1 / 32

Operational Auditing

Operational Auditing. Spring 2014 Professor Bill O’Brien. Managing the Internal Audit Activity. Effective management Establish a risk-based plan Communicate the plan Ensure adequate resources Coordinate services Report on a regular basis Monitor implementation of recommendations.

claire
Download Presentation

Operational Auditing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operational Auditing Spring 2014 Professor Bill O’Brien Operational Auditing--Spring 2014

  2. Managing the Internal Audit Activity • Effective management • Establish a risk-based plan • Communicate the plan • Ensure adequate resources • Coordinate services • Report on a regular basis • Monitor implementation of recommendations Operational Auditing--Spring 2014

  3. Reporting Structure • Solid to Audit Committee • Dotted line to functional and committed executive Operational Auditing--Spring 2014

  4. Planning Activities • Operating plan and financial plan (budget) • Establish goals and objectives • Determine overall resources Operational Auditing--Spring 2014

  5. Resource Management • Staffing approaches • Flat versus hierarchical • Futures’ files • Commitment to training • Pathways for career development • Co-sourcing and outsourcing Operational Auditing--Spring 2014

  6. Working with External Auditors • Coordinated coverage • Cross access to workpapers • Exchange of reports • Expansion of expertise • Facilitation of relationship w/senior mgt. Operational Auditing--Spring 2014

  7. Dealing with the External Auditors • Different objectives • Different accountability • Different qualifications • Different activities Operational Auditing--Spring 2014

  8. Cooperation • Economy • Efficiency • Effectiveness • Advantages for the external auditor • Increases external auditor client insight • Improves client relations • Rotates emphasis • Advantages for the internal auditor • Improves training • Source of additional work • Increases professional knowledge • Independent appraisal source • Compliance with SAS 65 and SAS 99 Operational Auditing--Spring 2014

  9. Hints for Starting or Taking Over a Dept. • Report to the Audit Committee or the highest level possible • Avoids conflict of interest • Have an administrative manager as well • Establish an agreed upon review approach • For example, operations v. compliance • Prepare a set of achievable objectives • Commit to IIA standards • Establish a team approach with BPOs • Invest in continuing education Operational Auditing--Spring 2014

  10. Corporate Governance • Strategic direction • Governance oversight • Enterprise risk management • Assurance that processes are working Operational Auditing--Spring 2014

  11. Ops. Audit & Governance • Process of overseeing the achievement of objectives • Some elements of good governance • Assessing the control environment • Serving as an ethics advocate Operational Auditing--Spring 2014

  12. Control Objectives • Staying under control as evidenced by • Safeguarding of assets • Compliance with laws and regulations • Organizational goal & obj. achievement • Reliability & integrity of information • Economical & efficient use of assets • Expansion of material on 9-19 —20 Operational Auditing--Spring 2014

  13. Control Environment • Integrity and ethical values • Management philosophy and operating style • Organizational structure • Assignment of authority and responsibility • H/R policies and practices • Sustained competency of personnel Operational Auditing--Spring 2014

  14. Other Management Issues • Performance metrics • Control self assessment • We will cover these in the next class Operational Auditing--Spring 2014

  15. COSO • Committee of Sponsoring Organizations • AICPA, IIA, IMA, FEI, AAA • Treadway Commission • 1992 I/C; 2004 ERM • Control Objectives • Compliance with laws and regulations • Reliability of financial reporting • Effectiveness & efficiency of operations Operational Auditing--Spring 2014

  16. Frameworks • Internal control • IC-Integrated Framework (COSO) • Guidance on Controls (CoCo) • Internal Control Guidance (Turnbull) • Enterprise risk management • Australian/New Zealand Std. Risk Mgt. • ERM-Integrated Framework (COSO) Operational Auditing--Spring 2014

  17. -Control Environment-Risk Assessment Processes-Operational Control Activities-Information Flow Systems-Monitoring Activities -Internal Environment-Objective Setting -Event Identification-Risk Assessment-Risk Response-Control Activities-Information & Communication-Monitoring COSO APPROACH TO CONTROL ACHIEVEMENT COSO-ERMCOMPONENTS Integrating COSO-ERM with COSO-I/C The COSO-ERM Model incorporates rather than replaces the COSO-I/C Model. Operational Auditing--Spring 2014

  18. Components of I/C • Control environment • Risk assessment • Control activities • Information and communication • Monitoring Operational Auditing--Spring 2014

  19. Threats to Control • Management override • Open access to assets • Form over substance approach • Conflict of interest Operational Auditing--Spring 2014

  20. Balancing Risk and Control • Too much risk • Loss of assets • Poor decision making • Potential non-compliance • Potential for fraud • Too much control • Increased bureaucracy • Excess costs • Excess cycle-time • Increase in non-value added effort Operational Auditing--Spring 2014

  21. Control Activities • Segregation of duties • Performance reviews • Approvals • IT access • Documentation • Physical access • IT applications • Independent verifications & reconciliations Operational Auditing--Spring 2014

  22. IIA and Control • IIA control objectives: S-C-O-R-E • Safeguarding of assets • Compliance with laws and regulations • Objective and goal achievement • Reliability & integrity of information • Economical & efficient use of assets Operational Auditing--Spring 2014

  23. Risk Management • Strategy formulation • Range of activities • Risk = barriers to objective achievement Operational Auditing--Spring 2014

  24. COSO and ERM • COSO 2 cube • ERM defined: • “A process, effected by an entity’s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” Operational Auditing--Spring 2014

  25. Remember this Key Point • Risk is BOTH positive and negative Operational Auditing--Spring 2014

  26. COSO ERM Objectives: S-C-O-R • Strategic • Compliance • Operations • Reporting Operational Auditing--Spring 2014

  27. COSO-ERM Components • Internal Environment • Objective Setting • Event Identification • Risk Assessment • Risk Response • Control Activities • Information and Communication • Monitoring Operational Auditing--Spring 2014

  28. ERM and Ops. Audit • Provide assurance on risk mgt. • Provide assurance of risk evaluation • Evaluate risk mgt. processes • Evaluate risk reporting • Review the mgt. of key risks. • See Exhibit 4-4 Operational Auditing--Spring 2014

  29. IIA ERM Advisory • Audit plan should be based on risk assessment • Audit plan may include the strategic planning process • Audit plan should be updated for significant changes • Audit plan should be prioritized based on risk likelihood and exposure • Audit reporting should convey risk related conclusions Operational Auditing--Spring 2014

  30. O’Brien’s Suggestions Ops audit should be involved in active conceptual support. Ops audit should be an implementation driver. Ops audit should provide on-going assessment of the process. Ops audit should add insight to ERM and vice-versa. Ops audit should assume the role of process coordinator. Operational Auditing--Spring 2014

  31. Where Do We Go from Here? • Increased demand • Increased respect • Increased contribution • Increased advancement opportunities… • IT’S A GREAT TIME TO BE FOCUSED ON OPERATIONAL AUDIT OPPORTUNITIES!!! Operational Auditing--Spring 2014

  32. Systematic Approach • Planning: • Selecting the BPO • Pre-site planning • Evaluating: • Conducting the preliminary survey • Review internal controls • Expanding tests as necessary • Generating findings • Communicating: • Reporting the results • Conducting follow-up • Assessing the process • Note Exh. 2-6 and Exh. 13-4 Operational Auditing--Spring 2014

More Related