Overview of Ops Aud Part 2 - MARP

08/31/2021
Operations Auditing
Concepts
Mark Anecito R. Perlas
The Purpose of Internal Auditing?
“Eyes and Ears”

“Policeman”
“Watchdog”
“Consultant”
“Catalyst”
2
Please avoid uploading to unauthorized sites
such as Course Hero which can be accessed
by public. Thank you! 1
08/31/2021
IIA Statement of Responsibilities
Purpose:
Internal auditing is an independent appraisal
function established within an organization to
examine and evaluate its activities as a service to
the organization.
The objective of internal auditing is to assist
members of the organization in the effective
discharge of their responsibilities.
The audit objective includes promoting control at a
reasonable cost.
IIA Statement of Responsibilities
Scope:
The scope of internal auditing should encompass
the examination of the adequacy and effectiveness
of the organization’s system of internal control
and the quality of performance in carrying out
assigned responsibilities.
Assessment (adequacy and effectiveness).
Enhancement (measuring performance quality
improvement).
4
08/31/2021
FRAUD DETERRENCE
Managing the risk of fraud and corruption is the
responsibility of management. Audit procedures
alone, even when performed with due professional
care, cannot guarantee that fraud or corruption will
be detected. Internal audit does not have
responsibility for the prevention or detection of
fraud and corruption. Internal auditors will,
however, be alert in all their work to risks and
exposures that could allow fraud or corruption.
Internal audit may be requested by management
to assist with fraud examination work.
6
08/31/2021
RBIA vs
Controls‐based
internal audit
The Audit Process Model
IN PU T S PRO C ESSES OU TPU TS OUTCOMES
Internal Audit
K now ledge
and Skills
Analyses,
Appraisals,
C om puters, Recom mendations,
Softw are and C ounsel and
IIA S tandards Supporting the
Inform ation
Internal Audit O rganization in
Practices and the D ischarge of
Procedures their
Responsibilities
T im eand
Prom ote the
Money Effective use of
Internal Control
R eputation
for Integrity
and Fairness
8
08/31/2021
Establishing Audit Objective
and Scope
Ensure a positive link between the audit objective
and the entity’s goals.
Ensure the audit program will produce the
evidence as required.
Ensure that each test will provide the evidence
required by the audit program.
L i n k i n g t h e A u d it
to th e B u sin e s s P lan
A u d it U n it E n tity
O b je c tiv e G o a ls P u rp o s e
S e rv in g
C u s to m e r
N eeds 9
AUDIT
Phase I:
Internal Audit
ASSIGNMENT
AND OBJECTIVE Planning the Audit
Framework RESEARCH
PRELIMINARY
SURVEY
Planning
RISK
ASSESSMENT
Performing DEVELOPAUDIT
PROGRAM
Reporting FIELDWORK
(TESTING)
Phase II:
Performing the Audit
DISCUSS
CONCLUSIONS
DRAFT AUDIT Phase III:

REPORT Documenting the Audit
1
0
10
08/31/2021
A Framework for the Audit
1. Audit Strategy/ Audit Scope & Objective.
2. Creation of Risk Based Work Papers
3. Collection of basic reference materials (flow charts,
etc.)
4. Determination of tests needed
5. Sample Design
6. Preparation of meeting agendas
7. Follow-up on information gleaned/re-direction
8. Documentation of test results and conclusions.
9. Creation of Audit Point Sheets.
10.Audit Report
11
11
Phases of an Operational Audit
Select Auditee
Plan Audit
Perform Audit
Report Findings
Perform Followup
12
08/31/2021
Planning the Audit
Research
Risk Assessment
Audit Strategy
Preliminary Survey
Policies and Procedures
Inputs and Outputs
Control Steps
People
13
13
PLANNING
 Evaluating operations or programs to ascertain whether results are
consistent with established objectives and goals and whether the
operations or programs are being carried out as planned.
 Monitoring and evaluating governance processes.
 Monitoring and evaluating the effectiveness of the organization’s
management’s processes.
 Evaluating the quality of performance of external auditors and the degree of
coordination required with internal audit.
 Performing consulting and advisory services related to governance,
management, and control as appropriate for the company.
 Reporting periodically on the internal audit activity’s purpose, authority
responsibility, and performance relative to its plan.
 Reporting significant risk exposures and control issues, including
governance issues, and other matters needed or requested by the Board.
 Evaluating specific operations at the request of the boardor
management, as appropriate.
14
08/31/2021
Planning Step #1
Perform Research on Area under Audit
Research is important for understanding, but we

