Professional Documents
Culture Documents
Management Audit
Sylabus & Agenda
• Introduction Session
Day 1 • Part 1 - Audit Risk Assessment &Planning
• Part 2 - Audit on Initiation Phase
– Vendor Due Diligence & Selection
– Contract & Agreement
• Part 3 - Audit on Implementation Phase
– Internal Control Review
– Financial Stability
Day 2
3
References
4
Introduction: Third Party/ Vendor Relationship Management
5
What is Outsourcing & Shared Service?
While ownership and accountability of the service rests with the organisation some
operational risk is transferred to a third party with the necessary experience, skills and
resources. However, the organisation must recognise that by outsourcing a service or
activity it will not transfer all risk to that third party.
6
Source: Chartered Institute of Internal Auditors
Why outsourcing?
1. Cost benefits through allowing reduction in overheads, unit costs and efficiency
savings, including:
• Reduced headcount,
• Reduced future pension liabilities,
• Staff training and recruitment costs,
• Reduced level of building space and office accommodation, and
• Reduced capital expenditure.
2. In a new business entity key functions can be put in place more quickly and
cheaply than building in-house capability from scratch.
3. Moving to an outsourced model not only reduces financial overheads, but also
management overheads of needing to manage an in-house service.
7
Source: Chartered Institute of Internal Auditors
Why outsourcing?
8
Source: Chartered Institute of Internal Auditors
What is Outsourcing & Shared Service?
14
Source: Chartered Institute of Internal Auditors
Example of External Business Relationships
Service Providers:
Processing (Benefit, Payroll, etc.)
Shared Services Centers
Internal Audit Co-Sourcing
Contractors
Suppliers:
Demand Side Suppliers: Franchise, Licensing, etc
Supply Side Suppliers: Vendors
Joint Ventures:
Profit Sharing
Cost Sharing
Revenue Sharing
14
Risks from External Business Relationships
• Identify and assess all EBR:
• Relationships can’t be assessed appropriately
12
Introduction: What is Third Party/Vendor Audit ?
Definition:
An Audit Activity to provide Management with an objective assessment of
contractors’ or vendors’ compliance to the terms and conditions of the
contracts/agreements.
The role of Vendor Audit is established as the appraiser of the legitimacy of costs
billed by the contractors and vendors. This also includes the compliance with
procedures, policies, standards, rules, regulations and laws.
4
Source: IIA Canada
Introduction: Internal Audit vs Vendor Audit
4
Introduction: Why Third Party/Vendor Audit ?
• Business environment is overlaid with increasing pressure on management for cost
reduction, governance and accountability
• Shortages of quality resources, materials, equipment and vendors. Accordingly,
cost estimation and schedule planning are inherently high risk
• Capital Expenditure:
• Project execution performance is often weak
• Poor budgeting (overruns and over budgeting)
• Risk not managed
• Project expenditure forecasts inaccurate during execution
• Project complexity increasing (consortiums, contracting structures, complex business cases
etc.)
• Weak owners and out sourced project management teams – shortage
• Mobility of Project Staff
• Operation & Maintenance Cost
4
Source: IIA Canada
Benefits of Third Party/Vendor Audit
• Cost saving
• Process improvement
• Risk mitigation
• Relationship building
• Value addition / creation
• Help management to achieve objectives
4
Source: IIA Canada
Some Facts About Third Party/Vendor Audit
• On average 3% of contract values audited are identified as non-
compliant to contract terms. Further, out of that 3% noncompliance,
actual vendor cash recoveries range from 20% to 100%, with an
average of 50%.*
4
More Recent Facts About Third Party/Vendor
• 42% of companies now describe themselves as highly vulnerable to
vendor, supplier, or procurement fraud
– Kroll Global Fraud Survey
4
More Recent Facts About Third Party/Vendor
4
Part 1.
Third Party/Vendor Audit
Risk Assessment & Planning
IIA IPPF Practice Guide: Auditing Process for EBR
Understand the
organization,
Understand the
environment
21
IIA IPPF Practice Guide: Auditing Process for EBR
Understand the
inherent risk,
understand
EBR partners
environment,
define key
controls
22
IIA IPPF Practice Guide: Auditing Process for EBR
Offsite or onsite
audit
Evaluate test
results, identify
findings and get
response
23
IIA IPPF Practice Guide: Auditing Process for EBR
Drafting,
discussion, and
final distribution
24
IIA IPPF Practice Guide: Auditing Process for EBR
Monitor follow
up activities,
provide
feedbacks to
EBR
25
Third Party Governance Model
Source:PwC
26
Vendor Selection Process
Conduct a complete
inventory of third-
party activities
ranked by risk
factors.
27
Third Party/Vendor Audit – Entry Point
Contracts: Right to Audit Clause
• Adequate Right to Audit Clause, i.e. Right to audit all cost elements with the
exception of contractor’s profit.
• Companies shall have the right to audit and copy any record, invoice,
document of the Vendor pertaining to the performance of the work.
• Records for all contracts, specifically including but not limited to lump sum
contracts (i.e. fixed price or stipulated sum contracts), unit price, cost plus or time &
material contracts with or without a guaranteed maximum (or not-to exceed
amounts) shall upon reasonable notice be open to inspection and subject to audit,
scanning, and/or reproduction during normal business working hours.
• Clearly defined Commercial Terms
4
Third Party/Vendor Audit – Commercials Objectives:
4
Third Party/Vendor Audit – Compliance Objectives:
4
Part 2.
Background Check –
References, prior performance,
licensing and certification, key
individuals, legal proceedings.
