OPERATIONAL AUDITING

Jesrelle Vhon G. Habana

Auditing

 Auditing is an inspection or examination of the systems and process if it is

compliant to a certain standard or guidelines.
 ISO 19011:2018 defines an audit as a "systematic, independent and
documented process for obtaining audit evidence [records, statements of fact
or other information which are relevant and verifiable] and evaluating it
objectively to determine the extent to which the audit criteria [a set of
policies, procedures or requirements] are fulfilled."
Operations Auditing

 An operational audit refers to the process of evaluating a company's operating

activities.
 Operational audits could be conducted by outside specialists or an internal
audit team.
Importance of Operational Audit

 The aim of an operational audit is ultimately to optimize efficiency. By

auditing the business's internal policies and procedures, the company can
identify trouble spots and operate more effectively. The outcomes gleaned
from the audit are most useful to the management team, who can take these
recommendations on board to streamline future processes.
Importance of Operational Audit

 Maximize efficiency: Gain a greater understanding of how future policies and

procedures can boost effectiveness.
 Understand risks: Businesses run many operational risks, ranging from health
and safety issues to cyber threats. A full operational audit identifies risks like
these, as well as potential problems related to fraud and compliance.
 Finetune internal controls: By examining each step of the operational
process, an audit can dive deeper into the impact of any changes to internal
controls.
Operational Auditing Benefits

 There are many reasons to consider an operational audit. When performed by

an outside party, it provides a business with an objective overview of
company operations. These can yield new insights leading to improved sales,
quicker production processes, and streamlined systems. Identifying risks
ahead of time can future-proof the business against damages.
Operational Audit Process

 A pre-audit meeting lays the foundation for the operational audit process. At
this preliminary stage, the auditor sits down with the management team to
gather relevant information. Collecting background information about the
business helps identify any areas of concern or industry-specific challenges
that need to be addressed. At this preliminary stage, the auditor will also
thoroughly explain the auditing process to the managers.
Operational Audit Process

 The auditor can then conduct interviews with managers in control of

potentially risky areas. Objectives and activities are documented, with risks
highlighted and sent back to managers for confirmation. Using the operational
trouble spots, the auditor can design testing procedures at the control level.
Tests are conducted, with results meticulously documented, to show which
new processes or goals can improve the organization's efficiency.
 Finally, the auditor writes up a comprehensive audit report. Follow-up visits
with management can help to finetune any ongoing issues with new systems
or controls.
Types of Operational Audit

 Process Audit
 Product Audit
 Systems Audit
Process Audit

 This type of audit verifies that processes are working within established
limits. It evaluates an operation or method against predetermined
instructions or standards to measure conformance to these standards and the
effectiveness of the instructions.
 In process audit, the auditor will verify if the actual processes are in
accordance to the guidelines set by the organization/company.
Process Audit

A process audit may:

 Check conformance to defined requirements such as time, accuracy,
temperature, pressure, composition, responsiveness, amperage, and
component mixture.
 Examine the resources (equipment, materials, people) applied to transform
the inputs into outputs, the environment, the methods (procedures,
instructions) followed, and the measures collected to determine process
performance.
 Check the adequacy and effectiveness of the process controls established by
procedures, work instructions, flowcharts, and training and process
specifications.
Product Audit

 This type of audit is an examination of a particular product or service, such as

hardware, processed material, or software, to evaluate whether it conforms
to requirements (i.e., specifications, performance standards, and customer
requirements).
 In this type of audit, the auditor will test a sample of the product if it meets
the standard that is expected from the product (i.e., drop test on cellular
phones, brake tests on cars, weight tests on foods)
System Audit

 An audit conducted on a management system. It can be described as a

documented activity performed to verify, by examination and evaluation of
objective evidence, that applicable elements of the system are appropriate
and effective and have been developed, documented, and implemented in
accordance and in conjunction with specified requirements.
Operational Audit Checklist

 Select and screen auditors

 Define audit plans and scope
 Pull together reference documents
 Identify administrative support
 Research operational procedures
 Collect statistical evidence
Operational Audit Checklist

 Audit evidence from all sources

 Evaluate evidence
 Compile audit findings
 Share audit conclusions
 Give actionable advice
 Follow up with questions and concerns
First-party Audit