must be able to recognize when “enough is
enough”
Research tells us define the historical issues, current

issues, marketing issues, pervasive risks, personnel
issues, and future issues.
15
15
◾ Are there any liquid ◾ What physical assets
◾ What could go ◾ How could that unit assets that require are bought and used?
wrong? fail? special care and How do they need to be
oversight? protected and used for
◾ What intellectual or
digital assets are used include personally ◾ How could someone
maximum
and constitute a key identifiable information, or something disrupt
effectiveness?
success factor? These copyrights, and licenses. the operations?
might
◾ What are the ◾ Where are the
objectives and how do people, processes, ◾ On what information ◾ On what do they
we know if the unit is systems, or assets do they rely the most? spend the most money?
achieving them? vulnerable?
◾ How do they bill and ◾ What activities are ◾ What activities are ◾ What is their greatest

collect revenue? most complex? regulated? legal exposure?
◾ Who has access to
◾ What decisions
◾ How could someone ◾ What systems are in these systems and what
require the most
steal from the unit? use? activities can they
judgment?
perform using it?
16
08/31/2021
Planning Step #2
Prepare Your Hypothesis
1. The activity is operating normally

What is = What should Be
2. The activity is not operating as it should in
some significant way
What is does not = What should be
3. Some value in between
There are minor differences between
What is and What should be
17
17
Planning Step #3
Send Engagement Memo
1. To executive management
2. Include the name of the audit effort andthe
initiation date
3. Request the name of a contact person
18
18
08/31/2021
ANNUAL AUDITPLAN
In cooperation with the senior management, perform the
following:
 Conduct a preliminary risk assessment by utilizing a group
interview.
 Gather top management input on the preliminary risk
assessment.
 Prepare a Draft Annual Audit Plan based upon the results of
the risk assessment process.
 Obtain the formal approval of the Audit Committee or the
board.
This plan will be subject to reviews during the course of audit work to ensure that the
focus continues to be on the higher risk areas. In addition, the need to conduct special
assignments requested from the Audit Committee and senior management may also
require the deferral of planned audit work. Additional work may require additional
staff and the help of specialist or consultant coming from outside the company.
N.B.: The approval of audit committee is suffice, however, where no audit committee is
existing, approval of the board should be taken.
19
COMMUNICATION OF I/A PLAN
 Distribute annual audit plan to senior management.
 Keep senior management informed of any changes to
annual audit plan.
 Ensure that management is informed about the internal
audit work at least a month prior to starting the work.
 Note that special requested assignments require different
procedures involving little or no notification to involved
management.
 If there is any special assignment going parallel with the
normal audit, tell the time frame for the completion of the
additional assignment.
 If there is need for additional persons in the team because of
additional work, raise the requisition at most appropriate
time.
20
08/31/2021
Designing Audit Tests
Evidence is created from tests or questions.
The creation of the right test or question to ask is a
process of working backwards from the audit objective.
A Logical S equence: F r o m Te s t s to O b j e c t i ve
Tests: E vidence: H yp o t h e s i s :
W hat creates the W hat p r o v e s the W hat do y ou A u d it
e v i de nc e (y /n)? hy pot he s i s ? w ant to p r o v e ? O bjective
21
21
PERFORM AUDIT FIELDWORK
Carry out fieldwork as indicated in the annual audit
plan.
Obtain cooperation from the management and the staff
as necessary to identify, obtain documentation and
conduct interviews, etc.
Conduct fieldwork with minimal disruption to
operations of the company being audited.
Build friendly environment with the management.
Avoid any friction in relationship with the
management or the staff engaged with you by the
company. As it may create problem for the work being
carried out. Be tactful!
22
08/31/2021
BASIC CONCEPTS OF
AUDIT EVIDENCE
The nature of audit evidence
The sufficiency of audit evidence
The appropriateness of audit evidence
The evaluation of audit evidence
23
GENERALIZATION ABOUT THE
RELIABILITY OF EVIDENCE
Independence of the source
Qualifications of the source
Internal control
Nature of evidence
Form of the evidence
24
08/31/2021
GBW 7TH ED., CH. 4
25
AUDIT PROCEDURES
 OBSERVATION
 INSPECTION
 CONFIRMATION
 MECHANICAL TESTS
 ANALYTICAL PROCEDURES
 INQUIRIES
 TRACING VS VOUCHING
26
08/31/2021
27
28
08/31/2021
Professional Skepticism
«We trust but we need to verify »
An auditor should be alert about. . .
•audit evidence that contradicts other audit
evidence obtained
•information that brings into question the reliability

