Scribd
Upload
52 views4 pages

Module 1 Reviewer

This document provides an overview of operational auditing, including: 1) The purpose of internal auditing and operational audits in helping organizations accomplish objectives. 2) The key phases of operational audits - planning, fieldwork, and reporting. Planning involves risk assessment and determining audit objectives. Fieldwork involves testing processes and controls. Reporting involves communicating findings, observations, and recommendations. 3) The skills required for effective operational audits, including competency in relevant areas and behaviors. Auditors should acquire these skills both individually and at the audit unit level.

Uploaded by

Lorence Ibañez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
52 views4 pages

Module 1 Reviewer

This document provides an overview of operational auditing, including: 1) The purpose of internal auditing and operational audits in helping organizations accomplish objectives. 2) The key phases of operational audits - planning, fieldwork, and reporting. Planning involves risk assessment and determining audit objectives. Fieldwork involves testing processes and controls. Reporting involves communicating findings, observations, and recommendations. 3) The skills required for effective operational audits, including competency in relevant areas and behaviors. Auditors should acquire these skills both individually and at the audit unit level.

Uploaded by

Lorence Ibañez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Module 1: Introduction to Operational Auditing

● Internal auditing is an independent, objective assurance and consulting activity


designed to add value and improve an organization’s operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance processes.

● Auditing Beyond Accounting, Financial, and Regulatory Requirements


- increase in stakeholder demands for advisory and consulting activities.

● The value auditors provide


- identify relevant stakeholders and to understand their interests. It is also important to
understand the power they have to assert these interests
- result in more effective and value-added reviews
- stakeholders can help to attain the organizational objectives

● Identifying Operational Threats and Vulnerabilities


- future oriented, risk-oriented

● The Skills Required for Effective Operational Audits


- the auditors should be competent and equipped with necessary behavioral skills
- how to acquire these skills should be done along two dimensions: one at the individual
level and the other at the internal audit unit level.

● Key Objectives of Operational Audits


- must first determine whose objectives the engagement is intending to address
- internal audit should be careful not to define the objectives unilaterally
- internal auditors should get management involvement as much as possible to make
sure that the review will meet their needs.
- the objectives for the review could be driven by:
- New rules
- Poor performance
- Compliance issues
- Anomalous revenues or expenses

● Phases of the Operational Audit


-- Like traditional audits, operational audits are also structured in the traditional planning,
fieldwork, and reporting phases. These provide a simple, effective, and time-tested
approach to organizing, performing, and communicating the results of the work done.

o Planning
▪ Planning is arguably the most important part of an audit.
▪ The proverb: “Failing to plan is planning to fail” comes to mind
▪ The planning process begins long before the actual audit begins. The
starting point should be the performance of a risk assessment that
allows the CAE (Chief Audit Executive) to prepare an audit plan based on
the results of an analysis of the organization’s audit universe.
▪ The audit universe consists of all auditable activities such as accounts,
processes, programs, and functions within an organization, and the risks
associated with their ability to achieve their objectives. At this point, the
risk assessment is done at the enterprise level.

o Fieldwork
▪ The next phase in the engagement’s life cycle is fieldwork.

▪ This phase is when most of the testing is performed, and it includes


interviewing, documenting, applying testing methodologies, managing
fieldwork, and providing status updates. It consists primarily of two things:

● Determining if the process or program under review is designed


effectively so that the related goals and objectives are likely to be
achieved

● Verify that the controls in place are performing as designed by


management

▪ During planning, the auditors obtain and review the documents received,
analyze data, hold meetings with process owners, and may find there are
obvious issues even at this stage. The question then must be asked: Is
that planning or testing? The auditor may identify reportable conditions
during the planning phase, even though identifying issues is usually
considered an aspect of testing. In the end, it doesn’t matter much. The
anomalous condition should be documented. Separating the engagement
into phases does not mean that the activities are necessarily exclusive of
each other. Activities may straddle the category and even reportable
conditions could be identified during the planning phase.

▪ Types of Audit Evidence


● Testimonial
● Observation
o The auditee knows that the auditor is observing
o The auditee does not know that the auditor is observing
● Document Inspection
● Recalculation/Reperformance

o Reporting
▪ The third phase of the audit is the communication of results, often
referred to as reporting.

▪ It consists of communicating findings, observations, and best practices


noted during the review, and developing recommendations for
corrective action.

▪ Findings are the documentation of deviations from what was expected


and form the basis for the audit report

● To the extent that the auditor documents the criteria, condition,


cause, effect, and recommendation (CCCER) items, it will
make it more persuasive and the reader will be more likely to
be convinced that the problem requires correction.

▪ 2 types of deficiencies:

● Design

● Operating

▪ Findings should be discussed with the process owners and other


relevant stakeholders before being included in the report.

▪ While the CCCER model includes R for recommendation, this doesn’t


mean that the auditor has to formulate every recommendation every
time. Telling the auditees what to do presents two key problems:

● Dependency. When told every time what to do, process owners


don’t develop the ability to think for themselves and identify
some possible alternatives to correct the problem.

● Lack of ownership. Recall that management owns the


programs, processes, their objectives, related risks, and
controls. All activities performed should exist because they help
achieve the program or processes’ objectives.

o Follow-Up
- After findings are reported, it is incumbent on both management and
auditors to verify that the corrective actions are in fact applied and the
problems fixed as expected.

- It is the goal that all auditors should pursue as it demonstrates that


internal audit not only identified a problem, but also identified the root
cause of the problem, and the agreed-upon corrective action corrected
the deficiency.

You might also like