Professional Documents
Culture Documents
Overview of Ops Aud Part 2 - MARP
Overview of Ops Aud Part 2 - MARP
Operations Auditing
Concepts
Mark Anecito R. Perlas
The Purpose of Internal Auditing?
2
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 1
08/31/2021
IIA Statement of Responsibilities
Purpose:
Internal auditing is an independent appraisal
function established within an organization to
examine and evaluate its activities as a service to
the organization.
The objective of internal auditing is to assist
members of the organization in the effective
discharge of their responsibilities.
The audit objective includes promoting control at a
reasonable cost.
IIA Statement of Responsibilities
Scope:
The scope of internal auditing should encompass
the examination of the adequacy and effectiveness
of the organization’s system of internal control
and the quality of performance in carrying out
assigned responsibilities.
Assessment (adequacy and effectiveness).
Enhancement (measuring performance quality
improvement).
4
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 2
08/31/2021
FRAUD DETERRENCE
Managing the risk of fraud and corruption is the
responsibility of management. Audit procedures
alone, even when performed with due professional
care, cannot guarantee that fraud or corruption will
be detected. Internal audit does not have
responsibility for the prevention or detection of
fraud and corruption. Internal auditors will,
however, be alert in all their work to risks and
exposures that could allow fraud or corruption.
Internal audit may be requested by management
to assist with fraud examination work.
6
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 3
08/31/2021
RBIA vs
Controls‐based
internal audit
The Audit Process Model
IN PU T S PRO C ESSES OU TPU TS OUTCOMES
Internal Audit
K now ledge
and Skills
Analyses,
Appraisals,
C om puters, Recom mendations,
Softw are and C ounsel and
IIA S tandards Supporting the
Inform ation
Internal Audit O rganization in
Practices and the D ischarge of
Procedures their
Responsibilities
T im eand
Prom ote the
Money Effective use of
Internal Control
R eputation
for Integrity
and Fairness
8
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 4
08/31/2021
Establishing Audit Objective
and Scope
Ensure a positive link between the audit objective
and the entity’s goals.
Ensure the audit program will produce the
evidence as required.
Ensure that each test will provide the evidence
required by the audit program.
L i n k i n g t h e A u d it
to th e B u sin e s s P lan
A u d it U n it E n tity
O b je c tiv e G o a ls P u rp o s e
S e rv in g
C u s to m e r
N eeds 9
AUDIT
Phase I:
Internal Audit
ASSIGNMENT
AND OBJECTIVE Planning the Audit
Framework RESEARCH
PRELIMINARY
SURVEY
Planning
RISK
ASSESSMENT
Performing DEVELOPAUDIT
PROGRAM
Reporting FIELDWORK
(TESTING)
Phase II:
Performing the Audit
DISCUSS
CONCLUSIONS
1
0
10
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 5
08/31/2021
A Framework for the Audit
1. Audit Strategy/ Audit Scope & Objective.
2. Creation of Risk Based Work Papers
3. Collection of basic reference materials (flow charts,
etc.)
4. Determination of tests needed
5. Sample Design
6. Preparation of meeting agendas
7. Follow-up on information gleaned/re-direction
8. Documentation of test results and conclusions.
9. Creation of Audit Point Sheets.
10.Audit Report
11
11
Select Auditee
Plan Audit
Perform Audit
Report Findings
Perform Followup
12
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 6
08/31/2021
Planning the Audit
Research
Risk Assessment
Audit Strategy
Preliminary Survey
Policies and Procedures
Inputs and Outputs
Control Steps
People
13
13
PLANNING
Evaluating operations or programs to ascertain whether results are
consistent with established objectives and goals and whether the
operations or programs are being carried out as planned.
Monitoring and evaluating governance processes.
Monitoring and evaluating the effectiveness of the organization’s
management’s processes.
Evaluating the quality of performance of external auditors and the degree of
coordination required with internal audit.