of documents and responses to inquiries to be used
as audit evidence
•conditions that may indicate possible fraud
29
Documenting the Audit
Automated Work Papers provide
A framework to guide the audit process.

Support for the conclusions reached by the audit.
A record of the audit process and its conformance
to standards.
30
30
08/31/2021
Work Papers –
Good Practices
Use electronic templates to capture data:
* Background & Scope Document
* Risk
* Control
* Test
* Audit Point Sheet
Structure your work paper documents as carefully as
you would the final audit report.
31
31
Writing Up Conclusions
Best practices include:
Test description or question.

Results (clearly stated).
Conclusion reached as a result of that test.
32
32
08/31/2021
REVIEW OF WORKING PAPERS
WHAT DO REVIEWERS OF
WORKING PAPERS LOOK
FOR?
33
REMEMBER:
IF IT’S NOT
DOCUMENTED,
IT IS NOT DONE!
34
08/31/2021
Best Practices (cont)
Discussion of the conclusion with management.
To avoid misunderstandings.
To give management a ‘heads-up’ about issues.
To encourage corrective action as soon as possible.
Cross-reference the audit point sheets to the
conclusions in the audit work papers (and back-
reference the conclusions to the report).
35
35
The Audit Point Sheet
Ensures all aspects of problems (findings) are
captured.
Useful as ready documentation.
Serves as a basis for

discussion.
Aids the summarization

and report writing.
36
36
08/31/2021
REPORT RESULTS
 In general, share important and
sensitive findings with responsible
managers immediately upon
verification by the auditor; short memo
reports may be used in this process.
 Prepare a first draft of the final report

and discuss it with responsible
managers immediately following the
fieldwork.
37
37
Summarizing and Evaluating
Results
The audit process creates evidence.
T h e L o g i c a l R esults: F r o m Tests to F i n d i n g s
Test: E vid e n c e : C o n c lus ion:

C reates the Provides factual Puts the facts in FIN D IN G
e vid e n c e . inform ation. c o n t e x t (im pact).
Evidence is summarized into conclusions.

Evidence (facts) + Context (impact) = Finding
38
38
08/31/2021
FINALIZE AUDIT WORK

Schedule an exit meeting after management has received
the first draft of the audit report; this meeting will provide
the opportunity for management to discuss
findings, conclusions, and recommendations with the
auditor.
During or immediately after exit meeting, ask management
to provide their responses to the auditor's findings and
recommendations, either in writing or in sufficient detail
for the auditors to capture them and reduce them to
writing in the final draft report.
39
39
REVIEW FINAL REPORT

