Complete this checklist and apply audit procedures prescribed in relevant audit program for the question client

answered "YES", evaluate the internal

controls and report the observations along with recommendations (if any.), for the Questions answered "NO" report as ineffective based on relevance of
the internal control activity and regulations (e.g. SOX), etc.

Client Name Date Completed:

Audit Questionnaire: Control Environment Completed By:
Business Function: COSO Framework/Code of Corporate Governance/SOX Reviewed By:

Objective:
1) Management establishes a commitment to character, integrity and high ethical values through its attitudes and actions.
2) Management establishes a commitment to competence relevant to the level required for specific jobs and translate those requirements into knowledge and skills.
3) The significant level of influence over the company is owned by Board of Directors and Audit Committee as well as they are actively.
4) A sound control environment exist in operating style and Management's philosophy.
5) To promote the sound control environment an appropriate organizational structure is designed.
6) The entity properly assigns authority and responsibility to provide a basis for accountability and control.
7) Human resource policies and procedures are properly developed and communicated to employees regarding expected levels of integrity, ethical behavior and competence.

Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

Does management maintains a formal & written

code of conduct and other policies regarding
1.1 expected standards of moral and ethical behavior,
conflict of interest and acceptable business
practices.

Ethical guidelines are followed by management

1.2 while dealings with employees, suppliers, investors,
creditors, insurers, competitors, and auditors.

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.
Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

1.3 Is there a practice to make newly hired employees

known about the importance of ethical behavior i.e.
through orientation or interviews.

Are policies understood by employees and

1.4 employees are well aware of the acceptable
behavior i.e. what to do in a situation where they
encounter an improper behavior.

Appropriate actions (i.e. Disciplinary action) are

taken timely by management on the violations if
1.5
violations are identified i.e. non-compliance with
company policies and procedures, etc.

Is there a process or practice enforced by

management through which:
- Temptations or incentives are removed/reduced so
that employees should not engage in dishonest or
unethical acts.
1.6
- Rewards, such as bonuses and stock ownership,
foster an appropriate ethical tone i.e. not granted to
those who circumvent established policies,
procedures, or controls.

Does management periodically reviews the

reputations of companies or external parties to
1.7
ensure that entity is associated with reputable
companies.

An appropriate management level approval is

required if an existing relationship is changed with
1.80
external parties i.e. attorneys, auditors, bankers are
removed and appointed some others.

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.
Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

All employees are competent and suitably trained

2.1
for their assigned responsibilities.

Management maintains a practice to cross-train the

I.C. 2.2 employees so that they understand other functions
and the impact of their specific duties on other
areas of the company.

Does management team members have broad

I.C. 2.3 functional experience (i.e. management comes from
several functional areas rather than just a few, such
as production and sales).

When required management consults with

I.C. 2.4 professionals, internal and external, in addressing
significant matters relating to internal control, legal &
tax, accounting, and financial reporting issues.

Does management provides opportunities to

I.C. 2.5 employees for training programs on new accounting
and financial reporting issues relevant to the
company.

Formal job descriptions are in place and consider

I.C. 2.6 the degree to which individuals must exercise
judgment and are subject to supervision.

When a human error or deficiency is detected, the

I.C. 2.7 cause is evaluated and appropriate remedial actions
are taken including training, reassignment,
additional resources, or appropriate consultation.

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.
Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

When significant changes in the business occur, the

company considers the competence of the
2.8 accounting and financial reporting personnel to
appropriately address new issues resulting from the
changes.

The Board of Directors and related committees raise

3.1 challenging questions to management and also
board constructively challenges management's
decisions, strategic initiatives, major transactions
and explanations of past results.

The board members are suitably experienced in

same industry and have sufficient knowledge so that
3.2 they can understand the company's business
operations, strategic initiatives and major
transactions and may present alternate/expert
views.

Unscheduled board meeting are called to address

3.4 the significant company issues when necessary by
the board members.

Audit committee meets privately with the internal

and external auditors periodically to discuss the
3.5 reasonableness of internal control process and
system as well as financial reporting. Furthermore,
the Audit Committee is independent of
management.

3.6 Internal Auditors' scope of activities and audit plan is

reviewed and approved by audit committee.

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.
Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

The information relating to key developments are

3.7
regularly communicated to the board.

Company has a whistle blowing hotline in place to

3.9 keep the board informed timely and anonymously
regarding the significant issues.

All compensation programs (i.e. target based

incentives) are reviewed and approved by the board
3.1 of remuneration committee to avoid the risk of
manipulating the short term results so that
incentives can be earned.

