1 / 31

Operational Auditing

Operational Auditing. Fall 2009 Professor Bill O’Brien. Corporate Governance. Strategic direction Governance oversight Enterprise risk management Assurance that processes are working. Risk Management. Strategy formulation Range of activities Risk = barriers to objective achievement.

rollo
Download Presentation

Operational Auditing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operational Auditing Fall 2009 Professor Bill O’Brien Operational Auditing--Fall 2009

  2. Corporate Governance • Strategic direction • Governance oversight • Enterprise risk management • Assurance that processes are working Operational Auditing--Fall 2009

  3. Risk Management • Strategy formulation • Range of activities • Risk = barriers to objective achievement Operational Auditing--Fall 2009

  4. COSO and ERM • COSO 2 cube • ERM defined: • “A process, effected by an entity’s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” Operational Auditing--Fall 2009

  5. Remember this Key Point • Risk is BOTH positive and negative Operational Auditing--Fall 2009

  6. COSO ERM Objectives: S-C-O-R • Strategic • Compliance • Operations • Reporting Operational Auditing--Fall 2009

  7. -Control Environment-Risk Assessment Processes-Operational Control Activities-Information Flow Systems-Monitoring Activities -Internal Environment-Objective Setting -Event Identification-Risk Assessment-Risk Response-Control Activities-Information & Communication-Monitoring COSO APPROACH TO CONTROL ACHIEVEMENT COSO-ERMCOMPONENTS Integrating COSO-ERM with COSO-I/C The COSO-ERM Model incorporates rather than replaces the COSO-I/C Model. Operational Auditing--Fall 2009

  8. COSO-ERM Components • Internal Environment • Objective Setting • Event Identification • Risk Assessment • Risk Response • Control Activities • Information and Communication • Monitoring Operational Auditing--Fall 2009

  9. ERM and Ops. Audit • Provide assurance on risk mgt. • Provide assurance of risk evaluation • Evaluate risk mgt. processes • Evaluate risk reporting • Review the mgt. of key risks. • See Exhibit 3-7 Operational Auditing--Fall 2009

  10. IIA ERM Advisory • Audit plan should be based on risk assessment • Audit plan may include the strategic planning process • Audit plan should be updated for significant changes • Audit plan should be prioritized based on risk likelihood and exposure • Audit reporting should convey risk related conclusions Operational Auditing--Fall 2009

  11. O’Brien’s Suggestions Finance should be involved in active conceptual support. Finance should be an implementation driver. Finance should provide on-going assessment of the process. Finance should add insight to ERM and vice-versa. Finance should assume the role of process coordinator. Operational Auditing--Fall 2009

  12. Where Do We Go from Here? • Increased demand • Increased respect • Increased contribution • Increased advancement opportunities… • IT’S A GREAT TIME TO BE FOCUSED ON OPERATIONAL AUDIT OPPORTUNITIES!!! Operational Auditing--Fall 2009

  13. Business Processes • Basic entity for I/A services • Understanding business processes is key • Consider the “O’Brien Seven” (similar to p.4-6) • Mission statement • Objectives • Resources • Restrictions • Processes and related risks • Organization chart • Key management bios Operational Auditing--Fall 2009

  14. Process Documentation • Flow charts • Storyboarding • Identifying business risks • What gets in the way of objective achievement Operational Auditing--Fall 2009

  15. Flowcharting Begin or End File Activity Decide Document Operational Auditing--Fall 2009

  16. What Is Storyboard Flowcharting? • New method for documenting a process. • Clean and simple flowcharting method. • Allows for clients and auditors to clearly understand process under review. • Simple technique that requires a good graphics package and a little imagination. • Can use Microsoft PowerPoint, Harvard Graphics, Corel Draw, etc. • Does not replace IS flowcharting. Operational Auditing--Fall 2009

  17. The Basics of Storyboard • Meet with client and document process. • Use your imagination to choose/draw picture. • Under picture write narrative for each step represented. • Be creative - good control narrative in green; poor controls in red. • Completed storyboard must be reviewed with client. • Make any changes necessary. • Final copy should be in color for most effective presentation. • Different process may require different approach. Operational Auditing--Fall 2009

  18. A • Print out story board - • black and white draft and • color for final. • Review storyboard • with client and obtain • sign off. How to Storyboard A • Meet with client and document process. • From client interview • create storyboard. Operational Auditing--Fall 2009

  19. Start Company XYZ Order-fulfillment process Customer Service Rep Receives Order Customer Service Rep Researches And Corrects Information NO Approved By Manager? By Phone? Customer Service Rep. Key Enters Data on-Line Print Three-Part Shipper YES YES NO Yellow and Green To Shipping Department On Standard Order Form? By Mail or Fax? Pink to Accounts Receivable Department Scan Form Into System YES YES NO Shipping Pulls And Packs Orders Send to Special Order Department ShippingFiles Yellow Shipping Sends Order and Green Copy (Invoice) End Operational Auditing--Fall 2009

  20. Company XYZ Order-fulfillment process A Receives orders by fax or mail. Standard orders are scanned into system. Customer Representative A three-part packing slip is printed per order. Receives orders by phone. Customer Representative enters order data on-line. Pink copy sent to accounts receivable department. A Green copy sent with order. Packing slip approved by Manager. If not approved, returned to Customer Representative for correction Packing slip Yellow and green copy go to shipping department. Shipping pulls and packs orders. Yellow copy filed in shipping department. Operational Auditing--Fall 2009

  21. Mapping Risk to Processes • Identify risks • Link risks to the processes • Evaluate risks in terms of likelihood and impact (exposure) • Determine risk responses • Avoidance, reduction, sharing, acceptance Operational Auditing--Fall 2009

  22. Managing the Internal Audit Activity • Effective management • Establish a risk-based plan • Communicate the plan • Ensure adequate resources • Coordinate services • Report on a regular basis • Monitor implementation of recommendations Operational Auditing--Fall 2009

  23. Reporting Structure • Solid to Audit Committee • Dotted line to functional and committed executive Operational Auditing--Fall 2009

  24. Planning Activities • Operating plan and financial plan (budget) • Establish goals and objectives • Determine overall resources Operational Auditing--Fall 2009

  25. Process Owner (BPO) Selection • Dates and results of last engagement • Updated risk assessment • Senior management requests • Current governance issues • Major operational changes • Operating benefit opportunities • Audit staff capabilities Operational Auditing--Fall 2009

  26. Resource Management • Staffing approaches • Flat versus hierarchical • Futures’ files • Commitment to training • Pathways for career development • Co-sourcing and outsourcing Operational Auditing--Fall 2009

  27. Working with External Auditors • Coordinated coverage • Cross access to workpapers • Exchange of reports • Expansion of expertise • Facilitation of relationship w/senior mgt. Operational Auditing--Fall 2009

  28. Ops. Audit & Governance • Process of overseeing the achievement of objectives • Some elements of good governance • Assessing the control environment • Serving as an ethics advocate Operational Auditing--Fall 2009

  29. Control Objectives • Staying under control as evidenced by • Safeguarding of assets • Compliance with laws and regulations • Organizational goal & obj. achievement • Reliability & integrity of information • Economical & efficient use of assets • Expansion of material on 8-22 — 8-23 Operational Auditing--Fall 2009

  30. Control Environment • Integrity and ethical values • Management philosophy and operating style • Organizational structure • Assignment of authority and responsibility • H/R policies and practices • Sustained competency of personnel Operational Auditing--Fall 2009

  31. Other Management Issues • Performance metrics • Control self assessment • We will cover these in the next class Operational Auditing--Fall 2009

More Related