Performing consulting and advisory services related to governance,
management, and control as appropriate for the company.
Reporting periodically on the internal audit activity’s purpose, authority
responsibility, and performance relative to its plan.
Reporting significant risk exposures and control issues, including
governance issues, and other matters needed or requested by the Board.
Evaluating specific operations at the request of the boardor
management, as appropriate.
14
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 7
08/31/2021
Planning Step #1
Perform Research on Area under Audit
15
15
◾ Are there any liquid ◾ What physical assets
◾ What could go ◾ How could that unit assets that require are bought and used?
wrong? fail? special care and How do they need to be
oversight? protected and used for
◾ What intellectual or
digital assets are used include personally ◾ How could someone
maximum
and constitute a key identifiable information, or something disrupt
effectiveness?
success factor? These copyrights, and licenses. the operations?
might
◾ What are the ◾ Where are the
objectives and how do people, processes, ◾ On what information ◾ On what do they
we know if the unit is systems, or assets do they rely the most? spend the most money?
achieving them? vulnerable?
◾ Who has access to
◾ What decisions
◾ How could someone ◾ What systems are in these systems and what
require the most
steal from the unit? use? activities can they
judgment?
perform using it?
16
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 8
08/31/2021
Planning Step #2
Prepare Your Hypothesis
17
Planning Step #3
Send Engagement Memo
1. To executive management
2. Include the name of the audit effort andthe
initiation date
3. Request the name of a contact person
18
18
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 9
08/31/2021
ANNUAL AUDITPLAN
In cooperation with the senior management, perform the
following:
Conduct a preliminary risk assessment by utilizing a group
interview.
Gather top management input on the preliminary risk
assessment.
Prepare a Draft Annual Audit Plan based upon the results of
the risk assessment process.
Obtain the formal approval of the Audit Committee or the
board.
This plan will be subject to reviews during the course of audit work to ensure that the
focus continues to be on the higher risk areas. In addition, the need to conduct special
assignments requested from the Audit Committee and senior management may also
require the deferral of planned audit work. Additional work may require additional
staff and the help of specialist or consultant coming from outside the company.
N.B.: The approval of audit committee is suffice, however, where no audit committee is
existing, approval of the board should be taken.
19
COMMUNICATION OF I/A PLAN
Distribute annual audit plan to senior management.
Keep senior management informed of any changes to
annual audit plan.
Ensure that management is informed about the internal
audit work at least a month prior to starting the work.
Note that special requested assignments require different
procedures involving little or no notification to involved
management.
If there is any special assignment going parallel with the
normal audit, tell the time frame for the completion of the
additional assignment.
If there is need for additional persons in the team because of
additional work, raise the requisition at most appropriate
time.
20
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 10
08/31/2021
Designing Audit Tests
Evidence is created from tests or questions.
The creation of the right test or question to ask is a
process of working backwards from the audit objective.
A Logical S equence: F r o m Te s t s to O b j e c t i ve
Tests: E vidence: H yp o t h e s i s :
W hat creates the W hat p r o v e s the W hat do y ou A u d it
e v i de nc e (y /n)? hy pot he s i s ? w ant to p r o v e ? O bjective
21
21
PERFORM AUDIT FIELDWORK
Carry out fieldwork as indicated in the annual audit
plan.
Obtain cooperation from the management and the staff
as necessary to identify, obtain documentation and
conduct interviews, etc.
Conduct fieldwork with minimal disruption to
operations of the company being audited.
Build friendly environment with the management.
Avoid any friction in relationship with the
management or the staff engaged with you by the
company. As it may create problem for the work being
carried out. Be tactful!
22
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 11
08/31/2021
BASIC CONCEPTS OF
AUDIT EVIDENCE
23
GENERALIZATION ABOUT THE
RELIABILITY OF EVIDENCE
Internal control
Nature of evidence
24
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 12
08/31/2021
25
AUDIT PROCEDURES
OBSERVATION
INSPECTION
CONFIRMATION
MECHANICAL TESTS
ANALYTICAL PROCEDURES
INQUIRIES
TRACING VS VOUCHING
26
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 13
08/31/2021
27
28
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 14
08/31/2021
Professional Skepticism
«We trust but we need to verify »
An auditor should be alert about. . .
