System
Whistle
Blowers
Retaining
Evidence
Board
Oversight
Independent
Auditors
the Audit Sarbanes – Oxley Act Intent Objectives
Checklists
Note: (Figure 9) The percentage should be posted as a bar (bar graph).
EPP agosto 2020