Internal Audit Self-Assessment Questionnaire:
What is the purpose/Mission/Objective of this unit or process?
How many employees work in the department? What is your organizational structure?
What documented policies and procedures are available?
What is the worst thing that could happen in this unit or process?
What is the worst thing that has already happened in this unit or process?
What are the critical interfaces (other work groups or processes) that give you the most concern
Please describe the areas of your department’s operations you feel are the most vulnerable to
risk and any related internal control currently in place to offset those risks.
How does your department support the strategy of CSM?
How does the market/economy/regulations impact your department’s operations?
Describe your department’s interactions with stakeholders (students/customers, employees,
alumni, suppliers, and the community).
Please indicate if this area has implemented any new or extensive information systems within
the past 12 months. If yes, was the software developed or purchased? What was the cost of
implementation (hardware or software)?
What is the nature of the data processed by this unit or process? Is it private, confidential,
proprietary, classified, financial, operational, sensitive, or public?
Are any information systems considered critical to the mission of this unit or process, or to CSM
as a whole?
Operations/ Management Controls & Accountability
If the department has been audited within the last 5 years by either an external group or
Internal Audit, please indicate when and by whom (internal, state, federal auditors, or other).
What procedures have been developed to monitor and evaluate employee performance in the
areas of accountability and contribution toward attainment of management goals and
How much have procedures or processes changed in the last 12 months?
To what extent has management turnover, employee turnover, or other departmental changes
(e.g., budget size, size of operations) affected the environment of the area (expertise,
continuity, control, and accountability) in the last 12 months?
Segregation of duties is an internal control where responsibilities are assigned so that no one
individual controls all aspects of a process or transaction. Please choose the answer that best
fits your department at this time:
No individual has full control over all aspects of a process or transaction.
Some individuals have full control over some transactions; however, there are some mitigating
controls to reduce risk, such as subsequent review of the transactions by another person.
Some individuals have full control over some transactions; there are no mitigating controls in
Please provide a recent departmental financial report.
How many cash collection points exist in your department? Please list the locations.
Legal and Regulatory Compliance
Due to the mission of this unit or process, what is the level of inherent risk of fines, penalties, or
lawsuits that may result from noncompliance with various federal or state regulations or
agencies (EPA, OSHA, Title IV, Title IX, NCAA, and ORC)?
Describe current measures taken to ensure compliance with applicable regulatory body.
If the unit has grant or sponsored research funding, how is compliance with OMB Circular A-21
ensured? What types of oversight are in place to monitor sponsored research activity?
Public & Political Sensitivity
What is the level of inherent risk of adverse public relations or publicity due to the nature of the
department’s basic operations? (i.e., research on human or animal subjects, hazardous waste
disposal, research involving controlled substances, significant impact on students, and access to
Do you know of anyone who is breaking the rules?
Has anyone in the organization asked you to do something that you thought was illegal or
What would you do if someone asked you to do something that you thought was wrong?