Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operational Auditing--Spring 2010 1 Operational Auditing Spring 2010 Professor Bill O’Brien.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Operational Auditing--Spring 2010 1 Operational Auditing Spring 2010 Professor Bill O’Brien."— Presentation transcript:

1 Operational Auditing--Spring 2010 1 Operational Auditing Spring 2010 Professor Bill O’Brien

2 Operational Auditing--Spring 20105-2 Frameworks n Internal control n IC-Integrated Framework (COSO) n Guidance on Controls (CoCo) n Internal Control Guidance (Turnbull) n Enterprise risk management n Australian/New Zealand Std. Risk Mgt. n ERM-Integrated Framework (COSO)

3 Operational Auditing--Spring 20105-3 COSO n Committee of Sponsoring Organizations n AICPA, IIA, IMA, FEI, AAA n Treadway Commission n 1992 I/C; 2004 ERM n Control Objectives n Compliance with laws and regulations n Reliability of financial reporting n Effectiveness & efficiency of operations

4 Operational Auditing--Spring 20105-4 Components of I/C n Control environment n Risk assessment n Control activities n Information and communication n Monitoring

5 Operational Auditing--Spring 20105-5 Threats to Control n Management override n Open access to assets n Form over substance approach n Conflict of interest

6 Operational Auditing--Spring 20105-6 Balancing Risk and Control n Too much risk n Loss of assets n Poor decision making n Potential non-compliance n Potential for fraud n Too much control n Increased bureaucracy n Excess costs n Excess cycle-time n Increase in non-value added effort

7 Operational Auditing--Spring 20105-7 Control Activities n Segregation of duties n Performance reviews n Approvals n IT access n Documentation n Physical access n IT applications n Independent verifications & reconciliations

8 Operational Auditing--Spring 20105-8 IIA and Control n IIA control objectives: S-C-O-R-E n Safeguarding of assets n Compliance with laws and regulations n Objective and goal achievement n Reliability & integrity of information n Economical & efficient use of assets

9 Operational Auditing--Spring 20105-9 Control Self Assessment (CSA) n Methodology n Review and Identification n Key business objectives n Related risks n Mitigating controls

10 Operational Auditing--Spring 20105-10 CSA-History n Introduced by Gulf Canada in 1987 n Gulf used facilitated meetings

11 Operational Auditing--Spring 20105-11 Facilitated Meetings n Management and staff participate through interviews and polling n Objectives n Risks n Processes n Soft and/or informal controls

12 Operational Auditing--Spring 20105-12 General Methodology n Shared process n Assessment of internal controls n Evaluation of risks n Development of action plans n Assess the likelihood of achieving objectives n SJSU simulation

13 Operational Auditing--Spring 20105-13 General Approaches n Facilitated meetings--group workshops n Questionnaires--yes/no answers n Management analysis--self studies

14 Operational Auditing--Spring 20105-14 Uses n Self analysis for risk* n Selection of audit areas* n Internal control review* n Special projects n Soft control analysis * alternatives to the traditional approach to the I/A process

15 Operational Auditing--Spring 20105-15 Benefits n Increases I/A scope n Target review of high risk areas n Increases the effectiveness of corrective action n Builds team-oriented relationships

16 Operational Auditing--Spring 20105-16 Engagement Process n Planning: n Selecting the BPO n Pre-site planning n Performing: n Conducting the preliminary survey n Review internal controls n Expanding tests as necessary n Generating findings n Communicating: n Reporting the results n Conducting follow-up n Assessing the process

17 Operational Auditing--Spring 20105-17 Audit Evidence n Healthy skepticism n Attributes n Relevant: consistent with objectives n Reliable: credible n Sufficient: convincing

18 Operational Auditing--Spring 20105-18 Generalized Audit Software (GAS) n Two most popular applications n ACL (ACL) n IDEA (CaseWare) n Typical uses n File examination n Recalculations n Sample selection n File comparison n Reformatting n Pivot tables n Benford’s Law analysis n Reporting n Data analysis log