The Board specifically addresses management's

3.11 adherence to the company's established code of
conduct.

The Board issues directives to management

3.12 detailing specific actions to be taken as a result of
its findings and follows-up on all directives to ensure
they are properly addressed.

Management analyzes the risks and potential

4.1
benefits of ventures.

4.2 Employee turnover at management and supervisory

level is monitored and reasons are investigated.

Management regards the accounting function as a

4.3 means for monitoring and exercising control over
the entity's various activities.

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.
Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

Accounting personnel at decentralized (factories or

4.4 branches) are appropriately supervised by
centralized (Head office/ Main office) accounting
management.

Is there a proper contact by senior management

4.5 with subsidiaries, divisions, branches, etc. and it
also emphasizes consistently on the divisional
operations.

Is there a process or method in practice through

which the executive or head of departments are
4.6 informed about the responsibilities and expectations
for the entity's business activities and the entity's
philosophy about identification and acceptance of
business risk.

Does management exemplifies the attitudes and

actions reflecting a sound control environment and
4.7 commitment to ethical values and when improper
practices are reported to management, they are
communicated to all appropriate parties and dealt
with in a thorough and timely manner.

Are employees and departments who promote a

sound control environment and ethical behavior are
4.8 openly encourages and acknowledge by
management even when the practice may be
controversial.

4.9 Adopted accounting policies are that which reflects

the best economic realities of the business.

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.
Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

Key areas of authority and responsibility are defined

and appropriate reporting lines are established
5.1
within the entity, in part on its size and the nature of
its activities.

The structure of the entity has been design in such

5.2 a manner that facilitates the flow of information
across all business activities.

The responsibilities for the business activities are

5.3 clearly understood by executives and also how
those business activities affect the entity as a whole.

Are reporting relationships established in such a

5.4 manner that it facilitate the flow of information in a
timely manner to appropriate employees.

When there are changes in the business operations,

activities or industry, does management evaluates
5.5 the entity's organizational structure and makes
changes if necessary in light of changes in the
business or industry.

The organizational structure is not overly complex

5.6 and does not include numerous or unusual legal
entities.

The business purpose of entities is evident and

5.7
reasonable.

Incompatible activities are segregated (i.e.,

5.8
separation of accounting for and access to assets).

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.
Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

There are procedures in place through which related

5.9
parties are identified.

Individuals with no apparent ownership interest in,

5.1 or executive position with the entity do not exercise
substantial influence over its affairs.

Employees throughout the entity are assigned

6.1 authority and responsibility related to their specific
job functions.

Internal Control related responsibilities are

6.2 specifically contained into the job descriptions of
employees.

When appropriate/ necessary to implement the

6.3 improvements and correct the problems the
employees are empowered to do so.

Management has appropriately assigned the

6.4 ownership of information, including who is
authorized to initiate and/or change transactions.

Are there policies and procedures which describes

6.5
the authorization and approval of all transactions.

The responsibilities and expectations of accounting

6.6 and finance departments are determined and clearly
communicated by management.

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.
Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

Are there appropriate and formal standards

established as well as enforced to ensure that
individuals hired are:
- Suitably qualified.
7.1
- Having related and sufficient work experience.
- Having past accomplishments and evidence of
integrity and ethical behavior.

Is it also included in recruiting practices to conduct

formal, in-depth employment interviews and
informative insightful presentations on an entity's
7.2
history, culture and operating style demonstrate the
entity's commitment to its employees and its attitude
toward a sound control environment.

Respective roles and responsibilities are

communicated to employees through training
7.3
sessions and expected behavior and performance
level is also illustrated.

Periodic performance appraisals are conducted and

based on that rotation of personnel and promotions
7.4 driven and it demonstrate the entity's commitment to
the advancement of qualified personnel to higher
levels of responsibility.

A message is sent through the disciplinary actions

7.5 that violations of expected behavior will not be
tolerated.

An ongoing education process enables people to

7.6 deal effectively with the evolving business
environments.

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.
Serial # Control Activities Yes No* Comments /Description Employee Responsible for Task

To the best of my knowledge, the

answers and comments noted above are
Name and Title of Department Director (please print)
accurate and reflect the current internal
controls within this department:

Signature of Department Director

Name and Title of Person Completing Form (please print)

Date of Department Director's Signature

Signature of Person Completing Form

3/17/2019
Date Form Completed

* For a “No” answer, cross-reference to either a compensating control or to audit Control

work which
Environment
has been performed or is to be performed.