Books and Records
Are your computerized business records protected with levels of authorization protection?
Are your business checks locked up or sitting in a printer?
Are your voided and unclaimed checks properly controlled and accounted for? By whom?
Do you have system controls for checks, purchase orders, shipping and receiving reports, and asset disposition reports, and are they consecutively numbered?
Are your inventory records controlled and compared to physical inventory?
Are your bank statements reviewed for any unusual withdrawals or transfers, prior to being given to your employee responsible for monthly reconciliation?
Are your confidential business and client records properly disposed of on a regular and routine basis?
Duties and Responsibilities
Do separate individuals maintain your records, such as: are your Account Receivables and Payables Ledgers maintained separately from your General Ledger?
Do your key employees have separate duties and responsibilities and separate access to keyed areas, such as desks, safes, files, computer systems, and the like?
Do you have separate employees handle reconciliation of Bank Statements and the General Ledger function?
Are your fixed assets periodically reviewed to ensure that they exist, and are in the same condition as last seen? Who has responsibility over those assets?
Do you have different employees handle inventory, billings, sales, and returns?
Do you have a process for "off-boarding" employees leaving your employment?
Do you periodically rotate your employee's duties and responsibilities?
Computer Systems
Do you have a separate locked (restricted access) and air-conditioned room for your computer file server?
Do your employees have a Logon and Password that are required to be changed periodically and are they required to logoff/lock their workstation when not at their computer?
Do your employees have a Privacy Notification Screen that they have to click through prior to logging into your computer system?
Are passwords and logons kept confidential? Or are they hidden underneath keyboards and/or around the computer monitors?
Does your System Administrator have authorization levels set appropriately, and who is watching your systems administrator?
Does your System Administrator perform routine backups? If so, are they full, differential, or incremental?
Do your employees sign yearly certification reviews regarding your policy on Internet usage, email storage, security policy, and IRCs?