Module 2 - Operations Audit PDF

Summary

This document provides an overview of operational auditing, including its definition, characteristics, and guidance. It explores the role of internal auditing, independence, objectivity, and assurance within operational processes. It also touches upon operational threats and vulnerabilities, essential skills required for effective operational audits, and the importance of a systematic, disciplined approach in achieving organizational objectives.

Full Transcript

MODULE 2

DEFINITION,
CHARACTERISTICS,
AND
GUIDANCE

RTCanlas
Operations Auditing
TOPICS LEARNING OBJECTIVES
1. Introduction The learners are expected to be able to:
 Explain the foundational principles and significance
2. Definition and Characteristics of operational auditing, including its definition and
3. The Risk-Based Audit key characteristics.
4. Operational Threats and  Describe the risk-based audit approach and how it
Vulnerabilities can be effectively applied to assess and manage
operational risks.
5. The Skills Required for  Recognize common operational threats and
Effective Operational Audits vulnerabilities, and outline the essential skills
needed for conducting effective operational audits.
 INTRODUCTION TO OPERATIONAL AUDITING

Definition of Operational Auditing Importance of Operational Auditing
Operational auditing refers to an evaluation of Such audits provide insights that enhance
an organization’s operational processes, productivity, mitigate risks, and ensure
efficiency, and effectiveness in achieving compliance with regulatory standards,
objectives. ultimately driving business performance.

Objectives of Operational Auditing Overview of Key Characteristics
Primary goals include assessing operational Key characteristics document the foundational
efficiency, identifying areas for improvement, principles of operational auditing, crucial for
ensuring resource optimization, and providing executing rigorous and effective evaluations.
suggestions for strategic management.
INTERNAL AUDITING

is an independent, objective assurance
and consulting activity designed to
add value and improve an
organization’s operations.

It helps an organization accomplish its
objectives by bringing a systematic,
disciplined approach to evaluate and
improve the effectiveness of risk
management, control, and governance
processes.
INDEPENDENCE
Definition of Independence: Independence
in auditing signifies the auditor's ability to
conduct an evaluation without being influenced
or impaired by managerial pressures or
relationships.

Role of Independence: Independence
ensures that auditors can form unbiased
opinions based on objective evidence, which is
paramount for maintaining credibility in the
audit findings.
Impact on Audit Quality: A higher degree of
independence correlates with increased
confidence in audit outcomes, ultimately
enhancing the perceived integrity of the
auditing process.
OBJECTIVITY

Defining Objectivity:
Objectivity refers to the
unwavering commitment of
auditors to evaluate data and
findings based solely on facts,
free from personal beliefs or
external pressures.
ASSURANCE

the auditors’ ability to give
confidence and make
statements regarding
the condition of matters
within the organization.
THE NEED FOR ASSURANCE REPORT

Provide shareholders more transparency Gain competitive advantage
Transparency in reporting helps
By demonstrating effective operations and
shareholders understand how their
strategic planning, a company can attract
investments are being managed and
more business and investment.
whether the company is operating
efficiently.

Improve risk management capabilities Respond to stakeholder pressure
Regular and detailed reporting helps Reporting helps address stakeholder
organizations identify and assess potential concerns and expectations by providing
risks early. information on the organization's practices,
compliance, and social responsibility efforts.
 AUDITOR'S ETHICAL RESPONSIBILITIES
Ethics in Auditing: Ethical behavior in auditing
encompasses integrity, objectivity, confidentiality, and
professional behavior, collectively underpinning
responsible auditing practices.

Professional Guidelines: Established guidelines,
such as those provided by IIA and AICPA, delineate
ethical standards and responsibilities auditors must
adhere to in their evaluations.

Maintaining Integrity and Credibility: Auditors
must consistently uphold ethical standards to
maintain their credibility and the trust of
stakeholders, ensuring the value of their insights is
not undermined.
 CONSULTING
 giving advice to management and
the board, and engaging in activities
that helps the organization resolve
nagging business issues.

 address performance, how to
improve organizational programs,
processes, and activities, and how to
become more flexible, nimble, and
responsive to business challenge

 relates to the special projects that
internal auditors sometimes work on
DESIGNED TO ADD VALUE

Internal auditing is
fundamentally designed to
contribute to the
organization’s success by
ensuring that its operations
are efficient, effective, and
aligned with strategic
goals.
IMPROVE AN ORGANIZATION’S OPERATIONS

