OPERATIONAL AUDITING

CHAPTER I

DEFINITION,
CHARACTERISTICS,
and Guidance
INTRODUCTION

• Internal audit is undergoing a massive transformation.

While its role to provide independent, objective
assurance and consulting services to organizations in
ways that improve their operations has remained constant
for decades and remains true today, how this has been
accomplished has changed over time.

• Internal auditing evolved in a way that validated the

organizations’ hierarchy and structure, its centralization,
assignment of rigid authority, discipline, rules, and the
division of labor procedures against the standard model.
The audit function, then, focused on assessing an
organization’s control or operational effectiveness with
this standardization and could do so quickly by using
checklists, prepared questionnaires, and reviewing the
same documents year after year to verify consistency.
INTRODUCTION

• Starting in the early 1990s, internal audit began a

transformation process that is bringing it more in line with the
true needs of the organizations it serves and the related
stakeholders. The emergence of the stakeholder theory and
topics about corporate governance, quality, and cycle time, in
addition to the constant advocacy work of the IIA have brought
many changes to the profession. The dot com meltdown in
2000/2001 and the enactment of the Sarbanes–Oxley Act of
2002 were wake up calls for the profession.

• Today internal audit is achieving a healthier balance among

operational, reporting, compliance, information technology (IT),
fraud, and strategic topics. It is now looking beyond the
immediate fiscal year and taking a closer look at longer term
trends and the future implications of current dynamics. It is
now identifying a wider set of essential skills, and finding that
to succeed as a trusted advisor to the board and management,
it must bring into its ranks people with a wider skillset,
including broad business skills, strong communication skills,
 Chapter I

OPERATIONAL AUDITING
DEFINITION

CHARACTERISTICS

GUIDANCE
 Chapter I

DEFINITION
OPERATIONAL AUDITING
• “A future-oriented, systematic, and independent
evaluation of organizational activities. Financial data
may be used, but the primary sources of evidence
are the operational policies and achievements
related to organizational objectives. Internal controls
and efficiencies may be evaluated during this type of
review.
• “A review of how an organization’s management and
its operating procedures are functioning with
respect to their effectiveness and efficiency in
meeting stated objectives. For example, a business
might perform an operational audit if its senior
management has become convinced that
operational improvements can be madeand need to
Chapter I

DEFINITION
INTERNAL AUDITING
• Internal auditing is an
independent, objective
assurance and consulting
activity designed to add value
and improve an organization’s
operations.
• It HELPS an organization
accomplish its objectives by
bringing a systematic,
disciplined approach to
evaluate and improve the
effectiveness of risk
Chapter -DEFINITION

DEFINITION
KEY
LANGUAGES
 Chapter I-KEY LANGUAGES

1.INDEPENDENCE
has to do primarily with the position of internal
audit within the organization’s hierarchy.
Internal audit should report to the audit
committee (or its equivalent) on the board of
directors so it receives advice and support to
perform its duties
 Chapter I-KEY LANGUAGES

2.OBJECTIVITY
related to the auditors’ frame of mind and their
ability to examine documents, processes, and
programs without a bias, without an agenda, with
no other motive than to find the truth and
communicate it accurately and promptly.
Conflicts of interest are one of the biggest threats
to objectivity, so internal auditors must be careful
to balance maintaining healthy professional and
social relationships with others in the
organization without becoming too cozy with
them.
 Chapter I-KEY LANGUAGES

3.ASSURANCE
relates to the auditors’ ability to give confidence and
make statements regarding the condition of matters
within the organization. It is often considered a
synonym to “compliance” as has been the traditional
focus of internal auditors for millennia. Compliance
audits focus on verifying conformity and adherence
of a particular area, process, or system with
policies, plans, procedures, laws, regulations,
contracts, or other requirements that govern the
conduct and actions of that area, process, or
system.
REMINDER!
Internal auditors provide reasonable assurance, not
absolute assurance, because there are numerous
variables to contend with constantly, but also because
there are no certainties in life. However, this does not
mean that internal auditors do substandard work
knowing that they can’t guarantee results. Internal
auditors are expected to display competence,
knowledge, and act with due professional care in all
they do to provide the best assurance possible.
Compliance can be driven by requirements that are
internal or external, regulatory or not, explicit or
implied.
 Chapter I-KEY LANGUAGES

