This document contains two sample programs that include general steps organizations can use when performing an entity-level controls audit.
The purpose of this audit it to assess at a high level and validate key controls in place for the monitoring process. Areas of risk include: internal audit does not have the authority to review any aspect of the entity's operations; internal audit is not independent of the activity's IT audits; and management is not required to respond in a timely manner to the internal audit department's findings and recommendations.
Checklists & Questionnaires
Entity-Level Controls Fraud Questionnaire