1 / 22

Operational Auditing

Operational Auditing. Spring 2010 Professor Bill O’Brien. Frameworks. Internal control IC-Integrated Framework (COSO) Guidance on Controls (CoCo) Internal Control Guidance (Turnbull) Enterprise risk management Australian/New Zealand Std. Risk Mgt. ERM-Integrated Framework (COSO). COSO.

tuyen
Download Presentation

Operational Auditing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operational Auditing Spring 2010 Professor Bill O’Brien Operational Auditing--Spring 2010

  2. Frameworks • Internal control • IC-Integrated Framework (COSO) • Guidance on Controls (CoCo) • Internal Control Guidance (Turnbull) • Enterprise risk management • Australian/New Zealand Std. Risk Mgt. • ERM-Integrated Framework (COSO) Operational Auditing--Spring 2010

  3. COSO • Committee of Sponsoring Organizations • AICPA, IIA, IMA, FEI, AAA • Treadway Commission • 1992 I/C; 2004 ERM • Control Objectives • Compliance with laws and regulations • Reliability of financial reporting • Effectiveness & efficiency of operations Operational Auditing--Spring 2010

  4. Components of I/C • Control environment • Risk assessment • Control activities • Information and communication • Monitoring Operational Auditing--Spring 2010

  5. Threats to Control • Management override • Open access to assets • Form over substance approach • Conflict of interest Operational Auditing--Spring 2010

  6. Balancing Risk and Control • Too much risk • Loss of assets • Poor decision making • Potential non-compliance • Potential for fraud • Too much control • Increased bureaucracy • Excess costs • Excess cycle-time • Increase in non-value added effort Operational Auditing--Spring 2010

  7. Control Activities • Segregation of duties • Performance reviews • Approvals • IT access • Documentation • Physical access • IT applications • Independent verifications & reconciliations Operational Auditing--Spring 2010

  8. IIA and Control • IIA control objectives: S-C-O-R-E • Safeguarding of assets • Compliance with laws and regulations • Objective and goal achievement • Reliability & integrity of information • Economical & efficient use of assets Operational Auditing--Spring 2010

  9. Control Self Assessment (CSA) • Methodology • Review and Identification • Key business objectives • Related risks • Mitigating controls Operational Auditing--Spring 2010

  10. CSA-History • Introduced by Gulf Canada in 1987 • Gulf used facilitated meetings Operational Auditing--Spring 2010

  11. Facilitated Meetings • Management and staff participate through interviews and polling • Objectives • Risks • Processes • Soft and/or informal controls Operational Auditing--Spring 2010

  12. General Methodology • Shared process • Assessment of internal controls • Evaluation of risks • Development of action plans • Assess the likelihood of achieving objectives • SJSU simulation Operational Auditing--Spring 2010

  13. General Approaches • Facilitated meetings--group workshops • Questionnaires--yes/no answers • Management analysis--self studies Operational Auditing--Spring 2010

  14. Uses • Self analysis for risk* • Selection of audit areas* • Internal control review* • Special projects • Soft control analysis * alternatives to the traditional approach to the I/A process Operational Auditing--Spring 2010

  15. Benefits • Increases I/A scope • Target review of high risk areas • Increases the effectiveness of corrective action • Builds team-oriented relationships Operational Auditing--Spring 2010

  16. Engagement Process • Planning: • Selecting the BPO • Pre-site planning • Performing: • Conducting the preliminary survey • Review internal controls • Expanding tests as necessary • Generating findings • Communicating: • Reporting the results • Conducting follow-up • Assessing the process Operational Auditing--Spring 2010

  17. Audit Evidence • Healthy skepticism • Attributes • Relevant: consistent with objectives • Reliable: credible • Sufficient: convincing Operational Auditing--Spring 2010

  18. Generalized Audit Software (GAS) • Two most popular applications • ACL (ACL) • IDEA (CaseWare) • Typical uses • File examination • Recalculations • Sample selection • File comparison • Reformatting • Pivot tables • Benford’s Law analysis • Reporting • Data analysis log Operational Auditing--Spring 2010

  19. GAS, continued • Benefits • Minimizes customization • Independent of company IT • Efficient • Facilitates 100% testing • Frees BPP for analytical work • Obstacles • Data access • Physical access • Format knowledge • Downloading issues to BPP’s computer • Importing data in usable format Operational Auditing--Spring 2010

  20. Workpaper Usage • Planning and execution • Supervision and review • Objective tracking • Conclusion support • Supports quality assurance • Professional development • IIA standards’ compliance Operational Auditing--Spring 2010

  21. Workpaper Guidelines • Cross-referencing system • Consistent layouts • Standardized symbols or “tick marks” • Standardization for permanent files • Unique indexing • Description of purpose • Initialed by preparer and reviewer • Source of information indicated • Clear explanations of symbols • Legibly written and easy to understand • Must stand alone • Must relate to the engagement objectives Operational Auditing--Spring 2010

  22. Sample Work Paper Ref. Heading Purpose: Conclusions T/M Legend: Review Source Operational Auditing--Spring 2010

More Related