4.CONSULTING
means giving advice to management and the
board, and engaging in activities that helps the
organization resolve nagging business issues.
These engagements address performance, how to
improve organizational programs, processes, and
activities, and how to become more flexible,
nimble, and responsive to business challenges. It
also relates to the special projects that internal
auditors sometimes work on.
 Chapter I-KEY LANGUAGES

5.DESIGNED TO ADD VALUE

They provide useful insights, identify competitive

advantage, protect your assets, act as a third line,
and guarantee good performance.
 Chapter I-KEY LANGUAGES

6. IMPROVE AN ORGANIZATION’S
OPERATIONS
is a very interesting statement because many
auditors see their role as that of checking things
and verifying the accuracy of various items and
activities within the organization.
 Chapter I-KEY LANGUAGES

7.HELP AN ORGANIZATION
ACCOMPLISH ITS OBJECTIVES
In essence, they look for the controls within the
process or program of their review, then check them to
see if they are present and operating as expected. While
this is important, they often forget to link those controls
to the relevant risks, and link these risks to the
business objectives that those risks threaten. All of this
to say that the starting point for everything auditors do
should be the identification of the relevant business
objectives.
 Chapter I-KEY LANGUAGES

8.BY BRINGING A SYSTEMATIC,

DISCIPLINED APPROACH
This refers to the approach followed when performing
the work. This is encapsulated in the Standards, the
Practice Guides and Practice Advisories, which provide
a great deal of guidance on how to plan, execute, and
communicate the results of the work done.
 Chapter I-KEY LANGUAGES

9.TO EVALUATE AND IMPROVE

THE EFFECTIVENESS
Our role as auditors goes beyond evaluating business
dynamics and writing reports that merely lists the
problems identified.
 Chapter I-To evaluate and improve the effectiveness

RISK
MANAGEMENT
This refers to the identification,
measurement, assessment, and
response to risks.
 Chapter I-To evaluate and improve the effectiveness

CONTROL
This refers to those activities
that mitigate relevant risks and
helps the organization avoid
surprises.
Chapter I-To evaluate and improve the effectiveness

GOVERNANCE
Corporate governance is a wide
subject that includes matters related
to organizational structure, reporting
lines, span of control, resource
allocation, accountability measures,
discipline, and rewards mechanisms.
Corporate governance relates to
ethical behavior by directors and
others charged with the creation and
 Chapter I-OTHER PARTS OF THE
DEFINTION

OPERATIONAL
AUDITING
is a future-oriented, independent, systematic,
and business-focused evaluation of management,
and the organization’s activities controlled by
management and third parties. This is done to
benefit the organization’s stakeholders who trust
internal auditors to identify anomalies, verify that
resources are handled responsibly, and that the
organization is structured and operating in ways
 Chapter I-OTHER PARTS OF THE
DEFINTION

OPERATIONAL
AUDITING
The purpose of operational auditing is to improve
organizational profitability and the attainment of
organizational objectives. These go beyond a review
of internal control issues since management does not
achieve its objectives simply by adhering to
satisfactory systems of internal control. Instead,
management must define its goals, set appropriate
strategies, staff the organization with enough and
competent workers, and execute effectively.
 Chapter I-OTHER PARTS OF THE
DEFINTION

OPERATIONAL
AUDITING
Also involves evaluating management’s performance,
since they have a fiduciary responsibility toward the
organization’s owners and other relevant stakeholders.
Over the past few decades, the expectations of
stakeholders have increased monumentally creating a
more challenging environment for managers and
auditors alike. These expectations range from CSR, to
acting ethically, safeguarding key information, and
maintaining a positive reputation.
 Chapter I-OTHER PARTS OF THE
DEFINTION