 A first-party audit is performed within an organization to measure its

strengths and weaknesses against its own procedures or methods and/or
against external standards adopted by (voluntary) or imposed on (mandatory)
the organization. A first-party audit is an internal audit conducted by auditors
who are employed by the organization being audited but who have no vested
interest in the audit results of the area being audited.
Second-party Audit

 A second-party audit is an external audit performed on a supplier by a

customer or by a contracted organization on behalf of a customer. A contract
is in place, and the goods or services are being, or will be, delivered. Second-
party audits are subject to the rules of contract law, as they are providing
contractual direction from the customer to the supplier. Second-party audits
tend to be more formal than first-party audits because audit results could
influence the customer’s purchasing decisions.
Third-party Audit

 A third-party audit is performed by an audit organization independent of the

customer-supplier relationship and is free of any conflict of interest.
Independence of the audit organization is a key component of a third-party
audit. Third-party audits may result in certification, registration, recognition,
an award, license approval, a citation, a fine, or a penalty issued by the
third-party organization or an interested party.
Four Phases of an Audit Cycle

 Audit Planning and Preparation

 Audit Execution
 Audit Reporting
 Audit Follow up and Closure
Four Phases of an Audit Cycle
Audit Planning and Preparation

 Audit preparation consists of planning everything that is done in advance by

interested parties, such as the auditor, the lead auditor, the client, and the
audit program manager, to ensure that the audit complies with the client’s
objective. This stage of an audit begins with the decision to conduct the audit
and ends when the audit itself begins.
Audit Execution

 The execution phase of an audit is often called the fieldwork. It is the data-
gathering portion of the audit and covers the time period from arrival at the
audit location up to the exit meeting. It consists of multiple activities
including on-site audit management, meeting with the auditee, understanding
the process and system controls and verifying that these controls work,
communicating among team members, and communicating with the auditee.
Audit Reporting

 The purpose of the audit report is to communicate the results of the

investigation. The report should provide correct and clear data that will be
effective as a management aid in addressing important organizational issues.
The audit process may end when the report is issued by the lead auditor or
after follow-up actions are completed.
Audit Follow up and Closure

 According to ISO 19011, clause 6.6, "The audit is completed when all the
planned audit activities have been carried out, or otherwise agreed with the
audit client." Clause 6.7 of ISO 19011 continues by stating that verification of
follow-up actions may be part of a subsequent audit.
Corrective Action and Preventive Action

 Corrective action is action taken to eliminate the causes of an existing

nonconformity, defect, or other undesirable situation in order to prevent
recurrence (reactive). Corrective action is about eliminating the causes of
problems and not just following a series of problem-solving steps.
 Preventive action is action taken to eliminate the causes of a potential
nonconformity, defect, or other undesirable situation in order to prevent
occurrence (proactive).
ISO (International Organization for
Standardization)
 The International Organization for Standardization is an international
standard-setting body composed of representatives from various national
standards organizations.
 ISO is an independent, non-governmental international organization with a
membership of 165 national standards bodies.
 Through its members, it brings together experts to share knowledge and
develop voluntary, consensus-based, market relevant International Standards
that support innovation and provide solutions to global challenges.
What is a Standard?

 Standards are the distilled wisdom of people with expertise in their subject
matter and who know the needs of the organizations they represent – people
such as manufacturers, sellers, buyers, customers, trade associations, users or
regulators.
What is a Standard?

For instance,
 Quality management standards to help work more efficiently and reduce
product failures.
 Environmental management standards to help reduce environmental impacts,
reduce waste and be more sustainable.
 Health and safety standards to help reduce accidents in the workplace.
 Energy management standards to help cut energy consumption.
 Food safety standards to help prevent food from being contaminated.
 IT security standards to help keep sensitive information secure.
4 Essential Steps to ISO Certification

 Develop a Management System

 Implement the System
 Verify if the System is Effective
 Register the System
Operational Auditing Challenges

 One factor to consider before ordering an operational audit is that it does

cost both time and money. When managers and employees are engaged with
the audit, they will be pulled away from their usual activities. For complex
organizations, an operational audit can be relatively time-consuming because
each step of the process must be analyzed.
 Business owners should also be aware that operational audits can turn up
unexpected problems that take time to repair. This might involve a complete
overhaul of existing systems, requiring new training for employees. In the
long run, these disruptions can be worth the trouble, should the operational
audit lead to a more efficient method of doing business.
Sources

 ISO
 ASQ
 Gocardless.com
 BDC
END

Thank You!