Internal auditing plays a crucial
role in improving an
organization’s operations by
identifying inefficiencies,
enhancing compliance,
strengthening controls,
supporting strategic goals,
facilitating better decision-
making, and fostering a culture
of accountability.
HELP AN ORGANIZATION ACCOMPLISH ITS OBJECTIVES

Internal auditing
contributes to an
organization’s success by
aligning operations with
strategic goals, managing
risks, enhancing efficiency,
ensuring compliance,
promoting accountability,
and supporting effective
decision-making.
Operational Audit Framework
Audit Planning: Strategic audit planning
involves identifying objectives, mobilizing
resources, and establishing a roadmap to guide
the audit process effectively.

Execution Phases: Execution encompasses data
collection, performing assessments, and drawing
conclusions to provide a comprehensive overview
of the operational effectiveness.

Reporting Outcomes: Once the audit is
completed, effectively communicating outcomes
through clear reports allows for actionable
insights and informed decision-making by
management.

Framework Importance: An effectively
structured audit framework not only enhances
audit efficiency but also aligns auditing practices
with organizational goals, thereby maximizing
the value delivered.
A SYSTEMATIC, DISCIPLINED APPROACH.

through its systematic and
disciplined approach, it
enhances the organization’s
ability to achieve its
objectives by ensuring
thorough evaluation, effective
risk management, process
improvement, compliance,
and continuous improvement.
EVALUATE AND IMPROVE THE EFFECTIVENESS.
Help to improve the organization’s ability to
achieve the goals and objectives related to:
a. Risk management. This refers to the
identification, measurement, assessment,
and response to risks.
b. Control. This refers to those activities
that mitigate relevant risks and helps the
organization avoid surprises.
c. Governance processes. Corporate
governance is a wide subject that includes
matters related to organizational structure, CONTROL

reporting lines, span of control, resource
allocation, accountability measures,
discipline, and rewards mechanisms.
THE RISK-BASED AUDIT

1. Broad View of Organizational Risks
Beyond Financial Risks: Internal auditors are
required to expand their focus beyond traditional
accounting and financial risks to include a
comprehensive range of risks that can impact an
organization. These include:
Operational Risks
Customer-Related Risks
Employee-Related Risks
Data and System Risks
THE RISK-BASED AUDIT
2. Challenges in Risk Identification: Many auditors struggle to fully
identify, measure, and assess these broader risks and the mechanisms
in place to mitigate them.

3. Diverse Auditor Backgrounds: Organizations are addressing this
gap by hiring auditors with varied academic and professional
backgrounds, such as engineering, nursing, and biology. This diversity
enriches the audit department and provides valuable insights into
different types of risks.

4. Competitive Edge: Emphasizing diversity in recruitment and
skillsets enhances the internal audit function, ensuring that auditors
possess the knowledge and proficiency to effectively manage and
mitigate risks.
AUDITING BEYOND ACCOUNTING, FINANCIAL, AND REGULATORY
REQUIREMENTS
1. OPERATIONS MANAGEMENT ISSUES
Waste: Excessive and unnecessary use of
resources, leading to increased costs.

Inefficiencies: Suboptimal processes
causing delays and higher operational
costs.
Late Supplies: Supplies arriving late,
disrupting production schedules.
Poor Customer Satisfaction: Inconsistent
service levels leading to unhappy
customers.
Limited Growth Capacity: Inability to
scale operations in response to market
demands.
AUDITING BEYOND ACCOUNTING, FINANCIAL, AND REGULATORY
REQUIREMENTS
2. HUMAN RESOURCES ISSUES
Poor Supervision: Inadequate oversight
leading to mismanagement of employees.

Lack of Training: Employees not receiving
necessary training, impacting productivity.
Inadequate Evaluation: Improper
performance evaluations, failing to identify
areas for improvement.
Unmotivated Employees: Lack of motivation
resulting in decreased work efficiency.
Unproductive Workforce: Overall decline in
productivity due to various HR-related issues.
AUDITING BEYOND ACCOUNTING, FINANCIAL, AND REGULATORY
REQUIREMENTS
3. IT ISSUES
Inaccurate Understanding of
Business Needs: IT systems
designed without a proper grasp
of the actual business
requirements.