•audit evidence that contradicts other audit
evidence obtained
29
Documenting the Audit
Automated Work Papers provide
30
30
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 15
08/31/2021
Work Papers –
Good Practices
Use electronic templates to capture data:
* Background & Scope Document
* Risk
* Control
* Test
* Audit Point Sheet
Structure your work paper documents as carefully as
you would the final audit report.
31
31
Writing Up Conclusions
Best practices include:
32
32
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 16
08/31/2021
WHAT DO REVIEWERS OF
WORKING PAPERS LOOK
FOR?
33
REMEMBER:
IF IT’S NOT
DOCUMENTED,
IT IS NOT DONE!
34
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 17
08/31/2021
Best Practices (cont)
Discussion of the conclusion with management.
To avoid misunderstandings.
To give management a ‘heads-up’ about issues.
To encourage corrective action as soon as possible.
Cross-reference the audit point sheets to the
conclusions in the audit work papers (and back-
reference the conclusions to the report).
35
35
The Audit Point Sheet
Ensures all aspects of problems (findings) are
captured.
36
36
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 18
08/31/2021
REPORT RESULTS
In general, share important and
sensitive findings with responsible
managers immediately upon
verification by the auditor; short memo
reports may be used in this process.
37
Summarizing and Evaluating
Results
The audit process creates evidence.
T h e L o g i c a l R esults: F r o m Tests to F i n d i n g s
38
38
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 19
08/31/2021
39
40
40
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 20
08/31/2021
FINAL REPORT
Issue final report to the management.
Prepare checklist of issues to be
discussed with the management in next
period audit.
Write down the comments of the
management on report.
41
41
Writing Effective Audit Reports
Reports are important because they:
Provide documented communication and
assurance to senior management.
Provide operating management with assessments
of operations and corrective action.
Provide the auditor with records for follow-up of
audit results.
Provide the audit group with marketing
opportunities to demonstrate added value.
42
42
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 21
08/31/2021
43
FOLLOW UP
At the completion of each audit, the auditor will send an
evaluation survey form to the clients of the audit. This form
should be completed and returned to the Office of Internal
Audit, in order to ensure continuous improvement of these
procedures and the internal audit function.
Approximately six months following completion of each
audit, the auditor will conduct a follow-up review to verify
the completion of agreed-upon management actions and
ascertain the status of open recommendations. A follow-up
report will be generated annually for distribution to senior
management and members of the Audit Committee.
44
44
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 22
08/31/2021
#METRICS
45
45
Audit Interaction with Auditee
C o m p etitio n C o o p eratio n C o llab o ratio n
Auditor Manager
46
46
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 23
08/31/2021
Building Trust with Auditee
47
47
AVOID PITFALLS
Richard Chambers, CIA, has shared his experience about
failure of internal audit assignments. He has mentioned 6 main
reasons for the failure of internal audit. We agree with him on
the reasons of internal audit failure and wish them to be avoided
while performing internal audit work. They are as given below:
1. Not setting aside enough time to properly plan the audit work.
Proper planning is the glorious road to successful auditwork.
2. Trying to audit too much, be relevant to risk. Keep one eye on
relevance of work being done with overall objectives of the audit.
3. Not involving the client or the auditee personnel.
4. Failing to augment the audit team with “functional expertise”.
5. Forgetting that the audit should ultimately add value.
6. Forgetting to follow the risks. New risks may emerge during the
progress of audit work. Change work plan according to them.
48
48
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 24
08/31/2021
7‐Es of Operational Audit
Strategic vs Tactical
49
Thank
you!
Internal Audit Framework 50
50
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 25