Scribd
Upload
31 views43 pages

WEEK 1 - 3 v2

Operational auditing is a systematic evaluation of management and organizational activities aimed at benefiting stakeholders by identifying anomalies and ensuring responsible resource handling. The process involves planning, risk management, evidence gathering, and reporting, with a focus on effective communication and documentation. Key components include understanding risks, gathering reliable information, and producing a detailed audit plan to assess compliance and operational efficiency.

Uploaded by

ishelbaldosa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views43 pages

WEEK 1 - 3 v2

Operational auditing is a systematic evaluation of management and organizational activities aimed at benefiting stakeholders by identifying anomalies and ensuring responsible resource handling. The process involves planning, risk management, evidence gathering, and reporting, with a focus on effective communication and documentation. Key components include understanding risks, gathering reliable information, and producing a detailed audit plan to assess compliance and operational efficiency.

Uploaded by

ishelbaldosa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 43

Operational Auditing

Operational auditing is a future-oriented, independent, systematic, and


business-focused evaluation of management, and the organization’s
activities controlled by management and third parties.
This is done to benefit the organization’s stakeholders who trust
internal auditors to identify anomalies, verify that resources are
handled responsibly, and that the organization is structured and
operating in ways that it is likely to succeed.
Examples:
• Risk of Delays
• Waste
• Inefficiency
• Poor Customer Service
• Excessive Customer and Employee Turnover
• Poor Quality Data
• System Failures
Poor Management:
Future-oriented Threats and Vulnerabilities:
General Competencies of Internal Auditors:
PLANNING:
It is to establish a risk-based plan to determine the priorities of the
internal audit activity, consistent with the organization’s goals.

What is Risk Management?


The internal audit activity must evaluate the effectiveness and
contribute to the improvement of risk management processes.
Planning considerations in planning the engagement, internal
auditors must consider:

1. The objectives of the activity being reviewed and the means


by which the activity controls its performance.
2. The significant risks to the activity, its objectives, resources,
and operations and the means by which the potential impact of risk
is kept to an acceptable level.
Identifying Information
Internal Auditors must identify sufficient, reliable, relevant and useful
information to achieve the engagement’s objectives.

Sufficiency: This means that the auditor needs enough information,


including quantifiable facts and figures.
Reliability: Meaning that the information must be trustworthy and free from
distortion.
Relevance: This relates to the information being consistent with the
objectives and scope of the review.
Usefulness: This relates to the information helping the organization
accomplish its objectives.
Documenting Information
Internal auditors must make sure that in all aspects of their work, they
base their conclusions and support their communications with facts.
Internal auditors must document relevant information to support the
conclusions and engagement results.
Quality of Communications
Our product is the audit report, hence, communications must be
accurate, objective, clear, concise, constructive, complete, and timely.
PLANNING
The planning phase includes scoping, budgeting, defining the
population of interest, how testing will be performed, and announcing
the audit.
Poor planning leads to inefficient auditing practices as testing activities
that can be combined or strategized, are instead done one at a time;
selecting and reviewing transactions together is instead done as
multiple steps, and rework is common as procedures are poorly
initiated only to be rearranged and additional information examined
later.
AUDIT PLAN
An audit plan is a detailed strategy or blueprint that outlines how an
audit will be conducted. It helps auditors systematically assess a
company’s financial statements, operations, and compliance with
regulations.
Audit Procedures
FIELDWORK
This phase is when most of the testing is performed, and it includes
interviewing, documenting, applying testing methodologies, managing
fieldwork, and providing status updates. It consists primarily of two
things:
1. Determining if the process or program under review is designed
effectively so that the related goals and objectives are likely to be
achieved, and
2. Verify that the controls in place are performing as designed by
management
Types of Audit Evidence
• Testimonial
• Observation
• Document Inspection
• Recalculation/Reperformance
Testimonial
Testimonial evidence consists of verbal or written statements or assertions
given by someone as proof regarding the matter being discussed. In an
internal audit, the people being audited might be asked to share their
thoughts or describe how they do certain tasks.

Testimony is what the individual states about his or her own personal
knowledge about something. While, hearsay, is testimony based on what was
heard about that topic, in other words, heard said by someone else.

Interviews are a very common form of evidence gathering and it often involves
an auditor speaking with one or more individuals about matters related to the
engagement.
Observation
It means the auditor watches how a process or activity is carried out to
gather information. Instead of just asking someone how they do
something or reading documents, the auditor directly observes the
actions to see if they follow the correct procedures.
Inspection
It means the auditor looks at physical items or documents to check if
they are correct and in order. This could involve reviewing things like
invoices, contracts, or inventory records, or even examining physical
assets like equipment or products.
Recalculation/Reperformance
• Recalculation: The auditor checks the calculations in financial records
or reports. For example, they might add up totals on a financial
statement or recalculate interest on a loan to make sure the numbers
are accurate.
• Reperformance: The auditor repeats a procedure or test to see if the
results are the same. For example, if a company says they have a
process for approving invoices, the auditor might re-do the approval
process to make sure it's followed correctly.
Attributes of Persuasive Audit Evidence
Attributes of Persuasive Audit Evidence
Flowcharts
A flowchart is a diagram of the sequence of movements or actions of people
or things involved in a process or activity. They illustrate a business process
and virtually any process can be drawn in the form of a flowchart. Since the
shapes are simple and visual, they are easy to understand.
Some of the key steps to follow when drawing a flowchart:
• Identify the steps through consensus
• Walk the process and arrange chronologically
• Draw using appropriate symbols
• Test for completeness (e.g. symbols, dead ends, arrows,
direction, etc)
• Look for problem areas as a team
• Get sign-off that the flowchart reflects the process
WORKPAPERS
Workpapers are documents created by auditors to record the work
done. They are a collection of evidentiary material showing the
planning done, the fieldwork activities performed, and the support for
all information mentioned in the audit report or other communication
of results.
Condition of Workpapers
Characteristics of High Quality Workpapers
REPORTING
The third phase of the audit is the communication of results, often
referred to as reporting. It consist of communicating findings,
observations, and best practices noted during the review, and
developing recommendations for corrective actions.
Audit Evidence
Audit evidence is the foundation of an auditor's work and plays a
crucial role in forming conclusions and opinions regarding a company's
financial statements, operations, and internal controls. Essentially,
audit evidence is the information that auditors gather to evaluate
whether a company's financial records are accurate and whether
internal controls are functioning effectively.
TYPES OF EVIDENCE:
The accuracy and reliability of audit evidence vary based on how it is
obtained. Audit evidence can be gathered in several forms:
• Physical evidence: Physical inspection of assets, such as inventory counts
or examining fixed assets.
• Documentary evidence: Reviewing documents such as invoices, contracts,
or accounting records.
• Testimonial evidence: Interviews with company staff or management to
understand practices and procedures.
• Analytical evidence: Comparing financial ratios or performance metrics to
industry standards or historical trends.
• External confirmations: Getting confirmation from third parties (e.g., bank
statements, customer balances, or supplier contracts).
Attributes of Effective Audit Findings
OPERATIONAL RISK TYPES
OPERATIONAL RISK TYPES
ORGANIZATIONAL HAZARDS

You might also like