Poor Data Capture: Ineffective
mechanisms for collecting
accurate and relevant data.
Inadequate Reporting: Reports
that fail to provide necessary
insights for decision-making.
AUDITING BEYOND ACCOUNTING, FINANCIAL, AND REGULATORY
REQUIREMENTS

4. MARKETING ISSUES
Mass Marketing: Generic marketing
strategies that fail to resonate with
individual customer preferences.

Targeting the Wrong Audience:
Ineffective campaigns due to
misidentification of target audience.
Wasteful Campaigns: Resources
wasted on marketing efforts that do
not yield desired results.
AUDITING BEYOND ACCOUNTING, FINANCIAL, AND
REGULATORY REQUIREMENTS
5. CSR ISSUES
Child Labor: Exploitation of children
in the workforce, violating their rights
and hindering development.

Sweatshop Conditions: Unfair and
unsafe working environments for
laborers.
Abusive Management: Harsh and
unethical treatment of employees by
management.
Inappropriate Waste Disposal:
Improper disposal of industrial waste,
causing environmental harm.
AUDITING BEYOND ACCOUNTING, FINANCIAL, AND
REGULATORY REQUIREMENTS
6. ENVIRONMENTAL HEALTH AND
SAFETY (EHS) ISSUES
Poor Ventilation: Inadequate airflow
causing health issues and discomfort.

Excessive Heat: High temperatures
leading to unsafe and uncomfortable
working conditions.
Extreme Noise Levels: Loud
environments contributing to hearing
loss and stress.
Workplace Hazards: Unsafe
conditions posing risks to employees'
health and safety.
PRIMARY STAKEHOLDERS, NATURE OF INTEREST, AND POWER

STAKEHOLDER INTEREST POWER

Employees Maintain stable employment Bargaining power
Receive fair pay Work actions, strikes, and
Work in a safe, comfortable lawsuits
environment Publicity

Suppliers Receive regular orders for goods/services Refusing to meet orders
Be paid promptly Supplying to competitors

Customers Receive value and quality for Purchasing from competitors
money Boycotting
Receive safe, reliable Refusing to pay
products

Creditors Receive repayment of loans Calling loans
Collect debts and interest Use legal authorities to
repossess assets

Investors Receive a satisfactory return Exercise voting rights
on investments Ability to inspect company
Realize an appreciation in records and reports
value
SECONDARY STAKEHOLDERS, NATURE OF INTEREST, AND POWER
STAKEHOLDER INTEREST POWER

Governments Promote economic development Adopting regulations and laws
Raise revenues through taxes Issuing licenses and permits

Media Keep the public informed Publicizing events that affect the public
Monitor company actions
Activist groups Monitor company actions for ethical and Lobbying government for regulations
legal behavior Gaining public support

Business support Provide research and information to Using staff/resources to help companies
groups improve competitiveness Providing legal political support
Communities Employ local residents Issuing/restricting operating licenses
Ensure local development Lobbying government for regulations

General public Minimize risks Supporting activists
Achieve prosperity for society Pressing government to act
Praising or condemning companies
OPERATIONAL THREATS AND VULNERABILITIES
Operational, such as maintaining operational capacity, speed of execution
(i.e., cycle time), staffing levels, employee motivation, knowledge transfer,
system development, and implementation

Technological, including protection of intellectual property and personally
identifiable information, denial of service attacks, business continuity due to
staff turnover, and system development

Strategic, referring to concerns related to strong customer and vendor
relations, customer loyalty, building effective business partnerships,
outsourcing arrangements, and mergers and acquisitions

Environmental, which may include reliable supply of water and electricity,
achieving a lower carbon footprint, and reducing the amount of natural
resources used during business activities
THE SKILLS REQUIRED FOR EFFECTIVE OPERATIONAL
AUDITS
According to the IIA Research Foundation Core Competencies Report,
the following are the top general competencies of internal auditors:

1. Communication skills, such as 6. Conflict resolution/negotiation
oral, written, report writing, and skills
presentation skills 7. Staff training and development
2. Problem identification and 8. Accounting frameworks, tools,
solution skills, such as conceptual and techniques
and analytical thinking 9. Change management skills
3. Ability to promote the value of 10. IT/CT* framework, tools, and
internal audit techniques
4. Knowledge of industry, 11. Cultural fluency and foreign
regulatory, and standards changes language skills
5. Organization skills
 The three common core competencies identified in the report are
communication skills, problem identification and solution skills, and keeping
up to date with industry and regulatory changes and professional standards.
These results highlight the importance of individual and team competencies
and the role they play in team effectiveness.
--End of Module 2--