## Internal Control Questionnaire (ICQ)

An Internal Control Questionnaire (ICQ) is a comprehensive series of questions designed to evaluate whether adequate internal controls exist in a specific functional area of the entity.

### Purpose of an ICQ

Systematically document the auditor's understanding of internal controls
Identify control gaps (areas where controls are absent or inadequate)
Form a basis for deciding the extent of substantive testing — stronger controls → less testing needed

### Structure of a Good ICQ

An ICQ for any department should cover:

1. Authorization/approval controls — who decides?

2. Completeness controls — are all items covered?

3. Accuracy/valuation controls — are values correct and current?

4. Safeguarding controls — are assets protected?

5. Review/follow-up controls — are anomalies tracked and resolved?

### Illustrative ICQ — Insurance Department

For a manufacturing company with three plant locations (two in City A, one in City B), the insurance department ICQ would include:

#	Question	Control Objective
1	Are competitive quotes obtained from different insurers?	Economy / Best Value
2	Is comprehensive insurance cover obtained (fire, flood, burglary, earthquake)?	Completeness of coverage
3	Are all three locations in cities A and B covered?	Completeness — geographic
4	Are all asset categories (building, plant & machinery, inventories) covered?	Completeness — asset types
5	Is there a procedure to ensure assets acquired between renewal dates are also covered?	Completeness — timing
6	Is there an official who decides on values for which policies are taken?	Authorization
7	Does the officer periodically review the adequacy of insurance cover?	Review/adequacy
8	Is loss-of-profits insurance cover taken?	Business continuity
9	Have there been any instances of rejection of claims?	Effectiveness of coverage
10	Are pending claims followed up with insurers?	Follow-up/completeness

### Key Insight

ICQ responses are typically Yes/No. A 'No' or 'Not Applicable' answer flags a potential control weakness requiring further investigation.

Worked example

### Example 1

MD 2 (3M) — Chemical Manufacturing Company: The company has three plant locations (2 in City A, 1 in City B), owns its buildings, earns good profits, and has a dedicated insurance department. The ICQ must specifically address: (a) whether all three locations are separately covered, (b) whether the asset mix (building + plant + inventories — which are chemicals and thus high-risk) is fully covered, (c) whether business interruption (loss-of-profits) insurance is taken given the desire to avoid business interruption losses, and (d) whether pending claims are tracked. The chemical nature of inventories suggests special risk of fire/hazardous incidents — comprehensive cover is especially critical.

⚠️ Common exam mistakes

Writing ICQ questions as open-ended narrative questions — ICQ questions must be phrased to elicit Yes/No answers.
Forgetting to cover the 'assets acquired between renewal dates' gap — this is a classic completeness control weakness.
Not tailoring the ICQ to the specific facts — for a company with multiple locations, location-specific coverage questions are mandatory.
Omitting loss-of-profits insurance — the question explicitly states the company 'does not want to suffer losses due to business interruptions', making this a specific expected point.

Reference:

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →