Operations Auditing: Definition, Characteristics, and Guidance, Objectives and Phases of Operational Audits, Risk Assessments, The 7 Es.

Operational Auditing

a future oriented, systematic, and independent evaluation of organizational activities. Financial data may be used, but the primary sources of evidence are the operational policies and achievements related to organizational objectives.

Operations management

Human resources

IT

Marketing

CSR

Environmental Health and Safety

Over time, business leaders and managers witnessed business failures caused by poor management decisions and practices. By poor management, I am referring to inadequate:

Employees

Suppliers

Customers

Creditors

Investors

Primary Stakeholders of the company includes the following:

Operational

Technological

Strategic

Environmental

What are the future-oriented threats and vulnerabilities that can occur in the company

Financial audit

Management audit

Operations Audit

3 Types of Internal Audit

External audit

Internal audit

Compliance audit

3 Types of Auditing

Communication skills

Problem-solving and solution skills

Ability to promote the value of internal audit

Knowledge skills

Organization skills

Behavioral skills

Conflict resolution/negotiation skills

Staff training and development

Accounting skills

Change management skills

IT/CT skills

Cultural fluency and foreign language skills

Skills Required for Effective Operational Audit

True

True or False: Defining the objectives of any engagement is essential as an initial step to put it on the right footing for success.

New rules

Rules can be established internally (e.g., policies and procedures) or externally (e.g., new or updated laws and regulations), or a combination (e.g., a contract signed by the organization and one or more external parties).

Poor performance

Inefficiencies, waste, rework, or complaints from customers and vendors may trigger management involvement, resulting in their request to have the matter reviewed by internal audit.

Compliance issues

These can be the result of internal quality control initiatives that identify anomalies. In the case of regulators and inspector reviews that identify instances of noncompliance at other organizations, the internal audit department may investigate conditions at their organization to determine if a similar problem exists at home, help to monitor the situation, and verify that follow through on corrective actions take place in anticipation of future additional compliance reviews by external parties, such as regulators.

Anomalous revenues or expenses

While increases in sales is always welcome news, if these figures appear dubious, internal audit may review the related transactions to verify they are all legitimate, they have been recorded in the correct amount, and posted during the correct period. Similarly, unusually high or low, or otherwise questionable expenses, are likely to result in the request for a thorough review.

Planning

Fieldwork

Reporting

Follow-up

4 Phases of the Operational Audit

Planning

The ________ phase includes scoping, budgeting, defining the population of interest, how testing will be performed, and announcing the audit. Planning is arguably the most important part of an audit.

True

True or False: Risk factors play an important role during planning, and in particular, during risk assessments.

Verify

Trace

Vouch

Reconcile

Foot

Cross-foot

Observe/tour

7 Audit Procedures

Verify

Confirm, prove, or corroborate that a fact is true.

Trace

This involves tracing a transaction from the source (e.g., a cash receipt, file creation) to its destination, which could be a financial, operational, or regulatory report.

Vouch

This involves the “reverse-trace” of a transaction from the destination (e.g., financial, operational, or regulatory report) to its source (e.g., sales order, purchase, and time sheet)

Reconcile

Tie information from two separate sources to verify the accuracy or expected discrepancies.

Foot

Add the items in a column.

Cross-foot

Add the items in a row.

Observe/tour

For an area of interest, observe and note physical conditions (e.g., fencing, temperature, cleanliness, and demarcation).

Fieldwork

This phase is when most of the testing is performed, and it includes interviewing, documenting, applying testing methodologies, managing _____, and providing status updates.

Testimonial

Observation

Document Inspection

Recalculation/Reperformance

Professional Skepticism

Workpapers

Flowcharts

Internal Control Questionnaire

Electronic Workpapers

Types of Audit Evidences

Testimonial

_____ evidence consists of verbal or written statements or assertions given by someone as proof regarding the matter being discussed.

the steps performed while processing a loan application

how the employee pays incoming invoices

the procedures to record the purchase of inventory in the accounting system

the steps followed when notified that an employee has been hired and access needs to be granted to the computer systems

Examples of Testimonial include

Observation

Auditors typically observe conditions and dynamics related to the subject of the review

Documents inspection

This is one of the most common procedures performed by auditors who examine documents to verify the date and amount of transactions, agreements made between various parties, evidence of authorizations and record of decisions made, among others.

Recalculation/Reperformance

Mathematical recalculation is a form of audit evidence and it consists of checking the accuracy of documents or records.

Recalculation of depreciation expense

Recalculation of overtime hours

Recalculation of billing amount

3 Reasons to Perform Recalculation

Recalculation of Depreciation expense

Verify that the assets were classified correctly, and the appropriate depreciation schedule applied.

Recalculation of Overtime hours

Verify that employees received the correct payment based on prevailing base and overtime pay rules.