Business Model
Source:PwC
24
Vendor Selection Process:
Proses Nama Core / Inherent Value OF DISCLOS Number Vendor Last Conclusi
Vendor Non Core Risk Contract URE of Performa Audit ons
E=3 15 M = 3 Sensitive Contract nce
C=2 H=2 5-14 = 2 =2 >5 = 3 <50% =3 3=3 11 – 15 =
Nc = 1 L=1 <5 = 1 NS = 1 2-4 = 2 60-80% = 2= 2 P1
1=1 2 1= 1 6-10 = P2
>80 = 1 <=5 = P3
Engineerin PT A 2 3 3 2 3 3 3 P1
g
PT B P2
PT C P3
PT D
Example of Third Party Assurance Model
1 Risk
2 Offsite –
3
Ongoing Onsite
Assessment
Review Assessment
Risk Audit
Profile Result
23
Typical Third Party/Vendor Audit Process:
• Identification criterion
• “Spend Amount” / Contract value
• Nature or type of contract (cost reimbursable, unit rate, lump sum etc.)
• Scope of work (project, operation, maintenance, sustaining capital etc.)
• Management Input
• Planning considerations
• Brainstorm with stake holders (business unit, supply management, project)
• Preparation of charter document (planning document to identify areas to be tested)
• Opening meeting (explain audit process, objective and scope)
• Formal audit notification
• Execution approach
• Document / data collection (back of charges)
• Audit tests execution / Field visit
• Draft audit report preparation (report writing)
• Reporting and follow up
• Formal Audit issuance (distribution to stake holders)
• Management response review
• Recovery of overcharges (cheque, credit invoices, future benefit etc.)
• Audit closure
2.2. Contracts and Agreements:
• Cost Reimbursable (CR)
A written agreement in which the Company agrees to pay the Contractors for All Actual Costs
for the work plus some type of Mark-up to cover profit and Overhead.
39
IIA IPPF Practice Guide: Auditing External Business
Relationships (EBR)
40
IIA IPPF Practice Guide: Business Risks of EBR
41
IIA IPPF Practice Guide: Business Risks of EBR
42
IIA IPPF Practice Guide: Business Risks of EBR
43
IIA IPPF Practice Guide: Business Risks of EBR
44
IIA IPPF Practice Guide: Business Risks of EBR
45
IIA IPPF Practice Guide: Business Risks of EBR
46
IIA IPPF Practice Guide: Business Risks of EBR
47
Supply Chain Risk
Supply Chain Risk
Supply Chain Risk
Typical Audit Issues Identified:
• Labor
• Labor base rates billed higher than actual in payroll
• Hours worked overstated
• Regular Hours billed as Overtime
• Over-recovery of payroll burden costs (Vacation, Pension, Health & Wellness)
• Billing for overhead type personnel
• Material
• Excess mark-up earned for inventory goods
• Mark-Up Billed on Material Purchased from Affiliated Company
• Non-reimbursable small tools and consumables billed as direct cost
• Discounts / Rebates received for material were not appropriately credited
• Material not used for fabrication billed as direct costs
• Excessive material purchased and billed on job resulted in scrap or waste
• Equipment
• Incorrect equipment rates billed
• Daily rates billed for equipment used on weekly basis
• Operator / fuel costs billed for all inclusive equipment
Part 3.
2. Identify all significant cost and asset 6. Consider the cost dynamic
What is the most significant cost. How much is Shifting in key cost components caused by
the usage rate in operations. How much is the inflation cost, aging, market dynamics, etc.
indirect effect on other activities.
1. Identify the whole value chain of Corporate 2. Identify all significant operational cost 3. Categorizing purchase inputs by its size,
and asset cost regularity of purchases, and level of real price
changes, fixed or variable cost, etc
Interrelationships
Timing Location
Economies of
scale Integration Policies Learning Spill
(Partnership) Over
4. Identify the supplier of each items and the
proportion of purchases 5. Diagnose the cost drivers for each cost
Flow Process
Economies of Aging
scale
Anda diberikan data mengenai Konsumsi fuel dimana dari data ini anda diminta mencari root
cause dengan cara
Anda diberikan data mengenai Konsumsi fuel dimana dari data ini anda diminta mencari root
cause dengan cara
Anda ingin menguji apakah umur mesin dan Keterlambatan pergantian fuel filter (karena keterlambatan pengiriman vendor)
mempengaruhi konsumsi bensin pada kendaraan. Anda mengumpulkan data dari 130 kendaraan yang terbagi menjadi tiga kelompok
umur mesin:
"Muda" (0-5 tahun), "Menengah" (6-10 tahun), dan "Tua" (11 tahun ke atas), serta dua kelompok keterlambatan: "tepat waktu" dan
"telat". Anda ingin mengetahui apakah semakin tua umur mesin akan mempengaruhi konsumsi bensin, dan apakah kegiatan
pergantian fuel filter yang telat berperan dalam pengaruh tersebut. Berikut adalah tabel silang yang menggambarkan jumlah
kendaraan dalam setiap kombinasi kategori:
Pengiriman
Umur Mesin
On Time Telat Total
Muda (0-5 Tahun) 40 20 60
Menengah (6-10 Tahun) 20 10 30
Tua (>11 tahun) 10 30 40
70 60 130
1. Hipotesa H0 dan H1
2. Membuat Expected Value dari nilai yang diberikan
3. Menghitung probabilitas
4. Membuat Chi Hitung dari data
5. Menentukan degree freedom dari data
6. Melakukan analsia Chi table untuk membuktikan hipotesa mana yang di tolak
Machine Material
Problem
Method
QUESTIONS?