PALATAN, Randell Jan M.

BSA35 Operations Auditing Quiz #3

BSA-III-A31A Mr. Clyde dela Fuente September 22, 2020

Answers:

1. Establishing a risk-based plan is an integral part of the audit function. Through this, an
internal auditor may identify relevant risks and rank those that can affect the organization
more to those that will affect it less and then pin point its source. Through the process of
ranking risks, internal auditors will know what to prioritize when performing the audit
activity. A risk-based plan serves as an early warning system, enabling deficiencies to be
identified and remediated on a timely basis rather than when they arise. Internal auditors
can’t simply dive on everything, they must have a coordinate to follow and know exactly
the enemies, dangers, or risks ahead and be prepared to handle them professionally.

2. To better identify relevant risks related to matters being reviewed and better formulate a
risk-based plan for the internal audit activity, internal auditors must improve as well. First
way is to be familiar as much as possible and gain in-depth knowledge of the process and
the corporation being audited. No single company has the same exact process and culture
so each internal audit must also fit this uniqueness. Second, auditors must remove their
bias based on their training and experience, they can’t act as a know it all and pin point a
field as the source of risk because that’s what they’re usually from, they must still assess.
Lastly, an internal auditor must always look at an organization in all angles to better
identify specific risks from each angle.

3. The three internal factors that affect a typical organization are Personnel, Processes and
Technology/Equipment while the external factors include Natural environment, political,
and economic. Internal factors must work hand in hand to improve an organization in its
future. Having the wrong personnel, a slow process, and faulty equipment makes an
organization doomed to fail, improving one without the other still is a preparation to fail.
An organization must hire competent personnel, have efficient and effective processes
and trusty technology will ensure an organization’s future success. Meanwhile, a
deteriorating environment will affect organizations especially those who rely their future
growth on natural resources. As much, politics and the economy work together in
determining an organization’s future prospects. A corrupt government will destroy a
stable economy, and an unstable economy will destroy a competent government, and one
of the major fields who suffer the consequences in both events are businesses.

4. The COVID-19 pandemic is a global event that has disrupted not only organizations but
toppled empires and entire governments as well. However, in this storm, there are those
who rise and boomed in business such as those having pre-existing online businesses and
connections. Locally, an organization that benefited from such are public or state colleges
and universities because they need not worry about lesser enrollees since they are being
funded by the government and have government-funded scholarships. However, in the
same event, private schools like Columban College, Inc. has suffered the consequences.
PALATAN, Randell Jan M. BSA35 Operations Auditing Quiz #3
BSA-III-A31A Mr. Clyde dela Fuente September 22, 2020

Though we haven’t incurred a loss, we are barely making any profit and in reality, is in
the verge of shutting if not only for the support of the Catholic church. We are not funded
by the government, we have no pre-existing online courses before the event, and we have
a growing price of tuition fee before COVID-19. Perhaps, CCI was not able to assess this
risk early on and don’t have a cushion, unlike public schools, to fall on to.

5. According to what I’ve researched, Common Vulnerabilities and Exposures (CVE) is a

list of common risks in a company which are publicly disclosed. Participating
organizations include Apple, Inc., Cisco Systems, Inc., Cisco, and Huawei Technologies,
Co., Ltd. CVE is a tool that allows the improvement of security and control and add value
to the organization by letting the public, including potential customers and investors
assess these risks.

6. Often times, internal auditors tend to overlook these risks and tackle bigger ones head on
and let management deal with the rest. However, bottlenecks, long cycle times,
redundancies, and reprocessing are important operational risks to identify and solve.
Bottlenecks is a point in the process where there is limited productive capacity or the
flow slows down but it shouldn’t be. A process should be continuous and consistent in
flow like a glass pouring water, not a bottle. Internal auditors need to identify why there
is a slow down because it is a giant risk in the making. An important characteristic in
accountancy, auditing and the business as a whole is timeliness, and a slow and long time
cycle is a definite risk that needs to be solve. An organization must always meet the
deadline otherwise, customers will be dissatisfied. In connection to this, an internal
auditor must assess if there is redundancy and repeated reprocessing in the process since
it will produce so much more waste and lesser profit with longer time. These operational
risks cannot be overlooked, they may look small but they are integral to fixing the
operational process.

7. Even though outsourcing of service and global sourcing of materials proves to be helpful
to organizations through cost reduction, boosted productivity and efficiency, and freeing
organizations so it could focus on its core activities; whereas global sourcing is driven by
lower prices and higher quality of foreign-sourced in most cases, there are still underlying
risks to look out for. Management must remain vigilant regarding the quality of these
products and services. In some cases, outsourced services exploit child labor while using
cheaper and faulty materials which might affect an organization’s overall image being
connected in those scandals. Moreover, outsourced services and materials may not
directly align with the organization’s goals and objectives which will result to a conflict
of interests between the companies. Managers must always practice professional
skepticism when outsourcing services and globally sourcing materials.

8. Organizations must always remain vigilant and always practice honesty and integrity in
all of its activities, from the bottom such as laborers to the top such as the CEOs. Indeed,
PALATAN, Randell Jan M. BSA35 Operations Auditing Quiz #3
BSA-III-A31A Mr. Clyde dela Fuente September 22, 2020

the world has a long way to go to rid of this evil in organizations and governments since
there are many of those who will be corrupted of personal interests rather than the interest
of the organization. Organizations are expected to act accordingly to the law and
corporate regulations, must be transparent to its stakeholders especially the public, and
always have a trustworthy internal and external auditing team to help improve the
reliability and integrity of every organization in its protest to fight off corruption.