The document outlines the key objectives and phases of an operational audit:
1. The objectives are to determine whose needs the audit is addressing, such as new rules, poor performance, or compliance issues.
2. The phases include planning, fieldwork, and reporting. Planning involves scoping and risk assessment. Fieldwork is when testing is performed through interviews, documentation, and evidence collection. Reporting communicates findings and recommendations.
3. Follow-up verifies that corrective actions addressed issues and problems identified in the audit reports. Metrics are used to assess performance against objectives. People, processes, and technology drive organizational goals and mission.
The document outlines the key objectives and phases of an operational audit:
1. The objectives are to determine whose needs the audit is addressing, such as new rules, poor performance, or compliance issues.
2. The phases include planning, fieldwork, and reporting. Planning involves scoping and risk assessment. Fieldwork is when testing is performed through interviews, documentation, and evidence collection. Reporting communicates findings and recommendations.
3. Follow-up verifies that corrective actions addressed issues and problems identified in the audit reports. Metrics are used to assess performance against objectives. People, processes, and technology drive organizational goals and mission.
The document outlines the key objectives and phases of an operational audit:
1. The objectives are to determine whose needs the audit is addressing, such as new rules, poor performance, or compliance issues.
2. The phases include planning, fieldwork, and reporting. Planning involves scoping and risk assessment. Fieldwork is when testing is performed through interviews, documentation, and evidence collection. Reporting communicates findings and recommendations.
3. Follow-up verifies that corrective actions addressed issues and problems identified in the audit reports. Metrics are used to assess performance against objectives. People, processes, and technology drive organizational goals and mission.
The document outlines the key objectives and phases of an operational audit:
1. The objectives are to determine whose needs the audit is addressing, such as new rules, poor performance, or compliance issues.
2. The phases include planning, fieldwork, and reporting. Planning involves scoping and risk assessment. Fieldwork is when testing is performed through interviews, documentation, and evidence collection. Reporting communicates findings and recommendations.
3. Follow-up verifies that corrective actions addressed issues and problems identified in the audit reports. Metrics are used to assess performance against objectives. People, processes, and technology drive organizational goals and mission.
BULSU Professor Agenda • Key Objectives of Operational Audits • Phases of the Operational Audit • Risk Factors • Fieldwork • Types of Audit Evidence • Workpapers • Flowcharts • Internal Control Questionnaire • Reporting • Follow-Up • People, Processes, and Technology Key Objectives of Operational Audits Determine whose objectives the engagement is intending to address.
The internal auditors
should get management Internal audit should be involvement as much as careful not to define the possible to make sure that objectives unilaterally. the review will meet their needs. The objectives for the review could be driven by the following : New rules.
Poor performance.
Compliance issues.
Anomalous revenues or expenses.
Phases of the Operational Audit
PLANNING FIELDWORK REPORTING
• Includes scoping, budgeting, defining the population of interest, how testing will be performed, and announcing the audit. 1. Planning • “Failing to plan is planning to fail” • The starting point should be the performance of a risk assessment that allows the CAE(Chief Audit Executive) to prepare an audit plan based on the results of an analysis of the organization’s audit universe. • should be done collaboratively with senior management and the board of directors to get their input about plans, concerns, and priorities. • These include communicating with the corresponding process owner about the timing of the review, • requesting needed financial and operational reports and documents, Audit Plan • coordinating staff availability, • identifying the systems in use, and • defining the scope, objectives, work schedule, and budget for the engagement. ◾ What could go wrong? Questions ◾ How could that unit fail? ◾ Are there any liquid assets that require special care and oversight? need to ◾ What physical assets are bought and used? How do they need to be protected and used for maximum effectiveness? consider ◾ What intellectual or digital assets are used and constitute a key success factor? These might include personally identifiable
when information, copyrights, and licenses.
◾ How could someone or something disrupt the operations?
Planning the ◾ What are the objectives and how do we know if the unit is achieving them?
audit : ◾ Where are the people, processes, systems, or assets vulnerable?
◾ On what information do they rely the most? ◾ On what do they spend the most money? Questions ◾ How do they bill and collect revenue? need to ◾ What activities are most complex? ◾ What activities are regulated? consider ◾ What is their greatest legal exposure? when ◾ What decisions require the most judgment? ◾ How could someone steal from the unit? Planning the ◾ What systems are in use? audit : ◾ Who has access to these systems and what activities can they perform using it? • play an important role during planning, and in particular, during risk assessments.
Risk Factors • are conditions and other variables
that in their present, or absence, as the case may be, either exacerbate or diminish the underlying risk • This phase is when most of the testing is 2. FIELD performed, and it includes interviewing, documenting, applying testing WORK methodologies, managing fieldwork, and providing status updates. • Testimonial • Observation Types of • Document Inspection • Recalculation/Reperformance Audit • Professional Skepticism Evidence • Workpapers • Flowcharts • Testimonial evidence consists of verbal or written statements or assertions given by someone as proof regarding the matter being Testimonial discussed. Evidence • Auditors typically observe conditions and dynamics related to the subject of the review.
Observations • In general, auditors visually
evaluate physical facilities, conditions, and practices to verify they exist, their condition, valuation, and protection. • one of the most common procedures performed by auditors who examine documents to verify the date and amount of Document transactions, agreements made Inspection between various parties, evidence of authorizations and record of decisions made, among others • Mathematical recalculation is a form of audit evidence and it consists of checking the accuracy of documents or records. Recalculation • Auditors are tasked with verifying the integrity of the information gathered and make sure their conclusions are sound Professional Skepticism • are documents created by auditors to record the work done. • They are a collection of evidentiary material showing the planning Workpapers done, the fieldwork activities performed, and the support for all information mentioned in the audit report or other communication of results. • Another common type of workpaper is the process flowchart. • A flowchart is a diagram of the sequence of movements or actions of people or things involved in a process Flowcharts or activity. • They illustrate a business process and virtually any process can be drawn in the form of a flowchart. • The third phase of the audit is the communication of results, often referred to as reporting. 3. Reporting • It consists of communicating findings, observations, and best practices noted during the review, and developing recommendations for corrective action. Attributes of effective Audit Findings • After findings are reported, it is incumbent on both management and auditors to verify that the corrective actions are in fact applied and the problems fixed as expected. Follow-Up • It does not serve the interest of the organization and its stakeholders for internal audit findings to be ignored after they are published in audit reports • exist to assess the performance and provide a comparison between what should have been done and what was actually done Metrics • Organizations should establish goals that drive their direction, People, prioritize the allocation of resources, give employees a sense Processes, of mission, and help the and organization’s vision become a reality. Technology Questions & feedback