Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operational Auditing--Spring 2011 1 Operational Auditing Spring 2011 Professor Bill O’Brien.

Similar presentations

Presentation on theme: "Operational Auditing--Spring 2011 1 Operational Auditing Spring 2011 Professor Bill O’Brien."— Presentation transcript:

1 Operational Auditing--Spring 2011 1 Operational Auditing Spring 2011 Professor Bill O’Brien

2 Operational Auditing--Spring 2011 2-2 Managing the Internal Audit Activity n Effective management n Establish a risk-based plan n Communicate the plan n Ensure adequate resources n Coordinate services n Report on a regular basis n Monitor implementation of recommendations

3 Operational Auditing--Spring 2011 2-3 Reporting Structure n Solid to Audit Committee n Dotted line to functional and committed executive

4 Operational Auditing--Spring 2011 2-4 Planning Activities n Operating plan and financial plan (budget) n Establish goals and objectives n Determine overall resources

5 Operational Auditing--Spring 2011 2-5 Resource Management n Staffing approaches n Flat versus hierarchical n Futures’ files n Commitment to training n Pathways for career development n Co-sourcing and outsourcing

6 Operational Auditing--Spring 2011 2-6 Working with External Auditors n Coordinated coverage n Cross access to workpapers n Exchange of reports n Expansion of expertise n Facilitation of relationship w/senior mgt.

7 Operational Auditing--Spring 2011 2-7 Dealing with the External Auditors n Different objectives n Different accountability n Different qualifications n Different activities

8 Operational Auditing--Spring 2011 2-8 Cooperation n Economy n Efficiency n Effectiveness n Advantages for the external auditor n Increases external auditor client insight n Improves client relations n Rotates emphasis n Advantages for the internal auditor n Improves training n Source of additional work n Increases professional knowledge n Independent appraisal source n Compliance with SAS 65 and SAS 99

9 Operational Auditing--Spring 2011 2-9 Hints for Starting or Taking Over a Dept. n Report to the Audit Committee or the highest level possible n Avoids conflict of interest n Have an administrative manager as well n Establish an agreed upon review approach n For example, operations v. compliance n Prepare a set of achievable objectives n Commit to IIA standards n Establish a team approach with BPOs n Invest in continuing education

10 Operational Auditing--Spring 2011 2-10 Corporate Governance n Strategic direction n Governance oversight n Enterprise risk management n Assurance that processes are working

11 Operational Auditing--Spring 2011 2-11 Ops. Audit & Governance n Process of overseeing the achievement of objectives n Some elements of good governance n Assessing the control environment n Serving as an ethics advocate

12 Operational Auditing--Spring 2011 2-12 Control Objectives n Staying under control as evidenced by n Safeguarding of assets n Compliance with laws and regulations n Organizational goal & obj. achievement n Reliability & integrity of information n Economical & efficient use of assets n Expansion of material on 9-19 —20

13 Operational Auditing--Spring 2011 2-13 Control Environment n Integrity and ethical values n Management philosophy and operating style n Organizational structure n Assignment of authority and responsibility n H/R policies and practices n Sustained competency of personnel

14 Operational Auditing--Spring 2011 2-14 Other Management Issues n Performance metrics n Control self assessment n We will cover these in the next class

15 Operational Auditing--Spring 2011 2-15 COSO n Committee of Sponsoring Organizations n AICPA, IIA, IMA, FEI, AAA n Treadway Commission n 1992 I/C; 2004 ERM n Control Objectives n Compliance with laws and regulations n Reliability of financial reporting n Effectiveness & efficiency of operations

16 Operational Auditing--Spring 2011 2-16 Frameworks n Internal control n IC-Integrated Framework (COSO) n Guidance on Controls (CoCo) n Internal Control Guidance (Turnbull) n Enterprise risk management n Australian/New Zealand Std. Risk Mgt. n ERM-Integrated Framework (COSO)

