Studied by 0 people
Looks like no one added any tags here yet for you.
Operational Auditing
a future oriented, systematic, and independent evaluation of organizational activities. Financial data may be used, but the primary sources of evidence are the operational policies and achievements related to organizational objectives.
Operations management
Human resources
IT
Marketing
CSR
Environmental Health and Safety
Over time, business leaders and managers witnessed business failures caused by poor management decisions and practices. By poor management, I am referring to inadequate:
Employees
Suppliers
Customers
Creditors
Investors
Primary Stakeholders of the company includes the following:
Operational
Technological
Strategic
Environmental
What are the future-oriented threats and vulnerabilities that can occur in the company
Financial audit
Management audit
Operations Audit
3 Types of Internal Audit
External audit
Internal audit
Compliance audit
3 Types of Auditing
Communication skills
Problem-solving and solution skills
Ability to promote the value of internal audit
Knowledge skills
Organization skills
Behavioral skills
Conflict resolution/negotiation skills
Staff training and development
Accounting skills
Change management skills
IT/CT skills
Cultural fluency and foreign language skills
Skills Required for Effective Operational Audit
True
True or False: Defining the objectives of any engagement is essential as an initial step to put it on the right footing for success.
New rules
Rules can be established internally (e.g., policies and procedures) or externally (e.g., new or updated laws and regulations), or a combination (e.g., a contract signed by the organization and one or more external parties).
Poor performance
Inefficiencies, waste, rework, or complaints from customers and vendors may trigger management involvement, resulting in their request to have the matter reviewed by internal audit.
Compliance issues
These can be the result of internal quality control initiatives that identify anomalies. In the case of regulators and inspector reviews that identify instances of noncompliance at other organizations, the internal audit department may investigate conditions at their organization to determine if a similar problem exists at home, help to monitor the situation, and verify that follow through on corrective actions take place in anticipation of future additional compliance reviews by external parties, such as regulators.
Anomalous revenues or expenses
While increases in sales is always welcome news, if these figures appear dubious, internal audit may review the related transactions to verify they are all legitimate, they have been recorded in the correct amount, and posted during the correct period. Similarly, unusually high or low, or otherwise questionable expenses, are likely to result in the request for a thorough review.
Planning
Fieldwork
Reporting
Follow-up
4 Phases of the Operational Audit
Planning
The ________ phase includes scoping, budgeting, defining the population of interest, how testing will be performed, and announcing the audit. Planning is arguably the most important part of an audit.
True
True or False: Risk factors play an important role during planning, and in particular, during risk assessments.
Verify
Trace
Vouch
Reconcile
Foot
Cross-foot
Observe/tour
7 Audit Procedures
Verify
Confirm, prove, or corroborate that a fact is true.
Trace
This involves tracing a transaction from the source (e.g., a cash receipt, file creation) to its destination, which could be a financial, operational, or regulatory report.
Vouch
This involves the “reverse-trace” of a transaction from the destination (e.g., financial, operational, or regulatory report) to its source (e.g., sales order, purchase, and time sheet)
Reconcile
Tie information from two separate sources to verify the accuracy or expected discrepancies.
Foot
Add the items in a column.
Cross-foot
Add the items in a row.
Observe/tour
For an area of interest, observe and note physical conditions (e.g., fencing, temperature, cleanliness, and demarcation).
Fieldwork
This phase is when most of the testing is performed, and it includes interviewing, documenting, applying testing methodologies, managing _____, and providing status updates.
Testimonial
Observation
Document Inspection
Recalculation/Reperformance
Professional Skepticism
Workpapers
Flowcharts
Internal Control Questionnaire
Electronic Workpapers
Types of Audit Evidences
Testimonial
_____ evidence consists of verbal or written statements or assertions given by someone as proof regarding the matter being discussed.
the steps performed while processing a loan application
how the employee pays incoming invoices
the procedures to record the purchase of inventory in the accounting system
the steps followed when notified that an employee has been hired and access needs to be granted to the computer systems
Examples of Testimonial include
Observation
Auditors typically observe conditions and dynamics related to the subject of the review
Documents inspection
This is one of the most common procedures performed by auditors who examine documents to verify the date and amount of transactions, agreements made between various parties, evidence of authorizations and record of decisions made, among others.
Recalculation/Reperformance
Mathematical recalculation is a form of audit evidence and it consists of checking the accuracy of documents or records.
Recalculation of depreciation expense
Recalculation of overtime hours
Recalculation of billing amount
3 Reasons to Perform Recalculation
Recalculation of Depreciation expense
Verify that the assets were classified correctly, and the appropriate depreciation schedule applied.
Recalculation of Overtime hours
Verify that employees received the correct payment based on prevailing base and overtime pay rules.
Recalculation of Billing amount
Confirm the accuracy of the price tables for items sold. In cases where the invoicing is done manually, it is even more important due to the increased possibility of human error
Professional Skepticism
Although internal auditors are encouraged to use a conversational and participative approach when conducting their reviews, they must also remember that they are tasked with verifying the integrity of the information gathered and make sure their conclusions are sound.
