ST.

ANTHONY’S COLLEGE
San Jose, Antique

BUSINES EDUCATION DEPARTMENT

APC 402 – Operations Auditing

Operations Auditing

a. Definition and Characteristics of Operations Audit

Operations auditing is an independent, objective assurance and consulting activity designed to

add value and improve an organization’s operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.

The definition contains some key language that is important to note:

1. Independence
2. Objectivity
3. Assurance
4. Consulting
5. Designed to add value.
6. Improve an organization’s operations.
7. Help an organization accomplish objectives.
8. By bringing a systematic, disciplined approach.
9. To evaluate and improve the effectiveness.

b. Key Objectives of Operations Audit

Defining the objectives of any engagement is essential as an initial step to put it on the right
footing for success.

The objectives for the review could be driven by:

1. New Rules
2. Poor Performance
3. Compliance Issues
4. Anomalous revenues or expenses

Approaches to Operations Auditing

a. Process-based Approach

Understanding and managing interrelated processes as a system contributes to the

organization’s effectiveness and efficiency in achieving its intended results. This approach
enables the organization to control the interrelationships and interdependencies among the
process of the system, so that the overall performance of the organization ca be enhanced.

The process approach involves the systematic definition and management of processes, and
their interactions, so as to achieve the intended results in the quality policy and strategic
direction of the organization.

i. Plan-Do-Check-Act Cycle

The Plan-do-check-act cycle (PDCA Cycle) is a four-step model for carrying out change.
Just as a circle has no end, the PDCA cycle should be repeated again and again
for continuous improvement.
Prepared by: ASCM
 ST. ANTHONY’S COLLEGE
San Jose, Antique

BUSINES EDUCATION DEPARTMENT

APC 402 – Operations Auditing

The Plan-do-check-act Procedure:

1. Plan

Establish the objectives and processes necessary to deliver results in accordance

with the expected output. By making the expected output the focus, the completeness
and accuracy of the specification is also part of the improvement.

2. Do

Implement the new processes.

3. Check

Measure the new processes and compare the results against the expected results to
ascertain any differences.

4. Act

Analyze the differences to determine their cause. Each will be part of either one or
more of the PDCA steps. Determine where to apply changes that will include
improvement. When a pass through these four steps does not result in the need to
improve, refine the scope to which PDCA is applied until there is a plan that involves
improvement.

b. Risk-based Approach

IIA defines risk based internal auditing (RBIA) as a methodology that links internal auditing
to an organization’s overall risk management framework. RBIA allows internal audit to
provide assurance to the board that risk management processes are managing risks effectively,
in relation to the risk appetite.

By following RBIA internal audit should be able to conclude that:

1. Management has identified, assessed, and responded to risks above and below the risk
appetite.
2. The responses to risks are effective but not excessive in managing inherent risks within
the risk appetite.
3. Where residual risks are not in line with the risk appetite, action is being taken to
remedy that Risk management processes, including the effectiveness of responses and
the completion of actions, are being monitored by management to ensure they continue
to operate effectively Risks, responses and actions are being properly classified and
reported.

This enables internal audit to provide the board with assurance that it needs on three areas:
1. Risk management processes, both their design and how well they are working.
2. Management of those risks classified as 'key', including the effectiveness of the
controls and other responses to them.
3. Complete, accurate and appropriate reporting and classification of risks
Prepared by: ASCM
 ST. ANTHONY’S COLLEGE
San Jose, Antique

BUSINES EDUCATION DEPARTMENT

APC 402 – Operations Auditing

Implementation of RBIA

The implementation and ongoing operation of RBIA has three stages and we have produced
detailed guidance on each of them:

Stage 1: Assessing risk maturity.

Obtaining an overview of the extent to which the board and management determine, assess,
manage and monitor risks. This provides an indication of the reliability of the risk register for
audit planning purposes.

Stage 2: Periodic audit planning.

Identifying the assurance and consulting assignments for a specific period, usually annual, by
identifying and prioritizing all those areas on which the board requires objective assurance,
including the risk management processes, the management of key risks, and the recording and
reporting of risks.

Stage 3: Individual audit assignments.

Carrying out individual risk based assignments to provide assurance on part of the risk
management framework, including on the mitigation of individual or groups of risk.

c. Value for Money Auditing

Value for money audit is an independent examination of an audit to assess whether the use of
funds or resources is at the economy, efficiency, and effectiveness. Auditors will assess the use
of resources and funds against the intended objective, purpose, vision, and mission of projects,
entities, or organizations.

This kind of audit service normally engages by a non-profit organization and public sectors. It
is normally not engaged by the corporation. However, some corporations require this kind of
assessment because shareholders or owners want to assess agents (Managers or Directors of
the Company) regarding the usages of their money.

In general, this kind of audit engagement, auditors will assess the entity’s achievement on the
economy, efficiency, and effectiveness.

Objectives:

1. Economic

The auditor will perform an audit assessment to assess whether the entity or organization use
the available resources or fund to acquire material, labor, or other resources for the projects in
the economic principle or not.

Prepared by: ASCM

 ST. ANTHONY’S COLLEGE
San Jose, Antique

BUSINES EDUCATION DEPARTMENT

APC 402 – Operations Auditing

2. Effectiveness

Effectiveness review, on the other hand, is focusing on the effectiveness of getting the desired
output at the minimum resources.

3. Efficiency

Efficiency is the whole projects review and it is normally taking place at the end of the projects
period. The auditor will identify what is the objective of projects that they are reviewing, fund
or resources, and output.

d. Benchmarking

Benchmarking can be defined simply as a comparison of one’s own performance in a specific

area with that applied by others in compatible circumstances. As a technique it is founded on
the premise that there may be viable alternative ways of performing a process and fulfilling a
requirement.

For a benchmarking exercise to be meaningful, it is necessary to understand fully the existing

processes, systems and activities as a firm basis for subsequent comparison with external points
of reference (such as industry or professional standards).

This process of realization often incorporates the establishment of critical success factors for
an operation (or part thereof).

The principal objectives of benchmarking are likely to include:

1. maintaining a competitive advantage in the appropriate market;

2. establishing current methods, best practice and related trends;
3. ensuring the future survival of the organization;
4. maintaining an awareness of customer expectations (and being able to address them);
5. ensuring that the organization has the appropriate approach to quality issues.

The focus of a benchmarking exercise can be varied in relation to the fundamental justification
and objectives of the process.

Internal audit departments can often benefit from participating in benchmark comparisons with
other audit functions; such involvement can contribute to their understanding of:

1. the internal auditing trends and practices as applied by the companies surveyed;
2. the implications and potential of the findings for the participant’s own organization;
3. the validity of the participant’s own stance on internal auditing in relation to that
apparent from the survey data.

Involvement in such exercises will enable participants to take a view of the need for change or
review of their own organization’s approach to internal auditing in light of the survey data.

Prepared by: ASCM