Operational Auditing--Fall 2009 1

Operational Auditing

Fall 2009

Professor Bill O’Brien

Operational Auditing--Fall 20091-2

Definition of Internal/Operational

Auditing Formal:

“Internal auditing is an independent, objective, assurance and consulting activity designed to add value and improve an organization’s operations.”

Informal:“Internal auditing is an independent activity designed to help an organization stay under control and achieve its objectives.”

Operational Auditing--Fall 20091-3

An Organization Achieves Its

Objectives by: Staying under control as evidenced by

Safeguarding of assets Compliance with laws and regulations Organizational goal & obj. achievement Reliability & quality of information Effectiveness & efficiency of business

operations

Operational Auditing--Fall 20091-4

Roles of I/A in Relation to the Formal

Definition Helping the organization achieve

objectives Evaluating risk, control and governance Adding value and improving operations Remaining independent and objective Utilizing a systematic approach

Operational Auditing--Fall 20091-5

COSO

Committee of Sponsoring Organizations FEI, AICPA, IMA, IIA and AAA

Sponsored the Treadway Commission in 1987

Issued guidelines for Internal Control in 1992: COSO Cube

Issued guidelines for Enterprise Risk Management in 2004: COSO 2

Operational Auditing--Fall 20091-6

Relating COSO (2004) to SCORE

Strategic objectives Organizational goal & obj. achievement

Operations objectives Effectiveness & efficiency of business

operations Safeguarding of assets

Reporting objectives Reliability & quality of information

Compliance objectives Compliance with laws and regulations

Operational Auditing--Fall 20091-7

Independence: Organizational Relationship

Reporting responsibility As high as possible…the Audit

Committee Administrative responsibility

To a key interested party

Operational Auditing--Fall 20091-8

Systematic Approach

Planning: Selecting the BPO Pre-site planning

Evaluating: Conducting the preliminary survey Review internal controls Expanding tests as necessary Generating findings

Communicating: Reporting the results Conducting follow-up Assessing the process

Operational Auditing--Fall 20091-9

Dealing with the External Auditors

Different objectives Different accountability Different qualifications Different activities

Operational Auditing--Fall 20091-10

Cooperation

Economy Efficiency Effectiveness Advantages for the external auditor

Increases external auditor client insight Improves client relations Rotates emphasis

Advantages for the internal auditor Improves training Source of additional work Increases professional knowledge Independent appraisal source

Compliance with SAS 65 and SAS 99

Operational Auditing--Fall 20091-11

SAS 65

Defines roles Defines function Discusses competency & objectivity Considers nature of the work Discusses coordination Guidelines for evaluation Role of direct assistance

Operational Auditing--Fall 20091-12

SAS 99

Auditor’s responsibility to detect fraud

Operational Auditing--Fall 20091-13

Typical Int. Audit Assistance

Design of control systems Reduction of risk assessment Reduction of substantive testing

Operational Auditing--Fall 20091-14

Create a Cooperative Bridge

Coordination Risk assessment alert Control system disclosure Common sampling tools Pooled IT knowledge Different perspective Constant general communication

Operational Auditing--Fall 20091-15

Roles of Internal Auditing

Auditing or assurance System design & implementation Performance appraisals Consultations Strategic planning Merger & acquisition analysis Market appraisals Investment analysis

Operational Auditing--Fall 20091-16

The Institute of Internal Auditors

The professional organization of internal auditors

Established in 1941 Provides the following:

Professional guidance Professional certifications Research Educational products and services

Operational Auditing--Fall 20091-17

Competencies of Internal Auditors

Inherent qualities Integrity Passion Work ethic Curiosity Creativity Initiative Flexibility

Skills and credentials Technical expertise Software expertise Communication skills Analytical skills…connecting the dots

The “What” and the “How”

Operational Auditing--Fall 20091-18

General Business Skills: the “What”

Business perspective

Organizational focus

Bias for action

Communication excellence

People proficiency

Operational Auditing--Fall 20091-19

Implementation Styles: the “How”

Cc: communication versus control KTT: knowing the territory MBWA: managing by wandering around R ƒ R3”: respect is a function of

Responsiveness Reliability, and Relevancy

Operational Auditing--Fall 20091-20

Ops. Audit as a Profession

Transition from public accounting Career internal auditor Operational finance professional Operations professional Pathway to senior management

Operational Auditing--Fall 20091-21

Managing the Internal Audit Activity

Effective management Establish a risk-based plan Communicate the plan Ensure adequate resources Coordinate services Report on a regular basis Monitor implementation of recommendations