Send final draft of the audit report to
management and discuss suggested changes by
them. After processing changes, issue the final
report to the distribution as indicated on the
cover letter to the report.
Note:
All reports shall contain an executive summary
which provides in a short form the
observations, management responses, and
auditor's conclusion.
40
40
08/31/2021
FINAL REPORT
 Issue final report to the management.
 Prepare checklist of issues to be
discussed with the management in next
period audit.
 Write down the comments of the
management on report.
41
41
Writing Effective Audit Reports
Reports are important because they:
Provide documented communication and
assurance to senior management.
Provide operating management with assessments
of operations and corrective action.
Provide the auditor with records for follow-up of
audit results.
Provide the audit group with marketing
opportunities to demonstrate added value.
42
42
08/31/2021
43
FOLLOW UP
At the completion of each audit, the auditor will send an
evaluation survey form to the clients of the audit. This form
should be completed and returned to the Office of Internal
Audit, in order to ensure continuous improvement of these
procedures and the internal audit function.
Approximately six months following completion of each
audit, the auditor will conduct a follow-up review to verify
the completion of agreed-upon management actions and
ascertain the status of open recommendations. A follow-up
report will be generated annually for distribution to senior
management and members of the Audit Committee.
44
44
08/31/2021
Following Up – Corrective Actions

The control aspect of auditing is not complete
until corrective action is taken (or the risk formally
assumed by senior management).
Effective statements of corrective action
include:
The specific steps to be taken,
The completion date and
The person responsible for completion.
#METRICS
45
45
Audit Interaction with Auditee
C o m p etitio n C o o p eratio n C o llab o ratio n
Au d ito r Manager Au d ito r Manager Au d it T eam
Auditor Manager
Internal Audit Internal Audit Internal Audit
46
46
08/31/2021
Building Trust with Auditee
The slow way- Making and keeping

commitments
The faster way -
Collaboration.
47
47
AVOID PITFALLS
Richard Chambers, CIA, has shared his experience about
failure of internal audit assignments. He has mentioned 6 main
reasons for the failure of internal audit. We agree with him on
the reasons of internal audit failure and wish them to be avoided
while performing internal audit work. They are as given below:
1. Not setting aside enough time to properly plan the audit work.
Proper planning is the glorious road to successful auditwork.
2. Trying to audit too much, be relevant to risk. Keep one eye on
relevance of work being done with overall objectives of the audit.
3. Not involving the client or the auditee personnel.
4. Failing to augment the audit team with “functional expertise”.
5. Forgetting that the audit should ultimately add value.
6. Forgetting to follow the risks. New risks may emerge during the
progress of audit work. Change work plan according to them.
48
48
08/31/2021
7‐Es of Operational Audit
Strategic vs Tactical
49
Thank
you!
Internal Audit Framework 50
50

Overview of Ops Aud Part 2 - MARP

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Overview of Ops Aud Part 2 - MARP

Uploaded by

Copyright:

Available Formats

08/31/2021

“Eyes and Ears”

DRAFT AUDIT Phase III:

Phases of an Operational Audit

Research is important for understanding, but we

Research tells us define the historical issues, current

◾ How do they bill and ◾ What activities are ◾ What activities are ◾ What is their greatest

1. The activity is operating normally

The nature of audit evidence

The sufficiency of audit evidence

The appropriateness of audit evidence

The evaluation of audit evidence

Independence of the source

Qualifications of the source

Form of the evidence

GBW 7TH ED., CH. 4

•information that brings into question the reliability

•conditions that may indicate possible fraud

A framework to guide the audit process.

Test description or question.

REVIEW OF WORKING PAPERS

Useful as ready documentation.

Serves as a basis for

Aids the summarization

 Prepare a first draft of the final report

Test: E vid e n c e : C o n c lus ion:

Evidence is summarized into conclusions.

FINALIZE AUDIT WORK

REVIEW FINAL REPORT

Following Up – Corrective Actions

Au d ito r Manager Au d ito r Manager Au d it T eam

Internal Audit Internal Audit Internal Audit

The slow way- Making and keeping

You might also like