Workpapers
_____ are documents created by auditors to record the work done. They are a collection of evidentiary material showing the planning done, the fieldwork activities performed, and the support for all information mentioned in the audit report or other communication of results.
True
True or False: Workpapers should be neat, easy to read, easy to review, and their appearance should be uniform.
Flowchart
A _____ is a diagram of the sequence of movements or actions of people or things involved in a process or activity.
Internal Control Questionnaire (ICQ)
An ____________________helps to evaluate internal controls in specific areas by asking key questions.
Electronic Workpaper
These were large, lined papers to document rows and columns of accounting transactions and with tick marks, note that testing procedures were performed to verify among other things, the accuracy, completeness, and timeliness of entries.
Reporting
_____ consists of communicating findings, observations, and best practices noted during the review, and developing recommendations for corrective action.
Reporting
The third phase of the audit is the communication of results, often referred to as _____.
False
True or False: The reporting phase includes scoping, budgeting, defining the population of interest, how testing will be performed, and announcing the audit. Reporting is arguably the most important part of an audit.
Follow-up
After findings are reported, it is incumbent on both management and auditors to verify that the corrective actions are in fact applied and the problems fixed as expected.
Risk assessment
A ______________ is the process of identifying, measuring, and analyzing risks relevant to a program or process.
Capacity risk
Strategic risk
Compliance risk
Natural environment risk
Political risk
Types of Operational Risk
Capacity risk
Inability to produce as many units as required
Capacity risk
Process generating excessive amounts of waste
Strategic risk
Failing to maintain beneficial relationships with customers' is a
Strategic risk
Knowledge drain due to employee turnover
Compliance risk
Failure to meet internal standard operating procedure (SOP) requirements
Compliance risk
Failure to meet combined requirements (e.g., contracts)
Natural environment risk
Energy supply disruption
Political risk
Changes in legislation or regulation due to government changes
Political risk
Social unrest triggered by changes in government
Negligible
If there is a risk of fire and the potential impact will be very little damage or harm. The rate of the impact is
Marginal
The event is less likely to cause any significant harm to staff or others and could be managed.
Critical
Significant number of casualties, some requiring hospitalization and medical treatment.
Critical
Event may cause some very short disruptions to operations.
Severe
Significant damage requiring external resources to support local responders.
Catastrophic
Extensive damage to properties and infrastructure in the affected area requiring major demolition.
Negligible
Marginal
Critical
Severe
Catastrophic
Expanded Impact Ratings
Unlikely
Remote
Possible
Very likely
Certain or imminent
Expanded Likelihood Ratings
Unlikely
The organization has very little exposure to the threat, the likelihood rating is
Remote
The event is considered to have a reasonable probability of occurring and affecting the organization under prevailing.
Possible
The event is considered to have a fairly high probability of occurring and affecting the organization under prevailing conditions.
Very likely
The event is considered to have a very high probability of occurring and affecting the organization under prevailing conditions.
Certain or imminent
The event is considered to be imminent and expected to occur, the likelihood rating is
Risk matrix
a widely used and highly effective tool to record and analyze the objectives, risks, and controls in the program or process that is being audited as defined in the scope definition.
Natural
Human
Mechanical
Technological
Logistics
5 Organizational Hazards
Natural hazard
Floods, earthquakes, hurricanes, temperature, pandemic, and contamination
Human hazard
Unintentional: poorly operated equipment, unsafe work procedures, fatigue, lack of training, and distractions
Intentional: workplace violence, strikes, arson, and fraud
Mechanical hazard
Poorly placed or installed equipment, outdated equipment, structural failure and mechanical breakdown, and hazardous materials
Technological hazard
Loss of connectivity and corrupted data
Logistics hazard
Supplier disruption and transportation interruption
Effectiveness
Efficiency
Economy
Ecology
Excellence
Equity
Ethics
7 Es of Success
Effectiveness
_________ is the process of evaluating the degree to which the organization, program, or process is achieving its goals and objectives.
Effectiveness
We must establish ambitious goals, and achieve them.
Efficiency
We must minimize the use of resources.
Economy
The main criteria to assess this was the price of goods and services used by the organization.
Economy
We must only acquire what we need and do so at the optimal value point.
Excellence
Measuring quality is essential to determine if it is being achieved and always remember that people do what is measured, repeat what is rewarded, and stop doing what is punished.
Excellence
We must do everything with high quality.
Ethics
It is a critical subject for internal auditors because an individual's viewpoint regarding what is right and wrong will drive most aspects of decision-making and corporate behavior, including that related to the performance of control activities and treatment of others.
Equity
often thought of in terms of fairness, reciprocity, and impartiality.
Ecology
We must preserve the environment for ourselves and future generations.
Ethics
We must always act with integrity.
Note 
Flashcard (49)