operational auditing n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Operational Auditing PowerPoint Presentation
Download Presentation
Operational Auditing

Loading in 2 Seconds...

play fullscreen
1 / 31

Operational Auditing - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

Operational Auditing. Fall 2009 Professor Bill O’Brien. Corporate Governance. Strategic direction Governance oversight Enterprise risk management Assurance that processes are working. Risk Management. Strategy formulation Range of activities Risk = barriers to objective achievement.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Operational Auditing' - rollo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
operational auditing

Operational Auditing

Fall 2009

Professor Bill O’Brien

Operational Auditing--Fall 2009

corporate governance
Corporate Governance
  • Strategic direction
  • Governance oversight
    • Enterprise risk management
    • Assurance that processes are working

Operational Auditing--Fall 2009

risk management
Risk Management
  • Strategy formulation
  • Range of activities
  • Risk = barriers to objective achievement

Operational Auditing--Fall 2009

coso and erm
COSO and ERM
  • COSO 2 cube
  • ERM defined:
    • “A process, effected by an entity’s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives”

Operational Auditing--Fall 2009

remember this key point
Remember this Key Point
  • Risk is BOTH positive and negative

Operational Auditing--Fall 2009

coso erm objectives s c o r
COSO ERM Objectives: S-C-O-R
  • Strategic
  • Compliance
  • Operations
  • Reporting

Operational Auditing--Fall 2009

integrating coso erm with coso i c

-Control Environment-Risk Assessment Processes-Operational Control Activities-Information Flow Systems-Monitoring Activities

-Internal Environment-Objective Setting -Event Identification-Risk Assessment-Risk Response-Control Activities-Information & Communication-Monitoring

COSO APPROACH TO CONTROL ACHIEVEMENT

COSO-ERMCOMPONENTS

Integrating COSO-ERM with COSO-I/C

The COSO-ERM Model incorporates rather than replaces the COSO-I/C Model.

Operational Auditing--Fall 2009

coso erm components
COSO-ERM Components
  • Internal Environment
  • Objective Setting
  • Event Identification
  • Risk Assessment
  • Risk Response
  • Control Activities
  • Information and Communication
  • Monitoring

Operational Auditing--Fall 2009

erm and ops audit
ERM and Ops. Audit
  • Provide assurance on risk mgt.
  • Provide assurance of risk evaluation
  • Evaluate risk mgt. processes
  • Evaluate risk reporting
  • Review the mgt. of key risks.
  • See Exhibit 3-7

Operational Auditing--Fall 2009

iia erm advisory
IIA ERM Advisory
  • Audit plan should be based on risk assessment
  • Audit plan may include the strategic planning process
  • Audit plan should be updated for significant changes
  • Audit plan should be prioritized based on risk likelihood and exposure
  • Audit reporting should convey risk related conclusions

Operational Auditing--Fall 2009

o brien s suggestions
O’Brien’s Suggestions

Finance should be involved in active conceptual support.

Finance should be an implementation driver.

Finance should provide on-going assessment of the process.

Finance should add insight to ERM and vice-versa.

Finance should assume the role of process coordinator.

Operational Auditing--Fall 2009

where do we go from here
Where Do We Go from Here?
  • Increased demand
  • Increased respect
  • Increased contribution
  • Increased advancement opportunities…
  • IT’S A GREAT TIME TO BE FOCUSED ON OPERATIONAL AUDIT OPPORTUNITIES!!!

Operational Auditing--Fall 2009

business processes
Business Processes
  • Basic entity for I/A services
  • Understanding business processes is key
    • Consider the “O’Brien Seven” (similar to p.4-6)
      • Mission statement
      • Objectives
      • Resources
      • Restrictions
      • Processes and related risks
      • Organization chart
      • Key management bios

Operational Auditing--Fall 2009

process documentation
Process Documentation
  • Flow charts
  • Storyboarding
  • Identifying business risks
    • What gets in the way of objective achievement

Operational Auditing--Fall 2009

flowcharting
Flowcharting

Begin or End

File

Activity

Decide

Document

Operational Auditing--Fall 2009

what is storyboard flowcharting
What Is Storyboard Flowcharting?
  • New method for documenting a process.
  • Clean and simple flowcharting method.
  • Allows for clients and auditors to clearly understand process under review.
  • Simple technique that requires a good graphics package and a little imagination.
  • Can use Microsoft PowerPoint, Harvard Graphics, Corel Draw, etc.
  • Does not replace IS flowcharting.