Recalculation of Billing amount

Confirm the accuracy of the price tables for items sold. In cases where the invoicing is done manually, it is even more important due to the increased possibility of human error

Professional Skepticism

Although internal auditors are encouraged to use a conversational and participative approach when conducting their reviews, they must also remember that they are tasked with verifying the integrity of the information gathered and make sure their conclusions are sound.

Workpapers

_____ are documents created by auditors to record the work done. They are a collection of evidentiary material showing the planning done, the fieldwork activities performed, and the support for all information mentioned in the audit report or other communication of results.

True

True or False: Workpapers should be neat, easy to read, easy to review, and their appearance should be uniform.

Flowchart

A _____ is a diagram of the sequence of movements or actions of people or things involved in a process or activity.

Internal Control Questionnaire (ICQ)

An ____________________helps to evaluate internal controls in specific areas by asking key questions.

Electronic Workpaper

These were large, lined papers to document rows and columns of accounting transactions and with tick marks, note that testing procedures were performed to verify among other things, the accuracy, completeness, and timeliness of entries.

Reporting

_____ consists of communicating findings, observations, and best practices noted during the review, and developing recommendations for corrective action.

Reporting

The third phase of the audit is the communication of results, often referred to as _____.

False

True or False: The reporting phase includes scoping, budgeting, defining the population of interest, how testing will be performed, and announcing the audit. Reporting is arguably the most important part of an audit.

Follow-up

After findings are reported, it is incumbent on both management and auditors to verify that the corrective actions are in fact applied and the problems fixed as expected.

Risk assessment

A ______________ is the process of identifying, measuring, and analyzing risks relevant to a program or process.

Capacity risk

Strategic risk

Compliance risk

Natural environment risk

Political risk

Types of Operational Risk

Capacity risk

Inability to produce as many units as required

Capacity risk

Process generating excessive amounts of waste

Strategic risk

Failing to maintain beneficial relationships with customers' is a

Strategic risk

Knowledge drain due to employee turnover

Compliance risk

Failure to meet internal standard operating procedure (SOP) requirements

Compliance risk

Failure to meet combined requirements (e.g., contracts)

Natural environment risk

Energy supply disruption

Political risk

Changes in legislation or regulation due to government changes

Political risk

Social unrest triggered by changes in government

Negligible

If there is a risk of fire and the potential impact will be very little damage or harm. The rate of the impact is

Marginal

The event is less likely to cause any significant harm to staff or others and could be managed.

Critical

Significant number of casualties, some requiring hospitalization and medical treatment.

Critical

Event may cause some very short disruptions to operations.

Severe

Significant damage requiring external resources to support local responders.

Catastrophic

Extensive damage to properties and infrastructure in the affected area requiring major demolition.

Negligible

Marginal

Critical

Severe

Catastrophic

Expanded Impact Ratings

Unlikely

Remote

Possible

Very likely

Certain or imminent

Expanded Likelihood Ratings

Unlikely

The organization has very little exposure to the threat, the likelihood rating is

Remote

The event is considered to have a reasonable probability of occurring and affecting the organization under prevailing.

Possible

The event is considered to have a fairly high probability of occurring and affecting the organization under prevailing conditions.

Very likely

The event is considered to have a very high probability of occurring and affecting the organization under prevailing conditions.

Certain or imminent

The event is considered to be imminent and expected to occur, the likelihood rating is

Risk matrix

a widely used and highly effective tool to record and analyze the objectives, risks, and controls in the program or process that is being audited as defined in the scope definition.

Natural

Human

Mechanical

Technological

Logistics

5 Organizational Hazards

Natural hazard

Floods, earthquakes, hurricanes, temperature, pandemic, and contamination

Human hazard

Unintentional: poorly operated equipment, unsafe work procedures, fatigue, lack of training, and distractions

Intentional: workplace violence, strikes, arson, and fraud

Mechanical hazard

Poorly placed or installed equipment, outdated equipment, structural failure and mechanical breakdown, and hazardous materials

Technological hazard

Loss of connectivity and corrupted data

Logistics hazard

Supplier disruption and transportation interruption

Effectiveness

Efficiency

Economy

Ecology

Excellence

Equity

Ethics

7 Es of Success

Effectiveness

_________ is the process of evaluating the degree to which the organization, program, or process is achieving its goals and objectives.

Effectiveness

We must establish ambitious goals, and achieve them.

Efficiency

We must minimize the use of resources.

Economy

The main criteria to assess this was the price of goods and services used by the organization.

Economy

We must only acquire what we need and do so at the optimal value point.

Excellence

Measuring quality is essential to determine if it is being achieved and always remember that people do what is measured, repeat what is rewarded, and stop doing what is punished.

Excellence

We must do everything with high quality.

Ethics

It is a critical subject for internal auditors because an individual's viewpoint regarding what is right and wrong will drive most aspects of decision-making and corporate behavior, including that related to the performance of control activities and treatment of others.

Equity

often thought of in terms of fairness, reciprocity, and impartiality.

Ecology

We must preserve the environment for ourselves and future generations.

Ethics

We must always act with integrity.