1 / 32

Operational Auditing

Operational Auditing. Spring 2010 Professor Bill O’Brien. Corporate Governance. Strategic direction Governance oversight Enterprise risk management Assurance that processes are working. Risk Management. Strategy formulation Range of activities Risk = barriers to objective achievement.

elwyn
Download Presentation

Operational Auditing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operational Auditing Spring 2010 Professor Bill O’Brien Operational Auditing--Spring 2010

  2. Corporate Governance • Strategic direction • Governance oversight • Enterprise risk management • Assurance that processes are working Operational Auditing--Spring 2010

  3. Risk Management • Strategy formulation • Range of activities • Risk = barriers to objective achievement Operational Auditing--Spring 2010

  4. COSO and ERM • COSO 2 cube • ERM defined: • “A process, effected by an entity’s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” Operational Auditing--Spring 2010

  5. Remember this Key Point • Risk is BOTH positive and negative Operational Auditing--Spring 2010

  6. COSO ERM Objectives: S-C-O-R • Strategic • Compliance • Operations • Reporting Operational Auditing--Spring 2010

  7. -Control Environment-Risk Assessment Processes-Operational Control Activities-Information Flow Systems-Monitoring Activities -Internal Environment-Objective Setting -Event Identification-Risk Assessment-Risk Response-Control Activities-Information & Communication-Monitoring COSO APPROACH TO CONTROL ACHIEVEMENT COSO-ERMCOMPONENTS Integrating COSO-ERM with COSO-I/C The COSO-ERM Model incorporates rather than replaces the COSO-I/C Model. Operational Auditing--Spring 2010

  8. COSO-ERM Components • Internal Environment • Objective Setting • Event Identification • Risk Assessment • Risk Response • Control Activities • Information and Communication • Monitoring Operational Auditing--Spring 2010

  9. ERM and Ops. Audit • Provide assurance on risk mgt. • Provide assurance of risk evaluation • Evaluate risk mgt. processes • Evaluate risk reporting • Review the mgt. of key risks. • See Exhibit 4-4 Operational Auditing--Spring 2010

  10. IIA ERM Advisory • Audit plan should be based on risk assessment • Audit plan may include the strategic planning process • Audit plan should be updated for significant changes • Audit plan should be prioritized based on risk likelihood and exposure • Audit reporting should convey risk related conclusions Operational Auditing--Spring 2010

  11. O’Brien’s Suggestions Finance should be involved in active conceptual support. Finance should be an implementation driver. Finance should provide on-going assessment of the process. Finance should add insight to ERM and vice-versa. Finance should assume the role of process coordinator. Operational Auditing--Spring 2010

  12. Where Do We Go from Here? • Increased demand • Increased respect • Increased contribution • Increased advancement opportunities… • IT’S A GREAT TIME TO BE FOCUSED ON OPERATIONAL AUDIT OPPORTUNITIES!!! Operational Auditing--Spring 2010

  13. Business Processes • Basic entity for I/A services • Understanding business processes is key Operational Auditing--Spring 2010

  14. Process Documentation • Flow charts • Storyboarding • Identifying business risks • What gets in the way of objective achievement Operational Auditing--Spring 2010

  15. Flowcharting Begin or End File Activity Decide Document Operational Auditing--Spring 2010

  16. What Is Storyboard Flowcharting? • New method for documenting a process. • Clean and simple flowcharting method. • Allows for clients and auditors to clearly understand process under review. • Simple technique that requires a good graphics package and a little imagination. • Can use Microsoft PowerPoint, Harvard Graphics, Corel Draw, etc. • Does not replace IS flowcharting. Operational Auditing--Spring 2010

  17. The Basics of Storyboard • Meet with client and document process. • Use your imagination to choose/draw picture. • Under picture write narrative for each step represented. • Be creative - good control narrative in green; poor controls in red. • Completed storyboard must be reviewed with client. • Make any changes necessary. • Final copy should be in color for most effective presentation. • Different process may require different approach. Operational Auditing--Spring 2010

