Skip to Content
Agencies | Governor
Search Virginia.Gov


View Department of Accounts Expenses
Virginia Department of Accounts Functional Organization Chart (pdf)
eVA Transparency Reports
Virginia Performs Logo
2-1-1 Virginia logo

Agency Risk Management and Internal Control Standards - Assessment Guide


Links....
Amanda R. Morris, CFE
Voice: (804) 225-2542
Email: amanda.morris@doa.virginia.gov or ARMICS@doa.virginia.gov

Numeric Scoring for Surveys of Subjective Opinions

Some of the following exhibits ask survey respondents to quantify how strongly they agree or disagree that specific controls are implemented and operating effectively. For those exhibits, suggested descriptions for each score are:

Score Description
5 Strongly Agree
4 Agree
3 Somewhat Agree
2 Somewhat Disagree
1 Strongly Disagree
N/A Control does not/cannot exist due to agency circumstances

The score assigned may sometimes be subjective but should be based on the knowledgeable and experienced respondent's understanding about the control in question. A more systematic method of defining what each score means based on the perceived reliability level of each control is useful.

The table below (Exhibit 14, page 39) assigns a "control reliability level" based on five factors:

  1. Supporting documentation for the control's design and its operation
  2. Employee awareness and understanding of the control
  3. Perceived value of the control to employees
  4. The extent to which the control procedure is formal and standardized
  5. The extent to which the control is monitored

Summary of Internal Control Reliability Model* (Exhibit 14)

Control
Reliability
Level
Documentation Awareness and
Understanding
Perceived Value
to Employees
Control
Procedures
Monitoring
Initial Very limited Basic awareness by management Unformed Ad hoc, unlinked No monitoring
Informal Sporadic, inconsistent Understanding not communicated beyond management Controls are separate from business operations Intuitive, repeatable No monitoring
Systematic Comprehensive and consistent Formal communication and some training Controls integral to operations Formal, standardized No monitoring
Integrated Comprehensive and consistent Comprehensive training on control-related matters Control processes considered part of strategy Formal, standardized Periodic monitoring begins
Optimized Comprehensive and consistent Comprehensive training on control-related matters Commitment to continuous improvement Formal, standardized Real-time monitoring
* Adapted from How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control, by Michael Ramos, John Wiley & Sons, 2004.

After assessing each control's reliability level, the respondent would then "translate" that reliability level into a score, as shown in the table below (Exhibit 15, page 40).

Translating "Reliability Level" into a Score for Each Control (Exhibit 15)

In our agency, this control condition's reliability is
..........
"Optimized"
..........
so I strongly agree, giving a score of
..........
"5"
In our agency, this control condition's reliability is
..........
"Integrated"
..........
so I agree, giving a score of
..........
"4"
In our agency, this control condition's reliability is
..........
"Systematic"
..........
so I somewhat agree, giving a score of
..........
"3"
In our agency, this control condition's reliability is
..........
"Informal"
..........
so I somewhat disagree, giving a score of
..........
"2"
In our agency, this control condition's reliability is
..........
"Initial"
..........
so I strongly disagree, giving a score of
..........
"1"
In our agency, this control does not or cannot exist
..........
...........
..........
giving a score of
..........
"N/A"

This scoring method is not mandatory and appears here for management consideration. Management may devise alternate methods and modify the exhibits accordingly. Whichever scoring or other answering scheme is used, management should take care to ensure that the assessment is done by someone with the appropriate background, experience, and training in the area under consideration and that instructions are clear so that respondents provide meaningful feedback.

Assessment Guide Downloads

All of the following assessment guides are in Microsoft Word format. Although the documents are password protected to allow the forms to work correctly, the password is blank so that documents may be modified as necessary.

Download All Exhibit Files in one Compressed Archive: [ZIP] (648 kb)

OR

Individual Files Listed Below:

Stage 1 - Agency-Level Internal Control Assessment Guide

Stage 2 - Process or Transaction-Level Control Assessment (pages 60-67)