19 Operational Auditing--Spring 20105-19 GAS, continued n Benefits n Minimizes customization n Independent of company IT n Efficient n Facilitates 100% testing n Frees BPP for analytical work n Obstacles n Data access n Physical access n Format knowledge n Downloading issues to BPP’s computer n Importing data in usable format

20 Operational Auditing--Spring 20105-20 Workpaper Usage n Planning and execution n Supervision and review n Objective tracking n Conclusion support n Supports quality assurance n Professional development n IIA standards’ compliance

21 Operational Auditing--Spring 20105-21 Workpaper Guidelines n Cross-referencing system n Consistent layouts n Standardized symbols or “tick marks” n Standardization for permanent files n Unique indexing n Description of purpose n Initialed by preparer and reviewer n Source of information indicated n Clear explanations of symbols n Legibly written and easy to understand n Must stand alone n Must relate to the engagement objectives

22 Operational Auditing--Spring 20105-22 Sample Work Paper Heading Ref. Review T/M Legend: Source Purpose: Conclusions

Download ppt "Operational Auditing--Spring 2010 1 Operational Auditing Spring 2010 Professor Bill O’Brien."

Similar presentations

Internal Audit Documentation and Working Papers

Internal Audit Documentation and Working Papers
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Operational Auditing--Fall 2000 Control Self Assessment (CSA) 4 Methodology 4 Review and Identification –Key business objectives –Related risks –Mitigating.

Operational Auditing--Fall 2000 Control Self Assessment (CSA) 4 Methodology 4 Review and Identification –Key business objectives –Related risks –Mitigating.
Operational Auditing--Fall 2010 1 Operational Auditing Fall 2010 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2010 Professor Bill O’Brien.
Operational Auditing--Spring 2006 3-1 Internal Audit Process  Auditee selection  Audit planning  Preliminary survey  Internal control review  Expanded.

Operational Auditing--Spring Internal Audit Process  Auditee selection  Audit planning  Preliminary survey  Internal control review  Expanded.
Operational Auditing--Spring 2008 1 Operational Auditing Spring 2008 Professor Bill O’ Brien.

Operational Auditing--Spring Operational Auditing Spring 2008 Professor Bill O’ Brien.
Operational Auditing--Fall 2001 1 Evidence = Support 4 Auditors collect information 4 Evidence should be sufficient, competent, relevant & useful 4 Methodology.

Operational Auditing--Fall Evidence = Support 4 Auditors collect information 4 Evidence should be sufficient, competent, relevant & useful 4 Methodology.
Operational Auditing--Spring 2002 1 Accounting Business Skills “The What” 4 Business perspective 4 Organizational focus 4 Bias for action 4 Communication.

Operational Auditing--Spring Accounting Business Skills “The What” 4 Business perspective 4 Organizational focus 4 Bias for action 4 Communication.
Operational Auditing--Fall 2010 1 Operational Auditing Fall 2010 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2010 Professor Bill O’Brien.
Chapter 5 Risk Assessment: Internal Control Evaluation

Chapter 5 Risk Assessment: Internal Control Evaluation
Operational Auditing--Fall 2001 1 Establishing an I/A Function 4 Reporting structure 4 Mission statement 4 Objectives 4 Methodology & Operations.

Operational Auditing--Fall Establishing an I/A Function 4 Reporting structure 4 Mission statement 4 Objectives 4 Methodology & Operations.
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Operational Auditing--Fall 200810-1 Evidence = Support n Auditors collect information n Evidence should be sufficient, competent, relevant & useful n Methodology.

Operational Auditing--Fall Evidence = Support n Auditors collect information n Evidence should be sufficient, competent, relevant & useful n Methodology.
Operational Auditing--Spring 2011 1 Operational Auditing Spring 2011 Professor Bill O’Brien.

Operational Auditing--Spring Operational Auditing Spring 2011 Professor Bill O’Brien.

Similar presentations

Ads by Google