  18. A • Print out story board - • black and white draft and • color for final. • Review storyboard • with client and obtain • sign off. How to Storyboard A • Meet with client and document process. • From client interview • create storyboard. Operational Auditing--Spring 2010

  19. Start Company XYZ Order-fulfillment process Customer Service Rep Receives Order Customer Service Rep Researches And Corrects Information NO Approved By Manager? By Phone? Customer Service Rep. Key Enters Data on-Line Print Three-Part Shipper YES YES NO Yellow and Green To Shipping Department On Standard Order Form? By Mail or Fax? Pink to Accounts Receivable Department Scan Form Into System YES YES NO Shipping Pulls And Packs Orders Send to Special Order Department ShippingFiles Yellow Shipping Sends Order and Green Copy (Invoice) End Operational Auditing--Spring 2010

  20. Company XYZ Order-fulfillment process A Receives orders by fax or mail. Standard orders are scanned into system. Customer Representative A three-part packing slip is printed per order. Receives orders by phone. Customer Representative enters order data on-line. Pink copy sent to accounts receivable department. A Green copy sent with order. Packing slip approved by Manager. If not approved, returned to Customer Representative for correction Packing slip Yellow and green copy go to shipping department. Shipping pulls and packs orders. Yellow copy filed in shipping department. Operational Auditing--Spring 2010

  21. Mapping Risk to Processes • Identify risks • Link risks to the processes • Evaluate risks in terms of likelihood and impact (exposure) • Determine risk responses • Avoidance, reduction, sharing, acceptance Operational Auditing--Spring 2010

  22. Managing the Internal Audit Activity • Effective management • Establish a risk-based plan • Communicate the plan • Ensure adequate resources • Coordinate services • Report on a regular basis • Monitor implementation of recommendations Operational Auditing--Spring 2010

  23. Reporting Structure • Solid to Audit Committee • Dotted line to functional and committed executive Operational Auditing--Spring 2010

  24. Planning Activities • Operating plan and financial plan (budget) • Establish goals and objectives • Determine overall resources Operational Auditing--Spring 2010

  25. Resource Management • Staffing approaches • Flat versus hierarchical • Futures’ files • Commitment to training • Pathways for career development • Co-sourcing and outsourcing Operational Auditing--Spring 2010

  26. Working with External Auditors • Coordinated coverage • Cross access to workpapers • Exchange of reports • Expansion of expertise • Facilitation of relationship w/senior mgt. Operational Auditing--Spring 2010

  27. Dealing with the External Auditors • Different objectives • Different accountability • Different qualifications • Different activities Operational Auditing--Spring 2010

  28. Cooperation • Economy • Efficiency • Effectiveness • Advantages for the external auditor • Increases external auditor client insight • Improves client relations • Rotates emphasis • Advantages for the internal auditor • Improves training • Source of additional work • Increases professional knowledge • Independent appraisal source • Compliance with SAS 65 and SAS 99 Operational Auditing--Spring 2010

  29. Ops. Audit & Governance • Process of overseeing the achievement of objectives • Some elements of good governance • Assessing the control environment • Serving as an ethics advocate Operational Auditing--Spring 2010

  30. Control Objectives • Staying under control as evidenced by • Safeguarding of assets • Compliance with laws and regulations • Organizational goal & obj. achievement • Reliability & integrity of information • Economical & efficient use of assets • Expansion of material on 9-19 —20 Operational Auditing--Spring 2010

  31. Control Environment • Integrity and ethical values • Management philosophy and operating style • Organizational structure • Assignment of authority and responsibility • H/R policies and practices • Sustained competency of personnel Operational Auditing--Spring 2010

  32. Other Management Issues • Performance metrics • Control self assessment • We will cover these in the next class Operational Auditing--Spring 2010

More Related