What is the difference between Internal Control Questionnaires (ICQ) and Internal Control Evaluation Questionnaires (ICEQ)?

Internal controls questionnaires (ICQ) and Internal controls evaluation questionnaires (ICEQ) are basically two modes of documenting entity’s internal control system while auditor applies risk assessment procedures and tests of controls.

Both serve different purposes and thus are distinct from each other. However, which one to use depends on auditor’s understanding of the entity, the risk of material misstatement and his professional judgment. But they are definitely not replaceable.

Internal Control Questionnaires (ICQs) are used to check whether a particular control exists or not to detect or prevent and correcting a material misstatement (or simply misstatement) at an assertion level. In simple words ICQs are used to appraise the design of the internal control system. And if a certain control is not present, which in auditor’s opinion was necessary, then it represents a deficiency in the internal control system.

Internal Control Evaluation Questionnaires (ICEQs) are used to check whether a certain existing control is operating effectively or not to detect or prevent and correct a material misstatement (or simply misstatement) at an assertion level. In simple words ICEQs are used to appraise the operating effectiveness of the internal control system. And if a certain control is operating effectively up to the standards, which in the opinion of auditor was necessary, then it represents a deficiency in the internal control system.

ICQs are developed by the auditor usually after assessing the risk of material misstatement through understanding entity and its environment. Keeping the level of risk of material misstatement in mind, he thinks of controls which should exist in the internal control system which is ideal to cater such level of risk.

Whereas, ICEQs are developed by the auditor usually after assessing the risk of material misstatement through understanding entity, its environment and internal control system. Keeping the level of risk and the internal control system, he evaluates the internal control system whether the system is working as it was intended to be.

7 COMMENTS

  1. Hmm! The different between ICQ n ICEQ information is insufficient.

    As the above explanation does not mention about ICEQ in which come into two form, is positive and negative.
    Eg positive form, it auditor has to evaluate which type of audit procedure has meet the objective control ,
    While the negative form is what are risk of being faced if the relevant control does not exist

  2. Allah ka sukr h.I have one more query that how ICEQs brings to light importance of those weakness disclosed by ICQ?

  3. Thanks.

    ICQ – is the computer password protected? A ‘yes’ answer means the control exists therefore a ‘no” answer means there is no control. ie a weakness in the control system.

    ICEQ- is there a way of accessing that computer without the password? A ‘yes’ answer is now flagging a weakness whereas a ‘no’ answer means the internal controls are working.

    Consider this… the auditor asks the employees.. are they likely to answer truthfully under pressure?

    • Good examples indeed! And welcome to PakAccountants

  4. Thanks for the description

Comments are closed.