17 Operational Auditing--Spring 2011 2-17 Integrating COSO-ERM with COSO-I/C The COSO-ERM Model incorporates rather than replaces the COSO-I/C Model. -Control Environment -Risk Assessment Processes -Operational Control Activities -Information Flow Systems -Monitoring Activities COSO APPROACH TO CONTROL ACHIEVEMENT -Internal Environment -Objective Setting -Event Identification -Risk Assessment -Risk Response -Control Activities -Information & Communication -Monitoring COSO-ERM COMPONENTS

18 Operational Auditing--Spring 2011 2-18 Components of I/C n Control environment n Risk assessment n Control activities n Information and communication n Monitoring

19 Operational Auditing--Spring 2011 2-19 Threats to Control n Management override n Open access to assets n Form over substance approach n Conflict of interest

20 Operational Auditing--Spring 2011 2-20 Balancing Risk and Control n Too much risk n Loss of assets n Poor decision making n Potential non-compliance n Potential for fraud n Too much control n Increased bureaucracy n Excess costs n Excess cycle-time n Increase in non-value added effort

21 Operational Auditing--Spring 2011 2-21 Control Activities n Segregation of duties n Performance reviews n Approvals n IT access n Documentation n Physical access n IT applications n Independent verifications & reconciliations

22 Operational Auditing--Spring 2011 2-22 IIA and Control n IIA control objectives: S-C-O-R-E n Safeguarding of assets n Compliance with laws and regulations n Objective and goal achievement n Reliability & integrity of information n Economical & efficient use of assets

23 Operational Auditing--Spring 2011 2-23 Risk Management n Strategy formulation n Range of activities n Risk = barriers to objective achievement

24 Operational Auditing--Spring 2011 2-24 COSO and ERM n COSO 2 cube n ERM defined: n “A process, effected by an entity’s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives”

25 Operational Auditing--Spring 2011 2-25 Remember this Key Point BOTH n Risk is BOTH positive and negative

26 Operational Auditing--Spring 2011 2-26 COSO ERM Objectives: S-C-O-R n S n S trategic n C n C ompliance n O n O perations n R n R eporting

27 Operational Auditing--Spring 2011 2-27 COSO-ERM Components n Internal Environment n Objective Setting n Event Identification n Risk Assessment n Risk Response n Control Activities n Information and Communication n Monitoring

28 Operational Auditing--Spring 2011 2-28 ERM and Ops. Audit n Provide assurance on risk mgt. n Provide assurance of risk evaluation n Evaluate risk mgt. processes n Evaluate risk reporting n Review the mgt. of key risks. n See Exhibit 4-4

29 Operational Auditing--Spring 2011 2-29 IIA ERM Advisory n Audit plan should be based on risk assessment n Audit plan may include the strategic planning process n Audit plan should be updated for significant changes n Audit plan should be prioritized based on risk likelihood and exposure n Audit reporting should convey risk related conclusions

30 Operational Auditing--Spring 2011 2-30 O’Brien’s Suggestions conceptual n Finance should be involved in active conceptual support. driver n Finance should be an implementation driver. assessment n Finance should provide on-going assessment of the process. insight n Finance should add insight to ERM and vice-versa. coordinator n Finance should assume the role of process coordinator.

31 Operational Auditing--Spring 2011 2-31 Where Do We Go from Here? n Increased demand n Increased respect n Increased contribution n Increased advancement opportunities… n IT’S A GREAT TIME TO BE FOCUSED ON OPERATIONAL AUDIT OPPORTUNITIES!!!

32 Operational Auditing--Spring 2011 2-32 Systematic Approach n Planning: n Selecting the BPO n Pre-site planning n Evaluating: n Conducting the preliminary survey n Review internal controls n Expanding tests as necessary n Generating findings n Communicating: n Reporting the results n Conducting follow-up n Assessing the process n Note Exh. 2-6 and Exh. 13-4

Download ppt "Operational Auditing--Spring 2011 1 Operational Auditing Spring 2011 Professor Bill O’Brien."

Similar presentations

Ads by Google