Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operational Auditing--Fall 20095-1 Today’s Session n BPO selection n Engagement planning n Emphasis on risk related testing.

Similar presentations

Presentation on theme: "Operational Auditing--Fall 20095-1 Today’s Session n BPO selection n Engagement planning n Emphasis on risk related testing."— Presentation transcript:

1 Operational Auditing--Fall 20095-1 Today’s Session n BPO selection n Engagement planning n Emphasis on risk related testing

2 Operational Auditing--Fall 20095-2 BPO Selection n 6 R’s n General methodology n Resource planning

3 Operational Auditing--Fall 20095-3 Selecting an Auditee “The 6 R’s” n Risk n Resources n Reward n Requests n Requirements n Revisions in operations or mgt.

4 Operational Auditing--Fall 20095-4 Method of Selection n Set selection strategy n Identify potential BPOs n Rank by risk n Choose entities

5 Operational Auditing--Fall 20095-5 Sample Selection Strategies n Location n Financial exposure n Operational complexity n Staffing n Mgt. Interest n Functional type n Process type n Decision center

6 Operational Auditing--Fall 20095-6 Risk Factors n Quality of control system n Mgt. Competence n Mgt. Integrity n Size & liquidity of assets n System changes n Complexity n Personnel changes n Economic performance n Growth rate n Systems use A bit of chicken and the egg, here!

7 Operational Auditing--Fall 20095-7 Risk Factors, cont. n Time since last audit n Performance pressure n Government regulation n Employee morale n Politics & publicity n Geographic location n External audit plans

8 Operational Auditing--Fall 20095-8 Risk Analysis Methodology n Select top 5 risk factors n ID risk on scale of 1 to 5 n Total the risk score n Rank in order of risk

9 Operational Auditing--Fall 20095-9 Project Prioritization & Selection n Rank by risk n Rank by hours n Compare to resources n Re-prioritize as necessary

10 Operational Auditing--Fall 20095-10 Audit Planning n Establish purpose, objective & scope n KTT--Gather background info n Understand the BPO n Assess risk and related control n Identify and assess potential risks n Identify key controls n Prepare preliminary program that addresses risks and controls n Select resources n Report planning n Contact BPO n Logistics approval

11 Operational Auditing--Fall 20095-11 Type of Engagement n Financial n Control n Information technology n Compliance n Operations n All or any of the above

12 Operational Auditing--Fall 20095-12 Nature of Objectives n Purpose of the engagement n Recall the 6 R’s

13 Operational Auditing--Fall 20095-13 Scope n Degree of coverage n Scope can be based on: n Adequacy of controls n Effectiveness of controls n Quality of performance

14 Operational Auditing--Fall 20095-14 Understanding the BPO n Know the BPO’s processes n Flow charting n Review routine reports n Identify relevant metrics n Potential for fraud n Quickly analyze the processes before assessing risk n Consider the “O’Brien 7”

15 Operational Auditing--Fall 20095-15 BPO Analysis—the O’Brien 7 n Mission statement n Objectives and goals n Organization chart n Management recap n Major processes n Resources n Constraints

16 Operational Auditing--Fall 20095-16 BPO Process Review n Identify the processes n Identify the process objectives or desired outcomes n Identify the related risks n Identify the controls mitigating the risks* n Identify the exception reporting process* n Ensure that overall monitoring of the process exists* *Test these items!

17 Operational Auditing--Fall 20095-17 Risk and Related Controls n Brainstorm nature and nature of risk n Risk = anything that gets in the way of the BPO’s objectives n Risk of likelihood: RL n Risk of impact: RI n Ascertain any related controls n Design testing based on the results n See pps. 10-23 thru 10-38 Low, medium or high

18 Operational Auditing--Fall 20095-18 Resources n Business skills n Assurance skills n Language/cultural skills n Technical skills n Consider SME’s and virtual BPP’s

19 Operational Auditing--Fall 20095-19 Program Preparation n General segments—see sample workpapers on web site n Audit preparation n Initial survey n Systems review n Detailed operations review (TBD) n Reporting issues n Wrap-up procedures n Use Risk  Control  Testing approach

20 Operational Auditing--Fall 20095-20 Expected Outcomes and Reporting n Anticipate findings n Financial misstatements n Control weaknesses n BPO objective issues n Inefficiencies n Compliance failure n Type of report n Report distribution

Download ppt "Operational Auditing--Fall 20095-1 Today’s Session n BPO selection n Engagement planning n Emphasis on risk related testing."

Similar presentations

Ads by Google