# Internal Financial Controls — Testing Checklist

**Client:** _______________________  **FY:** __________

## Entity-level controls

| Control | Design | Operating effectiveness | Evidence |
|---------|--------|-------------------------|----------|
| Control environment / tone at top | ☐ | ☐ | |
| Risk assessment process | ☐ | ☐ | |
| Information systems (ITGC overview) | ☐ | ☐ | |
| Monitoring of controls | ☐ | ☐ | |

## Process-level (select applicable)

| Process | Key control | Test performed | Exception |
|---------|-------------|----------------|-----------|
| Revenue | Authorization / cut-off | | |
| Purchases | Three-way match | | |
| Inventory | Physical verification | | |
| Fixed assets | Register / verification | | |
| Payroll | Attendance / approval | | |
| Treasury | Bank reconciliation | | |
| Financial close | JE approval / reconciliations | | |

## CARO 2020 cross-reference

☐ Controls sufficient to support CARO clause (xiv) — internal audit commensurate with size  
☐ Deficiencies noted → impact on CARO wording: _______________________

**Conclusion:** ☐ Effective  ☐ Deficiencies noted (see memo)

---
*Free template from CiteAudit — citeaudit.com/resources*
