by CIO Staff

Sarbox Compliance: 15 Questions Auditors May Ask CIOs

May 15, 20032 mins

You may have gotten away with sloppy practices during your annual audit in the past, but you won’t this year. Auditors are busy learning how to spot an internal control problem that is not in compliance with the Sarbanes-Oxley Act. Here’s an abbreviated list of questions that Cap Gemini Ernst & Young says its auditors will ask CIOs.

1 How are off-balance-sheet transactions and commitments tracked, reported and approved?

2 Are payments to the external auditing firm monitored through the transactional flags on purchase orders, check requests or other means within the system?

3 Are rolling financial forecasts deployed throughout the business (business unit, product line, functional levels)?

4 How many tools are used in the forecasting process? The budgeting process?

5 Do the reporting systems trace back to the general ledgers?

6 Is cash flow from operations and generally accepted accounting principles automatically calculated?

7 Are key measures (drivers of financial results) delivered to operational managers’ desktops daily, weekly, monthly?

8 Are tax-reporting systems integrated with the company’s consolidation system?

9 Are data consolidation or reporting activities performed on spreadsheets? (They’d better not be.)

10 Do transactional reporting systems have agent-based alerts?

11 How are manual entries identified and approved?

12 How much time is spent compiling data and the financial statements versus analyzing the data?

13 How many top-level adjustments are made in the consolidation process?

14 Is the documentation updated every time there is a change to the internal controls process?

15 Do reporting systems flag reserves and other escrow accounts?

For more questions, visit