THE VALUE OF
AUDITORS PROVIDE
Internal auditors promote the efficient and effective
use of resources. Since organizations operate with the
funding received or authorized by their owners or
contributors, it is imperative that the organization
operates with this principle of financial fiduciary
responsibility.
 Chapter I-OTHER PARTS OF THE
DEFINTION

FIDUCIARY DUTY
A fiduciary duty is a legal duty to act solely in another
party’s interests. Parties owing this duty are called
fiduciaries. The individuals to whom they owe a duty
are called principals. Fiduciaries may not profit from
their relationship with their principals unless they
have the principals’ express informed consent. They
also have a duty to avoid any conflicts of interest
between themselves and their principals or between
their principals and the fiduciaries’ other clients.
 IDENTIFYING
OPERATIONAL THREATS
AND VULNERABILITIES
Internal auditors need to go beyond
inspecting transactions long after they were
performed be?cause the focus now leans
toward an examination of future threats and
vulnerabilities that can derail the
organization’s goals and objectives in the
short, medium, and even the long term. In
fact, focusing on future events and the future
implications of present events would add
more value to their organizations than
reporting primarily on past events.

www.reallygreatsite.com
 FUTURE ORIENTED
THREATS AND
VULNERABILITIES
Operational, such as maintaining
operational capacity, speed of execution
(i.e., cycle time), staffing levels, employee
motivation, knowledge transfer, system
development, and implementation
Technological, including protection of
intellectual property and personally
identifiable information, denial of service
attacks, business continuity due to staff
turnover, and system development

www.reallygreatsite.com
 FUTURE ORIENTED
THREATS AND
VULNERABILITIES
Strategic, referring to concerns related to
strong customer and vendor relations,
customer loyalty, building effective
business partnerships, outsourcing
arrangements, and mergers and
acquisitions

Environmental, which may include

reliable supply of water and electricity,
achieving a lower carbon footprint, and
reducing the amount of natural resources
used during business activities

www.reallygreatsite.com
 THE SKILLS
REQUIRED FOR
EFFECTIVE
1. Communication skills, such as oral, written, report
OPERATIONAL
writing, and presentation skills
AUDITS
2. Problem identification and solution skills, such as
conceptual and analytical thinking
3. Ability to promote the value of internal audit
4. Knowledge of industry, regulatory, and standards
changes
5. Organization skills
6. Conflict resolution/negotiation skills Drag and drop your photo or video! Click the sample
photo or video and delete. Select yours from the
7. Staff training and development uploads tab, drag, and then drop inside the frame!

Back to Overview Page

8. Accounting frameworks, tools, and techniques
9. Change management skills
 BEHAVIORAL SKILLS

▪ Confidentiality
▪ Objectivity
▪ Communication
▪ Judgment
▪ Work well with all management levels
▪ Possess governance and ethics sensitivity
▪ Be team players
▪ Relationship building
▪ Work independently
▪ Team building
Drag and drop your photo or video! Click the sample
▪ Leadership photo or video and delete. Select yours from the
uploads tab, drag, and then drop inside the frame!
▪ Influence
▪ Facilitation
 RISK -BASED
AUDITING AND
RISK INTEGRATED
INTEGRATED
BASED-AUDIT
Performing risk-based audits requires AUDITING AUDITING
more brainstorming, more interactions Business changes, resources
with process owners, a more in-depth change, and risks change, so
understanding of the organization’s both operations and IT must
business, and a mechanism to address adapt and continually
past, present, and future vulnerabilities improve to support the
and scenarios that threaten the business and mitigate risks
achievement of business objectives.
to acceptable levels.
INTERNAL AUDIT CAPABILITY MODEL
(IA-CM)
INTERNAL AUDIT CAPABILITY MODEL
(IA-CM)
INTERNAL AUDIT CAPABILITY MODEL
(IA-CM)
THANK
YOU!