Operational Auditing--Fall 2009

the basics of storyboard
The Basics of Storyboard
  • Meet with client and document process.
  • Use your imagination to choose/draw picture.
  • Under picture write narrative for each step represented.
  • Be creative - good control narrative in green; poor controls in red.
  • Completed storyboard must be reviewed with client.
  • Make any changes necessary.
  • Final copy should be in color for most effective presentation.
  • Different process may require different approach.

Operational Auditing--Fall 2009

how to storyboard

A

  • Print out story board -
  • black and white draft and
  • color for final.
  • Review storyboard
  • with client and obtain
  • sign off.
How to Storyboard

A

  • Meet with client and document process.
  • From client interview
  • create storyboard.

Operational Auditing--Fall 2009

slide19

Start

Company XYZ

Order-fulfillment process

Customer

Service

Rep Receives

Order

Customer Service

Rep Researches

And Corrects

Information

NO

Approved

By Manager?

By Phone?

Customer

Service Rep.

Key Enters

Data on-Line

Print

Three-Part

Shipper

YES

YES

NO

Yellow and Green

To Shipping

Department

On Standard

Order Form?

By Mail

or Fax?

Pink to Accounts

Receivable

Department

Scan Form Into

System

YES

YES

NO

Shipping Pulls

And

Packs Orders

Send to Special

Order

Department

ShippingFiles

Yellow

Shipping Sends

Order and Green

Copy (Invoice)

End

Operational Auditing--Fall 2009

slide20

Company XYZ

Order-fulfillment process

A

Receives orders by fax

or mail.

Standard orders are

scanned into system.

Customer

Representative

A three-part packing

slip is printed per order.

Receives orders by

phone.

Customer Representative

enters order data on-line.

Pink copy sent to

accounts receivable

department.

A

Green copy sent

with order.

Packing slip approved

by Manager.

If not approved, returned

to Customer Representative

for correction

Packing slip

Yellow and green copy go to shipping department.

Shipping pulls and

packs orders.

Yellow copy filed in

shipping department.

Operational Auditing--Fall 2009

mapping risk to processes
Mapping Risk to Processes
  • Identify risks
  • Link risks to the processes
  • Evaluate risks in terms of likelihood and impact (exposure)
  • Determine risk responses
    • Avoidance, reduction, sharing, acceptance

Operational Auditing--Fall 2009

managing the internal audit activity
Managing the Internal Audit Activity
  • Effective management
  • Establish a risk-based plan
  • Communicate the plan
  • Ensure adequate resources
  • Coordinate services
  • Report on a regular basis
  • Monitor implementation of recommendations

Operational Auditing--Fall 2009

reporting structure
Reporting Structure
  • Solid to Audit Committee
  • Dotted line to functional and committed executive

Operational Auditing--Fall 2009

planning activities
Planning Activities
  • Operating plan and financial plan (budget)
  • Establish goals and objectives
  • Determine overall resources

Operational Auditing--Fall 2009

process owner bpo selection
Process Owner (BPO) Selection
  • Dates and results of last engagement
  • Updated risk assessment
  • Senior management requests
  • Current governance issues
  • Major operational changes
  • Operating benefit opportunities
  • Audit staff capabilities

Operational Auditing--Fall 2009

resource management
Resource Management
  • Staffing approaches
    • Flat versus hierarchical
    • Futures’ files
  • Commitment to training
  • Pathways for career development
  • Co-sourcing and outsourcing

Operational Auditing--Fall 2009

working with external auditors
Working with External Auditors
  • Coordinated coverage
  • Cross access to workpapers
  • Exchange of reports
  • Expansion of expertise
  • Facilitation of relationship w/senior mgt.

Operational Auditing--Fall 2009

ops audit governance
Ops. Audit & Governance
  • Process of overseeing the achievement of objectives
  • Some elements of good governance
    • Assessing the control environment
    • Serving as an ethics advocate

Operational Auditing--Fall 2009

control objectives
Control Objectives
  • Staying under control as evidenced by
    • Safeguarding of assets
    • Compliance with laws and regulations
    • Organizational goal & obj. achievement
    • Reliability & integrity of information
    • Economical & efficient use of assets
  • Expansion of material on 8-22 — 8-23

Operational Auditing--Fall 2009

control environment
Control Environment
  • Integrity and ethical values
  • Management philosophy and operating style
  • Organizational structure
  • Assignment of authority and responsibility
  • H/R policies and practices
  • Sustained competency of personnel

Operational Auditing--Fall 2009

other management issues
Other Management Issues
  • Performance metrics
  • Control self assessment
  • We will cover these in the next class

Operational Auditing--Fall 2009